RE: [ActiveDir] Quiet? DEC? Related?
I can only say that I really wanted to be there, glad you all had a great time! I will try to be there the next time, if work allows it... Joe/Deano - sounds like I missed a great session! /Jimmy the Swede Jimmy Andersson, Principal Advisor - Q Advice AB Microsoft MVP - Directory Services Security --- www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Saturday, April 01, 2006 1:26 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quiet? DEC? Related? I think he may have been there with us, as I believe the force may be strong in him: as in keeping with Joe2D2, Dean3PO, Gilbacca and Princess Horr-hay - Deji is an anagram of Jedi -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana Sent: 01 April 2006 07:27 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quiet? DEC? Related? Definitely a huge thanks to everyone for making this an awesome first DEC for me! It was great matching up faces to the email addresses I see daily. The DR, Security and Interopt sessions were a couple of my favorites. The DJ show was awesome! For those not able to attend this year, make it a priority next year. I was told I could take a class this quarter...I've taken enough AD and Exchange classes over the years so I chose to attend DEC because of the praise given to it by the folks on this list. It was well worth the trip...didn't hurt that red 9 kept hitting either ;-) So the only mystery left is where was Deji? Cheers, Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, March 31, 2006 5:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quiet? DEC? Related? Absolutely. Very entertained. I had a near permanent smile from the point I directed a question to Stuart asking him where he was from so I could give him a copy of AD3E. The funny part was him thinking I was trying to set him up for something... As soon as I saw him in the audience I intended on giving him a copy to say thanks from all of us for the work he has done on this stuff and his lack of failure in listening to our feedback. The way it all played out though was great and added to the fun. To those who sadly didn't attend we gave out copies of Active Directory Third Edition to folks who were answering questions we tossed out into the open. I said the next question is for Stuart alone and said Stuart, where are you from? knowing that most of the folks in the audience would know exactly where he was from having seen his keynote abt Identity Management I figured most people would yell it out so I said it was just for him. His response was priceless... Now or originally? The audience howled. Great fun. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: Friday, March 31, 2006 7:49 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quiet? DEC? Related? That's cool. I can go with that. As long as you're entertained. Let's just say it's not my kind of entertainment, unlike the joe and Dean show. Hey, joe and Dean, aren't you the guys who sing Little Old Lady From Pasadena? Or was that Little Old Attr Caused PAS Expansion? :) Wook -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, March 31, 2006 4:27 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quiet? DEC? Related? Well it really depends on their attitude. What Guido I did wasn't gambling though I stated it as such previously. Wee were being entertained. You don't really gamble when you play the slots, you have no control over the outcome. If someone goes in thinking they will walk away with more money than they started with, I would argue they should not be doing it at all. I personally figure out how much money I am spending on entertainment and then spend it be it on slots, meals, drinks, or cool little rubber duckies at the hotel airport. Thinking that way, I lost $0 as well, though I spent about $500 on entertainment. Best money spent IMO. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: Friday, March 31, 2006 3:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quiet? DEC? Related? I've always thought that gambling in general was a tax on those who don't understand probability by those who do understand brain chemistry. I lost $0. Though it was sometimes fun watching other people support the Las Vegas economy. What's lost in Lost Wages stays in Lost Wages. :) Wook -Original Message- From: [EMAIL
RE: [ActiveDir] Adding drives to restrict drives policy
If memory serves You must edit the HideDrives value. This is how you calculate the HideDrives value: The registry key that this policy effects uses a decimal number which corresponds to a 26 bit binary string, with each bit representing a drive letter: 11 ZYXWVUTSRQPONMLKJIHGFEDCBA The above configuration corresponds to 67108863 and will hide all drives. If you only want to hide the drives: A, C, D, E, F, H and T you would do this: 0010001001 ZYXWVUTSRQPONMLKJIHGFEDCBA This would be 524477 in decimal number and hide the drives A, C, D, E, F, H and T. This is the value that you type in as the NoDrives Value in the policy template. If you want to edit the system.adm template, remember that you have to edit the .adm file on multiple places: POLICY !!NoDrives POLICY !!NoViewOnDrive ...and don't forget to edit the corresponding value in the [strings] section. Regards, /Jimmy Jimmy Andersson, Principal Advisor - Q Advice AB Microsoft MVP - Directory Services Security --- www.qadvice.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mike kline Sent: Friday, December 23, 2005 4:46 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Adding drives to restrict drives policy You are right about the system.adm file take a look at http://support.microsoft.com/kb/q231289/ http://support.microsoft.com/kb/q231289/ Using Group Policy Objects to hide specified drives in My Computer for Windows 2000 You need to find out the Hexidecimal value for the drives you want to hide You can find the hex values here: http://www.sd61.bc.ca/windows2000/HideDrives.htm Hope this helps Mike On 12/23/05, Matt Johnson [EMAIL PROTECTED] wrote: I would like to restrict more drives than just A, B, C, D via group policy. However, I don't want to restrict access to all of them. I know that I probably have to modify the system.adm file to add more drives. I wish I knew where to go from there. Any help would be greatly appreciated. The drives by the way I want to restrict access to is A,B,C,D,L. Thanks in advance. -- Matt Johnson [EMAIL PROTECTED] Subtle and insubstantial, the expert leaves no trace; divinely mysterious, he is inaudible. Thus he is the master of his enemy's fate. -Sun Tzu List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT: Please Settle a Bet
wasn't it 16-bit loaded with highmem in dos? ;) /The Swede - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services -- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Friday, February 11, 2005 11:01 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor
I've been somewhere in time... As usual ;) /The Swede - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Wednesday, February 09, 2005 3:21 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor Where the hell have _YOU_ been, you little over-cooked Swede? :OD Great to hear from you! -rtk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Sent: Wednesday, February 09, 2005 6:19 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor Isn't that what Access-based Directory Enumeration do? This feature is not enabled by default in SP1, though. I haven't tried the feature yet so I can't verify it. Regards, /Jimmy - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services -- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sakari Kouti Sent: Wednesday, February 09, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor It's been my dream over ten years that NTFS would get similar permission feature to what has been in NetWare all these years. When a user has permissions to a given subfolder, it's almost always most logical that this subfolder (automatically or implicitly up to the root) would become visible to her. And vice versa, when she has no permissions to a subfolder, it would be logical that this subfolder is invisible to her. And it has been my dream for six years that the same would apply to AD, as has always been with NDS. While we are on the subject, another extremely handy feature of NDS would be most welcome in AD. That is, each OU would be a sec prin, so if you want to grant permissions to all people in the Sales OU, you wouldn't have to create a paraller sec group for that. Yours, Sakari From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Wednesday, February 09, 2005 10:18 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor Hi, clipclipclip Regards, Jorge PS.: I'm glad MS is going toward the permissions structure (with W2K3 SP1) like Novell has. It is still not perfect, but it's a begin. AND maybe some day (Windows 2011?) will be able to configure file system permissions through AD like that is possible with the NDS. The possibility of configuring permissions for the file system through GPOs is a nice feature but far from perfect. Also any thoughts on this are welcome. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor
LOL! :P /J - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 4:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor Jimmy always sees his shadow around this time - Summit must be around the corner :-p Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Wed 2/9/2005 6:20 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor Where the hell have _YOU_ been, you little over-cooked Swede? :OD Great to hear from you! -rtk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Sent: Wednesday, February 09, 2005 6:19 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor Isn't that what Access-based Directory Enumeration do? This feature is not enabled by default in SP1, though. I haven't tried the feature yet so I can't verify it. Regards, /Jimmy - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services -- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sakari Kouti Sent: Wednesday, February 09, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor It's been my dream over ten years that NTFS would get similar permission feature to what has been in NetWare all these years. When a user has permissions to a given subfolder, it's almost always most logical that this subfolder (automatically or implicitly up to the root) would become visible to her. And vice versa, when she has no permissions to a subfolder, it would be logical that this subfolder is invisible to her. And it has been my dream for six years that the same would apply to AD, as has always been with NDS. While we are on the subject, another extremely handy feature of NDS would be most welcome in AD. That is, each OU would be a sec prin, so if you want to grant permissions to all people in the Sales OU, you wouldn't have to create a paraller sec group for that. Yours, Sakari From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Wednesday, February 09, 2005 10:18 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Migrating access rights from Novell/NDS to W2K3/AD with NDS migra tor Hi, clipclipclip Regards, Jorge PS.: I'm glad MS is going toward the permissions structure (with W2K3 SP1) like Novell has. It is still not perfect, but it's a begin. AND maybe some day (Windows 2011?) will be able to configure file system permissions through AD like that is possible with the NDS. The possibility of configuring permissions for the file system through GPOs is a nice feature but far from perfect. Also any thoughts on this are welcome. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] PDC emulator in Native mode
Well, for one thing it will handle account lockouts due to the PDC chaining operation. Regards, /Jimmy - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services -- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ManjeetSent: Wednesday, February 09, 2005 4:44 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] PDC emulator in Native mode Hi, What happened to the PDC Emulator Role if we move from mixed mode to native mode. Is the PDC Emulator is required in Native mode... ? and if required then what will it do and what changes in the functional behaviour of it ? Best- Manjeet Do you Yahoo!?Yahoo! Search presents - Jib Jab's 'Second Term'
RE: [ActiveDir] How to restrict access to event viewer
Do you mean that you want to control permissions on the different logs within Event Viewer? If so, it's absolutely possible if you change the SDDL in the Registry, however you need to write a customized GPO template to push them out to the servers unless you want to manually edit each server's Registry. Regards, /Jimmy - Jimmy Andersson, Q Advice AB Principal AdvisorMicrosoft MVP - Directory Services-- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Thursday, July 22, 2004 3:47 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] How to restrict access to event viewerSensitivity: Private Hy, Can you share you experiences about how to restrict access to event viewer to only onegroup ? local and remote access ? Thks. AVISO LEGAL:Esta informacion es privada y confidencial y esta dirigida unicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha informacion por favor elimine el mensaje. La distribucion o copia de este mensaje esta estrictamente prohibida. Esta comunicacion es solo para propositos de informacion y no debe ser considerada como propuesta, aceptacion ni como una declaracion de voluntad oficial de REPSOL YPF S.A. y/o subsidiarias y/o afiliadas. La transmision de e-mails no garantiza que el correo electronico sea seguro o libre de error. Por consiguiente, no manifestamos que esta informacion sea completa o precisa. Toda informacion esta sujeta a alterarse sin previo aviso.This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, disseminastribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from REPSOL YPF S.A. and/or subsidiaries and/or affiliates. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.
