Hi,
As is true with most companies today, we are deploying lots of firewall
rules even down to the division level with their own LANs. We've seen with
our root domain/child domain domain controllers they pick random replication
partners. To avoid putting in a whole lot of n x n conduits in
I have seen two references (.NET Magazine, Dec 2002, p19; Technet, Nov 2002,
Planning Your Commerce Server Installation) that indicate that Windows
2000 groups have a limit of 5000 users. Can anyone tell me what groups this
limit is applied to? Is it just those groups created by an administrator
You
can find Evgenii Rudnyi's
tools at
http://www.chem.msu.su/~rudnyi/NT/sid.zip
Mike
Thommes
Argonne National Laboratory
-Original Message-From: Brad Martin
[mailto:[EMAIL PROTECTED]]Sent: Friday, January 03, 2003 3:09
PMTo: Active Directory Mailing ListSubject:
Hi All!
We have a single master domain spread over two sites. Site1 has 3 DCs
(DC1, DC2, DC3). DC1 holds the FSMO roles. DC2 is a GC. Site2 has only
1 DC (DC4). It is also a GC. Because of the slow link between Site1 and
Site2 and with firewalls on each end (what fun!), we are trying to
Hi All:
This is outside this mailing lists realm but you guys have been so
helpful in the past. While Windows 2000 security has the complex password
option, it still doesn't check against dictionaries, names, etc. Is there
any password filtering software that would plug into a Windows 2000
Title: Group Policy Legal Notice Caption
Hi
Shawn,
We had a similar problem. See http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q258267for
details. There is currently a 512 character limit on the
caption.
Mike
Thommes
Systems Administrator
Argonne National Laboratory
)
MVP - Active Directory
- Original Message -
From: Thommes, Michael M. [EMAIL PROTECTED]
To: Active Directory mailing list (E-mail) [EMAIL PROTECTED]
Sent: Monday, January 20, 2003 11:01 AM
Subject: [ActiveDir] can't delete a profile
Hi All:
I know this is outside the scope
The inability to change their passwords might be caused by
HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous value being set
to 2. How is yours set?
Mike Thommes
Argonne National Laboratory
-Original Message-
From: Fugleberg, David A [mailto:[EMAIL PROTECTED]]
Sent: Wednesday,
Hi Rick,
The URL you posted is available to MVP accounts only. However, an open
reference can be found at
http://support.microsoft.com/default.aspx?scid=kb;en-us;243330
Mike Thommes
Argonne National Laboratory
-Original Message-
From: Rick Kingslan
To: [EMAIL PROTECTED]
Sent:
All:
You might be interested in a network performance tester that one of
our staff members put together. It has come in handy plenty of times
when trying to determine the cause of poor network performance. Try it
out at:
http://miranda.ctd.anl.gov:7123
Mike Thommes
Systems Administrator
Title: Message
Based
on the recent discussions about networking problems, I would like to reiterate a
posting I made afew daysago:
All:
You might be interested in a network performance tester that one of
our staff members put together. It has come in handy plenty of times
when trying to
Just
finishing up on a similar problem with Microsoft, I found that it is critical to
also remove/rename any ".log" files in \\winnt\security\logs\
.
Mike
Thommes
Argonne National Laboratory
-Original Message-From: John Hicks/MIS/HQ/KEMET/US
[mailto:[EMAIL PROTECTED]Sent:
Hi All:
Since the hot topic lately has concerned GCs, I thought I would throw this nagging
problem out to see if anyone has any thoughts. The problem concerns the slow
enumeration of user accounts, such as what you would see if you were going to add a
user to a group. It takes a minute,
Title: Message
How
about TS'ing to a server you CAN get at, and then using the TS Manager software
on that server to kill the connections on your other server?
Mike
Thommes
Argonne National Laboratory
-Original Message-From: Juan Ibarra
[mailto:[EMAIL PROTECTED]Sent: Tuesday,
One thing to keep in mind is the value you have set for RestrictAnonymous. See
Technet articles 178640 and 296403 for details.
