Dear all, i think we experieincing issues re not being able to reset
permissions on
an object that was previously member of protected groups
i have read that the issue is around the reset of the value of 'admincount'
attribute.
as i learn this gets set to 1 when it is becomes a member of
- Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : see sender address
From: [EMAIL PROTECTED] on behalf of Graham Turner
Sent: Tue 2007-01-16 15:37
To: activedir
address
From: [EMAIL PROTECTED] on behalf of Graham Turner
Sent: Tue 2007-01-16 17:37
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] adminsdholder
Jorge, thanks for your reply post
i certainly favour the former option on account of the other
this is query re processing of computer group policies. i note that not
strictly AD
related so i hope not to get 'shot down' !
i wanted to get a view on the 'retry' behaviour of the WIndows 2000 group policy
engine, in a scenario of a user-initiated VPN, in which domain controller
connectivity
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Wednesday, November 22, 2006 4:46 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] computer policy processing -retry behaviour
this is query re processing of computer group policies. i note that not
strictly AD
related
Just a quick query on sysvol replication
we have put in place strategy for delegation of directory shared as netlogon by
way
of adding an ACE to the NTFS permissions
is it correct that on DC's running Windows 2000 SP4 that a change in the NTFS
permissions will generate the change notifications
quick question (hopefully not too daft) ref ADM file management
it seems different OS's ship with different versions of the 'standard' ADM files
that include conf.adm / interes.adm / system.adm ...
say if you are maintaining policies that link to containers holding say XP ,
2000,
2003 computers
, the definitive
resource for Group Policy information.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Wednesday, September 06, 2006 7:41 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] adm file management
quick
as you are on 2003, SP1 or XP, SP2, you should be good to
go.
Clear as mud?
Darren
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Wednesday, September 06, 2006 8:21 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] adm
Dear all, as i recall / understand group policy links are stored as an attribute
(gplink) of the OU.
It seems that GPMC is fine at summarising the links on a per OU basis as you
step
down the forest / domain structure.
However it seems to lack a summary of OU / linked GPO(s) / link order /
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner Sent:
Wednesday, August 23, 2006 10:05 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] management of group policy links (GPMC)
Dear all, as i recall / understand group policy links are stored as an
attribute
(gplink
PROTECTED] On Behalf Of Graham Turner
Sent: Wednesday, August 23, 2006 9:08 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] management of group policy links (GPMC)
thanks both
What this is all about is putting in place the necessary operational
practices to
ensure capability
Dear all, am experiencing issues that i think attributable to the concept of
Active
Directory phantoms
the symptom is that when we open certain global groups the membership list
comes out
with grey icons
this is not all groups - affected ones being - Domain Users / Domain computers
must
day!
Robert Williams
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Monday, August 14, 2006 9:01 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir]
Dear all, am experiencing issues that i think attributable
Dear all, i think this may be a really daft question but anyways !!
reading up on strategies for ADM / sysvol management for Windows 2000
just wanted to wonder how the Windows 2000 group policy editor resolves the
scenario
of an ADM file not being present on the machine which is view/edit the
Dear all, needing to seek further assistance on OU delegations.
We have applied a delegation using the custom delegation wizard;
Create / Delete computer object
this works fine and dandy in the context of creating and deleting computer
objects
in the container and its sub-containers.
however
Dear all, was wondering if someone could give us a view on the delegation of the
'user must change password at next logon'
it seems that having applied the delegation (using Windows 2000 delegation
wizard on
a Windows 2000 domain) that allows 'reset password on user objects' , the
delegate
can
Dear all, I am looking to some information with respect to Group policy object
delegation.
the requirement is to allow additional users to create new GPO's without 'Domain
Admins' membership.
Seems the way to go is to add the user accounts to the 'Group policy creator
owners'
group.
this
:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: 09 March 2006 13:46
To: activedir@mail.activedir.org
Subject: [ActiveDir] group policy creator owners
Dear all, I am looking to some information with respect to Group policy
object delegation.
the requirement is to allow additional users
Dear all, i have been away from the list for absolutely ages but i need to go
over
an issue of GC discovery with Outlook XP that need some help on.
this may be regarded as OT to this list, but have posted on an MS Outlook
newsgroup
site with nothing back so i hope this post to be in order.
i
it to. There were some improvements in that process in OL2K3 and
Exchange 2K3 products, but you're not using those versions right?