RE: [ActiveDir] Replication of linked attributes between domain and sub-domain
True, I typed without thinking (or rather reading closely...) I just saw PAS and typed away a canned answer... I must go on a break and clear my head g /Jimmy - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Friday, June 11, 2004 12:57 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Replication of linked attributes between domain and sub-domain first of all, if titi.com and toto.titi.com are real names, then I'd switch jobs - this would drive me crazy ;-) Rgd. adding the directReports to the PAS: that would be nice, but isn't possible for the backlinks of linked attribute-pairs - this is the case here for the directReports attribute = it is not a replicated attribute at all (neither cross domain nor within the same domain), as only forward links (here the manager attribute) get replicated between DC/GCs. Instead, the backlink attributes are processed locally on each DC when it receives the forward-link (e.g. a user object's manager attribute) and creates the link between the two respective AD objects via an entry in the local link table on the DC/GC. However, the forward-link will only replicate to DCs hosting the respective naming context. And for attributes (even forward links), which are also in the PAS (configured to replicate to the GC), this means that the information is also replicated to GCs from another domain(s), hosting a read-only partition of the source domain (of an object with a forward link). And the GCs will then again create the respective backlink locally, when making the entry in the linktable, even for cross-domain links. For the given manager/directReport example this means that a user's manager attribute is only replicated to DCs of the same domain and to GCs in the forest - and that only these machines populate the respective directReports attribute (backlink) for a user who is a manager of this other user. As such, you won't see cross-domain directReports information on a DC of a manager's domain, if this DC is not a GC. So here, the DC for titi.com used to lookup the directReports attribute usertiti must have been a GC, while the DC of toto.titi.com used to lookup the directReports attribute usertoto must have been just a normal DC. This is not to be confused with Phantom Records (which are updated via the Infrastructure Master): as the directReports attribute is not the replicated attribute, it is also not updated or replicated as a phantom record via the IM. However, phantom records are created on non-GC DCs to replicate the manager-attribute (forward-link) to other DCs, if e.g. a user's manager-attribute is linked to a user-object outside the own domain. As Dean perfectly described, the IM is then responsible to sync changes to the linked object over time (renames, deletes etc.), but it would not update any backlinks. As a sidenote on the replication of the manager/directReports links you should realize, that if you do leverage these accross domains in a forest and you accidentally delete a manager (with direct-reports in various domains) whom you must then authoritatively restore in AD, the links to the manager's directReports are NOT recovered with the manager... (same issue as with memberships in Universal Groups or Domain Local groups in other Domains of the forest) \Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson Sent: Donnerstag, 10. Juni 2004 11:17 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Replication of linked attributes between domain and sub-domain If you really want/need it to be replicated to the GCs, you can use the Schema snap-in, and check the box in front of 'Replicate this attribute to the Global Catalog'. Regards, /Jimmy - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Thursday, June 10, 2004 11:04 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Replication of linked attributes between domain and sub-domain The manager attribute is replicated between GCs as part of the Partial Attribute Set. The directReports attribute isn't. Whether you see it or not will depend on the domain of the DC you are querying. Tony -- Original Message -- Wrom: BLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBO Reply-To: [EMAIL PROTECTED] Date: Thu, 10 Jun 2004 10:02:34 +0200 Hi, I have a domain titi.com with a sub-domain toto.titi.com, a user usertiti on domain titi.com and a user usertoto on domain toto.titi.com. I set usertiti as manager
RE: [ActiveDir] Replication of linked attributes between domain and sub-domain
If you really want/need it to be replicated to the GCs, you can use the Schema snap-in, and check the box in front of 'Replicate this attribute to the Global Catalog'. Regards, /Jimmy - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Thursday, June 10, 2004 11:04 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Replication of linked attributes between domain and sub-domain The manager attribute is replicated between GCs as part of the Partial Attribute Set. The directReports attribute isn't. Whether you see it or not will depend on the domain of the DC you are querying. Tony -- Original Message -- Wrom: BLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBO Reply-To: [EMAIL PROTECTED] Date: Thu, 10 Jun 2004 10:02:34 +0200 Hi, I have a domain titi.com with a sub-domain toto.titi.com, a user usertiti on domain titi.com and a user usertoto on domain toto.titi.com. I set usertiti as manager of usertoto and usertoto as manager of usertiti. When I look a the usertoto and usertiti entries in the directories, I have: - the manager attribute of usertiti is correctly set at usertoto, - the directReports attribute of usertiti is correctly set at usertoto, - the manager attribute of usertoto is correctly set at usertiti, - but, the directReports attribute of usertoto is not correctly set at usertiti ! Why ? Is it normal or is it a replication problem ? Thanks in advance for your answers... Solange Desseignes List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] logon scripts
Sober? What's that??? :) /Jimmy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger SeielstadSent: Tuesday, April 13, 2004 6:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] logon scripts To quote Tony Murray-Smith - "I'm still trying to get used to being sober" -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 13, 2004 11:11 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] logon scripts What can I say? I'm still jet-lagged, I guess :) Thanks for the pointer. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Roger SeielstadSent: Tue 4/13/2004 6:24 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] logon scripts Except Deji forgets one important piece of information (which is rare for him) - VBScript doesn't natively run on Win9x. It requires a separate install of Windows Scripting Host. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 13, 2004 12:19 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] logon scripts Smart guy. :op -rtk From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of deji AgbaSent: Monday, April 12, 2004 11:13 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] logon scripts I don't have a Win9X to test this on, but Win2K/2K3/XP is fair game for this: Set wshNetwork = WScript.CreateObject("WScript.Network")Set wshShell = WScript.CreateObject("WScript.Shell") str_Group1_Share = "file://myserver/myShare1"str_Exec_Share = "file://myserver/myShare2"str_BS_Share = "file://myserver/myShare3"str_Super_Share = "file://mySuperServer/SuperShare" strDriveToMap = "H:" usrName = wshShell.ExpandEnvironmentStrings("%USERNAME%")Set usr = GetObject("WinNT://MyDomainName/" usrName ",user") For Each grp In usr.Groups WScript.Echo grp.NameIf grp.Name = "BS-Group" Then wshNetwork.MapNetworkDrive strDriveToMap, str_BS_ShareExit ForElseif grp.Name = "SOME_GROUP" ThenwshNetwork.MapNetworkDrive strDriveToMap, str_Group1_ShareExit ForElseif grp.Name = "yet_Another_Group" OR grp.Name = "Super-DuperUser" ThenwshNetwork.MapNetworkDrive strDriveToMap, str_Super_SharewshNetwork.MapNetworkDrive "K:", str_Exec_ShareExit ForEnd IfNext Set usr = NothingSet wshShell = NothingSet wshNetwork = Nothing HTH Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Nathan CaseySent: Mon 4/12/2004 4:17 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] logon scripts What is a recommended logon script solution that will work with win9x, win2k/xp clients for drive mapping, etc that works similar to Novell logon scripts? Example: IF MEMBER OF "GROUP" THEN BEGIN MAP H:=SERVER1\VOL1: END
RE: [ActiveDir] Security and AD
These articles might help: A List of the Windows 2000 Domain Controller Default Ports: http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q289241 AD Replication over Firewalls by Steve Riley, http://www.microsoft.com/SERVICEPROVIDERS/columns/config_ipsec_p63623.asp FYI: Q224196 - Restricting AD Replication Traffice to a Specific Port. http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q224196 Q179442 - How to Configure a Firewall for Domains and Trusts. http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q179442 Regards, /Jimmy - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gagnesh Kumar Sent: Wednesday, March 24, 2004 2:24 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Security and AD Hi, I want to run AD behind a firewall.Can someone please suggest what ports should I leave open so that all the clients to my AD can access it successfully? Any help would be greatly appreciated. Thanks and regards, Gagnesh List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Do I really need to add UPNs?
