RE: [ActiveDir] DFS use question

[E Brown]

If you decide to use dfs\frs do the following as tuning guide...

1. Create as many separate trees as opposed to one large one.
2. Use latest frs hotfix
3. Have each partner have only one upstream  downstream partner
4. Do a backup so that recovery is easier.
5. Connect server to switch and use full-duplex
6. Change the change order maximum from 8 to 100 changes- will cause
additional load on the upstream partner
7. Take a look at Q329491
8. Take a look at the recovery scripts that make recovery faster. Restore
from backup even old is better than replicating in all data.
9. Remove large files that don't change much and replicate them via robocopy
if they are static.
10. Refer to the 2003 BODG for newest functionality.
11. Use proper monitoring tools and stability will be excellent.
12. Don't virus scan ntfrs.jdb file.

Let me know how this goes.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, April 13, 2004 6:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS use question

I concur... especially considering the restore time in the event that
replication screws up and critical information is pushed off to a
Staging area, inaccessible to the user.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, April 12, 2004 11:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS use question

With all due respect to those that absolutely think that FRS v1 is hot,
I'm
quite pleased that there has been this level of success with it.

However, even Microsoft admits that FRS iswell, broken.  It gets
better
with each QFE, Service Pack and HotFix, but the basics are just flat
broken.

I'm not sure that I'd recommend it for anything remotely critical. But,
to
each his own.

Rick Kingslan  MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of E Brown
Sent: Monday, April 12, 2004 2:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS use question

This is not out of the realm of FRS.
I work with some folks that sync 240+GB between 12 servers using T-1 as
well..
There are some tuning factors that should be followed:

What is DFS topology?
Make sure you using dfs  frs tuning docs.
Setup Ultrasound to monitor...
Let me know if you need more details.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Sunday, April 11, 2004 7:06 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] DFS use question


We have one of our largest sites in England and another large site in
the
US, with at least a full T-1 between the two sites.  We have a share
with
about 70GB of data in it, that both sites regularly need to access.
Would
this be something we could use DFS for with automatic replication, or is
this way out of DFS's range?  And if it's out of the range of DFS, how
are
others solving this issue?  A program like Veritas Storage Replicator,
or
NSI DoubleTake?  Or will DFS suffice?

~~
This e-mail is confidential, may contain proprietary information of the
Cooper Cameron Corporation and its operating Divisions and may be
confidential or privileged.

This e-mail should be read, copied, disseminated and/or used only by the
addressee. If you have received this message in error please delete it,
together with any attachments, from your system.
~~
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] How to remove ADC from domain

[simon.geary]

You need to perform a metadata cleanup to remove a failed DC from Active Directory
http://support.microsoft.com/?id=216498

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Mike Celone 
Sent: Wed 14/04/2004 00:44 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [ActiveDir] How to remove ADC from domain


In my test lab I was doing a test migration from Exchange 5.5 to Exchange 2k.  
I had a machine setup with the ADC to move the 5.5 information into the directory.  I 
came in the morning and the HD was dead on my ADC machine.
Now the machine is dead but the computer account is still in the domain.
The server also still shows up under Sites and Services.  If I remove the 
computer account from the domain will that also remove is under Sites and Services?  
Is there anything else I need to do before I remove that machine accout?
 
Mike


winmail.dat

RE: [ActiveDir] Wlan AD Security

[Rutherford, Robert]

I haven't read the MS doc on securing 802.11 networks, but using a VPN
is the your safest bet.. May also be worth using 2-factor authentication
in this scenario.

What system would authenticate you? W2k, firewall, etc?

-Original Message-
From: Chris Blair [mailto:[EMAIL PROTECTED] 
Sent: 12 April 2004 14:47
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Wlan  AD Security


This maybe slightly Off Topic, Sorry. I am looking to deploy wireless
access points for our users to access our AD. I am currently reading the
white paper from Microsoft named Enterprise Deployment of Secure 802.11
Networks Using Microsoft Windows. Has anyone else implemented this? I
have also read about putting the AP's outside of the network and using
VPN to access any AD related resources. Sounds easier, but is it as
secure? Does anyone else have any other solutions?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Using Security Configuration Template instead of Ksetup...

[Lara Adianto]

Hello,

In 'Step-by-step Guide to Kerberos 5 Interoperability'
document, it is stated as follows:
To deploy realm configuration data to multiple
computers, use the security configuration template
mechanism instead of using Ksetup explicitly on
individual computers  

Is there any good document / howto about how to use
security configuration template to achieve the same
results as ksetup ?

I've been reading some of microsoft knowledge articles
such as: How to add custom registry settings to
security configuration editor, how to create custom
administrative templates in windows 2000, etc..but I
haven't got a clear picture of how it can be done
using security configuration template.

This is the part that I don't understand:
Once the Sceregvl.inf file has been modified and
registered, your custom registry values are exposed in
the SCM UI's on that machine. You can then create
security templates or policies that define your new
registry values. These templates or policies can then
be applied to any machine regardless of whether
Sceregvl.inf has been modified on the target machine
or not. (taken from Microsoft's article: How to add
custom registry settings to security configuration
editor). Is SCM the same as security configuration
tool and analysis ?
 
Well...from reading the article, my guess is that I
will need to update sceregvl.inf, register the changes
by doing 'regsvr32 scecli.dll', and also change the
group policy.

Anyway, I've tried to update sceregvl.inf but it
didn't work :-( The changes didn't seem to be
reflected in the registry editor as what usually
happen using ksetup.

-lara- 

=
 
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de 
Maupassant -





__
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
http://taxes.yahoo.com/filing.html
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] DFS use question

[Rimmerman, Russ]

I have another question, how do you prevent the situation where a user at
one site opens a document and a user at the remote site opens and starts
editing the same document?  What happens then?  How do you prevent that?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of E Brown
Sent: Wednesday, April 14, 2004 3:12 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS use question


If you decide to use dfs\frs do the following as tuning guide...

1. Create as many separate trees as opposed to one large one.
2. Use latest frs hotfix
3. Have each partner have only one upstream  downstream partner
4. Do a backup so that recovery is easier.
5. Connect server to switch and use full-duplex
6. Change the change order maximum from 8 to 100 changes- will cause
additional load on the upstream partner
7. Take a look at Q329491
8. Take a look at the recovery scripts that make recovery faster. Restore
from backup even old is better than replicating in all data.
9. Remove large files that don't change much and replicate them via robocopy
if they are static.
10. Refer to the 2003 BODG for newest functionality.
11. Use proper monitoring tools and stability will be excellent.
12. Don't virus scan ntfrs.jdb file.

Let me know how this goes.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, April 13, 2004 6:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS use question

I concur... especially considering the restore time in the event that
replication screws up and critical information is pushed off to a
Staging area, inaccessible to the user.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, April 12, 2004 11:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS use question

With all due respect to those that absolutely think that FRS v1 is hot,
I'm
quite pleased that there has been this level of success with it.

However, even Microsoft admits that FRS iswell, broken.  It gets
better
with each QFE, Service Pack and HotFix, but the basics are just flat
broken.

I'm not sure that I'd recommend it for anything remotely critical. But,
to
each his own.

