. Malicious attack by an authenticated user
L. Malicious attack by an unauthenticated user
M. Other (please specify)
Thanks for your feedback.
-gil
Gil Kirkpatrick
CTO, NetPro
Don''t miss the Directory Experts Conference 2006. More information at www.dec2006.com.
You don't need to move DNS per se, but you do need to start the DNS
service on at least one other DC in the domain.
It sounds like your clients are trying to use the bad DC as a DNS
resolver. You'll need to fix their IP configuration to use another
resolver. You should be able to do that through
Hey Chuck,
Having been down this road several times, both with eDir/NDS apps an AD
apps, I can say positively that the service should not try to modify the
schema itself. The schema extension can be provided as an optional part
of the install process, but it also must be provided as an LDIF
See, for instance, the demo Guido did in the security
workshop with Sanjay at DEC last year.
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Hutchins,
MikeSent: Thursday, September 22, 2005 11:37 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Domain
Yes, untrusted admin + DC logon access = no more security.
If you're trying to lock him down, then you can't give him access to the
DC. Can you give him a member server for the file shares and just
delegate the password administraion on the OU?
-g
-Original Message-
From: [EMAIL
Do you have sites and subnets defined, or is everything in the Default
First Site?
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb
Sent: Monday, August 15, 2005 11:28 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Question on
That usually works with no problems...
-gil
From: [EMAIL PROTECTED] on behalf of Your Name
Sent: Wed 7/27/2005 7:02 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Demoted DC Lives On
Hello:
A few weeks ago, I demoted a DC at one of our sites. The
Anything in the System our Security logs on the WS2K3 server?
Is it possible that the WS2K3 box is using 128-bit encryption and the NT4 box
is using 64-bit encryption?
From: [EMAIL PROTECTED] on behalf of Mark Parris
Sent: Sat 7/2/2005 3:15 AM
To:
This sort of error happens when the user you are provisioning doesn't meet all
the policy requirements in AD. Make sure all the required attributes are set
properly, and make sure that the password assigned to the user object meets the
current domain complexity requirements.
-gil
will add a domain in
the future, then you should not put the infrastructure master on a GC. You'll
almost certainly forget to move it when you add the new domain
:)
-gil
Gil Kirkpatrick
CTO, NetPro "To fly, flip away backhanded.
Flat flip flies straight. Tilted flip curves. Experiment!&quo
Jose, Jose, Jose
1) It's the University of California, not University of Berkely. Yes,
Cal is located in Berkeley, CA and we do have several small extension
campuses in Los Angeles (UCLA), Santa Barabara (UCSB), San Diego (UCSD),
etc. However, there is only one University of California.
2)
,
Regards,
Jose Medeiros
-
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Gil Kirkpatrick
Sent: Thursday, May 05, 2005 3:23 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS vs. Hosts File
Just set the time source for the PDC role owner DC to point to the member
server, and set the time source for the member server to the outside time
source.
From: [EMAIL PROTECTED] on behalf of Peter Jessop
Sent: Tue 4/26/2005 1:32 AM
To:
Running DCDIAG on both DCs would be a good start.
From: [EMAIL PROTECTED] on behalf of Danny
Sent: Sat 4/23/2005 7:06 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to verify successful installation of additional DC
How can I verify successful
I believe the WKGUID= format is only decoded by ADSI, not LDAP. You need
to specify the correct DN of the deleted object. Items in the deleted
objects container have DNs of the form CN=original
cn\0ADEL:f3c336a8-0652-47c9-8965-aa3ec83a998e,CN=Deleted
Objects,DC=yourdomain,DC=com. The guid segment
Authentication Topology by Gil Kirkpatrick
* http://www.windowsitpro.com/Windows/Article/ArticleID/40718/40718.html
Designing for DC Failover by Sean Deuby
Autositecoverage only works for DC-less sites. So yes, it behaves
differently for situation 1 (autositecoverage will occur) and 2
Debug build?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: Thursday, March 31, 2005 1:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] 2003 SP1 RTM
Nothing in particular - every process usage appears to be
Title: Storing dates in AD
The purist in me says use the pwdLastSet form... it avoids
the 2038 "problem", such as it is. And in general its better to limit the number
of different representations for a particular data type. I don't think MS uses
time_t in the directory anywhere.
