why don't you ask on the Exchange2000 or Exchange2003 Yahoo group..
-Original Message-
From: [EMAIL PROTECTED] on behalf of Dan DeStefano
Sent: Thu 04/05/2006 20:16
To: ActiveDir@mail.activedir.org
Cc:
Subject: [ActiveDir] Optimize
it is:
repadmin /showobjmeta GC: CN=User-ROOT-01,OU=Users,OU=ORG,DC=ADCORP,DC=LAN
the output will something like:
repadmin running command /showobjmeta against server
ed0c6501-28c1-47e9-b3db-5dcf281e9e31._msdcs.ADCORP.LAN
26 entries.
Loc.USN Originating DC
thanks joe, that seems like a straightforward command to run.a lot more simpler than the following kb (I'm looking at the external time source)http://support.microsoft.com/kb/816042/Does anyone know why this would be different?joe [EMAIL PROTECTED] wrote: I would certainly check
Oh sorry, yes, I
completely understand that advice came from PSS from your previous post, I
should have put the "Thanks PSS" on there too. :)
Did PSS actually say to
check of they were TS Users? I wouldn't be surprised if they hadn't. A lot of
the help and direction doesn't come with much
As Steve mentioned it is for the Trust Selective Authentication stuff. You
may have noticed this and Other Organization security principals in your
Forest after you did your Windows Server 2003 ForestPrep. If not, go peek at
your defined WellKnown Security Principals container in the config...
Joe,
I don't remember if they told us to check if they are TS users or not to be honest as this was almost 2 years ago. I do remember that he symptoms were quite odd in that the error message dialog box would throw out an obscure error that could not be found in any online resource. They said
How can I take ownership of it?
It doesn't have a security tab and xcacls doesn't see the folder..
Thanks
On 5/4/06, joe [EMAIL PROTECTED] wrote:
Wonder if you have a dorked up ACL, what happens if you try to take ownership of it?
--
O'Reilly Active Directory Third Edition -
Joe,
Thanks for replying.The critrix server is a member of domain A and the user accounts were having problems resolving are members of domain B.
It's hard to explain what we're seeing. Our Citrix admin is trying grant user account access to a 'published application' since the SID doesn't
You could try
1. subinacl
2. script
3. search the web for various ACL mod tools plus I seem to
recall one tool specifically for taking ownership out on the web somewhere, I
believe it was called setowner.
If none of those work I see your options
as
A. If the file is external disksuch as
Yep, the first thing I would do is use nltest to verify the
secure channel back to the Domain A DC from the member, then from the Domain A
DC to Domain B. Don't just look at the results of nltest query, actually reset
the channel as I have seen times where it says it is fine but can't reset.
CHKDSK?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Tom Kern
Sent: Friday, May 05, 2006 6:14 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir]
Robocopy(OT)
How can I take ownership of it?
It doesn't have a security tab and xcacls doesn't
ADAM rocks! It's exactly what I look for in a directory of that type
- stable, scalable, easy to deploy. What's missing are the tools to
easily administer it for the average Joe (note the capitalization and
the reference to the average :) which would help it compete against
more expensive tools
I am upgrading an NT4.0 domain to Windows 2003R2 and on the PDC I have added to
the HKLM...Netlogon\parameters the key NT4Emulator with a value of 1 and then
done the inplace upgrade. I now try to promote in another AD DC and it does not
work I get DNS timeout errors (0x05B4 ERROR_TIMEOUT)
Joe,
On some domain controllers we're getting the following:
I:\nltest /server:domain naming master dc/sc_query:domainbI_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
So I think we are closer
Teo
On 5/5/06, joe [EMAIL PROTECTED] wrote:
Yep, the first thing I would do is
So did yours Al... I read it over on OWA...
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al
MulnickSent: Friday, May 05, 2006 10:21 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: Re:
That is name resolution failure, DomainB DC issues,or
network issues...
You can try this
nltest /sc_reset:domainb\dcname
If it works, it means that you probably have name res
issues.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL
Cacls
Xcacls
Subinacl
Format q c:
rm rf /
a consultant
google set ownership tools perhaps too
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Friday, May 05, 2006 9:14 AM
To:
Other ways...
Dos bootdisk with Fdisk - www.bootdisk.com
And theres also this.
http://www.semshred.com/contentmgr/showdetails.php/id/680/tp/VE1HUj0xLHRpZD02NzIs
Clyde Burns
Louisville Ky.
The one guy in the office who didn't go the track on Oaks
day.
From: [EMAIL
Thanks Joe...I think we figured it outthe domain controller having issues has lost it's route to domain bI think we can get this fixed if we can get the citrix server to log on to another DC.
Thanks!
Teo
On 5/5/06, joe [EMAIL PROTECTED] wrote:
That is name resolution failure, DomainB
Subinacl,Xacls(which I stated I used already, Brian),and Setowner all give the same error-
The system cannot find the file specified.
Chkdsk with a reboot didn't help at all.
