Worked like a
charm!
You have the possibility to use
Member option and/or memberof option
Using the member option you
ENFORCE (or replace) which objects (users/groups) are a member of a group. If
you add an object as a member of the group and it is not on the restricted
groups list, it
All,
I am looking for different ways - How to manually corrupt
1. Mailbox Store
2. Public Store
3. A single Mailbox
4. Public Folder
5. A single message in the mailbox
We have created an application for Exchange and I want to test my
application with by manually corrupting the
ALL,
How to access outlook pst 2003 in outlook 2000.
-Rakesh
Yahoo! for Good
Click here to donate to the Hurricane Katrina relief effort.
no one can help me please ? :o(
Have a nice day :)
Cheers,
Yann
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de TIROA
YANNEnvoyé: vendredi 23 septembre 2005 21:32À:
ActiveDir@mail.activedir.orgObjet: [ActiveDir] Extend the UI
ofADUC on one machine
Hello,
Is there a way
All,
I am looking for different ways - How to manually corrupt
1. Mailbox Store
2. Public Store
3. A single Mailbox
4. Public Folder
5. A single message in the mailbox
We have created an application for Exchange and I want to test my
application with by manually corrupting the
If the PST file is a Unicode PST, then the answer is that you can't
access it with any downlevel client.
-ASB
FAST, CHEAP, SECURE: Pick Any TWO
http://www.ultratech-llc.com/KB/
On 9/26/05, rakesh jakhar [EMAIL PROTECTED] wrote:
ALL,
How to access outlook pst 2003 in outlook 2000.
Yes, but you still need OL2003 to do so. The easiest
would be to simply create a new PST file using the option PST 97-2002 PST
Files. Then copy from one PST to another inside OL2003. Other than
third party software, this would be the easiest way. Reminder that OL2003
extends beyond 1.8 GB
Thanks Jon. This is done.
-Rakesh[EMAIL PROTECTED] wrote:
Yes, but you still need OL2003 to do so. The easiest would be to simplycreate a new PST file using the option PST 97-2002 PST Files. Then copyfrom one PST to another inside OL2003. Other than third party software,this would be the easiest
I would probably try user configuration/administrative
templates/system/code signing for device drivers:
Determines how the system responds when a user tries to install device
driver files that are not digitally signed.
This setting establishes the least secure response permitted on the
Normally, I would look at the restrict anonymous configuration if experiencing
communication issues between NT 4.0 systems and = 2000 systems. A setting of 2
seems to break legacy communication.
Thanks,
Dave Waller
Booz Allen Hamilton
-Original Message-
From: [EMAIL PROTECTED]
Theres a sample in the platform sdk for doing this. You have to
write a little COM shell extension in C++. Its not trivial, but, its
not rocket science either. Takes a lot of patience the first try.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From:
Title: SSL question
Hi,
You cannot tell which user
authenticates to which DC. Clients determine their authenticating DC querying DC
for a SRV RR. With SRV RRs you designate a weight factor and a priority factor.
By default the weight is set to 100 and the priority is set to
0.
SRV RRs
Title: SSL question
Jorge,
Thanks for the links. I have already got my schema upgrades done, but your
comments light up another possible option. What if I weighted the new DC with a
really low SRV weight such as 5. Would this mean that a very small number
of clients would authenticate
Title: SSL question
You can use 32 bit subnets if you want to designate half a dozen IPs or
something in that site.
That said, why not just put one DC in general deployment at a couple of
these sites and let it burn in for a bit? Thats the only way youre
going to get an accurate
Title: SSL question
IIRC you can do this with a reg hack that
forces the machine to a certain DC. Problem is the machine will not look elsewhere
if that DC is not available AFAIK.
Regards
Peter Johnson
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith,
Title: SSL question
As I know of the clients do not
choose anything. It is the DNS server that makes the choices for the client and
after that the client receives a list of servers in a certain order to
consult.
That is also a way to do it.
Setting the weight of the W2K3 DCs to 5 and
We are looking at making the department directors here a little more
responsible for their users. We are thinking about allowing them to
have the rights to change passwords.
Is anyone else doing this? If so how are you going about doing it?
List info : http://www.activedir.org/List.aspx
List
Delegate the right/permission to the directors on the OU where the users
are in.
To reset user passwords you need the Reset Password extended right on
the user object. This is also available through the delegation of
control wizard using the common delegated task Reset a user account's
password
I was wondering if it's possible to delegate the ability to change the
settings in the terminal services profile tab on an account. I took a
look, and nothing stood out that might work.
Thanks.
Alan Olegario
Lead Analyst, Systems Engineering
Tiffany Co.
