Hi Mohammed,
Remember that to have 4 domains you at least need 4 DCs (1 DC per domain).
However it is recommended to have at least 2 DCs per domain for redundancy
purposes. With 2 DCs per domain you still have 1 DC if the other one dies.
At least have 2 DCs for the root domain! If that one
Hi,
For file servers you can use SUBINACL with the option:
/cleandeletedsidsfrom=DomainName[=dacl|sacl|owner|primarygroup|all]
For disconnected mailboxes see
http://www.microsoft.com/technet/scriptcenter/topics/exchange/ex03_wmi1.mspx#EGAA
Cheers,
#JORGE#
Hi,
No the answer is B. It you use A (%Username%) it then would be replaced
by the samaccountname of the user executing the command
Zie links and search for $Username$
http://www.ss64.com/nt/dsadd.html
http://www.ss64.com/nt/dsmod.html
Are you sure you have mapped the correct subnets to the correct sites? Is the
subnet where those clients reside assigned in AD to a site? Check that to be
sure.
A client gets his site assigned from the subnet-site mappings in AD. If some
subnet is not in AD and assigned to a site the client
Yep, correct behavior!
If you have an OU with servers and a GPO linked to that OU with the setting you
mention to enbaled, it will affect all servers in that OU. Default GPO settings
do not tattoo so if you change the setting in the GPO to Not defined the
servers (all of them in the OU )will
the way you want to do it can not be accomplished! Why?
The domain admins group is a global security group and global (security) groups
can only have members from its own domain and not from other domains. By design
What are you trying to accomplish?
Cheers,
#JORGE#
any one have an idea on how else to accomplish this?
Thanks,
Juan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Monday, June 27, 2005 8:39 AM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject
With the setup you show us the following applies
Domain OU - 14 Days - applies to all user accounts in the domain and to all
user accounts local to each server/client except for the servers/clients in the
sales OU and the finance OU
Sales OU - 30 Days - applies to all user accounts local to
De: [EMAIL PROTECTED] de la part de Almeida Pinto, Jorge de
Date: lun. 27/06/2005 21:24
À: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Objet : RE: [ActiveDir] Account Policies
With the setup you show us the following applies
Domain OU - 14 Days
Hi,
A quote:
##
The refresh interval must be long enough to allow all servers that maintain
resource records to update their timestamps. Because the Dynamic Host
Configuration Protocol (DHCP) server is usually the last server to update its
records, you can monitor DHCP records to make
For DNS records to be scavenged you need to enable scavenging on a DNS server
and record aging on DNS zones.
If this is already enebled select the zone with the records - pull down
menu VIEW - select ADVANCED - go back to the DNS zone and right click the
record and select properties
See
Title: Can't get rid of old DC in Sites and Services
Do a metadata cleanup
See Q216498
Cheers,
#JORGE#
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Orlando
Sent: woensdag 29 juni 2005 17:58
To: Active Directory Mailing List
Subject: [ActiveDir]
nope... not a default account in AD.
* see the creation date to see if you remember what happened on that date
* see the owner to see to who caused the creation
Cheers,
#JORGE#
From: [EMAIL PROTECTED] on behalf of Thommes, Michael M.
Sent: Wed 6/29/2005
That only applies if the zones are DNS primary/secondary en thus not AD
integrated
Cheers
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: donderdag 30 juni 2005 17:31
To: 'ActiveDir@mail.activedir.org'
Subject: RE:
To re-register multiple servers:
CHOOSE A DC (lets say it is called DC01) (other DCs are called DC02,
DC03, DC04, etc)
ON DC01 RUN: NETDIAG /TEST:DNS /V /FIX OUTPUT_NETDIAG.TXT
ON DC01 RUN: PSEXEC \\DC02,DC03,DC04,etc NETDIAG /TEST:DNS /V /FIX
OUTPUT_NETDIAG.TXT
PSEXEC is from sysinternals.
From the delegation wp:
Replication Management Tasks
Force replication between two servers
Extended right Replication Synchronization
needed on cn=configuration, dc=forestRootDomain
Force a synchronization between two servers
Extended right
This depends
What is the group type universal? Global?
