] On Behalf Of
Jorge de Almeida Pinto
Subject: RE: [ActiveDir][OT] File copy with security intact
My experience with XCOPY is that with large amounts of data
it suddendly quits.
Jorge,
Try XXCopy. Works great.
Webster
List info : http://www.activedir.org/List.aspx
List FAQ: http
...someone messed
Smack that someone
Just kidding
#JORGE#
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: vrijdag 24 juni 2005 18:03
To: Jorge de Almeida Pinto; [EMAIL PROTECTED];
ActiveDir@mail.activedir.org; David Cliffe
Subject: RE
what error do you get?
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 6/23/2005 8:56 PM
Subject: [ActiveDir] Cannot Contact Domain over External Trust
I have a trust that has been working and all of a sudden with zero
errors it has stopped.
I
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de
Almeida Pinto
Sent: Thursday, June 23, 2005 3:35 PM
To: Salandra, Justin A.; '[EMAIL PROTECTED] ';
'ActiveDir@mail.activedir.org '
Subject: RE: [ActiveDir] Cannot Contact Domain over External Trust
what error do you
try
ADFIND -b CN=GROUP1,OU=OU,DC=DOMAIN,DC=TLD member IN.TXT
adcsv.pl /infile:in.txt /outfile:out.txt
open out.txt and copy all the members AFTER the DN of the group and replace
that with REPLACEWITHTHIS
ADMOD -b CN=GROUP2,OU=OU,DC=DOMAIN,DC=TLD
member:++:REPLACEWITHTHIS
This should work to
External Trust
No, I would and am the only one able to do so and I know that I have not
changed it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de
Almeida Pinto
Sent: Thursday, June 23, 2005 5:38 PM
To: 'David Cliffe '; '[EMAIL PROTECTED] ';
'ActiveDir
I would recommend to ROBOCOPY, its robust (hence the name), has a lot of
possibilities and it does its job very good!
My experience with XCOPY is that with large amounts of data it suddendly
quits.
Cheers
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Title: RE: [ActiveDir] File copy with security intact
no, it is not
free
it costs
$5.50 USD
(http://copyrite.dynu.com/buy.htm)
yes the comma is correct! ;-))
see
http://copyrite.dynu.com/
Cheers
#JORGE#
From: TIROA YANN
[mailto:[EMAIL PROTECTED] Sent: dinsdag 21 juni 2005
16:18To:
OLDCMP from joeware
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: dinsdag 21 juni 2005 16:55
To: ActiveDir (E-mail)
Subject: [ActiveDir] inactive users
How do you query for inactive accounts in a Win2k AD?
I know you can
The user accounts can be migrated without the actual user connecting to the
LAN, no matter what migration tool you use. However to migrate the client
computers and re-acl the client computer the computers must be connected to
the LAN. I'm sure of that if you use ADMT. I'm not aware if there exists
Hi Darren,
The information for each Domain based root is stored in AD in the following
location:
Domain Directory Partition - System - Dfs-Configuration - FTDFS object (root
name)
For more info check How DFS Works
(http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Tech
The first that I thought of was the RestrictAnonymous registry configuration
on W2K DCs. (http://www.jsifaq.com/SUBF/TIP2600/rh2625.htm) (QUOTE: - Never
set RestrictAnonymous to a 2 in a mixed-mode environment that includes
down-level clients)
Also have a look at Client, service, and program
no the group is not restricted
to creating 10 workstations in the domain but don't forget to remove the right
from auth. users
#JORGE#
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank
AbagnaleSent: Thursday, June 16, 2005 09:19To:
ActiveDir@mail.activedir.orgSubject:
Hi Guido,
NetBIOS based domains/clients
find domain controllers through the WINS record 1Ch. If two different domains
share the same WINS infrastructure I think both domain's DCs wil register in the
same record and then you will have some interesting troubleshooting to do. Don't
forget
Are you using different DHCP servers that service the same subnet but where
the WINS IP addresses are switched?
Cheers
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Taco
Sent: donderdag 16 juni 2005 16:23
To: ActiveDir@mail.activedir.org
for next
DEC (just kidding - I'd say migrations are getting somewhat boring... -
however, not one is the same as another...)
