Do you mean biggest production DIT? ~Eric made a 2^31-1 object DIT in
the test lab ... in fact he's going to talk about that at DEC.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Isenhour,
Joseph
Sent: Friday, January 19, 2007 10:41 AM
To:
And w32tm /monitor will show to what machine it is actually syncing, if
any.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN
Sent: Wednesday, January 10, 2007 2:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Client time
Only if you had to install Linux.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Thursday, January 04, 2007 4:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Hello?
Hey, Santa brought me coupon for a new
, Certificate Lifecycle Manager, InfoCard, and Rights
Management Server
So now's the time... Check the agenda and register at www.dec2007.com.
Thanks,
Gil Kirkpatrick
Conference Founder
MVP, Directory Services
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org
Dingle's ideas for the workshop at
http://dec.editme.com/Dec2007CardspaceWorkshop and make your comments.
Any feedback on the sessions? Go to
http://dec.editme.com/DEC2007Sessions.
Thanks again for your time and input, and I hope to see you at DEC next
year!
-gil
Gil Kirkpatrick
DEC Founder
Meet us
Or NetPro's ReportADMin (http://www.netpro.com/products/reportadmin/index.cfm)
-gil
CTO, NetPro
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, December 19, 2006 2:08 AM
To: ActiveDir@mail.activedir.org
Subject:
in winnt.h. I
don't know if the Samba headers have a usable definition or not.
-gil
Gil Kirkpatrick
CTO, NetPro
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Santiago,
Felderi (F.)
Sent: Tuesday, December 12, 2006 12:50 PM
To: ActiveDir
-
From: Martin Tuip [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 07, 2006 8:16 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Quest Recovery Manager
Competition benefits customers.
Martin
- Original Message -
From: Gil Kirkpatrick [EMAIL PROTECTED]
To: ActiveDir
shamelss plug
NetPro has an AD data recovery product called RestoreADmin that competes
very well with the Quest product. It's solves the AD object recovery
problem nicely.
See http://www.netpro.com/products/restoreadmin/index.cfm.
/shameless plug
-gil
-Original Message-
From: [EMAIL
; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Quest Recovery Manager
Does anybody know what independent rankings look like for AD DR tools?
-Original Message-
From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick
Sent: Wed 12/6/2006 9:59 AM
To: ActiveDir@mail.activedir.org
Subject: RE
Its curious you saw significant disk I/O with no corresponding increase
in LDAP activity. Is the application running on the DC in your test
environment? Is it generating a lot of authentication traffic?
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
recently changed object on the domain
controller. The domain controller holds the highest uSNChanged value in
the highestCommittedUSN attribute.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: dinsdag 28 november 2006 20:01
Set the resolution to 4096x6720, and... ahh, there it is.
NOW the whole ego fits on the screen.
:Q
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Tuesday, July 11, 2006 4:58 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Computer
Account in
I never considered that the license cost of MIIS was all that high. Even
if you paid list (which not many of the customers I've worked with did),
its not a huge outlay.
The significant costs are in the analysis, requirements, engineering,
and operations.
-gil
-Original Message-
From:
OS, DIT, logs on separate spindles.
Enough memory to store the DIT + overhead.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom
Sent: Thursday, June 22, 2006 1:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC
Ethics? Thats the stuff the guys in the other party don't
have.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Thursday, June 22, 2006 3:52 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC
Configuration
Exactly...
Congress: Ethics? What's that?
You can use SPA, or you can use logman and tracerpt to get
detailed LDAP stats. SPA does a lot of analysis for you and diagnoses several
classes of AD perf problems. Tracerpt will give you a fairly raw look at all the
LDAP traffic. I covered all three in my DEC AD Performance session (which
Think divisble by 7
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, June 06, 2006 12:36
AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] max
password age where else to look?
I'll second guess joe - 91 stops ppl
I'm receiving this error on subtree searches of the Config
NC, on a French version of Windows 2003 SP1. Anyone have any
ideas?
(From LDP)
ldap_search_s(ld, "CN=Configuration,DC=francais,DC=local",
2, "(objectclass=*)", attrList, 0, msg)Error: Search: Erreur
d'opération. 1Server error:
. If no, sometimes a offline defrag can save the database. Otherwise, what
is the backup situation for this domain? Don't be tempted to repair your
database, that's unsupported.