Thanks
On 5/5/06, Brian Desmond [EMAIL PROTECTED] wrote:
Cacls
Xcacls
Subinacl
Format –q c:
rm –rf /
a consultant
Jorge, thanks a lot, but I don´t know
either I am doing something wrong or there´s a problem here.
This is the case:
I have a user (jjunior
- Jose Marcondes Junior) that is a lingering
object for sure.
I used ldp and found it as I can see here
***Searching...
ldap_search_s(ld,
You can try to do that by forcing the secure channel to go
to another DC. You would use the SC_RESET command and specify the DC you want
like I mentioned below. That may not work at all or it may not work long term
though so try and see if it gets you running but really try to get your
As the key says, the NT4Emulator key makes a AD DC behave like an NT4
DC. When trying to promote additional DCs or using w2k/wxp/w2k3 clients
to manage AD you are not able to connect.
The main reason the NT4Emulator key is to prevent ALL w2k/wxp/w2k3
clients and servers swamping down the PDC FSMO
I've seen this in NT4, but not recently. In our case,
the fix was to share out a parent folder, and delete the offending sub-folder
from another machine via the share.
Tyson.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Friday, May 05, 2006 9:24 AMTo:
Tough to do if it's at the
root. I would try this, have the originating user log on to the
originating machine that originally mapped the two drives and disconnect the
target's mapped drive, if not already done, then reboot it. Have him
log back on, map the target againusing the same drive
Is there a trailing space at the end of the folder
name?I got bit by this one and didn't really understand why at first
because the trailing space was almost unnoticeable. To date I have not been able
to remove the folder.I found a number of tools that address deleting
files with trailing
Thanks Jorge.
I have not done an inplace before, only migrations.
Mark
-Original Message-
From: Almeida Pinto, Jorge de [EMAIL PROTECTED]
Date: Fri, 5 May 2006 17:52:35
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] NT4Emulator Reg Key
As the key says, the NT4Emulator key
If you get another drive a RAID 01 (or is it 10) would be a better choice in
my eyes
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Wade
Sent: Thursday, May 04, 2006 5:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Optimize Exchange Pagefile
You're welcome!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Friday, May 05, 2006 18:58
To: ActiveDir.org
Subject: Re: [ActiveDir] NT4Emulator Reg Key
Thanks Jorge.
I have not done an inplace before, only migrations.
Mark
I wasn't claiming that it would pick the DC for regular replication. We
were talking GC promotion and I did throw in the weasel words about PAS
replication since my confidence level wasn't sky high. It's been so long
since we've done anything but IFM that I forget these little details. I
know that
First off let me do a small introduction. I come from a Netware background. My university's students have been using eDirectory for several years without any problems. However, we have decided (mostly because of the business model of Novell) to move all of our student logins, storage, and lab
Hi all,
I have
a new problem:
When
I try to enbale this option :Trust
Computer for delegationfor a computer
account in DSA.msc I recive this error
Your security
setting do not allow you to Specify whether or not This account is to be
trusted for delagation
I have
already
Title: Visio Stencil for AD Forest
Anyone know where I can find a good stencil for this? I just want a cool triangle 3D and all and not a server or a domain, or an OU.
-fitz
J. Fitzgerald (Fitz) Stewart
Systems Architect
IRM/OPS/ENM
Worldwide Information Network Systems
USAID/DoS
Havent tried it, but check out this
TID:
http://www.novell.com/support/search.do?cmd=displayKCdocType=kcexternalId=10023078sliceId=dialogID=2929119stateId=0%200%202927987
Note that the registry entry in Workaround
#2 has left out one level of the registry structure. It should be:
yeah, there would be some general disagreement from me. Why? Only
because this is SBS box vs. an enterprise Exchange server hosting 5K
users.
My laptop (crud that it is) could host 20 heavy exchange users with
usable/good performance with that amount of memory. I don't think the
focus of a
Welcome.
I am not sure if you can set a domain by default for the
initial logon. If you could, I would expect it to be to some of the reg entries
maintained in the HKLM\software\microsoft\windows nt\currentversion\winlogon
portion of the registry.
You could step around that by telling
Back in the days of DOS, you could
deletea file that had invalid characters or spaces in the file name
byfirst renaming the file substituting a "?" for the invalid characters or
spaces to a valid file name, you could then delete the file.
HTH
- Original Message -
From:
Ah sorry, you mean the initial population, I dropped that piece... That
would make sense if it did that because you wouldn't have to worry about
promoing a new GC and getting lingering objects passed onto it... I am still
not sure it does it that way though as I swear I have talked to folks with
Randy,
Not quite sure that will work since I won't have a Novell hive after this semesterPaul
On 5/5/06, Walton, Randy [EMAIL PROTECTED] wrote:
Haven't tried it, but check out this TID:
Yeah I might as well pop in a similar feeling that the disk is not optimal
for Exchange. Certainly I wouldn't worry about which logical drive the page
file was on, it is all the same physicals underneath so it doesn't much
matter from a perf standpoint.