Brothers in arms...??? COME ON RICK! It's Dean. I've go an idea. let's discuss it offline ;) BTW, Dean I'm just the Indian Swede with a bizzare life according to Rick... :) LOLDo the word Geotard come to mind ;) /The Swede - Jimmy Andersson, Q Advice AB Principal AdvisorMicrosoft MVP - Directory Services-- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick KingslanSent: Saturday, March 20, 2004 7:05 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Do I really need to add UPNs? Oh, yeah - I remember the last heated discussion. When you've got Stuart on the run, you don't give up, do you? ;o) Looking forward to some 'brothers-in-arms' time in Redmond. Rick Kingslan MCSE, MCSA, MCT, CISSPMicrosoft MVP:Windows Server / Directory ServicesWindows Server / Rights ManagementAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzoneWebLog - www.msmvps.com/willhack4food From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Saturday, March 20, 2004 7:32 AMTo: AD mailing list (Send)Subject: RE: [ActiveDir] Do I really need to add UPNs? Great answer ... indeed they are. Most of the info. is maintained as a blob (msDS-trustForestTrustInfo off the top of my head) on the representative TDO which, as you said, replicates to forest local GCs in order to allow CrackNames to resolve foreign-forest namespaces ... this particular attribute has been the cause of many a heated debate between myself and some Microsoft guys but that's another story entirely. PS - Can't take yer liquor huh Joe? :-) See you guys at the summit. -- Dean Wells MSEtechnology ( Tel: +1 (954) 501-4307 * Email: dwells@msetechnology.com http://msetechnology.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of GRILLENMEIER,GUIDO (HP-Germany,ex1)Sent: Saturday, March 20, 2004 4:30 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Do I really need to add UPNs? actually I had to think some more about what I had posted - I believe the "officially" added UPNs are also stored in the respective TDO object of the trusting domain, which replicates to all the GCs of the own domain. This is how a DC in the trusting forest will know where to pass on the request if you logon to a workstation in the trusting forest with a UPN defined in the trusted forest. In addition - as mentioned before - you'll only be able to perform restrictions on these UPN suffixeswhen added to the upnSuffixes attribute. So I guess when you're using forest trusts and you do want to allow the "other" (not the implicit) UPNs for logon in the trusting forest, you'll have to add them to the attribute. But I guess I still earned the beer ;-) Won't I be on my way until another 6 hours. Cheers, Guido From: joe [mailto:[EMAIL PROTECTED] Sent: Samstag, 20. März 2004 03:22To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Do I really need to add UPNs? Ah, see I may be getting old but I can kind of remember. :o) Thanks for the assist Guido. You have earned one crappy American Beer when you get here. Heck you may already be on the way. :o) - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GRILLENMEIER,GUIDO (HP-Germany,ex1)Sent: Friday, March 19, 2004 3:32 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Do I really need to add UPNs? Adding the UPN suffixes to the list of alternate UPNs will enable configuration of TLN restrictions (Top-Level Name restrictions) for forest trusts (i.e. transitive trust between two 2003 forests). The UI lists the available UPN suffixes of the trusted forest incl. the stored alternate UPNs and allows you to configure which ones you allow to be used "accross the trust" for authentication. This is a must, if your UPN isn't a subordinate of the top level name of your root (e.g. TLN of root = "mycompany.net", but your alternative UPN suffix is "othercompany.net"). Alternative UPNs which are subordinates (e.g. "otherOrg.mycompany.net") can be added manually within the wizard by adding exceptions for your existing root-UPN suffix. /Guido From: joe [mailto:[EMAIL PROTECTED] Sent: Freitag, 19. März 2004 01:10To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Do I really need to add UPNs? Crap I knew the answer to this at one point... I must have reached the end of my event log and am now overwriting... It is for the GUI but there is something else that looks at that and if it isn't populated it doesn't know to take that UPN Suffix into account I want to say it has somet
RE: [ActiveDir] Do I really need to add UPNs?
I just realized, nobody knows me on this list besides Dean, Tony and Rick I hope I'm not beeing flamed because of this. :) Regards, /Jimmy the Swede - Jimmy Andersson, Q Advice AB Principal AdvisorMicrosoft MVP - Directory Services-- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy AnderssonSent: Saturday, March 20, 2004 10:29 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Do I really need to add UPNs? Brothers in arms...??? COME ON RICK! It's Dean. I've go an idea. let's discuss it offline ;) BTW, Dean I'm just the Indian Swede with a bizzare life according to Rick... :) LOLDo the word Geotard come to mind ;) /The Swede - Jimmy Andersson, Q Advice AB Principal AdvisorMicrosoft MVP - Directory Services-- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick KingslanSent: Saturday, March 20, 2004 7:05 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Do I really need to add UPNs? Oh, yeah - I remember the last heated discussion. When you've got Stuart on the run, you don't give up, do you? ;o) Looking forward to some 'brothers-in-arms' time in Redmond. Rick Kingslan MCSE, MCSA, MCT, CISSPMicrosoft MVP:Windows Server / Directory ServicesWindows Server / Rights ManagementAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzoneWebLog - www.msmvps.com/willhack4food From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Saturday, March 20, 2004 7:32 AMTo: AD mailing list (Send)Subject: RE: [ActiveDir] Do I really need to add UPNs? Great answer ... indeed they are. Most of the info. is maintained as a blob (msDS-trustForestTrustInfo off the top of my head) on the representative TDO which, as you said, replicates to forest local GCs in order to allow CrackNames to resolve foreign-forest namespaces ... this particular attribute has been the cause of many a heated debate between myself and some Microsoft guys but that's another story entirely. PS - Can't take yer liquor huh Joe? :-) See you guys at the summit. -- Dean Wells MSEtechnology ( Tel: +1 (954) 501-4307 * Email: dwells@msetechnology.com http://msetechnology.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of GRILLENMEIER,GUIDO (HP-Germany,ex1)Sent: Saturday, March 20, 2004 4:30 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Do I really need to add UPNs? actually I had to think some more about what I had posted - I believe the "officially" added UPNs are also stored in the respective TDO object of the trusting domain, which replicates to all the GCs of the own domain. This is how a DC in the trusting forest will know where to pass on the request if you logon to a workstation in the trusting forest with a UPN defined in the trusted forest. In addition - as mentioned before - you'll only be able to perform restrictions on these UPN suffixeswhen added to the upnSuffixes attribute. So I guess when you're using forest trusts and you do want to allow the "other" (not the implicit) UPNs for logon in the trusting forest, you'll have to add them to the attribute. But I guess I still earned the beer ;-) Won't I be on my way until another 6 hours. Cheers, Guido From: joe [mailto:[EMAIL PROTECTED] Sent: Samstag, 20. März 2004 03:22To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Do I really need to add UPNs? Ah, see I may be getting old but I can kind of remember. :o) Thanks for the assist Guido. You have earned one crappy American Beer when you get here. Heck you may already be on the way. :o) - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GRILLENMEIER,GUIDO (HP-Germany,ex1)Sent: Friday, March 19, 2004 3:32 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Do I really need to add UPNs? Adding the UPN suffixes to the list of alternate UPNs will enable configuration of TLN restrictions (Top-Level Name restrictions) for forest trusts (i.e. transitive trust between two 2003 forests). The UI lists the available UPN suffixes of the trusted forest incl. the stored alternate UPNs and allows you to configure which ones you allow to be used "accross the trust" for authentication. This is a must, if your UPN isn't a subordinate of the top level name of your root (e.g. TLN of root = "mycompany.net", but your alternative UPN suffix is "othercompany.net"). Alternative UPNs which are subordinates (e.g. "otherOrg.mycompany.net") can be added manually within the wizard by adding exceptions
RE: [ActiveDir] Multiple Trees questions
I think Al is reading your question as multiple forests vs single forest. Please clarify since I understand your Q to be about one forest with a single tree vs multiple trees. If you want/need a security boundary you will end up in a multiple forest environment, but that's due to laws etc if applicable since the forest is the only security boundary today. If you have multiple trees in one forest you can have separate namespaces for each tree etc.. But before digging into the details please confirm is you're talking about singel forest or not. Regards, /Jimmy - Jimmy Andersson, Q Advice AB Principal AdvisorMicrosoft MVP - Directory Services-- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Wednesday, March 17, 2004 6:48 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Multiple Trees questions Thoughts inline From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 11:53 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Multiple Trees questions I've got a few questions about using multiple trees in a forest. Are there transitive Kerberos trusts across the trees in Win2k? Win2k3? [Mulnick, Al]You can set up trusts, butdo you need them to be transitive? What's the end requirement thatyou need if you go this route? What's the advantage/disadvantages of going with 3 seperate trees vs 1 single tree with an empty root and 3 child domains? [Mulnick, Al]The only reason to go withseparate forests is the way you manageyour environment and security. If you have to have three separate trees, it can be done, but it's much more complexand administratively a burden if you use multiple trees for everything from upgrades to administrivia. It does have the advantage of allowing you to implement schema changing apps with less risk however which should count for something. However, if you're a company that allows people to move betwen countries, the migration process could be a PITA. Assuming we implement Exchange 2k3 does having 3 seperate trees mean 3 seperate Exchange organizations?[Mulnick, Al]have you read the Planning an Exchange 2003 document on www.microsoft.com/exchange/library ? It talks about the pros and cons of a multi-org Exchange deployment and how Microsoft sees it working. It's worth your time to read it to help answer this and many more questions about the app. We have already implemented AD in our US offices but now our Europe office and Asia-Pacific offices are looking to join into our AD structures. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406
RE: [ActiveDir] Changing ACLs via VBscript
Have you seen these? http://msdn.microsoft.com/library/default.asp?url=""> http://www.microsoft.com/technet/community/scriptcenter/default.mspx Regards, /Jimmy ----- Jimmy Andersson, Q Advice AB Principal AdvisorMicrosoft MVP - Directory Services-- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Tuesday, March 16, 2004 2:59 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Changing ACLs via VBscript I need to change both file ACLs and Exchange permissions within vbscript (for Windows 2000 and 2003, and Exchange 2000 and 2003). I know how to do everything I want manually, but the GUI is too slow and error prone for the volume I've got going on... I've been unable to find a website that discusses doing this, or any online resources to really help. Does anyone have any suggestions, either online or books? Thanks.