The hardware should be considered suspect at this point.
Cheers,
BrettSh [msft]
On Mon, 5 Jun 2006, Gil Kirkpatrick wrote
.
Can we see the VHD before you blow it away? I can set up a place for you to
upload it to. Please let me now how large it isjust ping me offline and we
can coordinate.
~Eric
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday
I assume you mean an X.400 address?
I would guess that the translation between PseudoSQL and LDAP doesn't properly
escape the literal strings. Try using the LDAP escaping rules on the X.400
email address, e.g. instead of 'g=john,s=smith,o=foo,prmd=bar' etc., try
'g\3djohn\3bs\3dsmith\3b'
CHKDSK?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Tom Kern
Sent: Friday, May 05, 2006 6:14 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir]
Robocopy(OT)
How can I take ownership of it?
It doesn't have a security tab and xcacls doesn't
Hey Rocky,
Watch me pull a rabbit out of my hat!
Sorry, just had to get that out of my system. Most people
on the list won't have a clue as to what I'm talking about
anyway...
In any case, how do increased
operational costs and overhead not qualify as "harm"? I'm confused by your
I'm pretty sure it it works fine with W2K AD. MIIS itself
needs to run on WS2K3 though.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
MurraySent: Tuesday, April 11, 2006 2:16 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] IIFP GAL
Sync
Hi all
I was
Hey Laura, did you ever think that maybe it was just you? :)
-g
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter
Sent: Tuesday, April 11, 2006 2:26 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] List problems - resolved
Hey
Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, March 29, 2006 6:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Quiet? DEC? Related?
Just
:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, March 29, 2006 6:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Quiet? DEC? Related?
Just wrapped up Day 3. 530 people. General consensus is that it was the best
DEC ever. More to follow when I can type on something
Title: RE: [ActiveDir] Reset Local Admin Passwords
If anyone has photos from DEC 2006, could you please send
them to me? I want to put them up on the DEC web site.
The presentations that were NOT on the USB drives will be
posted up on the site in the next week or so (as soon as Stella
Just wrapped up Day 3. 530 people. General consensus is that it was the best
DEC ever. More to follow when I can type on something bigger than a credit card.
-gil
-Original Message-
From: Ayers, Diane [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org ActiveDir@mail.activedir.org
Sent:
Title: DNS Server will not Start
MY first thought was missing service
dependency of DNS on AD, but my DCs dont have one either.
Is there any commonality between the
servers?
-g
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Saturday, March
There's no way you should use a single admin account. You have no way to
track who did what. Managing admin accounts and their group memberships
is not difficult, certainly not as difficult as trying to figure out who
screwed something up when the audit logs all say Administrator. You
shouldn't
that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick
Sent: Thu 3/9/2006 1:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] What do you do when ooops won't work?
Can you get the server
PROTECTED] on behalf of Gil Kirkpatrick
Sent: Thu 3/9/2006 2:12 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] What do you do when ooops won't work?
Actually, I think all three of Deji's friends are on this list anyway... :)
-Original Message-
From: [EMAIL PROTECTED
The link on our page is screwed up, and so is the TechTarget search
engine. I'll post a working link as soon as I find it.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Singler
Sent: Wednesday, March 08, 2006 7:58 AM
To:
16 Steps to a Healthier and Happier Active Directory is archived here:
http://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby.j
speventid=17740sessionid=1partnerref=swsc_sitepost_02_14_06key=F2F27
A63A35B4F457FECDA9201B08DBAeventuserid=5675189
And the slides are at
Ni! Ni! Ni!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook
Sent: Wednesday, March 08, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename
Importance: Low
Dare I suggest a shrubbery? ;-)
One that looks nice.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook
Sent: Wednesday, March 08, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename
Importance: Low
Dare I suggest a shrubbery?
And not too expensive.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook
Sent: Wednesday, March 08, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename
Importance: Low
Dare I suggest a shrubbery?
PROTECTED]
Sent: Thursday, February 23, 2006 1:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] MVP mini summit at DEC 2006
Daft question maybe, but is this open to MVPs only?
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
Alym has scheduled a MVP mini summit session at the conclusion of DEC
2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of
the DEC session rooms (tbd). Drugs, booze, and loose women will
follow... or at least that's what I was led to believe. :)
Alym is swamped with another
See http://support.microsoft.com/kb/232199/.