Cheers,
Guido
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de
Almeida Pinto
Sent: Donnerstag, 16. Juni 2005 16:08
To: ActiveDir
WINS registering behavior
Sorry I didn't get to your earlier...
Both WINS servers and DHCP server are all on different subnets. Is this
what you were asking?
On Thu, 16 Jun 2005 16:54:22 +0200, Jorge de Almeida Pinto
[EMAIL PROTECTED] said:
Are you using different DHCP servers that service
On each OU level GPOs are processed bottom-up
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 6/17/2005 12:26 AM
Subject: [ActiveDir] Event log settings in GPO
Just want to check to ensure. But I could say have a policy that is
configured to set
Or use OLDCMP (also from Joe) which can generate a nice HTML report
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, June 15, 2005 02:29
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Last Logon attempts
Tony pointed you to
Yann,
The info attribute corresponds with the NOTES section on the user object in
the TAB called Telephones
If you look for READ NOTES or WRITE NOTES, that's the ones I think you are
looking for in the ACL of an object or in the Delegation of Control Wizard
So, it is already in there... ;-)
Title: Affect of a schema update on W2K SP4 AD
The implementation of the E2K3 already
caused a full GC sync/rebuild because it adds new attributes to the
PAS.
The PAS is the Partial Attribute Set...in
other words the set of attributes in the GC. Only if you change that set (add or
remove an
Title: Affect of a schema update on W2K SP4 AD
If its W2K3 use the install from
media option... DCPROMO /ADV
If you have W2K and have that
possibility ship the DC to a central location, DCPROMO it and ship it back to
the branch office. In this case be sure to create a separate site in AD and
Hi,
Load balancing is already provided by DNS through round robin. However, in
some occasions you might to change the DNS priority and/or weights of some
DC(s) to offload it (I mean the SRV records of the DCs)
When using W2K3 DCs you have the possibility to configure the DC through a
GPO as the
about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Jorge de Almeida Pinto
Sent: Mon 6/13/2005 6:31 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Affect of a schema update on W2K SP4 AD
The implementation of the E2K3 already caused a full
MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Jorge de Almeida
Pinto
Sent: Mon 6/13/2005 6
The service stuff you mention is possible using a GPO where you have the
possibility to configure permissions ho can do what with services. On the
command stuff it depends what the commands do. Be aware that each user in
the domain by default has the permissions to logon to your members servers
Hi,
In the domain the group "Remote
Desktop Users" exists. This groups has permissions on the RDP-protocol on each
DC (Terminal Services Configuration MMC) but does not have the user right "Allow
logon through Terminal Services" in the Default Domain Controllers
GPO.
For member servers
In my opinion I would only enable ABE on the actual shares that are used for
the DFS links
Cheers
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 6/10/2005 7:01 PM
Subject: [ActiveDir] DFS and Access Based Enumeration
Does anyone have and
may have.
john
Jorge de Almeida Pinto wrote:
Hi,
This was a thread that was discussed a few days ago. See the following
post
from Joe where he explains some things in addition to my own post.
http://www.mail-archive.com/activedir@mail.activedir.org/msg29621.html
HINTS:
* nested groups
it being reset to 1.
thanks so far,
john
Jorge de Almeida Pinto wrote:
John,
OK, the users you are talking about are non-default-admin-users and
are not
members of protected groups and never have been.
Mayba a strange question.. which groups is the domain users group a
member
of?
#JORGE
You can first take ownership and reset the permissioning and after doing
that you can give away the ownership the same way like taking ownership!
To give away ownership to someone else you need full control permissions AND
the user right restore files and directories on the particular server
If you look at MS-KBQ817433 Delegated permissions are not available and
inheritance is automatically disabled you will see it provides a VB script
to Resets all accounts that have adminCount = 1 back to 0 and enables the
inheritance flag. That article also tells you how to configure AD so that
you
FSMO resets all accounts that you
did not want to change
#JORGE#
-Original Message-
From: Rimmerman, Russ
To: Jorge de Almeida Pinto; Robert Williams (RRE) ;
ActiveDir@mail.activedir.org
Sent: 6/9/2005 12:53 PM
Subject: RE: [ActiveDir] Security permissions on user object
But is it safe
Hi,
I'm looking for the value of the LDAP max msg size within AD. If I remember
correctly it is 10MB. Is that correct? I also thought it is configurable
through NTDSUTIL - LDAP POLICIES.
