Message:
Some of the objects names cannot be shown in their user-friendly form. This can happen if the object is from an external domain and that domain is not available to translate the object's name
Example: CN= S-1-5-21--21253782); it is thedomain\user.
Scenario:
WIN2000 Domain (IT has
I would like to find a way to extract all the users who have 'Smart card is required for interactive logon' ticked within their account.I have looked at LDIFDE and CSVDE but I can't see how I can get retrieve this listthanksJames
Love cheap thrills? Enjoy PC-to-Phone calls to 30+
Normaly I just lurk but I just have to mention Monad.
You can brows adam with it too. and add and delete all at the cmd (msh) prompt.
AMr scriptosparadise :)
It is still in bete but you can download it from M$.
Hope this is usfull.
SEM
On 5/3/06, Joe Kaplan [EMAIL PROTECTED] wrote:
That is the
(((objectCategory=user)(userAccountControl:1.2.840.113556.1.4.803:=262144))) will do the trick
//SIGNED//Michael
Kurzdorfer, TSgt, NYANGNetwork Administrator107CF/SCBN Niagara Falls
ANGBComm 716.236.3064 DSN 238.3064
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James
Thanks for responding Michael.What would be the fullcommand if you don't mind me asking?JCKurzdorfer Michael TSgt 107CF/SCBN [EMAIL PROTECTED] wrote: (((objectCategory=user)(userAccountControl:1.2.840.113556.1.4.803:=262144))) will do the trick//SIGNED//Michael Kurzdorfer,
I am using thisthru ADUC.
Using LDIFDE you could use: (Change out the -s
and -d to your site)
ldifde -f SCLEnabled.ldf -s 107ARW-DC-01 -d "OU=107
ARW,OU=NYNIAG,OU=ANG,DC=ang,DC=ds,DC=af,DC=mil" -l
"userAccountControl:1.2.840.113556.1.4.803:=262144" -r
Two quick items.
First the query can be simplified a little, there is an
unneededlevel with the operand in there. You onlyneed
something of the format ((something)(something)). It isn't a big deal, the
engine will strip it out when it optimizes the query but it does make it look
more
I followed the MS recommendation to delete
and recreate the IMAP account; it didn't work in the first time but worked the
second one.
It's the only resolution that I found.
My 0.02$
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Milton Sancho
Sent:
I'm getting messages like the following in the event log at 24 hour
intervals. Is this really just an information message - ie a check was
carried out and there were no errors or is it trying to tell me
something but being very secretive about it??
Steve
Event Type: Warning
Event Source: NtFrs
how about:
http://www.eventid.net/display.asp?eventid=13562eventno=662source=NtFrsphase=1
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel :
Wow, thanks joe, I really appreciate the effort you've made to respond.joe [EMAIL PROTECTED] wrote: Two quick items. First the query can be simplified a little, there is an unneededlevel with the operand in there. You onlyneed something of the format ((something)(something)). It
Thanks - this worked a treat!Kurzdorfer Michael TSgt 107CF/SCBN [EMAIL PROTECTED] wrote: I am using thisthru ADUC. Using LDIFDE you could use: (Change out the -s and -d to your site) ldifde -f SCLEnabled.ldf -s 107ARW-DC-01 -d "OU=107 ARW,OU=NYNIAG,OU=ANG,DC=ang,DC=ds,DC=af,DC=mil" -l
No problem James, I am happy to help.
None of this below is rocket science, anyone can start
working out query efficiencies by testing various queries against Active
Directory (or ADAM) and telling AD to return STATS info. There are two main
tools available that I am aware ofto allow you to
I was wondering if anyone can point me to any MS document
that discusses optimizing the page file on an Exchange box. I found http://support.microsoft.com/kb/815372,
but this article does not discuss the page file. I am running SBS 2003 on a 3
GHZ Xeon with 4GB physical memory and a 3-disk
I have an issue where a user sends an email to about 1800 recipients using Outlook DL's.
The email always gets stuck in the messages awaiting directory lookup queue for hours(sometimes days).
