I'd triage whether this is actually really necessary before you go and do this.
I've had customers do this before - you have to build something to suck out the
membership and then reload it.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c
Without the AD Web Service, AD PowerShell won't work. You'd have to run the
cmdlets from a Win7+ machine anyway.
Thanks,
Brian Desmond
br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad
Did you change the defaults in your org?
I've seen this before - it comes up periodically.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf
It's not something I'd fight if it's an issue. Schedule a window and unwind and
reload each group.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com
long time.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Webster
Sent: Wednesday, June 19, 2013 10:06 AM
To: ntsysadm@lists.myitforum.com
Subject
What’s MaxValRange set to on your DCs?
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Christopher Bodnar
Sent: Wednesday, June 19, 2013 10:13
My coffee fund thanks you!
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Don Kuhlman
Sent: Wednesday, June 19, 2013 10:52 AM
To: ntsysadm
Correct. This is only an issue if you had it set to 5000. You are at the
default.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Christopher
+1
I tell most customers who think removing WINS from their environment is a good
use of their time to find a more worthwhile project to invest in. WINS is dead
simple, solves a problem, has practically no infrastructure overhead, and
requires nearly no maintenance.
Thanks,
Brian Desmond
br
So what functional purpose(s) does this proxy serve other than to meet an
arbitrary policy?
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf
If the requirement is simply an arbitrary policy, perhaps now is a good time to
revisit that policy? It seems like this is adding no value other than checking
a box.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad
On the surface at least, it’s per user profile.
I haven’t played with it on the iPad to see what options you have there.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad
So troubleshooting this without a dump of the spooler when the issue is
occurring is going to be hard, IMO. I'm willing to look at the dump, but full
disclosure it's been like five years so I can't promise I'll produce anything
for you.
Thanks,
Brian Desmond
br...@briandesmond.com
w
Any remedies for this kind of stupidity that you can recommend?
Lync?
Sorry ... couldn't resist.
Thanks,
Brian Desmond
br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf
You'd be surprised what it can do as far as telephony. You might want to look.
Thanks,
Brian Desmond
br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Kurt Buff
Sent
What exactly is the scenario? There is not enough detail here
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Michael B. Smith
Sent
Same offer I made last week. If you capture a hang dump (using adplus) of the
process when it is spinning at 100%, I can have a look.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com
).
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Christopher Bodnar
Sent: Wednesday, July 31, 2013 12:17 PM
To: NTSysADM@lists.myITforum.com
Subject
the
certs off a third party CA's platform and leverage their reporting to determine
when you need to renew things.
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com
Why are you backing up whole VMs versus just protecting specific data?
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Pierre-Marie Camilleri
You can do all this with the UI.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Ziots, Edward
Sent: Wednesday, August 7, 2013 8:32 AM
on the source OU, create on the target OU,
and the rights to write to the CN and name attributes on the object itself.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com
Seems to me like a lot of storage and cycles for something that might have very
little value if you have the ability to simply redeploy the app and restore the
data.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad
with these cheapo drives.
I have 96GB in my main HyperV host at home - just doubled it from 48GB as I had
it max'ed out and perf sucked. I've got all this running on there now and
continuing to add as I need to:
[cid:image001.png@01CE9AA1.0AD4BF50]
Thanks,
Brian Desmond
br
I have two Precision towers at home. One runs ESX and one runs Windows Server
2012 w/ Hyper-V. Never had an issue with either.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad
I don't generally do trusts for these types of setups. If I did, I would make
it one way such that Dev and UAT trust prod so you can use your prod account.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad
There's a bunch more steps so might want to ping the other alias.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Damien Solodow
Sent: Friday
Have you looked at an MDM solution that can side-load apps and enforce policy?
InTune is one such example.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com
+1
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Michael B. Smith
Sent: Wednesday, September 11, 2013 4:53 PM
To: ntsysadm
Capturing a dump of the system when the problem is occurring or collecting an
xperf trace would be my approaches to start.
1 CPU is not really a great setup here.
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
-Original Message-
From: listsad
I'm not sure why you would disable this.
What version of Windows is the file server running?