Briefly, AD copies the security descriptor of the
AdminSDHolder object (there is one per domain) to all users, groups, and
computersthat are members of administrator groups in that domain. This
makes sure that delegated admins don't change the
After the flurry of recent hits, its now up to #3!
:)
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B.
Simon-WeidnerSent: Monday, February 20, 2006 3:50 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] admin SD
holder
Number 4 on the google query
You're correct, not many people query adminSDHolder... Most
of the queries are something like "disappearing security descriptors" or "Active
Directory what the f***"
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B.
Simon-WeidnerSent: Monday, February 20, 2006 4:12
The marketing message is finally catching up with what Stuart has been
talking about at DEC the last couple of years.
-g
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Wednesday, February 15, 2006 12:20 AM
To:
Guido and I did a DR webinar a few months back, and an associated
whitepaper... You can get the whitepaper at
http://www.netpro.com/welcome/disasterrecovery/index.cfm. The last I
looked, you had to register for it (email address, etc.)
We recorded the webinar as well. You can get to it at
That will only work on appropriately indexed
attributes.
Try \20. That would be the appropriate escaped
filter.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Olivarez, Sergio
J Mr ANOSC/FCBSSent: Tuesday, February 07, 2006 11:23
AMTo:
Adeel,
Ah, the old "best practices" question.You'll get a
lot of responses regarding the whole concept of "best practices" which will
ultimately say "it depends" :) For instance, what sort of
administrators do you have? Are they experienced, well educated in AD, reliable,
etc? What's your
net stop dns
net start dns
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Monday, February 06, 2006 4:30
PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DNS
Restart
Cannot find my notes on this
one. What is the command line to
restart DNS
Youve pretty much described ChangeAuditor from NetPro. Its
not freeware though. See http://www.netpro.com/products/changeauditor/index.cfm.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Noah Eiger
Sent: Monday, January 30, 2006
8:05 PM
To:
If a client can't find a DC in its site, it will then try to find any DC
in its domain, regardless of site, based on the weights and priorities
associated with the DCs locator records in DNS. Site link cost doesn't
enter into the process.
However, NETLOGON does use site link cost to determine the
Title: RE: [ActiveDir] OT: WMI to retrieve DHCP leases
Another tack to take is to use something like NMAP. It's a
very effective IP discovery tool. I suppose it all depends on what you mean by
"out there".
Counting objects in AD will tell you the computers have
been joined to the domain at
It would depend on the app that is interpreting the registry entry. The
registry itself doesn't automatically do parameter replacement like
that.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Thursday, January 26, 2006
But at least you're not bitter...
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd
(NIH/CC/DNA) [E]Sent: Friday, January 20, 2006 12:06 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Gauging AD
experience
In my experience, when
good
when the
GPO guys screwed up on the main account domains. The locked down EVERY
single userid to kiosk mode
Most people
mitigate this sort of risk by technical review, automating the change app
lication, and testing in a separate test forest. I can't see creating a
separate domain as a
Title: RE: [ActiveDir] Token Bloat
The fact that nothing showed up in the audit log is
disturbing. Can you modify the ACL manually and see the audit entries that
appear?
Is there possibly a group policy that is changing the
ACLs?
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
There are no .dlls that it needs outside of whats in
systerm32, but I think there are a bunch of .ldf files in \i386 that it
uses.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah
EigerSent: Thursday, January 19, 2006 12:42 PMTo:
When you say "lose their account", do you mean the computer
object in AD disappears? Or something else?
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brenda
CaseySent: Wednesday, January 18, 2006 10:42 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer
I'm not familiar with Novell's DNS implementation... I
assume it is based on BIND?
See http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/73c0ae36-8058-43d1-8809-046eb03b73fb.mspxand
Yikes, I missed that one! When did that
happen?
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robinson,
ChuckSent: Wednesday, January 18, 2006 11:09 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Gauging AD
experience
Internosis is now EMC
You might enable auditing on the appropriate OU to find out
who is doing the deleting. You need to enable AD auditing in the Domain
Controllers group policy, and then add auditing entries on the security
descriptor of the appropriate OU, e.g CN=Computers to track creation and
deletion of
Tell him he needs to go to DEC. Its where all the cool AD
people go :)
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, January 18, 2006 3:11
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
OU Delegation
Boy, I just had a
Someone needs to do a cost-benefit analysis. I would guess that 2
forests = 1.6x the operations costs more or less.
