I don't believe that static records age, so they should not be affected
by scavenging?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kurt Falde
Sent: Thursday, December 07, 2006 1:28 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS
1) I would Google how to seize the FSMO roles.
2) Google how to cleanup metadata for the failed DC
3) Once all of that is done, I would still use a different name and IP
for the rebuilt server before going on with a DCPROMO. Unless you had to
use the same.
4) Use DCDIAG on the other DCs prior
Any dates?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Thursday, October 19, 2006 4:29 AM
To: ActiveDir.org
Subject: [ActiveDir] OT: TechED 2007
It's Florida !
Regards,
Mark Parris
Base IT Ltd
Active Directory Consultancy
Tel
Does anyone have a
way to determine if a domain global group is being used?. Will auditing on the
DCs tell me this?
Thanks in
advance.
Johnny Figueroa
The tough one... being used in resource
ACLs
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
RobinsonSent: Wednesday, September 06, 2006 10:16To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Is a Global
Security group being used?
What
do you mean by
Thank you everyone.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
RobinsonSent: Wednesday, September 06, 2006 12:34To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Is a Global
Security group being used?
There
are lots of utilities to report ACLs. The
Good morning folks.
I kind of run into this all the time... I am setting up performance monitoring
of our DNS servers. I found a good reference: Domain
Name System (DNS) ServiceProduct Operations Guide. It gives me a
bunch of counters to monitor.
The
problem is interpreting the counters,
Baseline of a healthy DNS server to compare against is
definitely part of the answer. I was just looking for a place to start, every
environment is different but typically I know what the rules of thumb are when
it comes to disk, memory, processor and similar objects that you monitor.
There is talk about
using a home grown speech recognition system to reset a user's password. You
would need to enroll, the system would recordyour voice and if you ever
wanted to reset your password, it would ask you to repeat a word of its
choice.
The system would use
a service account
There was no real reason for a separate domain, other than
it simplified the vendor's support. We ended up creating an OU and delegating
administration to it.
Thanks I promised I would get back to you
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent:
Ouch, how many things could go wrong? I thought the
domain controllers would complaint if the time synchhad a gap over 5
mins.
http://redmondmag.com/columns/article.asp?editorialsid=1388
Thank you all.
The vendor in question is bringing in a medical solution.
Here is the response from the vendor so far. Mind you that we have lots of
medical device solutions that exist in our domain, the FDA card is played as a
blanket so you stop asking questions...we ran into the same
Joe, I can not comment on the specifics just yet
asIThas not actually met with the vendor yet. We received the
requirements and when I read about the separate domain with a trust to our own,
I started to try and build a case for NOT. As I had mentioned earlier.
I will try to keep an open
We are a 2003 Forest
with an empty root domain and a single child domain. We have a vendor looking to
bring in a product that utilizes its own domain and has a one way trust to our
domain.
I do not know
anything about the product yet but I am almost conceptually opposed to these
vendor
lol
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Isenhour,
Joseph
Sent: Thursday, June 15, 2006 3:04
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ?
Awesome!
I completely forgot about this. I did;
I thought WMI filters could only be evaluated by XP or 2003
?, 2000, NT will ignore the filter and apply.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin
(ITS)Sent: Friday, June 09, 2006 10:55To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] WMI
Filter
I
What rights does a user need to move objects from one OU to another? I
can not seem to find that or a white paper on delegation of authority
that someone mentioned before.
Thanks in advance.
Johnny Figueroa
Supervisor Network Operations Support
Network Services
Banner Health
Voice
I think the codes like 42c converted to
decimal will give you the process id and them the thread is the 2nd code, 2f0.
If that helps any.
I think this is not always a problem.
