Id suspect network routing issue. Maybe
it was coincidental dont see how faulty DNS would prevent being
able to reach something by IP.
:m:dsm:cci:mvp marcusoh.blogspot.com
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig
Sent: Wednesday, September 28,
All,
ADMTv3 has been released! It contains a lot of improvements compared to v2
Some cool improvements worth mentioning:
* Support for input files to chose object to migrate
* User rename
* Select source and target DC for migration
* Several pre-checks before migrating computers
* Improved
Marcus you need to go to bed hehe
---
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr Network Analyst,
Field Platform Development
Applebee's
International, Inc.
4551 W. 107th St
Overland Park, KS 66207
Looks like it's finally made general release.
http://www.microsoft.com/downloads/details.aspx?FamilyID=6f86937b-533a-466d-
a8e8-aff85ad3d212DisplayLang=en
Mark
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
Thanks for the tips Jorge !
Have a nice day
Cordialement,
Yann TIROA
Centre de Ressources Informatique.
Campus Scientifique de la DOUA.
Bât. Gabriel Lippmann - 2 ème étage - salle 238.
43, Bd du 11 Novembre 1918.
69622 Villeurbanne Cedex.
-Message d'origine-
De : [EMAIL PROTECTED]
Folks,
We're attempting to restrict significantly open ports on our Windows
2003 domain controllers, even to the local LAN. We're getting utterly
confused by a situation where users need to use Outlook forms to change
their AD password - they are not logged on to the domain. Some clients
Title: Message
IamDefiningthepolicyonanXPmachine.TheDomainControllersare2003.
The Workstations I am trying to affect are
XP.
From: Katrin Wilhelm
[mailto:[EMAIL PROTECTED] On Behalf Of Katrin
WilhelmSent: Wednesday, September 28, 2005 6:22 PMTo:
ActiveDir@mail.activedir.orgSubject:
The last time the connection wizard was disabled in our GPO, the first
time the user launches IE it runs the wizard and the error occurred,
the user is not authorized or connection wizard is disabled.
Salandra, Justin A. wrote:
Message
If it is disabled, then the computer should
Ok I have looked there and in the custom settings directory. There are
two files in the custom settings directory other then the install.ins
there is seczones.ini and seczrsop.ini. Now the sites I want added to
the trusted sites are not in the seczones.ini but they are in the
seczrsop.ini.
Title: Message
I have had this issue as well and is a known
issue with MS. The work around was to set the policy on the pdc itself, using
the gpmc from an xp machine did not work. Only difference was I am using 2000
domain. You will have to set the security zone settings on your pdc then
I don't have a list of ports for you but this KB details the different
programmatic methods that are available at all to do it.
http://support.microsoft.com/kb/q264480/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Mackenzie
Sent: Thursday,
1. When I attach a shortcut to a public folder item(word doc) as an attachment
to an email, many users cannot open the attachement but just click on the
shortcut and nothing happens.
they all have appropriate rights to the folder.
is this some OLE issue on the client?
by what mechanism does this
Don't know on 1, but for 2 get PFDavAdmin which is either in the Exchange
Resource Kit or downloadable from Microsoft. It will let you set permissions on
a folder and then propagate them down to subfolders.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Dear List,
We have a conference room which has a network port which is directly
connected to the internet cloud so that visitors who want to hook up
notebooks and get out can. That port does not allow network access.
Yesterday, a department head asked us if one of his visitors could use
that
Title: Message
Justin, see if the info in this article helps:
http://support.microsoft.com/KB/246883
Rich
---
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr Network Analyst,
Field Platform Development
This is a hard problem to solve today. You can do things like 802.1x so that
devices have to authenticate before getting on the network however there are
many obstacles here. The future direction is a solution called Network Access
Protection (NAP) which is being worked on for then next
Eh mom I think I saw you at the
doubletree.
:m:dsm:cci:mvp
marcusoh.blogspot.com
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Thursday, September 29, 2005
3:20 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain
Hello all,
Is anyone delegating control of the netlogon directoy or can
anyone see any issues with doing this. What we have is several ous under
our domain. In netlogon I have directories for each of these ous, this
is where we keep there site specific scripts. I would like to delegate
Hello guys,
I have an active directory domain that has about 4000 records. I noticed
that because of the way the company operates (as in many people come
into the company on short notices) we have a lot of stale and obsolete
records in active directory and these number of this stale entries keep
If your network is small, you can reserve IP for each of your machine, and exclude every other ip from scope.
it will ensure that no other machine ( or machine with not trusted NIC), can get IP from DHCP.