From:
:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 28, 2005 3:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Storing dates in AD
Depends on the domain of the date values, and how they are used. If the dates
will be passed along to other X.500/LDAP type directories
Title: Storing dates in AD
Depends on the domain of the date values, and how they are
used. If the dates will be passed along to other X.500/LDAP type directories,
you probably should use the Generalized Time syntax (2.5.5.11). If the dates are
manipulated programmatically, use the long
Is there a good reason to NOT let the KCC pick the BH for
you automatically? That way you get some failover if it craps out for some
reason. Otherwise you'll have to watch the DC constantly to reset the BH to make
sure replication continues to work. In Windows 2003, the KCC is pretty good
1) Are the DCs all in the same domain? Obviously you need a DC in the
same domain as the clients.
2) Are the DCs in Site B and C GCs? You need a GC to log on.
3) Can the Site A clients resolve DNS names if both DCs in Site A are
down? Clients locate DCs through DNS; no DNS, no logon.
4) Are there
Never expect less from joe! :)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook
Sent: Tuesday, March 22, 2005 10:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Have fun at DEC
Did you really expect anything less from joe?
Wook
Replied offline
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Tuesday, March 22, 2005 4:18 PM
To: ActiveDir (E-mail)
Subject: [ActiveDir] OT:strange favor
Hi all. I've posted on this list alot and I know the fears about
disclosing
Thanks for all the good words. I haven't ground up the session evals yet, but
my informal polling indicates that overall, this DEC came off quite well.
High points (not from me, but summarized from attendee comments I heard)
1) Most of the sessions were well done, with one or perhaps two
Rick's comments are spot-on. Trust is a gradient thing, not
binary. You trust people *up to a point*. Where that point is depends on you,
your admins, and your environment. Unfortunately, delegation of administrative
rights isn't a gradient thing... you get rights in great clumps. Once
Title: Message
Who monitor's the admins? That's an organizational problem,
not an administrative one. Somewhere in the organizational hierarchy someone is
sufficiently trusted and endowed with enough responsibility to carry out that
task. Someone who is trusted as an EA perhaps? The CIO (I
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, March 02, 2005 5:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DEC questions
Come on Phil, why not start on the 17th?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Title: Message
I'm going to have to print this one out and frame it. Not
only does joe agree with me (a rare occurance in itself), but his _entire post_
consists of one word. I think we are witnessing an historic event. Someone
search the archives and find out if that has ever happened
Title: Message
with me only like 5'1 and 115
lbs
:-0
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joeSent: Wednesday, March 09, 2005 11:51
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Problem: Limit Domain Admins and Administrators
LOL. Man do I have a
When you say "register to receive changes", do you mean as
in a persistent LDAP search?Or you refering to some other
mechanism?
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Isenhour,
JosephSent: Wednesday, March 09, 2005 1:21 PMTo:
Aww, Deji... you spoiled my fun!
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, March 09, 2005 4:29
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Files from Windows 2000 Server ResKit
Justin,
I am tempted to patch a
://www.microsoft.com/resources/documentation/WindowsServ/2003/all/te
chref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/al
l/techref/en-us/W2K3TR_repto_how.asp for details
-gil
Gil Kirkpatrick
CTO, NetPro
To fly, flip away backhanded. Flat flip flies straight. Tilted flip
curves. Experiment
:
http://www.microsoft.com/WindowsServer2003/techinfo/overview/adsmallbiz.
mspx is a pretty good overview.
This document describes Active Directory's LDAP compliance:
http://download.microsoft.com/download/d/c/8/dc83e0b8-fc2c-4af4-bd27-45b
5963ad98d/AD%20LDAP%20Compliance.doc.
-gil
Gil Kirkpatrick
CTO
connection objects in
a more timely fashion?
Thanks again,
Shawn Hayes
Gil Kirkpatrick [EMAIL PROTECTED] 03/07/05 11:38AM
The KCC runs by default every 15 minutes, but there is another parameter
that controls how long a DC has to be unavailable to be dropped from the
topology.
For intersite topology
Aww, man... How come my book isn't up there?
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP
Hey now... Don't forget
and LDAP
The one that's out of print?
http://www.amazon.com/gp/product/product-description/0672315874/103-8355
416-0173405?_encoding=UTF8n=283155
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir
someone who
wants to use kerberos and you point them at the MIT dist.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory
) It is
like someone who wants to use kerberos and you point them at the MIT
dist.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
Kirkpatrick
Sent: Monday, March 07, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE
Doesn't the ability to install a printer mean they have the
rights to install a device driver? I think that means they have to have local
administrator rights.
And if they have the ability to install a driver, they own
the server anyway :)
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL
got on the
shelf.