Rick Kingslan  MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of E Brown
Sent: Monday, April 12, 2004 2:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS use question

This is not out of the realm of FRS.
I work with some folks that sync 240+GB between 12 servers using T-1 as
well..
There are some tuning factors that should be followed:

What is DFS topology?
Make sure you using dfs  frs tuning docs.
Setup Ultrasound to monitor...
Let me know if you need more details.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Sunday, April 11, 2004 7:06 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] DFS use question


We have one of our largest sites in England and another large site in
the
US, with at least a full T-1 between the two sites.  We have a share
with
about 70GB of data in it, that both sites regularly need to access.
Would
this be something we could use DFS for with automatic replication, or is
this way out of DFS's range?  And if it's out of the range of DFS, how
are
others solving this issue?  A program like Veritas Storage Replicator,
or
NSI DoubleTake?  Or will DFS suffice?

~~
This e-mail is confidential, may contain proprietary information of the
Cooper Cameron Corporation and its operating Divisions and may be
confidential or privileged.

This e-mail should be read, copied, disseminated and/or used only by the
addressee. If you have received this message in error please delete it,
together with any attachments, from your system.
~~
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: 

Re: [ActiveDir] GPO

[SysPro Support]

Justin,

I would agree... it should all work. One way of debugging this is to look at
the article here. http://www.jsiinc.com/SUBH/tip3700/rh3799.htm

It explains how to enable logging and creates a log that shows everything
that is happening as the policies are applied in the machine. It's a bit
messy, but worth going through in detail and you may well find out exactly
what is happening.

I am actually in the process of trying to write a program to make sense of
the log, so if you like, you can send me the Userenv.log file and I will see
what I can do with it.

Alan Cuthbertson

Policy Management Software:- http://www.sysprosoft.com/pol_summary.shtml
ADM Template Editor:-  http://www.sysprosoft.com/adm_summary.shtml


- Original Message - 
From: Matja Ladava [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 8:17 AM
Subject: RE: [ActiveDir] GPO


 No. GPO's are registry based (At least admin templates), so they should
work on XP box without the need of Windows Server 2003. It is enough if you
set them up from XP box or import them in 2000 DC (adm templates). What
policies are we talking about ? Run gpresult /v to get verbose information
about your policies being aplied on your workstations.

 Regrds

 Matjaz Ladava
 MVP Windows Server - Directory Services

 -Original Message-
 From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
 Sent: Tuesday, April 13, 2004 11:11 PM
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] GPO

 I used a Windows XP client running the GPMC and setup items in a GPO that
are for Windows XP and higher, however it appears that they are not going
into effect.  I should not need a 2003 DC running in order to have these GPO
settings take effect right?

 Justin A. Salandra, MCSE
 Senior Network Engineer
 Catholic Healthcare System
 212.752.7300 - office
 917.455.0110 - cell
 [EMAIL PROTECTED]


 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


 .  .jjry v

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] GPO

[Salandra, Justin A.]

I can't remember at this point what I was e-mailing about, I think that I reliazed 
what happened, I was logging in as a user that did not have the policy inheritied.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matja Ladava
Sent: Tuesday, April 13, 2004 6:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] GPO


No. GPO's are registry based (At least admin templates), so they should work on XP box 
without the need of Windows Server 2003. It is enough if you set them up from XP box 
or import them in 2000 DC (adm templates). What policies are we talking about ? Run 
gpresult /v to get verbose information about your policies being aplied on your 
workstations.

Regrds

Matjaz Ladava
MVP Windows Server - Directory Services

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Tuesday, April 13, 2004 11:11 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] GPO

I used a Windows XP client running the GPMC and setup items in a GPO that are for 
Windows XP and higher, however it appears that they are not going into effect.  I 
should not need a 2003 DC running in order to have these GPO settings take effect 
right? 

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


..jjryv
b!0ibbfXf.+-!0ibbXZbm
j)Zb(+v*f-+

RE: [ActiveDir] Updating Schema to Windows 2003

[Salandra, Justin A.]

You are right, I have seen that article and I have not seen any articles
that say that that can happen when Exchange 2003 is deployed already.
It appears that this problem only affects AD when Exchange 2000 is
deployed.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, April 13, 2004 10:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

Yes, you should be able to adprep the forest with no problems if all DCs
are
running at least Windows 2000 SP3. Exchange 2003 isn't required. 

There is one KB that I think was mentioned that you need to keep an eye
out
which involves mangling a couple of class names. If it happens, it is an
easy fix. I can't recall the details though as I did this a long while
back
(last year) on a forest with W2K DCs and E2K/E5.5. 


-
http://www.joeware.net   (download joeware)
http://www.cafeshops.com/joewarenet  (wear joeware)
 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, April 13, 2004 11:03 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

So in summary, I should be able to adprep the forest with no problems if
all
DC's are running at least Windows 2000 SP3 and Exchange 2003?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Wednesday, April 07, 2004 10:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

I have experienced this.  But I only experienced it on one DL that was a
global group, I changed it to a universal group.  All my DLs are
Universal
groups now and I don't have replication issues.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, April 07, 2004 9:39 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

Have you run into issues with Exchange pointing to GC servers in your
subdomains and not being able to resolve recipients in Distribution list
unless the DL are Universal DL?   

We have:

Root Forest Windows 2000 with Exchange 2000 and most user accounts,
Groups,
DLs, etc Subdomain Windows 2003 with Exchange 2003 - mostly for
development
/ testing, few accounts

Exchange at times used the DC in the Subdomain for GC lookups.  Our DLs
were
not Universal so when Exchange would attempt to resolve the recipients
of
the DL using the subdomain GC it would not find any members.at that
point messages would die in the Categorizer queue.
MS solution was to convert all mail enabled groups to Universal or
remove
the subdomain DC from the Exchange Directory Servers list.
Universal groups will publish all their members in the GCs, but this
philosophy seems to contradict everything I read early on about trying
to
avoid the use of Universal Groups because of the increase in replication
between GCs.



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Wednesday, April 07, 2004 9:15 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

One thing I did not mention is that I have Exchange 2003 deployed in my
forest.  What precautions need to be taken for this.  I read the q
article
325379 but that talks about exchange 2000.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, April 07, 2004 8:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

Nope, I have one running just as you described. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Wednesday, April 07, 2004 8:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

If the forest prep is done, are there any problems if a child domain is
built as a windows 2003 domain while the rest of the forest is still in
windows 2000?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff
Sent: Tuesday, April 06, 2004 4:02 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

Forest Prep will prepare your forests for the Windows 2003 upgrade.  IT
will
also expand your schema at that time.

S


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, April 06, 2004 12:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

I really just want to prepare the forest for windows 2003, I don't need
the
domains ready yet.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent
Sent: Tuesday, April 06, 2004 2:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

Also, if you stick in the 

RE: [ActiveDir] Wlan AD Security

[Mulnick, Al]

I saw that this morning.  I'm incredulous that it made it out the door with
hard coded passwords in this day and age (although I shouldn't be, I
suppose. ;)

Let's keep it in perspective though.  No matter what you install, it will
eventually get compromised if that's the desire of the attacker.  The
question is never when or if, it's what will be compromised if that
happens and can I live with that?  

