Apologies. I thought it had gone well and truly public back when it went
out to MSDN, etc.
--Paul
- Original Message -
From: Almeida Pinto, Jorge de [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Thursday, August 17, 2006 9:10 PM
Subject: RE: [ActiveDir] [OT] Longhorn
My client would sack (fire) me on the spot if I patched
servers without having clearly shown due diligence
beforehand.
If a DC hosting say the RID master role died during a patch
which resulted in issues (where admins were unable to create user objects), the
business would ask 'why were
Definitely good to help with testing. However, obviously,
you can still run into issues that are specific to your hardware
platform/configuration (drivers comes to mind) plus what if you hit an issue
that is a virtualization issue only? Could be a lot of work for something you
never see in
Exactly. :)
I just don't understand the reluctance to move the roles.
You would think we were advocating swapping a single RAID drive from the two
machines involved.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
This is pretty standard, MSDN/TechnetP will get a proper beta build, then
the actual beta program will continue to get intermediate builds as well as
more documentation and feature focus type web casts to give feedback. Also
beta folks get the newsgroup access.
--
O'Reilly Active Directory
Yeah this is a fun one.
It isn't if there is just a space, it is if there is a
leading space. A leading space mustbe escaped otherwise (and any other
leading space)will be trimmed.
There are also various oddities around trailing spaces
depending on the attribute type where there are times
Not having followed the tread all the way from the beginning I just
thought I'd add my 2 cents, although it's probably worth less than that
due to the SA Rand to Dollar exchange rate :) :). I was always under the
impression that a role seize should only be done if the server that
originally held
I'm pretty sure that's part of the RFC spec. A space at the beginning or
end of a query value will be ignored. Your space in this example would be
both. Did you try escaping it to see if that works?
Joe Kaplan
- Original Message -
From: Jef Kazimer
To: ActiveDir@mail.activedir.org
That's a much more thorough explanation than mine. :) I was too lazy to
even dust off the RFC URL.
Joe K.
- Original Message -
From: joe
To: ActiveDir@mail.activedir.org
Sent: Friday, August 18, 2006 7:40 AM
Subject: RE: [ActiveDir] Single Space in LDAP query dropped: Why?
Yeah
Title: Message
"I am drinking my secondLabatt's not
having to make any difficult decisions"
now thats funny!
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joeSent: 17 Aug 2006 20:26To:
ActiveDir@mail.activedir.orgSubject: RE:
Joe,
Yup, escaping the character worked like a charm.
Joe mentioned that the query appears to be trimmed, so that seems to be what
is happening.
Thanks,
Jef
- Original Message -
From: Joe Kaplan [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Friday, August 18, 2006 8:33
Hello list,
(Skip the first Paragraph if your in a rush :p It is a
self introduction.)
This is my first post so I would like to introduce myself
and say hello to everyone and thanks for the bucket loads of good info floating
around. I am relatively new to the industry and this is my
Hello Jorge,Thanks for clarification. I will check next week if i have no issues with usn rollback :( . Yann"Almeida Pinto, Jorge de" [EMAIL PROTECTED] a écrit: when a DC is restored from the system state (amongst others): * the restored RID pool is thrown away (invalidated) and a
Hello Steven,
why not choosing another god's name ? :)
After all, this is just a name !
Since you can dcpromo down the server, it should be ok.
Just be sure to remove replicate link and it's computer object from ADUC...Cleaning DNS
my 2 cents,
Mathieu CHATEAU
Friday, August 18, 2006,
Welcome to the list Steven! Buckle up and
enjoy the ride!
Im sure the gurus on this list can provide
more detailed replies, but there are 2 things I would stay away from (in the
real world):
1- Installing/Running Exchange on a DC (unless its a SBS)
2- Renaming a DC with a name
So let me get this straight:
Ceres AD only
Hades AD Exchange
Server3 Nothing
Your next state is:
Ceres AD Only
Hades AD Exchange
Server3 Exchange
Your next state is:
Ceres AD Only
Hades AD Only
Server3 Exchange
You then want to rebuild Hades and make it a
Return Receipt
Your Re: [ActiveDir] Single Space in LDAP query dropped: Why?
document:
The only real requirement is to ensure the
dcpromo action to remove the DC functions is fully replicated to each DC in the
forest before you think about adding it back. In large environments (hundreds or
thousands of DCs) I recommend dont re-promote a name within the
tombstone lifetime J
BTW, if you have snapshot based backup you _can_ backup and just restore
only the AD data (dit, log, and chk), and it will work w/o USN rollback
correctly. We used to run quick tests like that all the time, but ONLY
validated that the DS / AD didn't break. That doesn't make it supported.
BTW,
Welcome.
To answer your general question, I don't have a problem
with reusing names. Just make sure things got cleaned up properly previously.
