Title: DFS on Domain Controllers
there's nothing wrong with what you're doing - DCs can host
DFS roots perfectly well and can contain link targets which point to shares on
any server in your infrastructure.The one thing that you need to be aware
of in this respect is that whoever manages the
Hi all,
I havea problem on my AD.
At my first try to open AD manager it gives :
"Naming information cannot be located because:The specified domain either does not exist or could not be contacted."
And thenwhen i try to add an user to my database it gives :
"Windows cannot create the object
Where are you opening ADUC (AD Manager)
from the server or your desktop? Im assuming you got in
eventually by your second statement.
1) Open your ADUC console and right click on the domain name and
select the operation masters menu item. The first tab should be the RID master.
Is the
Hello,
I have a problem of generating SSL cert for owa 2003 form based authentication.My environment is as follows:PC A -- acts as DC, domain=example.comPC B -- where ms exchange 2003 and cert authority is installed, configured to be the member of domain=example.com
I have tested OWA without
Guy,
One way to avoid the problems of a full security log is to set the logs
to overwrite as needed. You can set this via group policy.
I don't know if the kerberos ticket is cached or not. (I suspect not.)
When a machine reconnects to the network and you attempt to access a
network resource,
Hi Robert,
I'm openning ADUC from server.
1) I checked RID Master is available. (it is the RID master, there is no other DC on this domain)
2) i attached the dcdiag file.
Thanks for your interest.__Do You Yahoo!?Tired of spam? Yahoo! Mail has
Lets take this a step at a time
1) Save off the event logs, clear them and then bounce the box
lets start from a clean base if possible. Re-run the dcpromo.
BR
Rob
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Esteban Sonofthesun
Sent: 23 August 2004
Dcdiag even :O)
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Rutherford
Sent: 23 August 2004 12:09
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] RID
master problem or...?
Lets take this a step at a
time
1) Save off the event logs, clear them and
I have had the same problem, but setting the logs to overwrite is bad
system administration. IF a person attempt to break passwords, thy can
just flood the server with requests and eventually the log will clear.
The best solution is to have the logs cleared by a script or third party
utility to
Sorry, the domain group Print Operators has local logon rights. A local
group is local to the machine itself, but you are correct that there isn't
enough information.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Glenn Corbett
Sent: Friday, August
I suppose in theory, setting it to crash on full is also a security risk
since it could be used to cause a denial of service.
I'd guess that if you have something that siphons off the logs on submit
event, then it could be a workable solution. I'd have to say I'm not
impressed with a lot of
When you configure a new address book for Outlook, it is displayed by the
name you gave it. It is not going to be under the contacts address book
which is a special folder in your mail store. I think there is an
expectation that you would be able to click on the contacts folder and it
would be
When you configure a new address book for Outlook, it is displayed by
the name you gave it.
Do you mean the address book should be displayed on the left, where
contacts, Inbox, Appointments, etc... are?
It is not going to be under the contacts address
book which is a special folder in your
No, the address book is displayed in the address book dialog, usually
located at the top right quadrant of the tool bars, and is represented as a
book. The box next to it, a drop-down search used to quick-search the
default address book.
I am not aware of a way to display the address book in the
I have a Question about adding people to a Universal Group.
I have some Admins that own a Universal Security Group, and have added users
from a child domain to the group. When they look at the Universal Group
members, they see the user is a member of the group. But when they look at
the users
Thanks Alan,
This list is always good for a sanity check
Todd
-Original Message-
From: Isham, Alan A [mailto:[EMAIL PROTECTED]
Sent: Monday, August 23, 2004 12:10 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Universal Group user population
I assume you are using ADUC to
Interesting...
I have Audit: Shutdown system immediately if unable to log security
audits set to disabled and security log size configured to 128Mb (DCs
GPO)
We are keeping 3 months back of security logs, hence the GPO is
configured not to override the security logs. DCs have a scheduled task
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deploy
guide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/de
ployguide/en-us/46686.asp?frame=true
This link is the documented behavior. Sounds like that is what you're
getting. I think there may be
I was too lazy to tell the long story that made me speculate about TGTs,
so I'll try to explain the reason for asking:
We have 2 W2K3 forests with Kerberos transitive trust.
Forest corp.com has 3 child domains respectively:
emea.company.com
amer.company.com
ap.company.com
Second forest
Right, but this feature was turned off in GPO, so the box was not
supposed to crash.
And how would you explain the working replication (with full security
logs) till the box is rebooted manually and only then enters the
crashed state ?
We indeed have a policy for keeping 3 months of security
Kerb tickets have a lifetime, but not sure that's your issue necessarily.
How's your name resolution working? Anything in the event logs when this
occurs? Especially the security logs on the clients/dc's/resources being
accessed?
Al
-Original Message-
From: [EMAIL PROTECTED]
Sounds like the feature isn't working as expected if the box continues to
work until reboot. It's also possible it was triggered prior to the GPO
being applied, but you'd have to repro to know IMHO.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Guy
Guy,
If you're using MIT Kerberos on the other end of that trust you probably
need to call PSS and ask them for the following hotfix...
http://support.microsoft.com/default.aspx?scid=kb;en-us;825081
WindowsXP-KB825081-x86-ENU.exe
While you have them on the phone, you may as well ask them for the
I have been able to reproduce the behavior in both our test and
production forests on several DCs. GPO has been applied a while ago,
boxes have been rebooted more than once and RSoP shows the right
settings.
More than that, when I look at
c:\windows\security\templates\policies\gpt1.inf (which
This mail do not contain technical issue, I write this
message to appeal to all member's generosity.
Please visit and sign your signature at: http://www.petitiononline.com/AOVN/
"AGENT ORANGE, THE CHEMICAL, has killed, is still killing, and
causing great suffering to over three
Can you elaborate on the sentence:
" But a few
days ago, I had to reinstall my AD exchange server due to AD crash. After
that, I was unable to generate ssl cert."
Was the Certificate Server installed prior or after
that event?
I assume you installed an Enterprise CA -
please correct me
26 matches
Mail list logo