I
hope some of you brainiacs can help me out here. I have a WinPE image loaded
into a W2K3 RIS server. It launches as a standard image just fine, but creates
a computer account in AD. I know that W2K3 SP1 is supposed to have the
functionality where I can change the *.sif value
Hi Susan,
To clarify: the increased tombstone-lifetime is effective which every forest
built on top of SP1, so you are also able to install WS2k3, then install SP1
(manually, Windows Update,..) and dcpromo your first domain controller for
the forest afterwards. Your statement below assumes that
Hi Susan,
Thanks for the response. No UPS issues. Checked the services remotely
and didn't find anything unusual. The DC did finally reboot on its own shortly
after I sent out my first message - about 2 hours after the original patching
and message saying it wanted to reboot and I
Dear All,
I have here in My Company, 2 Sepearate Locations, the First one is Head
Office , the second one is the Private office .
The head office have one single Network with this Range of IP-Address (
70.0.0.X / 255.255.255.0 ) .
We have Wireless -Point-To-Point Between the 2 locations .
Huh. That doesn't appear to be _US_ I wonder if the Engineering
Services group knows that a third party (Partner at that) is advertising
these services.
Honestly, I didn't think that we farmed those services out
Checking.
Rick [msft]
--
Posting is provided AS IS, and confers no
Simple and most forward answer is to create two site - one for each
location, with associated subnets assigned to each site.
The longer answer is related to how many users in each site, how fast (in
AVAILABLE THROUGHPUT) is the connection between, and are you intending to
put at least one DC in
Yes, they (we) do. I'll check into them and give you an overview of what
they do If I can, to be more correct.
Rick [msft]
--
Posting is provided AS IS, and confers no rights or warranties ...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
Oh, and given a bit to think.
You asked Dean - but you didn't ask me. Huh. NOW I know where *I*
stand. In your mind, off the edge, if Dean was just right at ;-)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday,
Thanks for your reply.
i heard that , one site is more than enough in order to facilitate the
replication it will be intra-replication.
i will but a nother DC in the other location as well that will work as child
domain controller.
the total users in the first location is 30 users.
the
Hi Rania,
One forest with one domain should do it for you and make all DCs a GC
The site and replication topology is used:
* By DCs so they know with which DC to replicate with within a site and between
sites
* By clients/servers to find the nearest DC for authentication, GPOs, etc.
Now we
Thanks for your reply.
Your reply is more than Perfect really you are very helpful.
Actually, i do not want the user Authentication to be done over the wireless
Link.
I mean the user in Location A, when he will login in the morning, i want him
to go and speake to the DNS which is located in
Hi Rick,
Stop whining ;-)
You've been asked on 7/17 by Robbie.
Ulf
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
|Sent: Sunday, October 16, 2005 2:14 PM
|To: ActiveDir@mail.activedir.org
|Subject: RE: [ActiveDir] salary(OT)
|
|Oh,
No I loved it because it mostly wasn't my material. ;o) I admit to being
beaten to a pulp in all of my content by the comma police though. Plus I
seem to have this habit of typing too slow or thinking too fast and skipping
entire words, phrases, and/or sentences. I even caught a case of a missing
((samaccounttype=805306369)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))
You would have no choice but to use a bitwise filter since
the enabled status is included as bit 1 (value 2) in the userAccountControl
attribute.
Basically if you look at a typical disabled computer
Yes, the -samdc switch is useful for doing this.
Also play with -stats+ and -stats+only to see how the resultsize of the
query changes to find the most efficient way to do it. Note that in some
cases, the most efficient for one forest may not necessarily be the same for
another. It can vary based
I don't understand why you want to use a child domain in the factory location?
Can you tell us the reason(s). In my opinion there is no need for that.
Remember what I said for redundancy purposes you at least need 2 DCs for each
domain For the scenario you want to implement (2 domains) you at
Well previously you mentioned it was IP hardcoded, now you specify name. If
the name was there, possibly someone dorked with the name in DNS, especially
if you didn't use a fully qualified name and you have multiple search
suffixes.
