Oops. Thanks for putting me straight, Joe. I could have sworn they didn't run (or at
least had problems) on W2K.
Tony
-- Original Message --
From: joe [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 21 Jun 2004 14:12:40 -0400
Say what?
I'm looking at Authorization Manager vs using a traditional global group in
AD. Anyone have experience of using Azman vs Global Groups.The main
reason is our company uses RSA for web-based application authentication, RSA
can only look at one OU in AD and also needs a group that mimic's
I would say it's easy to get the IP information at logon using vbs and wmi:
Start of VBScript:
--
On Error Resume Next
strComputer = .
Set objWMIService = GetObject(winmgmts:\\ strComputer \root\cimv2)
Set IPConfigSet = objWMIService.ExecQuery (Select MACAddress, IPAddress,
... Well log offs are a slippery concept
Presumably that's why the lastLogoff attribute values are not populated in AD?
-- Original Message --
Wrom: UWLSZLKBRNVWWCUFPEGAUTFJMVRE
Reply-To: [EMAIL PROTECTED]
Date: Mon, 21 Jun 2004 17:31:12 -0400
Well it
(4, 76) Microsoft VBScript compliation error: Expected end of statement
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grocott Lee BC GB
Sent: Tuesday, June 22, 2004 4:38 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which
Um sorry about that, not sure what happened.
Maybe it's easier if I include the code as an attachment :-)
-Lee
-Original Message-
From: Rimmerman, Russ [mailto:[EMAIL PROTECTED]
Sent: 22 June 2004 13:18
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Tracking the machine from which
Watch for line breaks, things most likely ran together in the email and you
didn't get separated back out properly
In the first couple of lines it looks like the following ran together
Set objWMIService = GetObject(winmgmts:\\ strComputer \root\cimv2)
Set IPConfigSet =
Say you set all of the admin groups (admins, domain admins, ent admins) as a
restricted groups. You set membership of
builtin Admin
userA
userB
userC
userD
That replicates out and works.
Then at some point someone changes the restricted groups to be
userA
userB
userC
userD
Oops, sorry for bein such a noobie :)
Thanks Joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 22, 2004 7:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
Watch for line
Hi all,
I currently do Full backups on all my network servers to a tape library system. Each morning I take our the tapes from the library which have backed up the servers and they are sent off site. Due to the size of the data and the backup window I have, I need to think about alternative
Morning all,
Okay, here's the situation (my parents went away on a... Stoppit,
Laura, you're having an '80s flashback):
I have an Exchange 2000 mailbox set up as a drop-box for general
customer service support inquiries for my office. The manager of the CS
area wants to keep track of how many
Differentials
do just that they refer to the inventory from the full backup (with
out a need for the tape) and back up only the info that has changed since
that inventory.
We
do FULLs every night. We dont do differentials - not because
we dont like them or
Full nightly backups to disk, with a copy job to tape. Tape sent off-site
each day. If I need a restore today, I can do it from disk rather than tape.
Much faster. The backup-to-disk file is overwritten each night. Using
Veritas BackupExec 9.1.
I tried diffs for a while, but I found that the diff
You might also consider "incremental" backups. I do
full weekly backups and then daily backups are incremental. Incremental
backs up anything that has changed since the last backup, not full backup, just
last backup. Differential backs up anything that has changed since the
last full backup
It's pretty easy to write an SMTP transport event sink that fires
every time an email comes in.
Then, look at the destination address and see if it matches your drop
box address.
Then, write a line in a text file (or connect to a database, or
whatever).
Analyze at your leisure.
An event sink
Laura,
I would probably approach this by turning on logging for the information
store. You can then parse the logs on a daily basis to find messages
sent to a particular mailbox. You could either store this information
in a database or simply mail a summary to the CS manager.
Denny
1. I think this will depend on what software you are using to do your
backups. However, most software will use the catalog to see what was
last backedup.
2. We do a full backup each night. We have a remote site 5 miles away
that we use for our off site storage. We have GigE between our
The only problem with event sinks is how difficult they are to write for
people that don't write code, especially c code. Script is fine, but since
it's jit technology, it's inherently slower than a c code counterpart with
less flexibility exposed (in theory). Add to that the difficulty of doing
Title: GPO - File and Printer Sharing.
