However, seeing joe's reply - go with his suggestion. He's got a better
instinct for this stuff than I do. But, strangely he's not an Exchange whiz
kid either funny, that.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent
have Rick Kingslan and sometimes let him
post. The list isn't really just about posting a KB and sending someone on
their way, you will often get a lot of opinion on the KB and/or the poster
as well substantial background information on how things work and how they
REALLY work.
No one should
Tom - you do not have to have Win2k3 DCs to use the DS commands.
However, I think there are a lot more reasons to run Win2k3 than just being
able to use the DS commands.
I trust that wasn't your only decision criteria. I would hope that the
Security improvements, the reliability, the
Or a Windows XP against Win2k.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Saturday, July 02, 2005 2:48 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Ds commands
Yep - it *IS* very cool. Guido showed us this during a Pre-Conference
session at this year's Directory Expert's conference.
However, I should note that even though there were many requests, Guido
flatly REFUSED to give away free copies to all attendees.
Guido is not very generous[1] ;o)
In all honesty, just because it's in a KB does not make it less confusing or
misleading. There are many procedures and policies that make no sense at
all - they just haven't been changed, clarified or deleted.
I'd suggest that everyone just take a deep breath.
Rick
-Original Message-
to the
list with this change of job.
Also - please don't post replies to the list. Send them to me directly.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, July 01, 2005 12:52 PM
To: ActiveDir@mail.activedir.org
Subject: RE
Mike,
I agree with what you are saying, that from a best practices standpoint, one
SHOULD eventually remove the old CNAMEs.
However, the point of this discussion seems to be centered around what will
or will not cause problems with replication. Old CNAMEs pointing to
deprecated DC GUIDs is not
Tom,
Minimal mode would be Mixed. Operations that you might attempt that aren't
supported in your current mode will fail. e.g. Trying to use DSADD to
create a Universal Group in a mixed mode domain.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
certificate thus provides an added level of security as the
Certification Authority (CA) does not need to issue certificates directly from
its CA root certificate.
From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 25, 2005 1:48
PM
To: ActiveDir@mail.activedir.org
Noah,
I suspect
that youre missing a root certificate. Review your process of
creating and importing the certificate into the certificate store to ensure
that you, in fact, did have and use the proper Root CA, and
that its in the correct store.
Ironically,
(and I know that this is
]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Thursday, June 23, 2005 6:17 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Group policy question
Charlie,
Can you post the rest of the USERENV log? There should be
some more lines
after the:
USERENV(e8.8338
I initially started looking at this from one viewpoint, and then I began to
think about slow link detection.
You've taken traces to determine the size... What is the return message
from ICMP when this large packet is detected by the PIX? Or, does the PIX
just discard it?
If the PIX is
Title: Advertising RPC services - best practices
Neil,
What are
you trying to restrict? Access to the App, access via RPC, or access via AD?
I can help, but the scope is pretty big at this point.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston,
have expected it, either in the
access list commands or in the icmp command.
Darren
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, June 24, 2005 8:23 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Increase ICMP
Tool from Sysinternal at Winternals
http://www.sysinternals.com/Utilities/TcpView.html
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Friday, June 24, 2005 11:27 AM
To: ActiveDir@mail.activedir.org
Subject: RE:
Wow! They do that at your company, too? And here I thought *I* was the
ONLY one with a non-communicative, dysfunctional network engineering group.
Huh. Well, that ruins all of my 'these are the worst EVER network folks'
excuses. You've just matched me!
;o)
Rick
-Original Message-
IIRC, the trusts are defined and stored as GUIDs. So, determining the GUIDs
are going to make it much easier to determine where the information is
stored. Let me poke around a bit.
As I mentioned yesterday - things are a bit frantic right now, so I might
not get to it today. But, soon the rush
for unqualified hostname
resolution in windows is to Append parent suffixes of the primary DNS
suffix. So if the trusted domain doesn't happen to be in parent suffix it
never looks there. But that's just a guess.
andrew
--On Wednesday, June 22, 2005 11:04 PM -0500 Rick Kingslan
[EMAIL
Nathan,
Typically, the change of IP address, subnet, default gateway and associated
DNS entries will take care of most of what you need.
