Hi List,
I am having annoying problems getting two forests to establish a trust (one
is W2K, one is W2K3). Has anyone got a reference to what permissions are
required
TIA,
Brad
This email and any attached files are confidential and copyright protected. If
you are not the addressee, any
Hi,
You do not mention the type of trust you want to create but between a W2K and
W2K3 forest you can only create external trusts.
For more info see:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b30ef067-746e-4453-b879-804259aafdd3.mspx
Cheers,
Jorge
Hello everyone.
I know this is off topic but I can't think of any other mailing list that
would have answers to MSI application deployment. I have been using MSIs and
Group policy objects to deploy applications in Active Directory. I need to
create my own MSI applications because a lot of the
Hi all,I have a problem whereby our I've been asked by a manager to install outlook on our DC's to allow us to email back the services team when backups have failed.I am dead against this, I have just managed tosplit the DC File and Print roles and reduce the number of domain admins.
Personally, I would leave a DC as vanilla as possible. The
more cr** installed, the less reliable the DC will become and the more deviation
will exist within the DC real estate itself, which can only add to your
TCO.
Why not create a _vbscript_ to do this instead? I don't have
an example
Sometimes I wonder where managers hear that kind of stuff...
If the backup program has the possibility to report if the status of a backup
is OK or FAILED, then that backup util will most probably have an option to
send and e-mail. If it does not have that option but it has an option to run a
If you ran SBS boxes I'd be freaking out and going
NOO
Got Exchange on there we can't on our SBS boxes
Why you shouldn't
1. Outlook has known issues on top of a system with mapi/Exchange dlls
2. You've just introduced another app on a domain controller ..patching
Title: Message
Which
backup program are you using?
-Original Message-From: Frank Abagnale
[mailto:[EMAIL PROTECTED] Sent: 24 Nov 2005
16:39To: ActiveSubject: [ActiveDir] Outlook installed on
a DC
Hi all,
I have a problem whereby our I've been asked by a manager
Hi Jorge/Neil,I agree, there are alternative ways of notifying the service team via scripting however, the manager is intent on using Outlook on the DC's, I was looking for reasons why this wasn't a good idea security wise, though looking on google etc I couldn't find anything concrete.
I can get more stuff if you like..but can you get the idea?
You Receive a Warning Message or You Cannot Start Outlook on a Computer
That Is Running Small Business Server and Exchange Server:
http://support.microsoft.com/default.aspx?scid=kb;en-us;828050
Use the ProfMan2 sample
This
Here is why you don't do it:
http://blogs.msdn.com/stephen_griffin/archive/2004/07/03/172257.aspx
See also KB 266418 -- it isn't
supported.
Here is a small script that sends e-mail that you can use
instead:
http://blogs.brnets.com/michael/archive/2004/11/30/251.aspx
From: [EMAIL
BTW there's a ;-) on that bottom comment.
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
If you ran SBS boxes I'd be freaking out and going
NOO
Got Exchange on there we can't on our SBS boxes
Why you shouldn't
1. Outlook has known issues on top of a
It' another app that you have to threat vector
Gee..what's this?
An upatched security issue in Outlook.
Network Security, Vulnerability Assessment, Intrusion Prevention:
http://www.eeye.com/html/research/upcoming/20050505.html
What version?
Don't know do we? What method can they attack
just curious, How do we know, where that FSP is used in AD.
If FSP is member of any group we can find them using memberof attribure of FSP.
But, If that is not populated, it might be the case that, someone directly and stupidly gave that FSP some right somewhere.
How do we find that?On
Yesterday morning I had to change my Win2k Server up a bit. I wanted a
new static IP address, and the ISP told me that in order to do that, I
needed a new NIC (MAC Address). So, I switched the cables on the back of
the server, and got the new IP for my external card.
I then reversed the
If this was an SBS box and a DC I'd be majorly wincing and telling you
to use the change IP address wizard... if we do it manually we do this:
How do I move my server to new hardware:
http://www.smallbizserver.net/Default.aspx?PageContentID=324tabid=141
We do this trick of installing loopback
How do I find out, on which DC password for a particular user was changed or reset.
I know, if account management auditing is enabled, I will get a event 627 or 628.
But what if I have large number of DCs? and I don't have monitoring app like MOM ?
Last I checked, I was not able to see any
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] burped the following on
24/11/2005 11:40 AM:
If this was an SBS box and a DC I'd be majorly wincing and telling you
to use the change IP address wizard... if we do it manually we do this:
How do I move my server to new hardware:
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] burped the following on
24/11/2005 11:40 AM:
If this was an SBS box and a DC I'd be majorly wincing and telling you
to use the change IP address wizard... if we do it manually we do this:
How do I move my server to new hardware:
Harald,
Am I reading this right, that you changed the MAC addresses on both
NIC's (swapped 'em) or just changed the TCP/IP settings?
