All,
We are in the process of testing security templates
on a new windows 2003 domain model and there is one attribute I am having
trouble putting a value on. The particular node is the Windows
Settings/Security Settings/Local Policies/Security Options/Interactive Login/Number
of
We have numerous users who are at our remote sites on laptops and they do
not log onto the domain for weeks at a time...this would however never
exceed a 30 day period. What would you advise I set this value to. I suppose
what I am asking is if I set this value to 1 does this only allow one
Title: Unable to demote Additional DC
Mohammed,
From what you have posted you I would advise the following:
Verify what server holds the PDC and RID master roles. The
best way to do this is through Active Directory Users and Computers, right
mouse click the domain and choose
In my opinion... DFS will do the job for you. I've used it and it's fine
for what you wish to achieve... Take the plunge.
-Original Message-
From: Jennifer Fountain [mailto:[EMAIL PROTECTED]
Sent: 18 May 2004 02:16
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS
The primary goal is
Title: Message
**snip**
. I suppose
what I am asking is if I set this value to 1 does this only allow one login or
one users cached profile infinitely however subject to other settings eg.
password age etc.
**snip**
It will allow
one cached profile indefinitely and the password will not
Hi all
How can I grant "read" access to userPasswor attribute?
Thanks
--
firma
Aitzol
Naberan Burgaa
CodeSyntax
[EMAIL PROTECTED]
www.codesyntax.com
Tel: 943 82 17 80
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
Jennifer,
We are using DFS here. Our primary purpose is to provide a logical
namespace that is separate from the physical name space. With DFS, I
can move set of users files to a new location, update the DFS link and
the user will never be the wiser. In your situation, not only would you
be
You would genuinely use anything that has a perc raid controller?
ewww, I feel dirty all of a sudden.
On May 18, 2004, at 12:44 AM, joe wrote:
I was laughing pretty good even before I got to the information on the new book
Out of the hardware vendors mentioned I would say I like Dell
I am going to knock on wood here, but I have used DFS successfully with the built-in FRS replication.
Others on the list complain, but my experience has been contrary. Let me also clarify by saying that we weren't replicating large files. If you wanted to put all of your ghost images, for
I know that the unicodePwd attributes can never be read by way of ldap, you will probably find that this is true for userPassword also.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;269190
On May 18, 2004, at 6:29 AM, Aitzol Naberan Burgaña wrote:
Hi all
How can I grant read
thanks. does this tool work if i wanted to add a user in domain A to a uni group in
domain b?
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 18, 2004 12:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] command line
Correct, net group will not work because
Correct.
Aitzol, what problem are you trying to
solve?
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brent
WestmorelandSent: Tuesday, May 18, 2004 8:41 AMTo:
[EMAIL PROTECTED]Subject: Re: [ActiveDir] Anonymous
bind
I know that the unicodePwd attributes can never
Nope, I don't have any compiled apps for manipulating Uni group membership.
This will require a script... Now the fun part is that you have to set up
the FSP to do it... I am pretty sure there is no simple way of doing that in
adsi... Can anyone correct me on that one?
One possible method of
I agree that if you want Exchange that two directories
would be more of a pain. But it could be done if you wanted to. Just
a lot more administration. Using the Ximian stuff (if it works on Apple)
would not be too bad for them. Using the Microsoft Apple Outlook would
likely be better. They
EMC Celerra's are often a bad idea ;)
They have many many many issues, not the least of which is
that in many instances they gateway a bunch of expensive disk to present it to
inexpensive machines. That's strange and expensive, but for
some...
They have a y2k issue (the Unix version). They
LOL.
I have had really good luck with Dell. My biggest
complaints with Dell were always based with their service. However after dealing
with IBM service, it is almost a joy to work with Dell again.
I can't recall an Perc issues other than about 6 or 7 years
ago with the Perc II which
Title: Message
The
lease is up on our Celerra, and we are shipping it back. We are replacing it
with two win2k3 DL380s connected to an EMC SAN.
Why?
Because when we stepped back and looked at the bigger picture, we realized that
what little benefit the Celerra provided just wasn't worth
I'm trying to authentificate OpenGroupware (open source groupware
suite) against Active Directory. The problem is that OpenGroupware's
authentification method is a litle bit curious: It tries to do an
anonymous bind to the ldap server before it will try to bind as the
user name supplied at the
Title: Unable to demote Additional DC
You have two options...