RE: [ActiveDir] Where in the world is Micky Balladelli?
Yes, I'm positive he left Compaq. To the best of my knowledge AOD was his personal project and I don't think Compaq have done any work on it since he left. Regards, /Jimmy - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Friday, January 02, 2004 9:45 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Where in the world is Micky Balladelli? Hey there used to be a guy named Micki Balladelli that worked for COMPAQ; I believe he was based out of Southern France or something like that. He was involved in a lot of the earlier scaling testing and he had this cool little tool he was working on called Age of Directories. I went to contact him to see if he is still working with that tool and enhancing it but it appears his COMPAQ email address is dead and so I tried a like-minded HP address and that didn't work either. Does anyone know positively if he left COMPAQ/HP? Does anyone have a newer email address on him? Barring all of that does anyone know what happened to Age of Directories? If you know of his whereabouts but don't want to give me the info, please forward him my email address and my request if possible. Thanks, joe List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Little OT: AD, LDAP, Exchange
I've done it with SimpleSync from www.cps-systems.com and it works perfect. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal AdvisorMicrosoft MVP - Active Directory-- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pelle, JoeSent: Friday, November 07, 2003 5:37 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Little OT: AD, LDAP, Exchange Hopefully someone has done this Scenario: Company A owns Company B and Company C. Company A runs Active Directory and Exchange 5.5. Company B runs Active Directory and Exchange 2000. Company A and Company B do not share networks, do not have any type of trusts, etc. Company A and Company B want to share Exchange server directories by way of exporting and importing .CSV files. How does Company B export from 2000 in a way that Company A can import into 5.5? Is there a better method? Im looking for a way to do this as temporary until we have the time and efforts to bring our forests together. Please send me your thoughts, suggestions, and experiences! Joe Pelle Systems Analyst Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.3000 Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent.
RE: [ActiveDir] AD recovery after disaster
Title: Message Windows NT4.0 and Windows 2000 Disaster Recovery and Backup and RestoreProcedures:http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q287061How to Back Up and Restore the System State in Windows 2000:http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q240363Backup of the Active Directory Has 60-Day Useful Life:http://support.microsoft.com/default.aspx?scid=kb;en-us;Q216993Regards,/Jimmy- Jimmy Andersson, Q Advice AB CEO Principal AdvisorMicrosoft MVP - Active Directory-- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Orin RehorstSent: Monday, October 27, 2003 4:32 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] AD recovery after disaster Pls point me to info re how to backup AD for restore on a new server after a disaster. Regards, Orin Rehorst Port of Houston Authority
RE: [ActiveDir] account lockout troubleshooting
You can use wmic.exe to find most info about your services. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal AdvisorMicrosoft MVP - Active Directory-- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of JoeSent: Thursday, October 09, 2003 1:01 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] account lockout troubleshooting Check for any services that are possibly running in the context of the user (either services.msc or if you want command line check out svcutil at www.joeware.net with the viewx option) F:\Dev\cpp\SvcUtilsvcutil . viewx SvcUtil V02.03.00cpp Joe Richards ([EMAIL PROTECTED]) May 2003 -Service list for LocalHost-Alerter Alerter stopped MANUAL NT AUTHORITY\LocalServiceALG Application Layer Gateway Service stopped MANUAL NT AUTHORITY\LocalServiceAppMgmt Application Management stopped MANUAL LocalSystemATI Smart ATI Smart stopped AUTO LocalSystemAudioSrv Windows Audio running AUTO LocalSystemBITS Background Intelligent Transfer Service running MANUAL LocalSystemBrowser Computer Browser running AUTO LocalSystemcisvc Indexing Service stopped MANUAL LocalSystemClipSrv ClipBook stopped MANUAL LocalSystemCOMSysApp COM+ System Application stopped MANUAL LocalSystem SNIP Also check for any MTS/COM+ objects that are set up to authenticate as the user. Sorry don't have a command line tool I am aware of to do that. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Wednesday, October 08, 2003 4:37 PMTo: [EMAIL PROTECTED] Thanks everyoneI appreciate the excellent suggestions. Ill post whether or not Microsofts solution (DS Client) is successful in the next day or two. mc -Original Message-From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 3:58 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] account lockout troubleshooting I've seen this, as Mike said, with persistent drives mapped. Also with scheduled tasks using an old password. Hunter From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 1:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] account lockout troubleshooting Yep, one is the PDCE. That would explain the same event at the same time on 2 DCs. But here's the strange thing. The users log on successfully. They work with no problem for a while with apps running like Outlook (to Exchange 2000), IE, open Office files on a file server, etc. Suddenly they can't work anymore - again, just as if someone else was locking out the account. But the events are coming from the user's own PC only. mc -Original Message-From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 3:17 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] account lockout troubleshooting Is one of the DCs your PDC emulator? Normally, if a user attempts to authenticate to a DC with an incorrect password (error code 3221225578), that DC will redirect the authentication to the PDC emulator for an "authoratative" response. This covers the case where a user's password has changed but not fully replicated to all DCs. The PDC emulator would know about the change, so checking there would validate the login attempt or reject it if appropriate. Hunter From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 12:03 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] account lockout troubleshooting Hi folks, I have been trying to troubleshoot some lockout events. In every case, the event originates on the user's own workstation (not some other user). There are no associated file object failures on the primary file server. It seems like it is application-based, but I can't nail it down. I've been using Microsoft's AL tools, including EventCombMT, but I can't use the acctinfo.dll because the clients are Win9x. Today I noticed for the first time that on 2 DCs, the exact same 5 login failures occurred (one example follows): 681,AUDIT FAILURE,Security,Tue Oct 07 13:13:38 2003,NT AUTHORITY\SYSTEM,The logon to account: MYUSER by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: \\HIS_PC failed. The error code was: 3221225578 I was concerned that I didn't think it is normal that 2 DCs would log the same 5 logon failures at exactly the same times. What do you think? Thanks, Mark Creamer Systems Engineer Cintas Corporation http://www.cintas.com Honesty and Integrity in Everything We Do
RE: [ActiveDir] ADM files
www.thethin.net has a lot of template files. You'll find most of them there. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Monday, September 22, 2003 5:48 PM To: [EMAIL PROTECTED] Is there a place where you can download all of the ADM files, or at least view the contents of all of them. I have found that these files are all over the place. On W2K CDs, W2003 CDs, Office 2003, Office XP, SMS, etc... IT is becoming a pain. One central place to be able to say, oh, That is what I would like to my domain policy... Maybe I am asking too much. After all, we are dealing with Microsoft and their ability to hide important information. :) Thanks, Steve List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD 2003 DB
70GB for a 300 user AD will absolutely be enough. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Juan Ibarra Sent: Tuesday, September 16, 2003 6:03 PM To: [EMAIL PROTECTED] Hi, we are planning to migrate from NT to AD 2003 in the near future. We are trying to figure out the specs for new HW requirements. We are concerned with the amount of space that we will need in our DC to host the DB. I know that the more space the better, but will the DB be too big? At what rate will it grow. Will 70G will be plenty for an org with 300 users? Best regards, Juan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP query on ObjectSID attribute
Cool, haven't tried the earlier version for this task. Thanks Tony! BTW - hope you're doing well! Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, August 26, 2003 2:12 PM To: [EMAIL PROTECTED] Actually, it looks like the LDP version doesn't matter, both v3.0 and the earlier one will work. The point is that the LDAP connection must be to a Windows Server 2003 DC. The domain and forest functionality can still be Windows 2000. Tony -- Original Message -- From: Jimmy Andersson [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 25 Aug 2003 21:23:23 +0200 I know, and I posted it some time ago but it hasn't showed up on the list yet... I use LDP 3.0 in all my 'Inside AD' classes and it works perfect for all my students and clients. Note-to-self, include the LDP version in the future. :) Glad you got it working! Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, August 25, 2003 8:53 PM To: [EMAIL PROTECTED] Rick, You found the solution to my problem. LDP version 3.0 worked flawlessly. Jimmy's solution will not work with any other. Thanks Yves From: Rick Kingslan Sent: Mon 25/08/2003 1:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Jimmy, What version of OS and version of LDP are you doing this on? I can't get it to work either - and I'm using the Builtin Group SIDS. I would suspect that I should get a consistent return on those, but I'm getting a BAD_NAME error. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson Sent: Monday, August 25, 2003 9:51 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute I've tried it again and again With different SIDs on existing objects, and it works every time for me. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, August 25, 2003 4:02 PM To: [EMAIL PROTECTED] Can anyone test the following instructions from Jimmy and let me know if it worked for you? I can't seem to get it to work. I am not searching on a deleted SID. I am searching on an existing sid that I cut and paste from an existing user. Thanks Y From: Jimmy Andersson Sent: Fri 22/08/2003 5:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Set it like this: Base DN SID=S-1-5-21-709049380-3306950797-3746505139 Filter ((ObjectCategory=*)(name=*)) Don't forget the '' and '' on the SID, you might also need to put in the '-' symbol within the SID itself. Also you might need to check in the control 'Return deleted objects' if the object exist in the Deleted Object container. You'll find the controls in Search - Options - Controls. You also might need to Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 9:58 PM To: [EMAIL PROTECTED] Tony, I clicked on Browse and then Search in LDP. The little window comes up. (I actually used bind first). In the base DN field I typed in SID=S15A913838F5E5A9AABF22742D54F69 In the Filter field I type in ((ObjectCategory=*)) My scope is set to Subtree. I clicked on Run. The ObjectSID was a cut and paste from my attribute. I does not return anything. What am I doing wrong here? I tried SID=, objectSID=, GUID=,objectGIUD=. Any help would be appreciated. Thanks Y From: Tony Murray Sent: Fri 22/08/2003 10:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute It's not really using an attribute as your Base DN. The starting point for a search can be SID, GUID or DN. It works as Jimmy describes below. Tony -- Original Message -- From: AD [EMAIL
