Take a look at the source code for chapter 6.1 in this
excellent (fish) book.
http://rallenhome.com/books/adcookbook/code.html
Clyde Burns
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Antonio
ArandaSent: Tuesday, June 06, 2006 3:29 PMTo:
Other ways...
Dos bootdisk with Fdisk - www.bootdisk.com
And theres also this.
http://www.semshred.com/contentmgr/showdetails.php/id/680/tp/VE1HUj0xLHRpZD02NzIs
Clyde Burns
Louisville Ky.
The one guy in the office who didn't go the track on Oaks
day.
From: [EMAIL
I am planning a move of our exchange servers and two domain controllers
out of our current single site to a new separate site. We had MS come in
and do a healthcheck on Exchange, and its one of their recommendations.
We don't have all the subnets in our network added into the current site
yet.
I
would also watch out for scriptstucked away that elevate some other users
privileges usinga domain adminscredentials upon
login.
Places I wouldcheck
Startup
folder(s)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
win.ini - multiple entries onthe "shell="
Take a look at this link
http://gsexdev.blogspot.com/2004/12/listing-file-sizes-of-all-exchange.htmlListing the file sizes of all Exchange Stores on all
Exchange Servers in a Domain
Ive been using it for a while. I think its going to get
you what your looking for.
Clyde
Can anyone tell me which attribute of a user object stores the value for
Automatically update e-mail addresses based on recipient policy in a
2003 AD and 2003 Exchange org? Or at least point out documentation on
how that value is stored in AD and manipulated via vbscript?
Thanks
Clyde Burns
Title: How-to add group to "Managed by" attribute on Distribution list
In Exchange 2000 the "Managed by" field is
informational only. It doesn't set any permissions.
(Exchange 2003 fixed this btw.) I dont know how to get
a group to show up as the 'managed by' name but I do know how to get a
Title: Message
This is pretty simple adsi vbscript I use when I get those
kind of "who is in that group" question.
It prompts for the NetBIOS domain name,
group name, file to save as (in CSV style
output)
Clyde
Burns
' Gets input on the domain name, group
We are looking to store SSN's in the employeeID field in active
directory. But want to restrict read and write access to members in a
particular global security group. Does anyone know of or can point me to
resourses on how to best do this?
I thought I had it by going into the advanced default
Sounds
similar in description to something we have experienced. Wehad some 2000
and XP workstationshaving incredibly long login times. Turned out the
issue was related to dropped udppackets over our wan links and
kerberos.
The fix
in the following article got those affected workstations
Title: RE: [ActiveDir] Summer Maintenance
The user could have been bcc'ed (Blind Carbon Copy) on the
email in question.
Clyde
Burns
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas M.
LongSent: Monday, October 11, 2004 1:18 AMTo:
[EMAIL PROTECTED]Subject: OT:
This vbscript is what I use to get group membership in
a csv file. I modified it from code I found on the
internet.It will prompt you for domain name, group name, and file name then
generate your list.
Hope you find it helpful.
Just save everything below the line in a .vbs file
Does anyone know of a way to get a DOS network boot diskette to
authenticate in a windows 2003 AD domain short of disabling the
following on the DC's local policy?
Domain Member: Digitally encrypt or sign secure channel data (always)
Microsoft network server: Digitally sign communication
Don't know about the rest of the list server folks. But I'm all for a
field trip to test out that theory.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Friday, June 11, 2004 4:26 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Title: RE: [ActiveDir] a good software for cache on windows 2000
Maybe there is another way to do this and get the effect your looking
for.
There is a device you can get from http://www.tigicorp.com/that you plug into your
system as a hard drive that acts as a 5.25 form factor hard drive. It
You will also have to give yourself (or some account) access to all the mailboxes to
use Exmerge.
http://support.microsoft.com/default.aspx?scid=kb;en-us;821897
Clyde Burns
-Original Message-
From: [EMAIL PROTECTED] on behalf of Depp, Dennis M.
