Were you pinging the IP or the host name? Are the DC host names resolving
properly through DNS?
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 1:41 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] ADS Replication Through Satellite
See
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/ad/windows2000/plan/addeladm.asp?frame=true. It pretty much spells out
what delegation, autonomy, and security requirements can be addressed by
OUs, domains, trees, and forests.
-gil
-Original Message-
This is all doable through the AD access control mechanisms and security
policies. The AD Delegation of Control Wizard is included with the W2K
distribution and can help with some of this. You might also look at third
party delegation products such as Quest ActiveRoles or FAZAM from FullArmor.
here
on out.
Good day!
-alan
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 05, 2003 1:15 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Add attributes or use existing
ExtensionAttribute s ?
Hi David,
My $.02, I would go ahead
Hey Todd,
I wrote an article in the March 2003 Windows .NET mag that discusses how
to control authentication traffic in this kind of scenario... it may help as
well.
-gil
-Original Message-
From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 05, 2003 8:24 AM
Sometimes the simplest solutions are the best... :)
-gil
-Original Message-
From: Burns, Clyde [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 10:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Creating Mailbox in Ex2000
Ran into the same issue when automating account
Hi David,
My $.02, I would go ahead and extend the schema in all cases. There's too
much risk of different applications attempting to use the extension
attributes for different purposes. The cost of extending the schema is low,
you just need to make sure that when you extend it that the extension
What's the error?
-Original Message-
From: Mirochnik, John [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 12:07 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Creating Mailbox in Ex2000
I'm trying to create a mailbox in Ex2000 by populating the following
attributes in AD:
Title: Message
I'll
be there ... someone's got to squawk the chicken!
-gil
-Original Message-From: Sullivan, Kevin
[mailto:[EMAIL PROTECTED] Sent: Saturday, March 01, 2003 11:00
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir]
OT: DEC
So just curious but who is going
in Office B is ~250
There are a mix of 9x, 2000 and XP client, most are 2000. The
symptoms show across all clients
I'm not sure about the bandwidth
It's a native Win2k domain.
Hope this fills thing out.
-Original Message-
From: Gil Kirkpatrick [mailto
. Seielstad - MCSE
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Monday, March 03, 2003 2:54 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] AD Design Guidance
Hi Roger,
How do the DC records get scavenged
. Systems Administrator
Inovis Inc.
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Monday, March 03, 2003 2:54 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] AD Design Guidance
Hi Roger,
How do the DC records get scavenged? NETLOGON refreshes them
, most are 2000. The symptoms show
across all clients
I'm not sure about the bandwidth
It's a native Win2k domain.
Hope this fills thing out.
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Friday, February 28, 2003 2:24 PM
To: '[EMAIL PROTECTED]'
Subject: RE
Title: Message
This
is probably a misfeature of LDP.
AD
presents timestamps through the LDAP interface as defined by RFC 2252 section
6.14 "Generalized Time". The RFC defers to the ITU definition in X.208, which
was superceded by X.680. Note thatActive Directory includes a decimal and
Ms-DS-machineAccountQuota is an optional attribute of the samDomain class,
which is an auxillary class that is attached to the domainDNS class.
-Original Message-
From: Greg Felzer [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 27, 2003 7:40 AM
To: [EMAIL PROTECTED]
Subject: RE:
Yep. Its just you. Everyone else sees it just fine. Maybe you need glasses.
:)
-gil
-Original Message-
From: Steve Lithgow [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 26, 2003 8:57 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] IE Maintenance Policy not available on XP ??
is the empty root worth the additional administrative overhead? YMMV, but
I would suggest that a smaller organization would be better off with a
single domain and stronger physical access control on the DCs.
-gil
Gil Kirkpatrick
CTO, NetPro
Author of Active Directory Programming from MacMillann
The next
Hi Cliff,
There are two pros that I am aware of...
1. In the case of radical naming hierarchy surgery, e.g., acquisition of
another company, it provides a convenient place to merge in the new domains.
