Give dumpsec a try
http://www.somarsoft.com/
We have used it on our file severs and it works well.
Thanks
Mike
On 9/18/06, Tom Kern [EMAIL PROTECTED] wrote:
Can someone direct me to a _vbscript_ that I can run remotely which will dump the ACl's of all file/folders on a bunch of remote
Metadata was already mentioned. If the server was holding any of the FSMO roles then you will need to seize those roles.
Jorge has some good pages on his blog that will help you
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/373.aspx
Moving FSMO roles from one DC to another DC
Give Joe'ssidtoname a try
http://www.joeware.net/win/free/tools/sidtoname.htm
Another great tool from Joe's site!
Thanks
Mike
On 8/5/06, Mohammed AL MASRY [EMAIL PROTECTED] wrote:
dear All,
i have here this user Account ID which is :-
S-1-5-21-1085031214-1383384898-1957994488-1003
In one of the blog comments Haruya Shida said that
Exchange Server Performance Troubleshooting Analyzer tool
+
Exchange Disaster Recovery Analyzer
+
Exchange Mail Flow troubleshooter
=
Exchange Troubleshooting Assistant
Another tool in our arsenal should be a good
Running DC promo is what would change the role on the Exchange box to a DC. It's not supported:
http://support.microsoft.com/kb/822179Overview of operating system and Active Directory requirements for Exchange Server 2003
Why don't you go ahead and make the file server a 2003 DC and then then
Chris,
Here is a link to your last question and you can see the follow-ups there too.
http://www.activedir.org/ml/msg11411.aspx
When you say you want to move all services that run on the old DCs to the exchange 2003 boxand your file server does that mean thatyou want the file server to become
You need to run forestprep from the R2 CD on your schema master.
Paul has a nice summary here:
http://www.msresource.net/content/view/60/47/
and more from Microsoft
http://technet2.microsoft.com/WindowsServer/en/library/5022eea0-54bc-422f-b98b-ddb836c8ee851033.mspx?mfr=true
Thanks
Mike
Give Joe's adfind a spin, there is a good article here that may help too (nice adfind examples)
http://blogs.brnets.com/michael/archive/2004/06/24/168.aspx
On 7/25/06, Mike Hogenauer [EMAIL PROTECTED] wrote:
All,
I'm trying to enumerate all groups in my AD environment. I need to get Group
Brian,
That was a good story, very funny. So what did the guy do? Did he just get up and leave?
I know from reading your posts you are usually straight and to the point. I would be sweating if I had to interview with you.
Going off course a bit. What are some types of AD questions that you all
You can start by printing out this information from Microsoft and showing it to management
http://technet2.microsoft.com/WindowsServer/en/Library/05db0f72-0e18-453b-b294-49cfc8f9d6d21033.mspx?mfr=true
You are not even making it past question 1 if that DC is not secured.
What is the connection
You should be able to set the date formats using a registry entry. Take a look at this page for the various settings
http://www.jsifaq.com/SUBA/tip0300/rh0311.htm
sTime and sTimeFormat should help you out.
You can deploy the registry settings using a login script or create your own template.
This link has been posted before but it should help you out.
http://blogs.brnets.com/michael/archive/2004/06/24/168.aspx
Once again Joe's tools save the day!!
Thanks
Mike
On 5/18/06, James Carter [EMAIL PROTECTED] wrote:
Hi There,
I have been askedon short noticeto provide a list of mail
net group groupname /domain members.txt
Use Laura's solution for nested members.
On 5/2/06, Antonio Aranda [EMAIL PROTECTED]
wrote:
Is there a way to export to text file a list of the members of a securitygroup?ThanksAntonio
List info : http://www.activedir.org/List.aspxList FAQ:
It's also viewable using Ntdsutil
http://support.microsoft.com/default.aspx?scid=kb;en-us;315071How to view and set LDAP policy in Active Directory by using Ntdsutil.exe
Thanks
Mike
On 4/28/06, joe [EMAIL PROTECTED] wrote:
You mean this one
adfind -config -f name=default query policy
See
From
http://support.microsoft.com/default.aspx?scid=kb;en-us;910204sd=rssspid=3198
When a domain controller is selected to host the global catalog, the KCC on the domain controller that is being promoted uses its discretion to build connection objects from source domain controllers that host the
Yes you have to have SP1,
Either way will work. If you installSP1 first then you will only need use Disc 2. If you don't have SP1 installed you need to use both disks which will install SP1 for you.