1) Take a look at AV on the workstations. I have seen AV
patches on the clients that drive CPU up on the DC for
All your services set to Automatic come up? I know there is
a known problem with the Windows Time Service.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin
(ITS)Sent: Friday, June 02, 2006 11:07To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] PCs hang
We have a GPO in place for all users to do Folder Redirection of My
Documents. We are experiencing problems with long delays during this
process when users connect to a Citrix Server. This started with 2003
SP1 (there is a potential hot fix from MS, but we are not crazy about
it)
The real
I have an AD 2003 domain and an AD integrated DNS zone. If I look a the
properties of that DNS zone and go to the Name Servers tab, I see a
few servers that are not our domain controllers/DNS servers. Those
servers look like DNS servers in other domains that we have a trust
with.
I guess I am
Title: [ActiveDir] Name Server records
It is a DC/DNS and it replicates to the forest which is
actually just one domain.
That's just it, I don't see how or why anybody would go in
there and add them. There are only a few people that have the access to do that
and adding those records just
We are looking at http://www.manakoa.com/products/but
we already have MOM
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike
HogenauerSent: Wednesday, February 22, 2006 11:01To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD auditing
All,
Were looking
for a
Looks like there is a weird name executable our there. I
take it your domain is not called company.com, unless you changed the message
for security reasons before posting.
http://www.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
I looked at cconnect as an option and decided not to
connect our directory to a SQL database dependency for this functionality. Not
to mention the fact that your support now has to deal with dirty logoffs with a
different tool.
We have decided to take a good look at using a Network
Share
Make sure that the Database verification option is checked on all your
WINS servers.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Tuesday, February 14, 2006 7:33
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] WINS
We are in the process of coming up with a 2nd Data Center for DR. I am
working on the AD part of it and I am trying to find out what the
process is for finding a DC in DC II of DC I is down.
I looked at some of the Domain Locator articles and it talks about how a
client finds a DC and what
into the process.
However, NETLOGON does use site link cost to determine the covering DC
for a DC-less site.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Figueroa,
Johnny
Sent: Thursday, January 26, 2006 12:33 PM
To: ActiveDir@mail.activedir.org
Subject
spend 200 dollars on something that is available for free? Is the
time to import the csv into Excel too much?
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Figueroa,
Johnny
Sent: Saturday
Does anyone have any experience with a product called AD Janitor 2.0 ?
It is a tool much like the OLDCMP tool but with a GUI. It lets you move,
disable and delete old computer and user accounts. Pretty good export. I
have downloaded it and done some testing but wanted to know if anybody
else has
as if the user may have more rights than expected.
William
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Figueroa,
Johnny
Sent: 08 December 2005 16:34
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Question
2K in native mode, all but two
:[EMAIL PROTECTED] On Behalf Of Figueroa,
Johnny
Sent: 07 December 2005 21:56
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DNS Question
As I am getting ready to migrate a number of zones from a QIP DNS server
to a Microsoft DNS server, I have a concern about giving support folks
access
and Support
- Original Message -
From: Figueroa, Johnny [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Tuesday, December 06, 2005 3:18 PM
Subject: [ActiveDir] Moving 3rd party DNS to AD
I will be removing a couple of Lucent QIP DNS servers running on Sun
Solaris
As I am getting ready to migrate a number of zones from a QIP DNS server
to a Microsoft DNS server, I have a concern about giving support folks
access to the DNS MMC. Some folks just need to be able to use the MMC to
troubleshoot, so I thought I would give them Read Only access to DNS.
I see dhcp
I will be removing a couple of Lucent QIP DNS servers running on Sun
Solaris with Microsoft DNS.
We already have our AD infrastructure. The _zones in the QIP DNS servers
were delegated to AD DNS/DCs so the domain controllers could update
their SRV records.
We debated if we should integrate
Of Figueroa,
Johnny
Sent: Sunday, December 04, 2005 4:05 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Obsolete Domain groups
Does anyone know of a way to identify old\obsolete domain groups?
Are the group objects in AD stamped with something like a last used date
stamp?. I am thinking a member
Does anyone know of a way to identify old\obsolete domain groups?
Are the group objects in AD stamped with something like a last used date
stamp?. I am thinking a member server with some resources and domain
permissions on those resources has to ask the domain some questions
about it.