Active Directory Programming by Gil Kirkpatrick
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 11:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory
Why wouldn't objectGuid be appropriate? AD generates the objectGuid
attribute using UuidCreate() (or some variation) that is guaranteed with
reasonable certainty to generate values that are unique across all
machines, not just DCs in the forest. If you need a globally unique,
immutable identifer,
PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Friday, March 04, 2005 1:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP and related Exchange question
Why wouldn't objectGuid be appropriate? AD generates the objectGuid
attribute using UuidCreate() (or some variation
WHAT? I never heard of that!
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, March 04, 2005 2:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Creating a backlink and forwardlink
Small correction, you will register
ot; in DNS.
You didn't indicate what your domain situation was... make
sure that the clients in the DC-less site authenticate to domains that have DCs
located in the covering site. Otherwise the clients will start authenticating
over the WAN.
-gil
Gil
Kirkpatrick CTO,
NetPro "To
fly, flip
Title: Message
Not true. The site will remain, and there will be no DCs in
the site. The DCs in the nearest site will cover the DC-less site by publishing
additional SRV records in DNS.
-gil
Gil Kirkpatrick
CTO, NetPro "To fly, flip away backhanded.
Flat flip flies straight. Tilted
PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Tuesday, March 01, 2005 11:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DEC questions
To answer Ken's quesiton directly, DEC is the Directory Experts
Conference that NetPro sponsors along with Microsoft and others. It is a
technology
To answer Ken's quesiton directly, DEC is the Directory Experts
Conference that NetPro sponsors along with Microsoft and others. It is a
technology conference focused entirely on AD and intimately related
technologies like DNS, ADFS, etc.
The presenters are about a third/a third/a third
Programming as taught by Catholic nuns! Father Djykstra and Sister Grace
(Murray Hopper)! What a great concept. It ould be a sitcom. Or even
beter a reality show (that way you don't have to pay those expensive
script writers).
-gil
-Original Message-
From: [EMAIL PROTECTED]
Jesse Sutela from HP will be doing a session at the Directory Experts
Conference in Vancouver that covers this scenario in great detail. He's on this
list occassionally...
-gil
From: [EMAIL PROTECTED] on behalf of Chris Gauch
Sent: Sun 2/27/2005 5:14 PM
To:
I wouldn't give those rights to a group... Just one or two people in the
group, and only after proper vetting. Vetting would include the usual
background checks and good corporate citizen-type evaluations, as well
as AD technical knowledge.
Would you want them fixing an AD disaster in the middle
ata useful?
Was the product easy to figure out?
-gil
Gil Kirkpatrick
CTO, NetPro
"To fly,
flip away backhanded. Flat flip flies straight. Tilted flip curves.
Experiment!"
Have you installed SQL Reporting Services? It's a separate install.
See
http://www.microsoft.com/technet/prodtechnol/mom/mom2005/deploy/ch5/depl
oy_reporting1.mspx for other installation issues.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
@mail.activedir.orgSubject: RE: [ActiveDir] Anyone use
Server Performance Analyzer?
"To fly,
flip away backhanded. Flat flip flies straight. Tilted flip curves. Experiment!"
Frisbee?
-Original
Message-----From: Gil
Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 22,
2005 3:20
PMTo:
: [ActiveDir] Anyone use Server
Performance Analyzer?
Has anyone on the list used SPA to evaluate DC performance? If so, what
were your impressions? Was the data useful? Was the product easy to figure
out?
-gil
Gil Kirkpatrick CTO, NetPro "To fly, flip away backhanded. Flat flip flies
str
impressions? Was the data useful?
Was the product easy to figure out?
-gil
Gil Kirkpatrick
CTO, NetPro
"To fly,
flip away backhanded. Flat flip flies straight. Tilted flip curves.
Experiment!"
Title: Message
Can't be done. Domain admins own the domain (and can own
the forest if they're persistent about it). You can make it perhaps a little
inconvenient for them to add users, but you can prevent them from doing
it.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Title: Message
Yikes! How'd that happen? Must be one of those complicated
computer things...
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Hutchins,
MikeSent: Tuesday, February 22, 2005 1:37 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Is it possible ?
Title: Message
My next post will be regarding the Windows Server 2003
Beta...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Tuesday, February 22, 2005 1:29 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Is it possible ?
deny domain admins create new
Title: Disabling Inactive Users
AFAIK there's no GPO setting to do this. Most people run a
script periodically or use a 3rd part tool like Javelina.
