sorry, when I use the csvde command with it's parameters, it exports the data to CSV.When I open the CSV file, I get the member information listed as:CN=Frank Abagnale,OU=UserAccounts,DC=,DC=intara,DC=com;CN=Mike Richards,OU=UserAccounts,DC=intara,DC=com in one cell.How can I list
I apologize for leaving out crucial information.
I am trying to enchance (less-than-optimal) .NET code, so this involves the
use of DirectorySearcher and SearchResult classes in the
System.DirectoryServices namespace. The current implementation takes the
top-level group name and searches for it,
My response is assuming that you are using the old DirectoryServices stuff
and not the newer 2.0 DS.Protocols stuff.
With that caveat, most DS .NET code is less than optimal as it relies on
ADSI which is in itself less than optimal. Group enumeration is great
because it uses multiple queries to
The group membership comes back as DNs. A single subtree
scope LDAP command isn't going to resolve that to display names or
samaccountnames, etc. There is something special you can do if writing LDAP API
code (or S.DS.Protocols). See response I gave just prior to this
one.
The output
That sounds goofy that you needed a new MAC address. However if that is what
they said, no use arguing with the rain. You just get wet. You don't need to
swap the physical hardware around, most desktop/server NICs allow you to
specify what MAC address they are. Just change that.
-Original
Title: Message
This is typically done in very
security sensitive environments, however, is a pain if you
need to grant access to a lot
of users from the trusted forest.
That is what scripts and command line tools are for.
:o)
I am 100% behind not nesting groups from other domains
into
Unfortunately it won't expand groups, it goes the other way, finds all (or
most all) memberships a user has. I have a couple of scripts that do this
but nothing I can share publicly as they were written for customers. I keep
meaning to write a tool to do it. I really want to write it though to do
Overall I wasn't thrilled about everything being named
Active Directory this or that. There was and is still is more than enough
confusion with ADSI and whether or not you can use it for non-AD environments.
It is entirely marketing driven.
From: [EMAIL PROTECTED]
[mailto:[EMAIL
If the applications are important enough to be tested, get them into your
test environment. There are times other than domain upgrades, etc that they
will need to be tested as well.
Running test against production data is insane and asking for problems.
If I were a manager of someone who did
To expand a little...
An FSP is ONLY needed if you are referencing an object from
a foreign domain in an attribute that takes DNs like themember attribute.
You have to use a valid DN. The creation of an FSP gives a valid DN to be
used.
Completely agree with the SID cleanup Guido mentions.
Your manager is a soft fleshy milk-secreting glandular
organ.
Every new piece of software added to any machine is new
possible threat vector. DCs are the bastion of your Windows network security.
You run the absolute minimum on a DC that you can run (yes SBS makes me
squeamish but that
If there were an easy way to guarantee it I would have just pointed at that.
Since there isn't, I wanted to know how accurate the info needs to be so you
can determine how much work you are willing to do.
I wouldn't guarantee that info as accurate no. The user's PC could somehow
be unavailable
So, other than the bug reports and requests I have received
previously prior to this email, it is perfect?
Cool.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Friday, November 18, 2005 5:38 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir]
OldCmp
Ok, so
Very cool, thanks for sharing.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Monday, November 21, 2005 12:39
PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir]
userCertificate Property in Active Directory
Thanks, I think Ifigured it out. For
Most all of the scripts have been modified. Several of the
larger main scripts were modified considerably or completely rewritten.
The chapters I recall the biggest changes to were the
Security, Schema, and Replication chapters. At least those are the ones that I
got stuck on for some
Title: Question about inheritance at the Domain Root level.
You will need to either browse to the level and recheck the
inheritence box or use dsacls with /P:N on each OU that has inheritence
disabled.
Alternatively you could write a script that modifies the
ACLs directly. Probably the
Yes. Unfortunately not with adfind and admod doesn't handle CSV input yet.
It will, just not yet.
Keep in mind that msExchTurfListNames is a multivalue attribute that has a
fixed limit... 2K it will be ~850 values and with K3 it is somewhere around
~1300 values when you will hit administrative
No, user group memberships is handled, well on the user object. You would
need to write an app or script that looked up the client, found the user,
then modified the users membership. However that wouldn't take affect again
until the user logged off and logged on.