I don't know Exchange at all... isn't there some way to constrain the
policy to a subset of mailboxes?
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I heard you weren't going to make it this year. High
suckage factor.
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, January 18, 2006 4:21
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
OU Delegation
Well, if I were going
Title: Message
Let me find my rolled up newspaper...
:)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Wednesday, January 18, 2006 4:50 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer
accounts being removed
NO
NO NO NO NO BAD
Just out of curiosity, why do they think they want their own forest?
In any case, there's no way that I'm aware of to carve off a domain and
make it a new forest root... I think you'll have to create the forest
and migrate the users and resources.
ADMT would seem to be a reasonable way to go. Or
When you saved a file, it didn't overwrite the old version... You would
have files like foo.txt;1 foo.txt;2, etc. until you explicitly removed
the old versions.
-g
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent: Friday, January 13,
That's really cool. Congratulations on creating the best online forum
for AD professionals.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Friday, January 13, 2006 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: RE:
Title: Congrat Jorge !
Amazingly I blogged this a week ago (http://www.gilsblog.com/index.cfm?commentID=44 ) How did Jorge not find out till today? Don't they have
email over there? :)
Congratulations Jorge, you certainly deserve
it.
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Title: LDAPS SRV Records?
Try http://msdn.microsoft.com/library/default.asp?url="">
These are relatively new (WS2003 perhaps?) We developed our
own DNS functions over Winsock.
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernier, Brandon
(.)Sent: Friday, January 13,
, how did you find out?
Cheers,
Jorge
From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick
Sent: Fri 2006-01-13 22:34
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Congrat Jorge !
Amazingly I blogged this a week ago
(http://www.gilsblog.com
Its not Vegas the Green Valley Resort is in Henderson,
NV. :)
Nope, nothing to see here. No gambling, no shows, no fast
women. Just boring technical sessions. Move along.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich
MilburnSent: Tuesday,
I'll get right on that...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: Friday, January 06, 2006 3:22 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: DEC 2006
Almeida Pinto, Jorge de wrote:
it looks like it
Well, I'm going. But I get a free pass...
:)
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark
ParrisSent: Thursday, January 05, 2006 3:17 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: DEC
2006
Of the list how many
people are
Try ADTEST from MSFT. Along with creating an arbitrarily large AD
population, it can also generate authentication and query traffic so you
can load test DCs.
http://www.microsoft.com/downloads/details.aspx?FamilyID=4814fe3f-92ce-4
871-b8a4-99f98b3f4338DisplayLang=en
-gil
-Original
Title: Way OT: DC & Server monitoring tools
DirectoryAnalyzer from NetPro. http://www.netpro.com/products/directoryanalyzer/index.cfm.
Paid for by the Sell More NetPro Products Committee. (c)
2006 All Rights Reserved.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
I've passed your comment on to Stella. We've done nice
backpacks the last couple of years that seem to be
well-regarded.
After seeing King Kong, I now have a much greater
appreciation of the term "going ape".
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
05, 2006 3:51 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: DEC 2006
can I get a free pass?
jorge
From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick
Sent: Thu 2006-01-05 23:36
To: ActiveDir@mail.activedir.org
How about
http://www.microsoft.com/technet/itsolutions/ucs/ds/dmcnmg/default.mspx
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Tuesday, December 13, 2005 1:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
http://www.microsoft.com/technet/itsolutions/cits/mo/winsrvmg/adpog/adpog3.mspx#EZAA
recommends that you do it on an "as needed" basis, as
determined by available disk space, or after large batch delete
operations.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike
If you are talking about restricting access on a DC, you can use the
little known feature in AD called the IP Deny List. It was documented in
W2K, and still works in WS2K3. Essentially, it is a list of IP addresses
and subnets that the DC will not accept AD connections from.
You can set the IP
... what is the impact of the maintenance task?
jorge
From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick
Sent: Tue 11/29/2005 6:20 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FSMO role transfer
I'd move the FSMOs just in case something
Yes and yes.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Friday, November 18, 2005 9:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory 3rd Book
Is Robbie Allen still going to MIT for his Masters or
They certainly realize that small firms want those features, but they
will leave it to the ISV community to satisfy the need, at least for
now. There are at least a dozen third-party log collection products,
probably more, some of them very inexpensive. Or there's MSFTs own free
LogParser. ACS's
and loads of networking
opportunities.