2. Enhanced security for the Enterprise Admins and Schema Admins groups is
often claimed, but
Zone - www.microsoft.com/windowsxp/expertzone
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Gil
Kirkpatrick
Sent: Monday, February 17, 2003 11:47 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Resolving a GUID
Hi Rick,
Apologies
Alex,
As a general rule, schema changes aren't undoable, although there are few
trivial things that are. What are you trying to accomplish?
WRT the unwilling to perform message, you have to make the changes on the DC
that holds the Schema FSMO role, and you have specifically enable schema
Title: Message
FWIW,
that's not an AD schema tool. Its a Commerce Server schema tool. Unless
something really wild has been going with Commerce Server, they aren't at all
the same thing.
-gil
-Original Message-From: Carlos Magalhaes
[mailto:[EMAIL PROTECTED]] Sent:
Title: Message
Hey
John,
That
checkbox is a representation of the inheriteance flags thatare associated
with each access control entry (ACE), i.e with each specific permission granted
or denied in the ACL.
There
are five flags in the mask that define how each ACE is
inherited:
0x01
Title: Message
Without getting too granular, read access to the Config NC (to discover
topology) and to each of the domainDNS objects (to get repl metadata) in the
forest should be sufficient.
-gil
-Original MessageFrom:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent:
The KCC generates a separate GC replication topology based on the usual
connection objects.
-gil
-Original Message-
From: Reva S [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 22, 2003 11:26 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Global Catalog replication
Hello,
I
1. No.
2. Not sure.
3. I believe that it publishes database location information.
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 22, 2003 12:50 PM
To: ActiveDir (E-mail)
Subject: [ActiveDir] OT: SQL 2000
Does SQL 2000 require the
Its binding to a DC in the domain of the current security context, probably
something in the root domain? So you're getting the domainDNS object from a
replica of the root domain NC, and there are no subordinate objects in that
NC. If you specify the DN of the object you *really* want to bind to,
Common sense tidbit #1: Security... A DC contains the keys to the kingdom,
and reducing the applications running on a DC reduces the surface area
exposed to attack.
-gil
-Original Message-
From: Neceda,Thomas W - LGCRP [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 21, 2003 1:20 PM
Title: Message
Rafael,
If you
could post the complete schema definition for your new class it would help. Some
things to look at:
If
your new class is derived from something other than "top", there may be
additional mandatory attributes.
What
did you define for "possSuperiors" and
Roger,
Wouldn't it be possible to make the CN of the user object a 10 character
name and the sAMAccountName and/or UPN the longer form? That way the
LDAP-based app can authenticate using the user DN (which is what it will do
if it does an LDAP simple bind), and the users can login using the
in
attending, watch this space; I'll post the official conference annoucement
to the list as soon as its released.
Thanks,
-gil
Gil Kirkpatrick
CTO, NetPro
Author of Active Directory Programming from MacMillan
List info : http://www.activedir.org/mail_list.htm
List FAQ: http
There are several identifiers W2K can use to authenticate a user:
The GUID of the user object
The SID of the user object
The sAMAccountName attribute of the user object (possibly qualified by the
NT4 domain name)
The DN of the user object (equivalently expressed as a canonical name)
The
Hey Roger,
Say more about expanding certain groups... that's one I was unaware of.
And also, don't GC create some additional indices that DCs don't normally
have?
-gil
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 07, 2003 8:50 AM
To:
? There's no replication hit for it...
--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]]
Sent: Tuesday
Try attributeSchema. Also make sure you are running this on the schema
master and that schema updates are enabled.
-gil
-Original Message-
From: John Shukovsky [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 07, 2003 11:39 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Extend AD
Title: Message
The
more reliable method is to run NTDSUTIL and select the "Clean metadata" (similar
option). That ensures you get all the orphaned bits out of the
directory.
-gil
-Original Message-From: Craig Cerino
[mailto:[EMAIL PROTECTED]] Sent: Thursday, January 02,
Controler from AD
Do
Youthink Q216498 or similarfrom MS KB
THX
Z.