However, there is one more thing that needs to be done. Pull up a command
prompt on the DC that you've re-IPed, and type this at the prompt (in its
entirety:
Justin,
My experience with this is simple: Sometimes, trusts fail. And, then the
existing elements no longer work. It sucks, but it's true. You can reset
and verify, you can NETDOM it to death - it's physically there, but no trust
is home.
As long as your WINS entries, DNS and/or LMHOSTS
and still no good. No errors in the event logs to
post, I get the following message when I try to choose a name or group
from the domain
The specified domain either does not exist or cannot be contacted.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick
Jose
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rick Kingslan
Sent: Wednesday, June 22, 2005 8:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir][OT] File copy with security intact
Yep - what assist do you need, or what information related
Yeah Those are fun, huh Mark? ;o)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Thursday, June 23, 2005 6:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Cannot Contact Domain over External Trust
I had an
Charlie,
Can you post the rest of the USERENV log? There should be some more lines
after the:
USERENV(e8.8338) 17:04:15:113 GetDeletedGPOList: Finished.
For all intents and purposes, the call CheckForGPOsToRemove does exactly
what it says. They next line enumerates the GPOs that need to be
However, this solves part of the problem, yes? Seems that this won't
prevent the closing of Windows Explorer windows... But, I could be wrong -
I haven't tried it. :-)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent:
Yep - what assist do you need, or what information related to it?
Happy to help
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Tuesday, June 21, 2005 6:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir][OT]
Andrew,
Really interesting problem that you're experiencing here. I can't say that
I have seen this, but I would say in my experience I've worked with a few
multi-tree and multi-forest scenarios. Both the multi-tree and forest would
naturally use a different DNS namespace for each tree or
Fully agreeing with what ~Eric and Nazim states, another way to do this and
lessen the security risk SLIGHTLY is to feed the password in as a parameter
OF the startup script, rather than as part of the script in the first place.
Rick
-Original Message-
From: [EMAIL PROTECTED]
Could we get some more detail on that? I've used Hyena, but I'm not sure
how to use that in a scripted fashion.
Thanks!
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Haaker, Chris
Sent: Monday, June 20, 2005 11:57 AM
To:
Heh. I see that Dean has
already answered this, so Im most interested to see what the Wizard
of the Shell Script has come up with.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Saturday, June 18, 2005 6:00
PM
To:
interesting this time I'm afraid ...
Anybody interested in a script that resets
every DC's DSRM password to the same value? ;-)
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick
Tom,
I think what Ravi
is saying that this is a client side issue, and given the information on this
event hes likely as right as anyone else is going to be, given
the information. The problem with the 20159 event is that anytime anyone
disconnects, a 20159 can be generated. So, its a
Yes youre correct in that you can set this on a per OU
basis with GPO. As Jorge points out, make sure that you are complying by
the processing rules of the GPO list so that your settings are not reverted by
another GPO inherited to that OU.
Rick
From:
[EMAIL PROTECTED]
Guy,
Though it might seem trivial, it's not really easy in any way. If you're
not in mixed-mode, or have child domains - forget it (IIRC). You've passed
the last bastion of 'easy' in a hard process.
The way to do this, and not have tons of lingering issues is to demote all
other DCs back to
off to recuperate ( I rather have the time off
then a small bonus any day ).
Peace,
Jose :-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rick Kingslan
Sent: Thursday, June 16, 2005 5:07 PM
MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Thu 6/16/2005 5:07 PM
To: ActiveDir
OK. We now have the Dean and joe version of what is happening. I'm good
with it.
So, why is Tom's LastKnownParent blank? Now I'm interested.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 14, 2005 9:58 PM
To:
Title: LDAP performance
Nice machine name.. descriptive, to be sure.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 14, 2005 8:04
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP
performance
From port 42217?
joe said:
I am a bit tired and a little high from sniffing tile adhesive
And, then later emoted:
state how to make it performant without listing by name every other
mailbox server by full
Looking at the first statement, and the
LACK OF COMPLETENESS to the second, I think the fumes
Maybe they need an 8-way, or more than 2GB of RAM for the database that runs
on it.