Otherwise, the only way for the client to jump to another
Because you will never have the case of
userAccountControl=2 so that query will never be true.
userAccountControl is a bit flag, not an absolute
value.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Friday, October 14, 2005 10:26 PMTo:
How long had the DC been up? I know this is stupid but I have seen multiple
cases where a DC that is up for months at a time will be cranky when you go
to reboot it.
You can try to do something to take the legs out from under the DC like
somehow killing LSASS or if you have some form of remote
SBS people shouldn't be playing with ADSIEDIT.
;o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Sunday, October 16, 2005 1:20 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Stupid
That isn't necessarily the same check. I have seen several companies who
have offered an AD Healthcheck. Occasionally they even know something about
AD.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, October 16, 2005
I would be curious just from the standpoint that I will probably learn
something about the internals. If you don't feel the list would be
interested, send to me offline. I have removed your email address from the
kill file. ;o)
Now I have to go get ready to see a noon showing of Serenity[1].
Correct, that's a 3rd party's offering that has no relation to MS's
workshop. There are multiple companies who offer Active Directory Health
Checks like aren't part of MS's workshop. I don't believe the term is
copyrighted. :)
Essentially, if it wasn't arranged via a company's Premier support
To the original poster, if you have a TAM that would be the best avenue to
obtain further information. They can get you a document that details what
the Active Directory Health Check involves.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick
I'd be interested as well.
BTW for the original request (don't have it here separatelly to reply) I've
been told that there are some 3rd party tools which allow that kind of
Audit. E.g. inTrust from Quest claims to plug in front of the LSASS and
control which actions to log, which ones to apply
Hi joe,
The DC had been up for about 45 days. Pushing the power button is the last
resort. (IMHO, Windows OSs have become remarkably well designed to recover
from a last ditch power reset.) I prefer doing patches/rebooting on the
weekends when the majority of my users are not impacted
Logon as an administrator and take ownership of the drive. Then grant
adequate permissions again.
Reinstalling Windows will obviously fix it, but is a drastic measure.
- Original Message -
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Sunday, October 16, 2005 5:43
I see that occasionally, but rarely. But I'm not running any DC's these days
- just a whole boatload of application servers.
Roger D. Seielstad
E-mail Geek
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
You guys are still seeing things from big server land.
Think little. One DC.
I only have on PDC... I dont' build any dcs for any forests... so for
us. we have to go 'change' that figure in a sp1'd box otherwise we
are still at 60 days. My box at home 'and' at the office are 60 days.
I'd be interested to see that argument as well, Brett.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Sunday, October 16, 2005 11:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Knowing when users were deleted.
I would be
uh.. because you can? :-) And I was interested to see how they
documented the difference between pre sp1 and post sp1. I like how they
did it.
We don't dcpromo in SBSland unless we are migrating boxes. Truly,
unless we are in the process of migration... the typical SBS
admin/consultant
Yep. Me too.
- Original Message -
From: Al Mulnick [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Sunday, October 16, 2005 6:38 PM
Subject: RE: [ActiveDir] Knowing when users were deleted.
I'd be interested to see that argument as well, Brett.
-Original
Dropping thread...
-r
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Sunday, October 16, 2005 10:02 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] salary(OT)
I didn't ask Dean. I would not have asked Dean. I know how busy he is
Various thoughts from this thread:
[1] I agree with Al and Paul[1] on a desire for that sort of metadata.
I'm not as convinced of the trade-off value of bloating the DIT for
full undelete information, particularly in monster big environments.
For my teeny-tiny single domain it probably wouldn't
Hmm.
Do we really want to excuse prior failure of proper auditing by putting more
data into AD? Wouldn't that lead into every request of non-configured
auditing to requests for extending the AD? Do it right the first way.