Sent: Fri
I
ran into an issue with DHCPobjects where it couldnt read any scope with more
than 255 reservations in it. Eventually gave up on using it.
There is a command line utility called netsh that you can use to search
through all scopes with.
Clyde Burns
From: [EMAIL PROTECTED]
Did something similiar to ourselves at my company and got the same
results. What is going on is that you need to have the first 2003 domain
controller tohave the PDC Emulator FSMO. The article http://support.microsoft.com/?kbid=325379"How
to Upgrade Windows 2000 Domain Controllers to Windows
Anyone using a
dedicated appliance for DHCP instead of the builtin service for 2000 /
2003?
Im looking for
something both intergrates with 2000/2003 andhas very very granular
control over the tasks associated with DHCP. Like only able to add/remove
reservations (and not change/add/delete
How about use contact objects in AD?
Put them in an OU by themselves,
delegate the OU to whomever maintains the email accounts in your
organization.
Have managers/supervisors submit additions/changes/deletions for fax
addresses to the central authority.
Clyde Burns
From: [EMAIL
Title: RE: [ActiveDir] schema updates
The easy question...
"Im also interested in how people deal with
local groups when a server needs to be migrated."
I use an excellent product from www.smallwonders.com called secure copy.
It does global groups, local groups, ntfs perms, and shares. Has a
Title: Active Directory 2003 question
By taking our AD forest from2000 native to 2003 mixed we found
every last win9x computer and NT4 pre SP3 computer on the network that didnt
have the DC client installed would randomly not login to the network. Depended
on which domain controller it hit
I
use this vbscript to first bind to rootdse in the domain I am
in.
Then use the results to build the global catalog string
for my ado search.
I
dont think it would be too difficult to convert to VB.
Title: RE: [ActiveDir] Who is using my file?
I
use a program from systernals.com's web site called handle http://www.sysinternals.com/ntw2k/freeware/handle.shtml
Itscomeinrealhandyforfilesthatdon'tshowafilelockbutisopenbyaprocess.
You can just kill or
suspend the process and remove the file.
Title: RE: [ActiveDir] Background
I am currently
tasked with getting social security numbers into AD for my company. I have been
reading Microsoft's "Step-by-Step Guide to Using Active
Directory Schema and Display Specifiers"
er objects in 2000 A D
Besides the obvious, "don't put SSN in the directory for
privacy reasons" I'd have to ask what requirements you have. For example,
why create a new attribute? Why not use an existing that you won't use
anyway?
Al
From: Burns, Clyde
[mailto:[EMAIL PROTECTED] Se
Title: Message
Found this in the msdn site under the Platform
SDK
DHCP Server Management API (watch for wrapping on the
url)
http://msdn.microsoft.com/library/default.asp?url="">
I may have to stick
to netsh though. That code looked way over my head. Batch file, vb and vbscript
are more
Title: Message
Ive used netshto move the scopes from one server
to another. There were some minor issues (documented in technet) but it works
fairly well.
Other things to
try:
From the 2000 Server
Resource Kit
Microsoft DHCP
Database Export Import Tool - DHCPEXIM.EXE
Just like the
Just got this from our MS rep. Thought I would pass it along.
Clyde Burns
Network Administrator
Norton Healthcare
---
Microsoft's PSS Security team is issuing this alert to advise customers
that earlier today a research company called Immunity published a paper
Security Explorer from www.smallwonders.com might be something you want to look at.
They have a demo on the site you can download after filling out a marketing survey.
Clyde Burns
-Original Message-
From: Jennifer Fountain [mailto:[EMAIL PROTECTED]
Sent: Friday, March 21, 2003 2:45 PM
We are using Cisco
ACS 3.1 with active directory as the user database right now. Not sure if this
is what your looking for in regards to AD's ability to support TACACS.
