That would make a great slogan right now in the US, wouldn't it? "Buy our product and there'll be a rubber chicken in every data center." or something like that.
Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Wednesday, October 27, 2004 7:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] What attribute determines the Schema Master Role? A rubber chicken with long, nasty iron spikes sticking out of it! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Wednesday, October 27, 2004 12:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] What attribute determines the Schema Master Role? You forgot, comes with rubber chicken to beat Admins who change FSMO roles without telling AD Admin... Hehe Todd -----Original Message----- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 27, 2004 2:27 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] What attribute determines the Schema Master Role? <product plug> NetPro's ChangeAuditor for AD monitors all changes to AD configuration and produces a real-time change log detailing what the change was, the old and new value, who made the change, and when and where the change was made. You can define the types of changes that you should be alerted about. Changes to FSMO role owners are one of the 100s of types of changes CAAD keeps track of. You can find out more at http://www.netpro.com/products/changeauditor </product plug> -gil Gil Kirkpatrick CTO, NetPro -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicolas Blank Sent: Wednesday, October 27, 2004 7:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] What attribute determines the Schema Master Role? Further roles can be found on the fSMORoleOwner attribute on the following partitions: Primary Domain Controller (PDC) FSMO: LDAP://DC=MICROSOFT,DC=COM RID Master FSMO: LDAP://CN=Rid Manager$,CN=System,DC=Domain,DC=COM Schema Master FSMO: LDAP://CN=Schema,CN=Configuration,DC= Domain,DC=Com Infrastructure Master FSMO: LDAP://CN=Infrastructure,DC= Domain,DC=Com Domain Naming Master FSMO: LDAP://CN=Partitions,CN=Configuration,DC= Domain,DC=Com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: 27 October 2004 01:58 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] What attribute determines the Schema Master Role? Look for the fSMORoleOwner attribute (DN format) on the object in question, e.g. CN=Schema,CN=Configuration,DC=myco,DC=com fSMORoleOwner: CN=NTDS Settings,CN=Server1,CN=Servers,CN=Site1,CN=Sites,CN=Configuration,DC=myco,DC =com; I don't know of an LDAP monitor as such, but you can set logging in such a way that it shows all searches. Have a look at Robbie Allen's AD Cookbook. Also, this presentation provides some good info. http://www.rallenhome.com/conferences/RAllen_LDAP_Searching.ppt Tony ---------- Original Message ---------------------------------- From: "Sanz de Leon, Juan Carlos" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Wed, 27 Oct 2004 13:43:17 +0200 Dear gurus, We recently had a problem where the Schema Master ROLE was not recognized in the forest. Whenever we queried the DCs in our forest to indicate the Schema Master, the answer gave an error. To solve the issue we had to Seize the Schema Master role using ntdsutil. Now the question. What attribute in AD is the one that establishes who has the different roles of the forest or domain ? I know it is in the configuration partition, probably under NTDS settings... What I don�t know is the attribute in AD that decides who has which role. Anyone know of an LDAP monitor ? similar to regmon from sysinternals. Thanks in advance, Juan Carlos Sanz de Le�n List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ________________________________________________________________ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