I can mention all kinds of companies that have physical access ability (such
as 10/100 ethernet in their lobbies!) in unprotected areas of their company.


Focusing directly on the wireless will allow you to forget about the other
access points and methods.  Focusing instead on what data is important to
your company would likely result in a better security stance and more likely
enforceable policy.  

Don't be fooled by the technology and lulled into a false sense of security
just because you require ssl for the connection :)

VPN, Two-factor auth, layer-7 filtering, etc are all components of a
strategy you should explore for secure wireless access.  

One more thing and I'll be quiet(er).  You should also realize by now that
security is not an absolute.  It's a method of quantifying and protecting
your assets with reasonable and rational efforts and managing the risks
associated.  That implies a lot.

Al

-Original Message-
From: Guy Teverovsky [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 13, 2004 4:39 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Wlan  AD Security

I would say that the link below gives a pretty good reason for not plugging
APs into internal LAN:
http://www.cisco.com/en/US/products/products_security_advisory09186a00802119
c8.shtml

Guy

On Tue, 2004-04-13 at 18:12, Mulnick, Al wrote:
 That's a pretty valid argument to put any access to your network into 
 an untrusted network segment, isn't it?  Remote access, wired access 
 (what about vendors that jack-in?)etc.
 
 There's some talk about using the reskit stuff to quarantine the 
 network access.  Some of the AP providers offer this type of usage as 
 well.  One of the better ways to accomplish authorized access only is 
 to use strong authentication.  WEP isn't it.  Cracking WEP is published
and pretty quick.
 MAC layer isn't all that great either since you can spoof the MAC 
 address to gain access. Certificates are nice, except that some of 
 your downlevel and handheld devices won't like it.
 
 
 I'd say this is a pretty valid argument to rethink security (for many
 companies) from a keep out the bad guys and we'll be fine mentaility 
 to a let's figure out what we need to protect on our network and add 
 security to those parts to protect from outside the firewall as well 
 as the inside of the firewall mentality.  When you can sip coffee or 
 favorite hot beverage of choice downstairs and wander a company's 
 network two floors above or across the street, the possibilities are
limitless.
 
 I favor the certificate method and VPN for wireless access, but that 
 only addresses part of the issue IMHO.
 
 Al
 
 
 
  
 
 -Original Message-
 From: Rick Kingslan [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, April 13, 2004 12:13 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] Wlan  AD Security
 
 Chris,
 
 We sometimes become off-topic city.  No worries there
 
 This is an interesting topic, and one that I will fall clearly on one 
 side of it because of my experiences at my company.
 
  Treat your access points like untrusted computers in the 
 public DMZ. 
 
 There is really no way that one should treat an access point in any 
 other way.  Given that the signals coming into an AP cannot truly be 
 verified, then one must add extra methods to insure security.  The way 
 that I prefer to see this accomplished is by placing the AP's into an 
 untrusted are of the network, applying a 128-bit WEP key, then using 
 some added methods consistent with 802.1x.  This can either be PEAP 
 (using RADIUS / IAS), Cisco's LEAP, or other secure methods for providing
strong authentication.
 Obviously, stronger the better, and two-factor (RSA fob, smart card, 
 what have you) is magnitudes better than a single factor authN.
 
 I'm still fighting to get my APs at work in the DMZ.  They are, at 
 present, on our internal network.  They are PEAP protected, but 
 somehow I'm just not all that heartened by the simple addition of PEAP to
untrusted devices.
 
 Rick Kingslan  MCSE, MCSA, MCT, CISSP
 Microsoft MVP:
 Windows Server / Directory Services
 Windows Server / Rights Management
 Associate Expert
 Expert Zone - www.microsoft.com/windowsxp/expertzone
 WebLog - www.msmvps.com/willhack4food
  
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Chris Blair
 Sent: Monday, April 12, 2004 8:47 AM
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] Wlan  AD Security
 
 This maybe slightly Off Topic, Sorry. I am looking to deploy wireless 
 access points for our users to access our AD. 

RE: [ActiveDir] enterprise-wide accounts

[Celone, Mike]

Thanks for correcting me on 
this. I would much rather use restricted groups than have the script I run 
everytime the machine is booted up. 

Mike


From: joe [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 13, 2004 8:55 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] enterprise-wide 
accounts

Mike, the functionality recently changed, that was a 
subject of a conversation on this list. Many of us were quite happily surprised 
to learn of the change. 

-
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)





From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, 
GuidoSent: Tuesday, April 13, 2004 6:23 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] enterprise-wide 
accounts

 won't Restricted groups remove any groups that are in 
the administrators group 
 now except for the ones you 
specify?

not if you have Win2k 
SP4 or Win2k3 and use the "MemberOf" option of the restricted 
groups.

/Guido



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Mike 
CeloneSent: Mittwoch, 14. April 2004 00:07To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] enterprise-wide 
accounts

Alternatively you can do what we do here. We have a 
startup script that runs from a GPO that adds a group to the local 
administrators group everytime the machine is started up. The script looks 
like this

net localgroup administrators /add 
"domain\admins"

Just create a UG for all theadmins and add them to 
it, then when the servers are rebooted add this script will run and add the 
group to the machine's local administrator group. If you can't wait for 
the servers to be rebooted you can create a script that will read the servers in 
line by line and add this group to their local administrators 
group.

Don't get me wrong Guido's solution will work also but 
won't Restricted groups remove any groups that are in the administrators group 
now except for the ones you specify?

Mike


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, 
GuidoSent: Tuesday, April 13, 2004 5:47 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] enterprise-wide 
accounts

domain admins is a global group and as such you can't add 
users from other domains to it. While other global groups can be converted to 
universal groups, you can't do so for the domain admins 
group.

a solution to your problem is to use the restricted groups 
GPO feature (which will not work for your legacy machines in the AD domain) to 
add a universal group to the administrators group of all Server-OUs. I wouldn't 
want to set this GPO at the domain level, as then you're putting your AD domains 
at risk as well, if you do something wrong... The UG to use can either be 
the Enterprise Admins group or any other UG you assign for the 
task.

/Guido


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis 
M.Sent: Dienstag, 13. April 2004 22:16To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] enterprise-wide 
accounts

What about adding them to each domain admins group for each 
domain?


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Creamer, 
MarkSent: Tuesday, April 13, 2004 4:05 PMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] enterprise-wide 
accounts


We'd 
like to eventually trim down the number of domains and get to an OU-based 
administrative model. But in the mean time, we have identified a couple of 
people that we want to have domain admin rights in all domains. I know that 
making them an enterprise admin allows them domain admin rights on the DCs in 
each domain because of membership in the BUILTIN\Administrators group in each 
domain. But that doesn't allow logon to all the member servers. How do I best 
grant "domain admin-level" rights across all domains in the forest with a single 
logon for each of these persons? Looking for a best practice.

Thanks!

Mark 
Creamer
Systems 
Engineer
Cintas 
Corporation
Honesty and 
Integrity in Everything We Do

RE: [ActiveDir] How to remove ADC from domain

[Mulnick, Al]

Just out of curiousity, why do you need to remove the 
computer account? Wouldn't it just be easier to bring up a new ADC machine 
and have it take over with a new computer name? 