Currentlyits (ACS)functioning as the authentication piece for some
Cisco 5200's to control dial in / dial out POTS lines
Ran into the same issue when automating account creation where I work. Rather than
code cdo/mapi with the users credentials to have it finalize the mailbox creation I
use a command line utility call 'blat' to send the new account an email (yes I am a
lazy programmer). The reciept of the new
Im trying to generate a report of disabled accounts that were disabled X number of
days ago.
Getting a report of which accounts are disabled was fairly straightforward* but I
cannot find anything that will tell me when the account WAS disabled. I was wondering
if anyone could tell me if such
One 3rd party product Ive used that was very nice is called Security Explorer from
small wonders software. http://www.smallwonders.com/SecurityExplorer.htm
Clyde Burns
-Original Message-
From: England, Christopher M [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 12, 2003 9:45 AM
A good
white paper is "Using Microsoft Exchange 2000 Front-End Servers" by KC Lemson
and Michelle Martin. Heres a link to the download http://download.microsoft.com/download/exchplatinumbeta/E2kFB/1.0/W98NT42KMeXP/EN-US/e2kfrontback.exe
It's
focus isnt quite what your looking forbut it does
Title: Message
Id say that your
default recipient policy wasnt changed. Out of the box it uses the alias for its
name generation.
Assuming your email
addresses got overwritten and they arent in there as secondary smtp addresses I
would try the following
Read this first
One thing Ive done to keep from having to keep the old mapi server up was to put an A
record in DNS with the old server name and the new Exchange server's IP address. Only
had a few desktops that needed hands on treatment after doing that.
Clyde Burns
-Original Message-
From:
Title: Message
I
subscribe to "MS-Exchange Admin Issues" [EMAIL PROTECTED]
Theres
alot more traffic on that list and consequently more meandering conversations
but between that list, this list, the newsgroups on news.microsoft.com and the
occasional PSS call ;) Ive been able to getmost ofmy
Title: Message
If you mean the
default max size, for standard its 16gig, for enterprise its 16terabytes.
Although you may run into hardware limitations before hitting that 16terabyte
mark. ;)
Clyde Burns,
Exchange 2000 comedian, but keeping his day job.
Merry "non religious
specific"
Title: the ADC (yeah, baby!)
Highly
highly highly recommend you go thru your exchange 5.5 user directory with
NTDSNoMatch. http://support.microsoft.com/default.aspx?scid=KB;en-us;q274173If
you get a one to one mapping between exch5.5 accounts and AD users it makes life
alot easier.
Of
Title: OT: Exchange2000 ADC with 5.5
Assuming you mean the user information is still in the exchange 5.5
information store heres what you can do.Goto the properties of
your"Servers"container and choose the advanced tab. You can do whats
called a "DS/IS Consistency Adjustment". The option you
Theres also a 3rd party product called
plugSecure Copy from www.smallwonders.com. It does ntfs, global groups, local
groups, and shares from one server to another and can just copy changed files or
everything. /plug
But you have to buy a copy for each server (send and recieve).
Clyde Burns
Id go with what MS is recommending. Ive gone both ways (with regards to Exchange 5.5)
in restoring a known good database and replaying the transaction logs and having to
recover a corrupted database. I would just make sure to copy off all the contents of
your exchsrvr\mdbdata contents
Ok, heres something that doesnt involve scripting that should do the trick
for you.
1 Open up Active Directory Users and Computers
Login to a domain controller as an admin if you have to.
2 Make sure its pointed at your production 2000 domain (should be if you do
this from a domain
Flat file - Think text file with a long list of users separated by hard
returns in the document. Something you could create with Notepad.