I would install SP1 even if you were not planning to install R2 at this time.
If you are
Ravi,
If you are still running 2000 you can also use ADModify to do the same thing that Ulf described for 2003.
You can get ADModify here
http://www.gotdotnet.com/workspaces/workspace.aspx?id=f5cbbfa9-e46b-4a7a-8ed8-3e44523f32e2
Thanks
Mike
On 4/22/06, Ulf B. Simon-Weidner [EMAIL PROTECTED]
The person that saves the file last will win. So the last write will win. Take a look at this article for more info
http://support.microsoft.com/?kbid=221089
Thanks
Mike
On 4/5/06, Thommes, Michael M. [EMAIL PROTECTED] wrote:
Can someone tell me what happens with DFS/replication when a file
Non Profit probably means you don't have a huge IT budget. You may want to give SpamBayes a try.
The client plug-in does a decent job of filtering spam... and it's free.
http://spambayes.sourceforge.net/index.html
On 3/6/06, Rimmerman, Russ [EMAIL PROTECTED] wrote:
If you were a 20 user
Gene,
When the DC crashed I assume you were never able to gracefully use dcpromo on it. What you need to do is follow the steps in this article
http://support.microsoft.com/?kbid=216498
How to remove data in Active Directory after an unsuccessful domain controller demotion
The new version of
You need to seize the IM role because of what happned to your DC. Metadata cleanup (2k3 sp1) will do it or you can use these steps.
http://support.microsoft.com/?id=255504
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
Thanks
Mike
On 3/3/06, Gene Sibbs [EMAIL
You may be able to use PsExec to retrive the info you are looking for
http://www.sysinternals.com/Utilities/PsExec.html
psexec \\machine ipconfig
You can use the IP address or the name of the box for machine.
Thanks
Mike
On 3/2/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I know that it all
You could use the AD Modify Tool. Select the accounts then go to the account tab in AD Modify to set inheritable permissions.
You can find AD Modify here
http://www.gotdotnet.com/workspaces/workspace.aspx?id=f5cbbfa9-e46b-4a7a-8ed8-3e44523f32e2
On 2/28/06, Rimmerman, Russ [EMAIL PROTECTED]
You can use the dsget command
dsget user UserDN - memberof
You can get more info on the command here
http://technet2.microsoft.com/WindowsServer/en/Library/96a4a5ee-ee72-44d5-845f-71b2de33d4411033.mspx
On 2/17/06, Harding, Devon [EMAIL PROTECTED] wrote:
What's the quickest way to export a
Download dsrevoke
http://www.microsoft.com/downloads/details.aspx?familyid=77744807-C403-4BDA-B0E4-C2093B8D6383displaylang=en
Then use it with the /report option and you can get the info you are looking for.
Thanks
Mike
On 2/16/06, Carerros, Charles [EMAIL PROTECTED] wrote:
Does anyone have
Looks like DEC is a great event and a lot of the heavy hitters and MVP's from this list will be there. Just wondering about it,
is this a good conference for the average AD admin/designer or is this aimed at the advanced experts. I think my company will send some of us so I'm trying to get a
You are right about the system.adm file
take a look at
http://support.microsoft.com/kb/q231289/
Using Group Policy Objects to hide specified drives in My Computer for Windows 2000
You need to find out the Hexidecimal value for the drives you want to hide
You can find the hex values here:
You could use dsrevoke with the /report switch on a particular OU or Domain.
On 12/14/05, Craig Gauss [EMAIL PROTECTED] wrote:
Windows 2003 ADHow do you go about viewing the users you have set as delegates for anOU?
I setup a test earlier with a delegate on a test OU, it worked but Idont see
We use big brother for monitoring and paging http://www.bb4.org/
I haven't used this one but the free version of power admin may do the trick for you
http://www.poweradmin.com/ServerMonitor/Free.asp
I've used uptime in the past as well and have had success with it. You can download it from
Dumpsec is a nice free tool that should do the job too
http://www.somarsoft.com/
I've used it a few times and it has definitely helped out.