Deleting the computer account is fine, but is it necessary 
in your test lab?

Al


From: joe [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 13, 2004 8:52 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] How to remove 
ADC from domain

You will need to delete the computer object with ADUC 
(DSA.MSC) and the server object in sites and services with DSSITE.MSC, removing 
one will not impact the other. Alternatively you can use adsiedit to remove both 
or use a script. 

-
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)





From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Mike 
CeloneSent: Tuesday, April 13, 2004 7:44 PMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] How to remove ADC 
from domain

In my test lab I was doing a test 
migration from Exchange 5.5 to Exchange 2k. I had a machine setup with the 
ADC to move the 5.5 information into the directory. I came in the morning 
and the HD was dead on my ADC machine.Now the machine is dead but the 
computer account is still in the domain.The server also still shows up under 
Sites and Services. If I remove the computer account from the domain will 
that also remove is under Sites and Services? Is there anything else I 
need to do before I remove that machine 
accout?Mike

RES: [ActiveDir] logon scripts

[Elton Gouvêa Pimentel]

Title: Mensagem



The first three steps are :
1 - You should install the Windows Scripting 
Host version 5.6 (It can be found at Microsoft downloads site)
2 - Install DSClient for Windows 9X (It can 
be found at Microsoft downloads site)
3 - As in Windows9X you are not going to 
have all the environment variables avaliable you will need the PUTINENV.EXE. I 
am not quite shure were I did find it, but searching on the web you will find 
it.

After all these steps you will have to bear 
in mind that Windows9X do not run VbScripts directly from logon scripts that 
have been set by policies. So instead offinding yourselfinto a dead 
end road, try to create a .cmd or .bat file that will call the .vbs file. This 
.cmd or .bat file should then check the operating system version and run the 
appropriated commands. It should look like this :

  
  if %os%x==Windows_NTx goto NT_2K_XP
  
  rem Windows9X
  :LOG9X_OKrem (loadenvironment 
  variables usernameand computername)z:\putinenv L /L 
  cscript z:\login.vbs %username% 
  %computername%exit:NT_2K_XPcscript 
  %logonserver%\netlogon\login.vbs %computername% %logonserver% 
  %homeshare%exit
  
  The login.vbs file should look like this 
  :
  
  On Error Resume Next
  
  Dim UserName, LoginServer, HomeDirUsername = 
  ""LoginServer = ""HomeDir = 
  ""LetraIMapeada=0Estacao9598=0
  
  Set WshNetdrv = 
  WScript.CreateObject("WScript.Network")Set WshShell = 
  WScript.CreateObject("WScript.Shell")Set fso = 
  CreateObject("Scripting.FileSystemObject")
  Cname = 
  Wscript.Arguments(0)
  Set WshSysEnv = 
  WshShell.Environment("SYSTEM")OprSys = WshSysEnv("OS")If 
  OprSys = "Windows_NT" Then 
  'Windows NT, 2000 e XP 
  Estacao9598=0  If Wscript.Arguments.Count = 3 Then  
  Cname = Wscript.Arguments(0) LoginServer = 
  Wscript.Arguments(1) HomeDir = 
  Wscript.Arguments(2) UserName = 
  UCASE(right(Homedir,8)) End IfElse msgbox 
  "Errors were found at your login process.",vbexclamation+vbokonly,"Warning 
  !!!LOGIN FAILURE!!!"  wscript.quit(0) End 
  IfElse' Windows 95or 
  98 Estacao9598=1 If Wscript.Arguments.Count = 2 Then 
   UserName = Wscript.Arguments(0) Cname = 
  ucase(Wscript.Arguments(1)) Set UserObj = 
  GetObject("WinNT://DOMAIN/"  UserName) HomeDir = 
  UserObj.HomeDirectory set FileSysObj = 
  CreateObject("Scripting.FileSystemObject") Set DriveObj = 
  FileSysObj.GetDrive("Z:") 
   LogonServerShare = 
  DriveObj.ShareName 
   LogonServer = 
  Mid(LogonServerShare,1,len(LogonServerShare)-9) LoginServer = 
  LogonServer Else msgbox "Errors were found at your 
  login process.",vbexclamation+vbokonly,"Warning !!!LOGIN 
  FAILURE!!!" wscript.quit(0) End 
  IfEnd If
  
  'msgbox "You are loginig from "  Cname  
  "with the user"  Username  "at FileServer "  
  LoginServer  ".Your home folder is"  
HomeDir
  
  'If you have more then one file server or 
  more than one site.
  
  Select case 
  LoginServerCase"\\Server1" FileServer = 
  "Server1"Case "\\Server2" FileServer = 
  "Server2"Case Else msgbox "Login script error - DC could 
  not be found" wscript.quit(0)End Select
  
  UsrGroups 
  Username
  Err.raiseIf Err.Number  0 then If 
  Err.number  450 then msgbox "The following error has occoured: 
  "  Err.Number  " "  Err.description 
  ,vbexclamation+vbokonly,"WARNING !!!LOGINFAILURE!!!" End 
  IfEnd If
  
  Sub UsrGroups(Username)
  
  If Estacao9598 = 
  0 thenMapGeral = FileServer  "\arquivos"MapGrupos = 
  FileServer  "\arquivos\grupos"MapUsers = FileServer  
  "\arquivos\users"MapMultiI = MapGrupos 
  Else'Wscript.echo "usergroups 95"MapGeral = 
  FileServerMapGrupos = FileServerMapUsers = 
  FileServerMapMultiI = FileServer  "\Grupos"End If
  
  Set AdsGroup = 
  GetObject("WinNT://GRUPOMAGNESITA/"  Username)
  If 
  LetraIMapeada=0 thenFor each GroupUser in 
  AdsGroup.GroupsMapDir = 
  Mid(GroupUser.Name,5,len(GroupUser.Name)-5)MapDir = "\\"  
  MapGrupos  "\"  
  Mid(GroupUser.Name,5,len(GroupUser.Name)-4)If 
  (fso.FolderExists(MapDir)) ThenMapDrive "I:", 
  MapDirExit ForEnd IfNextEnd If
  
  if Estacao9598=0 
  ThenMapDrive "G:", "\\"  MapGeralelseMapDrive 
  "G:", "\\"  FileServer  "\Teste"End If
  
  Wscript.echo "\\"  MapGeral  "\Soft" 
  MapDrive "F:", "\\"  MapGeral  "\Soft" 
  
  if HomeDir  "" then MapDrive "X:", 
  Ucase(HomeDir)End if
  
  'Verifyavaliable space in case of quotas 
  usage
  
   Set 
  espaco = fso.GetDrive(fso.GetDriveName("X:")) espaco = 
  espaco.AvailableSpace/1024If espaco  5000 Then msgbox 
  "You have only "  
  espaco  " KBof avaliable 
  space.", vbexclamation+vbokonly, "WARNING!!! DISCFULL"End 
  If End Sub
  
  Sub MapDrive 
  (driveletter, UNCString)Set WSHNetwork = 
  WScript.CreateObject("WScript.Network")On Error Resume 
  NextWSHNetwork.MapNetworkDrive driveletter, UncstringIf 
  err.number  0 then If err.number  -2147024811 
  then msgbox "Error "  err.number  
  "on mapping drive " 
   driveletter Else Wscript.echo "Mapping drive "  driveletter 
   ". "  UNCString End 
  ifElse 

RES: [ActiveDir] logon scripts

[Justin_Leney]

Return Receipt
   
Your  RES: [ActiveDir] logon scripts   
document   
:  
   
was   Justin Leney/US/DCI  
received   
by:
   
at:   04/14/2004 09:45:16 AM   
   




List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Firewall

[Jones, Rick J.(Desktop Engineering)]

Have you tried isolating this problem to the computer or user rights?
What I mean is have you had someone else log onto the suspect system to
see if this is a problem with the system or have the suspect user log
into a different computer known to work ok and see if the problem
follows the user?

