I have a machine (at least one I know of) that isn't syncing time with
the domain controller its logging into. I've restarted the win32time
service on it to see if that would sync it and it doesn't. Any
suggestions on where to start? The DC and the client are off by about 9
minutes.
for time.
~Ben
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Wednesday, January 10, 2007 2:12 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Client time sync
I have a machine (at least one I know of) that isn't syncing time
We're in the middle of an SMS deployment and SMS is making us very aware
that DNS scavenging and WINS tombstoning doesn't appear to be happening
as much as it should. Looking through our DNS records for our domain,
there's like 2 and 3 machine names for one IP. Two of them were tossed
in the
a DNS server that hosts a
primary copy of the zone performs the scavenging process you can
continue to watch those duplicates accumulate and your SMS admins
complain. :)
- Roger
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent
Looking for the general consensus on best practice for a
domain that was upgraded from 2000 to 2003 and switched to 2003 native
mode.
Looking at http://support.microsoft.com/kb/817470/,
MS recommends that we point the primary dns of all our DCs to a single root
controller in our empty
I just did a netlogon AD site cleanup process and want
to delete all netlogon.logs from all DCs in our domain. I noticed you
can't delete it while the netlogon service is running. Is there a better
way to keep these netlogon file sizes down, or delete them regularly than to
stop, delete,
I think Quest Reporter does this.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Wednesday, September 20, 2006 8:34 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD Reporting Tool?
Our auditors, for the first time, now
We
have about 80 AD sites with DCs. All sites are set for a cost of 100 on
the site to site replication, and a replication interval of 15 minutes.
I'm presuming this is probably not a good thing.
One
slow bandwidth site is complaining that their DC is talking to every DC in the
domain.
It's a Windows 2000 native domain, we're about 4 upgrades
from having all Win2k3 DCs and from what I've read, that should help a lot with
replication.
Automatic site link bridging isnt enabled, and we have 0
site link bridges.
We're a worldwide company with 3 main hubs, but it is a
mesh
replicate partitions they don't own to other GCs).
Laura
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Rimmerman, Russ
Sent: Wednesday, August 30, 2006 2:52 PM
What are the various ways we can control the amount of
replication between a specific DC to other DCs? We have one site that's
wan bandwidth is over utilized and we see that the DC at that site is making
connections to many other DCs (assumably for replication). How can we
control this or
Is there any easy way to determine why it's taking so long for PCs in
our AD to boot up? It sits at applying settings for quite awhile, so
I'm thinking it may have something to do with GPOs, but most computers
only have 2 or 3 GPOs applied to them. I wouldn't think the GPOs would
take that long
No, just local.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, August 09, 2006 1:37
PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir]
Computer bootup speeds
Do you have roaming profiles?
Andrew Fidel
"Rimmerman,
On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, August 09, 2006 1:37
PMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Computer bootup
speeds
Do you have roaming
profiles? Andrew Fidel
"Rimmerman,
Russ" [EMAIL PROTECTED]
Sent by:
[EMAIL PRO
roaming
profiles? Andrew Fidel
"Rimmerman,
Russ" [EMAIL PROTECTED]
Sent by:
[EMAIL PROTECTED]
08/09/2006 02:29
PM
Please respond
toActiveDir@mail.act
the XP sp2 firewall to
consistently
know that the machine was domain joined and thus use the domain profile.
Test first.
Rimmerman, Russ wrote:
Well I think we figured it out. If we disable the Network Location
Awareness (NLA) service, it cuts the time down by about 90%. I guess
we'll disable
the XP sp2 firewall to
consistently
know that the machine was domain joined and thus use the domain profile.
Test first.
Rimmerman, Russ wrote:
Well I think we figured it out. If we disable the Network Location
Awareness (NLA) service, it cuts the time down by about 90%. I guess
we'll disable
I have a software
installation GPO (published, not assigned) that I have linked to many OUs.
I now want to move it up to the domain level. Will it hurt to have it
linked to both the domain level, and many sub OU levels simultaneously? I
assume the login process is smart enough to see that
Has anyone seen it
where you add a target to a DFS replica set and the target never replicates with
the rest of the targets, and when you look at the eventlog on the target,
there's no errors? The only events are the FRS service starting normally,
no errors at all. There's never an event
replicating?
