If you decide to use dfs\frs do the following as tuning guide...
1. Create as many separate trees as opposed to one large one.
2. Use latest frs hotfix
3. Have each partner have only one upstream downstream partner
4. Do a backup so that recovery is easier.
5. Connect server to switch and use
You need to perform a metadata cleanup to remove a failed DC from Active Directory
http://support.microsoft.com/?id=216498
-Original Message-
From: [EMAIL PROTECTED] on behalf of Mike Celone
Sent: Wed 14/04/2004 00:44
To: [EMAIL PROTECTED]
Cc:
I haven't read the MS doc on securing 802.11 networks, but using a VPN
is the your safest bet.. May also be worth using 2-factor authentication
in this scenario.
What system would authenticate you? W2k, firewall, etc?
-Original Message-
From: Chris Blair [mailto:[EMAIL PROTECTED]
Sent:
Hello,
In 'Step-by-step Guide to Kerberos 5 Interoperability'
document, it is stated as follows:
To deploy realm configuration data to multiple
computers, use the security configuration template
mechanism instead of using Ksetup explicitly on
individual computers
Is there any good document /
I have another question, how do you prevent the situation where a user at
one site opens a document and a user at the remote site opens and starts
editing the same document? What happens then? How do you prevent that?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Justin,
I would agree... it should all work. One way of debugging this is to look at
the article here. http://www.jsiinc.com/SUBH/tip3700/rh3799.htm
It explains how to enable logging and creates a log that shows everything
that is happening as the policies are applied in the machine. It's a bit
I can't remember at this point what I was e-mailing about, I think that I reliazed
what happened, I was logging in as a user that did not have the policy inheritied.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matja Ladava
Sent: Tuesday, April 13,
You are right, I have seen that article and I have not seen any articles
that say that that can happen when Exchange 2003 is deployed already.
It appears that this problem only affects AD when Exchange 2000 is
deployed.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
I saw that this morning. I'm incredulous that it made it out the door with
hard coded passwords in this day and age (although I shouldn't be, I
suppose. ;)
Let's keep it in perspective though. No matter what you install, it will
eventually get compromised if that's the desire of the attacker.
Thanks for correcting me on
this. I would much rather use restricted groups than have the script I run
everytime the machine is booted up.
Mike
From: joe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 13, 2004 8:55 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] enterprise-wide
Just out of curiousity, why do you need to remove the
computer account? Wouldn't it just be easier to bring up a new ADC machine
and have it take over with a new computer name?
Deleting the computer account is fine, but is it necessary
in your test lab?
Al
From: joe [mailto:[EMAIL
Title: Mensagem
The first three steps are :
1 - You should install the Windows Scripting
Host version 5.6 (It can be found at Microsoft downloads site)
2 - Install DSClient for Windows 9X (It can
be found at Microsoft downloads site)
3 - As in Windows9X you are not going to
have all the
Return Receipt
Your RES: [ActiveDir] logon scripts
document
:
Have you tried isolating this problem to the computer or user rights?
What I mean is have you had someone else log onto the suspect system to
see if this is a problem with the system or have the suspect user log
into a different computer known to work ok and see if the problem
follows the user?
Hello,
We are in the process of planning our migration from NT 4 to Windows 2000 AD. Last
year we deployed a minimal AD site in order to roll-out Exchange 2000 for our users.
User accounts and mailboxes were created in the new domain but no users were migrated.
Some initial testing with the
What are the desired results?
How were the user accounts and mailboxes created in the new domain
initially? Are the users authenticating against the mailboxes with their NT
4 accounts, or with the AD accounts? Is there an Exch 5.5 organization and
an ADC in the mix?
Hunter
-Original
My company used Net IQ and had great results. Cost was about 6.00 per user
for the whole suite. (Includes Exchange Migrator) We tried ADMT but had
problems with the local profiles migrating over to the new domain.
-Original Message-
From: Morris, Adam [mailto:[EMAIL PROTECTED]
Sent:
Title: SUS 2.0 Beta
Greetings,
I guess SUS 2.0 Beta has been released: http://www.nwc.com/showitem.jhtml?articleID=18400592 Does anyone have a Guest ID to get in on the Beta? Or is there just a download somewhere?
Thanks all,
Chris
We use Quest Fastlane Migrator to migrate the users with their existing
SIDs. We migrated a long time ago with ADMT, and Quest will 'merge' the
user with their existing account, and retain all the SID history. Works
pretty well.
-Original Message-
From: [EMAIL PROTECTED]
Looks like you can sign up for the open evaluation version here:
http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
But I haven't been able to locate the beta version yet. Haven't found a
Guest ID yet either.
- Robbie
Robbie Foust, IT Analyst
Systems and Core Services
Duke
I believe its currently considered a closed beta, by invitation only.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Robbie Foust [mailto:[EMAIL PROTECTED]
Sent:
How will we be notified when it is ready for public use
Lynden
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 12:57 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta
I believe its currently considered a closed beta, by
Lara,
I am trying to refresh my memory since I had to perform the same steps while
rebuilding our test environment a while back. Basically, we had to do it in
2 steps in the order listed below.