If it follows the user, and doesn't follow someone else that logs into
the suspect system, you know its not a issue with the system and where
it resides in the domain, rather it is following the users profile and
subsequent rights governing the user account.

Rick J. Jones
Desktop Engineering Resource Group

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long
Sent: Tuesday, April 13, 2004 7:09 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Firewall

The attributes are actually greyed out, and not even editable. I have no
errors in the event log, all of the users that are having the problem
(which
i now now is not related to the firewall, due to the fact that I just
found
an instance proving otherwise...one more variable out of the way) have
the
same GPOs, there are using the same DNS, and the same version and patch
level of XP. I can't think of any other things to check. Any other
ideas?
Thanks



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Robbie Foust
Sent: Tuesday, April 13, 2004 9:46 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Firewall


I'm not using the XP firewall yet, but I'll consider it with SP2 since
it is much better.  The built in firewall isn't supposed to interfere
with communications with DC's, I think.  Are you getting any specific
error message when users try to edit their attributes?  Or do they just
not have permission to do so?  Check the event logs to see if there are
any errors.

Robbie Foust, IT Analyst
Systems and Core Services
Duke University




Douglas M. Long wrote:

 Do you all force your XP clients to have the built-in firewall
 enabled? Are there any cons (such as some GPs not working) to having
 it enabled? The reason I ask is I am having a problem finding the
 culprit which is causing some users the inability to edit their
 editable (phone number, homepage, address, etc) attributes. Thanks
 in advance

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Migration Dilemma

[Morris, Adam]

Hello,

We are in the process of planning our migration from NT 4 to Windows 2000 AD.  Last 
year we deployed a minimal AD site in order to roll-out Exchange 2000 for our users.  
User accounts and mailboxes were created in the new domain but no users were migrated. 
 Some initial testing with the ADMT indicates that it will not produce the desired 
results.
  
At this time I can see 2 possible plans of action and I'm looking for some better 
options.  (Like maybe another way to migrate the SID's to the new accounts in AD or a 
way to get ADMT to update the existing accounts instead of replacing them).

Plan 1:  Back up all the user mailboxes, wipe the AD accounts, use ADMT to move all 
the accounts/gropus, and then restore mailbox data.

Plan 2:  Spend the time to develop custom scripts that will add/create the appropriate 
groups and script as much of the migration as possible.

Currently we have close to 150 groups for around 400 users and multiple file servers 
so the thought of doing a manual migration process is pretty painful.  If anybody has 
any suggestions or thoughts I'd much appreciate the feedback.

Thank you!
Adam Morris
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Migration Dilemma

[Coleman, Hunter]

What are the desired results?

How were the user accounts and mailboxes created in the new domain
initially? Are the users authenticating against the mailboxes with their NT
4 accounts, or with the AD accounts? Is there an Exch 5.5 organization and
an ADC in the mix?

Hunter 

-Original Message-
From: Morris, Adam [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 14, 2004 9:41 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Migration Dilemma

Hello,

We are in the process of planning our migration from NT 4 to Windows 2000
AD.  Last year we deployed a minimal AD site in order to roll-out Exchange
2000 for our users.  User accounts and mailboxes were created in the new
domain but no users were migrated.  Some initial testing with the ADMT
indicates that it will not produce the desired results.
  
At this time I can see 2 possible plans of action and I'm looking for some
better options.  (Like maybe another way to migrate the SID's to the new
accounts in AD or a way to get ADMT to update the existing accounts instead
of replacing them).

Plan 1:  Back up all the user mailboxes, wipe the AD accounts, use ADMT to
move all the accounts/gropus, and then restore mailbox data.

Plan 2:  Spend the time to develop custom scripts that will add/create the
appropriate groups and script as much of the migration as possible.

Currently we have close to 150 groups for around 400 users and multiple file
servers so the thought of doing a manual migration process is pretty
painful.  If anybody has any suggestions or thoughts I'd much appreciate the
feedback.

Thank you!
Adam Morris
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Migration Dilemma

[Ellis, Debbie]

My company used Net IQ and had great results.  Cost was about 6.00 per user
for the whole suite. (Includes Exchange Migrator) We tried ADMT but had
problems with the local profiles migrating over to the new domain.  

-Original Message-
From: Morris, Adam [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 14, 2004 11:41 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Migration Dilemma


Hello,

We are in the process of planning our migration from NT 4 to Windows 2000
AD.  Last year we deployed a minimal AD site in order to roll-out Exchange
2000 for our users.  User accounts and mailboxes were created in the new
domain but no users were migrated.  Some initial testing with the ADMT
indicates that it will not produce the desired results.
  
At this time I can see 2 possible plans of action and I'm looking for some
better options.  (Like maybe another way to migrate the SID's to the new
accounts in AD or a way to get ADMT to update the existing accounts instead
of replacing them).

Plan 1:  Back up all the user mailboxes, wipe the AD accounts, use ADMT to
move all the accounts/gropus, and then restore mailbox data.

Plan 2:  Spend the time to develop custom scripts that will add/create the
appropriate groups and script as much of the migration as possible.

Currently we have close to 150 groups for around 400 users and multiple file
servers so the thought of doing a manual migration process is pretty
painful.  If anybody has any suggestions or thoughts I'd much appreciate the
feedback.

Thank you!
Adam Morris
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] SUS 2.0 Beta

[England, Christopher M]

Title: SUS 2.0 Beta






Greetings,


I guess SUS 2.0 Beta has been released: http://www.nwc.com/showitem.jhtml?articleID=18400592 Does anyone have a Guest ID to get in on the Beta? Or is there just a download somewhere?

Thanks all,

Chris




Christopher England

Systems Administrator

MCSA, Server+, Network+, A+

College Information Technology Office

Indiana University

RE: [ActiveDir] Migration Dilemma

[Rimmerman, Russ]

We use Quest Fastlane Migrator to migrate the users with their existing
SIDs.  We migrated a long time ago with ADMT, and Quest will 'merge' the
user with their existing account, and retain all the SID history.  Works
pretty well. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Morris, Adam
Sent: Wednesday, April 14, 2004 10:41 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Migration Dilemma

Hello,

We are in the process of planning our migration from NT 4 to Windows 2000
AD.  Last year we deployed a minimal AD site in order to roll-out Exchange
2000 for our users.  User accounts and mailboxes were created in the new
domain but no users were migrated.  Some initial testing with the ADMT
indicates that it will not produce the desired results.
  