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Friday, September 23, 2005 11:05 AM
To: activedir
dear all, was wondering if the list could give me any views / specific
information on the usage of the group policy value;
run only allowed windows applications
i would suspect that there are constraints on its usage based (not only on
a practical basis), but also on a maximum length of the
dear all, doing a bit of audit on a dns infrastructure and reviewing output
from a windows 2000 server dns log
am looking at a number of queries that are generating 'nxdomain' responses
and was endeavouring to work out where they would be coming from;
the query is;
Dear all, am needing to support a sharepoint deployment
change request has come from the project teams, requesting modification to
the replicating directory changes permissioning
before we proceed was looking to understand a little about this permission
and by inference the impact of sharepoint
dear all, am looking to explicitly delegate the modification of 2 attributes
of the user object
these are display name / email address (as viewed in the General tab)
using the delegation wizard and the custom delegation of the user objects
and then selecting property specfiic permissions we
this post relates to the general tenet of permissioning of AD objects - ou's
et al - and seeking views on how ACL's are applied to OU (or for that matter
any directory object I suppose)
all the delegation references seem to indicate that group objects should be
used as ACE's - totally happy with
PROTECTED] On Behalf Of Graham Turner
Sent: Monday, August 09, 2004 7:30 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] adc replication
dear all, further to earlier item on impact on the AD directory following
ADC synchronization.
have been through the Exchange 5.5 directory and found
the most heartburn is the display-name
--
displayName join and you can find information about how to properly map
this
change in KB's.
-AJM
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Monday, August 09, 2004 8:39 AM
Am reviewing the procedures for forest recovery from MS paper titled
Windows 2000 forest recovery.
it does document an issue of DNS registration by child domain controllers of
records on a DNS server in the root domain.
could anyone explain further the requirement for GC wrt DNS registration.
and name, and replicated the 5.5 displayname only to the AD
displayname.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Friday, July 30, 2004 11:41 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD replication from 5.5 using ADC
hopefully once again i am not charged with going too O/T with this one, but
was looking to get a bit of further information on the potential impact of a
replication from an exchange 5.5 server to a win2k AD
it seems there is potential for the change of attributes already in the AD
if there is
, 2004 3:32 PM
Subject: RE: [ActiveDir] AD replication from 5.5 using ADC
Graham,
AD does default to First Name Sur Name on new account creation. The
following KB Article explains how to change that:
http://support.microsoft.com/?kbid=250455
R/Bill
-Original Message-
From: Graham Turner
should submit that for
fixing.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Friday, July 30, 2004 10:04 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] AD replication from 5.5 using ADC
hopefully once again i am not charged
]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Friday, July 23, 2004 1:33 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] outlook / gc client discovery
Dear all, thanks all for your positive views on this issue.
first up i apologise for not chiming in the last week - been away
depending on requirements. But to spend the time to reduce
the smallest amount of traffic seems counterproductive to me except in
situations noted above.
My thoughts anyway.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent
can anyone confirm the mechanism by which dcpromo being run discovers the
source of domain information.
i know we doing this unattended you can hardcode a source into the script
file but how does it find a source when left to its own devices ??
GT
List info :
can anyone confirm the mechanism by which dcpromo being run discovers the
source of domain information on the initial dc promotion.
i know we doing this unattended you can hardcode a source into the script
file but how does it find a source when left to its own devices ??
q223757 tells us the
Of Graham Turner
Sent: Monday, July 12, 2004 8:10 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] outlook / gc client discovery
dear all, am a bit nervous posting this on account of going way OT as this
post falls quite definitely under Outlook 2002 configuration, but there is
obviously relation to AD
dear all, am a bit nervous posting this on account of going way OT as this
post falls quite definitely under Outlook 2002 configuration, but there is
obviously relation to AD so here goes ...