Also to clarify, the server is resolving the internal IP via DNS
correctly, and you can access the box via the internet on the external
IP... But internally you
Molkentin, Steve burped the following on 24/11/2005 1:00 PM:
Harald,
Am I reading this right, that you changed the MAC addresses on both
NIC's (swapped 'em) or just changed the TCP/IP settings?
Yes, I switched the cables to the NICs, and then reversed the TCP and
other settings.
Also to
Have you bounced (rebooted, or shutdown/restarted) the server since
the changes?
themolk.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harald
Sent: Friday, 25 November 2005 7:33 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir]
Sure, I've read enough of your replies to others post to understand your humor! "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" [EMAIL PROTECTED] wrote: BTW there's a ;-) on that bottom comment.Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: If you ran SBS boxes I'd be freaking out
Molkentin, Steve burped the following on 24/11/2005 1:40 PM:
Have you bounced (rebooted, or shutdown/restarted) the server since
the changes?
themolk.
Several times.
--
Harald Gill
Without Dreams...Life is Nothing
List info : http://www.activedir.org/List.aspx
List FAQ:
Like someone else [sorry I forget] said... why does he think it's the
thing to do?
Frank Abagnale wrote:
Sure, I've read enough of your replies to others post to understand
your humor!
*/Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[EMAIL PROTECTED]/* wrote:
BTW there's a ;-) on
After a meal of Ham my brain is a bit fuzzy [just ran home 'cause Dad's
on dial up and his a/v expired and I'm getting a new version ...remind
me to buy him DSL for Christmas]
All I know is we can't just 'move' the nics... we have to tie the
services/what not to a loopback, then remove the
You might wanna take a look at:
http://blogs.dirteam.com/blogs/jorge/archive/2005/11/24/161.aspx
Cheers,
jorge
From: [EMAIL PROTECTED] on behalf of Kamlesh Parmar
Sent: Thu 11/24/2005 8:39 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Find
Ask the manager if he'd like to turn his pc into a DC, complete with the
limitations therein, and see if he likes it! ;)
The view is always better from the cheaper seats...
themolk.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Susan Bradley,
Hi All,
I would be interested in your feedback concerning the story below. The full
story is also available on my blog
(http://blogs.dirteam.com/blogs/jorge/archive/2005/11/24/149.aspx).
Any feedback on it would be a appreciated!
If you have question feel free to ask!
Thanks in advance!
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] burped the following on
24/11/2005 4:14 PM:
After a meal of Ham my brain is a bit fuzzy [just ran home 'cause
Dad's on dial up and his a/v expired and I'm getting a new version
...remind me to buy him DSL for Christmas]
All I know is we can't
DNS Servers . . . . . . . . . . . : 192.168.0.1
154.11.128.187
I'm assuming that's the two IP addresses there?
Now with the caveat that the only way I know is the SBS way which is
point inward for DNS and then you do root hints/or forwarders, if this
was
1. Outlook has known issues on top of a system with
mapi/Exchange dlls
I believe the reverse is also true; the dll's that Outlook installs may muck
up the DC as well as it fights to repair itself.
There is no good reason to install Outlook on a server. If you need to mail
items,
Jorge, I saw your definition of a SBC server, but what is that really? Can
you expand that?
Otherwise,
As you may see theoretically everything seems OK and it also seems no
issues should occur with this. I'm wondering:
* If such scenario will work?
* Has anyone done this before?
Did you say that you can ping the internal NIC by IP address or name from a
workstation?
If so, it would appear that you have TCP/IP running just fine, and you have
some other issue.
What you mean by Internally, using normal network protocols, I see nothing
of the server, AD, or anything. I'm
it would be less confusing if IIFP was called "MIIS light",
since it's the same code with specific restrictions for the management agents
(i.e. the systems you can use to connect it to).
there's currently no support for SQL 2005, but MS is
working on it and it should be supported soon.
Title: RE: [ActiveDir] Proving a User is logged on to the domain
typically you require a domain admin account from both
domains to create a trust between them.In Win2000 this is a must, in
Win2003 you can actually delegate the right to create incoming trusts for the
root domain (i.e. from
That's what I said beforetheoretically everything seems OK, but my first
feeling for this is: don't do it... but again it is a wild crazy idea...
The main issue here is: you need to test the core apps in the prod. env. with
w2k3 ad... as it is not possible to place a model of the core apps
http://blogs.technet.com/tmintner/archive/2005/11/22/414945.aspx
So you need to start keeping track of all of your audit policies for
Sarbanes-Oxley or HIPAA and you have already made an investment in MOM
then you shouldn't have to invest in another system just to give you
that data. Manakoa
39 matches
Mail list logo