At this time I can see 2 possible plans of action and I'm looking for some
better options.  (Like maybe another way to migrate the SID's to the new
accounts in AD or a way to get ADMT to update the existing accounts instead
of replacing them).

Plan 1:  Back up all the user mailboxes, wipe the AD accounts, use ADMT to
move all the accounts/gropus, and then restore mailbox data.

Plan 2:  Spend the time to develop custom scripts that will add/create the
appropriate groups and script as much of the migration as possible.

Currently we have close to 150 groups for around 400 users and multiple file
servers so the thought of doing a manual migration process is pretty
painful.  If anybody has any suggestions or thoughts I'd much appreciate the
feedback.

Thank you!
Adam Morris
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.

This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] SUS 2.0 Beta

[Robbie Foust]

Looks like you can sign up for the open evaluation version here:

http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx

But I haven't been able to locate the beta version yet.  Haven't found a 
Guest ID yet either.

- Robbie

Robbie Foust, IT Analyst
Systems and Core Services
Duke University


England, Christopher M wrote:

Greetings,

I guess SUS 2.0 Beta has been released: 
_http://www.nwc.com/showitem.jhtml?articleID=18400592_ Does anyone 
have a Guest ID to get in on the Beta? Or is there just a download 
somewhere?

Thanks all,
Chris

Christopher England
Systems Administrator
MCSA, Server+, Network+, A+
College Information Technology Office
Indiana University
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Roger Seielstad]

I believe its currently considered a closed beta, by invitation only.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Robbie Foust [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, April 14, 2004 12:24 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] SUS 2.0 Beta
 
 Looks like you can sign up for the open evaluation version here:
 
 http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
 
 But I haven't been able to locate the beta version yet.  
 Haven't found a 
 Guest ID yet either.
 
 - Robbie
 
 Robbie Foust, IT Analyst
 Systems and Core Services
 Duke University
 
 
 
 
 England, Christopher M wrote:
 
  Greetings,
 
  I guess SUS 2.0 Beta has been released: 
  _http://www.nwc.com/showitem.jhtml?articleID=18400592_ Does anyone 
  have a Guest ID to get in on the Beta? Or is there just a download 
  somewhere?
 
  Thanks all,
  Chris
 
  
  Christopher England
  Systems Administrator
  MCSA, Server+, Network+, A+
  College Information Technology Office
  Indiana University
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Philadelphia, Lynden - Revios Toronto]

How will we be notified when it is ready for public use


Lynden
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 14, 2004 12:57 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

I believe its currently considered a closed beta, by invitation only.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Robbie Foust [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, April 14, 2004 12:24 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] SUS 2.0 Beta
 
 Looks like you can sign up for the open evaluation version here:
 
 http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
 
 But I haven't been able to locate the beta version yet.  
 Haven't found a 
 Guest ID yet either.
 
 - Robbie
 
 Robbie Foust, IT Analyst
 Systems and Core Services
 Duke University
 
 
 
 
 England, Christopher M wrote:
 
  Greetings,
 
  I guess SUS 2.0 Beta has been released: 
  _http://www.nwc.com/showitem.jhtml?articleID=18400592_ Does anyone 
  have a Guest ID to get in on the Beta? Or is there just a download 
  somewhere?
 
  Thanks all,
  Chris
 
  
  Christopher England
  Systems Administrator
  MCSA, Server+, Network+, A+
  College Information Technology Office
  Indiana University
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
This message is intended for the use of the individual or entity to which it is 
addressed and may contain information that is privileged, confidential and exempt from 
disclosure under applicable law.  If the reader of this message in not the intended 
recipient or the employer or agent responsible for delivering the message to the 
recipient, you are hereby notified that dissemination, distribution or copying of this 
communication is strictly prohibited.  If you have received this communication in 
error, please notify us immediately by email or telephone, and delete this message and 
all of its attachments.

RE: [ActiveDir] Using Security Configuration Template instead of Ksetup...

[Arden Pineda]

Lara,

I am trying to refresh my memory since I had to perform the same steps while
rebuilding our test environment a while back.  Basically, we had to do it in
2 steps in the order listed below.  

1.  Create and import a custom ADM template that predefines the Kerberos
REALM key in the registry.  This insures that the REALM name is created in
UPPERCASE.  If you try doing this in SCEREGVL.INF file, the realm name is
created, but in lowercase.  Proceed to step 2 once the registry key has been
propagated. 

2.  Edit the SCEREGVL.INF file and add the specific entries for your
KERBEROS realm.  Once you reload the file, the settings will show up under
the Computer Configuration node within Windows Settings\Security
Settings\Local Policies\Security Options.

I have added the sample ADM file and entries for the Security Configuration
Editor file below.  

Also, if you haven't already, you may also want to look at the NSA Windows
2000 Security Configuration guides at: 

http://www.nsa.gov/snac/downloads_win2000.cfm?MenuID=scg10.3.1.1

I hope this helps.

Arden

***ADM FILE***
Class MACHINE
Category !!AdministrativeServices
Category !!Kerberos
Policy !!SetRealmFlags 
Keyname
System\CurrentControlSet\Control\Lsa\Kerberos\Domains\YOURREALM.COM
Explain !!SetRealmFlags_Help
Part !!RealmFlags Numeric Required
  Valuename RealmFlags
  Default 8
End Part
End Policy
End Category ;;Kerberos

End Category ;;AdministrativeServices
[strings]
AdministrativeServices=System
Kerberos=Kerberos RealmFlags
RealmFlags=RealmFlags value
SetRealmFlags=Set YOURREALM.COM Kerberos RealmFlags variable
SetRealmFlags_Help=Creates the realm name variable key for YOURREALM.COM
and allows referrals to work properly.\n\nThis key is created to allow the
security policy defining the KDC mappings for the realm to have the proper
realm name variable in the registry.\n\nThe value set here (RealmFlags)
allows proper referrals from the  MIT-based Kerberos realm. See
http://www.citi.umich.edu/u/kwc/krb5stuff/referral.html;
;End of Strings

**SCEREGVL.INF file

[Register Registry Values]

; Kerberos
;

==
; http://www.microsoft.com/windows2000/techinfo/reskit/en/regentry/95146.htm
; http://www.microsoft.com/windows2000/techinfo/reskit/en/regentry/95141.htm

MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Domains\YOURREALM.COM\
KpasswdNames,7,%Kpasswd%,4
MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Domains\YOURREALM.COM\
KdcNames,7,%Knames%,4
;

==

[Strings]

; === YOURREALM
=
Kpasswd = Kerberos: YOURREALM.COM realm Change Password Protocol Servers
(YOURREALM)
Knames = Kerberos: YOURREALM.COM realm KDC servers (YOURREALM)



 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Lara Adianto
 Sent: Wednesday, April 14, 2004 1:53 AM
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] Using Security Configuration Template 
 instead of Ksetup...
 