Mike Thommes
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 28, 2003 7:35 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir]
I would certainly encourage you to look at Servers Alive (www.woodstone.nu). It's a
robust monitoring tool, has lots of checks (including services), and is a *real* value
at $99 to monitor up to 1000 servers.
Mike Thommes
Argonne National Laboratory
-Original Message-
Hi All!
As we continue to flesh out our AD structure, we are trying to give delegation
authority for various objects in OUs to the appropriate groups. Being a control
freak, I don't want to give these groups full control over all of the objects in the
OU since this is also where our user
Title: Message
I've
been told that MIIS is really just MMS 3.0 renamed. The description of the
software would seem to indicate so. Is this true?
Mike
Thommes
Argonne National Laboratory
-Original Message-From: Myrick, Todd (NIH/CIT)
[mailto:[EMAIL PROTECTED]Sent: Tuesday, July
Yep, the tools return user accounts, computer accounts and groups (even on a native
W2K domain). I use them every day in a batch job.
Mike Thommes
Argonne National Laboratory
-Original Message-
From: Free, Bob [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 12:47 PM
To: [EMAIL
Hi All:
Our DNS guy has a concern (minor?) about a previous fix being in the latest
dns.exe rolled into W2K/SP4. I don't want to take the chance of using an expensive
trouble ticket to allay his concern. Is there a specific discussion group he might
ask his question or is this one
PROTECTED]
Subject: RE: [ActiveDir] Computer Management Snap in?
dumb question but can you ping it by name ?? If not, does it resolve
to
the correct IP ??
-Original Message-
From: Thommes, Michael M. [mailto:[EMAIL
One way to do this is to go to the Computer Management mmc, go to System Tools/Shared
Folders/Sessions. You can export the data. You will have to do this on each of your
domain controllers to get a complete picture.
Mike Thommes
-Original Message-
From: Richard
Not too late...I believe it is only available under NT 4.
Mike Thommes
-Original Message-
From: Free, Bob [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 29, 2003 1:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Users Logged In
Not to sound like an absolute n00b or anything,
Too
Hi all,
We have a Windows 2000 test network where one of the child domain DCs (the only
one in that domain) was shutdown. That was back in April (more than 60 days). Is
there a tool (nltest?) I can use to reestablish the trust? Just trying to hit the
road running tomorrow when I get back
at repadmin /showmeta. Also if you are nice Robbie
might post a code snippet utilizing the IADSTOOLS DLL.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Monday
generic.
How would I find out the specifics - specifically when the password never expires
bit (part of the userAccountControl attribute) got changed? Thanks for any info!
Mike Thommes
-Original Message-
From: Thommes, Michael M.
Sent: Monday, August 11, 2003 8:01 PM
To: [EMAIL
Hi,
I am trying to identify exactly what got changed in a user's account (W2K domain).
I know that a change will create a Security log record, EventID 642, category
Account Management, type Success. It will identify the account that got changed
(Target Account ID) and who made the change
the server it self?
Best regards,
Agung
-Original Message-
From: Thommes, Michael M. [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 8:55 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Who's online
What
A ver command?
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Thu 8/14/2003 6:08 AM
To: [EMAIL PROTECTED]
Cc:
Subject: [ActiveDir] os version
i know this one has probably been done
Title: Message
Hi
Robbie,
I'm not aware that Windows 2000 password complexity
switch prevents the use of dictionary words. That certainly has not been
the case here. Please let me know if there is some "special" switch to
prevent dictionary words and what dictionary it uses.
Thanks!
Mike
maybe a wayward browse master?
Mike Thommes
-Original Message-
From: Richard Sumilang [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 12:12 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Max Connections?
I'm using a Windows 2000 Server computer as a File Server but sometimes
It's different on different computers but a starting point would be Network
Neighborhood\Properties, identify your NIC then right click to
\Properties\Configure\, then look at media type. We have a public network
performance tester at:
http://miranda.ctd.anl.gov:7123/
that
August 05, 2003
10:00 AMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Password LookupWhere can I find the scripts and where can you set the password
complexity? ThanksRyan
McDonaldSystems AdministratorThe Bankers Bank
"Thommes, Michael M."