1. Troubleshoot
2. Cleanup
If #1, start off with a network trace, find out where it
really failing... Go from there... I am not so sure I recommend this for this
problem unless you have had this issue before.
If #2, if K3 do a
Regarding the PERC 2 issue joe, what was your
resolve?
I have a PERC 2 card in one of the DC's for my test domain
I can't find a compatible firmware update ANYWHERE I could have sworn that the
card was not a PERC 2 at all and I'm all ears to verify that conclusion
:-D
From: [EMAIL
Title: Message
Yeah I doubt you are the first and certainly not the last
to have come to that conclusion.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken
CornetetSent: Tuesday, May 18, 2004 9:20 AMTo:
[EMAIL PROTECTED]Subject: EMC Celerra (was: [ActiveDir]
FATAL
I swear Ia month or two agothat hotmail has
their front ends running on Windows (Windows 2000 actually which is
interesting... That would be a great testbest for IIS6) but the backend is still
FreeBSD. Could be wrong but then unless the backend is exposed to the internet I
doubt anyone
You are right that Novell did just opensource the exchange connector... that might be something to look into but it would probably require porting the entire gnome or kde interface to apple by way of x11, I'm sure fink or opendarwin have a solution. The exchange connector, regardless would have
Ah. Interesting, so it sounds like they want to compare the
hashes instead of actually use the authentication of the system. Well since it
is OpenSource, that should be easy to rewrite and correct huh.
:o)
You can open up the anonymous search but if they need to
see the password, you are
Oh, so did you have a disjoint on the namespace? And if so
is this intentional? Is it on all machines or just this one? If not intentional
and just on that one you should pop the NV DomainName attribute and bring it in
line with the rest of the environment. If it is on all machines, you will
In troubleshooting, I would say you may want to look at DNS. Had a funky setup in a Windows 2003 test environment where FSMO roles wouldn't transfer because of the SPN registration being bunked. It actually complained about the specific record in the event log. After deleting it and restarting
Again it was the Perc II, not the Perc 2. That was the Perc
card prior to the Perc 2. It was in the x100 and some x200 seriesmachines.
The issue was that the documentation said something was possible (it was a
really bad idea of spanning a single logical drive across the internal and
I have a rack full of 2650 poweredge machines in the Data Center. So, I thought, why not install the os on a mirror set, break the set, and use that as an image tool to configure the whole rack with our standard setup? It is a pretty common practice to do this with both the IBM and HP
Hello,
Anybody know how
to remove share tab ?
Thanks,AVISO LEGAL:Esta informacion es privada y confidencial y esta dirigida unicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha informacion por favor elimine el mensaje.
It's not so easy rewrite the source code, I will need spend a lot
of time to understand the source and to change it. But I think that I
have to do it, and change the bind method (I think it will work...).
OpenGroupware is for unix systems, you can learn more in
www.opengroupware.org
Thanks
No, actually, we
haven't disjointed namespace in the first place. This kerberos error was on
every W2K3 member server only. I've promoted one of them to DC and
thatmade keberos happy - no more complains...
No erorrs
reported in dcpromo logs either...Although I do have an issue with
Don't even get me started on PERC raid
controllers... I'll share my stories after a few "adult
beverages"...
Diane
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brent
WestmorelandSent: Tuesday, May 18, 2004 4:02 AMTo:
[EMAIL PROTECTED]Subject: Re: [ActiveDir] Mixed
This is a very
strange problem I experienced a few weeks ago and just yesterday I've noticed it
happen again. This only happens with a single folder, all others are
fine. This particular instance the folder is completely empty except for
"My Pictures" being automatically created within.
OGo? www.opengroupware.org. It's an
open groupware suite (like Office/BackOffice only not). It's a descendant
of SKYRiX IIRC. A lot like SUSE's OpenExchange. From their
website:
A: SuSE
OpenExchange is actually two things: an OpenSource messaging server based on
Cyrus and OpenLDAP and a
Yeah my mistake I was referring to the PERC-II card
;-) I have a PE3200 which has a PERC-II in it.
I managed to get 2k3 installed on it using a MegaRAID 2000
driver (Win2k driver) but I have not managed to obtain a compatible firmware
update yet... maybe some day
From: [EMAIL PROTECTED]
Privet
Sveta,
Vi gavarite
pa ryskki? Pa tomyzhsto vasha English is perfect! Sorry I couldnt resist
asking.
