Figueroa, Johnny wrote:
We are a 2003 Forest with an empty root domain and a single child
domain. We have a vendor looking to bring in a product that utilizes its
own domain and has a one way trust to our domain.
I do not know anything about the product yet but I am almost
conceptually
Agree. Due to the number of servers some of
our guys have to look at virtualisation. I've said a flat no to the DCs
though. We're standardising on x64 with 32 GB RAM for our DCs.
There's no way we're going to take a perf hit because someone much further up
the chain wants fewer boxes.
I
The problem with this is delegating the ability
to support the remote systems. Possible of course -web based admin of the
VM, and all that, but usually a pain. ANd if done wrong...
--Paul
- Original Message -
From:
Matt
Hargraves
To: ActiveDir@mail.activedir.org
Are you talking about having Options minimised by default and educating
users to logon with UPN or domain\samaccountname syntax or are you talking
about actually modifying the list built by Winlogon?
There's probably a number of options. As Tony says you can modify the list
of domains
Write all properties is overkill! Joe'll go
wild when he sees that that is written in the MSFT delegation
guide... :P
I believe you require:
WRITE_PROP for name and
cn
Summarised, you're modify the RDN.
--Paul
- Original Message -
From:
O'Brien,
Cathy
To:
Hmm.. Maybe the wishlist idea was a wish on my part :)
On 7/19/06, joe [EMAIL PROTECTED] wrote:
Nope no wishlist on the site, people can submit through email or newsgroup post or just asking me... I added this one with four question marks after it meaning Iam not sure if I fully agree with
One of our admins
has populated the EmployeeID field within AD. We would now like this field to be
visible to all of our admins but are unsure how to make it appear on any of the
tabs within the user's account in ADUC.Any suggestions on how to make this
field appear on a user's account
The below is non-trivial, whilst exposing the data via a
context menu option (i.e. right click user, select 'show emp id') is far
simpler.
A good example can be found here:
http://www.petri.co.il/add_unlock_user_option_to_dsa.htm
You'll need to write a script to go get the emp id and make
... I should have included this URL
too:
http://msdn.microsoft.com/library/default.asp?url="">
That details the various options available and also
describes how the property sheets can be amended too.
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL
Sorry about that. I mean for someone to
use the UI on the workstation to change the computer name.
Thanks,
Justin
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Wednesday, July 19, 2006
6:17 PM
To: ActiveDir@mail.activedir.org
Subject: RE:
I am talking about having that list disappear / do not want to see it so
people are forced to use UPN Logon.I was hoping there was some adm gpo you
could just turn on for this but I guess not. What Tony has suggested may
work for me I have not had time to look into it in great detail but skimming
Here's another non-trivial method also
found in the MSDN library. It will add the attribute to the available
Add/Remove columns list in ADUC.
http://msdn.microsoft.com/library/default.asp?url="">
Mike Cantalupo
Information Services Group
(313) 792-6647
[EMAIL PROTECTED]
Sent by: [EMAIL
The request to view attributes outside of the those
allowed with the standard ADUC display dll's seems to come up a lot. I am
surprised in the newer MMC and tools they did not come up with an SDK that is
more obtainable for the admins who are not programmers. I have never liked
the idea of
Return Receipt
Your document:
Re: [ActiveDir] Show the EmployeeID field within ADUC
was received by:
[EMAIL PROTECTED]
at:
07/20/2006 10:31:32 AM
Return Receipt
Your Re: [ActiveDir] Show the EmployeeID field within ADUC
document
:
Does anyone know how to change the NETBIOS name of a domain? I.e just
change what is displayed in the logon screens drop down list?
Thanks,
Ray
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paul Williams
Sent: Thursday, July 20, 2006 3:35 AM
To:
The solution from the MSFT side is non-trivial as well and
is being worked on. Hopefully we should see tihngs are much easier to work with
"in the Longhorn" timeframe. One of theoutstanding ADguys I know got
moved over to working on ADUC and the other GUIs to tackle these kinds of things
All I have to say is no document is perfect and although
there was a ton of feedback put in to the writing of that specific whitepaper
from myself, Guido, and others whose names you will find on page 2 or 3 of the
doc, it wasn't all incorporated. :) There is also the case that not
Return Receipt
Your Re: [ActiveDir] Show the EmployeeID field within ADUC
document:
You'll need to rename the domain, using the rendom tool and associated
documentation, AFAIK.
My advice - don't do it - live with the domain name. If you really must
rename it, then test and test again :)
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
I think everyone would be conceptually opposed - would be
good to hear the vendor's reasoning for this.
What does the app do?
What benefit do you have from running their app in a
speparate (single domain) forest?
I can think of many downsides, but if the app is supposed
to protect really
I would tend to agree except in the case of Exchange, I am
ALL FOR Exchange being run in a separate single domain forest, it solves an
incredible number of problems such as the GC/NSPI problems as well as
administrative isolation, etc. The exception there is if Exchange is deployed in
a
Thank you all.
The vendor in question is bringing in a medical solution.
Here is the response from the vendor so far. Mind you that we have lots of
medical device solutions that exist in our domain, the FDA card is played as a
blanket so you stop asking questions...we ran into the same
So theyre blowin a lot of smoke to
disguise their actual thought process:
You are a
liability we do not want to expose our servers to. We do not believe you
to be capable of managing an Active Directory environment, and therefore we put
in our own stuff without giving you the passwords.
My first reaction is that that is pretty nebulous and hazy.
I don't think they can compare whatever it is they do to a respirator and have
validity, I think that would be talking apples and olive pits.
Overall it sounds like a move to reduce support and
troubleshooting costs by having a
Joe, I can not comment on the specifics just yet
asIThas not actually met with the vendor yet. We received the
requirements and when I read about the separate domain with a trust to our own,
I started to try and build a case for NOT. As I had mentioned earlier.
I will try to keep an open
Hey Sakari, do you have a trace showing the ADSI failure and its resulting
success if run by DA that you can post?
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
I completely understand.
If a vendor is actively and completely supporting this
application for you ***as a service*** then patching, etc should be something
that you specify the requirements for in the actual contract with the vendor
with penalties, etc associated with it for
28 matches
Mail list logo