-Original Message-From: Gil Kirkpatrick
[mailto:[EMAIL PROTECTED]]Sent: Thursday, January 02, 2003 5:45
PMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Remove second Domain Controler from AD
Sounds like a DNS problem. The permissions message is a canard; the
interesting point is that the domain cannot be contacted.
Check the DNS config on the DC (make sure its resolver is the one you think
it is), check the SRV records in DNS for the domain in question (DCDIAG),
and flush the cache
Title: Message
Like
the infamous "all my DCs just start rebooting themselves every 15 minutes"
problem? ;-)
-gil
-Original Message-From: Tim Hines
[mailto:[EMAIL PROTECTED]] Sent: Friday, December 27, 2002
10:35 AMTo: [EMAIL PROTECTED]Subject: Re:
[ActiveDir] Hardening
Title: Message
I'd
look in the usual places:
Startup folders
Explorer\Run
Windows\load
-Original Message-From: Amit Zinman
[mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002
8:35 AMTo: ActiveDir Mailing ListSubject: [ActiveDir]
Strange probem with SecEdit
Title: Message
Auto
discovery of what?
-Original Message-From: PALETTO Paolo
[mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10,
2002 5:23 PMTo: [EMAIL PROTECTED]Subject:
[ActiveDir] Auto discovery Active Directory Configuration
Hi, is possible
run auto discovery
Guido, you're an ACL stud!
-g
-Original Message-
From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 9:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] which W2K groups does the 5000 limit apply to?
One more Bonus to add to
Hey Luis,
It sort of depends on the scale of your environment. If you are running a
handful of servers, you could use VBScript and WMI to do this pretty easily.
There are several scripting books around; I'm sure someone can recommend
one. There are also some shareware products that do this sort
Naval,
There are several mechanisms for getting change information from the
directory. See
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/p
olling_for_changes_using_the_dirsync_control.asp
Each mechanism has its advantages and disadvantages; the docs do a
reasonable
AD is part of the local security authority (LSA), which runs as LSASS.EXE.
You can't just shut down the LSA though, and if the LSA crashes for some
reason, it will then shut down the DC. So the final result is that you can't
just shut down AD and keep the server running.
-gil
-Original
First question re: schema change. You need to enable schema changes by
fiddling the registry on the Schema master
HKLM/SYSTEM/CCS/Services/NTDS/Parameters/Schema Update Allowed. It is a
DWORD, and you should set it to 1 to enable schmea updates. You can do the
same thing using the schema MMC, but
Title: Message
We've
used it and it has been problematic. I'll ask one of our developers to pass on
the issues we ran into.
-gil
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 13, 2002 6:50 AMTo:
[EMAIL PROTECTED]Subject:
The schema is contained in the directory in
CN=Schema,CN=Configuration,DC=your root domain. It is stored with one
object for each class and one object for each attribute. Ous are hidden by
denying read access (and/or list access in the Ous parent). To unhide them
you need to have sufficient access
Monitoring AD is critical. Note that my company (NetPro) develops and sells
monitoring and troubleshooting products specifically for AD, so I have an
admittedly biased viewpoint. But Stuart Kwan (GPM for AD at Microsoft), at
the last Directory Experts conference stated that monitoring is a
Title: Message
I
can't imagine how one could make such a recommendation without at least taking
into account the DC h/w characteristics and the network
characteristics.
-Original Message-From: Myrick, Todd
(NIH/CIT) [mailto:[EMAIL PROTECTED]] Sent: Thursday, November
07,
I've seen this problem when the reg entry for the perf counter DLL points to
a DLL that doesn't exist or is somehow broken.
-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org]
Sent: Thursday, November 07, 2002 2:27 PM
To: '[EMAIL PROTECTED]'
Subject: RE:
. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA
-Original Message-
From: Gil Kirkpatrick [mailto:gilk;netpro.com]
Sent: Tuesday, October 29, 2002 2:11 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Sites with no DC
But NETLOGON does
How much overhead does leaving it up to the locator incur?
