Were the answers along the lines of it can't be done?
http://www.akomolafe.com/Portals/1/Write%20out%20the%20SMTP%20Addresses%20of%20users%20OR%20Groups.txt
YMWV
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ //
Read http://www.netpro.com/forum/files/authentication_topology.pdf
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
I would not recommend that you do this. Please read the document I referenced
in my previous response. Also, see Ulf's brief description/explanation of the
behavior that you are seeing. I really recommend that you try to understand
what is going on here.
Sincerely,
_
Why are you using adsiedit to rehome a mailbox? Doesn't the move mailbox wizard
work for your needs?
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/
Sometimes, rebuilding OUs is not a Bad Idea :)
Try DSacls or something GUI-sh from Netpro and co.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/
,
Aric (who's Ben?)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Saturday, January 20, 2007 9:29 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Remote DC's on Virtual Server
All indications to the contrary are likely due to insufficient
, I guess ... just curious.
Cheers,
BrettSh [msft]
posting as is
On Thu, 18 Jan 2007, Akomolafe, Deji wrote:
one runs on bare metal and other runs under a host OS
Actually, that's a sleight of hand. ESX runs on a VMware-cooked Linux Kernel.
So, one can argue that, because it is bundled
I don't think that is a Microsoft position. Probably a personal preference
and opinion of the internal people. Publicly, MS supports Exchange
virtualization starting from E2K3 SP2, running on VS R2.
Sincerely,
_
(, / | /) /) /)
ESX (VMWare) is good - and pricey. And very strict as to hardware specs. And
complex to setup and administer. And, I could be wrong on this, NOT
(MS)-supported for virtualizing DCs.
Virtual Server, on the other hand, is good, not pricey, less picky, more
supported (I believe it's actually
the manuals for your infrastructure because you don't work
with it day in and day out.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Thursday, January 18, 2007 1:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Remote DC's on Virtual Server
ESX
it more on par with VMware Server
than ESX/Virtual Infrastructure.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Thursday, January 18, 2007 2:40 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Remote DC's on Virtual Server
Interesting points
IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: Noah Eiger
Sent: Thu 1/18/2007 4:53 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Remote DC's on Virtual Server
I realize this is now getting a bit OT, but.
Deji, I think
How are these servers configured in TCP/IP? Who is forwarding to whom? And what
is the SP level? If you want to take this off-list, you can do so by directly
emailing me.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___//
I had this issue a long time back with a similar product made by a previous
employer. I won't go back into the details, but the problem is that computer
passwords were being restored to previous states that no longer match those on
the DCs at the present state. A manual or scripted rejoin is
,
-Steve
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Tuesday, January 16, 2007 3:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS problem. Periodically have to clear the cache
How are these servers configured in TCP/IP? Who is forwarding
One little addition:
There is a 32-bit version of E2K7, although it neither intended to be used in
production, nor supported if choose to ignore the caveat.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
)
See http://msmvps.com/blogs/ehlo/archive/2005/04/21/43813.aspx
HTH
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
Or these:
http://support.microsoft.com/kb/152300/EN-US/
http://support.microsoft.com/kb/149447/EN-US/
HTH
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/
It's normal. You should be permissioning your resources with groups instead
of directly with user accounts. Groups tend to last longer, so you don't have
to deal with the horrible SIDs.
Sincerely,
_
(, / | /) /) /)
/---| (/_
and the ACE
What is the reason ? could this behavior be altering ?
I'd like sid disappears after deletion of the corresponding group in AD in
order to not have this dirty SIDs...
Thanks.
Yann
Akomolafe, Deji [EMAIL PROTECTED] a écrit :
It's normal. You should be permissioning your
Santa brought me coupon for a new home computer, redeemed the coupon and
built the system
So, what exactly did YOU do?
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
Sorry, Tony. I've been away from emails for most of the week. Did you get a
useful response to your question? If not, does my 2-part AdminSDHolder blog
(http://www.akomolafe.com/JustSaying/tabid/193/EntryID/19/Default.aspx and
,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: Akomolafe, Deji
Sent: Thu 12/21
http://support.microsoft.com/default.aspx?scid=kb;KO;275554
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
People don't seem to have a problem with that concept when it comes to game
consoles :)
Bad analogy. Go stand in the corner, no wii for you :)
When people start running their businesses on game consoles, then you can come
back and compare. For now, it's just plain incomprehensible that you
: [ActiveDir] Vista GPO
So Microsoft should encourage their bad practices?
Laura
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Friday, December 15, 2006 12:39 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO
People don't seem
- Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: Darren Mar-Elia
Sent: Fri 12/15/2006 10:21 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO
Come on Deji-its exactly
it if Microsoft makes it so they CAN'T do it. I feel Microsoft
should be applauded for forcing admins to do their jobs correctly for a change,
instead of giving in to the lazy or uninformed amongst us.
