,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: Rick Kingslan
Sent: Thu 9/21/2006 11:00 AM
To: ActiveDir@mail.activedir.org
Subject
Joe, Tomasz -
Yep, you're right that it may tend to show a bad precedent for people to
follow. I haven't taken a look at these particular labs (and having just
come back from a long hiatus, I didn't see the referenced lab) but is the
guidance there as to what Best or Preferred Practices
Be afraid Be very afraid! :-)
Rick
_
Be seen and heard with Windows Live Messenger and Microsoft LifeCams
that the policy is applied to (say it has finance in the name of the OU)
how will you do that programmatically without directly hacking the policy files
which last I heard wasn't supported?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday
tested, but in that case, using a totally separate
hard drive or some other separation technology will still likely prove
to be more viable than dual-booting.
-ASB
FAST, CHEAP, SECURE: Pick Any TWO
http://www.ultratech-llc.com/KB/
On 1/1/06, Rick Kingslan [EMAIL PROTECTED] wrote:
Heheā¦. Let
] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, January 01, 2006
1:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WinXP and
Win2003
Hehe. Let me know how that
full-out testing of Vista and Aero Glass is
going for you in a VPC or a VMWare virtual machine.
I
...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rick Kingslan
Sent: Sunday, January 01, 2006
1:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WinXP and
Win2003
Hehe. Let me know how that
full-out testing of Vista and Aero Glass is
going for you in a VPC
Tomasz, I think that Mark is looking to populate his metabase with data
other than User 1, User 2, User 3, etc. with simple or blank attributes.
So, he's looking for stuff like Homer Simpson, with all of the user data,
then Marge, etc.
Rick
-Original Message-
From: [EMAIL PROTECTED]
something here.
Cheers,
Al
On 1/2/06, Rick
Kingslan [EMAIL PROTECTED]
wrote:
One question is all of your validation testing done on VM's
or is the final sign off done on 'production deployable' hardware?
I'm a big advocate of VM testing, just
-bit guests.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, January 02, 2006
9:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WinXP and
Win2003
If you want to test 64 bit you are
kind of screwed too, oh wait vmware
The real benefit to the GPO method is that
you can target scripts to the same _groups_
in which the GPO would affect and you can target Computer groups, which
you cant do (for obvious reasons) with logon scripts. This lends itself
to some very elegant solutions that Im sure one could do
Hehe. Let me know how that
full-out testing of Vista and Aero Glass is
going for you in a VPC or a VMWare virtual machine.
I agree, dual-booting is not the optimal
method to running different OSs, but if you want the OS to have the full
machine, rather than the limited virtualized
joe stood up and attempted to smack Mark
Parris with a large trout, saying:
I would rather not set domain
policy with GPOs. While I am at it, I think we are far beyond the point that we
should have the ability to programmatically handle settings in policies.
Huh? Can you explain both
Re: My message to joe. Maybe 50% of the time - I'd agree. However, if you
want to test that snazzy new Fibre HBA or would like to see what the impact
for the user is going to be with CAD with the newest High End InterGraph
workstation video card - VMs aren't going to work.
The hardware
Note Exchange doesn't take kindly
to ICMP echo being disabled either. If Exchange can't ping a DC, DSACCESS does
not see that DC unless you have specially configured it.
Which, I always thought was a pretty funny
way of doing things anyway. As you are well aware, Ping
doesnt mean alive
Correct. Devon, as much pain as there is in the
process, AS I UNDERSTAND IT (I do not speak for PSS) the Domain Rename process
is the only supported method of doing what you want to do.
Jorge's lab experiment does indicate that you might be able
to do it alonghis describedway,but you need
Title: DMZ domains and IPSec - looking for explanation re resource access and authentication
I haven't perused the OS source
code
Right. Rub it in,
bud.
;o)
Rick
--Posting is provided "AS IS", and confers no rights or
warranties ...
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Replication is at an attribute level and the corruption is
usually a bit flip - whichisn't replicated. The data itself (a table
or an index) is checked and if found to be invalid, I *believe* (joe, ~Eric,
brettsh) is marked as such and is no longer replicated.
-r
--Posting is provided "AS
I've been informed that I'm wrong on this. Please
ignore, and listen to joe/~Eric/Dean/Brett/Anyone else.
Cheers!
-r
--Posting is provided "AS IS", and confers no rights or
warranties ...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick
KingslanSent: Wednesday,
You will need to have two things - One: A separate
partition in which to install XP into. Two: a DOS-bootable network enabled
floppy to map to a share (in whichan administrative 'dump' of XP has been
done)or shared CD drive on another machine.