Local?
Are you looking at it on a DC or GC?
Cheers,
#JORGE#
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: donderdag 30 juni 2005 18:38
To: ActiveDir@mail.activedir.org
Subject:
Never mind what I said about the type of
group and DC/GC thing I think it is time to go home
#JORGE#
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Brian Desmond
Sent: donderdag 30 juni 2005 18:38
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] ADUC
see:
http://www.microsoft.com/technet/scriptcenter/scripts/os/registry/osrgvb18.mspx
Cheers,
#JORGE#
From: [EMAIL PROTECTED] on behalf of Cothern Jeff D. Team EITC
Sent: Thu 6/30/2005 9:31 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT - Script to
why do you say it partially replicates? what errors (event ids and sources)
are being logged in the event viewer?
#JORGE#
From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Thu 6/30/2005 6:17 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir]
ADFIND -b OU=someOU,DC=DOMAIN,DC=TLD -f
((objectcategory=person)(objectclass=user)(extensionAttribute=*) -dsq |
ADMOD extensionAttribute::value
not tested this, but I think i will work
for more help see:
ADFIND /?
ADMOD /?
#JORGE#
From: [EMAIL
Joe... you forgot to type your message! ;-)
Jorge
From: [EMAIL PROTECTED] on behalf of joe
Sent: Fri 7/1/2005 3:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Corrupted NTDS.dit
-Original Message-
From: [EMAIL PROTECTED]
Hi,
Using the delegation of control wizard you can delegate the creation of
computer accounts to the domain. This does not mean the same user/group can
also JOIN the computer to the domain. In the DELEGWIZ.INF file (%WINDIR%\INF)
look at template 6.
By default the AppliesToClasses is set
executing the DS commands on a w2k3 box against a w2k AD domain will work
Cheers,
#JORGE#
From: [EMAIL PROTECTED] on behalf of Kern, Tom
Sent: Sat 7/2/2005 9:16 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Ds commands
I'm sorry. I wasn't
I also don't agree with what you are saying concerning the maintenance
of the GCs.
If you only have 1 domain in the forest there is NO OVERHEAD in making
all DCs GCs. The size of your DIT will not grow in size because there
are no other domains. For its own and single domain the GCs will use
will that cause a problem?
the 2 that I chose to set as GCs are accessible from all VLANs.
thanks.
r.c.
On 7/5/05, Almeida Pinto, Jorge de
[EMAIL PROTECTED] wrote:
I also don't agree with what you are saying concerning the maintenance
of the GCs.
If you only have 1 domain in the forest
controllers accessible by all VLANs, if I set all the domain
controllers to GC will that cause a problem? the 2 that I chose to set
as GCs are accessible from all VLANs.
thanks.
r.c.
On 7/5/05, Almeida Pinto, Jorge de
[EMAIL PROTECTED] wrote:
I also don't agree with what you are saying
AD Integrated DNS zones are only possible
on DCs and that is the preferred way as these zones have more benefits like
replicating the information through AD instead of doing zone transfers, secure
(preferred) and non-secure secure updates. Every DN/DNS server with AD-I zones
and dynamic
If you don't have AD yet, install it and join the clients (presuming windows
clients) to the AD domain
Install and exchange org and establish interoperability between notes and
exchange for mail and free/busy (one of the third party to consult for possible
tooling might be Quest
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Wednesday, July 06, 2005 3:31 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Novell/AD/Exchange
If you don't have AD yet, install it and join
What I know is:
Outlook clients are not AD site aware (see Q319206) and will use the GC
provided by the DSPROXY/DSACCESS process on the exchange server where the
user's mailbox is hosted. By default it will not use the closest GC.
For outlook 2003 the complete process is something like:
(1)
It depends what you mean with temporary...
To introduce w2k3 DCs in a w2k AD forest you need at least to prepare the
forest and the domain that will host a new w2k3 dc. As you may know schema
updates cannot be undone, but you can introduce a w2k3 dc and later on remove
it as needed.