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rogers,
JamesSent: Tuesday, February 22, 2005 1:56 PMTo:
Title: Disabling Inactive Users
Has anyone on the list used SPA to evaluate DC performance? If so, what
were your impressions? Was the data useful? Was the product easy to figure
out?
-gil
Gil Kirkpatrick CTO, NetPro "To fly, flip away backhanded. Flat flip flies
straight. Tilted
Title: Account policies and groups
No, group membership does not determine what policies get
applied. If they did, they would be called "OU policies", wouldn't they?
:)
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim
SuttonSent: Thursday, February 17, 2005 7:27
ADSI is so lame.
Try escaping the slash in the DN with "\2f", e.g.
"cn=foo\2fbar,cn=user,dc=domain,dc=com". If this is C or some variant, don't
forget to escape the backslash itself.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo,
LarrySent: Wednesday,
Replace the forward slash with "\2f"
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean
WellsSent: Wednesday, February 16, 2005 1:03 PMTo: Send -
AD mailing listSubject: RE: [ActiveDir] LDAP query
question
Initial thought - string substitution, escape it with
Domain-member computers are security principals in Windows networks, which
means they have names in Active Directory, and authenticate to Active Directory
when they boot up.
-gil
From: [EMAIL PROTECTED] on behalf of Grumpy Nounet
Sent: Mon 2/14/2005 8:24 AM
.
Is it that no one but Jorge is going to DEC or is it that no one but Jorge
knows who I am?
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Friday, February 04, 2005 6:57 PM
To: ActiveDir@mail.activedir.org
Subject: RE
Sounds like a great DEC topic to me. And joe says he can't think of anything to
present ;)
-gil
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles
Sent: Wednesday, February 09, 2005 10:31 AM
To: 'ActiveDir@mail.activedir.org'
Subject:
From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick
Sent: Wed 2/9/2005 9:42 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Remote Assistance
Sounds like a great DEC topic to me. And joe says he can't think of anything
to present ;)
-gil
-Original Message
I could imagine a problemwith cache consistency if
the volumewas being accessed while the defrag was
running...
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick
KingslanSent: Tuesday, February 08, 2005 10:12 PMTo:
ActiveDir@mail.activedir.orgSubject: RE:
I doubt that the task scheduler can run a shortcut... Shortcuts are a
shell function. Can you run the .exe directly from the scheduler instead
of running the shortcut?
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday,
share.
- Original Message -
From: Gil Kirkpatrick [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Monday, February 07, 2005 2:48 PM
Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in
conjunction with task manager
I doubt that the task scheduler can run
AD can't be shut down per se; in fact, if AD crashes for some reason, it
will shut down the machine automatically.
Run your app on your workstation or on another server, then pull the
wire.
-gil
Gil Kirpkatrick
CTO, NetPro
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I feel so rejected.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, February 04, 2005 4:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada
Hmmm. Listen to the roar of
', and then click
Next.
Click 'Network adapters', and then click Next.
In the Manufacturers box, click 'Microsoft'.
In the Network Adapter box, click 'Microsoft Loopback Adapter', and then
click Next.
Click Finish.
-gil
Gil
Kirkpatrick
CTO,
NetPro
From: [EMAIL PROTECTED]
[mailto:[EMAIL
The IEEE-standard response to questions such as Why don't they do this
or that??? is:
Whadaya want for nothin'?
I still think a session on the tools and creative ways to use them (how
to use adfind to clean a clogged sink for instance) would be a fine DEC
topic. But in any case, you should
All the MSFT guys have indicated that Whistler is the place to go. I'll
see if we can set up something for right after the conference.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fuller, Stuart
Sent: Monday, January 31, 2005 9:23 AM
To:
Try this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;315071sd=tech
-gil
Gil Kirkpatrick
CTO, NetPro
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jerry
WelchSent: Tuesday, January 25, 2005 12:03 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD
I agree with Aric... I don't think creating a new domain and adding DCs
is going to resolve the end-point mapper error.
Some questions you might want to consider:
What's that patch level on the DCs?
Do you have AV-software running on the DCs?
Anything interesting in the event logs?
Does
It was called MACS, now called ACS, Audit Collection Services. It should
ship with or be available with R2. I don't think the Beta is open at
this time.
-gil
Gil Kirkpatrick
CTO, NetPro
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd
(NIH
Title: Message
David,
As with most things, its acost/benefit question.
Managing an additional forestadds non-trivial costs tothe equation,
but provides the security it seems you are looking
for.