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of N
Yeah it sounds like your issue is probably the files you're storing. There are
KBs out there that have tuning settings for the SMB stack on the server side
that often help here.
I'd also validate the perf of the storage that's backing this share.
Thanks,
Brian Desmond
br...@briandesmond.com
+1. I've seen this pivot in highly regulated environments where the GPO affects
a controlled asset/system then it's much more rigid.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com
Go on NewEgg and look at the reviews? That's usually how I buy random computer
parts
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Jon
LinkedIn
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, October 3, 2013 11:43 AM
To: NTSysADM
Dedicating one port per switch just to the management VLAN sounds incredibly
expensive when you total up your port costs...
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad
I'd start with what are you planning to write about, who is going to buy it,
and who is going to publish it?
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com
expect. Make an outline, figure out what you
want to talk about, and then start filling in the outline.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com
I would find a way to do Option 2 for all your zones.
Thanks,
Brian Desmond
br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Don Kuhlman
Sent: Monday, October 28
to give you a
slice of the answer and the data won't be real easy to consume.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of James Hill
Sent
and asking
questions – usually doesn’t turn out well for the candidate because spelling a
buzzword != knowing anything about it.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad
If you fill all that stuff in on LinkedIn also, the recruiter tools (I have an
account) let you filter in a really granular manner (as opposed to just keyword
searches). I’ve consistently gotten better candidates off LinkedIn than any of
the legacy job sites.
Thanks,
Brian Desmond
br
There’s a button right there on your profile screen in the free version.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Heaton, Joseph
ADFS only natively supports AuthN to AD. If you want to do your AuthN with
something else, you have to federate ADFS with an IDP that does that piece for
you. Thinktecture’s (free) IdentityServer is often the tool of choice for that.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br
You have sAMAccountName and userPrincipalName to work with. You can use xxx
for the former, and first.l...@domain.commailto:first.l...@domain.com for the
latter.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad
You probably want some sort of hosted asset management solution. A cloud based
CMDB with the ability to link tickets to the CIs would work too.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com
I'd a search on HyperV NLB - there's a bunch of stuff you have to do to make
this work.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf
Use Process Monitor to get a file system trace when the problem repros and see
what it's looking for - assuming the error isn't completely misleading, which
it could be.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad
You could do that or make the children point at each other as well - they'll
have forwarders to the parents on them and you might as well replicate the root
domain DNS zone to all DCs also.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c
Adding Domain Users is a hammer solution - there's no out for a one off. I'd
create some AD groups for this even if you temporarily nest domain users in the
AD group, you can change who is in scope later without reconfiguring any
images, templates, etc.
Thanks,
Brian Desmond
br
It will work just fine.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Christopher Bodnar
Sent: Tuesday, March 18, 2014 9:31 AM
To: NTSysADM
The wizard runs it for you when you promote the first uplevel DC - the steps
still exist. IIRC the manual process is still available if you want to break it
apart.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad
This is a services figure or hardware/licensing or?
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Stefan Jafs
Sent: Wednesday, March 26
on this full time then you're looking at 1 - 2
months of time.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Stefan Jafs
Sent: Wednesday
The underlined part is your answer. SA is not a one-off that you can purchase
with anything and get all the SA benefits of another product. You have it over
server licenses but not over your PCs.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c
Never had any of these issues with Lync. I use it with a headset as my primary
phone all the time – both at my desk and when I’m traveling with my laptop. I’m
often on VPN as well.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
or something is
going to run your power bill up too.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Todd Lemmiksoo
Sent: Tuesday, April 8
Not sure I understand the question. Are you asking what the expected
replication latency is? Perhaps you could describe the topology in a bit more
detail.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad
Right - you need a cluster. It needs a small bit of shared storage for the
spooler service, and a disk based quorum if you're using that, plus you get the
shared name everyone connects to.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c
Have you looked at some of the IaaS services? OneLogin I know, for example,
lets users define their own sites (e.g. the bank) and OneLogin will vault the
credential and let them login to a single panel with their corp cred. Azure AD
has that too.
Thanks,
Brian Desmond
br...@briandesmond.com
So what are you trying to print out in a sorted fashion? I don't see anything
at the bottom other than some blank space and invalid statuses.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com
At service start it’s going to logon and get a token.