I completely agree that we should make the people more auditing aware, and
I'll see your Eurocents and add raise you two. :)
I fully understand where you're coming from Ulf. Adding this information
into the DIT when it is currently possible to get is something that grates
against common sense and common engineering principles even if you subscribe
to belts and braces
Hi Mike,
I had the same issue when patching this month's patch on my dell test dc
using 3rd party patch software (st bernards' updateexpert) - it just doesn't
reboot! (one whole day)
Upon going into dell drac - it reboots without actually pressing
anything...wierd but true..
Do you happen to be
here she goes again.. I know ... I'm terrible at lurking
In SBSland we have a daily monitoring email [well ... I send it daily
anyway, but it's configurable] and it looks at the event logs and tells
daily health status of my server.
Like today my email tells me my server has been running for
And, as you know that does work well in SBSland. However, when the scale
grows, so do the requirements. IN the Medium to Enterprise space, the idea
is more along the lines of a system or series of systems pumping this type
of information into paging and making intelligent decisions based on the
Yup information overload 'is' a problem.
And then after the scale its... okay what the heck is the server trying
to tell me?
I'm still a fan of www.eventid.net over microsoft.com's click here.
Rick Kingslan wrote:
And, as you know that does work well in SBSland. However, when the scale
sorry .. I know...I know...lurk..lurk
The consultant crowd who can't handle 300 SBS boxes hitting their inbox
at 6 a.m have asked for a dashboard. I can handle a daily email
they can't.
At a NTuser group meeting I was at ...some of the dashboard tools in
Linux were discussed.
Oooof. ROTFLMAO!
Funny - very funny!
Rick [msft]
--Posting is provided "AS IS", and confers no rights or
warranties ...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phil
RenoufSent: Friday, October 14, 2005 11:20 PMTo:
ActiveDir@mail.activedir.orgSubject: Re:
I get these sorts of emails, at least the security audit aggregation stuff
too. Just remember for me that I have a section of a very expensive SAN
shelf allocated to my audit collection project, a pair of very well equipped
servers clustered running SQL (expensive), a web frontend running SQL RS
Mrtg (actually mrtg + rrdtool) and nagios are standard equipment in many an
enterprise, mrtg in particular. You can get mrtg to graph damn near anything
if you're good. Nagios in my opinion is better than MOM in certain respects,
and it's free.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c -
I suppose that this is why they pay folks who devise solutions to make this
stuff work like it's supposed to the big bucks.
shrug
Rick [msft]
--
Posting is provided AS IS, and confers no rights or warranties ...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Susan,
Really - I know you too well. You're not going to lurk. Get in the game.
It appears most folks want to hear what you have to say from the Small
Business arena. And, if it broadens the message of managing and maintaining
the systems - it's good for all.
Just please - stop convincing
I give carte blanche to folks to wack me upside the head if I get too
annoying. :-)
Rick Kingslan wrote:
Susan,
Really - I know you too well. You're not going to lurk. Get in the game.
It appears most folks want to hear what you have to say from the Small
Business arena. And, if it
I also have had this problem on a specific DC. It has an intel
motherboard with integrated NIC and adaptec RAID controller. I don't
know if that has anything to do with it, but it may.
You have any similar HW in your machine?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
how can I take the ownership while I do not have the security tab any more
because I have taken the control of C drive for every one. so There is no
security tab is gone for every drive because the windows was installed on C
drive.
thanks in advance
roseta
Quoting Paul Williams [EMAIL
Hello
If I set the audit for a drive. where should I see the logs?
if any one access this drive on network with share permission does it have a
record or not? what about terminal service? if one access a drive with terminal
service will it have a record or not?
thanks in advance.
roseta
List
Well you are definitely not alone. Something like this just happened to
me while patching my Exchange clusters (only happened to 1 out of 18, so
its pretty rare). After patching and telling the passive node to reboot
it was completely inaccessible even after 15 minutes (normally it does
not take
51 matches
Mail list logo
