Thanks very much Tomasz! I thought this was the case but being
hyper-cautious, if not slightly paranoid :) :) I thought I would check.
I should get some could performance increases as the entire AD database
should fit into memory as the ntdts.dit file is less than 100MB!!
-Original
Thanks for the input so far, and sorry I left the "read
receipt" on on the e-mail. I guess I will be getting those for years to come. (I
did that on an internal list two years ago and still get receipts from that
one...)
I don't want people on my Wireless who are not on the
domain. I
sigh just anFYI - this time
I read this article *the whole way through* (!) and it answered my
questions about which display specifier object(s) oneactually needs to
modify in order to add extra columns. Works fine. I was modifying
the default, which has no effect. Thanks for your time
Ulf:
My original post must not have been clear enough. I HAVE delegated this on
the adminSDHolder container and it does get applied to the protected
accounts. Unfortunately, even though the security setting on the account
then shows that the HELPDESK group has READ/WRITE ability on the
Per my
original repsonse and having just tested it, modifying the default does indeed
have the desired effect. I'm uncertain as to why it's not working for
you.
Which
displaySpecifier are you modifying?
--Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com
The issue is one of three
1. The account isn't locked
2. The delegation really isn't applied properly
3. ADUC bug
Grab unlock.exe from my website (www.joeware.net) and it can help work out
if you the account is really locked and whether or not you delegation is
correct. Use the -view switch to
"joeware
automatic update service"
Hmmm I will have to see if I can use that name somewhere...
V01.25.00 certainly demands something like that. ;o)
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Heck that should fit into RAM with a 32 bit machine.
x64 is cooler though. :)
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson
Sent: Thursday, April 20,
Oi.
You may want to post your creative work so everyone is in
on the joke, I am sure some folks would really appreciate it.
:)
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lee,
Oh I love those! The app dev folks (or vendor) tell you
that your AD is broken because it is so slow... Yep I have been there.
Indexing is fine, just index things you regularly query on,
no reason to suck up resources and perf for indexes that aren't used. For
instance, indexing all
Dave,
The certs can be used in fifferent ways. If you are using EAP-TLS which uses the Certs to authenticate the user and the server, you will need a CA to issue this. This would require a PKI solution to be in place. While not hard or impossible in 2003, just something you want to be cautious
As mentioned by others you need to define what is inactive. Some folks will
simply say if an account has a password expired more than x days is
inactive, for others that may not be optimal. Some folks say if the account
hasn't been logged into in more than X days is inactive. If you have
Exchange
Hello, Joe. Good to hear from you. Sorry I missed DEC this year.
1) !!RLBAdminTest 04/19/2006-12:22:27 LOCKED VIEW_ONLY
2) C:\Tempdsacls
CN=!!rlbadmintest,OU=AdministrativeAccounts,OU=Collins,DC=ccanet,DC=rockwell
I'm not certain either. Imodified
(added a value) to the extraColumns attribute ofthis
object:
"CN=default-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=rootdomain,DC=com"
After that, I closed/relaunched ADUC,
pickedthe "OU=Domain Controllers" (for example), rightclicked it,
My recent favorite was a rather "popular" software vendor told me I needed to increase my maxIdleConnectionTime for the Directory higher than 900s (15 mins)because their connection was timing out while processing the first page of 1000 users, and having the connection dropped before they went
Please
do Wook Id like to see what thats all about J
:m:dsm:cci:mvp|
marcusoh.blogspot.com
From: [EMAIL PROTECTED]
[mailto:[EMAIL
The delegation isn't right, check out ONLY the permissions applied TO the
actual object. No lockoutTime delegated. You have a couple of ACEs that are
inherited down to GROUP subobjects though that is for lockoutTime.
I would probably apply the lockoutTime ACE directly to the adminsdholder
object
Yeah I am always confused on whether I should write indexes
or indices. Indices (in dih sees) is what I want to write but have seen too many
MS docs that had it written as indexes. Ditto viruses and virii. English and
computer speak don't meld well...
There is some old quote that goes
Merriam-Webster online lists both forms of the plural as
valid: http://www.m-w.com/dictionary/indexes
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Thursday, April 20, 2006 7:41 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] stupid ldap
queries
Yeah
With respect to this
question:
"You still seem to
need to run the GPO Editor on a W2003 Server. Is there a way to run this on an
XP-SP2 Workstation? I have not found one. And since my original post I have been
looking at what is needed to update the Schema to the Windows2003 Level. This
The thought of a complete PKI has put us off this
--- Many people tend to be in the same boat. We are looking at integrating our Badge IDs and Smart Cards so I see a a full blown PKI initiative in the works.
This seems O.K.We generateda cert internally, andthis is how we intend to
On 4/20/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Ditto viruses and virii. ...
Being a bit of a pedant, I have to point out that virii is neither
good English, nor good Latin:
http://www.wsu.edu/~brians/errors/virii.html
--
AdamT
A: Because it breaks the logical sequence of discussion
The words color and colour are fortunately not too far off... worse yet
is the automatic machine translations of KB articles that take
technical information and mangle it into incomprehensible information.
[EMAIL PROTECTED] wrote:
hmm, bit of a circular argument
there really :)
Yep...understood.
My mistake was making the change on
default-Display, but thennot testing the view from a saved query, a
container type with no defined custom columns. Rather, I tested it on an
OU (organizationalUnit-Display). I thought that would be a goodtest
because it didn't have an
Mouse/mice
valid w/ cheese. Is it valid with a computer?
:m:dsm:cci:mvp|
marcusoh.blogspot.com
From: [EMAIL PROTECTED]
Ok, ok. I just started a blog in MSN
Spaces. Ive posted the aforementioned creative work so that the rest of
the list denizens can be in on the inside joke from DEC 2006.
http://spaces.msn.com/wooksworld
Its the April 20, 2006 posting about
the 2006 NetPro Directory Experts
You are not authorized to view this page
That's it??? EVEN *I* can do THAT :o)
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/
So would the correct Latin be viri? We used to sometimes refer to more
than one VAX as VAXen using the ox/oxen model. Multiple facsimiles would
then be faxen.
Wook
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Thursday, April 20, 2006 9:22
I think I know the problem. the ldap service needs to
log into AD so it can search the basedir. I do not allow Anonymous
searches. For some reason, it's logging in on that remote server and not a
local server. How can I fix that via dns?
Kind Regards,Jennifer FountainSecurity System
29 matches
Mail list logo