Thanks! :)
themolk.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman,
Russ
Sent: Thursday, 15 June 2006 12:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FRS/DFS woes
Share permissions are everyone full
PROTECTED] On Behalf Of Rimmerman,
Russ
Sent: Thursday, 15 June 2006 12:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FRS/DFS woes
Share permissions are everyone full control. NTFS Permissions are
pretty wide open too. All in the same domain. FQDN resolution is
working
incorrectly configured.
Ultrasound would report any errors sure enough. After decoding what it
all means you'll need a dark room to lie down in for a few hours. :)
Cheers
Danny
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: 13 June 2006
?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Thursday, June 15, 2006 8:57 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FRS/DFS woes
Also, one more finding - I'm not sure if this helps or not.
When I run the DFS snapin
-Original Message-
From: Rimmerman, Russ [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 15, 2006 10:29 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FRS/DFS woes
When trying to add a new root on the server I'm trying to replicate
from, I get an error The following error occurred
of the other two machines from it? I'm making the assumption that
all 3 machines are in the same domain - this is correct?
themolk.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman,
Russ
Sent: Wednesday, 14 June 2006 2:25 AM
To: ActiveDir
I'm trying to set up a DFS share and having all sorts of issues getting
it to work. I've installed Ultrasound and i'm either not sure where to
look in it for the answer or it's not giving me the answer.
I set up a link with 3 targets in a ring replication topology. 2 of the
3 servers are
Of Rimmerman, Russ
Sent: 13 June 2006 15:31
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] FRS/DFS woes
I'm trying to set up a DFS share and having all sorts of issues getting
it to work. I've installed Ultrasound and i'm either not sure where to
look in it for the answer or it's
need a dark room to lie down in for a few hours. :)
Cheers
Danny
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: 13 June 2006 15:31
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] FRS/DFS woes
I'm trying to set up a DFS share
We're using this product and extended out schema. No problems to-date.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Tuesday, June 13, 2006 9:06 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Cisco Unity AD schema
I'm wanting to deploy an MSI (office communicator) to 100% of the
desktops in our domain. These desktops are scattered across the world
over various wan links. I'd like to deploy it with a GPO (assign the
software, not force the install), but I also don't want to kill our wan
links. Is there
If I assign a software GPO to all users (domain users), how do I ensure
that if one of those users is in the IT department, they won't
unknowingly push the Office Communicator installation to every server in
our server room?
~~
This e-mail is
out the Windows Group Policy Guide, a soup-to-nuts resource
for Group Policy information.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Friday, June 09, 2006 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] GPO
Policy information.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Friday, June 09, 2006 12:31 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Another GPO question
If I assign a software GPO to all users (domain users), how
At the dos prompt type SET USERNAME
From: [EMAIL PROTECTED] on behalf of Harding, Devon
Sent: Tue 6/6/2006 12:54 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Logged in user
Is there a Command line util., to remotely tell what user is logged into
Sorry, you said remotely.
I usually pull it from WMI. In Win32_ComputerSystem there's a property called
UserName that stores it along with the domain they're logged into in the
domain\username format.
From: [EMAIL PROTECTED] on behalf of Harding, Devon
- 312.731.3132
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Tuesday, May 23, 2006 9:27 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir][OT] DNS on a DC or NOT
What
What about DHCP on a DC? We just had an issue where our weekly reboot task to
reboot all the DCs failed on one DC and it didn't come back up. Any user at
the site who rebooted their PC was down because they couldn't get an IP from
DHCP. Our standard is to run DHCP on the DCs at each site.
---BeginMessage---
Anyone know a way to easibly filter out disabled accounts from the oldcmp
-users report? Would one have to use some sort of bitwise filter from a
translation of a useraccountcontrol 66048 value or something?
winmail.dat---End Message---
Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Friday, May 19, 2006 11:25 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OldCmp question
Anyone know a way to easibly
I've created a new
boolean schema property to flag all of our service accounts in our AD
domain.
I've gone through
and set the boolean to "TRUE" to all the service accounts.
Now I want to use
oldcmp to go through and find all the ones that aren't "TRUE" and meet other
criteria. I've
I ended up using
oldcmp -report -age 120
-users -f "((objectcategory=person)(objectclass=user)(!(ourAttribute=TRUE)))"
And it
seemed to work.
Thanks
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Monday, May 15, 2006 2:50 PMTo:
We received our OID from Microsoft this week, so I went ahead and added
an attribute so I could flag service accounts so we won't accidently
'clean them up' during our account cleanup processes.
I then went to the User class and added my new attribute to it.