-Original Message-
I scanned through the list of current switches and you
appear to already have everything I was going to ask for.
:)
The only item I wasn't 100% certain on was if it can query
lastLogon. I saw references to pwdLastSet and lastLogonTimeStamp.
The ability to query lastLogon would be nice for
Hi Joe and Al,
Thank you both for the reactions. I know how I think about it and what I told
the client that proposed this. I think your reactions say enough about the wild
idea. The client that proposed this was told by me and a collegue that although
it seems OK, the risks are too high and
Hi
I am using Microsoft Sonar tool to keep an eye on my 6 DCs in 2 domains -
FRS / SYSVOL.
Last week Sonar flagged few errors - FRSInlog, FRSSets - I am not impressed
by the help file you don't get with Sonar - so what do these errors mean?
FRSInlog?? or FRSSets??
Thanks for help
James
Thanks for your answer joe :)
Yann.
De: [EMAIL PROTECTED] de la part de joe
Date: sam. 26/11/2005 17:23
À: ActiveDir@mail.activedir.org
Objet : RE: [ActiveDir] How to Force application of inheritance for OUs that
have inheritance blocked - Correction.
You
I'm convinced that Joe wouldn't even want a c:\ on the screen. Maybe a
c or a colon or a slash...but all three? Too much bloat.
;-)
joe wrote:
Your manager is a soft fleshy
milk-secreting glandular organ.
Every new piece of software
added to any machine is new possible threat
lol. :)
Susan, what if you had a server that you couldn't do any
GUI from butinstead you loaded up the GUI to control the server ona
workstation? Would that be good enough for you or do you absolutely HAVE to run
the GUI on the server?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Yeah I have been thinking about that one for a while, I
don't just want to do it, I would want to do it efficiently and with some
measure of a guarantee which is tough, especially in large environments or
environments with WAN sites (for instance, if there is one or moreDCs that
you can't
Been there. Someone has a hairbrained idea and wants you to sign up to back
it... There have been times I have signed up but anytime I have any unease
about it I won't even think about signing up especially if I was consulted
as an expert. If the person asks you and then fights you on the answer,
You do realize we even have folks that turn themes on their SBS boxes
because they want it to look 'pretty'. :-)
There are still times you have to be 'on' a box ...especially down here.
joe wrote:
lol. :)
Susan, what if you had a server
that you couldn't do any GUI from
t'cha
Disabling OpenGL screen savers used to be a constant battle
for me with my SBS'er clients.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]Sent: Saturday, November 26, 2005 6:41
PMTo: ActiveDir@mail.activedir.orgSubject:
When specifically? If you don't point them out, there is
less chance it will get corrected. :o)
I would love to get to a point of not having to
interactively logon to servers except at initial configuration. Much less chance
of doing stupid accidental things. One of the great strengths and
Well when RDP breaks or you have a stupid laptop that somehow thinks
it's on a domain because it used to be on a domain and it's no longer on
a domain and yet the firewall settings are still 'enabled' [okay that's
not exactly the greatest example but it's the only one I could come up
with at
Both of the errors deal with journal wrap in the FRS logs A number of
issues as to WHY this happens.
However, I'd upgrade to UltraSound - the successor to Sonar. It has much
better JIT information associated with the errors - and how to fix them.
Rick
--
Posting is provided AS IS, and
The inlog is the inbound change orders. It would help to know what the
actual error was..
steve
- Original Message -
From: Rick Kingslan [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Saturday, November 26, 2005 6:51 PM
Subject: RE: [ActiveDir] FRSInlog
Both of the
yawn
Sometimes, I realize that I commented on something, go back
and read the thread and come upon a novella.
Occasionally, all I want is a paragraph. Hopefully,
all of this information wasn't meant for me, because all I do day in, day out
these days is drink from a fire hose - hence why
Hello,
I have a computer which
has a w2k on it. It is on a network and does not have a CD drive. now I want to
have a XP on it with out removing w2k. Is there any way that I can install XP
through network without damaging my w2k?
Thanks in advance.
Roseta
You can notify via e-mail without any client at all on the
system. Justmake upa message in an RFC 822 format and then
drop it in the Exchange server's SMTP virtual serverpickup
directory. You can literally make a notification message from a DOS batch
file.
Ed Crowley MCSE+Internet
35 matches
Mail list logo