973-254-7253
[EMAIL PROTECTED]
The
ok, last time i reply to my own email :)
I applied a gpo to add 3 domains to the dns suffix search order.
these 3 domains show up in the gui, when you right click a net adapter but the change is not reflected when you do an ipconfig.
the output of ipconfig.exe is different than whats in the gui
Jorge answered the how part. To answer the other part of your question, yes,
this is a very common scenario.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Craig Gauss
Sent: Monday,
When MS introduced that GPO ability, someone forgot to remember where
ipconfig looks for the information it displays. Ipconfig reads the registry
for the information, but the suffix adm/gpo is not stored in the same
location, so ipconfig will never be able to report whatever you are setting
in the
Okay, i've seen that my custom gpo is applying to append a dns suffix search list but the only issue is there is a difference in output between what i see in the gui via network connections and what i see in the output of ipconfig.
In network connections, when i right click the adapter, the dns
thanks.
disregard that last email...
i guess if i find out where ipconfig reads it, i can make a adm to reflect that and push it out?
Does this also apply to the real policy that comes with winxp/2k3 as well?
thanks again!!
On 9/26/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
When MS
my gpo sets it at HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
I created a Reg_SZ value called SearchList with the suffix values and that shows up when you right click the adapter under DNS tab.
However, windows seems to use the other key for things like ping and drive mappings,etc.
oh yeah,-
wmic nicconfig get DNSDomainSuffixSearchOrder (from cmd) returns the correct suffix order
On 9/26/05, Tom Kern [EMAIL PROTECTED] wrote:
my gpo sets it at HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
I created a Reg_SZ value called SearchList with the suffix values and that
Sorry for the delay in responding but the issues I keep hearing about center
around the fact that the SCManager ACL has been locked down. So anything you
have monitoring service states, etc may be impacted if they run as
non-admins or don't directly ask for the service by name.
-Original
I thought that is what I said. ;o)
"You need to grant the person the ability to update the
membership list. Now if you have an older version of ADUC, you won't see that
checkbox under the managed by tab"
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Coleman,
HunterSent:
Well full access rights is a bit like taking off a hang
nail with a table saw but if it works for you...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mayuresh
KshirsagarSent: Thursday, September 22, 2005 11:24 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
You can try delegating userParameter as that is where the info is stored,
but I believe all of the mechanisms that update it use legacy NET style
calls which require Acc Op or Admin rights.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Olegario, Alan
Cool. Good to know.
In the meantime, this
http://www.akomolafe.com/LinkClick.aspx?link=change-DNS-Suffixes-thru-GPO.txt
tabid=63mid=431 is (IMO) as good as the adm you are doing now, and it
*should* take care of the ipconfig discrepancies. Again, I am not able to
test it right now to prove the
This is definitely doable, however you may consider using some sort of proxy
system to do it so you can answer the question who did it and when as those
questions come up.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Craig Gauss
Sent: Monday,
When looking at group memberships, you will need to look at
the group itself, any groups nested into group (and so on), and any users with
primaryGroupID set to the value of any of those groups. Primary groups are not
represented in the normal group membership with the LDAP interfaces. An
I just noticed our
domain-wide operations masters levels all changed. We've had the same
pdc/rid/infrastructure master for years, and suddenly, it's on a different
domain controller. Is there any way this could have changed
automatically? Or did a domain admin have to physically make this
I think Windows Firewall is on by default on new 2003 SP1 installations.
Check the properties of the NIC and see if it is.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pennell, Ronald B.
Two companies sharing the same physical LAN, IP configuration, Windows
2000 servers, two seperate forests, and one DHCP server. In the the
not so distant future they will seperate. In the meantime, is there a
way to point the XP pro clients from CompanyB to a new DHCP server on
the same physical
1. Is the name being resolved?
2. If so is the server actively refusing the connections or is it not
responding at all. You need a network trace for this one, look for returned
packets with RST in them.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
2) If Closest GC registry key set, call UseDsGetDcName()
Yep, fall back to whatever the OS says...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Saturday, September 24, 2005 11:14 AM
To: ActiveDir@mail.activedir.org;
Yeah we need a good search mechanism for this list, this
was discussed nearly to death last year or the year before when that
functionality change was introduced.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge deSent: Monday, September 26, 2005 2:25
From my experience it should work fine. It doesn't have to
know if the right hand side is a domain or host IP, it simply needs to try and
look it up in DNS. I believe it will try an MX lookup and failing that, fall
back to a host record lookup.
A simple test would be to enable SMTP on some
thanks alot!!
quick ques-
if i machine already has a static entry in the suffix search order, will this script wipe out that entry or append to it?
same question for the GPO verison- will it add or wipe out?
thanks again
On 9/26/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Cool. Good to
Where can I fine more info on creating LDAP filters? Im
trying to have Exchange 2003 Address List display users on multiple Mailbox Stores
and Groups. I have to do a custom LDAP search to accomplish this.
Devon Harding
Windows Systems Engineer
Southern Wine
Not if they are on the same LAN. Why do you want to do this before the
separation? Maybe there is a workaround for what ever problem you are
having.