After mapping to one of these two, you could
Both of the errors deal with journal wrap in the FRS logs A number of
issues as to WHY this happens.
However, I'd upgrade to UltraSound - the successor to Sonar. It has much
better JIT information associated with the errors - and how to fix them.
Rick
--
Posting is provided AS IS, and
yawn
Sometimes, I realize that I commented on something, go back
and read the thread and come upon a novella.
Occasionally, all I want is a paragraph. Hopefully,
all of this information wasn't meant for me, because all I do day in, day out
these days is drink from a fire hose - hence why
Excel?
Otherwise, I'm not completely clear as to what you're
trying to accomplish.
Rick
--Posting is provided "AS IS", and confers no rights or
warranties ...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank
AbagnaleSent: Friday, November 25, 2005 10:02 AMTo:
Harald -
You have two NICs installed in this box, which is a DC. (Not a suggested /
recommended configuration, but beside the point)
Do you also have ICS installed, or Routing and Remote Access with natting
installed? (Educated guess, given the 192.168.0.1 address)
Be extremely verbose on
it depends on who you are :-) We actually highly recommend two nics in
our SBS DCs :-)
It was binding order. External nic was first.
ICS ...ick... what are we workgroup? I'm an RRAS fan :-) [okay the SBSer
will go shut up now :-)
Rick Kingslan wrote:
Harald -
You have two NICs installed
True. But, to monitor services does someone have to
log on to the server? Would a good and SAFE work around - if the said user
doesn't need to log on, to create a service account to do the work, but remove
the interactive rights?
Seems to me that proxying the access would be the close to
Jonathan -
275 replication links seems, at least to my tired eyes this
AM, to be a lot. Are you running a branch office environment, or is this a
number of remote sites that link back to a single hub?
I'm interested as to why there are so many repl links to
your DCs, only if it's one DC.
Add to that - SATA is not for the desktop only. Check out some of the SAN
coming out from most vendors, EMC included. Those drives and connections
look a lot like SATA to me.
Rick [msft]
--
Posting is provided AS IS, and confers no rights or warranties ...
-Original Message-
From:
from PSTs and Bricked Backups!T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, November 06, 2005 7:04 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FYI: MS-KBQ909360 - Potential file corruption on
NTFS volumes
Protecting the world from PSTs and Bricked Backups!T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, November 07, 2005 12:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FYI: MS-KBQ909360 - Potential file corruption
. Nice to meet you. Who are you?
Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, November 07, 2005 12:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Unreadable Netlogon.dns file
~Eric
Who ARE you, anyway?(t)
(t) - Trademark, Rick Kingslan.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Monday, November 07, 2005 5:41 PM
of the day... it's my responsibility for my network. I won't be
complaining to Microsoft that they didn't warn me that bad things might
happen if I don't keep nice breathing room on my drives.
Rick Kingslan wrote:
Hmmm. I guess I see this in a different light. In my new, improved
view of the way
Ken, I agree completely.
What I find very interesting in reading this KB is that it appears that the
problem did NOT exist pre-Windows Server 2003 SP1, and that a series of very
specific conditions need to be met. The third seems to be the element that
makes this more unlikely to occur - The
Dan - there will likely be as many opinions on this topic
on this list as there are knots on joe's head.
Basic rules for a DC are this (IMHO):
Mirrored (or RAID1) for OS
Mirrored (or RAID1) for DIT and Logs
You can certainly host a third mirrored pair for the logs,
but that will mostly
of the full circumstances surrounding the issue.
Rick [msft]
--
Posting is provided AS IS, and confers no rights or warranties ...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, November 06, 2005 9:06 AM
To: ActiveDir
How long have you known joe? Short version PLEASE!
Rick
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Sunday, November 06, 2005 12:17 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003
Hmmm. I guess I see this in a different light. In my new, improved view
of the way that Microsoft communicates things, no - it doesn't seem to be
very dumb at all. The statement and the KB, that is.
At this moment, I'm watching George Carlin's new HBO special. He relates
that he's always
All -
I want to apologize to all those that have been patiently waiting for the
ADMap that I promised. It is going to be sent out today.
Let's just say that closing out my current project became more hectic than
it first appeared. However, I have a slew of names that wanted the tool,
and
Peter,
Though it may appear that I have a vested interest in keeping you on our OS,
those that know me know that if a reasonable argument is presented - I will
assist in the migration for our customers. It's simply good practice and
good relations.
Typically, when I hear that a customer wants
There are a number of ports with TCP and UDP/TCP required
that must be available for full communication from DC to DC to succeed.
