Does anyone know of a place to get all the best practices for a windows
2000 multiple domain - Windows 2003 single domain (intra-forest).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Monday, December 12, 2005 5:19 PM
To:
We have a flat, multi-domain 2000 AD.
Does anyone see any issue if the root domain goes domain native but
stays mixed mode forest?
Thanks,jb
--
Jason Benway
[EMAIL PROTECTED]
GHSP
1250 S.Beechtree
Grand Haven, MI 49417
616-847-8474
Fax: 616-850-1208
Required space
Make sure you know your environment, particularly anything that uses AD
to AUTHENTICATE. For example, a while back there was a VERY popular NAS
device that broke when you went Native in AD: it had issues with
Kerberos authentication. (BTW: no, I'm not going to mention it by name
b/c I haven't
What I mean is following the best practices when building
your cluster servers that you will mount the LUNS from. We
had Microsoft here and we asked them how to manage volumes at the TB level, and
they told us to simply not create volumes that large because they will be
unmanageable. The
This is the last step in my Kix to .vbs conversion. Having
a little difficulty with OR statements in conversion. Here is
the original kix script:
' Check / Set registry settings for screen saver. Logoff
user if settings are updated
$IsLocked =
I probably wouldnt present a multi TB LUN myself. Think of the
restore time if you toasted that much data. 3 400GB (or 4 300GB or etc) mountpoints
is a better idea imho.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Dim isLocked
isLocked = RegRead(Stuff)
Dim ssTimeout
ssTimeout = RegRead(MoreStuff)
If (isLocked = 0) or (CInt(ssTimeout) 900) Then
Do Stuff
End If
This helps?
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From: [EMAIL PROTECTED]
I have a bit of a problem and Im
hoping some can help me. The forwarding tab is grayed out. It wont
allow me to add an IP for forwarding unresolved queries. It said that forwarding
is not available because this is a root server. What does this mean and
how can I change it?
Thanks
Title: csv to ldf converter
Would anybody have a handy csv to ldif macro for excel 2003? The one I have no longer functions. Even a .csv file to .ldf file conversion tool would help. TIA!
Regards,
Dave
Hi Antonio,
This could be a starting point for you
-- http://support.microsoft.com/default.aspx?scid=kb;en-us;229840
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Antonio
ArandaSent: Tuesday, December 13, 2005 12:28 PMTo:
Title: csv to ldf converter
You could just use csvde to do the import/export if thats what youre
trying to do.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of CHIANESE, DAVID
Sent: Tuesday,
Title: csv to ldf converter
Yeah, I would like that as well, please!
:-)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of CHIANESE,
DAVIDSent: Tuesday, December 13, 2005 11:05 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] csv to ldf
converter
Would anybody have a
Title: csv to ldf converter
In an windows 2003 AD environment-
In terms of time sync, whats the
effect on client when the server having PDC emulator role is down?
One of my third party clients (outside the
AD environment) is unable to sync the time with the AD ntp server when PDC
Title: csv to ldf converter
Unfortunately I need to do a modify and you cannot do that with
csvde. I was also looking into ADmodify.net, but cannot seem to get the
download for that either.
Thanks,
Dave
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent:
Title: csv to ldf converter
I just found that admodify.net cannot do what I want either.
Basically if you look at my display name in e-mail here, it is all caps..
so... In a csvde directory export of all users and using a well known
excel function (=proper(A1)) I am able to give proper case
Title: Home directories issue
%USERNAME% wont help, as it is
translated on the fly to the users name the moment you use
it, so it ends up joe.user anyway.
Are your users having the problem using
W2K or later, I assume? (if not, theres your answer) And you
ARE using a real share, not a DFS
How are your Display names formatted? Are they say: Firstname Lastname, or Lastname, Firstname? Are the first name and last name fields in the users populated and do they have the correct case?
If so then AD Modify should fix that as you can tell it to build the Display Name from the Firstname and
Title: csv to ldf converter
In an windows 2003 AD environment-
In terms of time sync, whats the
effect on client when the server having PDC emulator role is down?
