The GC per DC question came up in one of the sessions I
attended (with the Whidby team) and it strikes me that there is a common
misconception even within Redmond that "All GC's are Created Equally" - which I
think we've seen is NOT the case. Not sure they got the point, however. They
were more than willing to blame Exchange for that problem, While its technically
an Exchange issue, the hooks just aren't currently there to get the *right* GC
every time.
Roger
--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
From: joe [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 10, 2004 10:24 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] using dsacls.exeNope, honest to Bill, I didn't mention UGF/DLG to one single MS employee. The only times it was brought up was with other MVPs and usually because they were mentioning our chats on here about it. We have a lot of lurkers on here (Hi lurkers! Shout out to one special lurker who I like to irk... You know who you are... It was great meeting you.). Something that was said made me think pushing it probably wouldn't do a lot of good down the road due to other changes that are being worked out.One thing I asked for from all of the Dev guys I talked to from Stuart on down was domain based global catalog DNS entries. I.E. I want to easily find the GCs that exist in a specific domain of the forest with site affinity. I.E. All of the GCs of domain2 in site X (or the closest to it). Not necessarily all of the DCs of forest. Why you ask? Why that is a very good question... Because Exchange needs it... Well that is my one answer for MS to really do it. Exchange does need it but also because I need it and lots of folks out there doing apps out there need it. Not all GCs are created equal. They give out different pieces of info if asked correctly (or sometimes incorrectly) depending on what domain they are in. Obviously that isn't correct functionality based on what a GC is supposed to be but too late to change that now.joe-------------http://www.joeware.net (download joeware)http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Saturday, April 10, 2004 5:11 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] using dsacls.exewould have been nice for me as well to be around with you longer - it was definitely good to put some faces to some of the other names. But you guys must have already been on the bus while I was still chatting with some MS folks. And I'm sure you kept on beating on UGs even if it wasn't the topic ;-)I have also continued on some other ideas for the DR stuff - need to do some testing to see if it works. Let's compare our results sometime soon./Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Samstag, 10. April 2004 09:00
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] using dsacls.exeActually I think he replied to this one in the bar of the Renaissance as him, myself, and Dean were chatting about it while drinking and Ulf was working on his pda/phone.BTW Guido, you slipped out like a phantom man. Sorry you had other responsibilities to deal with. Would have been nice to have had you around longer and especially when sitting with the Dev guys. We had a lot of fun.Also BTW, the Dev guys said that Universal groups were all a huge mistake and no one should be using them... Do Exchange in a separate single domain forest.... j/k.... But I think they would have said that had we discussed it. I had something else on my mind when we chatted with them that was more important to me than Universal Groups and Domain Local Groups.Another also BTW, Dean and I talked out an interesting idea, you may like it when we have the result ready. An idea to hopefully kill the entire lag site paradigm by making it unnecessary. Never was a fan of that idea but I do like the idea of DR sites for grabbing backups off of as I have discussed previously.joe-------------http://www.joeware.net (download joeware)http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Friday, April 09, 2004 1:29 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] using dsacls.exeHey Ulf - I see you got home from the summit safely ;-)In your AD newsgroup post which your referenced below you answered the following question>> Is there a comprehensive reference that identifies each permission required
>> to perform a task ? Giving a user the "AddUser" permission is not enough.
>> They also have to have the rights to add objects and child objects, etc
>> etc...
with
> Not that I'm aware off - the rights I don't know I set with the delegation> wizard and run dsacls or look into the security tab.Just want to make sure that everyone is aware of the excellent Delegation Whitepaper, that's been available for a couple of months now:And don't forget to download the Appendix for this whitepaper, which contains all the nitty gritty details on what's required to perform which task./Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner
Sent: Donnerstag, 8. April 2004 17:10
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] using dsacls.exeHello Bart,see the following post:Ulf B. Simon-Weidner
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Vermeire Bart
Sent: Dienstag, 6. April 2004 06:43
To: [EMAIL PROTECTED]
Subject: [ActiveDir] using dsacls.exeHi,I am struggling with the dsacls.exe tool and hope that someone in this list can answer me.I need to set permissions on an OU from a CMD line batch file and I am using dsacls.exe for that.However, setting the "Reset Password" extended right is one task I cannot accomplish.Can you please help me out here.regards,Bart VermeireVolvo IT