With Exchange you want as many spindles as
The lingering object problems we've seen have always involved partitions
that didn't have a writeable copy in site. In general, we've had more
problems with ghosts than with zombies.
Wook
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday,
Word of advice -- put SBS in the subject line and you'll get SBSlady
from the get go :-)
By design SBS is maxed at 75 users/devices.
As you have already stateddo not do a /3GB (let me repeat that
again) DO NOT do a /3GB on a SBS box. It's not necessary and doesn't
impact a thing.
To my knowledge a GC searches for a replication partner it can use to source
the partitions from and it does not care if it uses the writable versions or
read-only version. Both have the data needed. On the other side, if it did use
only writable NCs, that would mean replication could place
On 5/5/06, joe [EMAIL PROTECTED] wrote:
Welcome.
I am not sure if you can set a domain by default for the initial logon. If you could, I would expect it to be to some of the reg entries maintained in the HKLM\software\microsoft\windows nt\currentversion\winlogon portion of the registry.
That
Of course, it makes supporting non-windows clients a different challenge :)
Paul, what method are you using to join the workstation to the domain?
It sounds like the domains are being enumerated at initial logon as
if it has no list when it joins. Could be something in the process or
something
Thanks for the reply. I've tried exactly this approach.
Works great for files. Not so well for folders. Executing
move source-folder destination-folder
yields "The system cannot find the file
specified".
Thomas
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ross
Al,
We are accomplishing this by Ghost. We push out a configuration that tells it the domain and OU to join. The rights are associated with the Ghost Console user that gets installed. After the workstations join and reboot it's getting all the AD domains on campus via the DNS server (I'm
Does anyone have any suggestions for cheap KVM switches? We are
currently using Belkin 16 port switches. They are cheap enough, but we
seem to experience issues with them.
I don't need anything fancy. No KVM over IP, no KVM over cat 5, etc.
List info : http://www.activedir.org/List.aspx
List
Title: RE: [ActiveDir] GC Promotion
Hi, Jorge,
Were talking in the context of an
AD replication site. If it were picking writeable anywhere, then yeah, that
would not be good for network utilization unless youre a provider and
charge by the bit. The point is that in a site, the
Anyone else receiving blank emails? The reply from Al (below Susans email) and
a couple of others I have got over the past couple of days have had empty
bodies.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks
i'm seeing lots of blanks over the past week
- Original Message -
From: Douglas M. Long [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Friday, May 05, 2006 4:05 PM
Subject: [ActiveDir] OT: Blank messages to lists???
Anyone else receiving blank emails? The reply from Al
Okay dumb questions to folks..
E-Bitz - SBS MVP the Official Blog of the SBS Diva : OWA fix on
Microsoft Update:
http://msmvps.com/blogs/bradley/archive/2006/04/28/92884.aspx
Are the folks that are sending blank emails .. have you deployed 911829?
Kevin Gent wrote:
i'm seeing lots of
Nope, don't have that one installed.
The blanks I have been seeing are limited to this list of all of the lists I am
on.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
I had issues with Belkin KVMs too, and I found an even cheaper KVM that
works great. I have 4, 8, 16-port StarTech KVMs: the 4-port ones use
proprietary cables, but the 8 16-port models use standard cables -
probably the same as your Belkin (Omniview?). http://startech.com
Derek
Not
BlackBoxrock-solid reliable.
http://www.blackbox.com/Catalog/Category.aspx?cid=537
-Original Message-
From: Ken Cornetet [mailto:[EMAIL PROTECTED]
Sent: Friday, May 05, 2006 12:49 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: KVM switches
Does anyone have any
It sounds like you are configuring this setting on many directory objects: For
what purpose?
What functional level is the domain having these problems and is different from
the other domains?
Aric
Sent from my Windows Mobile 5 device.
-Original Message-
From: [EMAIL PROTECTED]
I'm using GMail. Fixes would all be client side and since I see the
content in the mail I send, I doubt it's client side. Else it's highly
consistent client-side issues. Tony might be the person to contact
about some of this, but I think there're also some server side issues
possibly at GMAIL,
I've seen this happen occasionally on other lists, but I don't know if it's
the same underlying cause.
The original post is encoded in some way, and then the addition of the list
footer means that the post isn't properly encoded anymore. Some email clients
then display this as a blank post. If
Try to set the userAccountControl value manually with
either LDP or admod (with -exterr) and report back the full LDAP error with
DSID.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
I agree with Al that the process to get the trusted domains
list could possibly be wiping out the value you are tucking
in.
If you are trying to get away from "contexts", I think one
of the best things you could do is go to UPN logon then, then they don't have to
remember their domain for
Oh BTW, are you changing the SIDs on the workstations after
you finish the ghost process?
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paul
GlennSent: Friday, May 05, 2006 3:42 PMTo:
Can you expand on this statement?
I have already applied an instrution to change local user rights
This should be enabled by default in the Domain Controller policy -- Enable
computer and user accounts to be trusted for delegation +r Administrators.
Make sure the you have the user right
62 matches
Mail list logo