understanding the mechanisms of GC 'discovery' would it seem be very
important to optimal deployment of
]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Monday, July 12, 2004 8:10 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] outlook / gc client discovery
dear all, am a bit nervous posting this on account of going way OT as this
post falls quite definitely under Outlook 2002 configuration
just wanted to run this by the mailing list
i know there to be a whole raft of objects left behind in the directory
after unorderly shutdown of DC
however even in an orderly demotion seems there is a server object left
behind at;
CN=servername.,CN=servers,CN=site,CN=configuration,DC=
i
replication frequency but not over a week. Do your update, then when you
are
ready, do a repadmin /sync on one or more of the connections.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Wednesday, July 07, 2004 2:00 PM
To: [EMAIL
Dear all, am looking to understand a bit better the processes of windows dns
server
scavening processes;
1. am i right in my understanding that scavenging does need to be explicitly
on a zone if it is enabled at a server level;
read somewhere that behaviour varies according to AD-integrated
Dear all, this one is not strictly Active Directory so hope this doesn't
p*** people off too much
we are looking to delegate the permissioning of the ability to restart print
spooler service which for some reason is not afforded to members of the
print operators local group
not sure of the logic
am attempting the debug of an application that i suspect to be failing on
account of a run only allowed windows applications policy
in this respect have enabled user environment debug logging as per
KB221833.
was expecting the application (or one of its components) that fails to log
something to
Dear all, just butting into this thread so apologies for this
have picked up that w32tm is many times more functional on XP as compared to
2000.
seems unless i am mistaken that w32tm on 2k does not support the config
domhier to reconfigure the system to use the domain hierarchy.
was wondering
in AD
Graham Turner mailto:[EMAIL PROTECTED] wrote:
have picked up that w32tm is many times more functional on XP as
compared to 2000.
seems unless i am mistaken that w32tm on 2k does not support the
config domhier to reconfigure the system to use the domain
hierarchy.
was wondering
).
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Thursday, February 05, 2004 5:43 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] slow replication partner / site link config
a server has been joined to the AD infrastructure
in this use. :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Sunday, February 08, 2004 6:47 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] slow replication partner / site link config
Joe, thanks for the post reply.
first
a server has been joined to the AD infrastructure and promoted to DC for the
specific purpose of recovery of AD objects.
the intention is to configure the replication topology following what seems
to be termed as lazy replication partner model.
to this end the following tasks have been
Dear all, am attempting debug of a logon failure
we have found on the authenticating DC a security event log entry which
gives us a failure code 0xE
have referenced this Kerberos failure code to the following meaning;
KDC has no support for encryption type
this seems to be a machine specific
in
the article.
Between the two articles the subjects are covered very handsomely...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Monday, February 02, 2004 8:33 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] logon server
As we all know to death by now, local logon server discovery is by
determination of the DNS RR's for a DC in a computers own site.
qu. how does the client resolve the scenario of a response not being
received in a timely fashion. ?
what is the timeout value for a client not to receive a response
server also hosts services like DNS, WINS, etc.
Jorge
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Monday, January 26, 2004 14:41
To: [EMAIL PROTECTED]
Subject: [ActiveDir] dc ip address change
does anyone have views on the procedure of changing the IP
I read with interest this post.
don't suppose there is any related policy that allows the administrator to
suppress the processing of login script (as set in the user a/c property)
when logging on locally ??
GT
- Original Message -
From: Darren Mar-Elia [EMAIL PROTECTED]
To: [EMAIL
does anyone have views on the procedure of changing the IP address of a
server that is a DC ??
1. is it a supported operation - which i would think it has to be !
2. what directory changes need to be made - one that comes to mind is the
move of the server object from the servers container of
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Friday, January 02, 2004 6:22 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] group policy processing of IE settings
Darren, thanks for the mail back (and perhaps a sanity check !!) and
Happy New Year to you it would seem
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Wednesday, December 31, 2003 4:13 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] group policy processing of IE settings
Darren, thanks for the mail reply.
this was my initial view - but google searches
namespace under:
Computer Configuration|Administrative Templates|System|Group Policy|IE
Maintenance Policy Processing.