Feel free to send your proposals to me, or submit
them through the DEC web site, www.dec2006.com/callforpapers.cfm.
And remember, be excellent to each other, and party
on, dudes.
-gil
Gil Kirkpatrick CTO, NetPro
Don''t miss the Directory Experts Confe
Were the entries dropped off the end of the file, or were
they missing from the middle? Any pattern to the entries that were
missing?
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B.
Simon-WeidnerSent: Tuesday, November 08, 2005 3:36 PMTo:
through the DEC web site, www.dec2006.com/callforpapers.cfm.
And remember, be excellent to each other, and party on, dudes.
-gil
Gil Kirkpatrick
CTO, NetPro
Don''t miss the Directory Experts Conference 2006. More information at www.dec2006.com.
:[EMAIL PROTECTED] On Behalf Of Gil
Kirkpatrick
Sent: Tuesday, November 08, 2005
7:02 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Directory
Experts Conference 2006 call for presentations
Greetings
list-members
DEC
2006 is coming up in March, and I'd like to extend this invitation
] On Behalf Of Gil
|Kirkpatrick
|Sent: Tuesday, October 18, 2005 1:56 AM
|To: ActiveDir@mail.activedir.org
|Subject: RE: [ActiveDir] Global Catalog
|
|I think it is better to describe a domain as a policy and
|administration boundary (and a replication boundary), rather
|than a weak security boundary
Hi David,
The licensing scheme is per-production-MIIS-server-processor (like
MIIS), plus a charge for each 5 management agents. Test servers, or
processors not used by MIIS aren't counted. The rest of the questions
I'll leave to others, as I suspect my opinions are biased :)
You might get more
I think it is better to describe a domain as a policy and administration
boundary (and a replication boundary), rather than a weak security
boundary. It is more precise, and IMO, given the automatic domain trusts
in a forest, there is not much of a security boundary between domains.
And given the
shameless plug
NetPro's ChangeAuditor for AD does this without requiring
auditing. The change log includes what was changed, before and after values,
when, where, and by whom.
See http://www.netpro.com/products/changemanager/
/shameless plug
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I get to be Burt Reynolds! :)
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren
Mar-EliaSent: Friday, October 14, 2005 10:33 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Knowing when
users were deleted.
Ok, now you've done it Gil :-) I guess this is
icious attack by an authenticated user L. Malicious attack by an unauthenticated user
M. Other (please specify)
Thanks for your feedback.
-gil
Gil Kirkpatrick CTO, NetPro
Don''t miss the Directory Experts Conference 2006.
More information at www.dec2006.com.
icious attack by
a service admin J. Malicious attack by a data
admin K. Malicious attack by an
authenticated user L. Malicious attack by an
unauthenticated user M. Other (please
specify)
Thanks for your
feedback.
-gil
Gil
Kirkpatrick CTO, NetPro
Don''t miss the
Directory Experts Conference 2006. More information at www.dec2006.com.
Title: Most common cause of Active Directory "failures"?
We usually do a big "State of the AD World" survey at DEC,
and certainly will again in Vegas (assuming there are some people left in the
room who haven't already headed out to the casino. :)
I needed some
answers sooner than later for
t;?
Start a blog? :)
Since that takes some time to get traffic, perhaps joe would be willing to
post your survey on his blog? I imagine hegets some good traffic to his
blog.
Phil
On 10/10/05, Gil
Kirkpatrick [EMAIL PROTECTED]
wrote:
We usually
do a big "State of the AD World
Much of AD's heritage lies in the old Exchange directory, which was
ESE-based.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Saturday, October 08, 2005 8:38 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Adding custom
As you mentioned, this topic has been debated frequently on this list.
Running other services on a DC raises the hackles on the back of my
neck, and I expect that most on the list will have similar reactions.
And you've listed most of the reasons why the proposed deployment would
be a bad idea.
Title: Anyone ever run into this problem?
I haven't seen this myself, and I was curious if anyone else had.
http://support.microsoft.com/default.aspx?scid=kb;en-us;898613
-gil
Gil Kirkpatrick
CTO, NetPro
Don''t miss the Directory Experts Conference 2006. More information
1 - 100 of 396 matches
Mail list logo