[E
Hi,
We have a pretty complex IP structure with various types of access. As we develop
AD sites for low bandwidth connected remote offices, I was wondering how AD handles
site subnet definitions that might overlap one another. For example:
10.10.0.0/16 = Site 1
10.10.88.0/25 = Site 2
The
Hi,
When a user's password expires, does it automatically toggle the setting for the
account User must change password at next logon? It seems to me it used to do this,
but that is not what we are seeing now. Our DCs are at W2K/SP3 plus post SP3 patches.
Would there be any connection
Hi Jim,
I've got the same problem with a Compaq 1850R and a Compaq 3000R. Only my failure
to be able to reboot without manual intervention occurred sometime after SP3 with a
patch. The computers seem to start the reboot process but then just end up with a
blinking cursor in the upper left
Tonight I tried running adprep /forestprep from the Server 2003 CD on my W2K/SP3
schema master to get ready to put up a 2003 server. The process stopped saying that
the logged in account was not a member of the Enterprise Admins, the Schema Admins and
the Domain Admins. Not true! I was
have those groups in your token.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Friday, September 19, 2003 6:19 AM
To: [EMAIL PROTECTED]
I only have a c:\Exchange Server
Hi All:
I don't recall ever getting any response from the message below that I sent out
about a month ago. Hopefully, there's no harm in trying again. Thanks!
Mike Thommes
Hi,
When a user's password expires, does it automatically toggle the setting for the
account User must change
Hi All:
At least around here, Robbie's Tuna book has yet to hit the shelves. And
Microsoft's whitepaper on delegation is still a month away. Other references on
delegation appear scant at best. So here's the problem that I have been tearing my
hair out on (and I didn't have much to
: [ActiveDir] OU Delegation question
Just so we have it straight, once you set the deny permission, they're still
able to delete an account but not create one? Is that about it?
Is that the last of what you need to accomplish as well?
-Original Message-
From: Thommes, Michael M. [mailto
Maybe
persistent mapped drives, mapped with the old
userid/password?
Mike
Thommes
-Original Message-From: Creamer, Mark
[mailto:[EMAIL PROTECTED]Sent: Wednesday, October 08, 2003 2:19
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] account lockout troubleshooting
I
believe you're going to have to install the AD Client Extensions on those
PCs. You can find the software on the Windows
2000CD.
Mike
Thommes
-Original Message-From: Steve Shaff
[mailto:[EMAIL PROTECTED]Sent: Thursday, October 09, 2003 11:19
AMTo: [EMAIL
Hi All,
Since Joe mentioned those magic words auto password reset, I wonder what kind of
recommendations are out there. This was an idea I presented 6 months ago to
management and was abruptly shot down. Now it has come back up again as maybe a
worthwhile tool. I'd like to hear your
Hi All,
I have been struggling with a problem concerning sites. Hopefully someone out
there will point out where I am going wrong. I have 3 sites: West, Central and East.
West/Central are connected via T1; Central/East are also connected via T1. One DC (A)
in West, one DC (Z) in East,
For processes, go to the Task Manager, view/select columns/check User Name. On the
Processes tab Of the Task Manager, make sure to check the checkbox labelled Show
processes for all users. Click on the column header Username to sort by this
variable. For Open Files, right click on My
Hi Jim,
I came across that same solution a couple of days ago! (see
http://seer.support.veritas.com/docs/260097.htm
http://seer.support.veritas.com/docs/260097.htm for details) Like you, I was
stumped for quite a while. I think a real roadblock in my analysis of the problem is
that
re: migration -- One other issue that you might have to worry about is scheduled
jobs where the user is not actually logged in but the profile is still open.
Mike Thommes
-Original Message-
From: Jef Kazimer [mailto:[EMAIL PROTECTED]
Sent: Friday, November 07, 2003 12:50 PM
To: [EMAIL
Thanks, Hunter. I just got them. Be aware that the Best Practices whitepaper is 206
pages and the Appendix (with all the task/permissions tables) is 223 pages. (Printer
is still smokin'.) Guess I know what I will be doing this weekend!