Thanks
Mike
On 10/10/05, Freddy HARTONO [EMAIL PROTECTED] wrote:
cacls.exe?
Thank you and have a splendid day!
Kind Regards,
Freddy Hartono Group
I know that Microsoft states that there can only be one password policy per domain. Earlier this month Joe started a thread about AD Gripes and several people mentioned the password issue.
We are dealing with the same thing. I would like to have a more restrictive policy on our admin accounts
/
Cheers, Matty
On 09/07/05, mike kline [EMAIL PROTECTED] wrote:
I would like to delegate GPO creation to a handful of people. I open
GPMC and then go to group policy objects. I select the delegation tab
and try to remove the domain admins. I receive an error -- The
Request
I would like to delegate GPO creation to a handful of people. I open
GPMC and then go to group policy objects. I select the delegation tab
and try to remove the domain admins. I receive an error -- The
Request is not Supported
Is my only option to go into the ACL on the domain using ADUC and
I want to move some mail enabled contacts from one domain to another
domain. They are in the same tree.
I plan to use movetree to move the contacts. I'm wondering if the
group memberships will be preserved.
Contacts are in Domain A and many of them are in universal groups in
domain A. They will
Are you running 2000 or 2003. Perfect time to install from media if
you are using 2003.
Thanks
MIke
On 6/13/05, Carerros, Charles [EMAIL PROTECTED] wrote:
I have a server at a remote location that I need to DCPROMO. Two of my
colleagues were at this location a few months ago and tried to
What documents are you using? The guides and templates released by the
NSA are always a good place to start.
You can download them here:
http://www.nsa.gov/snac/downloads_win2000.cfm?MenuID=scg10.3.1.1
DISA also has a lot of guidance that I have used and that can be found here
To allow the user to only logon on to that machine go into their
Account Tab and use the Log On To feature and only allow access to
that particular machine.
You could deny everyone else the right to log on locally using a policy.
This is the setting in the GPO
Computer Configuration\Windows
Engineer
Northeast Region
Microsoft Corporation
Global Solutions Support Center
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of mike kline
Sent: Sunday, June 12, 2005 5:21 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] how to allow
To answer your follow up yes you can also enable auto login on a W2K box
http://support.microsoft.com/kb/315231
How To Enable Automatic Logon in Windows 2000 Professional
The polices and methods that Robert and I listed in the first few
messages wilil work on a Windows 2000 or 2003 domain.
Tim,
We use 65 MB for a warning and prohibit send at 75MB. We don't put
any restrictions on receiving because of the reason you mentioned. We
don't want anyone to not receive an important piece of mail.
You support the Air Force so you may also want to create another store
for VIP users
Nigel,
Try these articles
http://support.microsoft.com/kb/216498
How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Great article from Daniel.
Hope those help.
Thanks
Mike
On 4/28/05, Nigel Glasgow
Devan,
One way I know of is to use full armor's gp anywhere product
http://www.fullarmor.com/product/gpany.htm
We are currently evaluating it and it seems to do the trick.
Thanks
Mike
On 4/27/05, Devan Pala [EMAIL PROTECTED] wrote:
Hi all,
Does anyone know how to export local GPO's (in a
You should have the secondary zones and vice versa. There have been
some good posts here about that. I'd like to point you to an
excellent article that Mark Minasi wrote last fall in Windows It Pro
http://www.windowsitpro.com/Windows/Article/ArticleID/43582/43582.html
I can't say it better
Cyrus,
This article may help you
http://support.microsoft.com/?kbid=890953
You receive a The system cannot change your password now because the
domain is not available error message on a Windows XP-based or
Windows 2000-based computer
Peter and Nazim had good suggestions too. Have you had any
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of mike kline
Sent: Tuesday, April 12, 2005 2:53 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] NTDS.dit size
I know that AD can have millions of objects, just trying to see what the
real world size
Michel,
If you are running Windows 2003 then the Redircomp.exe may be what you
are looking for.
From:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/bf5437ce-389c-4dc9-953c-999f854b98d1.mspx
Redirusr.exe (for user accounts) and Redircomp.exe (for computer
I know that AD can have millions of objects, just trying to see what
the real world size of some your AD databases are. Do any of you have
databases greater than 20GB+... or more?
Thanks
Mike
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
47 matches
Mail list logo