> I may be seeing him as early as next week How so?
If it does come of, please say hi from me. Tony ---------- Original Message ---------------------------------- From: "Rick Kingslan" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Tue, 19 Aug 2003 13:23:16 -0500 Next time I see Andreas, I'll ask him. Usually, they don't get too active in the lists - hence the occasional appearance by Stuart to take care of a particular issue or rumor that might only be known to those at the 'Northern Retreat'. I may be seeing him as early as next week - so that's not an idle promise..... Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Tuesday, August 19, 2003 12:26 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] I would like to vote for Roger Abell I vote we also get Chris Wolf, his latest book on Troubleshooting Microsoft Technologies is pretty rad! I wouldn't mind seeing some other softies active on the list, Stuart is cool and all, but Andreas Luther, and some of the other folks ideas would be a real eye opener. One thing I am starting to work on is identifying Architecture Principles for AD designs. I am probably going to base my principles loosely with Frank Lloyd Wrights organic architecture principles. The reason why is because AD design should blend in with the type of organization that it is being used for and not change the organization to fit its constructs and limitations. This means that third-party products or automation tools will be necessary and that AD is just the foundation of AD. It would be presumptuous of me to think I could do this only from my own experience, if any of you are interested in participating, please let me know. Thanks, Toddler -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 9:42 PM To: [EMAIL PROTECTED] Subject: I would like to vote for Roger Abell Now that we have Joe, Todd, Dean Rick and other superstars, I have been (privately) wondering for a long time what is keeping one other very fine gentleman away from this list. I am sure many of you have heard of Roger Abell. Pardon the euphemism, but it is my considered opinion that this list will not be worse off if we can get him to grace us with his membership. Unless there is a policy that says we only let them wander in on their own volition, I propose that we draft him :) Sincerely, D�j� Ak�m�l�f�, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon _____ From: [EMAIL PROTECTED] on behalf of Graham Turner Sent: Mon 8/18/2003 8:24 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] authoritative GPO restore Rick, please excuse the whinge borne out of a bit of frustration i am afraid !! am needing to write procedural documents for what i would regard as a fairly simple task (and given issues we have with allowed run list policy values not unlikely either !!) ie restore of a inadvertantly (or otherwise !) deleted or corrupt GPO not unreasonable to have had functionality equiv to GPMC in win2k ?? duly noted on GPMC - will recommend to deploy as soon as possible without GPMC, it seems there are all sorts of interdependencies on AD objects / SYSVOL file system objects which need to be got right when restoring GPO was looking to seek the views of others on the procedure for this restore say of a single GPO ?? as per my original mail; 1. DS restore mode 2. restore of what sysvol file system directories / system state to original 3. restore (what ?) to alternate location 3. ntdsutil - run authoritative restore (seems only to apply to AD objects) 4. copy certain file system directories (polices / scripts ??) to original location Thanks for your help throughout GT GT ----- Original Message ----- From: "Rick Kingslan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 18, 2003 2:34 PM Subject: RE: [ActiveDir] authoritative GPO restore > Graham, > > Though I don't totally disagree, I'm not sure what part of the picture is > missing to cause you to make a statement such as: > > "Microsoft seem incapable of delivering finished products !" > > The GPMC *does* make it much easier - and I have been a big champion on this > product, and is by far the preferred method. But, before GPMC (6 years > before, in fact) we have survived quite well with Auth Restore, Systems > State resore, and Data backup restores. > > What part of the picture am I missing that would indicate Microsoft missed > the boat on restoring GPOs in your case? > > Rick Kingslan MCSE, MCSA, MCT > Microsoft MVP - Active Directory > Associate Expert > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner > Sent: Monday, August 18, 2003 3:05 AM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] authoritative GPO restore > > Darren, thanks for the very informative post reply. > > you seem only to confirm my views of what should be a relatively simple task > is not so - although happy to see this complexity reduced with GPMC does not > nothing to dispel my opinion that Microsoft seem incapable of delivering > finished products ! > > Thanks again > > GT > ----- Original Message ----- > From: "Darren Mar-Elia" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, August 17, 2003 9:30 PM > Subject: RE: [ActiveDir] authoritative GPO restore > > > Graham- > You're absolutely rigth about the dependencies between the AD and SYSVOL > portions of a GPO. As you probably have noticed, the AD portion is stored in > the Domain NC under SYSTEM\POLICIES\<GUID OF GPO> and the SYSVOL part is in > SYSVOL\POLICIES\<GUID OF GPO>. The AD portion, formerly called the Group > Policy Container (GPC) (until MS released the GPMC and decided they didn't > like any of the old names for stuff (!)), contains attributes that reference > the SYSVOL path, the version of the GPO and some other stuff. If for > example, you have used software installation policy to deploy applications > via GPO, then the GPC contains a set of AD object known as the Class Store, > which contains packageRegistration objects for each app deployed. These > objects reference application advertisement scripts (.aas) file stored in > the SYSVOL portion of the GPO (aka the Group Policy Container or GPT). > > In terms of disaster recovery of an individual GPO, you're correct that > authoritative restore isn't very flexible. Your steps below seem reasonable > although I haven't used that mechanism to restore a single GPO before. > Frankly, I think you're better off using Microsoft's free GPMC tool to do > backup/restore of individual GPOs. Its easy to use, scriptable and restores > individual GPOs with their original GUID intact. > This is a lot more flexible than authoritative restore or any other > mechanism that has to try and extract portions of a single GPO from backups > of system state. > > Darren > > > > -----Original Message----- > From: Graham Turner [mailto:[EMAIL PROTECTED] > Sent: Sunday, August 17, 2003 11:42 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] authoritative GPO restore > > > was hoping to get a bit more detail on the procedure of restore of a GPO and > specifically the inter-dependencies of the sysvol folder data and AD data > > it would seem say in the scenario of an inadevertantly modified / deleted > GPO (and which has been replicated throughout the domain) that it is not > simply a matter of restore of the sysvol data, and that indeed it is > required to go through a sequence along the lines of; > > boot into DS restore mode; > restore system state to its original location restore system state to > alternative location > > authoritatively restore the entire database (didn't understand this - i > would have thought at most the object with the GUID of the GPO using restore > subtree ?) > > restart the DC in normal mode and wait for the sysvol to mount > > then a copy of what looks to be like the folder of sysvol / policies with > the GUID of the GPO from the alternative location > > have derived the above from the various papers on disaster recovery et al. > > hoping people can put any of the above right, especially with notes on the > various interdependencies of the directory objects / file system contents > relating to GPO > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