Mike Thommes
-Original Message-
From: Coleman,
thought you might be interested in this
-Original Message-From: GRILLENMEIER,GUIDO
(HP-Germany,ex1) [mailto:[EMAIL PROTECTED]Sent: Thursday,
November 20, 2003 2:06 PMTo: [EMAIL PROTECTED]; 'Ravdal,
Stig 'Subject: RE: [ActiveDir] Managing Sites in Forest with Empty
Root
The current Windows .NET Magazine (December 2003) has an article OS Event-Log
Monitoring that lists many of the products out there. I was disappointed, however,
to find they did not list the inexpensive product I have been using for years quite
successfully - EventReport by Adiscon
More good stuff for you. See the last part of this email under
"WARNING".
-Original Message- From:
GRILLENMEIER,GUIDO (HP-Germany,ex1) [mailto:[EMAIL PROTECTED]
Sent: Sun 1/4/2004 1:35 PM To:
[EMAIL PROTECTED] Cc: Subject: RE:
[ActiveDir] 5,000 direct member limit
Hi All,
We are seeing Eventid 40961 generated every hour on Windows 2000 DCs that have
been upgraded to Server 2003 and every two hours on fresh Server 2003 DCs. The
contents look like the following:
Event Type:Warning
Event Source: LSASRV
Event Category:SPNEGO
/display.asp?eventid=40961source=
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Monday, January 05, 2004 3:47 PM
To: Active Directory Mailing List (E-mail)
Subject: [ActiveDir] Eventid 40961 on W2K DC upgraded to Server 2003
Hi All
Hi,
This morning I noticed that the "Additional Acct Info" (sp?) tab in ADUC on my
Windows 2000 DCs (withextra "acctinfo.dll" installed) and on my Windows
2003 DC (additional info by default) is no longer there. While I don't use
this feature on a daily basis, I am sure I have used it in
Hi
Deji,
Duh on me! I knew that. My brain in still
catching up from a week's vacation! Thanks!
Mike
Thommes
-Original Message-From: deji Agba
[mailto:[EMAIL PROTECTED]Sent: Monday, February 09, 2004 9:21
AMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Where did
Regarding MS04-004, you all should be aware of the following:
http://support.microsoft.com/default.aspx?scid=kb;en-us;831167
This issue is affecting us significantly.
Mike Thommes
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 3:15
Hi Joe,
I've seen your DC numbers in the past (~400) and wonder how just two guys can keep
all that hardware going!? While we have many fewer DCs and servers (dozens), the two
of us that work on them seem to have our hands full. 'Course we're also involved with
other things besides
We have put up a new forest that has a one way trust (trusting) with our original
forest. The DC (W2K3) for this new forest is on the same LAN as computers in the
original forest. Yet, the new forest or its computers do not show up My Network
Places\Entire Network\Microsoft Windows Network as
I second this recommendation. ServersAlive rocks. And even for the non-free
versions, the price is dirt cheap!
Mike Thommes
-Original Message-
From: England, Christopher M [mailto:[EMAIL PROTECTED]
Sent: Monday, February 16, 2004 9:12 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
The Additional Account Info tab was available on W2K systems if you installed the
acctinfo.dll file from Microsoft. It is there by default in W2K3. You will not see
this tab if you first do a search on the object and then click on properties. If you
go directly to the object in ADUC and
From
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/upgadc14.mspx
Unlike the ForestPrep command, which was fairly resource-intensive, DomainPrep
completes quickly. The changes in comparison to ForestPrep are relatively minor. Two
new
Hi,
Because of firewall issues, I am creating a new site that is well connected to
the rest of my AD topology. This new site will contain workstations and a
domain controller for an already existingchild domain. This child
domain DCwill also be the bridgehead serverin this new site.
User
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M
I noticed today that
my W2K3 FSMO DC doesn't show up in the Terminal Services Manager GUI. I've
tried this on both W2K and W2K3 servers and it doesn't show up! A terminal
service client connection works fine to it. And in the default
administrative mode, I get a maximum of two connections,
I've notice that the
last few mailings don't include the usual:
List info :
http://www.activedir.org/mail_list.htm
List FAQ :
http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Did something
change?
Mike
Thommes
Seems
to me if the device is "failed", the best you're gonna do is a "tracert" command
where the failed device is in the path. From another viewpoint, you may
want to make use of a tool like ServersAlive (http://www.woodstone.nu/salive/)
to check on whatever devices you're interested in.