Just my opinion,
Tim
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent
] On Behalf Of Akomolafe, Deji
Sent: Friday, December 15, 2006 1:42 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO
I wouldn't put it in those words. But, yeah, I would expect Microsoft to be...
shall we say...pragmatic, realistic. Something like, enable its customers to
run
] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Friday, December 15, 2006 1:42 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO
I wouldn't put it in those words. But, yeah, I would expect Microsoft to be...
shall we say...pragmatic, realistic. Something like
Of Akomolafe, Deji
Sent: Friday, December 15, 2006 2:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO
Tim,
it is the height of professional arrogance to think that anyone who
don't/can't/won't do things the way you think they should be done (best
practices) are lazy
weirdness
Thanks alot! That helped.
I wonder why it worked from my XP box?
Thanks again
On 12/13/06, Akomolafe, Deji [EMAIL PROTECTED] wrote:
http://support.microsoft.com/default.aspx/kb/829756
Sincerely
convert the zone from AD-intg to Primary. The zone should be written to
system32\dns folder after that. Once you have the file, you can go back and
convert the zone to AD-intg again.
Another option is to use dnscmd to dump the zone info to file. You can use
/enumrecords or /zoneprint,
http://support.microsoft.com/default.aspx/kb/829756
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
Lithium batteries are resilient to the charge/discharge issues associated with
earlier batteries. Generally, you want to replace batteries after about 18
months, because that's when depreciation sets in.
Sincerely,
_
(, / | /) /) /)
http://support.microsoft.com/kb/300202
Pay attention to the part that says To Remove the Root DNS Zone
Then look at the part that says: To Configure Forwarders. You only NEED to do
this part IF your ISP is blocking you from running DNS on their network. In
that case, you will point your DNS
John,
now that your DNS is working on the server, you need to make sure that your
clients are using ONLY this server as their DNS server.
Reconfigure your clients' Primary DNS server entries in TCP/IP configuration
to have the IP address of your DNS server. Remove any other IP address that you
another thread then?
On 12/11/06, Akomolafe, Deji [EMAIL PROTECTED] wrote:
John,
now that your DNS is working on the server, you need to make sure that your
clients are using ONLY this server as their DNS server.
Reconfigure your clients' Primary DNS server entries in TCP/IP configuration
Do you have another DNS server? If yes, then configure the problematic server
to use this other DNS server (in TCP/IP configuration). If no, then remove and
reinstall DNS.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __
-TO configure the other DNS server (in TCP/IP configuration)? Sorry I am
newbie on this service.
Also, I already remove and reinstalled the DNS however no luck. The same
problem.
John
- Original Message
From: Akomolafe, Deji [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Monday
Seen this? http://support.microsoft.com/kb/817470
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
http://technet2.microsoft.com/WindowsServer/en/library/b4d96434-0fde-4370-bd29-39e4b3cc7da81033.mspx?mfr=true
You owe me a beer for making me do your google :)
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
Engineer
Essex Credit / Brickwalk
510 595 5083
**
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Akomolafe, Deji
Sent: Monday, November 27, 2006 6:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Selective auth
Neil,
You responded to the thread where Steve already corrected himself. Read the doc
you cited again. Only the EDC membership changes during the process you
described. EDC itself is NOT created at this point. It is merely made a member
of the newly-created Windows Authorization Access group.
Since someone has already taken the time to address this, I will simply refer
you to
http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1040355,00.html
If you still have questions after that, then ask away.
Sincerely,
_
(, / | /)
I can confirm we do not have an Enterprise Domain Controllers group in any
of the domains.
Really? How did you confirm that? In ADUC (with Advanced Features enabled in
View) and doing a custom search for enterprise, simply looking in the
Foreign Security Principals containers?
Sincerely,
/
|-+--
| | |
| | |
| | |
| | Akomolafe, Deji |
| | [EMAIL PROTECTED] |
| | Sent by: |
| | [EMAIL PROTECTED]|
| | tivedir.org
Its not viewable/searchable under ADUC even with advanced features turned
on
That is an incorrect statement.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/
/
|-+--
| | |
| | |
| | |
| | Akomolafe, Deji |
| | [EMAIL PROTECTED] |
| | Sent by: |
| | [EMAIL PROTECTED]|
| | tivedir.org
(which I'm guessing is what Deji meant by AD/DNS/Sites, but just in
case...). Given the, um, quirkiness of this environment, I suspect you may have
a difficult demotion ahead. I assume you've done metadata cleanup before? If
not, feel free to post, or just spend a lot of time typing
Getting the new Exchange server in there and moving mailboxes, PFs, RG master
role, etc, is fairly easy. The main work is involved in getting the old server
out of the mix. This (http://support.microsoft.com/?id=822931) should help
somewhat.