One of my third party clients (outside the
AD environment) is unable to sync the time with the AD ntp server when PDC
They are all caps and I want them proper case. Or actually
management wants them that way. :)
We have this:
On 12/13/05, CHIANESE, DAVID
[EMAIL PROTECTED]
wrote:
We want this:
On 12/13/05, Chianese, David
[EMAIL PROTECTED]
wrote:
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Issues with Kerberos authentication??? Are you sure?
That is available in ALL modes/leves. It must have been something with new
features that are introduced when the level is increased... E.g. LVR with
Exchange 2000
Cheers,
Jorge
From: [EMAIL PROTECTED] on
Title: csv to ldf converter
Hi Manjeet
Domain members sync their time with a local DC. DCs
sync their time with the PDCE. The PDCEs for each domain sync with the
root domain PDCE.The recommendation is for the root PDCE to sync
with an internal hardware clock, but an exerternal time source
that is because the server is a root server. a DNS server is a root server when
it contains a root zone called .(dot)
If you want to use forwarders and/or root hint servers you should delete the
root zone
cheers,
jorge
From: [EMAIL PROTECTED] on behalf of
The PDC FSMO is also important for password changes. See:
http://blogs.dirteam.com/blogs/jorge/archive/2005/11/24/161.aspx
The PDC FSMO in the forest root domain sync time with an external time source
if configured so (also see:
Gotcha, too bad because doing this sort of thing with admodify is great.
What I've done in the past is use some excel formulas to build a dsmod command, then just put that in a batch file to update each user. Not pretty, but it works.
Phil
On 12/13/05, CHIANESE, DAVID [EMAIL PROTECTED] wrote:
Got it, I had to add the WshShell in front
of RegRead
Thanks, Brian
' Check / Set registry settings for screen
saver. Logoff user if settings are updated
Dim isLocked, ssTimeout, ssActive,
ScrnSave, WshShell
Const EWX_LOGOFF = 0
Set WshShell =
WScript.CreateObject(WScript.Shell)
hey David, if you care to send it off-list, I may have a few minutes
to see if one of the scripts I have could be converted and made useful
to you. I would suggest that you consider doing this via script vs.
converting to ldf then importing. ldf would work, but for repetitive
things and for
One small addition to this: DCsin a child domain can sync with any DC intheir domain or any DC in theparent domain; the PDCe of a child domain can sync with the PDCe of the root domain or any DC in the root domain.
Phil
On 12/13/05, Tony Murray [EMAIL PROTECTED] wrote:
Hi Manjeet
Domain
The only problem I have is that I cant
get it to auto logoff after 20 Seconds.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding,
Devon
Sent: Tuesday, December 13, 2005
2:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] If, and,
or in .vbs
so I guess that means you didn't like my TS approach...? :-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Dienstag, 13. Dezember 2005 01:38
To: ActiveDir@mail.activedir.org
Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED]
www.activedir.org :-)
sounds like you want to do a bit of domain collapsing within your forest
(which is a good thing, yet it can be more painful than migrating to a
new forest).
do you have a concrete question?
/Guido
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Title: Home directories issue
Its all AD on 2k3 with XP Pro
clients, connecting to a real share (both by IP and NetBIOS to ensure name
resolution isnt an issue. No DFS.
On behalf of Jerry
Dan
Nortel PEC Solutions
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
I would not even begin to worry at 80MB - it's worth
thinking about it again if it's grown to 10 times that size, which it won't do
without a reason (i.e. you're creating new objects in AD or adding more data to
existing objects). AD is quite good as re-using existing whitespace
in the
Title: csv to ldf converter
Clients sync the time with the DC they're authenticating
with (the one they build the secure channel with at boot time - usually the DC
in their site, if there is one and you've got your subnets correctly
configured). They do not depend on the PDC for syncing the
On the third party client (what OS is it),
try specifying more than one ntp source for synching.