Previous environment I was inevery name of the 350+ DCs over the years was
reused at least once since 2000. Mostly a threeyear rollover on
Oh yeah, Exchange on DCs sucks... Even on SBS, but they
have to put up with it. ;o)
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steven
JohnstonSent: Friday, August 18, 2006 3:30 PMTo:
In your case I
would:
* execute from the E2K3 media: SETUP
/FORESTPREP (this preps your forest for E2K3 servers) (this will resolve the
incorrect attributes in a W2K AD with E2K)
* execute from the E2K3 media: SETUP
/DOMAINPREP (this preps yourdomain for E2K3 servers)
* execute from
I have it bookmarked. :)
LDAP V3 - http://www.faqs.org/rfcs/rfc2251.html
LDAP Attribute Syntax - http://www.faqs.org/rfcs/rfc2252.html
LDAP DN representation - http://www.faqs.org/rfcs/rfc2253.html
LDAP Search Filters - http://www.faqs.org/rfcs/rfc2254.html
LDAP URL Format -
I wouldnt make that generalization. The bigger issue I have in
large enterprises is that folks hardcode names into their crappy applications.
When you change a name you break their app (which is fine by me), but, in
general I try to avoid this by recycling names. It gets confusing when you
LOL.
Don't be afraid to speak, all of the input and view points from folks is
good.
RE: Scripting... The main benefit of scripting or writing batch files is
that it isn't often that one tool will handle everything you might want to
do across an environment or maybe as flexibly as you want
oldcmp was written specifically with 250k user environment in mind so
scaling shouldn't be too bad. It is single threaded but I think performs
quite well still. Just watch out for using the DHTML option if the output is
really large, IE doesn't seem to handle it as smoothly as oldcmp does. :)
--
If the software has a tendency to crash out like that if you kill the thread
it won't matter how you kill it as they all do it by taking the legs out
from under the thread. The app itself is the only thing that can force the
thread to exit gracefully.
--
O'Reilly Active Directory Third Edition
http://www.microsoft.com/downloads/details.aspx?familyid=df192e1b-a92a-4075-9f69-c12b7c54b52bdisplaylang=en
http://www.microsoft.com/downloads/details.aspx?familyid=df192e1b-a92a-4075-9f69-c12b7c54b52bdisplaylang=en
Learn how to manage Windows Firewall in Windows Vista through the
Windows
In general I think it is better for larger orgs to have a very locked down
strong share policy. Even down to specifying specific standard share names,
permissions (like auth users FC and then locking with NTFS unless there will
be no change access then R). For instance names like APPS, PROJ, DATA,
Title: ADSIEdit unable to enumerate list of objects that a group can create
I see you worked this out, but the answerto the
original question isthe attribute
allowedChildClassesEffective.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL
I would say that you are probably safe to use it yourself but I wouldn't be
giving it out... Of course that is a completely non-legal joe can't speak
for anyone except joe response. :)
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original
The lockoutTime attribute can only be set to zero. If you want to
programmatically lock (versus disable) an account, you will need to send
enough bad auth attempts to it.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From:
Quick note on this attribute, it is constructed, so you can't use it in a
query, you can only return it.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
I just tested this with ADAM SP1
1. A delegated admin was able to set pwdLastSet to 0 and -1.
2. Once expired by setting to 0, the account could not bind as expected.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL
Yes, I know, I am slow, just catching up on my reading of the list...
But anyway... ROFL!
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent:
I like this approach myself and in fact recommend setting
up some sort of security system to configure this to "mailbox admins" as in most
orgs I have seen, actual mailbox maintenance at the folder level is done by
someone who isn't a service admin. Basically in the pastI have set up a
LOL on the naughty boy messages.
The implementation was for a fortune 5 running on 2K with
about 250k users but only about 180k Exchange users, 100k or so of contacts.
With K3 it shrunk back down to I want to say around 4GB due to single instance
store but it is getting to be quite a while
I believe that was one of the items in a list of about 25
requests generated here on the list that I submitted into the bug/request system
at MSFT as well as sending directly to the responsible Dev (the guy doing a lot
of the GUI user experience stuff) at AD. He loved the ideas but said that
Me too. I was that lazy. :)
Joe Kaplan
- Original Message -
From: joe [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Friday, August 18, 2006 5:46 PM
Subject: RE: [ActiveDir] Single Space in LDAP query dropped: Why?
I have it bookmarked. :)
LDAP V3 -
This is the kind of thing if I got a request for it I would
end up wrapping into a perl script and then tossing into a webpage via CGI that
the "someone" could look at when they wanted as they are just looking to poke
around occasionally and it is stupid to burn up admin resources for ad hoc
You NET programmers ;o)
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan
Sent: Friday, August 18, 2006 11:07 PM
To: ActiveDir@mail.activedir.org
Subject:
It's .NET - Get it right! ;)
- Original Message -
From: joe [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Friday, August 18, 2006 10:15 PM
Subject: RE: [ActiveDir] Single Space in LDAP query dropped: Why?
You NET programmers ;o)
--
O'Reilly Active Directory Third
42 matches
Mail list logo