RE: [ActiveDir] LDAP query on ObjectSID attribute
I use LDP version 3.0. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, August 25, 2003 6:53 PM To: '[EMAIL PROTECTED]' AFIK, the SID syntax is not part of the LDAP interface... So it is likely that it is supported by code inside LDP. What versions of LDP are you all using? That might be why it works for some people and not others. -g Gil Kirkpatrick CTO, NetPro -Original Message- From: Jimmy Andersson [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 7:51 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute I've tried it again and again With different SIDs on existing objects, and it works every time for me. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, August 25, 2003 4:02 PM To: [EMAIL PROTECTED] Can anyone test the following instructions from Jimmy and let me know if it worked for you? I can't seem to get it to work. I am not searching on a deleted SID. I am searching on an existing sid that I cut and paste from an existing user. Thanks Y From: Jimmy Andersson Sent: Fri 22/08/2003 5:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Set it like this: Base DN SID=S-1-5-21-709049380-3306950797-3746505139 Filter ((ObjectCategory=*)(name=*)) Don't forget the '' and '' on the SID, you might also need to put in the '-' symbol within the SID itself. Also you might need to check in the control 'Return deleted objects' if the object exist in the Deleted Object container. You'll find the controls in Search - Options - Controls. You also might need to Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 9:58 PM To: [EMAIL PROTECTED] Tony, I clicked on Browse and then Search in LDP. The little window comes up. (I actually used bind first). In the base DN field I typed in SID=S15A913838F5E5A9AABF22742D54F69 In the Filter field I type in ((ObjectCategory=*)) My scope is set to Subtree. I clicked on Run. The ObjectSID was a cut and paste from my attribute. I does not return anything. What am I doing wrong here? I tried SID=, objectSID=, GUID=,objectGIUD=. Any help would be appreciated. Thanks Y From: Tony Murray Sent: Fri 22/08/2003 10:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute It's not really using an attribute as your Base DN. The starting point for a search can be SID, GUID or DN. It works as Jimmy describes below. Tony -- Original Message -- From: AD [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 22 Aug 2003 09:26:36 -0400 I never heard of using an attribute as your BaseDN. If this worked for you I really would like to know how you did it. Thanks Y From: Jimmy Andersson Sent: Thu 21/08/2003 7:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Why not use LDP and set it like this: Base DN SID=S-1-5-21-709049380-3306950797-3746505139 Filter ((ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 12:35 AM To: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID? My query looks like this: ((ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124 32412344)) Doesn't return anything. I know the sid must converted but I am not sure what format it should be in. Thanks Y List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir
RE: [ActiveDir] LDAP query on ObjectSID attribute
I know, and I posted it some time ago but it hasn't showed up on the list yet... I use LDP 3.0 in all my 'Inside AD' classes and it works perfect for all my students and clients. Note-to-self, include the LDP version in the future. :) Glad you got it working! Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, August 25, 2003 8:53 PM To: [EMAIL PROTECTED] Rick, You found the solution to my problem. LDP version 3.0 worked flawlessly. Jimmy's solution will not work with any other. Thanks Yves From: Rick Kingslan Sent: Mon 25/08/2003 1:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Jimmy, What version of OS and version of LDP are you doing this on? I can't get it to work either - and I'm using the Builtin Group SIDS. I would suspect that I should get a consistent return on those, but I'm getting a BAD_NAME error. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson Sent: Monday, August 25, 2003 9:51 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute I've tried it again and again With different SIDs on existing objects, and it works every time for me. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, August 25, 2003 4:02 PM To: [EMAIL PROTECTED] Can anyone test the following instructions from Jimmy and let me know if it worked for you? I can't seem to get it to work. I am not searching on a deleted SID. I am searching on an existing sid that I cut and paste from an existing user. Thanks Y From: Jimmy Andersson Sent: Fri 22/08/2003 5:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Set it like this: Base DN SID=S-1-5-21-709049380-3306950797-3746505139 Filter ((ObjectCategory=*)(name=*)) Don't forget the '' and '' on the SID, you might also need to put in the '-' symbol within the SID itself. Also you might need to check in the control 'Return deleted objects' if the object exist in the Deleted Object container. You'll find the controls in Search - Options - Controls. You also might need to Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 9:58 PM To: [EMAIL PROTECTED] Tony, I clicked on Browse and then Search in LDP. The little window comes up. (I actually used bind first). In the base DN field I typed in SID=S15A913838F5E5A9AABF22742D54F69 In the Filter field I type in ((ObjectCategory=*)) My scope is set to Subtree. I clicked on Run. The ObjectSID was a cut and paste from my attribute. I does not return anything. What am I doing wrong here? I tried SID=, objectSID=, GUID=,objectGIUD=. Any help would be appreciated. Thanks Y From: Tony Murray Sent: Fri 22/08/2003 10:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute It's not really using an attribute as your Base DN. The starting point for a search can be SID, GUID or DN. It works as Jimmy describes below. Tony -- Original Message -- From: AD [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 22 Aug 2003 09:26:36 -0400 I never heard of using an attribute as your BaseDN. If this worked for you I really would like to know how you did it. Thanks Y From: Jimmy Andersson Sent: Thu 21/08/2003 7:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Why not use LDP and set it like this: Base DN SID=S-1-5-21-709049380-3306950797-3746505139 Filter ((ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent
RE: [ActiveDir] LDAP query on ObjectSID attribute
Set it like this: Base DN SID=S-1-5-21-709049380-3306950797-3746505139 Filter ((ObjectCategory=*)(name=*)) Don't forget the '' and '' on the SID, you might also need to put in the '-' symbol within the SID itself. Also you might need to check in the control 'Return deleted objects' if the object exist in the Deleted Object container. You'll find the controls in Search - Options - Controls. You also might need to Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 9:58 PM To: [EMAIL PROTECTED] Tony, I clicked on Browse and then Search in LDP. The little window comes up. (I actually used bind first). In the base DN field I typed in SID=S15A913838F5E5A9AABF22742D54F69 In the Filter field I type in ((ObjectCategory=*)) My scope is set to Subtree. I clicked on Run. The ObjectSID was a cut and paste from my attribute. I does not return anything. What am I doing wrong here? I tried SID=, objectSID=, GUID=,objectGIUD=. Any help would be appreciated. Thanks Y From: Tony Murray Sent: Fri 22/08/2003 10:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute It's not really using an attribute as your Base DN. The starting point for a search can be SID, GUID or DN. It works as Jimmy describes below. Tony -- Original Message -- From: AD [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 22 Aug 2003 09:26:36 -0400 I never heard of using an attribute as your BaseDN. If this worked for you I really would like to know how you did it. Thanks Y From: Jimmy Andersson Sent: Thu 21/08/2003 7:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Why not use LDP and set it like this: Base DN SID=S-1-5-21-709049380-3306950797-3746505139 Filter ((ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 12:35 AM To: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID? My query looks like this: ((ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124 32412344)) Doesn't return anything. I know the sid must converted but I am not sure what format it should be in. Thanks Y List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP query on ObjectSID attribute
Why not use LDP and set it like this: Base DN SID=S-1-5-21-709049380-3306950797-3746505139 Filter ((ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 12:35 AM To: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID? My query looks like this: ((ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124 32412344)) Doesn't return anything. I know the sid must converted but I am not sure what format it should be in. Thanks Y List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Groups and OU's
