This still requires a list of semi trusted networks. I am curious would you use the IPSEC to limit the port range to the DC's for replication, or both the client level traffic and the DCs traffic?
On problem with client traffic being encrypted is that we support multiple hosts connecting to our domains, (Mac, UNIX, old NTLM clients). I have to be honest, I have spoken with several engineers who have tried to do IPSEC on large scale deployments and they say it is more trouble than it is worth when you are not standardized on Windows 2000 or XP. The problem I am having is that some of the organizations in my operation want to view all traffic from outside their organization as totally untrusted. So basically their "security experts" want us to identify specific ports and trusted inbound communication from specific host for every domain in the forest. We have about 24 domains, and about 75 DC's. That's one big list to keep maintaining and coordinating for just the DC traffic. We also have 5 Class B address ranges of ports in our design (Remember we are the government) so exposing planning for client exposure is also somewhat an issue. So far I came up with two solutions to this, use DMZ's and limited/Static RPC replication, and allow inbound traffic from "trusted networks" to community network services (DNS, AD, Exchange Servers, Intranet servers), then separate mission critical servers and clients by connecting them through a second firewall to the border DMZ. Allow all outbound communication to occur, and allow limited inbound from DMZ servers to occur. What this basically will probably require is that AD replication and operations will work as expected for host inside the firewall and traveling users who work at other departments with in the organization. If the organization chooses to limit basically all inbound communication request except from the direct replication partners this potentially can break authentication from outside sources to local resources, provisioning via LDAP, and single sign-on using only Microsoft technology. So if the user ever visits another part of the organization that is behind a closed firewall DMZ design, they will have to VPN into their portion of the network to properly authenticate and access resources. So the question I posed earlier has still gone un-answered. Do you think RPC NTDS and FRS replication is fine with just on port being open, or do you think it would be better to open a range? Thanks, Todd Myrick -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 9:37 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) Correct. One option is to run IPSec tunnels without encryption - that allows for full content inspection while still having reduced requirements for open ports. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 06, 2003 9:12 AM > To: ActiveDir > Subject: Re: [ActiveDir] WOT Unreadable code (was Connection String) > > > I would like to see his thoughts on the matter. MS's > published recommendations for using ipsec tunnels to traverse > firewalls is fine between trusted environments, but most > trusted environments can create their own vpn tunnels using > firewalls more efficiently. And between untrusted > environments it would be generally irresponsible (security-wise). > > -------------------------- > Sent from my BlackBerry Wireless Handheld > > > > ----- Original Message ----- > From: ActiveDir-owner > Sent: 08/05/2003 11:10 PM > To: <[EMAIL PROTECTED]> > Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) > > Todd, > > If you're working with Microsoft, have them contact or engage > Steve Riley. > He's a 'softie that has specific experience in large environments > (previously telecoms) and I seem to remember the last time we > talked he was > with some area of the Security practices - though I can't > specifically state > where. He is in Redmond now (last I knew), and has published > some very > interesting and promising work on AD over/through/around > firewalls using > IPSec and other advanced technologies. > > Rick Kingslan MCSE, MCSA, MCT > Microsoft MVP - Active Directory > Associate Expert > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd > (NIH/CIT) > Sent: Tuesday, August 05, 2003 3:31 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) > > Well we are currently redesigning our Site Topology due to several > organizations setting up firewalls and thinking they are > guarding against > Neo and the Matrix Gang. One thing we are working with > Microsoft on is > optimized Hub and Spoke topology by creating sites for > networks that are > behind firewalls. We want to address a couple of things here > in the design > as well. Failover DDNS service, Deployment of an Enterprise > Level Directory > Tripwire tool, and Enterprise Directory Monitoring. What > would be cool is > if there was a directory optimization tool as well. One that > would set DNS > SRV record Priorities. I haven't had a chance to look at the > latest version > of DT to see if it is in there yet. > > Part of the Firewall configuration is to set a static port. > The question is > "Is one port enough?". I was reading some Backup Exec > Documents and they > recommended that their application have at least 20 ports > open for their > DCOM object. Anyone have experience here and what to help a > brother out? > > Toddler > > > > -----Original Message----- > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 3:58 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) > > > What's up Todd? You have a hankerin' for some chicken? > > And I probably should stop wasting everyone's inbox capacity with this > silliness... Doesn't someone have some AD problems that need fixing? > > -gil > > > -----Original Message----- > From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 12:31 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) > > > Gil, you should give one out for every Enterprise purchase of Netpro > Products. > > Todd Myrick > > -----Original Message----- > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 3:22 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) > > > John, > > Stella has put the world-famous Official DEC Screaming Yellow > Rubber Chicken > in the mail, so you should get it by the end of the week or > so. When you do > get it, be sure to give it a good squeeze. > > When I spoke at the 2002 AFITC, a general from ACC (I've > forgotten his name) > told me that someone in his office had received one and the noise was > driving him crazy. Scratch the chicken off the list of how to > win friends > and influence people. > > -gil > > > -----Original Message----- > From: Bjelke John A Contr AFRL/VSIO > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 12:01 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) > > > Gil, > I'm not THAT old! Man, next you'll be implying that I built the > DARPAnet! > (and we all know it was Al Gore who's responsible for that!) > *grin* Nah, I > just have a fondness for old, dead languages and remembered > seeing that one > before. I actually had a book mark to a "history of > computing" type doc that > had this very example of MUMPS code. As for DEC Ottawa, I > doubt it, times > and budgets being what they are. But I'll take the chicken... > sounds like > cool geek-schwag :^) > > John A. Bjelke > Unisys > 505.853.6774 > [EMAIL PROTECTED] > Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput > tuum saxum immane > mittam. > > > > -----Original Message----- > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 12:01 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) > > > Wow John! I'm impressed. Were you at Unisys when MUMPS actually ran on > Unisys minis? Or did you just get lucky with Google? :) > > I'm thinking that your answer deserves a world-famous > Official DEC Screaming > Yellow Rubber Chicken, whose hideous screech is known to > strike fear in the > hearts of dogs, cats, and small children. > > Are you coming to DEC Ottawa? I can give it to you there, > along with your > free beer. Otherwise, send me your shipping info offlist, and > no beer for > you. > > -gil > > -----Original Message----- > From: Bjelke John A Contr AFRL/VSIO > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 10:39 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) > > > prints a table of primes, formatting it into columns. What's > my prize :^) > > > John A. Bjelke > Unisys > 505.853.6774 > [EMAIL PROTECTED] > If it's as difficult as pulling teeth through an elephants > rump, then the > approach needs to be reevaluated. > > > > -----Original Message----- > From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 9:56 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) > > > Have you ever coded in MUMPS? It doesn't matter who the > programmer is; its > ALWAYS unreadable. I think MUMPS programmers invented the > term "write-only > programs". > > Typical MUMPS program: f p=2,3:2 s q=1 x "f f=3:2 q:f*f>p!'q > s q=p#f" w:q > p,?