 Hello,
 
 In 'Step-by-step Guide to Kerberos 5 Interoperability'
 document, it is stated as follows:
 To deploy realm configuration data to multiple computers, 
 use the security configuration template mechanism instead of 
 using Ksetup explicitly on individual computers  
 
 Is there any good document / howto about how to use security 
 configuration template to achieve the same results as ksetup ?
 
 I've been reading some of microsoft knowledge articles such 
 as: How to add custom registry settings to security 
 configuration editor, how to create custom administrative 
 templates in windows 2000, etc..but I haven't got a clear 
 picture of how it can be done using security configuration template.
 
 This is the part that I don't understand:
 Once the Sceregvl.inf file has been modified and registered, 
 your custom registry values are exposed in the SCM UI's on 
 that machine. You can then create security templates or 
 policies that define your new registry values. These 
 templates or policies can then be applied to any machine 
 regardless of whether Sceregvl.inf has been modified on the 
 target machine or not. (taken from Microsoft's article: How 
 to add custom registry settings to security configuration 
 editor). Is SCM the same as security configuration tool and analysis ?
  
 Well...from reading the article, my guess is that I will need 
 to update sceregvl.inf, register the changes by doing 
 'regsvr32 scecli.dll', and also change the group policy.
 
 Anyway, I've tried to update sceregvl.inf but it didn't work 
 :-( The changes didn't seem to be reflected in the registry 
 editor as what usually happen using ksetup.
 
 -lara- 
 
 =
 --
 --
 La vie, 

RE: [ActiveDir] moving domain admins

[Mulnick, Al]

Heck of a cross post, isn't it? 

Moving the domain administrators group is not something that should cause
this type of issue.  

What else was done during those changes? 

-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 14, 2004 12:45 PM
To: Admin Issues (E-mail)
Cc: ActiveDir (E-mail)
Subject: [ActiveDir] moving domain admins

I know moving the default exchange groups out of the users folder can screw
things up as exchange expects to find them there, but will moving the domain
admins from the users folder into another ou(no gpo applied) screw things up
with exchange or any other services in ad?
I only ask because some admin in another domain moved this group and now
when i open exchange manager in their domain, i can't see the servers or any
admin groups. i'm running exchange manager as their administrator account
and thier domain admins have full exchange rights on their admin group.
other than that exchange is functioning normally.
thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Roger Seielstad]

Same way all other products are announced.

My information has it that you've got a few months still before it goes
public.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Philadelphia, Lynden - Revios Toronto 
 [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, April 14, 2004 1:10 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 How will we be notified when it is ready for public use
 
 
 Lynden
 -Original Message-
 From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, April 14, 2004 12:57 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 I believe its currently considered a closed beta, by invitation only.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Robbie Foust [mailto:[EMAIL PROTECTED] 
  Sent: Wednesday, April 14, 2004 12:24 PM
  To: [EMAIL PROTECTED]
  Subject: Re: [ActiveDir] SUS 2.0 Beta
  
  Looks like you can sign up for the open evaluation version here:
  
  http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
  
  But I haven't been able to locate the beta version yet.  
  Haven't found a 
  Guest ID yet either.
  
  - Robbie
  
  Robbie Foust, IT Analyst
  Systems and Core Services
  Duke University
  
  
  
  
  England, Christopher M wrote:
  
   Greetings,
  
   I guess SUS 2.0 Beta has been released: 
   _http://www.nwc.com/showitem.jhtml?articleID=18400592_ 
 Does anyone 
   have a Guest ID to get in on the Beta? Or is there just a 
 download 
   somewhere?
  
   Thanks all,
   Chris
  
   
   Christopher England
   Systems Administrator
   MCSA, Server+, Network+, A+
   College Information Technology Office
   Indiana University
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Salandra, Justin A.]

Does anyone know what the upgrade process is going to be from SUS to SUS
2.0?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 1:41 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

Same way all other products are announced.

My information has it that you've got a few months still before it goes
public.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Philadelphia, Lynden - Revios Toronto 
 [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, April 14, 2004 1:10 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 How will we be notified when it is ready for public use
 
 
 Lynden
 -Original Message-
 From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, April 14, 2004 12:57 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 I believe its currently considered a closed beta, by invitation only.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Robbie Foust [mailto:[EMAIL PROTECTED] 
  Sent: Wednesday, April 14, 2004 12:24 PM
  To: [EMAIL PROTECTED]
  Subject: Re: [ActiveDir] SUS 2.0 Beta
  
  Looks like you can sign up for the open evaluation version here:
  
  http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
  
  But I haven't been able to locate the beta version yet.  
  Haven't found a 
  Guest ID yet either.
  
  - Robbie
  
  Robbie Foust, IT Analyst
  Systems and Core Services
  Duke University
  
  
  
  
  England, Christopher M wrote:
  
   Greetings,
  
   I guess SUS 2.0 Beta has been released: 
   _http://www.nwc.com/showitem.jhtml?articleID=18400592_ 
 Does anyone 
   have a Guest ID to get in on the Beta? Or is there just a 
 download 
   somewhere?
  
   Thanks all,
   Chris
  
   
   Christopher England
   Systems Administrator
   MCSA, Server+, Network+, A+
   College Information Technology Office
   Indiana University
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] moving domain admins

[Kern, Tom]

another labyrinthine cross post(sorry)-

Also, i fire up adsi edit from their domain and i can only get to the organization in 
the config partition. when on go to the security tab, there are no entries.
how can they just lose permissions to certain parts of the config paritition? the only 
change made was the root domain of the forest installed exchange 2003, but i doubt 
that had anything to do with.
i'm very puzzled.




-Original Message-
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 1:16 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] moving domain admins


Heck of a cross post, isn't it? 

Moving the domain administrators group is not something that should cause
this type of issue.  

What else was done during those changes? 

-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 14, 2004 12:45 PM
To: Admin Issues (E-mail)
Cc: ActiveDir (E-mail)
Subject: [ActiveDir] moving domain admins

I know moving the default exchange groups out of the users folder can screw
things up as exchange expects to find them there, but will moving the domain
admins from the users folder into another ou(no gpo applied) screw things up
with exchange or any other services in ad?
I only ask because some admin in another domain moved this group and now
when i open exchange manager in their domain, i can't see the servers or any
admin groups. i'm running exchange manager as their administrator account
and thier domain admins have full exchange rights on their admin group.
other than that exchange is functioning normally.
thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Rod Trent]

Most likely from your friendly neighborhood MVP. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia,
Lynden - Revios Toronto
Sent: Wednesday, April 14, 2004 1:10 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] SUS 2.0 Beta

How will we be notified when it is ready for public use


Lynden
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 12:57 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

I believe its currently considered a closed beta, by invitation only.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Robbie Foust [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, April 14, 2004 12:24 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] SUS 2.0 Beta
 
 Looks like you can sign up for the open evaluation version here:
 
 http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
 
 But I haven't been able to locate the beta version yet.  
 Haven't found a
 Guest ID yet either.
 
 - Robbie
 
 Robbie Foust, IT Analyst
 Systems and Core Services
 Duke University
 
 
 
 
 England, Christopher M wrote:
 
  Greetings,
 
  I guess SUS 2.0 Beta has been released: 
  _http://www.nwc.com/showitem.jhtml?articleID=18400592_ Does anyone 
  have a Guest ID to get in on the Beta? Or is there just a download 
  somewhere?
 