I you have one person that will administer the groups, create one OU for the groups and delegate it to that user sounds like a good idea. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Friday, August 08, 2003 11:34 PM To: [EMAIL PROTECTED] I will have a single forest, single domain . Less than 1,000 users. I want it simple. If I don't create an OU for the groups will I have to include groups into another ou? I will have one person administer groups. -Original Message- From: Jimmy Andersson [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 4:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Groups and OU's Yes, you could have an OU for groups if you want. But the pros and cons all depend on the way you want to administrate your AD. Can you give a bit more info on your environment? Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Friday, August 08, 2003 10:20 PM To: [EMAIL PROTECTED] Is it advisible to have an OU for Groups? What are the pros and cons? I want a very simple and basic OU structure. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Groups and OU's
Yes, you could have an OU for groups if you want. But the pros and cons all depend on the way you want to administrate your AD. Can you give a bit more info on your environment? Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Friday, August 08, 2003 10:20 PM To: [EMAIL PROTECTED] Is it advisible to have an OU for Groups? What are the pros and cons? I want a very simple and basic OU structure. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] fismos
Q223346 - FSMO Placement and Optimization on Windows 2000 Domains: http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q223346 Q223787 - Flexible Single Master Operation Transfer and Seizure Process: http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q223787 Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 19, 2003 7:31 PM To: [EMAIL PROTECTED] I have 3 dc's I would like to break the fismos off on to. Is there some servers that should be faster then others or does it not matter what I put where? Also what is the best tool to use to do this with? Thanks again for the help Ryan McDonald Systems Administrator List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Changing Directory Name
If you're in Native mode - then you can't change the domain name unless you upgrade to Windows Server 2003. If you have Exhange on the network rendom.exe won't work. And you should know that renaming a domain is not a task you should take light upon, even if there is a tool in Windows Server 2003. http://www.microsoft.com/windows2000/downloads/tools/domainrename/ If you're in mixed mode, see this article: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q292541 You can define new UPN suffixes in AD Domains and Trusts snap-in, but you'll need to change your current users to use it. This way users will believe that you've renamed your AD and in most cases that's sufficient. Run dcpromo.exe to demote a domain controller. Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Sumilang Sent: Wednesday, June 18, 2003 10:25 AM To: [EMAIL PROTECTED] My current Active Directory name for my network is for example testing123.net and I have about 30 users on it. Is it possible to change the name on the network to something like foo.testing123.net while maintaining all my permissions and user accounts? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD/AM Beta available
I use it and it's cool! BTW - Hope you're doing well Tony! Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Thursday, April 03, 2003 1:25 PM To: [EMAIL PROTECTED] For those that are interested, the beta release of Active Directory Application Mode is now available. To get to the point at which you can download, you need to register for the Beta by completing a survey. After a day or two you will get an email with instructions for download. I'm currently downloading so haven't had a chance to look at it yet. http://www.microsoft.com/windowsserver2003/adam/default.mspx Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Synchronization with Unix and Oracle
Title: Message CPS-Systems have really improved the ODBC interface in SimpleSync and can both Provision new User Accounts as well as maintain pre-existing accounts, from any Oracle feed, either LDAP or CSV. I know of a client that is installing this solution this weekend - with the result being a fully automatic update from PeopleSoft/Oracle = AD. Regards, /Jimmy --Jimmy Andersson, Q Advice ABMicrosoft MVP - Active Directory www.qadvice.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amit ZinmanSent: Thursday, March 27, 2003 4:02 PMTo: [EMAIL PROTECTED] Biztalk is cool, but more for data Exchange. We are more interested in synchronizing passwords or providing some sort of smart logon or unified administration or even single-sign on (one can just dream). Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:14 PMTo: '[EMAIL PROTECTED]' Services for Unix would help with the Unix side - if you're trying to integrate AD and NIS for instance. Oracle and AD would probably have to be custom done - depending on what you're trying to do. The MS Biztalk server site has a link to a third party Biztalk module that will interface with AD, and then just interface your Oracle stuff to Biztalk. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message-From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 AMTo: ActiveDir Mailing ListSubject: [ActiveDir] Synchronization with Unix and Oracle Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753
RE: [ActiveDir] Port Numbers
RDP uses port 3389. Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Monday, March 24, 2003 4:35 PM To: '[EMAIL PROTECTED]' Plus I don't see Terminal Services on that list -Original Message- From: Salandra, Justin A. Sent: Monday, March 24, 2003 10:30 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] Port Numbers Some one told me that for a Win 2K Server to be a VPN I need port TCP 1723 open with protocol GRE, is this true? -Original Message- From: Jochen Andries [mailto:[EMAIL PROTECTED] Sent: Monday, March 24, 2003 10:25 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Port Numbers A usefull link : http://www.keir.net/portlist.html Jochen -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: maandag 24 maart 2003 16:07 To: ActiveDir (E-mail) Subject: [ActiveDir] Port Numbers What port numbers do Windows 2000 Terminal Server and Windows 2000 VPN services use? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 primary office 914.681.8117 secondary office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Program that gives folder rights
Take a look at DumpSec from www.somarsoft.com, it might be what you're looking for. Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Fountain Sent: Friday, March 21, 2003 8:45 PM To: [EMAIL PROTECTED] Does anyone know of a tool that will display security (file) rights for multiple folders? Thank you Jenn Fountain List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2.0
HOWTO: Use Visual Basic Script to Clear SidHistory: http://support.microsoft.com/default.aspx?scid=kb;en-us;295758 Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tony Murray Sent: Friday, January 31, 2003 1:38 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2.0 No, I don't think it does this (it certainly didn't in the first version). Several of the 3rd party migration tool vendors offer this feature. It should also be fairly easy to write something of your own to clear the attribute value. I dare say Richard Puckett probably has something lying around which does this! :-) Tony -- Original Message -- From: Abbiss, Mark [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 31 Jan 2003 10:52:17 +0100 Is ADMT v2.0 also able to clean up the SID history once everything has been successfully migrated from the old NT world ? Thanks, Mark Abbiss -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Freitag, 31. Januar 2003 10:51 To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2.0 Yes, it really is possible, as long as your target domain is in native mode. Tony -- Original Message -- From: Mulder, Joeri (NL - Amsterdam) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 31 Jan 2003 10:27:10 +0100 Hello, Can somebody confirm that it is really possible to migrate accounts + passwords from a W2K forest to another W2K forest with the ADMT v2.0 tool? Regards, Joeri This e-mail message and its attachments are subject to the disclaimer published at the following website of Deloitte Touche : http://www.deloitte.nl/disclaimer List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2.0
Oh, sorry! It's included with the Windows Server 2003 CD (RC1 and RC2). Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Salandra, Justin A. Sent: Friday, January 31, 2003 3:38 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2.0 Jimmy I downloaded that files however the file version number is the same as my ADMT v1 -Original Message- From: Jimmy Andersson [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 9:25 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2.0 http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/admt. asp Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Salandra, Justin A. Sent: Friday, January 31, 2003 3:19 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2.0 Where can I get a copy of the most recent version of ADMT 2.0? -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 4:51 AM To: [EMAIL PROTECTED] Subject:Re: [ActiveDir] ADMT v2.0 Yes, it really is possible, as long as your target domain is in native mode. Tony -- Original Message -- From: Mulder, Joeri (NL - Amsterdam) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 31 Jan 2003 10:27:10 +0100 Hello, Can somebody confirm that it is really possible to migrate accounts + passwords from a W2K forest to another W2K forest with the ADMT v2.0 tool? Regards, Joeri This e-mail message and its attachments are subject to the disclaimer published at the following website of Deloitte Touche : http://www.deloitte.nl/disclaimer List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2.0
Yes. Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Salandra, Justin A. Sent: Friday, January 31, 2003 3:35 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2.0 Can I use this tool to migrate users from a parent domain to a child domain within the same forest? -Original Message- From: Jimmy Andersson [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 9:25 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2.0 http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/admt. asp Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Salandra, Justin A. Sent: Friday, January 31, 2003 3:19 PM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2.0 Where can I get a copy of the most recent version of ADMT 2.0? -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 4:51 AM To: [EMAIL PROTECTED] Subject:Re: [ActiveDir] ADMT v2.0 Yes, it really is possible, as long as your target domain is in native mode. Tony -- Original Message -- From: Mulder, Joeri (NL - Amsterdam) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 31 Jan 2003 10:27:10 +0100 Hello, Can somebody confirm that it is really possible to migrate accounts + passwords from a W2K forest to another W2K forest with the ADMT v2.0 tool? Regards, Joeri This e-mail message and its attachments are subject to the disclaimer published at the following website of Deloitte Touche : http://www.deloitte.nl/disclaimer List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Question