Likely one or more of these are blocked and a ping is great for basic
connectivity.
From both sides of the VPN, run DCDIAG /v dcdiag.log
and a netdiag /v
If your DNS is not answering for the domain that AD lives
in, the yes - your replication will not work.
1. If you go to the DNS applet, do you have a DNS
Forward zone created for your domain?
2. If the domain is there, what is in the DNS
zone? Are there other 'folder's' inside, or just DNS
OK. It makes more sense.
1. Are you moving away from Active Directory to NIS? If not, keeping
DNS on Windows is a zero cost / zero impact issue. If it's AD integrated,
then the cost is nil. It's a no cost part of the DC package.
2. DNS on a Windows server as the primary system does
Huh. That doesn't appear to be _US_ I wonder if the Engineering
Services group knows that a third party (Partner at that) is advertising
these services.
Honestly, I didn't think that we farmed those services out
Checking.
Rick [msft]
--
Posting is provided AS IS, and confers no
Simple and most forward answer is to create two site - one for each
location, with associated subnets assigned to each site.
The longer answer is related to how many users in each site, how fast (in
AVAILABLE THROUGHPUT) is the connection between, and are you intending to
put at least one DC in
Yes, they (we) do. I'll check into them and give you an overview of what
they do If I can, to be more correct.
Rick [msft]
--
Posting is provided AS IS, and confers no rights or warranties ...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
I had to be on for that He kept wanting to spell words wrong.
Eventually I just took out all references to the words color, humor, and
other or words.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, October 14, 2005 7:31
and how much
Dean and I can cover in 10 minutes and we had to chop it off at 90 minutes
because we both had to be somewhere else. Obviously, I had to change it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, October 16, 2005 8:14
And, as you know that does work well in SBSland. However, when the scale
grows, so do the requirements. IN the Medium to Enterprise space, the idea
is more along the lines of a system or series of systems pumping this type
of information into paging and making intelligent decisions based on the
Oooof. ROTFLMAO!
Funny - very funny!
Rick [msft]
--Posting is provided "AS IS", and confers no rights or
warranties ...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phil
RenoufSent: Friday, October 14, 2005 11:20 PMTo:
ActiveDir@mail.activedir.orgSubject: Re:
trying to
tell me?
I'm still a fan of www.eventid.net over microsoft.com's click here.
Rick Kingslan wrote:
And, as you know that does work well in SBSland. However, when the
scale grows, so do the requirements. IN the Medium to Enterprise
space, the idea is more along the lines of a system
] wrote:
Yup information overload 'is' a problem.
And then after the scale its... okay what the heck is the server
trying to tell me?
I'm still a fan of www.eventid.net over microsoft.com's click here.
Rick Kingslan wrote:
And, as you know that does work well in SBSland. However, when
You have more than just Steve on the list from Microsoft.
If you want ADMap - send me an e-mail via little 'r' (meaning - reply to me
directly [EMAIL PROTECTED]) and I'll respond with a mass e-mail of the latest
version of ADMap in two batches - on on Tuesday before I head out of town
again, and
Title: Domain Controller Consolidation utilizing Dual Core CPUs
joe,
Steve may have completely different information that I, but
at present I'm not seeing empirical or preferred practice recommendations around
64-bit GCs in relation to Exchange. So, the recommendation is not changing
-
Tony Murray Said:
Joe, I've had no complaints about you to date.
Good. I'll start. Here's your first.
He's an over-bearing know-it-all looking for his first and second million.
Plus, he uses more bandwidth than everyone combined.
If someone asks, he - Could I stand a second domain
"Does placing the DC inside a virtual machine add any
security? Would it be harder for someone with physical access to compromise the
DC?"
Hmmm
interesting. Yes, and no. Physical access is always an issue, but
the NTDS.DIT is not out there in the open on a disk as it might be in a
joe said: Again, the reviewers did a fantastic job.
Of which, you will all notice when the book comes out, I am _NOT_ one of
those reviewers.
joe said: They kept me honest
Which is one of the reason _WHY_ I was not one of those reviewers
Rick
P.S. Hey, joe :op
-Original
to spell words wrong.
Eventually I just took out all references to the words color, humor, and
other or words.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, October 14, 2005 7:31 PM
To: ActiveDir@mail.activedir.org
Subject: RE
] Adding custom fields to AD
Yeah, GPOs aren't AD. GPOs are an application that use AD. I hate GPOs. DNS
too.
:o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, October 08, 2005 11:19 AM
To: ActiveDir@mail.activedir.org
atabase.
thanks
On 10/8/05, joe
[EMAIL PROTECTED]
wrote:
Yeah,
GPOs aren't AD. GPOs are an application that use AD. I hate GPOs.