The only thing logged in the app log is-
Event Type:WarningEvent Source:MSExchangeTransportEvent
Hi Tom,
I'm sure that you've spent more than the 5 seconds that I did trying to
find a solution, but I came across this article: http://support.microsoft.com/default.aspx?kbid=884996
HTH,
Katherine
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: 04 May 2006
Had that once with a 1000 user dist. list on our exchange
server. It was a bunch of nest groups, along with global groups tossed in. The
groups, specifically the global groups seemed to be the cause. Took for ever to
enumerate the addresses.
From: [EMAIL PROTECTED]
There is no point in messing about with memory config if you only have a three
drive RAID 5 array. Disk config is critical. How many users do you want to put
on this box. less than 100?
-Original Message-
From: [EMAIL PROTECTED] on behalf of Dan DeStefano
Sent: Thu 04/05/2006 20:16
No, I spent about 2 secs before finding that.
Alas, it doesn't apply to my enviorment.
I sometims have an itchy send finger but, I try not to waste your guys time fi I can help it.
Thanks
On 5/4/06, Katherine Coombs [EMAIL PROTECTED] wrote:
Hi Tom,
I'm sure that you've spent more than the 5
Yes, far less than 100, on this box it is
under 20.
You do not think it is necessary to mess
with the page file, even if only to make it static?
Dan
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Wade
Sent: Thursday, May 04, 2006 4:06
PM
To:
So this one is puzzling me.
Brand new 2003 R2 AD, all XPSP2 workstations. A few user accounts are
getting continually locked out with Event 680, error code 0x006a
(invalid password.)
The usual culprits don't seem to be at fault since there are no
services or scheduled tasks running under
Quick question that I can't find a simple, definitive answer to with a
Google search...
I've got a AD 2000 Forest (2000 FFL). We're preparing to upgrade our
first DC to Server 2003 (planning to use the ADPrep off the R2 CD).
I've already verified the AD, FRS, and other items are running well so
I've already got Exchange 2003 running on the forest/domain. Do I need
to run the InetOrgPersonFix.ldf in this environment or were the fixes
incorporated into the Exchange 2003 forestprep/domainprep?
No need to run InetOrgPersonFix.ldf
Yes already incorporated into E2k3
Met vriendelijke
When you installed Exchange 2003 you extended the schema and fixed the
problem then. So no, you don't need the InetOrgPerson fix now. Running the
Exchange 2003 schema extension (and allowing it to fully replicate out)
before the 2003 AD schema extension is a common recommendation to avoid
having
If you have 4gig of RAM then you should get minimal paging. (I know this is a
great generalization)
1) Log file access is sequential, database is random
2) Keeping Log files write queue down is key to performance
3) log files are write only
4) raid-5 tends to have poor write performance (again
We have a citrix server that where we're trying to add user accounts to from a trusted Windows 2000 domain. When we add the user account, only the SID shows up. In addition, we get an error when trying to save the permissions change. A trace of the communication between the citrix server and the
Stretching my memory banks... seems to me one of the steps of upgrading
Exchange 2000--2003 was to verify the changes made by the LDF import.
Why not just look at the schema and see if the changes have already been
made.
I interpret your email as you never had Exchange 2000, you started with
Ive got a good sized chunk of PCs which are joined to
domains which no longer exist. Id like to migrate those machines into a
domain that does exist. I have local admin access to the boxes. Id also like
to do this remotely (either running the commands remotely or psexecing
something out to
That would have been my logical response too; googling your
erroragainst the support site pulls that exact KB and you didn't mention
it in your initial post...So what else have
you done and discounted before a bunch of other responses come through?
Some additional questions to make the
You may be on your own there Brian...
If you really start looking at writing something check out
the API call NetJoinDomain.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
I am not a citrix (or even TS for that matter) person so
you will have to bear with me. What do you mean you are trying to add user
accounts? Is this a citrix thing? Add to what?
Is the citrix server a DC or is it a member in a domain? If
you try to add user accounts to local groups on the
If the machines are consistently sending auths then sit down with them and
watch them and start killing off processes. It is very likely software
specific to them or some process they are following.
Have fun!
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
That was in the original specs I saw for MONAD. They backed off of it, I think
some part of it might have been too tough for MSFT in the few years they had
available...
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
-Original Message-
From:
I was thinking of something a little more robust than ADUC with extensions.
