Title: Message
I
have one question, How to assign "UNIQUE X500 OBJECT ID" ifI create a new
Class(Attribute) ??
Regards, Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group
Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EMAIL PROTECTED] "Save
Title: RE: [ActiveDir] HELP URGENT how to recover exch2000 admin account d eleted
I think Domain Prep will do in reassiging those rights instead of Forest Prep. Please correct me if I am wrong.
Regards,
Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group Information Technology
Title: Message
Can you explain a little bit more what you trying to
do?
ADSI or System.DirectoryServices programming? - http://groups.yahoo.com/group/adsianddirectoryservices
Carlos Magalhaes Directory Services Programming
MVP
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
What exactly are you trying to achieve?
-Original Message-
From: Pyron [mailto:[EMAIL PROTECTED]
Sent: 31 May 2004 15:02
To: [EMAIL PROTECTED]
Subject: [ActiveDir]
Is there a way to centralize username and passwords on a server farm
with different active directory domain trees?
thanks
Hi everybody,
Is there any way to logging accesses to a specific folder/directory (on the
server's filesystem) in an W2K Active Directory environment?
Best Regards
Marco Scalas
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
You don't specifically need pointers...as far as I can remember it is
just good practice.
I do find it useful from an admin persepctive at times, i.e. resolving
an IP back to an IP in a troubleshooting scenario (at times).
You aren't going to lose anything by creating them.
Rob
-Original
Title: Message
Start
again... dcpromo the box down.. flush all the event logs ... dcpromo her up
again start posting the results back if you are still having
issues.
Rob
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 30 May
2004 10:30To:
auditing
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marco Scalas
Sent: Dienstag, 1. Juni 2004 10:17
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Logging access to windows folders
Hi everybody,
Is there any way to logging accesses to a specific
Title: RE: [ActiveDir] HELP URGENT how to recover exch2000 admin account d
eleted
Exchange Server 2003 Deployment Guide page 84/85
The account you use to run ForestPrep must be a member
of the Enterprise Administrator and the Schema Administrator groups. While you
are running
I have a very strange delemma here...
One of our domains has a server with sensitive data. The IT director of this domain has decided that some of the information contained on this server cannot be seen by anyone from the other domains ( even including the Enterprise Admins in our forest ). This
Sorry
But want to make sure Im
understanding you here. You suggesting set schedule to never, until the ADC is
inplace and working ok? Then moving it to a schedule? We dont plan to
completely shut down the old exchange server for a few weeks at least.
Anything else I should
be aware
Title: Message
You
need a separate forest then really.
or
You
could DMZ the box off behind a firewall with anappropriate
rulebase.
BR,
Rob
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 01 June 2004 10:45To:
[EMAIL PROTECTED]Subject: [ActiveDir]
Title: Message
Hmmm, have you checked to see if your machines are
replicating correctly? What ver of Windows Server are you
running?
ADSI or System.DirectoryServices programming? - http://groups.yahoo.com/group/adsianddirectoryservices
Carlos Magalhaes Directory Services Programming
MVP
Title: Message
A
personal firewall may also fit requirements.. I have used Checkpoint
secureClient to fulfill a similar requirement.
-Original Message-From: Rutherford,
Robert Sent: 01 June 2004 10:52To:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Protecting
Domain Data
Correct, suggest since you havent
worked with the ADC before that you lab/vmware this at least once, and document
your process before trying this in production. This way youll have
something to work with without being tempted to tick any options you havent
seen work in the lab before.
Title: Message
Hello Folks,
This
particular server(Windows 2000) isnt replicating out, SYSVOL is not shared even
if I share manually, when i restart Server, it gets unshared. The NTDS
Connection objects were also not created, and so i have done that manually and i
get event id 13562 Source
Title: Message
Is the
DNS on that machine pointed locally for resolution?
What
do you get if you type DNS?