Hi,
I know there is a way to force enable or disable File Printer Sharing but I can not find it.
How do you force that via a GPO?
Thanks for the input.
Rick
Title: AD, GPO and Technet
Quick
question:
I finally convinced
the right people to move away from the 3rd party DNS (Cisco CNR) to Microsoft
DNS including AD integrated dynamic DNS. However - our main domain on the Cisco
DNS has lots static entries for important hosts or Aliases. The same
Windows 2000 SP3
Has anyone seen where a certain DC (with AD integrated
DNS) fails to replicate in DNS changes even though
other objects replicate fine? I see no errors in the
Event Logs, repadmin shows fine, etc.
Restarting the DNS service temporarily fixes the
problem.
I didn't think to
On a similar note, if you are interested in the latest industry news on AD
and directory services, the latest AD-related downloads from MS, and don't
mind some general observations from me, you might want to check out my
Active Directory blog:
http://www.rallenhome.com/blog/adcookbook/
Robbie
Don't worry about being a newbie, we all are in regards to something.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Tuesday, June 22, 2004 9:22 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Tracking the machine
Title: GPO - File and Printer Sharing.
Rick-
No way that I know of to do this from GPO. The challenge is
that its a bunch of binary reg keys that get messed with when you turn this on
or off--per connection. I did a quick look through netsh and didn't see any
commands there, but I may have
Hey Rick...
You can turn off the server service, even with a GPO, but then no one gets
there, not even admins...as far as i know.
It's a bit awkwards...but, in computer configuration/windows
settings/security settings/local policies/user rights assignments/deny
access to this computer from
Thanks guys,
I have some users that are obstinate and they go in and turn off file and
printer sharing which also takes the IPC$ share pipe off which then does not
allow remote admin on their machine. So basically I wanted to be able to
force them to have it turn on. I guess if I manually enable
I may be going about this a little simply but I would set up a perl script
that runs daily from scheduled tasks that uses POP3 or IMAP to read the
messages and populate a text file or access database or SQL Database (MySql,
SQL Server, etc).
Here is a quick example of reading POP3 mailbox and
Hey Rick..
I'm not positive on this...but, i think this key controls that...
and you could write an adm file to do it.
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Paramaters]
AutoShareWks=dword:0001
Have fun,
John
|-+--
Title: Message
So I've been
dreading this for awhile but I've got the time available and I've planned for
it. I'd like to change my AD domain name. I'm looking for
options. I realize that W2k by itself will not allow you to change it and
you'd have to just uninstall and reinstall to change
Title: RE: [ActiveDir] GPO - File and Printer Sharing.
We had a few users that would like to turn that off also. What we did was use snetcfg.exe in a batch file as a startup script. Since it runs in the localsystem account it can add file/printer sharing without the user being a admin on the
This registry key controls the creation of the hidden, administrative
shares at the root of each partition (C$, D$, E$, ...) for workstations
(not servers)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 22, 2004 11:26 AM
To: [EMAIL PROTECTED]
That value (and AutoShareServer) just controls whether the
administrative shares are created by default when you start the system.
I suspect if the users are disabling File and Print Sharing, that even
with this policy enabled, IPC$ will probably still disappear.
-Original Message-
From:
Yuck that output came through looking pretty nasty... Try this instead...
[Tue 06/22/2004 14:24:35.83]
G:\TEMP\deletepop 2k3exc01.joe.com joe joemamma
Enumerating...
Message-Id: [EMAIL PROTECTED]
From: joe [EMAIL PROTECTED]
Subject: RE: End of the world as we know it
Message-Id: [EMAIL
Return Receipt
Your RE: [ActiveDir] GPO - File and Printer Sharing.
document
:
Title: AD, GPO and Technet
Wouldn't it just be easier to transfer the zone to the new
Active Directory zone and work it in slowly to ensure the quality you
need?
Al
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Puetz,
ChristophSent: Tuesday, June 22, 2004 12:39 PMTo:
Where's the part where it puts into a DB on a single row? C'mon Joe...