Honestly, though - this has gotten way off the point. He's running MySQL,
and doesn't look like he's going to change just because we thought MSSQL is
a better fit. Or not
Rick
-Original Message-
---
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rick Kingslan
Sent: Wednesday, June 15, 2005 4:37 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Passwords from SQL
Maybe they need an 8-way, or more than
Though I know that there will be as many opinions as people on this list as
to the subject, my preference is from Microsoft themselves. They have
developed a very comprehensive Security Configuration guide which includes
templates that mimic the best practices from the guide, as well as other job
I understand the reason for your request. And, it's admirable that you want
to insightfully inform your user base.
However, looking for live virus or Trojans is not the way to do it. If one
wants to show how things can go horribly wrong, controlled environment or
not, this is likely a good
Yep. Have used it for application and web services load balancing. Also
have used the Cisco CSS.
As long as your Engineer knows the traffic to look for, the destinations,
and if it is to be statefull or stateless - then it will work.
Obviously, the LDAP on 389 is not the only thing to take
is not some clunky old television
with a typewriter in front of it. It is an interface
where the mind and body can connect with the universe
and move bits of it about. -Douglas Adams
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent
. This would make the discussion more real world
like.
/Guido
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Samstag, 11. Juni 2005 05:30
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] mstsc
/console switch for non admins
joe,
Yeah, you
Title: Using AD Sizer
See inline below..
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark
Sent: Monday, June 13, 2005 12:11
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Using AD
Sizer
Im
trying to run through the
same sort of thing.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, June 10, 2005 11:30
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] mstsc
/console switch for non admins
joe,
Yeah, you
had to know it was coming Ricks $.02
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Rick Kingslan
Sent: Friday, June 10, 2005 11:30
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] mstsc
/console switch for non admins
joe,
Yeah, you
had to know it was coming Rick's $.02 worth.
Remember
what we both were
Funny I asked that about, oh, 4 days ago. I didn't get an answer.
Maybe you carry enough weight, Jorge! ;o)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida
Pinto
Sent: Friday, June 10, 2005 3:38 PM
To: 'John Singler ';
John,
You're still not asking the question that has been asked at least twice:
What groups is the problem accounts a MEMBER OF?
You might have answered this in a manner that doesn't register with me - are
you saying that this user is a member of Domain Users and nothing else?
Rick Kingslan
Hmmm. let me think about that.
NO!
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows Security (Affiliate)
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com
access to the food on
the dishes and from that point on only saw dishes that had been scraped.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, June 10, 2005 11:30
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] mstsc
/console
The type of server is going to be of great importance. If you are planning
to do this with a Domain Controller - just don't. It's not worth the
trouble, and is technically not a sound practice.
If you are talking about a member server, are you thinking of imaging just
the base build and then
Subject: RE: [ActiveDir] Security permissions on user object
OK this is odd, I changed admincount to 0 and an hour later it was
changed back to 1. How frustrating. What gives?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Wednesday
Outlook .pst files have a problem with corruption at 2GB. Mailbox size -
how big is the store? :0)
We had one lady who saved every report, every e-mail, I mean EVERYTHING,
since the day she started. Her e-mail box on the Exchange server was (might
still be - not my problem anymore) approx.
ROTLMAO! I share your pain, Brian.
Yeah Gotta love those 'Send to ALL' DLs - and the obvious misuse of
same.
Black bronco in the north parking lot, second level - your lights are on
Ummm, which city/site? I only have 50 of them. And, I'm guessing the
sender knows where he/she is.
Thanks, Mark. I, too, would believe that AD will be in the initial betas,
but that all remains to be seen.
Glad to see that things are moving along with the next iteration.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent:
When you
say Disk Encryption, are you referring to EFS (Encrypted file
system)?
If so
which disk is encrypted, and is your account a recovery agent? Finally,
which OS?