1. Create and import a custom ADM template that predefines the Kerberos
REALM key in the registry.
Heck of a cross post, isn't it?
Moving the domain administrators group is not something that should cause
this type of issue.
What else was done during those changes?
-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 12:45 PM
To: Admin
Same way all other products are announced.
My information has it that you've got a few months still before it goes
public.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
Does anyone know what the upgrade process is going to be from SUS to SUS
2.0?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 1:41 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta
Same way all
another labyrinthine cross post(sorry)-
Also, i fire up adsi edit from their domain and i can only get to the organization in
the config partition. when on go to the security tab, there are no entries.
how can they just lose permissions to certain parts of the config paritition? the only
change
Most likely from your friendly neighborhood MVP.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia,
Lynden - Revios Toronto
Sent: Wednesday, April 14, 2004 1:10 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] SUS 2.0 Beta
How will we be
Waitisn't the next version called WUS now or am I mistaken?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Wednesday, April 14, 2004 10:57 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta
Does anyone know what
I'll second this. I've only run into one thing where I couldn't get Perl
to work (deep, dark, ugly MAPI stuff...)
Other than that, it's almost trivial to look at VBScript and convert it
to perl.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent:
You are correct - at least that's the current name for it.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Christopher Hummert [mailto:[EMAIL PROTECTED]
Sent:
I was hoping I would be able to install SUS 2.0 over my existing SUS
server since I do not have the resources to have it on another server.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 2:32 PM
To: [EMAIL
Yes, painfully, that is true. MS Marketing strikes again. I can just see
the advertising:
Trust your network to a WUS
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christopher
Hummert
Sent: Wednesday, April 14, 2004 11:09 AM
To: [EMAIL PROTECTED]
This falls to conflict resolution of last-writer wins.
You can leverage something like sharepoint to checkout documents if this is
too much of an issue. But FRS is for seamless file replication and out of
scope for design considerations.
-Original Message-
From: [EMAIL PROTECTED]
Title: RE: [ActiveDir] SUS 2.0 Beta
There will be an upgrade path for WUW/SUS 2.0. However it hasn't been worked out yet.
Mike
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 14, 2004 2:43 PM
To: [EMAIL PROTECTED]
Subject: RE:
This was asked and answered in the recent Microsoft public chat on WUS, but
I can't seem to locate the chat transcripts page. Anyone have a link?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Wednesday, April 14, 2004 1:57 PM
Try using a PC until you reinstall your SUS to WUS
Lynden
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 2:43 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta
I was hoping I would be able to install SUS 2.0 over my
If you open it up in LDP, what do you see (authenticated of course)?
Is it possible that there's a replication issue? Have you checked the logs
of the domains to see what's logged when you attempt to connect?
Just where did they move the domain administrators from/to? Just from
cn=users to
Downlevel clients (win9x/nt) do not support NTLMV2 authentication unless
you install the Active Directory Client Extensions for Windows 95/98
and Windows NT 4.0 on the client machines.
NTLMV2 is not turned on by default on Windows 2000, but maybe Windows
2003 turns it on automatically?
If so,
I see nothing strange in ldp and no replication errors in event log or rep monitor.
I think its a permissions issue but i have nowhere to begin looking and as far as i
know nothing has been changed. They don't really have an IT dept(we admin them) so no
one would even know how to change
At the MVP summit, even the WUS product team was appologizing for the
name.
I was kinda hoping they're rename MIIS to the Windows Identity
Integration Server.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis
And I was hoping that they would rename SUS2.0/WUS to Microsoft Product
Update Services...
- Aric
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 1:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS
SUSServer.com is hosting a contest for a better name:
http://forums.susserver.com/index.php?showtopic=2032
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 4:37 PM
To: [EMAIL PROTECTED]
Subject: RE:
Oh man this is a wonderful site. Thanks for passing along the link.
Hopefully I'll be able to find the answers to some of the SUS questions I
have.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent
Sent: Wednesday, April 14, 2004 1:52 PM
To:
I know moving the default exchange groups out of the users folder can screw things up
as exchange expects to find them there, but will moving the domain admins from the
users folder into another ou(no gpo applied) screw things up with exchange or any
other services in ad?
I only ask because
Also, i fire up adsi edit from their domain and i can only get to the organization in
the config partition. when on go to the security tab, there are no entries.
how can they just lose permissions to certain parts of the config paritition? the only
change made was the root domain of the forest
It is a closed beta at this stage. I spoke to some of the WUS people, and
they said that until they had finalised and filed some patent applications,
there were legal reasons they couldn't take on more than x people.
Cheers
Ken
~~
From: Robbie
47 matches
Mail list logo