Thanks
A couple of things:
1) Have you looked at what AV solution is on your clients? If you are
using McAfee VSE 8.0 with Patch 11, they are your problem. There is a
patch 11a
http://groups.google.com/group/microsoft.public.windows.server.general/b
I think what was meant about the trivial part is around the seizing of
the roles not the transfer. I would love to have much of the ntdsutil
functionality built into the UI, even if at some point it requires you
to reboot/restore, whatever.
I don't think either camp is going to convince the
Does anyone know of a way to tell if a DHCP address is a reserved IP
address from the client side?
Thanks
Johnny Figueroa
Enterprise Network Consultant/Integrator
Network Services Banner Health Voice (602)
495-4195 Fax (602) 495-4406
WARNING: This message, and any attachments, are intended
This is all in an Exchange 2003 and AD 2003 environment.
I wonder if I have this right?. When the help desk resets a password in
ADUC, that password change is made against the DC that the tool is
connected to and the PDC Emulator. If a user logs on to the network the
authenticating DC checks the
,
Mark.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Figueroa,
Johnny
Sent: 02 November 2005 09:52
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OWA after resetting password
This is all in an Exchange 2003 and AD 2003 environment.
I wonder if I
in.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Figueroa,
Johnny
Sent: 02 November 2005 15:36
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OWA after resetting password
Thanks, the AvoidPdcOnWan is not on in our environment
They are not setting the Must Change Password at Next Login
box. Thanks
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phil
RenoufSent: Wednesday, November 02, 2005 8:51 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OWA after
resetting password
I am
I am looking to provide access to Active Directory Users and Computers
MMC to some folks that move around a lot and may not have access to
their computers. The goal is to allow them to reset passwords while out
on the floor working with users.
I've tried a customized MMC but it looks like you
I am seeing more duplicate PTR records in our DNS reverse zones than I'd
like. Our DHCP lease is 8 days, the zones are AD integrated. I've been
down the DNSUpdateProxy group road, etc. So I believe the records are
duplicates because they are not scavenged in time, not because of
security rights
written by Marcus
http://myitforum.techtarget.com/articles/16/print_view.asp?id=6287
Cheers,
Jorge
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Figueroa,
Johnny
Sent: Friday, September 30, 2005 10:35
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DNS
Are you applying the policy to an OU that does not have users? If so
that is why the GPO is not applying. You would need to do a loopback
processing option for this.
You need to enable loopback Processing This is under
Computer/administrative templates/system/group policy
What is happening
Good morning folks, I am entertaining the idea of applying SP1 to our
2003 domain controllers. I figured I would start with
http://support.microsoft.com/kb/889101 but if you have any 1st hand
knowledge of any issues, please let me know.
For that matter, if you have a good link about applying
Good morning folks, yesterday I changed the domain password security to
retain password history for 5 passwords and the password can not be
changed for one day.
Our help desk used to set passwords to a default value when they got a
call from a user and then tell the user to change it to
- we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: [EMAIL PROTECTED] on behalf of Figueroa, Johnny
Sent: Fri 8/26/2005 9:34 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Password
will need to turn that option off.
Phil
On 8/26/05, Figueroa, Johnny [EMAIL PROTECTED] wrote:
Help desk sets he password to something something, tells the user to change
their password to whatever they want it to be and the user can not. I thought
about having the HD check the box that makes
=activedirf=adm_summary.shtml
Policy Log Reporter(Free)
http://www.sysprosoft.com/index.php?ref=activedirf=policyreporter.shtml
- Original Message -
From: Figueroa, Johnny [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Saturday, August 27, 2005 2:56 AM
Subject: RE: [ActiveDir
Does anyone have a script that will walk a DNS Reverse lookup zone and
delete invalid records. In my mind, if you read a PTR record and ping
the fully qualified host name and it does not answer it could be
considered invalid. Laptops, shutdown clients should be o.k. when they
boot up.
We have an
Is this what you are looking for?