For
I don't understand this one. to me he wants to introduce a temporary w2k3
DC for testing purposes. I agree that is you want to test things you need a
test environment and not your production environment to test this
Cheers,
#JORGE#
From: [EMAIL PROTECTED]
what we are trying understand is why you need to restore objects that
frequently. At least in my opinion you should not try to solve the problem by
also undelete additional attributes, but you should look at how your delegation
is configured. Are the correct people deleting the objects? Should
(1) each authenticated user may add/join 10 workstatiobs to the domain and the
objects are owned by the administrators
(2) yes
(3) no! it is better to set the quota to zero or remove the authenticated users
from that user right or do both. The best way is to delegate the right to
create
their attributes too, rather than trying
to remember their lost informations and importing them in AD.
I agree It is not critical, but rather a comfortable way.
Cheers,
Yann
De: [EMAIL PROTECTED] de la part de Almeida Pinto, Jorge de
Date: ven. 08/07/2005 18:29
À
De: [EMAIL PROTECTED] de la part de Almeida Pinto, Jorge de
Date: sam. 09/07/2005 01:04
À: ActiveDir@mail.activedir.org
Objet : RE: [ActiveDir] Keep existing attributes from users restored.
Hi,
You could also do it another way...
If for some reason the user account is not needed anymore
Assuming you have windows 2003 dns you can use conditional forwarding
I suppose you could configure forwarding for certain internal domains to the HQ
DNS servers if needed and for all other DNS domains forward to the local ISPs
Cheers,
#JORGE#
From: [EMAIL
yep!
are you asking because of: http://support.microsoft.com/?kbid=823862
Cheers
#JORGE#
From: [EMAIL PROTECTED] on behalf of Cothern Jeff D. Team EITC
Sent: Mon 7/11/2005 10:08 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] GPO question
You have
what is the outout of DCDIAG
any event log errors?
cheers,
#JORGE#
From: [EMAIL PROTECTED] on behalf of Yates SFC Robert W (C212 Network Engineer)
Sent: Tue 7/12/2005 3:10 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] 2003 Replication Issue
All,
what is the exact notification concerning the tombstone lifetime. Please paste
it here
From: [EMAIL PROTECTED] on behalf of Yates SFC Robert W (C212 Network Engineer)
Sent: Tue 7/12/2005 4:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] 2003
Replication Issue
Here is the output from DC Diag.
I am learning fast, but still learning on most on the problems that just
do
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Tuesday, July 12, 2005 9:37 AM
To: ActiveDir
Hi,
Check if the exclusions definitions are the same in NTBACKUP (tools - options -
exclude files)
Cheers,
#JORGE#
From: [EMAIL PROTECTED] on behalf of Figueroa, Johnny
Sent: Sun 7/17/2005 11:32 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC
not tried it myself, but it should work as I know Quest DMW does this (setting
a different default domain) when migrating computers
Cheers,
#JORGE#
From: [EMAIL PROTECTED] on behalf of Salandra, Justin A.
Sent: Tue 7/19/2005 10:03 PM
To:
Another solution to this problem (I have not seen mentioned) might be the use
of DNS priorities or as I like to call them DNS costs. By default each SRV
record is set to 0. A higher value (also possible to configure through GPOs)
would the DC/GC would always be the last on the list for
English? Is that what we are supposed to be speaking?
I speak a red neck northern lower Michigander form of North American. Anyone
want to go smelt dippin? How about goin' and snagging us some suckers? Or
fishing fer bullheads, I got the nightcrawlers all ready. Course we could
always
it may sound stupid but you could see each member computer as a very small
domain with its own local users. As domains that trust each other have trusts
in between the same applies for the member computer in the form of a computer
account in the domain (with the domain sid and a unique RID in
each time you create an OU beneath that OUx remove from the OUs authenticated
users. The objects in the OU also have authenticated users and everyone
explicitely defined. you also need to get rid of those too. Remove the members
of the Pre-Windows 2000 compatible Access group (if possible and
if you have delegated the creation of computer accounts look at the owner of
the computer account. when an object is created the user who creates it
automagically becomes the owner of it. If I'm correct this, however, does not
apply for members of the administrators, domain admins and
is the owner. I was hoping for a more specific userid
which I guess we could get if we provision the ability to join computers
to the domain differently than we do now.