Thank You,
Anthony Scott
Berbee
4690 E. Fulton Dr., Bldg. C
Ada, Michigan
49301
(616) 481-9722
(616) 464-6369
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
How about
http://www.microsoft.com/technet/itsolutions/ucs/ds/dmcnmg/default.mspx
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Tuesday, December 13, 2005 1:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
I would think the client
receives a list of referrals anduse the DC on top of the list and goes
down the list until it finds a DC that responds. A client simply does not know
why a certain DC does not respond. It can be anything... firewall, network, DC
down or whatever.
As there is no
Hi Guido
TS approach seems like a great idea. Short of putting all my ADMT servers
in Application mode and buying a whack of TS licenses and setting up TS
license servers
Actually, never thought of it but I am not sure the hassle to run 10 to 15
sessions would have been worth it. Is easier
Not really, the big issue is group membership stuff. Like domain admins
and such.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Tuesday, December 13, 2005 1:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] ADMT
hmm - I thought Jason was talking Windows 2000 and multi-domain = there
is no LVR in Win2000. Neither is there a forest-mode in Windows 2000.
And certainly switching the root domain to native mode should have no
impact on a NAS device in the child domain (assuming the resources are
not hosted in
I use similar approach,
Put samid and other user fields in columns, then generate other columns
as needed from existing column. like Displayname from FN and LN using
formula =CONCATENATE(B2, ,C2)
then at the end concatenate everything into single column using * as separator
formula :
Thanks Jorge and Deji for your responses.
It sounds like were all pretty much of the same opinion, i.e.
that there will be a sequence of attempts against a list of DCs in Forest B.
It would still be good to understand the how the DNS interactions work in
this situation. Ive searched
If you have already seen the attached mail, my apologies for duping.
It seems, lately, gmail is creating problem, and not sending some of my replies.I have to go to, list archive and verify that, mail is sent to others, as well.
--
Kamlesh
-- Forwarded message --From: Kamlesh
Im using the following script to logoff a workstation.
It works fine on XP workstations but does not seem to work on Windows 2000/2003
servers. Any Ideas?
Set objSystemSet =
configuring NOT to register domain wide DC locator records might work also.
jorge
From: [EMAIL PROTECTED] on behalf of Tony Murray
Sent: Tue 12/13/2005 11:00 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Cross forest trust and DNS
Thanks Jorge
The shutdown command works. Give that a
shot.
S
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon
Sent: Tuesday, December 13, 2005
2:34 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Win32Shutdown
Method Win2003
Im using the following
More information
The DNS interactions work as follows (note
that I have excluded most other transactions that occur):
Forest A client
queries DNS for ResourceServer.ForestB.com
Client
receives response for resource server.
Client
queries for
Thanks very much for the detailed information Bernard. Good
point about the site sync too.
Where did you find the information? Is it hidden in a safe
somewhere within HP, or is it publicly available? J My Google
mojo let me down on this one.
Tony
From: [EMAIL PROTECTED]
A network monitor and a test environment is
often better than any other source. J
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, December 13, 2005
5:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Cross
forest trust and
Only need? heck no. It's a start...but only a start.
Define your role and your boundaries. If your job is to just look at
the security of that server operating system and nothing else then yeah,
MBSA would be a good start.
If it's the security of your network, I would argue it's not
Devon
You could also utilise Winexit to logoff a server. It free
and can beconfigured using Group Policy by adding a template, see
attached. Some info info below from Microsoft...
http://support.microsoft.com/default.aspx?scid=kb;en-us;314999sd=tech
Template attached need to rename to
winexit.adm...forgot I added ad? to my mail security deletions
list...
James
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Blair,
JamesSent: Wednesday, 14 December 2005 11:57 AMTo:
ActiveDir@mail.activedir.orgSubject: RE:
I need to copy (not
move) a bunch of users from one active directory to to
another.
I believe the active
directory migration tool is what I need to do this.
Is there any web
recourse that walks you through how to do this?
Thanks
Lloyd
ADMT will do the trick, the wizard is fairly self explanatory. Just dont
disable the users in the source domain. I dont hve anything handy, but,
if you were to google for ADMT
Forest migration I bet
youd find something.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c -
312.731.3132
53 matches
Mail list logo