DNStoo.:o)-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] ] On Behalf Of Rick
Kingslan Sent: Saturday, October
However, as we have discussed her MANY, MANY times - it might not be
SUPPORTED. That simply means that PSS is only going to give best effort.
They are NOT going to tell you:
Sorry - not supported. click
If they do - let me know. I'll love taking that one to the brass.
As we know - DCs work
Interesting question - and as to the 'implode point' for ESE/Jet Blue,
Brettsh can answer that one. I'm pretty sure that we have a good idea on
where the point of diminishing returns is, but it likely FAR exceeds what
anyone might practically do today - even with added classes and attributes.
As
] On Behalf Of Rick Kingslan
Sent: Saturday, October 08, 2005 10:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Adding custom fields to AD
Interesting question - and as to the 'implode point' for ESE/Jet Blue,
Brettsh can answer that one. I'm pretty sure that we have a good idea
blanks and dupes here
-r
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Thursday, September 01, 2005 10:35 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Active Directory
Permissions
Michael Smith's last post with this title showed up as
blank
@mail.activedir.org
Subject: RE: [ActiveDir] Infrastucture Master and adprep /domainprep
Yep, that was him. Drat, dunno why I had Luther in my head as being his
first name.
- L
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday
: [ActiveDir] Infrastucture Master and adprep /domainprep
Yep, that was him. Drat, dunno why I had Luther in my head as being
his first name.
- L
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick
Kingslan
Sent: Monday, August 29, 2005 12:32
Yep - I've been through this just of late. If the Change at next logon is
set, IIS doesn't have that level of function to allow this to take palce
through the current functions.
Rick
--
Posting is provided AS IS, and confers no rights or warranties ...
-Original Message-
From: [EMAIL
Heavy German accent? I suspect that it was Andreas Luther (and looks
nothing like Guido)
And - it might have been DEC as Andreas was there for the Identity
Management (read:MIIS) portion of the conference.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Are you talking about external trusts? If so, then yes. You would follow
the same procedures as you would for a win2x to Nt 4.0. You'll need to
specify the #DOM, #PRE to get the 1B, 1C records loaded.
As we discussed a few weeks ago, this is the rather archaic method to do it,
but if you don't
wouldn't be an option.
Specifically, though, they have their
backs up with 135. Do you know what's using it during a logon/GPO
process/??
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Wednesday, August 24, 2005
10:51 PM
To: ActiveDir@mail.activedir.org
It's not likely due to GPO processing. GPOs themselves are typically very
quick to process, unless there is either Software Install that is taking
place through the GPO or complex WMI filtering that would slow it down.
Otherwise, GPO is very fast.
I've done testing with 1 GPO and with 50 GPOs...
And, given that Science has proven cockroaches will survive a nuclear war,
it's even a worse choice than originally thought
:o)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, August 25, 2005 9:34 AM
To:
Inline.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe
Sent: Thursday, August 25, 2005
11:34 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Questions
about hotfix 903235 (MS05-037)
Hi -
I've posted this elsewhere, but
Youve likely seen this, but it does
describe ports needed for REPLICATION However, Steve does
talk about the benefits of using IPSec through a firewall
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner
Sent: Wednesday, August 24, 2005
10:31 PM
Tom Kern said:
Say i use one of the custom attribute fields that Exchange creates and put
a value in there and hide it from Domain users.
what would break?
how would i go about hiding that?
just as an example
[RTK]
Hey, joe Just a suggestion. If someone asks you what time it is -
If the AdminPak has never been installed
on a given system, the snap-ins that are the Administrative Tools say,
ADUC, should not be available.
Are you saying that you have the snap-ins
on a Win2k3 system with SP1 that you are certain the AdminPak was not installed
on? Im unclear as to
Having read through most of the replies on this, it's interesting that there
was an internal (to Microsoft - just to clarify) discussion on this same
topic yesterday.
Seems that a customer was having problems with a function calling APIs for
SID creation when the SID exceeded 68 bytes.
I'll let
at work today, systems that have never seen the admin pak,
have the mmc snapins installed. Vanilla 2003 this is the case too. They are
Just not visable under admin tools, but are available as mmc snapins, even
without the adminpak installed.
Mark
-Original Message-
From: Rick Kingslan [EMAIL
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, August 19, 2005 12:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User SIDs...
Having read through most of the replies on this, it's interesting that
there
was an internal (to Microsoft
or
28 bytes (4 or 5 RIDs respectively).
Joe K.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, August 19, 2005 12:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User SIDs...