When I view a user's AD schema
the schema cache on the schema master?
How are you viewing the user's AD schema properties?
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: 09 May 2006 15:38
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Schema extension
We
---BeginMessage---
What does everyone use for Asset Inventory purposes? We're thinking of having
some sort of script run via GPO at logon to grab WMI info and software
inventory info for our helpdesk in order to be more armed with information
when troubleshooting end-user info. What's everyone
, interrogates, then
uploads its data via a component installed on each machine at build.
Runs over a single port, gets proxied over all our firewalls with SSL,
has self healing and local parent discovery. We couldn't live without
it these days.
Rgds,
Tim
On 5/2/06, Rimmerman, Russ [EMAIL PROTECTED] wrote
Joe - I sent you an
e-mail, I figured maybe going to this list might get more input on this question
as well:
If I wanted to run an oldcmp -report 120 -users -sort cn -f
"((objectcategory=person)(objectclass=user))" -format csv -delim
,
and then send it out
to our remote administrators
Is there an attribute that's generallysafe to use, or
are you suggesting we request an OID from Microsoftand make our own
boolean "ourcompanyServiceAccount" attribute?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Friday, April 28, 2006 2:44 PMTo:
Any ideas?
NTFS compression isn't turned on. Maybe a impending drive failure?
Internal event: Active Directory could not update the following object
with changes received from the following source domain controller. This
is because an error occurred during the application of the changes to
---BeginMessage---
We're a native win2k domain and are a few DC upgrades away from going to 2003
native mode.
We're evaluating Live Communications Server, Sharepoint, Biztalk, etc, etc.
Is there any negatives involved in extending the schema if there's a
possibility we may scrap these
/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Tuesday, April 11, 2006 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Extending the schema
We're a native win2k domain and are a few DC upgrades away from going
. dcpromo, dcpromoui.logs and the err logs.
M@
On 22/03/06, Rimmerman, Russ [EMAIL PROTECTED] wrote:
Yes, from the good DC I can browse the bad DC, but not vice versa. The
bad one can't see anything in the domain, no ADUC, can't browse any other
computers, etc
Have a small Windows
2000 native AD domain, 2 DCs total. One of the DCs was rebuilt
recently. It was demoted, a new server built, and promoted.
Now, from the new
DC, every server or desktop in the domain it tries to browse, you're prompted
for username/password. Trying to use AD Users
have to forcefully remove
it? Did you make sure all traces of the old DC were gone in AD before you
re-promoted it, including all DNS records?
Thanks... ... ...
...
Sergio J. Olivarez -
Contractor
GD-NS
From:
Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 22, 2006 3:20
J. Olivarez -
Contractor
GD-NS
From:
Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 22, 2006 3:20
PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Weird AD
problem
Have a small Windows 2000 native AD
domain, 2 DCs total. One of the DCs was rebuilt recently
in sites and services? Are you
able to connect from the good DC to the bad DC via ADUC or ADSI? Sounds
like maybe it might have been an unsuccessful promotion!
Thanks... ... ...
...
Sergio J. Olivarez -
Contractor
GD-NS
From:
Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, March
Can anyone recommend
any tools to find which of our users have weak AD passwords? We used to
use L0phtcrack back in the day, but it doesn't appear to be supported any
longer? Other than enforcing complex passwords (which we do) and 8
character minimum, we'd like to figure out who uses
Has anyone used
this? I kicked it off about a half hour ago and I can't tell if it's doing
anything. The output.txt is still 0 bytes and the command line hasn't
returned to me yet. It's acting hung but I dont know if it just takes a
very long time or not. Any experiences with this
doh. We have 12,000 users and 79 DCs. Should be
interesting.
Thanks
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Creamer,
MarkSent: Friday, March 10, 2006 8:05 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Richard
Mueller's LastLogon.vbs
Yeah its
OK it finally finished, but it says this error and
output.txt is still 0 bytes:
C:\Scriptscscript //nologo lastlogon.vbs
output.txtC:\Scripts\lastlogon.vbs(143, 7) Provider: This operation returned
because the the timeout period expired.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
---BeginMessage---
Richard Mueller ended up helping me fix it. I had to change one line of code
to say:
objCommand.Properties(Timeout) = 120
It increased the timeout value.
Thanks to all
From: [EMAIL PROTECTED] on behalf of Leroy Clark
Sent: Fri
If you promote a new
domain controller and it doesn't automatically generate the right replication
links, is it safe or recommended to delete the link it generated and manually
create the replication link? Or if you delete it will it try to
automatically generate it again?
