Title: Disabling the file open security warning for certain VBS scripts
I have a bunch of vbs scripts which are stored in SYSVOL.
They are called when a user right clicks an object in AD and chooses one of the extra functions added to the context menu (via a displaySpecifiers change) .
Title: Using non-standard TLDs within Active Directory
Does anyone have experience or comments regarding the use of non-standard TLDs within a production AD forest?
E.g. x.nom
The name will be used within a production environment - a separate forest will exist for testing and QA.
Title: Using non-standard TLDs within Active Directory
Ive always gone the opposite way. I
like the idea of using a completely non-standard TLD for my forest root so that
if the company name changes etc it has no effect on the forest. It also enables
you to split the internal DNS from the
Title: Using non-standard TLDs within Active Directory
Thanks Peter.
Are we referring to same thing?
I refer to the suffix at the end of the DNS name - e.g. I
refer to 'blob' in 'neil.blob'.
I am not referring to the 'neil' part.
Does your response still hold?
neil
From: [EMAIL
Title: Using non-standard TLDs within Active Directory
Hi Neil
Correct. The TLD is the normally the last
bit the in the string. So in the real world Internet examples of TLDs
are .com,.edu etc plus the country codes such as .za for South Africa
which is where I from.
I always
Title: Message
We have a single
Windows 2003 SP1 forest/domain. DCs run AD integated zones. We
haveForwarders configured for a domain e.g. test.com with 2 IP addresses
entered for the DNS servers in test.com.
We have seen a
strange issue where queriesfor a host inthe sub-domain
Title: Using non-standard TLDs within Active Directory
Thanks again. We're on the same wave length
:)
I appreciate that .local can work but as you state, it's
best to avoid names that can become obsolete if the company name
changes.
The proposal here is to use .nom and the
company name is
Title: Using non-standard TLDs within Active Directory
Thats a really good solution. So
the forest root domain name would be nomura.nom and then there will child
domains below that?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 21
Title: Using non-standard TLDs within Active Directory
for the LOCAL tld, you need be aware that it can cause
issues with MAC computers
http://support.microsoft.com/kb/836413/en-us
http://docs.info.apple.com/article.html?artnum=107800
Jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Title: Using non-standard TLDs within Active Directory
Hi Neil and Peter,
If two companies both happen to choose corp.local for their
forest name, they cannot create forest trusts, if the need later arises. Of
course, if one of them is a chemical company in the west coast and the other is
a
Title: Using non-standard TLDs within Active Directory
It
will be "something" .nom, where "something" is to be
determined.
Whether children or additional trees, is also to be
determined.
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter
JohnsonSent: 21 July
Title: Using non-standard TLDs within Active Directory
Thats a gotcha I hadnt
thought of. However Ive normally dealt with smaller companies we this is
less of an issue. I also tend to user the company name.local method .
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Title: Using non-standard TLDs within Active Directory
I guess CORP.MICROSOFT.COM would still be an issue when
trying to create a trust when the other company has
CORP.SOMETHING.ELSE
Reason: both have the same NetBIOS name which is CORP
(assuming the NetBIOS is always the most left part of
Title: Using non-standard TLDs within Active Directory
Well something.nom would work J J From an AD perspective
so would nom.de-plume. Sorry its a weak pun but I couldnt resist.
Have a great weekend
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL
Title: Using non-standard TLDs within Active Directory
Hi Jorge. Is the issue related to NetBios
names or DNS names? i.e. If you have corp.local and corp.local with Netbios
names of corp1 and corp 2 what would happen?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
For this and other reason I like to
use the .ad or .ads TLD for my active directory.
Andrew Fidel
Almeida Pinto, Jorge
de [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
07/21/2006 06:43 AM
Please respond to
ActiveDir@mail.activedir.org
To
ActiveDir@mail.activedir.org
cc
Subject
Title: Using non-standard TLDs within Active Directory
both endpoints of a trust must have unique DNS and NetBIOS
names when talking about trusts between AD domains/forests. either using the DNS
name or the NetBIOS name, it can only exist on one of the endpoints, not
both
jorge
Title: Using non-standard TLDs within Active Directory
"But still, the only way to make sure
that you can later create forest trusts (without renaming one of the forests)
with any other company/forest is to register your forest name (or use a
delegated one, such as corp.microsoft.com)."
Title: Using non-standard TLDs within Active Directory
neil,
In a re-design we are moving away from using our
existing COM TLD, and moving to a CORP TLD.
IE - COMPANY.COM is now COMPANY.CORP
for the internal Forest name and DNS zone.
There are issues with having COMPANY.COM internal
and
Also a good idea.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 21 July 2006 14:05
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Using
non-standard TLDs within Active Directory
For this and other reason I like to use the
Well it would be a good idea as long as no one thinks crikey thats a
great idea and people start making corp.ad or corp.ads as their
forest name ;-)
As I understand it, the forest names need to be unique DNS names. If
you have two corp.local's, how would you do conditional forwarding and
the
On 21/07/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
The proposal here is to use .nom and the company name is Nomura.
Which is all fine and dandy until the French get envious of the .name
TLD and decide they're going to have their own equivalent...
--
AdamT
A casual stroll through the
Title: Using non-standard TLDs within Active Directory
Thanks Jef. Obviously, this can be avoided by choosing a
separate name for internal and external DNS zones.
One such approach is to use .net inside and .com outside.
