Hi,
we have a domain called cts.com and under these domain we have several sites. In a
site called Pune we have 2 domain controllers which are physically located in 2
different buildings connected by 8mbps line.
Lets say ctsinpuncfaa is located in building A and ctsinpuncfcc is located in
Hi Guido,
Thanks for reply, her are few more inputs.
Both these DC's are in different subnet and I really don't want to change any property
of other sites.
Is there anything I can change in PUNE site ?
-dinesh
-Original Message-
From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED]
In a site called Pune we have 2 domain controllers which are physically
located in 2 different buildings connected by 8mbps line.
that's your problem = DCs in the same site will be treated the same -
and if both buildings are in the same subnet, then there's not much that
you can do about it (you
you can't change anything in the site-configuration itself (a site is
meant to treat every DC basically the same way).
What are your reasons for not wanting to change the site config (i.e.
adding another site) - other than not having the permissions to do so?
The other options tend to bite you
The added site will not harm your configuration. site configurations are
intended for problems like yours.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Monday, June 14, 2004 11:05 AM
To: [EMAIL PROTECTED]
Subject: RE:
Absolutely, there no harm to make a another site. But my basic question
is Why client desktop get authentication from DC other than their OWN
site ? If I create another for building B then again same problem may
occur.
-Dinesh
-Original Message-
From: Michel SAKR [mailto:[EMAIL
They will authenticate on the same DC that is on their site subnet.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tashildar, Dinesh
(Cognizant)
Sent: Monday, June 14, 2004 3:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LogonServer
Absolutely,
Workstations will follow a pre-defined set of checks to get authentication.
You can't and I'd argue don't want to prevent them from being able to get
authentication if they don't get it in their own site. This set of checks
is dependent on the workstation version as well.
What workstation
If I understand your original post, some of the workstations are authenticating to the
DC in the other building (same site), and some are using a DC in a completely
different site. The other responses answer the first issue (all DCs are treated the
same within a site), but don't address the
Many thanks for response to my query. Now All workstations (Windows 2000
prof) are getting authentication from correct DC's.
Our previous system administrator made a big mistake. He has not defined
subnets for building B workstations in Sites and subnets. After adding
all subnets, all
Right, it was
the you dont have rights to log on interactively
From: joe
[mailto:[EMAIL PROTECTED]
Sent: Friday, June 04, 2004 8:39
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Child
domain login.
Yeah let me correct something I said down
below as I was
Title: Message
Can a SID be
"copied" from one account to another between domains in the same forest? The
scenario is this: account is migrated using ADMT from NT4 domain into child
domain in 2003 forest. An account with the same username is going to be copied
into the root from an external
Title: Message
If you are talking about the user's domain account it is a
guid, global unique id, the domain version of a sid. There can be only one of
these in a domain. Copying it would give you two of the same at the same time:
Forbidden.
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Title: Message
I
guess I should clarify a little better. The "planner" is looking to copy the
SIDhistory info from the migrated account to a fresh, clean account in the root
domain. So, it would be an NT4-2003 child domain migration, and then a copy of
the SIDhistory info to the root domain
Title: Message
Depending on your C++ skills, there is an
API call:
http://msdn.microsoft.com/library/default.asp?url="">
From: Chris Flesher
[mailto:[EMAIL PROTECTED]
Sent: Monday, June 14, 2004 1:31
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SID
question
I
Title: Message
how about first _MOVING_ the accounts from the child domain
to the root domain (can be done via ADMT or the movetree command) - then update
these from your LDAP source afterwards.
= user will keep GUID and UG/DLG memberships and will
be dropped from GGs= user will keep same
Title: Message
Our new PDC from Dell turns out to be
physically damaged inside, so were sending it back. I want to remove AD from the system (for
security reasons) but DCPROMO isnt working because this DC is now off
the LAN. Its off the LAN
because I successfully cloned (via NTbackup) its
Hi-
I think I saw this flash by on the list recently
I am looking for a tool to create a report of the NTFS security permissions on
folders on a drive. I have seen a reference to this command: CALCS C:\* /T /C
C:\C Permissions.txt but that does not seem to work. Is that a
Unix command?
Title: Message
Im trying to get users to
automatically log out after a certain timeout setting. Ive read all over setting the
timeout settings in under
Computer Configuration/Windows
Settings/Security Settings/Local Policies/Security Options:
Amount of idle time required before
Title: Message
Try dcpromo /forceremoval. This will
remove AD from the server and turn it back into a standalone.
Dan
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Malachi Burke
Sent: Monday, June 14, 2004 5:17
PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir]
xcacls C:\*.* /Cc:\Perm_Reports.log will create such a "huge" report file. depending on how many objects you have in the folder, the report may be so large you'd need a crowbar to open it.
Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP -Directory Services
www.readymaids.com - we
Thanks. This does not seem to be
in the Windows Server 2003 RK. Know where I can get it? Or is there something
else (that does not require a crowbar) to do the job?
From: Deji Akomolafe
[mailto:[EMAIL PROTECTED]
Sent: Monday, June 14, 2004 8:29 PM
To: [EMAIL PROTECTED]
Subject:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/xcacls-o.asp
what, you are scared of crowbars? ;)
Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP -Directory Services
www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow
23 matches
Mail list logo