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 01
June 2004 11:49To: [EMAIL PROTECTED]Subject:
RE: [ActiveDir] Sysvol Damaged
Hello
Title: Message
this is not what firewalls are for
= someone needs to manage the FW as well... - who's
this going to be? Typically the same admins that you want to protect the data
from... And since the server is in a domain, they can still do everything
they need on the server via GPOs...
Looking for some guidance / help...
Our Enterprise Systems Management Group is in the process or rolling out
Tivoli to all locations. It doesn't seem logical or best practice, to me,
to put such an application on a Windows 2003 DC. When testing TMF 4.1
components on a test Windows 2003 DC,
i checked the perms thru adsiedit-
blackberry account(ex view only admin according to ESM)- has all the appropriate
rights except no entry at the ORG container and at the Administrative groups container.
Domain admins in child domain with similliar issues(ex full admin according to ESM)-
same
Best practices would be to Install it on a member server...
Chuck
Title: LDAP Query Response Time
Thanks everyone for the suggestions
even the shameless plugs from Gil J
You know at first all we had to
worry about was Exchange. It has some fail safes (that dont always
work) for unresponsive or slow responding domain controllers. Here lately, were
Hi
I have been lurking for about a year and have pulled a lot of knowledge and
information from the list - thank you all. I do have a specific issue I
wanted some opinions on regarding DNS.
Our current configuration is a 10 domain AD 2003 functional forest, with 1
empty root and 9 child
Title: Message
sorry.. nslookup ... It was a heavy bank holiday weekend
;O)
-Original Message-From: Rutherford,
Robert Sent: 01 June 2004 12:17To:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged
Is
the DNS on that machine pointed locally for resolution?
Title: ADMT migration order
Hi,
i'm testing ADMT v2 and i've read almost all the documentation and papers on microsoft website and on this newsgroup's archive but What i wasn't able to find is a sort of best practice about order migration.
A lot of paper about how to migrate user
Tivoli is not secure. If you care about security do not put it (even agents)
on your domain controllers. Period.
Whomever manages Tivoli, will own your forest the moment you add it to a DC.
This goes for any application that runs as localsystem on the DC and is
controlled by someone else other
Title: RE: [ActiveDir] HELP URGENT how to recover exch2000 admin account d eleted
Yep, the changes have to made to the
configurationcontainer and the domain preps only go after the domain
partitions. The config is forestwide hence the forestprep and the need for
Enterprise Admins. The Schema
This is a fat document that is great for getting up to
speed on the ADC:
http://www.microsoft.com/technet/prodtechnol/exchange/2000/library/udadc.mspx
It talks about Exchange 2000, but all of the concepts and a
lot of the specifics will carry over to Exch 2003
Hunter
From: Chaudhary, Amit
Exactly! Tivoli is not going to give you very good information about Active
Directory. I can tell you that in all honesty as a person who's been bit by
the tivoli virus ;)
In a past life as a consultant, I saw many Tivoli implementations gone bad
and a lot of finger pointing; all for minimum
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Yeah, that's why I said trivial. As you say, even with limits, there are
things you can do to slow down servers as to get close to a DoS situation.
We found this out a few weeks ago with the W32.Gaobot.WX virus, just doing a
bunch of bogus authorization requests via RPC can significantly slow
Cheers for all the
info
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Coleman, Hunter
Sent: 01 June 2004 15:30
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] exchange
5.5, active directory and ADC
This is a fat document that is great for
getting up to speed
I completely agree. I just wanted to ensure that I wasn't amiss with
disagreeing with putting Tivoli Managed Node components on a W2k3 DC.
We're aiming for MOM and its corresponding integration. I've looked at the
AD Option provided by Tivoli and am not excited at all. I'm having to
write a
Title: LDAP Query Response Time
I am looking for the same thing. We are
having more and more applications bagging against the directory. I hate nothing
more then a 2am call I think AD is Slow. I know there are a few Tool$
that do LDAP query response time tracking very well. Im look for
I'll second Nick's comment to test
your implementation in a lab setup first before doing it live. There are
some subtle (and not so subtle) things that you can do to hose your production
setup. The first lab run we did hosed our lab but we learned. That's
what labs are for
Diane
Different domains or different forests? That's a key piece of info.