-mike
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Freitag, 22. Juli 2005 15:52
To: ActiveDir@mail.activedir.org; activedir@mail.activedir.org
Subject: RE: [ActiveDir] Hiding an OU
each time you create an OU beneath
Hi,
In my opinion you need more answers before on deciding what the main structure
will be...
Answer the following quiestions first...
* How is each company located worldwide (same continent, different continent)?
* Does the info from each company to be available everywhere?
* What are the
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Samstag, 23. Juli 2005 01:15
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Hiding an OU
Guido,
Removing read for auth users
also take a look at:
Active Directory Disaster Recovery
http://www.netpro.com/events/adrecovery/index.cfm
NetPro and HP invite you to join Active Directory experts Gil Kirkpatrick, CTO
at NetPro, and Guido Grillenmeier, Senior Consultant of Enterprise Microsoft
Services at Hewlett Packard, as
As for FRS replication
ntfrsutl forcerepl [computer] /r SetName /p DnsName
= Force FRS to start a replication cycle ignoring the schedule
.
= Specify the SetName and DnsName.
computer = talk to the NtFrs service on this machine.
SetName
oh yes they do... however only when the server is starting the startup script
will run. while the server is running then the startup script will not run
Sam applies for shutdown scripts, logon scripts and logoff scripts - only when
resp. shutdown, logon, or logoff occurs
What you want to use
groups is limited, but from what I read its quite
powerful. Does Restricted Groups remove the existing members of a local
administrators group on a Server or Workstation once it's been enabled.
Almeida Pinto, Jorge de wrote:
oh yes they do... however only when the server is starting
better exists use the restricted groups feature of a GPO where you can
dictate who the MEMBERS are of a group or where you can define to which group a
user or a group is a MEMBER OF
Works great!
Cheers
#JORGE#
From: [EMAIL PROTECTED] on behalf of
see the archives as a few days ago I answered to a similar question
http://www.mail-archive.com/activedir@mail.activedir.org/msg31336.html
#JORGE#
From: [EMAIL PROTECTED] on behalf of Peter Johnson
Sent: Thu 7/28/2005 2:07 PM
To: ActiveDir@mail.activedir.org
Each DNS zone representing an AD domain has a _MSDCS DNS subdomain. All DCs
register belonging to a certain domain register their DNS domain wide records
in their own _MSDCS DNS subdomain. However each DC and GC also register forest
wide records (e.g. CNAME and _GC, etc). It is a best practice
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Thursday, July 28, 2005 3:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] _gc and _ldap SRV records
Each DNS zone representing an AD domain has a _MSDCS DNS subdomain. All DCs
register belonging
grin yep... that is what I would have said../grin
;-))
#JORGE#
From: TIROA YANN [mailto:[EMAIL PROTECTED]
Sent: Fri 7/29/2005 3:31 PM
To: ActiveDir@mail.activedir.org
Subject: RE : [ActiveDir] Control Delgation
Hi
From a search in the acctivedir archives
each group in AD (distribution and/or security) must have a unique
samaccountname (pre-windows 2000 name) within the domain and must have a unique
common name within a container/OU.
Your groups have the same common name and they can exist because they are in
separate OUs. That's OK. Moving
a subfolder?
Thanks
-Original Message-
From: Almeida Pinto, Jorge de [mailto:[EMAIL PROTECTED] Behalf Of
Almeida Pinto, Jorge de
Sent: Friday, July 29, 2005 10:13 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] _gc and _ldap SRV
Determine the max time of the password in the password policy and retrieve the
pwdLastSet attribute from each user. As the attribute pretends it is the moment
the password was changes the last time
Cheers
#JORGE#
From: [EMAIL PROTECTED] on behalf of [EMAIL
when doing intra forest migrations some tools are destructive menaing the old
user account is deleted before the new one is created. Reason is with a intra
forest migration the GUID does not change (SID does) the problem with this is
it does not provide fallback. In fact it is a MOVE. As I
the first thing that comes up is: who is able to access a DC (as in logon
locally or through TS). I'm not going forward with I want to say, because I
don't want to give wrong ideas!