Darren
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Tuesday, December 30, 2003 7:22 AM
To: [EMAIL PROTECTED
not sure if this list accepts issues relating to the configuration of
Internet explorer using Group policy - if not apolgoies but would
nonetheless be v glad for assistances on the apparently inconsistent
behaviour w.r.t the setting of the auto-configuration script value.
definites i can confirm;
Dear all, before i attempt the more involved debug of this funny one thought
i would see if any one could confirm similar observed behaviour;
win2k professional client has been migrated using ADMT 2.0
myself and and other admin can log on to the domain (same domain for user
and computer by the
have just read up on the fix provided by Q812499 / and also SP4
i see it enables a registry value but any further detail on what it does /
how it works seems to be a little bit elusive
any one care to elaborate on what it actually does ?
GT
List info : http://www.activedir.org/mail_list.htm
Have seen something along these lines
we initially performed the authorization using chid domain (where the DHCP
servers are) credentials - this seem to perform the authorization (certainly
wrote to the directory) but got messages as you describe.
the fix was a good hack using ADSIEDIT of the
Guido, I am definitely interested in this material.
I will be a very glad recipient
GT
- Original Message -
From:
GRILLENMEIER,GUIDO
(HP-Germany,ex1)
To: [EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 7:58
AM
Subject: RE: [ActiveDir] Robbie Allen DEC
don't know if i am jumping the gun once again, but am especially keen to get
hold of the documentation from Micrsoft on the delegations of administrative
tasks within Active Directory.
any news on its availability.
GT
List info : http://www.activedir.org/mail_list.htm
List FAQ:
was wondering if any one could give us a heads up on how we prevent a
windows 2000 domain controller from authenticating a user logon request.
by comparison on an NT4 domain controller, the configuration of pausing
the netlogon service would prevent the DC from authenticating a user logon
request
Title: Message
here, here !!
- Original Message -
From:
Roger Seielstad
To: '[EMAIL PROTECTED]'
Sent: Monday, October 13, 2003 4:24
PM
Subject: RE: [ActiveDir] Forcing logoffs
9x
Cut
power to the building every few days? Wait for the 9x boxes to get
Have come back to the list after a while away - the paper on AD delegation
from MS looks to be of some good value - is this published yet ??
GT
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
Have just picked up on this thread of SUS - looks a real winner
would be glad for the views of the positioning of this product relative to
SMS ??
GT
- Original Message -
From: Free, Bob [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 18, 2003 11:44 PM
Subject: RE:
Title: Message
but what about the "discard forward lookup when lease expires"
??
have never got to the bottom of this given the security of the
A record which in default DHCP configuration is owned by the client
??
GT
- Original Message -
From:
Todd Povilaitis
To:
where do we find FRSdiag ??
GT
- Original Message -
From: Rittenhouse, Cindy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 02, 2003 8:32 PM
Subject: RE: [ActiveDir] sysvol not replicating
I'm sorry, but I'm having trouble locating FRSDiag.
-Original
GUID intact.
This is a lot more flexible than authoritative restore or any other
mechanism that has to try and extract portions of a single GPO from
backups of system state.
Darren
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 17, 2003 11:42 AM
backups
of system state.
Darren
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 17, 2003 11:42 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] authoritative GPO restore
was hoping to get a bit more detail on the procedure of restore of a GPO
was wondering if any one could give us info ADMT error 7557
this is being logged by the ADMT user migration wizard when selecting the
option to migrate passwords using password export server.
this has been working a treat to date but from the one article on this found
to date looks to name
i know this one has probably been done about 500 times already, but was
hoping to sound the mailing list out on techniques of differentiating
between Windows 2000 / NT4 from login script, given that both Windows 2000
and NT4 return Windows NT from a query of the OS Version environment
variable
GT
this could possibly be taken as OT - so apologies if this is the case - if
so not sure of the newsgroup to post to.
am considering issues of licencing in the context of a domain upgrade
it has been raised as a potential issue that client access licences procured
to support connection to NT4
unsupported! So don't take my word
for it. Give it a go in your test lab if you want and let us know how you
get on.
Tony
-- Original Message --
From: Graham Turner [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Wed, 30 Jul 2003 14:30:35 +0100
is there any
can anyone confirm how ADMT 2.0 handles the conflict of accounts that have
already been migrated from a source domain to a target domain.
it is required that accounts that have been migrated on an individual basis
for testing are not overwritten during a subsequent mass migration process
it
is there any way to change using a domain setting the default container into
which computer account objects are created for a windows 2000 domain. ??