All our remote sites automatically pick the same DC at DHQ,
but this site picked a DC that is our primary DNS server at DHQ for some
reason. We've never had that DC be selected by the KCC before, and I'm not
sure why it picked that one instead.
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I see the problem, this remote DC has a "replicate from"
correctly but the replicate to was a different DC. I deleted the
replication link to that DC and now there's nothing in the "Replicate to" blank
for that DC. So it will repopulate within 15
minutes?
From: [EMAIL PROTECTED]
repadmin /showreps for that DC says last replication @
(never). So this DC isn't replicating for some reason. Not sure why
yet, the subnet is defined properly and everything else looks
good.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge deSent:
It's odd, the replicate FROM is different than the
replicate TO on these two DCs. Every other DC we've deployed to date is
the same DC for both from and two (always the same DC for all) and these two
decided to pick something different.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
If you were a 20
user non-profit organization that were having a serious problem with SPAM, had
an Exchange server in-house but an external internet provider that was
"filtering" and forwardingyoure-mail but not doing a good job, what
product or solution would you recommend? The problem is
We found out all our
AD accounts got messed up sometime over the last few days and now none of the
accounts in our AD have the "inherit permissions from parent" enabled so no one
has rights to modify accounts. Is there an easy way to re-enable the
inherit parent permissions checkbox en
: [ActiveDir]
Inheritence
You could use the AD Modify Tool. Select the accounts then go to the
account tab in AD Modify to set inheritable permissions.
You can find AD Modify here
http://www.gotdotnet.com/workspaces/workspace.aspx?id=f5cbbfa9-e46b-4a7a-8ed8-3e44523f32e2
On 2/28/06, Rimmerman
Well someone just
realized that since all our users are local admins on their PCs that they can
map to another users C$ share and see all their data. They asked mgmt if
they knew about that, and now of course, they're concerned about it. It's
been this way for years, but I digress.
SO,
Ahh yes, we do have all users in one global group, and that
global group is auto-added to every local administrators group on each PC
through GPO. I guess that explains that.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander
KooiSent: Tuesday, February 14, 2006
True, but theoretically no users know the local
administrator password on their PCs.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah
EigerSent: Tuesday, February 14, 2006 1:06 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Local admin
priviledges
Also,
Through the "Restricted Groups" GPO provided out of the
box. It replaces membership of groups on local desktops and/or servers
with selected users/groups so that no one can modify the local adminsitrators
group without it changing back to our standard. See
---BeginMessage---
Is anyone using any single sign-on products that they can recommend? Our new
CIO is interested in bringing this project back to life. We looked into it
awhile back and it was cost prohibitive. We've looked at Protocom and
Passlogix in the past, and they both seemed to be
What's the easiest
way to delete a bunch of contacts in AD with a script? I've added AD
accounts in the past via a script but never deleted or added contacts via a
script. Is there anything available today to make this
easy?
~~
This e-mail is
contacts via script
Rimmerman, Russ wrote:
What's the easiest way to delete a bunch of contacts in AD with a
script? I've added AD accounts in the past via a script but never
deleted or added contacts via a script. Is there anything available
today to make this easy?
http://msdn.microsoft.com
I just installed this and looked at it for the first time. Very cool.
How does it work on Win2k3 and Exchange2k3? It does seem a bit slow,
but it works good. Is anyone using this in a production environment
today?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
I have a user that
was migrated fromour old NT4 domaininto our AD domain as a domain
admin. We removed him from domain admins on the AD
side.
I set his
'adminCount' attribute to blank from 1 so others could modify his
account.
Every time I blank
out the 1 setting, I look the next day
The user was removed from all protected groups long
ago. The problem is, his adminCount attribute is still getting set back to
1. I set it to not set, enable ACL inheritence and set his default
permissions back, and an hour later I re-check his account and adminCount is set
back to 1, and
I did just find that he's a member of a group which is a
member of Account Operators group. So I need to remove him from this group
in order for his adminCount to stay not set? If that's true, then
I will have to delegate him permissions at the top since he can't be an Account
Operator
Well he's a helpdesk guy that needs to be able to reset
passwords for everyone in the domain, so I would need to delegate him
permissions at the highest level OU, whereas right now he's in account operators
so he automatically can do it. Once I remove him from account operators,
I'll have
|
|---+---
--|
|Dynamic Update |Disabled
|
|---+---
--|
Rimmerman, Russ
[EMAIL PROTECTED]
rcameron.com
To
Sent by: ActiveDir
this one that you don't see in the GUI when
you enable them.