Sincerely,
_
I believe I recommended this early on in the thread. Sometimes, it's easier
(wiser) to not fight the fire. Demote, clean it out of AD/DNS/Sites. If you
have the luxury, wipe and reinstall the box, otherwise, just do a rename of the
box. Renaming it is strongly recommended unless you have
Yes, you will need a CA for EAP. Ideally, you'd do a machine cert, because machines are what you want to filter.
Are you providing hosted services to your clients, or what?
Yes, there are ISA appliances. There have been since 2004.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___//
w realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]Sent: Wed 11/15/2006 8:43 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Restrict VPN Access By Computer Name
"Expensive" ISA appliances... let's qualify t
Compare the IP registered for phmaindc1 in DNS to the actual IP address of this machine. Do you see any discrepancy?
Is this your only DC? If not, then I'd demote it, clean it completely out of AD (ADUC, AD Site and services, DNS),and then re-promote it.
Sincerely, _ (, / | /) /) /)
You need some quiet time (and your favorite bottle/keg of liquor) with this
document
http://www.microsoft.com/technet/prodtechnol/windows2000serv/plan/w2kdns2.mspx
If you are in a hurry, just skip down to the Aging and Scavenging part.
Enjoy
Sincerely,
_
Also keep in mind scavenging only applies to records that have timestamps
(which are typically dynamically created.)
Keep in mind that you CAN enable scavenging on static records. The facility is
in dnscmd. So, please don't assume that your static records are safe from
scavenging just
You are right, Calling-Station-Identifier(in some cases) maptothe telephone number. In 802.1x scenario, though,it's usually the MAC, but I have also seen it map to the client's IP address. I attribute this to some vendors not reading the RFC or just opting to do it their way. In our situation,
Which part of it do you not understand?
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried
tory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: Laura A. RobinsonSent: Tue 11/14/2006 8:04 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: M$
That last line really was unnecessary, D
You know what I find amazing here?
That you felt compelled to lend more visibility to this topic, when it, truly, does not deserve an iota of your time. I see people use "M$" in conversations, I note their names and learn to avoid them. It's the same thing I do with people who use "1337" and
Call-Station-Identifier is a much more stable and reliable filter - it is the Client's MAC address. "Client Friendly Name" is optional and may not be sent in many VPN negotiation. The identifier will very likely be sent (I don't want to say ALWAYS since I don't have any relevant doc that say
were worried about Yesterday? -anon
From: Technical SupportSent: Tue 11/7/2006 11:35 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange --NDR--
Please let me know how I can contact you Deji
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, DejiSent
4.4.7 is "usually" the other server's problem. If you want, I can privately help you verify this, if you send me the domain/ip of the other server in a private (off-list) message.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/
Title: Active Directory Health Check tool - where can it run from?
The tool actually lists out the specific requirements for running it. You just need to read the "default.htm" that is part of the generated report.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) /
Tool.penetration
Tony took a vacation and this is what this list is turning into
Time to go wash my brains.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we
whoami -group
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
You never mentioned anything about a "product".
Anywhooo, see http://www.rlmueller.net/primary_group.htm, then go see what Richard did in http://www.rlmueller.net/Programs/EnumUserGroups.txt
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) //
What's with you and acquisitions, dude? :-p
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
From: [EMAIL PROTECTED] on behalf of Darren Mar-Elia
Sent: Mon 10/2/2006 4:55 PM
To: ActiveDir@mail.activedir.org
Subject: Re: RE: [ActiveDir] OT: DesktopStandard acquired by Microsoft
Haha. This is the first time I've been on the receiving end Deji. You can't
blame ME for this one
support.Jabber.com
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
Sorry for jumping into this in the middle. I've been partially following the thread.
To the OP, have you tried:
Convert the zone from AD-intg to Primary one DC
Updating the server data file on that server (done by r-clicking the zone and clicking "update")
Delete the zone from the other
http://www.rlmueller.net/ComputerRole.htm
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried
Yikes! Is it Halloween yet?
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about
Not according to my birth certificate.
See anything "random" here: Dèjì Akómöláfé? Me neither ;-p
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you
I think there is just one version of theR2 CD. The main CD (CD1) has Standard, Enterprise and Datacenter flavors, but the contents of CD2 look the same to me.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP -
Much as I hate to say it, convenience may win here. I know, I know . it's
bad form to have non-expiring passwords, etc, etc. Been there, preached that.