Hi All!
Below is part of a daily dcdiag report run from my FSMO role holder (a W2K3 DC).
A few (but not all) of the sections for the various domain controllers show the
following (names changed to protect the innocent). Can someone tell me in layman's
terms what this means? I can't find
Hi Steven,
There is a new dcdiag.exe available (but not publicly yet). If you have a Premier
account, you can reference KB832628. I had a different issue than the one you are
reporting. The new executable solved my problem (truncated output when run with the
/e switch. I believe MS is
Hi
All,
I
know that some of you think the Exchange/AD is the best thing since "sliced
bread" wink based on past exchanges/rants on this mailing list,and
I wonder about the following:
In multi-domain environments, the
global catalog server that you select may not be in the same domain as
such that the DC
in question is the only machine that has Read and Apply GPO rights to
it. You'll have to remove the default Authentiated Users ACE as well.
Darren
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Wednesday, March 24
I hope there is an
easy answer to the following question: I would like to delegate authority to a
group to be able to disable user accounts down in an OU. But I don't want
to have to also give them the ability to create/delete user accounts. I've
looked around the Delegation Wizard custom
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Friday, March 26, 2004 4:00 PM
To: Active Directory Mailing List (E-mail)
Subject: [ActiveDir] permissions to only disable an AD user account
)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Sunday, March 28, 2004 9:07 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Linking other GPO objects
persistent drive mappings made under the old account/password?
-Original Message-
From: Mike Hogenauer [mailto:[EMAIL PROTECTED]
Sent: Fri 4/2/2004 4:27 PM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: [ActiveDir] Vice pres Account Lockout ?
Hi Mike,
If you haven't done this already, check the security event log on your DCs and
look for eventid 529 associated with this user. At the very least, it will indicate
which workstation the failures are coming from. If your vice pres logs into different
computers, at least this
Hi David,
It seems to me the best way to check these would be part of a dcdiag execution. If
these DCs are all part of a root/child domain structure, you could run dcdiag /e /v
on your FSMO role holder. Enter dcdiag /? for details.
Mike Thommes
-Original Message-
Hi Tom,
See
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q252/3/88.aspNoWebContent=1
Mike Thommes
-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 20, 2004 3:19 PM
To: ActiveDir (E-mail)
Subject:
I should've added this reference also:
http://www.winnetmag.com/Windows/Article/ArticleID/39421/39421.html
Mike Thommes
-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 20, 2004 3:19 PM
To: ActiveDir (E-mail)
Subject: [ActiveDir] Default printer logon
Couldn't you just query DNS (ie, nslookup aa.bb.cc) and look at the IPs returned?
Mike Thommes
-Original Message-
From: AD [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 13, 2004 8:47 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Enumerating DCs from a workstation that is not
member of
drool, especially the part about the trout stream! 8-P
Mike Thommes
-Original Message-
From: Fuller, Stuart [mailto:[EMAIL PROTECTED]
Sent: Thu 5/13/2004 6:37 PM
To: '[EMAIL PROTECTED]'
Cc:
Subject: RE: [ActiveDir] OT: Research
Hi
Wook,
Thanks for the additional details! I've been
chasing my tail on this issue for about about a week now. Is it too simplistic
to think these problems could be avoided if service dependencies were
used?
Mike
Thommes
-Original Message-From: Lee, Wook
[mailto:[EMAIL
Hi
Folks,
I
apologize for the question since I think it has been battered around in one form
or another but I can't seem to find the answer. The question: a related
company root admin wants to see a password expiration length time on a W2K
domain. He is worried that everyone's password
case, they will all expire at the same time
*interval* vs. the same exact moment in time. Not that it matters for
most domains, but...
Al
From: Thommes, Michael M.
[mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 11:04
AMTo: Active Directory Mailing List (E-mail)Subject
My DNS guy would like to be able to archive the DNS debugging logs (eg,
c:\winnt\system32\dns.log) . Currently, you can indicate what size you like the log
to be, and when it gets to that size, it just writes over itself. Has anyone found a
way to automatically cut a new a log file? TIA!