Clyde
-Original Message-
From: Mark Jeremy [mailto:mjeremy;itsphoenix.com]
Sent: Thursday, October 31, 2002 8:50 AM
To: [EMAIL PROTECTED]
Subject: RE:
We do something similar to that with our citrix/termservers versus
workstations using the %windir% variable in a batch file
if %windir% == J:\WTSRV goto termserv
if %windir% == J:\WINNT goto citrixmf
:wrkstn
call workstation.kix
goto end
:termserv
call termserv.kix
goto end
:citrixmf
call
Add the domain admins global group from domain1 into the
Builtin\Administrators group of domain2.
Clyde Burns
-Original Message-
From: David Adner [mailto:davidadner;adelphia.net]
Sent: Thursday, October 24, 2002 11:19 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Domain Admin of 2
I have used a tool from www.smallwonders.com called secure copy. I dont know
what it can offer you moving files between domains but I use it to move
files around within a domain all the time. It moves files, ntfs perms,
shares and perms, and will even recreate local groups on the destination
You could setup a forward zone for the virusladen mail server in your
companys DNS and setup the hosts (A records) to 127.0.0.1. I admit its not
very nice but it can be explained away as outside of our network / outside
of our control versus the user realizing that he cant hit IE from any PC he
to share with anyone who needs such a
beast.
-Original Message-
From: Burns, Clyde [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 07, 2002 8:03 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Exchange 5.5 upgrade to 2000
Jennifer, another thing to think about migrating from Exchange 5.5
I used this back in NT4 days. It might be worth your time to take a look and
see if will work in an AD environment.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q197478;
-Original Message-
From: Jason Benway [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 11:36 AM
)
Clyde, thanks for your insight on Question 2. The less planned option
would be just to change the Scope Option (in this case, the DNS server) and
let the current leases lapse, no?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Burns, Clyde
Sent: Tuesday
Are you running
mixed mode Exchange 5.5 / Exchange 2000?
I had what appears
to be the same issue as you. Turned out to be duplicate info that already
existed in windows 2000 prior to getting w2kDS and exchange 5.5DS
talking with the ADC.
This article helped
me track down the issue.
I spent many a sleepless night (like tonight) wondering about just that
topic!
Heres a link that answers question 1.
Understanding the DHCP Console Icons
http://www.microsoft.com/windows2000/techinfo/howitworks/communications/name
adrmgmt/dhcpcons.asp
Question 2
Changing a scope option the way
Running service pack 3 on 4 domain controllers and 2 exchange servers. and
have run into 2 minor issues so far.
1. DHCP admin gui wont show reservations in the reservations folder where
there is more than 100 reservations in the scope. MS sent me the hotfix
earlier this week. Q328636 (this one
I don't think there is a group policy for that.
I did find this though under the key User Configuration\Administrative
Templates\System\Logon/Logoff there is a policy called Connect home
directory to root of the share
Heres a link that explains what it does.
Paul, This is what I use to get a list of a person's lockouts from all the
domain controllers on our 2000 network. You have to have elogdmp.exe from
the Windows 2000 Resource Kit in addition to this batch file.
Start of batch file Lockedout.cmd
The 3 lines that start with the words elogdmp, elogdmp, and for /f have
wrapped to the next line in my email. The lines immediately below them are
are supposed to be part of the original line.
Sorry about that.
Clyde
List info : http://www.activedir.org/mail_list.htm
List FAQ:
In my situation of an empty root domain with production domain (where the
users and exchange 5.5 are) as a child was to setup the adc connector on one
of the root DC's after running forestprep in the root and domain prep in the
root and the child domain.
I then configured the connection
System
914.681.8117 office
646.483.3325 cell
[EMAIL PROTECTED]
-Original Message-
From: Burns, Clyde [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 27, 2002 1:29 PM
To: '[EMAIL PROTECTED]'
Subject:RE: [ActiveDir] Migration
In my situation of an empty root domain
Just give another account local\administrator or domain admins, login to
the box as the 2nd account and you can remove the administrators profile. It
will just regenerate from the default user once you log back in as
administrator.
-Original Message-
From: Christopher Hummert
61 matches
Mail list logo