See the License Availability Roadmap at: http://www.microsoft.com/windows/lifecycle.mspx Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Salandra, Justin A. Sent: Friday, January 31, 2003 7:25 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Question Importance: High I have a tech working here today and he mentioned to me that he heard that MS will no longer be selling Windows 2000 Professional as of April 2003. Has anyone else heard this? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD 2 AD Migration
It's a great tool. http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/admt.asp http://www.microsoft.com/windows2000/downloads/tools/admt/default.asp Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mulder, Joeri (NL - Amsterdam) Sent: Thursday, January 16, 2003 4:05 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD 2 AD Migration Hello, Does anyone have experience migrating users and groups from one forest to another? Is ADMT v2.0 the best tool to do this? Greets, --Joeri--i .i jívҕ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Justications to Migrate to Active Directory
I agree with Martin Tuip. Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip Sent: Wednesday, January 15, 2003 9:18 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Justications to Migrate to Active Directory I agree on that with you. Windows 2000 has been as stable as a rock. So besides that and the retiring of the support it should be an easy one. Martin Tuip MVP Exchange -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad Sent: Wednesday, January 15, 2003 8:21 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Justications to Migrate to Active Directory To date, I haven't found an instance where NT4 was more stable than Win2k. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Jeremy Young [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 12:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Justications to Migrate to Active Directory I don't know if this will be of any importance, but I have seen several instances where windows 2000 is much more stable than NT4. Case in point, I was working for a defense contractor and we had 5 mail servers(exch. 5.5) and they notoriously went down. If we didn't reboot the servers once a week, they would go down. We took one of the lower tasked servers(500 users) and put it on windows 2000 and didn't have to reboot it for a month and it was still running like a champ. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad Sent: Wednesday, January 15, 2003 11:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Justications to Migrate to Active Directory Add to that the fact that Exchange 5.5 is end of support at the same time, and its pretty much a no brainer. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Van Donk, Fred [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 11:46 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Justications to Migrate to Active Directory Cliff, I think that the link below says it all: http://microsoft.com/ntserver/ProductInfo/Availability/Retiring.asp No more support for NT4 after the end of this year. -Original Message- From: Clifford Airhart [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 11:37 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Justications to Migrate to Active Directory I am currently compiling information and trying to find good justifications to migrate our Windows NT base network to Active Directory. We are a medium size company. We don't have any direct requirements to implement AD, like we must upgrade to Exchange2000(which requires AD). I can see a few benefits, but my management wants to see quantified justifications. For example, by migrating to AD you can save 1 hour in setting up a new user with RIS. Does anyone know I good website that would show time saved or something more concrete and specific than Microsoft's marketing jargon? Has anyone gone through a similar experience with their company? I would appreciate your insights and advice!!! Thanks!!! Cliff Airhart Answer Financial Inc. Senior Systems Administrator - Server Support / eBusiness [EMAIL PROTECTED] 818.644.4225 We answer to you. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org
RE: [ActiveDir] AD restore to dissimilar hardware
Disaster Recovery of Active Directory on Dissimilar Hardware: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263532; Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of osman filiz Sent: Tuesday, January 07, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD restore to dissimilar hardware Hi, I have one domain controller that has hardware problem about RAID Card; now i cannot fix it and i want to restore active directory to another pc with IDE controller.But i can't...After restoring active directory it gives the blue screen message while startup : 0x007B INACCESSIBLE BOOT DEVICE. Ýs it possible to restore AD to dissimilar hard disk controller platform? Any comment? _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] rename Domain Controller
That's the way to go! See this article for more info: How to Rename a Windows 2000 Domain Controller: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q296592 Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Pelle, Joe Sent: Thursday, January 02, 2003 3:59 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] rename Domain Controller Hello! Anyone know how to rename a Domain Controller? I think I can just run DCPROMO, make it a member server, rename it, then re-run DCPROMO and make it a DC again? Is this right, wrong, completely stupid?. Also, any recommendations on (assuming the previous was correct) if I should do this or just rebuild the server? Finally, I would like to know how any of you out there did your migration testing for production applications that could NOT be reproduced in a lab environment? Lemme Know! Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Script to find last logged on date
Title: Message Usrstat.exe from the Resource Kit displays the user name, full name, and last logon date and time for each user in the domain.Regards,/Jimmy --Jimmy Andersson, Q Advice ABMicrosoft MVP - Active Directory www.qadvice.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Byrne, SteveSent: Tuesday, December 17, 2002 3:59 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Script to find last logged on date Hi, I'm looking for a way to find user accounts that have not been used for more than 6 months. Does anyone know where I can find a script to do this?Thanks, SB
RE: [ActiveDir] Back to Basics - Design Pros and Cons
Title: Message Have you seen the Microsoft University Relations website? It's a site dedicated to issues for the University IT Pro. http://msruniv.corp.bcentral.com/ I've seen many Universities with multiple forest,Many peoplethinkthat a domain is a Security boundary, but if you need more than an Administrative boundary, multiple forests is the way to go. Regards, /Jimmy --Jimmy Andersson, Q Advice ABMicrosoft MVP - Active Directory www.qadvice.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Wohlgehagen, Max WSent: Wednesday, December 11, 2002 2:20 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Back to Basics - Design Pros and Cons There is so much material out there on AD now it is almost scary [in many ways it is not too dissimilar to NDS 'cepting the DNS component] My problem is design for a new network, being in a school we have the luxury of starting from scratch without business fallout problems. We are multi-campus and have a fairly substantial network with an 11MB "Spread Spectrum" Microwave link between campuses. I am a big fan of the KISS principle but am stuck in deciding between multiple trees or a single tree with many sites, both concepts have advantages. We do not need to implement a Forrest structure as our DNS is set in concrete. We have the following elements: Campus1, Campus2, Students1, Students2, Staff1, Staff2 ... or OrganisationAll, StaffAll, StudentsAll. Obviously there are sub components of these elements as well. The main concern is to have the most useful GPO structure without too much complexity. Does anyone have any experience in setting up this type of AD. Any ideas on multiple domains versus single domain many sites?? Help, opinions, comments, ideas all welcome. Thanks. Max Wohlgehagen TSI - Rowville "Of all the things I've lost, it's my mind I miss the most." Wohlgehagen, Max (E-mail).vcf *** Important - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education Training.
RE: [ActiveDir] VB Script Help
Title: Message Step-by-Step Guide to Bulk Import and Export to Active Directory:http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/bulksteps.asp More scripting links:http://www.15seconds.com/focus/ADSI.htmhttp://www.trainingtools.com/http://www.microsoft.com/DirectX/dxm/default.htmhttp://msdn.microsoft.com/scripting/http://www.robvanderwoude.com/index.htmlhttp://www.dx21.com/SCRIPTING/RUNDLL32/INDEX.ASP?NTI=4SI=6http://support.microsoft.com/support/kb/articles/q191/2/39.asp?id=191239SD=MSKBhttp://www.kouti.com/scripts.htmhttp://www.microsoft.com/technet/treeview/default.asp?url="">http://msdn.microsoft.com/scripting/vbScript/doc/vbstoc.htmhttp://cwashington.netreach.nethttp://www.winguides.com/scripting/http://www.adminscripts.net/pages/main.hethttp://members.aol.com/rick3in1/computer/batch.htmhttp://www.microsoft.com/technet/treeview/default.asp?url="">Regards,/Jimmy--Jimmy Andersson, Q Advice ABMicrosoft MVP - Active Directory www.qadvice.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mayet, Yusuf YSent: Wednesday, November 27, 2002 12:24 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] VB Script Help Hi all, I receiveda request mentioned belowfrom ourUser Administration Department. Considering what I know about scripts is scary. Can you guys help?? Write a VBScript application, together with the relevant supporting documentation, that creates user accounts in the Active Directory based on input provided in a flat file. The flat file should contain the following information at a minimum: o First Name o Last Name o OU where the user account should be created __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___
RE: [ActiveDir] How to get changes from active directory?