Different domains within a forest means its already done for you - all
the info is in AD already.
Different forests means a directory sync tool - MIIS from Microsoft,
SimpleSync from CPS systems, and any of a half dozen others
Title: Message
I'd suggest rebuilding the box
entirely.
DCPromo it down, then rebuild from scratch, then dcpromo it
back in.
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
From:
It goes through a whole matching process - in a nutshell,
it will match the accounts based on the Primary Windows NT account attribute in
the Exchange DS. There's a whole lot of documentation on the ADC on
Microsoft.com/exchange
Yes. Its pretty flexible for that
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
From: Chaudhary, Amit
[mailto:[EMAIL PROTECTED] Sent: Tuesday, June 01, 2004
2:21 AMTo: [EMAIL
I think I have seen this same post now like 5 times...
Tom have you seen the response to it?
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Tuesday, June 01, 2004 8:49 AM
To: ActiveDir (E-mail)
Subject: [ActiveDir] OT:
no, i haven't.
sorry for the excessive posting. i didn't see it come up. i thought it wasn't getting
thru.
my apologies.
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 01, 2004 11:38 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: exchange
I think I
Problem solved!!
I have assigned system full rigths access on domain controller, then Ive
installed mmc for admin exchange,
I ran mmc as system account by means of 'at' command and then delegate my
exchange organization to other account so I succeded on getting admin access
to exchange, so
Indeed I do. I have been thrown into this implementation with little time to
plan (i know, i know...plan plan plan) and am also just wanting to know if
some of the ways i have been doing things are wrong, or if i am making the
right assumptions. I appreciate all the comments that I am recieving.
Quite Ingenious...
Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com
clister
[EMAIL PROTECTED]
when delegating permissions in ESM, do you still need to give admins
view only admin rights to the org?
we have been delegated full exchange admin rights to our admin group and
compleltly taken out of the org and now when i fire up ESM, i see
nothing.
Thanks. This is relaed to another exchange
HI there;
does anyone have a gpo policy for NAV 7.5 with different sites ???
thanks
Jon
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
They'll still be able to communicate. That's what the SRS is for.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rittenhouse, Cindy
Sent: Tuesday, June 01, 2004 3:12 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT-E2K3 migration
I have an
I thought there was more specific documentation, but I can't locate it at
the moment. As I recall, you do need to have view only rights at the ORG
level and then full at the AG level. As you can tell, you can't see the ORG
to get to your AG without it.
I'm going off of memory though. I don't
Return Receipt
Your [ActiveDir] OT-E2K3 migration
document
:
Title: Strange sysvol share
I am running 2003 server with 2 DCs.
DC2 has two sysvol\[domain] folders, one is shared correctly as the sysvol and netlogon shares (\windows\sysvol\sysvol\[domain]), the other is not shared but is participating in replication. I have been unable to delete it
You need to break the junction pointon the bad folder. Use the linkd.exe utility... I think it is part of the reskit or support tools. Once you break the junction point, you can safely delete it.
Don
[EMAIL PROTECTED] wrote:
I am running 2003 server with 2 DCs. DC2 has two sysvol\[domain]
Linkd worked. The files in the scripts folder and the
policies folder deleted automatically.
Thanks, Don.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Donald
BauerSent: Tuesday, June 01, 2004 3:14 PMTo:
[EMAIL PROTECTED]Subject: Re: [ActiveDir] Strange sysvol
share
Ive
done a lot of work in this area, and while its not easy to add new
property pages to an AD object, it can be done. Documentation is sparse.
My book covered the AD UI objects in more detail than any Ive seen, but I
didnt cover the process for adding property pages in detail, just
Is there a way in ad 2k to create templates for new user creataion. By OU
for group membership, loginscript and profile settings? I know there was a
way in NT 4.0?
Thanks
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
MIIS has a feature pack that's free/cheap for that space, I think
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Rutherford, Robert
[mailto:[EMAIL PROTECTED]
Sent:
55 matches
Mail list logo