Honestly
I dont know of anything that would prevent a system configured with the
basic information that you provide
As Phil states, this can be done. However, some of these characters are in
there for good reason (such as the '/' as an escape character for the ',')
and I would seriously suggest setting up a complete test environment to test
out your proposed changes before you run a script against your
In fact, yes it will, Russ.
Looking back at the thread, I don't see any discussion about HOW these users
came to have the admincount attribute set to 1. Do you have a root cause?
The reason that I ask is because I've dealt with this before when someone
(who I never caught) added a group to a
joe,
Toss a command line out there for this. Some might be interested in how you
collected this - now that we kno what flags we're looking for!
Thx!
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, June 06, 2005 11:53 PM
To:
in the GUI setup mode, but this is to be made
for a fresh install, not an upgrade. Any ideas on how to load W2K3 into
c:\winnt from the start?
Thanks,
Nate
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, June 05, 2005 10:35
] On Behalf Of Rick Kingslan
Sent: Tuesday, June 07, 2005 2:33 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Q about Site Link Bridging
joe,
Toss a command line out there for this. Some might be interested in how you
collected this - now that we kno what flags we're looking for!
Thx
My first guess is that all auditing is shut off. Something has to be turned
on to audit - otherwise nothing will be posted to the Sec Log.
If this is on the DCs, check the Default Domain Controller Policy. If this
is Member Servers, look Default Domain Policy, OU GPO where Member exists,
or the
the first version of it about 2
weeks after I loaded my first domain controller back in like 1999/2000. I
got sick of doing windiff of two manual dumps right quick.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, June 07, 2005 5
There is no dependency between IPSec and the LDAP/S function. That being
said, is there any reason that you NEED to disable IPSec? I'd leave it
running - but that's just me.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Monday,
for a fresh install, not an upgrade. Any ideas on how to load W2K3 into
c:\winnt from the start?
Thanks,
Nate
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, June 05, 2005 10:35 PM
To: ActiveDir@mail.activedir.org
Subject: RE
to disable services that do not need to run on DC in order to
reduce open ports :-), and i do not need Ipsec service for my DC BUT only
LDAPs.
Regards,
Yann
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Rick Kingslan
Envoyé : lundi 6 juin 2005 17:24
À
Ravi,
Though your thought process is likely correct for your environment, I think
that the math is off just a magnitude:
55GB * 5% = 275MB
So, rather than being ~1MB per hour over a 24 hr. period, it's closer to
12MB per hour over the same 24 hr. period.
You know your infrastructure - the
, it is going to be
off. Anyway, it is pretty easy to turn this stuff back on again.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, June 06, 2005 12:21 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP SSL
all of this well and integrates the pieces to provide a complete
end-to-end solution.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows Security (Affiliate)
Associate Expert
Expert Zone - www.microsoft.com
you think you have enough DC's
Probably would depend on the remote vs. local campus environment, I suppose!
:o)
Company that I was just with had over 100, but we had high demand for
redundancy in over 50 remote sites supporting anywhere from 200 to ~1200
production users at each site. Given
NetPro is focused on Directory Services - and in this case, AD. It's the
primary thing that it does. MOM, on the other hand can be configured to be
focused on AD, but the depth and breadth, IMHO, is not as good as NetPro.
MOM is great for a overall view of lots of Microsoft (and non-MS if you
I've seen exactly the same when an Infrastructure Master was missing. Check
all FSMO owners to be sure that they really DO exist. To do this, it's best
to run
DCDIAG /v /test:KnowsOfRoleHolders
You will need to run this in each domain for the domain FSMO roles, but it
will query the
will run the test against every DC in the Forest.
Might be good to make sure every DC is seeing the same thing as all others.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, June 05, 2005 19:24
To: ActiveDir
For instance... If you connect to a resource via IP, kerberos will not be
used, instead passthrough NTLM will be used.
joe, I'm not sure that I know the reason for this. Can you help? (Book
versions appreciated! :o)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
of the ticket.
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, June 03, 2005 8:13 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir
But, my experiments have shown that though you might be able to get rid of
WINS for Exchange purposes, the Office team hasn't quite grown past its use.