However, the usability factor is a non-trivial design consideration, and even
though we all agree that Sales people are not the most
n 9/14/06, Akomolafe, Deji [EMAIL PROTECTED] wrote:
Here's what I'd do:
Ensure that there is no NATting going on between the 2 DNS servers. Verify this by doing something like "telnet PrimaryDNSServer 53" from the secondary server and then going to the Primary server and doing "
? -anon
From: Paul WilliamsSent: Fri 9/15/2006 12:25 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Strange password issue
Not really, as it's now 512 and can't get to that state without a password meeting complexity.
--Paul
- Original Message -
From: Akomolafe, Deji
OK. The account under discussion is "512". Had to refresh my brains because I just took your 1-4 bullet points and said, uh-uh, there is a way to have an enabled password-less account. Granted it won't be "512" and will be useless, it is still enabled.
Sorry, Paul.
Sincerely, _ (, / |
In addition to what Robert is saying, take a look at http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTTPDep/0849cb53-f1f9-419b-bb74-82bc010e247f.mspx?mfr=true
There are many things that can be responsible for this failure, and you need to selectively eliminate each.
? -anon
From: Matt HargravesSent: Thu 9/14/2006 8:00 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Specifying builtin accounts in GPO settings.
I think we discovered the problem... things were just locked down a *tad* too much.
On 9/13/06, Akomolafe, Deji mailto:[EMAIL PROTECTED] wrote
I guess if you have "Widows", then someone must have "expired" :)[1]
What is the exact error message?
[1] Please don't take offense. I'm just in a laughing mood :)
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP
and Support Center at http://go.microsoft.com/fwlink/events.asp.
On 9/14/06, Akomolafe, Deji [EMAIL PROTECTED] wrote:
I guess if you have "Widows", then someone must have "expired" :)[1]
What is the exact error message?
[1] Pleas
Yes. You run Mac. LOL
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday?
I think you are missing 5.
5. The account was created programmatically disabled with PWD_NOT_REQD set. So, we have 546 UAC. Then someone programmatically set UAC to 544 or went into ADUC and manually enabled the account.
It's a feasible scenario, no?
Sincerely, _ (, / | /) /) /)
yes
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: David
At what point youre better off going with something like Shavlik or Patchlink?
For a 1700 users environment, WSUS will do.
What do they give you that WSUS doesnt?
They do give you some bells and whistles, but you will have to download a trial version of each, install them and compare. Then
James Eaton-LeeSent: Wednesday, September 13, 2006 5:39 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Isolating a DCAkomolafe, Deji wrote: I highly recommend that you readhttp://www.windowsitpro.com/articles/print.cfm?articleid=37935 Then, as a fall-back option, look for the isolation usi
Look at your default recipient policy. What's set there? Just curious.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is
I highly recommend that you read http://www.windowsitpro.com/articles/print.cfm?articleid=37935
Then, as a fall-back option, look for the isolation using IPSec whitepapers on Microsoft site. I can't find them now, but I know that they exist. They show you how to restrict communication with a
Yes. Try doing file://computername/c$ toa few of thecomputers in question. If you can't connect, you have a firewall issue. If you can connect, but can log in with the account you are using for the migration, you have a permission issue. Those 2 tests must pass before you can do any migration.
BTW, here's how I add the ADMT account to the relevant admin groups before the known good"Restricted Group" option was invented. If you find out that "Restricted Group" is not working for you, try the script option.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) /
Ugh! I wish they would invent a computerish thingamabob that reads your mind and paste the link you are thinking :0.
Here's the sample script.
http://www.akomolafe.com/Portals/1/add-to-loc-grp.txt
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) //
It is possible to programmatically create an account that bypasses the password length policy. The password not required flag will let you enable the account with blank password, in contravention of your password policy.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) /
Do you have a zone called "rev" in your sub.domain.com fwd lookup zone?
If not, I want to say that the requestor didn't quite explain what he needs properly. The in-addr-arpa tag that you see is standard for reverse entries. Unless you are doing something fancy in your environment, that's what
Try Hyena. I believe that it has the option to report on ACLs and list the relevant users/groups
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you
If it's 512, then that pwd not req is not true.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were
how old is the offline DC? Does the online DC have a LOT of things (beside FSMO) that you need to sync with the offline DC? I mean, are there are lot of objects that have been created on the online DCs that have not been replicated to the offline?
IF all you want to do is transfer FSMO, I'd
ain,
Aaron
On 9/6/06, Akomolafe, Deji [EMAIL PROTECTED] wrote:
how old is the offline DC? Does the online DC have a LOT of things (beside FSMO) that you need to sync with the offline DC? I mean, are there are lot of objects that have been created on the online DCs that have not been replicated to the o
1 - 100 of 893 matches
Mail list logo