So my questions:
* What is the default size
* How to you configure it
I knew the answers myself but I can't
was removed in Windows
Server 2003.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de
Almeida Pinto
Sent: Thursday, June 09, 2005 8:38 AM
To: 'ActiveDir@mail.activedir.org'
Subject: [ActiveDir] LDAP max msg size
Hi,
I'm looking for the value
Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Jorge de Almeida
Pinto
Sent
Title: Exchange and disabling accounts
Tim, Joe,
Alex,
Thanks for the info you guys
provided!
Cheers
#JORGE#
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: dinsdag 7 juni 2005 22:39To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange and
disabling
Title: Exchange and disabling accounts
Hi,
I just did what I posted with
ADMODCMD (from the latest version of ADModify) and it worked like a
charm!!!
These tools (ADFIND, ADMOD,
ADModify) kick ass!
Thanx,
Jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex
Are you sure all the old metadata was removed from AD for that particular DC
(rhino...)?
What does DCDIAG say?
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 6/8/2005 8:27 PM
Subject: RE: [ActiveDir] nltest, adfind errors
As far as I know,
When backing up a DC you really only need to backup the system state of the
DC. However, in my opinion the system drive and the system state belong
together and thus I always advise to backup the system. Reason: custom
configurations like directories/permissions/etc., installed apps, etc. When
: 1000 users created
02: rIDAvailablePool: 4611686014132427214
03: rIDAvailablePool: 4611686014132427214
###
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida
Pinto
Sent: dinsdag 31 mei 2005 10:31
time testing this, it
seems this was removed quite some time ago :(
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-Original Message-
From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 02, 2005 9:09 AM
To: ActiveDir
NOPE! only if you really want to
;-)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Za
VueSent: donderdag 2 juni 2005 17:56To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] ADPrep /Forestprep
and /DomainPrep
Do ADPrep /forestprep and
/domainprep require rebooting
] on behalf of Jorge de Almeida
Pinto
Sent: Thu 6/2/2005 7:55 AM
To: ActiveDir@mail.activedir.org; 'Send - AD mailing list'
Subject: RE: [ActiveDir] Error in PDC Operations Master
Appologies accepted! No hard feelings! I also used the same environment
to
test the ADMOD -undel option to undelete objects
And if you need to do it permanently you can designated through the registry
or through a GPO setting DC Locator DNS records not registered by the DCs
(preferred!)
And if you want to offload it you can configure the DNS weight and DNS
priority of the records registered by the particular DC(s).
,
--
Matt Brown
[ SELECT * FROM IT WHERE EyeContact=True ]
Information Technology System Specialist
Eastern Washington University
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de
Almeida
Pinto
Sent: Wednesday, June 01, 2005 12:03 PM
To: 'Matt Brown
Hi,
If one of your DCs died and it is OK reinstall it instead of restoring it
you should:
(1) Perform a metadata cleanup to remove the directory info of the DC that
died. see http://support.microsoft.com/default.aspx?scid=kb;en-us;216498
and/or http://www.petri.co.il/fix_unsuccessful_demotion.htm
Try:
* SUBINACL with the /accountmigration option
(http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91
-93CF-ED6985E3927Bdisplaylang=en http://www.analogduck.com/main/subinacl)
* SETACL with the -cpytrst option (TrusteeAction)
Does the PDC FSMO or the other DCs have any events with errors can possibly
tell more about this issue?
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 6/1/2005 6:39 PM
Subject: [ActiveDir] DC's not communicating with each other
I've talked about
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida
Pinto
Sent: Sunday, May 29, 2005 5:22 PM
To: ActiveDir@mail.activedir.org; Send - AD mailing list
Subject: RE: [ActiveDir] Error in PDC Operations Master
Because you are seizing
143Million does not seem that many.
The session was a John Craddock session, on AD as part of the pre-conference
programme.
Can anyone confirm this number and confirm the matter?
Regards
Mark
-Original Message-
From: Jorge de Almeida Pinto [EMAIL PROTECTED]
Date: Tue, 31 May 2005 10:31:02
Hi,
You can always select the user and/or groups you want to migrate. It all
depends on the requirements and situations but it is not needed to migrate
the domain at once.