There's a interesting paper on risk analysis at http://www-2.cs.cmu.edu/~shawnb/SREIS.pdf.It
Separate forests should be well protected from each other, with the
possible exception of the SID History exploit, which is prevented by
enabling SID filtering, which I think is on by default now.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Hear, hear!
-gil
From: [EMAIL PROTECTED] on behalf of Deji Akomolafe
Sent: Thu 1/6/2005 8:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Forest trusts vs trusts within forests
by using selective authentication (SA).
Which, in order words,
DNS name resolution?
IP connectivity to DC?
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin
A.Sent: Thursday, December 30, 2004 9:31 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] GPO
Processing
I keep getting these errors on my
Windows XP
in an environment with more than just AD.
But it is a great tool for keeping tabs on AD. I'd definitely recommend
taking a look at it.
Phil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, December 20, 2004 12:19 PM
To: ActiveDir
Title: RE: [ActiveDir] Change Control Systems
Now there's a picture I just didn't need to have in my head
:-0
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert
RutherfordSent: Monday, December 20, 2004 4:05 PMTo:
ActiveDir@mail.activedir.orgSubject: RE:
CVS is prety much the industry standard open source source code control server.
CVSNT is the best version for Windows that I'm aware of; see
http://www.cvsnt.com/. There are a couple of Windows clients available; WinCVS
is the one I use. Its on SourceForge at
Title: Account name as Common Name
NetStumbler
http://www.netstumbler.com/downloads/
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas M.
LongSent: Thursday, December 09, 2004 11:16 PMTo:
[EMAIL PROTECTED]Subject: OT: wireless AP
scanner
Does anyone know of
Title: [ActiveDir] Black Login Screen
ADTEST I believe logs LDAP response times, but its been
awhile.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Centenni,
JasonSent: Tuesday, December 07, 2004 7:14 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Capacity
Netpro encompass this in another of their apps?
Thanks,
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: 06 December 2004 17:51
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Stress testing and performance analysis of
domain
?
Thanks,
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: 06 December 2004 17:51
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Stress testing and performance analysis of
domain
controllers
See
http://www.microsoft.com/resources
Tom, Bob,
Deji will be covering Exchange security and how it relates to AD
security at DEC 2005 in Vancouver.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Tuesday, December 07, 2004 10:10 PM
To: [EMAIL PROTECTED]
Subject: RE:
pleased.
-gil
Gil Kirkpatrick
CTO, NetPro
To fly, flip away backhanded. Flat flip flies straight. Tilted flip
curves. Experiment!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent: Monday, December 06, 2004 10:34 AM
To: [EMAIL PROTECTED
LSASS.EXE is built with the /LARGEADDRESSAWARE switch, and is capable of
using the additional memory to cache the DIT.
excerpt from dumpbin /all of lsass.exe
FILE HEADER VALUES
14C machine (x86)
3 number of sections
3E7FFFBA time date stamp Tue Mar 25 00:05:30
Definitely, putting DIT and logs on separate spindles is a no-brainer
and guaranteed to improve things.
Gil I agree with everything Al has ever said Kirkpatrick
CTO, NetPro
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday,
which in our environment seem to be the most
critical components. Our DIT is ~1 GB.
Diane
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, December 06, 2004 10:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Stress testing
I've run into similar problems with termserv if the screensaver is
enabled on the host machine.
-gil
Gil Kirkpatrick
CTO, NetPro
To fly, flip away backhanded. Flat flip flies straight. Tilted flip
curves. Experiment!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
MVPs: email at mailto:[EMAIL PROTECTED] if your management needs
some convincing.
Hope to see you there,
-gil
Gil Kirkpatrick
CTO, NetPro
Author of Active Directory Programming
DEC founder and facilitator
List info : http://www.activedir.org/mail_list.htm
List FAQ: http
Microsoft Identity Integration Server. It is Microsoft's metadirectory product,
formerly named MMS.
-gil
From: [EMAIL PROTECTED] on behalf of Steve Schofield
Sent: Fri 11/5/2004 3:02 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD OpenLDAP
There are
Title: Message
Ew. Too much information!
That picture is going to be stuck in my head for the rest
of the day.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert
RutherfordSent: Thursday, October 28, 2004 4:03 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir]
the Schema Master Role?
You forgot, comes with rubber chicken to beat Admins who change FSMO roles without
telling AD Admin...
Hehe
Todd
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 27, 2004 2:27 PM
To: [EMAIL PROTECTED]
Subject: RE
101 - 200 of 396 matches
Mail list logo