Yes certainly. The useraccountcontrol is
set to 544. how can I do the diagnostics on the exchange side? What diagnostics
should I enable? I tried setting diagnostics to verbose for some modules, but
didnt give me sufficient information.
Thanks much,
Mayuresh.
From:
[EMAIL
The only sad thing about it is that when
with the same attributes minus the homeMDB, the users get created perfectly.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, August 05, 2005
11:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE:
Hi Steve,
(Maybe I should add this issue to the OT-Biggest AD Gripes thread!) Each
of the actions I've taken so far, in my mind, should have gotten this DC back
to the appropriate site. But it still thinks it should be in the original
site! One item I find is the
Sadly, quite true [1]. I remember fondly working with Street Talk - pretty
nice implementation with absolutely NO idea on how to leverage the
technology to the right people (Tech Managers, Business folks, partners and
potential partners, ISV/IHV).
Rick
[1] My opinions, not to be confused with
That would tell me that the homeMDB value either isn't
correct or isn't being set properly. homeMDB is a linked DN attribute, it *MUST*
be valid when it is set.
If the tool allows you to retreive the extended LDAP error
that would be great, if not get out a network sniffer and trace the
We do not recommend changing the dynamicsitename parameter and hard coding it
using the SiteName parameter is also not recommended since later you may forget
that this is set and no matter what you do the DC will assume it is in the site
you put in the key even if that site does not really
The following documentation describes this behavior as well:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/activedirectory/stepbystep/adsrv.mspx
All newly promoted DCs are placed in the Site container that applies to them
at the time of installation. For example, a
In addition just so no one thinks this recently changed the behavior was also
described in the Windows 2000 Distributed Systems Guide as well:
Ok I see in your original message that you state you did try to move it via
sites and services, missed that. When you did this what server was the Sites
and Services MMC focused on your DC or another DC in the domain? Did the UI
update to show the server in the correct site after the move or
We have an external domain that we will not be allow to set up a two way
trust with, not be allowed to migrate users from, etc. Basically it's a
partial domain import from one domain to our current Win2k3 domain.
Getting access to the external domain is out of the question since the
external
Thanks, Jorge.
The topology is as follows:
- Each office connects to the hub via a point-to-point VPN. That is, there
is no bridging at the hub -- this is a bandwidth consideration.
- As for AD: we have three sites Hub, B1, B2, and B3.
- Each has a single DC that is also a GC.
- There are
Interesting issue. SIDHistory is not much of an issue, obviously.
Apparently, the users won't have access to the old forest, so it's of little
value.
I would suspect, as a 'from the hip' approach - given you limits you really
only have a .ldf or a .csv dump of the accounts that are to become a
yeah... this is also the first thing I thought. I also thought of something
else. Will those users ever need to access their old resources? (like mail,
files ,etc) If no access is allowed how are you going to do that? Exmerge all
mailboxes into PSTs en burn files on DVD or something like that?
I expected that.. in a few words hub-and-spoke topology in a non fully routed
network. For this to work you need a site for each location and a site link
between each spoke (the bracnhes) and the hub and auto site link bridging is off
The other thing I can think of:
* Is each DC/GC in the
because some of the users are abusing their privileges
The usefulnes of LimitLogon for your scenario it sort of depends what the users
are doing that you consider abuse.
LimitLogon is mainly meant to hinder your users to use more concurrent
logon-sessions than you'd like them to use - so if
Title: Virtual Domain Controllers
Since it's a single domain server I just take
ghost snapshots of the domain and then backup the files
not really a useful approach to backup a DC. Might be
ok for FS and other roles, but DCs are not really cool with snapshotting and
being "rolled back in
However, I've had horrible experiences with __DFS__, and have high
expectations for DFS-R.
I'm sure you meant FRS (even though if requires DFS), but the core DFS
features of Win2003 are actually not changing that much in R2. I'd
almost vote that the DFS updates from Win2000 to Win2003 were
I worked for a company with around 15k users. I would say it's scalable as
a directory service. Some of its management tools might be arguably better,
but they have their fair share of annoyances, too. :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Title: Virtual Domain Controllers
Well since it is a single domain and a single DC I would
say he really doesn't have a worry about USN rollbacks but he does have a
possible concern with SID reissue.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
GuidoSent:
Hi Steve,
Thanks for your additional pointers! All of the DCs (using the AD Sites
and Services GUI) all show this server in the site it was moved to. Yet, the
moved DC seems to think that it still in the old site. There are registry
entries in the registry that still identify the old
Having read the highlights of this thread, I'm immediately confused as to
why you don't simply delete the errant reg. value[1] since it's
functionality, as I've understood it to this point, is relevant to members,
not DCs.
As for deleting the NETLOGON.DNS and .DNB files; I've found this a
If the UI is showing it in the correct site then the object in the
directory has moved and the DC is in the new site you can confirm this
by looking and a repadmin /showreps output or by using LDP and looking
at the configuration container looking at the objects under the site.
As far as the
22 matches
Mail list logo