There are a lot of tools available that help you with your object migration
(user, groups, computers) en resource updating
almost forgot:
think about closed sets (meaning: if I migrate these objects, what other
objects should be migrated also)
what about the groups the NT users you want to migrate are members of? Don't
you need to migrate those as well?
cheers,
#JORGE#
-Original Message-
From: [EMAIL
Because you are seizing and not transfering and as the NEW Rid Manager
object may not be up-to-date on the remaining DCs (because replication
halted/stopped for some reason) you may want to increase the
Ridavailablepool attribute (on the Rid Manager object in the domain) for the
NEW RID MANAGER
YEP, THAT'S the article I was talking about..
Thank you Tomasz ;-)
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: dinsdag 24 mei 2005 22:38
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] TR : Golbal catalog
CTED]]
On Behalf Of Jorge de AlmeidaPintoSent: Tuesday, May 24, 2005 4:02
PMTo: 'TIROA YANN '; Jorge de Almeida
Pinto;'[EMAIL PROTECTED] '; 'ActiveDir@mail.activedir.org
'Subject: RE: [ActiveDir] TR : Golbal catalog Infrasctucutre
Master.have you read the article "Phantoms, T
Is the following article of any help to you?
A missing service principal name may prevent domain controllers from
replicating
(http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308111)
Cheers
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent:
Answer to your question: YES, that's why you should assign permissions to
groups and not to individual accounts
DSREVOKE
Dsrevoke is a command-line tool that can be used on domain controllers that
are running Windows Server 2003 or Windows 2000 Server to report the
existence of all permissions
How are the departments represented in AD? - OUs, groups, something else?
Cheers
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 5/24/2005 2:39 PM
Subject: [ActiveDir] Need AD Query Suggestion Please
Hello,
I am looking for a query or script
.
-Original Message-
From: Jorge de Almeida Pinto
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 24, 2005 8:53 AM
To: Krenceski, William; '[EMAIL PROTECTED] ';
'ActiveDir@mail.activedir.org '
Subject: RE: [ActiveDir] Need AD Query Suggestion Please
How are the departments represented in AD
You have two possibilities:
For both create a GPO with the APP assigned.
(1) link the GPO to each classroom and you're done
(2) link the GPO to the workstations OU and use group filtering by giving a
group (that represents the classroom) read and apply permissions to the GPO.
Each workstation must
Suggestion Please
Cool filter !!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de
Almeida
Pinto
Sent: Tuesday, May 24, 2005 9:56 AM
To: 'Krenceski, William '; '[EMAIL PROTECTED] ';
'ActiveDir@mail.activedir.org '
Subject: RE: [ActiveDir] Need AD
Ola,
The could have acchieve for the one to one mapping using the NTDSnomatch
utility that comes with the deployment tools of exchange 2003. However what
you did works because what you did manually the ADC in combination with the
NTDSnomatch util would have done the same.
It sounds those were
for more info on ADC, object matching etc. see:
http://www.windowsitpro.com/Articles/Print.cfm?ArticleID=16139
Cheers
#JORGE
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org; [EMAIL PROTECTED]
Sent: 5/24/2005 6:23 PM
Subject: [ActiveDir] Cisco Call Manager /
Hi,
For more info on the infrastructure master see Phantoms, Tombstones and the
Infrastructure Master (http://support.microsoft.com/?id=248047)
In both W2K and W2K3 AD.. the following rules apply:
* if you have only one domain - make all DCs also GCs as there is no
additional overhead
* if you
In my opinion when talking about structures an OU structure is based on the
following design rules:
(1) Create the first OU structure based on the needs of delegation of
control (who does what and what is the scope)
(2) Adjust the first structure to your needs to hide certain objects if
applicable
have you read the article Phantoms, Tombstones and the Infrastructure
Master which I mailed you? This explains the issue you are trying to
understand.
Cheers
#JORGE#
-Original Message-
From: TIROA YANN
To: Jorge de Almeida Pinto; [EMAIL PROTECTED];
ActiveDir@mail.activedir.org
Sent: 5/24
What are event ids on the
DC?