You could use EventComb to search multiple DCs for specific events. It's part of the tools that came with SOG. Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory Whistler Tech Beta Program Member Windows Pre-release Community Member -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tony Murray Sent: den 25 november 2002 15:07 To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] How to get changes from active directory? Hi Naval AD doesn't (currently) store change information in the directory. Some information can be made available through auditing of AD object access. The audit information will be written to the event log. The limitation of this approach is that this information will only be available on the DC where the change was made. A separate consolidation process would then be required if centralised information were a requirement. Stuart (if he's listening) may have some information on Microsoft's future plans in this area. Tony -- Original Message -- From: Naval [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 25 Nov 2002 16:48:21 +0530 Hi, How can i get the changes from Active Directory server? For e.g netscape provides changes below cn=changelog node. Where does AD publish the changes. Thanks, Naval List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] System State
HOW TO: Use the Backup Program to Back Up and Restore the System State in Windows 2000: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q240363ID=KB;EN -US;Q240363 Backup of the Active Directory Has 60-Day Useful Life: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q216993 Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory Whistler Tech Beta Program Member Windows Pre-release Community Member -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Carlos Magalhaes Sent: Wednesday, November 20, 2002 8:48 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] System State Tombstone meaning that you can set to allow restoring a system state that was backed up more than 60 days ago? If can I set it to 90 days ? Regards, Carlos Magalhaes -Original Message- From: Jimmy Andersson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 3:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] System State Do you mean because of the default Tombstone lifetime? If so, you can re-configure it. Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory Whistler Tech Beta Program Member Windows Pre-release Community Member -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 20, 2002 2:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] System State On Domain Controllers as I understand it. -Original Message- From: Carlos Magalhaes [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 4:10 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] System State Is it true that you cant restore from a system state back up that is older than 60 days. Regards, Carlos Magalhaes - This email and any files transmitted are confidential and intended solely for the use of the individual or entity to which they are addressed, whose privacy should be respected. Any views or opinions are solely those of the author and do not necessarily represent those of the Trencor Group, or any of its representatives, unless specifically stated. Email transmission cannot be guaranteed to be secure, error free or without virus contamination. The sender therefore accepts no liability for any errors or omissions in the contents of this message, nor for any virus infection that might result from opening this message. Trencor is not responsible in the event of any third party interception of this email. If you have received this email in error please notify [EMAIL PROTECTED] For more information about Trencor, visit www.trencor.net http://www.trencor.net List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Monitoring with HP OpenView
[Regarding the monitoring comparison] I got a response from HP that I should send this URL to you guys. http://www.openview.hp.com/products/smartplugins/spis/Documents/Product_ HTML-516.asp Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directoryv Whistler Tech Beta Program Member Windows Pre-release Community Member List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Monitoring AD
I'll send it to you :) Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory Whistler Tech Beta Program Member Windows Pre-release Community Member -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Graham Turner Sent: den 10 november 2002 16:30 To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Monitoring AD Jimmy, don't know if this was an open invite - but I would certaintly be a glad recipient of said comparison. Graham Turner - Original Message - From: Jimmy Andersson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, November 09, 2002 3:47 PM Subject: RE: [ActiveDir] Monitoring AD I did a functionality comparison between BMC Patrol, Multicenter and HP OpenView OVO7 for a customer a couple of months ago, let me know (by private e-mail) if you want it. Also, see www.netiq.com Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory Whistler Tech Beta Program Member Windows Pre-release Community Member -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Mike Baudino Sent: den 9 november 2002 15:52 To: [EMAIL PROTECTED] Subject: [ActiveDir] Monitoring AD All, I've been asked recently to come up with monitoring requirements for an upcoming AD deployment to roughly 120 offices, all of which will be individual sites. I don't have experience (yet) with AD this size. Vendor whitepapers are little more than thinly disguised salespitches. Those companies that offer monitoring products for AD state that it's essential and, oh, by the way, we happen to have just the product for you. I'm not really able to get a clear picture of how critical it is to actively monitor AD and how granular you need to be. One company I spoke with said that it's sufficient to monitor DNS and DHCP and they will tell you if anything's up. I don't buy that, other than I believe that availability of DNS and verifying that dynamic update is working and that the DC's are registering, etc. Another company states that you need very granular monitoring complete with custom scripts, automated tasks, and alerts. Microsoft says that all we need is MOM. Well, MOM's out as our mandate is to have a monitoring product that is cross platform (we also have various flavors of UNIX and some big iron). Our current product is from the first company I mentioned in the previous paragraph. I believe the truth is somewhere between the two companies. I'm looking for suggestions based on practical experience though. Anyone want to share? Thanks, MIke *** PLEASE NOTE *** This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Monitoring AD
I did a functionality comparison between BMC Patrol, Multicenter and HP OpenView OVO7 for a customer a couple of months ago, let me know (by private e-mail) if you want it. Also, see www.netiq.com Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory Whistler Tech Beta Program Member Windows Pre-release Community Member -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Mike Baudino Sent: den 9 november 2002 15:52 To: [EMAIL PROTECTED] Subject: [ActiveDir] Monitoring AD All, I've been asked recently to come up with monitoring requirements for an upcoming AD deployment to roughly 120 offices, all of which will be individual sites. I don't have experience (yet) with AD this size. Vendor whitepapers are little more than thinly disguised salespitches. Those companies that offer monitoring products for AD state that it's essential and, oh, by the way, we happen to have just the product for you. I'm not really able to get a clear picture of how critical it is to actively monitor AD and how granular you need to be. One company I spoke with said that it's sufficient to monitor DNS and DHCP and they will tell you if anything's up. I don't buy that, other than I believe that availability of DNS and verifying that dynamic update is working and that the DC's are registering, etc. Another company states that you need very granular monitoring complete with custom scripts, automated tasks, and alerts. Microsoft says that all we need is MOM. Well, MOM's out as our mandate is to have a monitoring product that is cross platform (we also have various flavors of UNIX and some big iron). Our current product is from the first company I mentioned in the previous paragraph. I believe the truth is somewhere between the two companies. I'm looking for suggestions based on practical experience though. Anyone want to share? Thanks, MIke *** PLEASE NOTE *** This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Pruning printers from AD
Title: Message Printer Pruner May Not Remove Printer Queue Objects from Active Directory: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q246174 If you'd like to see the printer objects: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q235925 Regards, /Jimmy --Jimmy Andersson, Q Advice ABMicrosoft MVP - Active DirectoryWhistler Tech Beta Program MemberWindows Pre-release Community Member -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lev ZdenìkSent: den 8 november 2002 16:51To: [EMAIL PROTECTED]Subject: [ActiveDir] Pruning printers from AD Hello evr, I had to reinstall my print server (W2K) which was a member server of my AD domain. After that I installed all my printers to the reinstalled print server. Now when I am searching printers in AD there are old and new one. How Can I prune those old printers from AD THX ZL
RE: [ActiveDir] Pruning printers from AD
If you'd like to see the printer objects: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q235925 Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory Whistler Tech Beta Program Member Windows Pre-release Community Member -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Lev Zdenìk Sent: den 8 november 2002 17:06 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Pruning printers from AD I have tried to find printers object by ADSI edit but without success. Where it is located ? Thx Z. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Friday, November 08, 2002 4:57 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Pruning printers from AD Well, you can do it manually, but removing the old printQueue objects using ADSIEdit or LDP. How long have you waited? The pruning service is governed by Group Policy settings. The default setting is that the service will try to check the printer availability (on the print server) three times at 8 hour intervals, after which it removes the printer objects from AD. Check your GPO settings and also check the Spoolsv.exe process is running on at least one DC in your domain. Tony -- Original Message -- From: =?iso-8859-2?Q?Lev_Zden=ECk?= [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 8 Nov 2002 16:50:53 +0100 Hello evr, I had to reinstall my print server (W2K) which was a member server of my AD domain. After that I installed all my printers to the reinstalled print server. Now when I am searching printers in AD there are old and new one. How Can I prune those old printers from AD THX ZL List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Receiving Posts out of order
Title: Message I see the same weird thing Regards, /Jimmy --Jimmy Andersson, Q Advice ABMicrosoft MVP - Active DirectoryWhistler Tech Beta Program MemberWindows Pre-release Community Member -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sullivan, KevinSent: den 8 november 2002 19:20To: [EMAIL PROTECTED]Subject: [ActiveDir] OT: Receiving Posts out of order Sorry for the way off topic but I seem to receive some responses before I get the original posts. Hours apart. Also sometimes when I post I dont see the post for a few hours. Is anyone else experiencing this and any suggestions? Thanks Sent at 1:20 PM 11/8/02
RE: [ActiveDir] IIS Question on DC
Title: Message No. Regards, /Jimmy --Jimmy Andersson, Q Advice ABMicrosoft MVP - Active DirectoryWhistler Tech Beta Program MemberWindows Pre-release Community Member -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Don Murawski (Lenox)Sent: den 7 november 2002 17:43To: [EMAIL PROTECTED]Subject: [ActiveDir] IIS Question on DC Is there a reason why IIS should be on a DC? Don L Murawski Sr. Network Administrator - MCSE 4.0, 2000 WorldTravel BTI 1055 Lenox Park Blvd Suite 420 Atlanta, GA 30319 Phone: (404) 923-9468 Fax: (404) 949-6710 Cell: (678) 549-1264