Hi Todd,
Check out http://www.winguides.com/registry/display.php/351/
-Original Message-
From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]
Sent: Friday, May 07, 2004 2:53 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] GPO's
Does anyone have a ADM script or know how to set the
Hi
Eric,
Improvements in this area would be great!
I'd like to suggest that MS thinks about moving KB articles from the Premier
site to the Public site a little faster also. Keeping known problems from
the public is not a good policy. (Yes, there are at least two KB
databases!)
Mike
Yep. In ADUC go to your User Account/Properties...Account
tab..."Log On To" button...add computer name.
Mike
Thommes
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]Sent: Thursday, June 03, 2004
3:11 PMTo: [EMAIL PROTECTED]Subject:
[ActiveDir] AD
I want to create a
new site within my AD (Server 2003)to help guide particular subnet clients
to closeby servers. While I have done this before when our forest was
Windows 2000, the current Active Directory Sites and Services GUI seems to be
throwing me for a "chicken and egg" loop:
1)
Hi
David,
That's what I ended up doing. The new site is
now created, subnetted, DCs moved to it, and replication is humming along
great! 8-) Thanks!
Mike
Thommes
-Original Message-From: Fugleberg, David A
[mailto:[EMAIL PROTECTED]Sent: Monday, June 07, 2004 4:30
PMTo:
Yesterday I made one
of my root domain controllers a bridgehead server. It joins the first
bridgehead server that I createdearly on with another root domain
controller. The enterprise dcdiag report I run each morning shows no
indication of the new bridgehead server. I read
How about robocopy from the resource kit? While it is not automatic, you could run
it with a scheduled job.
Mike Thommes
-Original Message-
From: Sumit Kumar Laad [mailto:[EMAIL PROTECTED]
Sent: Fri 7/9/2004 2:10 AM
To: [EMAIL PROTECTED]
Cc:
Hi
Joe,
The bridgehead servers are designated to satisfy my
security guys so that a minimum number of firewall conduits need to be defined
for DCs in separate sites. The recent addition of a second bridgehead
server was at the suggestion of my co-worker who likes redundancy.
8-)
Mike
I have a domain controller that I need to rename (I think). This DC sits in a
separate site. Recently, networking redid the forward lookup record in the Unix DNS
server for this DC from spock.dis.anl.gov to spock.dc.anl.gov when they rebadged
the entire subnet. Now I have a child DC that
Hi Joe,
A related question - we got to talking about what access is required to run
srvinfo.exe (from the resource kit) against a domain controller. It seems like
authenticated users membership is all that is needed. Now I know there are ways to
restrict access to other things like the
After lots of
iterations using dsquery, dsget, and/or adfind, I still can't seem to produce
"proxyAddresses" usinga given UPN. It's Friday afternoon, my brain
hurts, and I sure would like to finish the week ona high note. Any
help is REALLY appreciated! Thanks.
Mike
Thommes
Michael,
Thank you! I kept beating on the commands using
"upn" instead of "userprincipalname". I owe you a beer! Thanks
again!
Mike
Thommes
-Original Message-From: Michael B. Smith
[mailto:[EMAIL PROTECTED]Sent: Friday, July 16, 2004 2:25
PMTo: [EMAIL PROTECTED]Subject:
Chris,
Here is a response from our Kerberos
guy regarding your question:
Mike
Thommes
Argonne National Laboratory
-Original Message-From: Engert, Douglas E.
Sent: Tuesday, July 27, 2004 3:46 PMTo: Thommes, Michael
M.Subject: Re: FW: [ActiveDir] Kerberos interoperability
question
Hi,
In trying to diagnose an issue that came up yesterday, I am trying to use the
showacls.exe from the 2003 server reskit. It seems that it will only
produce output for directories, not individual files. Has anyone else
experienced this behavior? (Any other recommended tools to capture
Title: Message
Check
out http://www.winguides.com/registry/display.php/1126/
Mike
Thommes
-Original Message-From: Rick Kingslan
[mailto:[EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 8:02
AMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] [Active Dir] Print Screen
1 - 100 of 329 matches
Mail list logo