You can use Process Explorer to look at a process’ security token.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad
I generally won't touch anything - big or small - without an MSA and SOW in
place. The MSA the customer signs once and then each engagement covered by the
MSA has a separate SOW that gets signed.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c
and it's
straight to the point. I used to have this 100 page Word Document I always
delivered but I have more or less put that thing in the graveyard.
Thanks,
Brian
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
-Original Message-
From: listsad
I assume under the Cluster key that gets replicated?
Thanks,
Brian Desmond
br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Michael Leone
Sent: Friday, August 8
IIS App Pools
Window Services
Scheduled Tasks
All support them. If you can use them, do it – they solve a gap.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad
I’d ask the question of why you need a CA for this?
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Matthew W. Ross
Sent: Monday, October 13
Correct – the claims are part of the user’s Kerb ticket. So even after that
attribute changes, they’ll maintain access for the lifetime of their existing
ticket.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w – 312.625.1438 | c – 312.731.3132
From: listsad
I don't know offhand but it's possible that something failed when they did
adprep /forestprep and it missed that step (I assume that's where it's added).
I would expect you could just add it to the Config NC head and be on your way.
From: listsad...@lists.myitforum.com
Since these are GPPrefs, have you enabled logging for the drive mapping part of
the CSE? You can have it log verbose data which might point you in the right
direction.
Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: listsad
So the parent company is willing to give you physical access to a domain
controller (via this copy), but they won’t stand up a trust? That doesn’t seem
logical to me when you look at the two risks. What are they concerned about
with the trust?
Thanks,
Brian Desmond
br
You might look at how you could centralize where these certs are installed
(e.g. a load balancer/reverse proxy) so you only have one place to check as
opposed to having things scattered around.
Thanks,
Brian Desmond
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com
My thoughts exactly. 1000>5000 isn't much on its own, but, as soon as you raise
this once, you set the precedent for the next thing to come along and insist on
this.
Thanks,
Brian Desmond
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:list
One of my customers uses a product from a company called Symprex that does
exactly this. It’s very inexpensive and you wouldn’t have to invent anything.
Thanks,
Brian Desmond
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com
I agree with Bob. Take the time to patch them to SP2+ before you do this.
Thanks,
Brian Desmond
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Free Jr., Bob
Sent: Friday, May 20, 2016 12:08 PM
To: ntsysadm
+1 for the folks at DigiCert
Thanks,
Brian Desmond
w - 312.625.1438 | c - 312.731.3132
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Ferguson, Chris
Sent: Tuesday, May 24, 2016 9:27 AM
To: ntsysadm@lists.myitforum.com
installed thing
than anything else. Ideally it lives in one place - e.g. a load
balancer/reverse proxy - rather than being distributed across a ton of servers.
Thanks,
Brian Desmond
(w) 312.625.1438 | (c) 312.731.3132
-Original Message-
From: listsad...@lists.myitforum.com
Just keep good track of the wildcard. The downside of losing a single name cert
is somebody can go be foo.contoso.com, when you misplace a wildcard (until it
gets revoked), someone can go be *.contoso.com.
Thanks,
Brian Desmond
(w) 312.625.1438 | (c) 312.731.3132
-Original Message
Chris-
Best way to troubleshoot this (at least to start) is to use Fiddler to get the
actual SAML Request from a browser and then compare it to the settings on the
RP Trust. You want to look at the identifiers tab more than likely.
Thanks,
Brian Desmond
(w) 312.625.1438 | (c) 312.731.3132
would decrement its’ local count.
Thanks,
Brian Desmond
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Christopher Bodnar
Sent: Monday, May 16, 2016 2:05 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM
...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Brian Desmond
Sent: Tuesday, May 24, 2016 1:35 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] SSL Certificate
A wildcard cert asserts a certain level of assurance that the party on the
other end is say
F5 and Ping are the two of that list I see frequently, F5 the most. Microsoft
w/ AAD-P also has some interesting capabilities in this space as well.
Thanks,
Brian Desmond
(w) 312.625.1438 | (c) 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf
,
Brian Desmond
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of David McSpadden
Sent: Monday, July 18, 2016 10:43 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Powershell question
I would like to find all
So that you don’t need to support KMS servers? It also requires that all
clients be authenticated, which KMS did not.