But this can be administrative issue, if any of your machine gets new
NIC, or new machine is
yes, it is a bad practice.
Do they have rights to manage their own GPOs ?? and
they use login script thru their own GPO ??
if yes then they can put their login scripts inside GPO's startup / shutdown / logon / logoff folder directly.
if not then, manage that change for them or put scripts
I would suggest, first disable them and move them to separate OU, and
then delete them after a cooling period of say 7 days ( whatever works
for you)
you can use the oldcmp.exe from http://joeware.net/win/free/tools/oldcmp.htm
and manage the inactive computer and user acconts with it.
--
Rocky,
I've heard of people using Option Classes to provide different gateways to
different clients (execs get the T-1, peons get the 56K link). What you
could do is use the option class to provide the correct gateway to your
clients and have the default gateway address be 0.0.0.0 -- computers
Just to be sure what you are asking...
IMHO:
* AD contains objects (users, groups, etc)
* DNS zones contain records (A records, SRV records, etc)
Are you talking about users in AD or are you talking about records in DNS?
Can you be more specific? My feeling says you are talking about DNS
Hi,
I've got a interesting problem with a couple of new servers. (3
supermicro X6DHT and 1 Dell PE2850). Windows Server 2003 sp1
(supermicro's from their OEM cd, the dell from our volume license cd).
Fresh install off the CD. On the network and added to the domain. Added
to the proper
Hello:
Please do not flame
me for asking this. I would like to open a non-domain Windows Server 2003 box
for anonymous Guest access to two shares and a printer without being prompted
from the client. (Yes, I am aware that MS has spent lots of time making this
very difficult to accomplish
Could be a network stack timing issue. The KB article below applies to
Win2K and XP but doesn't say whether it explicitly is supported in 2K3.
However, it might be worth trying since this problem is common and this
registry hack can help in some of these cases.
I believe the guest account should have no
password.
Mike Thommes
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Thursday, September 29, 2005
3:28 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Guest
Access
I used to have this problem on XP machines, and I still do on occasion.
I tried this fix and it did not work.
I found that If I upgraded from XP SP1 to XP SP2 the problem went away.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent:
Tried that too. No luck.
From: Thommes, Michael M.
[mailto:[EMAIL PROTECTED] Sent: Thursday, September 29, 2005 2:02
PMTo: ActiveDir@mail.activedir.orgSubject: RE:
[ActiveDir] OT: Guest Access w/o Credential Prompt
I believe the guest
account should have no
Hello folks..
I'm new member of this mailing list. I have some
problems with Active directory especially in GPO deployment.
My company using Lotus Notes as primary mail
system. I am using GPO common scenarios which I've downloaded from
Microsoft.
I am testing a GPO policy to my pc which
How can i restrict some or all domainUsers to Log on toonly one (any one) workstation at a time.
Thanks in advance guys
-- Ravi Dogra9899647200This e-mail, together with any attachments, is confidential. It may be read, copied and used only by the intended recipient. If you have received it in
Take a look at limitlogon that is
described in this article: http://www.microsoft.com/technet/technetmag/issues/2005/05/UtilitySpotlight/default.aspx.
It also has a link to download the tool.
Thanks,
-Steve
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
What user name are you testing with? Is
it unique meaning that the stand alone server you are trying to hit does not
have a local account by the same name? If the user account name is on both
machines we will not fall back to guest. Also if the names are unique have you
tried giving
Looking at the AD schema, I'm seeing that distinguished name values are not
bound by any length restrictions. All AD API functions and interface
methods that accept DN values can accept values that are of arbitrary
length. Likewise, all such API functions and interface methods that return
DN
There is no hardcoded limitation on DN - there is a max 255 RDN length.
steve
- Original Message -
From: Chuck Chopp [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Thursday, September 29, 2005 7:47 PM
Subject: [ActiveDir] Maximum distinguished name length?
Looking at the
Steve Patrick wrote:
There is no hardcoded limitation on DN - there is a max 255 RDN length.
And just to verify how the term RDN is defined w/respect to AD [as opposed
to how it's defined w.r.t. eDirectory], the RDN value is the partial
distinguished name of an object that is relative to
Hi Tom,
For question number two check out http://support.microsoft.com/?id=815916
Cheers,
Katherine
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter
Sent: 29 September 2005 21:47
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] 2
I will be out of the office starting 09/30/2005 and will not return until
10/03/2005.
I will respond to your message when I return.
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
39 matches
Mail list logo