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Svetlana Kouznetsova
Sent: Tuesday, May 18, 2004 10:23
AM
To: [EMAIL PROTECTED]
Subject:
Can you send us a network sniff of a
success and a failure so we can see what it is trying to do?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of joe
Sent: Tuesday, May 18, 2004 8:37
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Anonymous
bind
Ah.
I have had a similar problem with this. I don't know if it's related or not
but when a user put some pictures in their My Pictures folder, every time
they opened the directory in explorer it would give a C++ Runtime error
(don't remember what one). So I changed the default folder layout from
Mulnick, Al(e)k dio:
OGo? www.opengroupware.org. It's
an open groupware suite (like Office/BackOffice only not). It's a
descendant of SKYRiX IIRC. A lot like SUSE's OpenExchange. From their
website:
A:
SuSE OpenExchange is actually two things: an OpenSource messaging
server
Title: Message
:) I wish I could get a clue-by-four for some of the
folks where I am. They talk about cost cutting while we put this thing
in. Cost savings is apparently not an issue. If you could just bottle and
sell some of the wisdom that caused that step back and rethink, let me
know. I
Has anyone had any experience with Alelita EMM in migrating a child domain from one
forest to a brand new one, including Exchange 2k mailboxes,dg's, and contacts?
we are running a win2k forest in mixed mode and looking on moving to our own forest.
is this product as good as it sounds?
any
It's
not so easy rewrite the source code,
Note my tongue was very firmly in cheek for that
comment I made below about it being easy Just spouting the Open Source
Company line. When you make that change, spin up your database of dependencies
and such so you can monitor when modules
Ok. Just checking :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, May 17, 2004 4:28 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT exchange settings
Yeah.
I think the object they are talking about is the one under services
I dug through notes here are the two items I
used
http://support.dell.com/filelib/format.aspx?ReleaseID=R15115
http://support.dell.com/filelib/format.aspx?ReleaseID=R25714
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael
WassellSent: Tuesday, May 18, 2004 10:43
Isn't there a switch setting in the conf file for
that?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aitzol Naberan
BurgañaSent: Tuesday, May 18, 2004 11:16 AMTo:
[EMAIL PROTECTED]Subject: Re: [ActiveDir] Anonymous
bind
Mulnick, Al(e)k dio:
OGo?
There is nothing abnormal shown in the event logs
onclient or server with any relevance :-(
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick,
AlSent: Tuesday, May 18, 2004 11:18 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: explorer.exe
hangs on folder access
I don't think so I think I've seen this happen before also though, it
was due to a corrupt Internet Explorer installation and once repaired it
worked fine.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dale, Rick
Sent: Tuesday, May 18, 2004 11:09 AM
While we are not running Celerra (thank goodness), when we implemented
our SAN, our Dell rep told us we could connect our Dell NAS box to the
SAN for added storage. When I asked why we would want to do that, I
never got a good answer. Personnaly I prefer to run Windows as the file
server. It is
Any relevance? Does that mean there is nothing or
nothing that seems related? If there is something else going on, it would
be helpful to know. I'd be particularly interested in anything in the system
log. While we're investigating the scope of this, what else is on the
machine? How is the
It's been a few years since I've last used Aelita. But when I did it was
great. They have a suite of tools that can help you migrate including some
Exchange pieces, desktop pieces, Outlook pieces, etc. You'll likely need
all of them depending on the scope of what you're doing.
Al
The
only events logged are informational success notifications and success audit
security logs I do not see any relevant Warning or Error events logged
:-(
Serverspecs:2xPIII 600, 1GB RAM, 2
RAID-1 arrays
The server functions as a file/print server as well as
a DC holding all roles for
Nothing in there about disk errors that might explain
something about a corrupted MFT entry maybe?
Al
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael
WassellSent: Tuesday, May 18, 2004 2:11 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: explorer.exe
hangs on
I wonder if something in the directory is damaged
then. That's an odd behavior to say the least.
Since this is across the network for the user, was there an
antivirus program on the server? What about the NIC? Are there any
other devices, such as a router or firewall between the server and
I am all behind that theory. Also there is a Windows Storage Server
option
http://www.microsoft.com/windowsserversystem/wpnas/default.mspx
Like I said in another note. The big thing with using products that emulate
Windows is that they will always lag when Microsoft updates something, in
Title: Netlogin replication failures.
So if I may repeat the problem I am
hearing...
Your FRS partners are talking fine according to the event
logs but a change in the scripts folder of sysvol does not get replicated
around?