Outlook (including 2003) has a bit of a hard time finding its mailbox if
WINS is not active (or, at least an LMHosts file in place).
Rick
Oh, Jorge! Please stop! We can barely get joe's head through most doors as
it is now He REALLY doesn't need another cheerleader!
;op
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida
Pinto
Sent: Tuesday, May 24, 2005 9:40 AM
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, May 21, 2005 2:37 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Sticky group membership - Solved
Dean,
Would you be as kind as to elaborate on the other issues with Group
have long-since been resolved ...
haven't checked)
That's all I can think of ... hope it proves useful!
Dean
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
apologies. I'm sorry for the 'tone' of my message.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows Security (Affiliate)
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com
Dean,
Would you be as kind as to elaborate on the other issues with Group
Membership Crashing?
I know you're not into the 'joe' model of writing novels, but I'm interested
in what you've noted and why it occurs.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
not broke, Todd.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows Security (Affiliate)
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
_
From: [EMAIL
Mark,
Please post the link to the white paper, if you would. I'm sure that you
can imagine that there are more than a few white papers that we all know
about
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows
Todd,
With all due respect, I think there are more people doing this than you
think. You aren't using a Lag Site, so it's 'whacky'. Your opinion, so
you're entitled to it.
PSS blessed our implementation, BTW. If you'd like, I'll be happy to
provide you with contacts for the ROSS tech (out of
Arden,
Validation - I'm not the only one that MS is telling that 'whacky' things are a
good thing.
-rtk
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of A P
Sent: Friday, May 20, 2005 12:52 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD
Adfind and CSVDE comes to mind.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Friday, May 20, 2005 2:00 PM
To: 'ActiveDir@mail.activedir.org'
Subject: [ActiveDir] Export user info
Is there a way to export all the user
I guess it's just a normal response anymore
Adfind will do that
=)
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, May 20, 2005 3:30 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Export user info
The tool
, or replication
inner workings aren't there - it's my job as an instructor to go beyond what
they already have.
That's how *I* teach it. YMMV.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows Security (Affiliate
Just two things...
Disable Netlogon. If it's disabled as a policy or by going to services and
changing the service properties, restarting on reboot won't be an issue.
Disabled is disabled, regardless.
As to DNS records, I suppose that if the Netlogon service is disabled
(primary for
Yann,
If you remember the situation that I proposed for you (it's working in my
environment today, so I'm fairly certain of its viability) I use a VMWare
server with multiple DC instances. Each instance is staggered for
replication - from 30 minutes to 30 days.
In the instance of a problem in
Todd -
I personally don't have a problem with Recovery Manager.
That being said - Last I checked, Microsoft still didn't allow it as a
SUPPORTABLE solution for the purpose under discussion.
With our company being an Enterprise Agreement customer with a PSS agreement
scaled to 'Get Ballmer out
Marcus,
I kill off the specific rules on those servers. If I'm not interested in a
particular message, it's gone.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, May 19, 2005 9:24 AM
To:
Sounds like there might be some NATing going on. Get with your Network
folks. I suspect that there is something going on at layers 2 and 3 that
are going to prevent what you want to do until the DCPromo is completed.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
There are
a number of freeware event log - syslog tools that will scrape the event
logs for what you are looking to dump out to the syslog server.
Obviously, the second part of this is a syslog server. Those are a dime a
dozen or free. Choose your OS (Windows, *nix, Mac, whatever) and
Of Rick Kingslan
Sent: 19 May 2005 15:59
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD DR - replication lag site
Just two things...
Disable Netlogon. If it's disabled as a policy or by going to services and
changing the service properties, restarting on reboot won't be an issue
:
Administrative Templates
System
Netlogon
DC Locator DNS Records
These settings are disccused in Chapter 4: Planning DNS of the Windows
Server 2003 Active Directory Branch Office Deployment Guide.
-Arden
On 5/19/05, Rick Kingslan [EMAIL PROTECTED] wrote:
You're right - to each his
201 - 300 of 1005 matches
Mail list logo