More of a combination of ADUC, DSSITES, ADSIEDIT, Schema Managemer, and some
yet to be publicly seen ADAM specific management stuff. Maybe some form of tie
in to MIIS/IIFP/ADAMSynch for easily configuring those products
(3) Broken secure channel
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Thursday, May 04, 2006 2:13 AM
To: ActiveDir@mail.activedir.org
Subject: RE:
How about some good COM Addins so you can be consistent like MS? Then I can
implement IJoePlugin17 to add a tab to your thing.
Addins with .net are rather easy to architect though - would be my preference.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original
Wow, you are lucky you learned that lesson so painlessly. That is like
writing on some passed out person's face with crayon instead of permanent
marker.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
And understanding completely that those aren't actually
attributes, they are properties that are being exposed through a special
Terminal Server COM interface that is in a special DLL. Why is that important or
different? Try to pull those attribs with a search instead of an enumeration?
Yes some Novell stuff can
be found in there as well as some other things I have heard of through the
years. Just clearing that attribute is a great idea... especially if you use
Novell stuff as well as TS stuff. :)
--
O'Reilly Active Directory Third Edition -
Title: RE: Re: [ActiveDir] ADAM Management Tool REQs and Desires.. WAS: Internet Authentication Concepts: Pointers?
Brian what did you do on that message, that came
through blank for me unless I looked at it in OWA or forwarded it from OWA to
myself again stripping something from it.
If these are XP clients - check out WMI and
JoinDomainOrWorkgroup method - I *think* this will work for you (
specifically in the case where the domain it is currently joined to is no longer
available) but I havent tested this...
steve
- Original Message -
From:
joe
Originating DC is also the owner of the
object, right?
Originating DC is simply the DC that the originating write
occurred on, contrast with a replicate write. What DSA was the attribute for the
object modified on.
But, if the owner is no longer around, the object is
garbage
I would certainly check into it, it is implying the
machines aren't syncing their time which could be bad for you.
Normally I just set this with
net time /setsntp:server
However it would appear they just do the same
thing.
It used to be w32tm had a cool switch for testing the time
That is odd. Here is what one of my DCs shows
BUILTIN\Administrators
Everyone
BUILTIN\Users
Windows Authorization Access Group
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
ServerName$
Domain Controllers
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
The first thing I
What is the attribute definition?
2K/K3/ADAM?
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Sunday, April 30, 2006 11:15 PM
To:
Probably, but I expect that would be a mighty small command
prompt. :)
I expect the stuff is there to make a normal transparent
window as well, it just doesn't appear that MSFT went that direction for their
apps for some reason.
--
O'Reilly Active Directory Third Edition -
Wonder if you have a dorked up ACL, what happens if you try
to take ownership of it?
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Sunday, April 30, 2006 8:58 AMTo:
Not sure how well that would scale, say you have 50 GCs in a site and only
one DC of a certain domain, all GCs would want to replicate with that one DC
which I wouldn't expect.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From:
Have you any idea what the this organization thing is? I noticed that
when I went and did gpresult on one of mine in reference to this thread.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL
adfind -gc -b -f somefilter
;o)
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Friday, February 24, 2006 1:10 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] GC
I meant that was the advice we were given from PSS on how to solve the problem. :)
Though...we did end up clearing it after finding out they were not TS users.
From: [EMAIL PROTECTED]To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] TScmd helpDate: Thu, 4 May 2006 21:17:34 -0400
The This Organization security principal is used for selective
authentication. More details on this can be found here:
http://technet2.microsoft.com/WindowsServer/en/Library/1f33e9a1-c3c5-431
c-a5cc-c3c2bd579ff11033.mspx
Thanks,
-Steve
-Original Message-
From: [EMAIL PROTECTED]
I have a problema running that:
this is one of the objects I want to
delete, foudn with ldp
Dn: CN=adriao,CN=Users,DC=esgoto,DC=sabesp,DC=com,DC=br
1 canonicalName: esgoto.sabesp.com.br/Users/adriao;
1 cn: adriao;
1 distinguishedName:
Thanks for the correction Joe. Userparameters would be the attribute and the properties can be pulled using the sample code. Of course, this works better if you have a small list or subset of target user IDs (which is how I used the sample code listed in the earlier post). Inspecting the values
54 matches
Mail list logo