Having read through most
Jennifer,
Thanks for the update and the resolution.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Fountain
Sent: Thursday, August 18, 2005 1:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Problem at remote site
Hi all:
Funny that - I lost mine when I JOINED Microsoft. I was told that it might
be hard to get as my job doesn't require access to source...
Rick
P.S. I say just plain blech They're great for throwing As to
eating - Have no use for them. :-)
-Original Message-
From: [EMAIL
OK, new machine (AMD64... oh yeah!) is up and running. I'm not going to go
back and catch up on everything, but this one caught my eye.
We used NIC teaming for years. We had multitudes of problems, more
associated with either our setup team not setting the NICs to 100/Full
consistently, or the
Are you wondering if restarting the server
is mandatory? I suspect that it is, unless you really dont want to
be protected. Often times, the components being replaced are only read on
system startup.
Given that the bulletin specifically says:
Restart Requirement
You
must restart
Are you wondering if restarting the server
is mandatory? I suspect that it is, unless you really dont want to
be protected. Often times, the components being replaced are only read on
system startup.
Given that the bulletin specifically says:
Restart Requirement
You
must restart
Juan
Apparently you didnt read MY
message YES its mandatory to apply the patch..
If you DO NOT REBOOT youre going to
get slapped by the worm.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ibarra, Juan
Sent: Wednesday, August 17, 2005
6:01 PM
To:
Tom -
Regardless of the scenario and how it's done - you never, never, never,
clone DCs. This will lead to very bad things - possibly including the
appearance of the Anti-Christ, opening of Black Holes, ABBA coming back to
prominence.
Do NOT do this. Do NOT allow IBM to do it. Period.
Rick
issues to boot around user
and group updates from outlook.
/RANT
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Thursday, August 11, 2005 12:30 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] account operators
As WMI goes, these are the best books available - period.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir
Sent: Friday, August 12, 2005 10:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] ok, last one really
On MSDN,
;-)... but I suspect, short of building a PoC environment
or answers from the group, finding out things like mailbox
delegation...whether FE/BE topology works etc, means test test test :-)
Mylo
Rick Kingslan wrote:
Mylo,
I'll answer this, and when joe gets back online later, I'm sure
No, not the store - it's a bit of a misnomer that to create a mailbox you
need to have permissions to the store.
If you can create the mailbox attributes on the user account, the first time
that a mail message is delivered to the newly mailbox-enabled user, the
actual storage area on the store is
O:S-1-5-21-2527121305-4244181741-3459546813-500G:S-1-5-21-2527121305-4244181741-3459546813-500D:(A;CI;CCDCRC;;;PS)(A;CI;CCLCRC;;;S-1-5-21-3308934242-2785796821-2776977491-2370);
In the example above, you have a classic
output that contains SDDL (Security Descriptor Definition Language)
Because, by default, the AO does not have permissions over Exchange
attributes.
These need to be assigned separately.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Thursday, August 11, 2005 10:25 AM
To:
Subject: Re: [ActiveDir] account operators
thats what i thought but then it would make sense that AO group would
be able to set that attrib on a user they have full control over.
why can't they create a mailbox for a regular user?
thanks as always, rick
On 8/11/05, Rick Kingslan [EMAIL PROTECTED
Is this machine JUST a DC? If so, (without going out and having to buy a
3rd party piece of software) you can whack it and rebuild. You'll have to
do the MetaDirectory cleanup for a DC removed from a domain improperly.
If that's not feasible, when was your last system state backup? You can go
Just put the LDAP filter into an appropriate batch or VBscript file to
accomplish
http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange.htm
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Thursday, August 11,
_
From: [EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Thu 8/11/2005 9:10 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD?
Brett,
How is this going to help him get the DC back online that he yanked the
cable on? As soon as that system
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Rick Kingslan
Sent: Donnerstag, 11. August 2005 22:10
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD?
Brett,
How is this going to help him get the DC back online that he yanked the
cable
be tossed.
I mean this is the whole attraction to hot sites is it not? Am I missing
something?
Cheers,
BrettSh
On Thu, 11 Aug 2005, Rick Kingslan wrote:
Brett,
How is this going to help him get the DC back online that he yanked the
cable on? As soon as that system is plugged back in, it's
is), and the USN is simply allocated from the next available USN
(i.e. it is only guaranteed to be at least 1 higher than the last USN, but
more likely there is just some random number of USNs in between, so it
jumps by some amount ...).
Cheers,
-BrettSh
On Thu, 11 Aug 2005, Rick Kingslan wrote:
A
1 - 100 of 1005 matches
Mail list logo