2000: http://support.microsoft.com/?kbid=239803
2003: http://support.microsoft.com/Default.aspx?kbid=322672
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Friday, August 05, 2005 10:30 AM
To:
We are trying to change an AD user Attribute so that new users created
get a default value. How would I start to try to do that?
Thanks
Johnny Figueroa
Enterprise Network Consultant/Integrator
Network Services Banner Health Voice (602)
495-4195 Fax (602) 495-4406
WARNING: This message, and
that to be the default when an ID is
created.
Thanks... Sorry for the 2 part.
-Original Message-
From: Figueroa, Johnny
Sent: Monday, August 01, 2005 1:59 PM
To: 'ActiveDir@mail.activedir.org'
Subject: Attribute default
We are trying to change an AD user Attribute so that new users created
Title: RE: [ActiveDir] Attribute default
Thank you, the problem with the most recent suggestion is
that you have to have a template when creating the userids and I can not
guarantee or dictate that. I think I am going to go with running my script once
a week to look for users with those
What happens when you run DCDIAG from the broken DC ?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Friday, July 29, 2005 1:32 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Urgh... troubleshooting
Michel-
Care to
Found this, under Troubleshooting Active Directory : http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/d87e1c8f-2e6b-4ce3-b72b-7108acc6aecb.mspxMore
to the point there are some special security checks in DCDIAG for 2003 SP1 that
may be able to help. From the
This looks to be different between 2000 and 2003 DNS servers. On 2000
DNSAdmins is granted full control to this object and all child
objects. On 2003 DNS it was granted access to this object only.
Does anyone know about this change and would it be o.k. to change the
permissions to ...and all
Sorry, I meant drives C and E on DC2, database on E and logs on C with
the OS.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Sunday, July 17, 2005 3:10 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] DC Backups
You said
I am replacing the domain controller that the Exchange 2003 RUS points
to from a 2000 DC to a 2003 DC. I know the step in ESM to change the DC.
My question is do I need to do anything else to make sure the RUS is
using the new DC?
Thanks
Johnny Figueroa
Enterprise Network Consultant/Integrator
14, 2005 7:32 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] RUS question
Fastest easiest way would be to mailbox enable a user and verify the
proper attributes got stamped.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Figueroa,
Johnny
,
-Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Figueroa,
Johnny
Sent: Thursday, July 14, 2005 9:37 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] RUS question
I hear you, I was hoping to verify that the new DC was being used before
; Figueroa, Johnny
Subject: RE: [ActiveDir] Attribute on AD users called employeeID
Hi Johnny,
In addition to what Tony listed, you can add to the context menu (i.e.,
mouse right click) of a user object a feature to modify employeeID.
Instructions and the VBScript required are on the bottom
We are trying to write an interface between our payroll database and
Active Directory. We are planning on using an attribute in AD called
employeeID. However it appears that the attribute is not exposed in ADUC
so you have to use LDP or a script to view it.
Any ideas?
Thanks
Johnny Figueroa
the
attribute.
- Use a different attribute that is visible in ADUC.
- Look for 3rd party apps that include the employeeID attribute in the
UI.
Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Figueroa,
Johnny
Sent: Friday, 8 July 2005 12:06 p.m.
To: ActiveDir
I have a request to join a server in our DMZ to the domain. The reason
appears to be for an application to leverage
(SQL Reporting Server) and in order for this to work it needs to be in
the domain.
Sorry, to be vague.. I am trying to get more info. Are there best
practices for when you need to
end servers that are a part of the DMZ domain and
nothing else. There are just too many ports to open to support a domain
member in the DMZ to make it worthwhile in my opinion.
Phil
On 7/6/05, Figueroa, Johnny [EMAIL PROTECTED] wrote:
I have a request to join a server in our DMZ to the domain
I have the backup also but the date seems to be from when the zones were
converted to AD integrated.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Thursday, June 30, 2005 8:44 AM
To: 'ActiveDir@mail.activedir.org'
Subject: RE:
71 matches
Mail list logo