$x\8+1*8 > > If anyone can guess what this code does, I'll give them a prize. > > -g > > Gil Kirkpatrick > CTO, NetPro > > > -----Original Message----- > From: Robbie Allen [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 6:51 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Connection String > > > Ha! It is not the language that makes code unreadable, it is > the PROGRAMMER > :-) > > Robbie Allen > http://www.rallenhome.com/ > > > -----Original Message----- > > From: Glenn Corbett [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, August 05, 2003 9:38 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [ActiveDir] Connection String > > > > > > HAHAHA....Perl > > > > I like to be able to read my code and understand it again > in 6 months > > :) > > > > Glenn > > > > ----- Original Message ----- > > From: "Robbie Allen" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, August 05, 2003 11:14 PM > > Subject: RE: [ActiveDir] Connection String > > > > > > > > Come over to the 'Dark Side' with VB.NET.....its nice and warm > > > > here *looks at the fires of hell*. > > > > > > Come on guys, why go to VB.NET when you can get most of the > > benefits of a > > > compiled language and a whole lot more in a lot fewer lines > > with Perl! > > > > > > muaahh...Muaahh...MUUAAAHH.... > > > > > > :-) > > > > > > Robbie Allen > > > http://www.rallenhome.com/ > > > > > > > > > > -----Original Message----- > > > > From: Glenn Corbett [mailto:[EMAIL PROTECTED] > > > > Sent: Tuesday, August 05, 2003 8:54 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: [ActiveDir] Connection String > > > > > > > > > > > > Roger, > > > > > > > > You should be able to convert the Primary Windows NT > > Account into a > > > > Domain\Username pair....I did do it some time ago (yeah, > > it was Ex 5.5 > > > > timeframe too)....I'll have a dig around (from memory > it was using > > > > LookupAccountSID *shudder*) > > > > > > > > If your UPN in 2k and Exchange email address use the same > > format (ie > > > > [EMAIL PROTECTED]), you could cheat a bit, and use the UPN > > > > conversion type code: > > > > > > > > ADS_NAME_TYPE_USER_PRINCIPAL_NAME = 9 > > > > User principal name format. For example, [EMAIL PROTECTED] > > > > > > > > *shrug* might be worth a stab. > > > > > > > > not sure about mixing NT v4 and 2k servers in the call, I don't > > > > think it would work too well (may require AD). > > > > > > > > Come over to the 'Dark Side' with VB.NET.....its nice and warm > > > > here *looks at the fires of hell*. > > > > > > > > G. > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Roger Seielstad" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Tuesday, August 05, 2003 10:42 PM > > > > Subject: RE: [ActiveDir] Connection String > > > > > > > > > > > > > Cool.... Might be able to stay away from a compiler for > > another 3 > > > > months... > > > > > > > > > > I know what it was that didn't work - VBScript can't > > handle the way > > > > Exchange > > > > > 5.5[1] returns the Primary Windows NT Account attribute - > > > > it comes back as > > > > a > > > > > string octet (I think). The VB examples all included the > > > > same contstant > > > > > defs, so I was thinking it was the same thing I looked at a > > > > month or two > > > > > ago. > > > > > > > > > > Now I'm wondering if I can just direct translate using the > > > > syntax below... > > > > > I'll have to try that later... > > > > > > > > > > -------------------------------------------------------------- > > > > > Roger D. Seielstad - MTS MCSE MS-MVP > > > > > Sr. Systems Administrator > > > > > Inovis Inc. > > > > > > > > > > [1] Yeah, I'm still running it > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Glenn Corbett [mailto:[EMAIL PROTECTED] > > > > > > Sent: Tuesday, August 05, 2003 8:36 AM > > > > > > To: [EMAIL PROTECTED] > > > > > > Subject: Re: [ActiveDir] Connection String > > > > > > > > > > > > > > > > > > >From the online help about NameTranslate, VBScript Example > > > > > > (havent tried it, > > > > > > but looks like it should work) > > > > > > > > > > > > Dim nto > > > > > > const ADS_NAME_INITTYPE_SERVER = 2 > > > > > > const ADS_NAME_TYPE_1779 = 1 > > > > > > const ADS_NAME_TYPE_NT4 = 3 > > > > > > > > > > > > server = "aDsServer" > > > > > > user = "jeffsmith" > > > > > > dom = "Fabrikam" > > > > > > passwd = "top secret" > > > > > > dn = "CN=jeffsmith,CN=Users,DC=Fabrikam,DC=COM" > > > > > > > > > > > > Set nto = Server.CreateObject("NameTranslate") > > > > > > nto.InitEx ADS_NAME_INITTYPE_SERVER, server, user, > > dom, passwd > > > > > > nto.Set ADS_NAME_TYPE_1779, dn > > > > > > result = nto.Get(ADS_NAME_TYPE_NT4) > > > > > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Roger Seielstad" <[EMAIL PROTECTED]> > > > > > > To: <[EMAIL PROTECTED]> > > > > > > Sent: Tuesday, August 05, 2003 10:31 PM > > > > > > Subject: RE: [ActiveDir] Connection String > > > > > > > > > > > > > > > > > > The only problem with that is you can't call the > same methods > > > > > > from VBScript > > > > > > - which is where I seem to need it the most.. > > > > > > > > > > > > Better brush up on my mAd VB.net skilz... > > > > > > > > > > > > > -------------------------------------------------------------- > > > > > > Roger D. Seielstad - MTS MCSE MS-MVP > > > > > > Sr. Systems Administrator > > > > > > Inovis Inc. > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Glenn Corbett [mailto:[EMAIL PROTECTED] > > > > > > > Sent: Tuesday, August 05, 2003 8:17 AM > > > > > > > To: [EMAIL PROTECTED] > > > > > > > Subject: Re: [ActiveDir] Connection String > > > > > > > > > > > > > > > > > > > > > Pablo, > > > > > > > > > > > > > > here is some code I use in VB.NET to do a similar > > > > thing, should be > > > > > > > convertable to C# without much hassle > > > > > > > > > > > > > > strUserName = the fully qualified LDAP path of a user > > > > or group, ie > > > > > > > LDAP://CN=GroupName,DC=testdomain,DC=local > > > > > > > > > > > > > > 'Constants required, rest are in the online doco for > > > > NameTranslate > > > > > > > Const ADS_NAME_INITTYPE_GC = 3 > > > > > > > Const ADS_NAME_TYPE_1779 = 1 > > > > > > > Const ADS_NAME_TYPE_NT4 = 3 > > > > > > > > > > > > > > Dim Translate As New ActiveDs.NameTranslate > > > > > > > Dim strUser As String > > > > > > > > > > > > > > 'We want to chat to a GC server, any one will do > > > > > > > Translate.Init(ADS_NAME_INITTYPE_GC, "") 'Pass in > the FQDN > > > > > > > name of the object Translate.Set(ADS_NAME_TYPE_1779, > > > > > > > Mid(strUserName, 8)) <-- the call doesnt like the > LDAP:// on > > > > > > > the front, so strip it 'Get back the NT v4 Equivalent > > > > > > > strUser = Translate.Get(ADS_NAME_TYPE_NT4) Translate = > > > > > > > Nothing > > > > > > > > > > > > > > strUser now = the DOMAIN\UserName pair > > > > > > > > > > > > > > You can easily go the other way, ie pass in the > > > > > > > Domain\username pair, and get back the LDAP path. > Its all in > > > > > > > the online doco, > > just do a > > > > > > > search for > > > > > > > NameTranslate > > > > > > > > > > > > > > Very cool actually, was hacking around trying to > pull apart > > > > > > > LDAP strings and massage them myself, this is MUCH easier > > > > > > > (and faster) > > > > > > > > > > > > > > HTH > > > > > > > > > > > > > > Glenn > > > > > > > (lucky you asked today, worked out how to to this last > > > > night *grin*) > > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Pablo Curello" <[EMAIL PROTECTED]> > > > > > > > To: <[EMAIL PROTECTED]> > > > > > > > Sent: Tuesday, August 05, 2003 9:44 PM > > > > > > > Subject: RE: [ActiveDir] Connection String > > > > > > > > > > > > > > > > > > > > > That's right, but what if the user Pablo Curello is > > inside an > > > > > > > organizational > > > > > > > group ? > > > > > > > In that case, the LDAP string should be (for example): > > > > > > > "LDAP://cn=Pablo Curello, ou=Sales, > dc=yourdomain, dc=com". > > > > > > > It doesn´t work with: "LDAP://cn=Pablo Curello, > > > > > > dc=yourdomain, dc=com" > > > > > > > Thanks. > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Costanzo, Ray [mailto:[EMAIL PROTECTED] > > > > > > > Sent: Monday, August 04, 2003 2:34 PM > > > > > > > To: [EMAIL PROTECTED] > > > > > > > > > > > > > > I believe that you mean DOMAIN\Username, and if so: > > > > > > > > > > > > > > Function GetFullName(sUser) > > > > > > > Dim sUsername, sDomain > > > > > > > sUserInfo = Split(sUser, "\") > > > > > > > sDomain = sUserInfo(0) > > > > > > > sUsername = sUserInfo(1) > > > > > > > Set oUser = GetObject("WinNT://" & sDomain & "/" > & sUsername > > > > > > > & ",user") > > > > > > > GetFullName = oUser.Fullname > > > > > > > Set oUser = Nothing > > > > > > > End Function > > > > > > > > > > > > > > That will give you the full name, such as: > > "Curello\, Pablo" > > > > > > > > > > > > > > And then you can use: > > > > > > > > > > > > > > sFullname = GetFullName("pcurello") > > > > > > > sLDAP = "LDAP://cn="; & sFullname & ",dc=yourdomain,dc=com" > > > > > > > > > > > > > > How you get the dc= part from the oldschool netbios name, > > > > > > I'm not sure > > > > > > > though. And I can't translate this to C for you. :] > > > > > > > > > > > > > > Ray at work > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Pablo Curello [mailto:[EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hello all. > > > > > > > Does anybody know how to transform a user's identity > > > > > > > "DOMAIN/USERNAME" to an ldap connection string "CN=name, > > > > > > > DC=..." ? I know how to do it in COM (C++) using > > > > > > > IADsNameTranslate interface, but now I´m using C#. Thanks. > > > > > > > > > > > > > > > > > > > > > > > ************************************************************** > > > > > > > ************** > > > > > > > ****************************** > > > > > > > The information contained in this e-mail message > is intended > > > > > > > only for the personal and confidential use of the > > > > > > > recipient(s) named above. Distribution, > > publication, or > > > > > > > retransmission of this message is strictly > prohibited. This > > > > > > > message may be a bank to client communication and > as such is > > > > > > > priviliged and confidential. If the reader of > this message > > > > > > > is not the intended recipient or an agent responsible for > > > > > > > delivering it to the intended recipient, you are hereby > > > > > > > notified that you have received this document in > error and > > > > > > > that any review, dissemination, distribution, or > copying of > > > > > > > this message is strictly > > > > > > > prohibited. If you have received > > > > > > > this communication in error, please notify us > immediately by > > > > > > > e-mail, and > > > > > > > delete the original message. > > > > > > > > > > > > > > The sender of this e-mail specifically "opts-out" of > > > > the Electronic > > > > > > > Signatures and Global and National > > > > > > > Commerce Act (E-Sign) and any and all similar state and > > > > > > federal acts. > > > > > > > Accordingly, but without limitation, > > > > > > > any and all documents, contracts, and ageements > must contain > > > > > > > a handwritten signature of the sender to be legal, valid, > > > > > > > and enforceable. > > > > > > > > > ************************************************************** > > > > > > > ************** > > > > > > > ****************************** > > > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > > > > List archive: http://www.mail-archive.com/activedir%> > > 40mail.activedir.org/ > > > > > > > > > > > > > > List info : > > > > > > > http://www.activedir.org/mail_list.htm > > > > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > > > > List archive: http://www.mail-archive.com/activedir%> > > 40mail.activedir.org/ > > > > > > > > > > > > > > > > > > > > > List info : > > > > > > > http://www.activedir.org/mail_list.htm > > > > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > > > > List archive: http://www.mail-archive.com/activedir%> > > 40mail.activedir.org/ > > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > > > List archive: > > > > > > http://www.mail-archive.com/activedir%> > 40mail.activedir.org/ > > > > > > > > > > > > > > > > > > List info : > > > > > > http://www.activedir.org/mail_list.htm > > > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > > > List archive: > > > > > > http://www.mail-archive.com/activedir%> > 40mail.activedir.org/ > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > > List archive: > > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > > > > > List info : > > > > http://www.activedir.org/mail_list.htm > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > List archive: > > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