Either way, I'd prefer to register the names (Int and ext) so as to
Title: Disabling the file open security warning for certain VBS scripts
You cant turn it off for specific
files, or even file types. You can set it via Internet Explorer GPO to turn
off the warning altogether, but I dont think you really want that.
There are two options that I know of.
Title: Disabling the file open security warning for certain VBS scripts
Thanks Kevin. I thought as much.
The option to store the files locally is not viable - there
are ~15,000 machines :)
Code signing may be viable altho I'm not sure there is a
single, trusted PKI within the org...
Thank
Title: Disabling the file open security warning for certain VBS scripts
You could add all of the possible source servers to your IE
"Local Intranet" zone via group policy.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Friday, July 21, 2006 9:22
Title: Disabling the file open security warning for certain VBS scripts
That'd be all 15,000 :) not sure I'd maintain such a list
either - machines are added and removed on an hourly basis
:/
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken
CornetetSent: 21 July 2006
Title: Disabling the file open security warning for certain VBS scripts
I dont think it matters if they are
in the Local Intranet or not. It is the unsigned code that XP SP2 and
Win2k3 SP1 dont like. It is going to block unsigned code from any
network source. I dealt with this for a
I've done some looking around on Microsoft's site, but can't find the information that I need.What can be done with/to the automatic trusts that are created when a new tree is created in a forest and/or a new subdomain is created?
I understand that 2-way transitive trusts are created, but can I
What can be done with/to the automatic trusts that
are created when a new tree is created in a forest and/or a new subdomain is
created?
nothing
I understand that 2-way transitive trusts are
created, but can I break that or alter it in any way and if so, what way can
those trusts be
I guess the thing to remember about the
DIT file is that it will be different on every domain controller. If it is a
global catalog it might very well be bigger than the DIT file on another domain
controller that is not a GC. It will also depend on whether or not the
ntds.dit has been
When is offline defragging the DIT file recommended:
to reduce its size?
What other factors impact (increase) its
size: # of objects, FSMO roles, AD integrated DNS, etc.?
Alex
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson
Sent: Friday, July
So basically there's no way to have a domain in a forest that doesn't fully trust every other domain in the forest?The only way to have a non 2-way trust is to make a separate forest?
Title: OT: Microsoft Acquires Winternals Software
You may find this of interest (from todays WServerNews):
Mike Thommes
=
Microsoft Acquires Winternals Software
Mark Russinovich and Bryce Cogswell have been snagged up by Redmond. And
1-yep
2-yep
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : see sender
Laura, where did you pop out of?
Good to see you re-engaging again. Long time no see posts
from.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
RobinsonSent: Sunday, July 16,
Submit it via email and maybe I will see what I can do
about it... eg
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al
MulnickSent: Thursday, July 20, 2006 9:05 AMTo:
I actually haven't looked at ReplMon is at least 3 years so
I can't really speak to it. But I would say trust Sites and Services because I
have investigated how it does things in some depth and I know it is doing it
correctly.
joe
--
O'Reilly Active Directory Third Edition -
Thank you!
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe
Sent: Wednesday, July 12, 2006 2:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
That has been my experience as well.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Tuesday, July 18, 2006 4:43 PM
To: ActiveDir@mail.activedir.org
Agreed.
Documentation from a vendor is labeled by me to be propaganda until I have
proven it out myself or someone I trust very much (extremely small group has
told me).
As my old support manager used to say
Believe none of what you hear and only half of what you see...
joe
--
What joeware widget required an install and
uninstall?
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al
MulnickSent: Monday, July 17, 2006 9:01 AMTo:
ActiveDir@mail.activedir.orgSubject:
Yeah that winnt - windows change pissed me right off.
Windows takes longer to type... :)
Solution
www.sysinternals.com/Utilities/Junction.html
junction C:\WINNT C:\Windows
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
If it should be, it should come from MSFT... They could
easily configure that if they feel it is important. As a general thing, you
really shouldn't be having to manipulate service startup order especially for
critical services. I think I have done that maybe 5 or 10 times in 10 years and
I
Hehe Bingo... keep playing and one day you may even think
how nice it is to not have DNS on DCs at all or even on Microsoft Is that
heresy here? If so I will say three Hail Kwan's and sprinkle some ground up
Intel chip dust on myself... ;o)
Dean wonders why I hate DNS. :)
Paul with the combination of your TLAs and your harsh Welsh Accent I haven't
the foggiest clue what you said here yeah...
:)
Warm[1]
[1] That kills me, inside joke...
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
What version of the DNS binary are you running and if you clear the cache
instead of restart DNS does it resolve the issue?
Thanks,
-Steve
From: [EMAIL PROTECTED] on behalf of Wyatt, David
Sent: Fri 7/21/2006 4:39 AM
To: ActiveDir@mail.activedir.org
Subject:
Ouch, how many things could go wrong? I thought the
domain controllers would complaint if the time synchhad a gap over 5
mins.
http://redmondmag.com/columns/article.asp?editorialsid=1388
Now don't go getting misty eyed and thinking that I'm coming over the joe-side of thinking when it comes to DNS and Microsoft. But aye, it has it's shortcomings and could be much better. Perhaps they need a real competitor vis a vis Firefox and IE to get things jumping?
Hmm.
:)
On
The list is long, yet distinguished.
Pretty much the combinations are endless. Think about it: for every deployment thereis at least one administrative staff member and one boss. That means there are likely at least three opinions on how it should be done right.Multiply that number of deployments
50 matches
Mail list logo