Ken
-Original Message-
From: Gil Kirkpatrick [mailto:gilk;netpro.com]
Sent: Wednesday, October 23, 2002 4:37 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Sites with no DC
Hey
You can delete them, but because the DCs publish them, they might very well
reappear. You should figure why they got there and verify that the source of
the problem has been addressed. Nothing more frustrating than deleting a
bunch of objects just to have them reappear an hour later ;)
Possible
There is a whitepaper from Lucent that describes how to restrict enterprise
admins from domain access at
http://www.lucent.com/livelink/161922_Whitepaper.pdf Is that what you are
tring to do?
-gil
-Original Message-
From: Lori Demkovich [mailto:LDemkovich;infosysinc.com]
Sent: Tuesday,
necessarily authenticate to the closeest site. It just
doesn't happen.
--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA
-Original Message-
From: Gil Kirkpatrick [mailto:gilk
Just curious, but why?
-gil
-Original Message-
From: Linton Smith (WBTQ) [mailto:GWLLES;Weston.ca]
Sent: Tuesday, October 29, 2002 11:13 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Manual Replication
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechn
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q309273
Dave
-Original Message-
From: Gil Kirkpatrick [mailto:gilk;netpro.com]
Sent: Tuesday, October 29, 2002 11:34 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Clients being logged on by DCs at other sites
You can
I'm interested too, if you could either post it or email it to me, that
would be great.
-gil
-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net]
Sent: Friday, October 25, 2002 10:43 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2
I'd be interested - Yes, please
: Garello, Kenneth [mailto:KGarello;worcester.edu]
Sent: Wednesday, October 23, 2002 5:07 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Sites with no DC
How much overhead does leaving it up to the locator incur?
Ken
-Original Message-
From: Gil Kirkpatrick [mailto:gilk
some time ago to figure something else out.
It's a good resource. Thanks for reminding me, Tony !
Dave
-Original Message-
From: Gil Kirkpatrick [mailto:gilk;netpro.com]
Sent: Thursday, October 24, 2002 2:17 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] LDAP referral during subtree
]
Sent: Wednesday, October 23, 2002 5:07 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Sites with no DC
How much overhead does leaving it up to the locator incur?
Ken
-Original Message-
From: Gil Kirkpatrick [mailto:gilk;netpro.com]
Sent
for now.
Thanks for your insight - very helpful, as always :)
Dave
-Original Message-
From: Gil Kirkpatrick [mailto:gilk;netpro.com]
Sent: Tuesday, October 22, 2002 6:28 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] LDAP referral during subtree search
David,
Yeah, if the app
Title: Message
Hey
Don,
Is
this your first post to the list? If so, welcome.
To
answer your question, no you don't have to create a site for each subnet. You
can associate multiple subnets with a single site. Or you can leavethe
subnets unassigned, and the DC locator will do its best to
David,
Not quite correct...
From a logical perspective, your tree has a root NC (DC=XYZ,DC=com) and that
NC contains a subordinate config NC (CN=Configuration,DC=XYZ,DC=com), which
itself contains a subordinate schema NC
(CN=Schema,CN=Configuration,DC=XYZ,DC=com).
When you search the root
there's no issue
of duplicate RDNs to be concerned with...
Dave
-Original Message-
From: Gil Kirkpatrick [mailto:gilk;netpro.com]
Sent: Tuesday, October 22, 2002 5:46 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] LDAP referral during subtree search
David,
Not quite correct...
From
;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Gil Kirkpatrick
Sent: Friday, October 18, 2002 16:53
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Anyone attending IT Forum in Copenhagen?
Are there any people on the list planning to attend IT Forum
Paul,
Well, not entirely true. The naming structure in AD is LDAP/X.500, so
objects have unique DNs, and you can have duplicate RDNs in different
containers just like a descent[sic] directory.