If all your clients and apps (Office) are uplevel and support AD activation, I
don’t see any reason to maintain a KMS server…
Thanks,
Brian Desmond
w – 312.625.1438 | c
Mine does this when a whole bunch of mail piles in at once. Otherwise I get
individual toasts.
Thanks,
Brian Desmond
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Kevin Lundy
Sent: Wednesday, August 17, 2016 4:04
AD will match the most specific subnet so in this case the 10.0.0.0/16 subnet
will match anyone who is 10.0.X.X. IP.
Thanks,
Brian Desmond
(w) 312.625.1438 | (c) 312.731.3132
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf
Since there’s only two sites, site link bridging won’t help you here. With Site
Link bridging, if you have say A—B--C, by default it’s implied that A can talk
to C. With Bridge All Site Links disabled, A can only talk to B unless you add
the two site links to a bridge.
Thanks,
Brian Desmond
Every user needs to have an Azure AD account to use any Office 365 service.
Whether that account is mastered in Azure AD (e.g. you create it directly
there), or it's synchronized from your on-premises AD is up to you.
Thanks,
Brian Desmond
w - 312.625.1438 | c - 312.731.3132
From: listsad
Unless your AD is in List Object Mode (unlikely and not really recommended
usually), the ACL on every single object isn't evaluated before returning
search results.
Deny's also work a little differently in AD than on the file system so this
probably isn't something you want.
Thanks,
Brian
Is the issue that OOF messages aren't sent or that you can't configure it in
Outlook? The latter is indicative of your Exchange Web Services URL being
configured incorrectly.
Thanks,
Brian Desmond
w – 312.625.1438 | c – 312.731.3132
-Original Message-
From: listsad
.
Thanks,
Brian
Thanks,
Brian Desmond
(w) 312.625.1438 | (c) 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Dave Lum
Sent: Wednesday, November 2, 2016 5:45 PM
To: 'ntsysadm@lists.myitforum.com' <ntsysadm@lists.myitforum.com>
S
. At that point, you
can shutdown the old AAD Connect, and rerun the wizard and take your new one
out of Staging Mode.
You should have practically zero downtime with this approach.
Thanks,
Brian Desmond
(w) 312.625.1438 | (c) 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad
Inline
Thanks,
Brian Desmond
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Christopher Bodnar
Sent: Tuesday, November 15, 2016 10:01 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Kerberos over UDP
GPOs I look at whether or not the GPO is referenced in the gpLink attribute of
any OUs. If it is, I also look to see if all of its links are disabled.
Empty GPOs also are candidates to go.
Thanks,
Brian Desmond
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com
I just looked and I can confirm that the client side default is 0 bytes on a
Win7+ client for the max packet size to fallback to TCP. The server side
default is still 1465 bytes as shown in the screenshot below.
Thanks,
Brian Desmond
w – 312.625.1438 | c – 312.731.3132
From: listsad
If you do a repadmin /showobjmeta on the object, it will give you timestamps
per attribute which would be a good starting point.
Thanks,
Brian Desmond
(w) 312.625.1438 | (c) 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Heaton, Joseph
It currently requires Azure AD at a minimum. On-premises AD is an optional
component.
The best resource for this is the feature PM's blog - he has a handful of posts
that lay out how all the plumbing works in significant detail -
https://jairocadena.com/
Thanks,
Brian
Thanks,
Brian Desmond
I use www.pipedrive.com<http://www.pipedrive.com> and have been really happy
with it, especially as "simple" goes.
Thanks,
Brian Desmond
w - 312.625.1438 | c - 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Stefan Jaf
Is there a behavior difference whether it's in the local user or local machine
Trusted Publishers store? I haven't done much with this but that comes to mind
as something to check.
Also don't forget to timestamp the signature when you do the signing.
Thanks,
Brian Desmond
w - 312.625.1438 | c
,
Brian Desmond
w – 312.625.1438 | c – 312.731.3132
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Eric Wittersheim
Sent: Thursday, December 8, 2016 11:27 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] External trust issue
Melvin,
I'm
1 - 100 of 128 matches
Mail list logo