It applies to XP and 2003, not 2000 The explanation text in the policy
specifies that.
John
Rimmerman, Russ
[EMAIL PROTECTED]
rcameron.com
To
Sent by: ActiveDir
I recall some
discussions about this before and understand Windows 2003 offers a lot better
options, but what are the current best solutions for allowing users to backup
their PDF, DOC, XLS, PPT type important files, and also backing up their e-mail
(PST)? I could quickly script something,
050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman, Russ [EMAIL PROTECTED]
wrote:
What's the easiest and
quickest way to rename a large (1000+) number of AD user accounts? LDIFDE?
AD.NET? Or is there something
easier? I'm going to be importing 1000+ AD accoun
In
Windows 2000 I was able to create a legal notice caption with carriage returns
in it by editing the binary of the registry key and adding a 0D00 value
(carriage return hex). This doesn't appear to work for me in Windows 2003
- it just shows a square box instead of doing the carriage
What's
the easiest and quickest way to rename a large (1000+) number of AD user
accounts? LDIFDE? AD.NET? Or is there something easier? I'm
going to be importing 1000+ AD accounts that are first.last for the username and
will want to rename them to a specific username listed in an excel
server2003/library/ServerHelp/1050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman, Russ [EMAIL PROTECTED]
wrote:
What's the easiest and
quickest way to rename a large (1000+) number of AD user accounts? LDIFDE?
AD.NET? Or is there something
easier? I'm going to be importin
s probably a good bet since you have the
information in Excel already:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/1050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman, Russ [EMAIL PROTECTED]
wrote:
What's the easiest and
quickest way
n in Excel already:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/1050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman, Russ [EMAIL PROTECTED]
wrote:
What's the easiest and
quickest way to rename a large (1000+) number of AD use
t: Re: [ActiveDir] Renaming AD
accounts en masse
CSVDE is probably a good bet since you have the
information in Excel already:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/1050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman,
u have the
information in Excel already:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/1050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman, Russ [EMAIL PROTECTED]
wrote:
What's the easiest and
quickest way to rename a large (1000+) num
We had one of our remote sites that had an automatically generated (by
KCC) replication link have its automatically generated link disappear.
Can this happen without anyone physically deleting it? Also, what would
cause it to not automatically regenerate itself? It's set up just like
all our
Title: [ActiveDir] Automatically created replication links
What if we think it should have left that replication link
there so we don't have to wait hours for our AD data to replicate
overseas? Do we have to just manually create the replication link after it
decided to delete it without
When you're doing a computer account cleanup in an AD domain using
something like OldCmp from JoeWare.net, if you have users who rarely
connect to the domain more than 1 or 2 times per year, how do you
prevent from deleting their computer accounts? I am guessing there's
not a way, other than to
What's the easiest way to find out the last logon time of a user account? And
if you have 50 domain controllers, would you have to query each one for it, or
is this replicated some how? We're in a native win2k domain with mostly win2k3
DCs.
Thanks
timestamp
I used 3rd party software Hyena.
Rimmerman, Russ wrote:
What's the easiest way to find out the last logon time of a user
account? And if you have 50 domain controllers, would you have to query
each one for it, or is this replicated some how? We're in a native
win2k domain with mostly
Is there any way to add Authenticated Users built-in group to the
local administrator group on every PC using restricted groups GPO?
Basically I want an easy way to make sure all users are local admins on
their PCs without creating a custom group. Should I just use xxx\domain
users instead?
I just noticed our
domain-wide operations masters levels all changed. We've had the same
pdc/rid/infrastructure master for years, and suddenly, it's on a different
domain controller. Is there any way this could have changed
automatically? Or did a domain admin have to physically make this
Know of an easy way to find out who? I'm assuming
auditing, but our security logs are unwieldy and if it happened over a couple
days ago, well you know how that goes.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard,
AricSent: Monday, September 26, 2005 3:58 PMTo:
I've got a weird issue going on at one of my AD sites. One site reports
their users are sitting at Applying your personal settings for around
15 minutes. I've generally found this to be a DNS problem in the past,
but not sure how to resolve it so far.
Then, their file servers are falling out
1 - 100 of 296 matches
Mail list logo