;-)
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 22, 2004 2:31 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Exchange accounting
Yuck that
I would have setup the AD zone as a secondary to the Cisco, and then converted it to a
primary ad integrated after the txfr. Given that that's not an option, I think that
you could still take one of your AD DNS servers, remove the AD zone from it, create a
secondary to the Cisco, txfr the zone,
Hi all,
Just wondered if anyone is aware of any plug-ins for Visio to map the Active
Directory Users and Computers? I know that there was the network tools for
Visio 2002, and that they took out the functionality to browse LDAP
I am having issues resolvingsome yahoo
aliases.Aliases that redirect to
*.yahoo2.akadns.net do not resolve, although the redirection URL resolves
correctly. Aliases that redirect to *.yahoo.akadns.net resolve
fine.
Has anybody else experienced this with Windows Server 2003
DNS? Any ideas?
I was wondering if anyone had any experience/advice that
they would be kind enough to share J
Our current environment includes 2 sites. Lets call them Site A and Site B. We will be adding Site C soon.
Site B has the first DC/GC and FSMO RH along with our first
exchange server and a
Knee biter!
I tried to leave that out as my ADO is very rusty... However looking at some
of my older code it would probably be something like the following to read a
text file generated by the other script, you can combine them yourself if
you would like.
use OLE;
$DSN=FILEDSN=c:\\db\\db.dsn;
Title: AD, GPO and Technet
I got it to work. Export from Cisco. Convert AD integrated
to Primary. Stop DNS. Open file and import entries. Restart DNS. Convert primary
to AD integrated. Life is good. :-)
Thanks for your help.
Christoph
From: Brian Desmond
[mailto:[EMAIL PROTECTED] On
there's no problem moving the FSMO roles to your DC in A in
a working environment - no need to move the hardware, unless you have other
requirements to do so. you can easily move the roles via NTDSutil or via
various UIs (ADUC, AD Domains Trusts, Schema Manager) if you
preferr.
_should_
hey Robbie - you're still alive! Good to read you ;-)
nice blog - cheers,
Guido
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Allen
Sent: Dienstag, 22. Juni 2004 18:56
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD Monthly E-Mail Newletter?
dnscmd your_DNS_Server_Name /EnableEDNSProbes 0
Net stop DNS
Net start DNS
It's a known issue with the new Win2K3 EDNS0
Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the
Title: AD, GPO and Technet
If you have Visio 2003, you can get the Microsoft Office
Visio 2003 Resource Kit for IT Professionals. Costs about 19.99, plus
shipping/handling.
It includes LAN MapShot from Fluke...
In speaking with the Visio folks at TechED, I only had to
say the word
Title: AD, GPO and Technet
Care to share the short story?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Bell,
Stephen
Sent: Tuesday, June 22, 2004 9:54
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD
Mapping tools for Visio 2003
If you have Visio 2003,
Ok Al you really suck.
I was sitting there watching Friends on TBS and trying to review a book and
this stupid problem keeps popping into my head and your comment so I had to
come down and whip out a full script.
1. Build an access database (possible file name db.mdb) with a table called
Hi,
I've been having problems last couple weeks with my network. I inherited a
working system - that has in the last few days stopped functioning. With
everything that happens in the company i haven't proactively read up on DNS
and AD enough to save me. I did read through about 8 pages of
I really need to learn perl.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 22, 2004 10:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Exchange accounting
Ok Al you really suck.
I was sitting there watching Friends
Title: AD, GPO and Technet
The story I got was that when Microsoft bought Visio, they
took the developers responsible for this function and moved them to the MOM
team. The remaining Visio folks could no longer support the code after
that and dropped it rather than have to deal with issues
Title: Message
Windows Server 2003 - if you are at forest
functionality level 2, will allow a domain rename.
That may be a reason
to move.. is that what you are asking?
- Original Message -
From:
Ken Rinehart
To: [EMAIL PROTECTED]
Sent: Tuesday, June 22, 2004
Thanks much. All the "weirdness" beganright around
the time our WAN group started routing traffic through PIX
firewalls.
John W.
- Original Message -
From:
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 22, 2004 7:39
PM
Subject: RE: [ActiveDir] OT:
Your WAN group can enable large DNS
packets through the PIX. Have them take a look at their fixup protocol
dns maximum-length 512 statement.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Witasick
Sent: Tuesday, June 22, 2004 11:11
PM
To: [EMAIL PROTECTED]
There's a thread on this at microsoft.public.windows.server.dns. Look for "2003 with Cisco Pix"
Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP -Directory Services
www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about
55 matches
Mail list logo