Cheers
#JORGE#
From: [EMAIL PROTECTED] on behalf of Kern, Tom
Sent: Sat
the only way I know of with the AD/AM sync is from AD to AD/AM and not the
other way around.
#JORGE#
From: [EMAIL PROTECTED] on behalf of Guy Teverovsky
Sent: Sat 7/30/2005 1:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: MIIS, ADAM, AD
Hi Everyone,
I was looking something up concerning the partial attribute and its behavior
with DCs.
Now...
* If all DCs = w2k3 and PAS is changed, then only the changes to the PAS will
be replicated
* If all DCs = w2k and PAS is changed, then a full resync will be done for all
objects and
PROTECTED]
http://msetechnology.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Sunday, July 31, 2005 7:42 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Partial Attribute Set - 2000 DCs and 2003 DCs
Hi
/
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Monday, August 01, 2005 1:29 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Partial Attribute Set - 2000 DCs and 2003 DCs
Hi,
I realize know the text layout did not come
(got a link)?
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
http://msetechnology.com http://msetechnology.com/
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Monday, August 01
Title: Message
Use LDIFDE to export the OU
structure and user accounts. (export only the organisationalUnit class objects
and the user class objects) Don't forget to remove the Domain Controllers OU
from the output as it already exists by default
You may also like to export
groups incl
A while ago I put some AD feature thoughts in a textfile not knowing
what to do with them at that moment
Here goes:
* Active Directory thoughts:
* OU = security principal
* Possibility to merge Forests
* Cut and paste a domain from one forest to another
* Domain
third party migration tools can do this for you
anyways:
* Add the server to the domain
* create a script to get users, groups and memberships and create those
accordingly in AD and assign new passwords
* use SUBINACL to re-acl the data on the file system (resource kit tool, but
download new
not making it a security group...
being able to use it as a security principal and also being able if it will be
used just as an OU (so it is not added to the access token) or as a security
principal OU (so it will be added to the access token)
As a user is a child object of the OU and in
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Tuesday, August 02, 2005 2:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Biggest AD Gripes
A while ago I put some AD feature thoughts in a textfile not knowing
what to
do with them
How about Darren's article:
AD Network Interactions
Understanding AD logon and replication procedure
http://www.windowsitpro.com/Windows/Article/ArticleID/37928/37928.html
Cheers
#JORGE#
From: [EMAIL PROTECTED] on behalf of Rachui, Scott
Sent: Wed 8/3/2005
Yep, the tool you mention can do that because natively through AD it is not
possible.
However you could do with scripting and some of the free tools around
Use could use a VB script (see script repository from MS) to create all groups
and with DSACLS you can assign permissions to the group
: [EMAIL PROTECTED]
http://msetechnology.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Tuesday, August 02, 2005 2:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Biggest AD Gripes
A while ago I
Very true! However, this will change in R2.. Better delegation etc.
#JORGE#
From: [EMAIL PROTECTED] on behalf of Dan Holme
Sent: Wed 8/3/2005 9:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain DFS Roots hosted on DC
There's one much
I'm not sure if I understand what you say, but if you define a query in the
Saved Queries node and run it, you are able to export the result to a textfile
by right-clicking the query and selecting 'Export List'
Cheers
#JORGE#
From: [EMAIL PROTECTED] on behalf
can he predict the future now? ;-)
From: [EMAIL PROTECTED] on behalf of Hutchins, Mike
Sent: Thu 8/4/2005 4:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Replicating AD
lol
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
, thanks for pointing that out! It seems a little backdoorish
but it'll work. Any idea why the operator contains is not available?
Mike Thommes
Ps. joe, don't ever go GUI! LOL!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge
worked
and the box is unchecked at all branch sites. The errors persist at all
branch sites.