Regards,
Aric
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Danny
Sent: Monday, September 26, 2005
No automatic change mechanism for OM roles. Someone did it. J
Regards,
Aric
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Monday, September 26, 2005
1:12 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Domain-wide
operations
I am way late on this thread but my experience with IBM has been horrible.
At the widget factory I was at, we switched from Dell to IBM because the
newish CIO was from IBM. Our DOA rates went up to about 30% from about 0%.
We implemented new procedures to burn in every DC for a couple of weeks
The guy in link using a batch file to call the VBS Script,
You can directly put the VBS file into startup folder, instead of calling it from netlogon.
Also, I guess, %logonserver% might create problem, as it might not be defined by the time, script runs.
On 9/27/05, [EMAIL PROTECTED] [EMAIL
As far as I can tell, DNS Suffix Search Order is not adapter specific, but
rather, if you set it from the Network Connections applet, it is applied to all
adapters on the system and set in the following registry value:
Nop, this also didn't help...
Now I am facing some strange errors,
When I open any admin tool related to AD like dsa.msc or dssite.msc or domain.msc
I get no domain found error, even though DNS is working fine.
If I open adsiedit.msc to see the permission on partitions, it doesn't allow me to
...
Something that is necessary for almost every one of these tools is an
LDAP query. Active Directory is an LDAP-based directory (LDAP stands for
Lightweight Directory Access Protocol). The queries are based on RFC-2254, The
String Representation of LDAP Search Filters (available at
This is always a good starting place if
you find it consumable: http://www.faqs.org/rfcs/rfc2254.html
Optionally, using the ADUC MMC
Snap-in you can build some Saved Queries and see how they are
built (Query String) by the snap-in to learn some of the intricacies.
Regards,
Aric
Know of an easy way to find out who? I'm assuming
auditing, but our security logs are unwieldy and if it happened over a couple
days ago, well you know how that goes.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard,
AricSent: Monday, September 26, 2005 3:58 PMTo:
It is in the create code. The OS that it must assign SIDs to users,
computers, etc. It may be hardcoded to the existence of that attribute as a
mandatory attribute for the class or it could just be for certain fixed
clases. I have never tested it by creating another class with objectSID as a
I also find this article helpful: http://msdn.microsoft.com/library/default.asp?url="">
Thanks,
-Steve
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Bernard, Aric
Sent: Monday, September 26, 2005
4:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE:
Are you asking if there is a way to do
this with out using the event logs?
The only option I can think of is gathering
all of the persons with permissions and beating them about the head until
somebody confesses. Come to think of it that could generate some false
positives. J
If you
The adm i set, directly sets the HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList value, NOT the policies key.
Its for win2k, so its a tattoo, not a policiy. that other key never comes into play.
as i stated, in the net coonections applet it changed the adapter.
when doing an
I don't have the answer to this other than writing a sink or something that
reads every message of every mailbox, neither of which I would consider
trivial, but
I find this statement to be humorous Sorry for sending an Exchange question
to an AD group, but I really need an answer to this
when i had the smtp connector point to dns, it failed with remote host did not respond.
when pointing to a smarthost it worked.
maybe exchange while sending to [EMAIL PROTECTED], thinks servername.domain.tld is a domain and when it gets a nxdomain from domain.tld, it fails?
no?
sillier things
Findstr /S /I string \\.\backofficestorage\domain\mbx
It'll be slow. And it requires access to every mailbox. But it'll work.
:-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, September 26, 2005 4:18 PM
To:
Why should Exchange not think that servername.domain.tld is
a domain?
Can
you resolve servername.domain.tld from the Exchange server? How about from the
smarthost?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Monday, September 26, 2005 5:32 PMTo:
Be very careful with this. The RUS doesn't actually use
LDAP to execute that filter except for when you test it in ESM. I have seen
perfectly good queries that work great in the test (because it actually submits
the LDAP query to AD) and then the AL is built all wrong. It is usually around
I just tested this, I sent to [EMAIL PROTECTED] and watched Exchange query DNS
for the MX record, an SOA record was returned, it then queried the A record and
got that and fired the message off.
If it isn't working, then I expect it is in the name res area as Hunter is
indicating as well.
Are you suggesting counseling, Aric? :)
DHCP is based on broadcast. I suppose if you configured your helpers to
point to different subnet segments (assuming the two companies don't
share the same subnet) you might be able to do this.
-Original Message-
From: [EMAIL PROTECTED]
At least the number of people who could do this at least is very limited and
hopefully trusted. If you ask each of them if they did it and someone doesn't
admit to it, there is obviously an issue.
It could have happened in a demotion too and possibly an admin didn't notice
it. Was the
Counseling indeed!
I made the assumption when you said the same LAN that both companies
were sharing the same subnet...and you know what they say about
assumptions...
Of course Marcus is right if my assumption is incorrect. :)
Regards,
Aric
-Original Message-
From: [EMAIL PROTECTED]
Yeah. what you said ;)
Give me some time - I'll think up an explanation for why I F'ed the whole
thing up.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow
65 matches
Mail list logo