User accounts, machine accounts, and groups (collectively security
principals) have an additional
Are there any people on the list planning to attend IT Forum in Copenhagen
Nov 18-22? I just found out from Microsoft that I will be speaking there,
and it would be a great chance to meet face-to-face and quaff a few Danish
brews.
-gil
List info : http://www.activedir.org/mail_list.htm
List FAQ
Any chance you created an OU with the same
name as one of the groups, or with the same name as a sub domain? See Q240147.
-gil
-Original Message-
From: Kevin Felker
[mailto:[EMAIL PROTECTED]]
Sent: Friday, October 18, 2002 1:02 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] I
Hey Michael,
Start with these:
http://www.microsoft.com/windows2000/techinfo/howitworks/management/mmcover.asp
http://www.microsoft.com/technet/treeview/default.asp?url="/technet/prodtechnol/windows2000serv/howto/mmcsteps.asp
Marvin,
Generally speaking, you can't undo schema changes. They are for all intents
and purposes permanent. If you want to live out on the ragged edge with
Robbie where Microsoft won't answer your support calls, there is a way to
delete schema objects, but I'd never do it on a production
Title: Message
What kind of DNS service are you running?
-gil
-Original Message-
From: Chris J. Popp
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 15, 2002
7:23 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Secondary DNS
setup?
Hello,
I have a server at
USNs aren't replicated. They are only meaningful within the context of the
DC where they were generated. Are you referring to specific attributes that
contain USNs, e.g., uSNChanged or uSNCreated? Or are you talking about DNS
serial numbers perhaps?
-Original Message-
From: John S
Read the following: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ad/windows2000/plan/addeladm.asp.
It pretty much describes the advantages
and disadvantages of all these strategies.
-Original Message-
From: Patton, Jim
[mailto:[EMAIL
Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 02, 2002 2:53 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Active Directory Operations Guide
shameless plug
Stuart and Andreas were two of the stars at the Directory Expert's
Conference in Scottsdale this past
We've had a couple of our customers
get their DCs into a similar mode. The problem was a
policy setting from an security template that
configured the server to "reboot on audit failure". Audit events
were failing because of some sort of file corruption, IIRC. In any case, resetting
the
Operations Guide
Hey Gil, who is Mike Barnard?
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 01, 2002 1:11 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Active Directory Operations Guide
I thought *everyone* knew about this... yet another
Title: Message
Hey
Steve,
Nope,
that's the way its supposed to be. GCs and domains are forest-wide resources, so
appear under the forest root and nowhere else.
-gil
-Original Message-From: Byrne, Steve
[mailto:[EMAIL PROTECTED]] Sent: Sunday, September
29, 2002 5:56
Tom,
Make sure DNS is clean and working properly. It sounds like there may be DNS
DC locator records that are referring to DCs that are not available.
-gil
-Original Message-
From: Tom.Gray [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 26, 2002 6:09 AM
To: [EMAIL PROTECTED]
Title: Message
Try
LDP or ADSIEDIT. The MMC is trying to read some specific
attribute.
-gil
-Original Message-From: Garland Mac
Neill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24,
2002 10:57 AMTo: [EMAIL PROTECTED]Subject:
[ActiveDir] Distro List issue
/exec/obidos/tg/detail/-/0672315874/) from MacMillan.
It describes how to extend the schema and includes C++ code to do it using
either ADSI or LDAP.
/shameless plug
-gil
Gil Kirkpatrick
CTO, NetPro
Author of Active Directory Programming from MacMillan
-Original Message-
From: Dipu
There's EVENTCOMB.EXE from PSS which will let you gather and review event
log entries from multiple servers.
-g
-Original Message-
From: Hutchins, Mike [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 17, 2002 5:57 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Locked Accounts
Title: Message
Can
you describe the problems?