To demote the DC in a forced
way: DCPROMO /FORCEREMOVAL (you need at least W2KSP4 or hotfix or
W2K3)
Using this the DC will be
demoted to a STAND-ALONE server (not a member server) and afterwards you need to
do a metadata cleanup
Cheers,
#JORGE#
From:
Do the credentials (username and password) you are using exist in both
domains?
What do you want to acchieve with interoperability between the environments?
If users are in the first domain and need to access resources on the second
domain you need a trust where the second domain trusts the
Hi,
In my opinion the following recovery situations exist when it comes to AD:
(1) Accidental object deletions
(2) Your forest/domain drops dead
(3) A DC drops dead
(1) Accidental object deletions
I agree with Joe that people should only have those permissions needed to do
their work and this
Where the heck does Last success @ 1952-08-19 22:59.10. come from? I know
MS uses the year 1601 as the starter date, but I have never seen 1952 or
something else before AD was ever available.
In this case as you're already doing... kill the old DC and rebuild it
CHEERS
#JORGE#
-Original
Hi,
Have you seen Delegated permissions are not available and inheritance is
automatically disabled (http://support.microsoft.com/?id=817433)
This article describes how you can configure which default protected groups
are protected or not by the adminsdholder object. Although possible I do not
server...
Maybe someone else on this list knows how to specifically delegate the print
admin permissions as mentioned above on member servers with giving away the
local admins group membership
Cheers
#JORGE#
-Original Message-
From: TIROA YANN
To: Jorge de Almeida Pinto; [EMAIL PROTECTED
What I mentioned also applies to some other built-in groups...
see also
http://www.windowsecurity.com/articles/Built-in-Groups-Delegation.html
#JORGE#
-Original Message-
From: TIROA YANN
To: Jorge de Almeida Pinto; [EMAIL PROTECTED];
ActiveDir@mail.activedir.org
Sent: 5/22/2005 3:56 PM
work properly.
joe
-Original Message-
From: Jorge de Almeida Pinto
[mailto:[EMAIL PROTECTED]
Sent: Sunday, May 22, 2005 8:41 AM
To: 'joe '; '[EMAIL PROTECTED] ';
'ActiveDir@mail.activedir.org '
Subject: RE: [ActiveDir] AD DR - replication lag siteWhy?
Hi,
In my opinion
You are correct there are free tools to do a restore of objects. There is
one problem though with deleting and reanimating objects. When an object is
deleted almost all info is stripped from it besides some important
attributes (SID, GUID, etc) If you reanimate the object you'll get a
stripped
if the DCsalso have DNS
and/or WINS services don't forget to adjust your DHCP scopes and possibly DHCP
relay agents
The only thing that changes in
DNS are the A records. Make sure these are updated. This also applies for WINS
if you use it.
There could other IP address
dependicies that
I think not...
What I would do:
* Rename the default DELEGWIZ.INF to DELEGWIZ-SPx.ORG (where x is the
service pack number)
* Create my own DELEGWIZ.INF (or customize the default) and create a copy
called DELEGWIZ.INF.CUSTOM
Implement the custom DELEGWIZ.INF on all DCs that are used to configure
I followed the Microsoft whitepaper with the typo's corrected.
Mark
-Original Message-
From: Jorge de Almeida Pinto [EMAIL PROTECTED]
Date: Fri, 20 May 2005 14:42:39
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Unable to log you on because if an account restri
ction
Do you have
to log you on because if an account
restriction
I followed the Microsoft whitepaper with the typo's corrected.
Mark
-Original Message-
From: Jorge de Almeida Pinto [EMAIL PROTECTED]
Date: Fri, 20 May 2005 14:42:39
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Unable to log you
if an account
restriction
I followed the Microsoft whitepaper with the typo's corrected.
Mark
-Original Message-
From: Jorge de Almeida Pinto [EMAIL PROTECTED]
Date: Fri, 20 May 2005 14:42:39
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Unable to log you on because if an account
DEC
IT Forum
TechEd
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 5/17/2005 4:35 AM
Subject: [ActiveDir] Windows / AD Conferences
If you had to go to three conferences a year on Microsoft Windows /
Active Directory / Security, which would you
Hi,
I remember the following issue described in
http://support.microsoft.com/default.aspx?scid=kb;en-us;316826
You Must Rename the SYSVOL Member Object to Rename a Windows Server 2003
Domain Controller
Cheers
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To:
If I remember correctly you need at least the
DS-Replication-Monitor-Topology extended right. I assume your elevated
account is member of the enterprise admins which have this right to manage
replication throughout AD or a member of domain admins which have this right
to manage replication for the
Hi,
Try the following:
Account Lockout and Management Tools
Download tools that you can use to troubleshoot account lockouts, as well as
add functionality to Active Directory
http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-
8629-B999ADDE0B9Edisplaylang=en
Cheers,
There are several ways...