Any further thoughts?
-- nme
-Original Message-
From: Almeida Pinto, Jorge de
[mailto:[EMAIL PROTECTED]
Sent: Thursday, August 04, 2005 10:21 AM
To: ActiveDir@mail.activedir.org
yeah... this is also the first thing I thought. I also thought of something
else. Will those users ever need to access their old resources? (like mail,
files ,etc) If no access is allowed how are you going to do that? Exmerge all
mailboxes into PSTs en burn files on DVD or something like that?
and the box is unchecked at all branch sites. The errors persist at all
branch sites.
Any further thoughts?
-- nme
-Original Message-
From: Almeida Pinto, Jorge de
[mailto:[EMAIL PROTECTED]
Sent: Thursday, August 04
. DCs and GCs are correct; no custom
site links or connections; site membership is correct.
-Original Message-
From: Almeida Pinto, Jorge de
[mailto:[EMAIL PROTECTED]
Sent: Saturday, August 06, 2005 11:59 AM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject
#
From: Almeida Pinto, Jorge de
Sent: Sun 8/7/2005 11:56 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Branch Office Question
To answer your question:
You can use each DC you want. In the end it will replicate to the location
where it applies You need however
In fact you are saying that Dean's shirts can do more than your DIT
tool, and they are not as expensive as your tool. Stop working on the
tool and ask Dean for one of his shirts!
;-)
jorge
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carlos
Magalhaes
Rick,
Don't you mean the bridgehead server role instead of the ISTG? I think you were
saying: As long as DCs on the static BH list are up, everything is OK. When
all DCs on the static list are for some reason unavailable the ISTG will not
choose other available DCs as new BHs as it will
When a user logs on for the first time the system the users logs on to wil
first look in the netlogon share for a default user profile and if it does not
find one it will use the default profile from the local computer the user logs
on to. If you don't want the users to change the profile (as
What do you mean with In fact, they are cut off from the root domain
pyhsically. ? Do you mean as in there is not replication between the two
domains? If yes... dare I ask for how long?
As I know of you can migrate the child domain without the root being available
because you will be having a
I presume you are asking how can I make the IIS servers use the user accounts
and groups in AD?
If that is the question
The answer is:
* Add those IIS servers to the AD domain (right click my computer, select
properties, click on tab computername, click on change, select domain, enter
Those fields are not available in the default ADUC GUI. It needs to be
extended for that.
You could however for attributes that are not available through the GUI
use the method as explained in:
http://www.awprofessional.com/articles/article.asp?p=169630seqNum=1
Hi Tom,
When using the Associated External Account (AEA) in an account forest and
resource forest scenario the account in the resource forest that is mailbox
enabled is AD disabled and the account in the account forest is assigned the
AEA right on the mailbox. This automagically puts the SID
Hi Sakari,
Just tested the script on my home DC. Works great.
Minor Minor Minor issues.. ;-))
* Last line states This table was generated at 09-Sep-2005 01:47:40 by
ACLsToExcel.vbs the last should be ACLReport.vbs Instead of hardcoding the
name of the file add WScript.ScriptName
* The
Oh... forget to mention...
run the script from the command-line like CSCRIPT scriptname
otherwise you need to click away popup boxes
Cheers
Jorge
From: Almeida Pinto, Jorge de
Sent: Fri 9/9/2005 2:06 AM
To: ActiveDir@mail.activedir.org; ActiveDir
What I know
is:
If you disjoin a computer you
will get the credentials box asking for credentials to DELETE the computer
account.
If you just click OK without
giving credentials the computer account is disabled and will remain in the
container or OU it resides in
If you give credentials
This is a builtin feature of E2K...
XADM: Exchange 2000 Installation Requires Access to Schema Master
(http://support.microsoft.com/?kbid=280178)
http://www.petri.co.il/exchange_disasterecovery_switch.htm
It is a check the exchange schema update has been applied
I also remember another buggy
1 - 100 of 532 matches
Mail list logo