-gil
-Original Message-From: John
Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]] Sent: Thursday,
July 18, 2002 10:25 AMTo:
[EMAIL PROTECTED]Subject: [ActiveDir] AD and
NDSWe are in the process
of migrating our NT 4
The big issue using AD as a standalone LDAP server (as Stuart explained at
the DEC) has to do with AD's ties to the Win32 security system...
authentication through Kerberos, generation of Win32 security tokens, SIDs
appearing in ACLs, etc. ADAM removes these ties as I understand it.
-gil
to
consolidate your NOS and enterprise app directory into one. The two are
largely not compatible in terms of requirements (e.g. multi-domain vs flat).
Robbie Allen
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 18, 2002 7:06 PM
To: '[EMAIL
development project
with IIS, ASP, and Perl scripts.
-g
Gil Kirkpatrick
Chief Technology Officer, NetPro
Author of Active Directory Programming from MacMillan
Got eBook? Get your free Active Directory Troubleshooting eBook at:
http://www.netpro.com/ebook
-Original Message-
From: Joanna Days
Just to clarify, are you saying that within a nominal site, e.g. a building,
you would have firewalls separating separate segments?
-gil
-Original Message-
From: Thommes, Michael M. [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 10, 2002 8:00 AM
To: '[EMAIL PROTECTED]'
Subject:
Title: Message
I
would make it a secondary... you wouldn't want the administrative overhead of
updating both.
If you
are using W2K and AD, you can make them AD integrated... you get better and more
secure replication that way.
And make sure the DNS servers are on
separate segments so
plug
You
can also run NTDSUTIL; security account management; check duplicate SIDs to look
for duplicate SIDs.
-gil
Gil
Kirkpatrick
Chief Technology
Officer, NetPro
Author of "Active
Directory Programming" from MacMillan
Got eBook? Get
your free Active Directory Troubleshoo
Can you say a little more about the query string and how you're submitting
it? For instance, what exactly is the query string you're submitting? And
through which tool (or is it C/C++?) are you submitting it?
-gil
-Original Message-
From: pio eqbal [mailto:[EMAIL PROTECTED]]
Sent:
/default.asp?url=/library/en-us/netdir/ad/l
inked_attributes.asp describes this to some extent.
/Pedantic AD Schema Lesson
-gil
Gil Kirkpatrick
Chief Technology Officer, NetPro
Author of Active Directory Programming from MacMillan
Got eBook? Get your free Active Directory Troubleshooting eBook
of the risks associated with this
scenario. If you'd like more information, feel free to email me.
-gil
Gil Kirkpatrick
CTO, NetPro
Author of Active Directory Programming from MacMillan
-Original Message-
From: Rick Kingslan
To: [EMAIL PROTECTED]
Sent: 6/28/02 5:52 PM
Subject: RE
attribute of the nTDSDSA object for the DC to refer to
the specific query policy object.
Query policies have nothing to do with group policies.
-gil
Gil Kirkpatrick
Chief Technology Officer, NetPro
Author of Active Directory Programming from MacMillan
Got eBook? Get your free Active Directory
stop/start NETLOGON on the DC. Make sure updates are
enabled for the DNS zone.
-gil
Gil
Kirkpatrick
Chief Technology
Officer, NetPro
Author of "Active
Directory Programming" from MacMillan
Got eBook? Get
your free Active Directory Troubleshooting eBook at: http://www.netpro
-gil
Gil Kirkpatrick
Chief Technology Officer, NetPro
Author of Active Directory Programming from MacMillan
Got eBook? Get your free Active Directory Troubleshooting eBook at:
http://www.netpro.com/ebook
-Original Message-
From: Stephens, Brendan [mailto:[EMAIL PROTECTED]]
Sent
the complete description
of LDAP search filter syntax.
Gil Kirkpatrick
Chief Technology Officer, NetPro
Author of Active Directory Programming from MacMillan
Got eBook? Get your free Active Directory Troubleshooting eBook at:
http://www.netpro.com/ebook
-Original Message-
From: Stephens, Brendan
301 - 396 of 396 matches
Mail list logo