GT
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
in drive:\Program Files\Active Directory Migration Tool\, or
look at the sample migration scripts for additional information.
Hunter
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 30, 2003 7:19 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Monday, July 14, 2003 2:08 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] admt 2.0 - nt4 computer migration
Gentlemen, thanks to all for your contributions to this.
will be going to customer site later this week to do
else on the mailing list knows what these really are.
Stuart Fuller
Active Directory
State of Montana
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Friday, July 11, 2003 12:25 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] admt 2.0 - nt4 computer migration
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Wednesday, July 09, 2003 4:25 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] admt 2.0 - nt4 computer migration
but then thinking about it no - when i failed on the first nt4 host
thought
i assume that the issue documented in pss reference Q328786 relates to the
version of gptext.dll that is running on the client that is running the GPO
editor and not the DC's that are hosting it ??
how also about Q263179 - this sounds more to do with the storage of the GPO
on the sysvol share and
by system policy, AFAIK.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Friday, July 11, 2003 5:20
Active Directory
State of Montana
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Friday, July 11, 2003 8:58 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] admt 2.0 - nt4 computer migration
Rick, thanks your time on this issue.
my view is that we failing
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 08, 2003 9:45 PM
Subject: RE: [ActiveDir] admt 2.0 - nt4 computer migration
Has the Everyone group been added to the Pre-Windows 2000 Compatible
Access group in the new domain?
-Original Message-
From: Graham Turner [mailto
domain?
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 08, 2003 3:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] admt 2.0 - nt4 computer migration
Am attempting the migration of computer from NT4 source domain to Windows
2000 target domain
of the workstations' local admin group?
John WitasickProject Manager - Windows Networking Services
Group
- Original Message -
From:
Graham Turner
To: [EMAIL PROTECTED]
Sent: Tuesday, July 08, 2003 4:23
PM
Subject: [ActiveDir] admt 2.0 - nt4
computer
Am attempting the migration of computer from NT4 source domain to Windows
2000 target domain.
the migration environment is working fine with windows 2000 professional
clients
have got issues with the migration of an NT4 workstation
the extract from dispatch.log on the admt server is attached
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Sunday, July 06, 2003 11:39 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] DFS errors 13544 / 13552
am trying to diagnose and remedy errors returned by NTFRS (on Windows
2000
/ sp3)
error codes
have just picked up this thread, is this not one of the features that is
enabled on conversion of a domain to native mode ??
i know behaviour of the domain local group does change between a domain in
mixed vs native mode.
GT
- Original Message -
From: Salandra, Justin A. [EMAIL
just wanted to pick up on others experiences of using preferences (as
opposed to true policies) in w2k gp objects.
experiencing behaviour which is at best described as inconsistent in the
application / refresh of values set in the non-standard registry hives
issues may stem from the format of
Dear all, have posted quite recently with no feedback so hoping this time
round to get a bit more info,
still looking at strategy for migration of the well known accounts -
Domain Admins / Domain Users on which a lot of domain security is based.
thought this was where the Group mapping and
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Friday, June 06, 2003 7:44 AM
To: [EMAIL PROTECTED]
Dear all, have posted quite recently with no feedback so hoping this time
round to get a bit more info,
still looking
the strong session key requirement.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Sunday, June 01
, except by
creating a new domain and using the export/import feature from GPMC.
/Guido
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Mittwoch, 28. Mai 2003 14:35
To: [EMAIL PROTECTED]
please can anyone pass on the in's and out's of diagnosing failure
apologies if i have already posted here, but this still remains on my issue
log
would very much like to be able to get information on strategies for the
delegation of site / subnet administration (on foreest root DC's) to child
domain security principals
Thanks
GT
List info :
2000 / NT4 trust
One thing to keep in mind is the value you have set for RestrictAnonymous.
See Technet articles 178640 and 296403 for details.
Mike Thommes
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 28, 2003 7:35 AM
To: [EMAIL PROTECTED]
Subject
Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 28, 2003 9:36 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] delegation of root domain admin
apologies if i have already posted here, but this still
remains on my issue log
would very much like
1 - 100 of 133 matches
Mail list logo