If clients from a certain subnet connect to AD the DC that services the
client will register an event ID (5807) stating what is shown in
http://www.eventid.net/display.asp?eventid=5807eventno=4298source=NETLOGON
phase=1
The following solutions come into my mind in a
Or install the latest DSCLIENT for the 9x and NT systems!
QUOTE
Site awareness - This includes the ability to log on to the domain
controller that is closest to the client in the network and the ability to
change passwords on any Windows 2000/2003-based domain
records looking for the nearest DC to the subnet
that it is on.
Jose
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Jorge de Almeida
Pinto
Sent: Wednesday, May 11, 2005 10:01 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Site/Subnet Management
is possible because different mechanisms are used for storing pwds)
* Not the size of an Identity Management tool like MIIS
Could MS Services for Netware play a role in this?
Cheers
#JORGE#
Met vriendelijke groet / Kind regards,
Jorge de Almeida Pinto
Infrastructure Consultant
Hi,
* W2K/WXP/W2K3/AD support NTLMv2 by default
* NT4 supports NTLMv2 after SP3 or SP4 (not sure which one)
* For W9x install the DSCLIENT
(http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/adext
ension.asp)
For more info see also:
http://support.microsoft.com/?id=555038
Legacy stuff (NT4 and W9x) MUST/USE NetBIOS and WINS is just a service that
provides this.
Although W2K/WXP/W2K3 use DNS as their primary resolution method some
features still use NetBIOS (e.g. LOGON BOX). Also some apps also still use
NetBIOS for some of the functionalities
Fore more info see:
In addition to what Deji said, you need the trust to populate sidhistory and
to migrate accounts from the source domain
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 5/12/2005 4:29 AM
Subject: RE: [ActiveDir] Accessing NT4 resource domain via
Are those accounts members of some default MS admin groups? (e.g. domain
admins, account operators, etc.)
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bruyere, Michel
Sent: maandag 9 mei 2005 22:22
To: ActiveDir@mail.activedir.org
Subject:
vriendelijke groet / Kind regards,
Jorge de Almeida Pinto
Infrastructure Consultant
__
OLE Object: Picture (Metafile)
LogicaCMG Nederland B.V. (BU SD/AT)
Division Industry, Distribution and Transport (IDT)
Kennedyplein 248, 5611 ZT, Eindhoven
. Postbus 7089
protocol in any way, shape or form.
Jorge, just want to be sure that you know that I know you weren't
insinuating LADP had anything to do with authN, either. Merely
clarifying
the point.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de
I read the post from the other guys and I understand you also have a Novell
environment and it is not that simple if you're migrating from Novell and
NT4 to AD. For this you also need two migration tools.
Before I say something I have the following questions for you:
* What is the purpose of the
use the option -nodn
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 5/6/2005 4:37 PM
Subject: [ActiveDir] ADFind syntax
Hey Joe; I have a question for you (or anyone else who knows!) about
ADFind.
Let's say I'm searching for, for example, a
who knows it better than its creator??? ;-))
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 5/6/2005 4:56 PM
Subject: RE: [ActiveDir] ADFind syntax
Take a peek at
-nodn
and
-nolabel
Like for instance, this command below will enumerate the
forgot one
How are the resources secured in both environments? groups and/or users?
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: 'packman '; '[EMAIL PROTECTED] ';
'ActiveDir@mail.activedir.org '
Sent: 5/6/2005 7:55 PM
Subject: RE: [ActiveDir] SID History Filtering
I read the
not sure if it will work, but the first thing that comes to my mind is to
reinstall the TCP/IP stack
see for more info
http://www.petri.co.il/reinstall_tcp_ip_on_windows_xp.htm
http://support.microsoft.com/?kbid=299357
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir
1 - 100 of 435 matches
Mail list logo