Have you looked at running the FRS monitoring /
troubleshooting
How do your VPN only
users who never attach their laptop to your network change their AD passwords
when they expire? We're having an issue where we have to make all our VPN
users "Password never expires" because they cannot change their password when it
does expire, because they're only
Aelita is not in the GAL synchronization business that I'm aware of. You
can use the MIIS FP pack from Microsoft for this, or you could use something
like SimpleSynch for it. As for permissions to folders, you'll have some
issues there. Check out the deployment guide, specifically the
SWAG but we've run into issues with
the thumbs.db file being corrupted. thumbs.db (hidden system) is created
when you do the thumbnails view. Try deleting that and see if it
helps.
Diane
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael
WassellSent: Tuesday, May 18,
Everything
Ive learned about redirected folders is that users should have exclusive
rights to their own folder. When you say that the desktop is never
created do you mean that items that are located in the desktop folder
are never shown? It would seem that if desktop isnt being created
I have a feeling that it has something to do with the
desktop.ini stored within the folder itself because of the
strangebehaviour when a user attempts to access the folder as shown on the
the compmgmt snap-in.
I really don't think that it has anything to do with
hardware because of the
Russ are they on laptops that are domain
members? If so, after they connect to the VPN they can Ctrl+Alt+Del and change
their password while online. If not and theyre using XP, IIRC they can
use the User Accounts Advanced Manage Passwords option in Control
Panel. The Cisco VPN box can be
Do they have email? You can script a reminder to help
notify them of the impending change requirement based on their Active Directory
information. In the reminder, give them an internal web page to change
passwords with (IISADMPWD comes with the OS).
Won't be too helpful if they go past
I know this is very off topic, but does any one know of a good Time
Tracking Software for Lawyers that is very very simple?
Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]
List info :
I sent this off list but Al suggested I re-post for everyone's benefit:
We actually do have a new product, called Aelita Collaboration
Services, that is designed to do secure synchronization of GAL and
Free/Busy for intra and extra-net environments. Its pretty cool
actually. In the spirit of
Hello Chuck;
Microsoft offers guidelines for allowing administrator
access to redirected user folders as mentioned in http://support.microsoft.com/default.aspx?scid=kb;en-us;288991.
In the article it is mentioned not to allow users exclusive access, rather allow
permissions to inheritfrom
LOL - simple software for lawyers - as one who works in the Legal
industry - good luck. Anything written by/for law firms tend to be
crappy, perhaps easy to use. But a nightmare to maintain.
Paul
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Russ - With the newer versions of
the Cisco VPN client you canconfigure the client to allow logon to the
network via VPN before you logon to the notebook. When you first start up the
system and hit Ctrl-Alt-Del to get the regular logon box, a Cisco VPN connection
dialog comes up instead.
Agreed! I support a law office running Timeslips (www.timeslips.com). While
it does tracking, invoicing, reporting, etc, it is a bit of a pain to
administer. TS does not work well with multiple users logging into the same
machine or the same user logging onto multiple machines. It is definitely
WINS?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Tuesday, May 18, 2004 5:17 PM
To: ActiveDir (E-mail)
Subject: [ActiveDir] dns issues
I had my primary fsmo role holder(pdc,infra,rid) go down. It was also a dns
server(ad
The
complaint here from users is that if they ARE on the network, they have to hit
cancel on the Cisco VPN client login so they can get to the CTRL-ALT-DEL
screen. Is there any workaround for this, or just tell the users to get
over it?
-Original Message-From:
[EMAIL
Gee... you givethem remote
access to the company via the internet from anywhere and their complaining about
having to hit cancel? I would tell them to get over it...
:-)
Actually with my client, I can just type in my password in the
ctrl-alt-del login box and just ignore the VPN client if
wins works and clients are pointed to it.
most clients are win2k/xp. would'nt they be using dns promarily?
-Original Message-
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Tue 5/18/2004 5:30 PM
To: [EMAIL PROTECTED]
Cc:
Subject: RE:
We're combining 7 business units together into a new Server 2003 forest. We'll have
an empty root and the 7 BUs will be combined into an AMER domain. Some BUs already
have AD with Server 2000 and others still have NT4.0. All BUs are running WINS and we
believe that we'll still need WINS.
Stuart - Thanks for the info! Do you know if using either or both methods actually
update the cached credentials on the user's notebooks? If not we would still be stuck
with locked user account problems after the change.
Jeff
Jeff Salisbury
Network Infrastructure and Security Manager
Belkin
74 matches
Mail list logo