  Thanks all,
  Chris
 
  
  Christopher England
  Systems Administrator
  MCSA, Server+, Network+, A+
  College Information Technology Office Indiana University
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Christopher Hummert]

Waitisn't the next version called WUS now or am I mistaken?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Wednesday, April 14, 2004 10:57 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

Does anyone know what the upgrade process is going to be from SUS to SUS
2.0?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 1:41 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

Same way all other products are announced.

My information has it that you've got a few months still before it goes
public.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Philadelphia, Lynden - Revios Toronto 
 [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, April 14, 2004 1:10 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 How will we be notified when it is ready for public use
 
 
 Lynden
 -Original Message-
 From: Roger Seielstad [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, April 14, 2004 12:57 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 I believe its currently considered a closed beta, by invitation only.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Robbie Foust [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 12:24 PM
  To: [EMAIL PROTECTED]
  Subject: Re: [ActiveDir] SUS 2.0 Beta
  
  Looks like you can sign up for the open evaluation version here:
  
  http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
  
  But I haven't been able to locate the beta version yet.  
  Haven't found a
  Guest ID yet either.
  
  - Robbie
  
  Robbie Foust, IT Analyst
  Systems and Core Services
  Duke University
  
  
  
  
  England, Christopher M wrote:
  
   Greetings,
  
   I guess SUS 2.0 Beta has been released: 
   _http://www.nwc.com/showitem.jhtml?articleID=18400592_
 Does anyone
   have a Guest ID to get in on the Beta? Or is there just a
 download
   somewhere?
  
   Thanks all,
   Chris
  
   
   Christopher England
   Systems Administrator
   MCSA, Server+, Network+, A+
   College Information Technology Office Indiana University
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] scripting admin

[Ken Cornetet]

I'll second this. I've only run into one thing where I couldn't get Perl
to work (deep, dark, ugly MAPI stuff...)

Other than that, it's almost trivial to look at VBScript and convert it
to perl. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, April 13, 2004 11:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] scripting admin


I say Perl... 

The activestate dist is great. I am not aware of anything off the top of
my head you can do in vbscript that you can't do in perl. You may want
to learn enough vbscript to convert vbscripts others have written to
perl. 

Overall for really simple things vbscript may be easier at first glance,
but as the complexity rises vbscript shows its issues and perl starts to
shine. 

Grab Robbie Allen's AD Cookbook which has some perl in it, also his
Managing Enterprise Active Directory Services has quite a bit of perl in
it. Most everything I tend to post here in terms of scripts and do in
general is perl. 

  joe



-
http://www.joeware.net   (download joeware)
http://www.cafeshops.com/joewarenet  (wear joeware)
 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Tuesday, April 13, 2004 10:32 PM
To: ActiveDir (E-mail)
Subject: [ActiveDir] scripting admin

sorry for what is more of a personal advice question- i'm a perl guy and
i was wondering if for proper windows scripting, should i learn VBscript
or can i get away with most admining with  perl and activestate. i run a
couple of linux and unix servers, so perl makes sense, but would it
behove me to learn VBscript or even VB to effectively script my win2k ad
enviorment or can i get away with perl and its integer conversion et al
and be a good admin mastering only one lang? thanks in advance
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Roger Seielstad]

You are correct - at least that's the current name for it.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Christopher Hummert [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, April 14, 2004 2:09 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Waitisn't the next version called WUS now or am I mistaken?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Salandra, Justin A.
 Sent: Wednesday, April 14, 2004 10:57 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Does anyone know what the upgrade process is going to be from 
 SUS to SUS
 2.0?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Roger Seielstad
 Sent: Wednesday, April 14, 2004 1:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Same way all other products are announced.
 
 My information has it that you've got a few months still 
 before it goes
 public.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Philadelphia, Lynden - Revios Toronto 
  [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 1:10 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  How will we be notified when it is ready for public use
  
  
  Lynden
  -Original Message-
  From: Roger Seielstad [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 12:57 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  I believe its currently considered a closed beta, by 
 invitation only.
  
  --
  Roger D. Seielstad - MTS MCSE MS-MVP
  Sr. Systems Administrator
  Inovis Inc.
   
  
   -Original Message-
   From: Robbie Foust [mailto:[EMAIL PROTECTED]
   Sent: Wednesday, April 14, 2004 12:24 PM
   To: [EMAIL PROTECTED]
   Subject: Re: [ActiveDir] SUS 2.0 Beta
   
   Looks like you can sign up for the open evaluation version here:
   
   http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
   
   But I haven't been able to locate the beta version yet.  
   Haven't found a
   Guest ID yet either.
   
   - Robbie
   
   Robbie Foust, IT Analyst
   Systems and Core Services
   Duke University
   
   
   
   
   England, Christopher M wrote:
   
Greetings,
   
I guess SUS 2.0 Beta has been released: 
_http://www.nwc.com/showitem.jhtml?articleID=18400592_
  Does anyone
have a Guest ID to get in on the Beta? Or is there just a
  download
somewhere?
   
Thanks all,
Chris
   

Christopher England
Systems Administrator
MCSA, Server+, Network+, A+
College Information Technology Office Indiana University
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive: 
   http://www.mail-archive.com/activedir%40mail.activedir.org/
   
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Salandra, Justin A.]

I was hoping I would be able to install SUS 2.0 over my existing SUS
server since I do not have the resources to have it on another server.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 2:32 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

There's a client upgrade (which might be able to be done automatically)
and I'd assume you'd want to install it into another IIS virtual server.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, April 14, 2004 1:57 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Does anyone know what the upgrade process is going to be from 
 SUS to SUS
 2.0?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Roger Seielstad
 Sent: Wednesday, April 14, 2004 1:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Same way all other products are announced.
 
 My information has it that you've got a few months still 
 before it goes
 public.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Philadelphia, Lynden - Revios Toronto 
  [mailto:[EMAIL PROTECTED] 
  Sent: Wednesday, April 14, 2004 1:10 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  How will we be notified when it is ready for public use
  
  
  Lynden
  -Original Message-
  From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
  Sent: Wednesday, April 14, 2004 12:57 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  I believe its currently considered a closed beta, by 
 invitation only.
  
  --
  Roger D. Seielstad - MTS MCSE MS-MVP
  Sr. Systems Administrator
  Inovis Inc.
   
  
   -Original Message-
   From: Robbie Foust [mailto:[EMAIL PROTECTED] 
   Sent: Wednesday, April 14, 2004 12:24 PM
   To: [EMAIL PROTECTED]
   Subject: Re: [ActiveDir] SUS 2.0 Beta
   
   Looks like you can sign up for the open evaluation version here:
   
   http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
   
   But I haven't been able to locate the beta version yet.  
   Haven't found a 
   Guest ID yet either.
   
   - Robbie
   
   Robbie Foust, IT Analyst
   Systems and Core Services
   Duke University
   
   
   
   
   England, Christopher M wrote:
   
Greetings,
   
I guess SUS 2.0 Beta has been released: 
_http://www.nwc.com/showitem.jhtml?articleID=18400592_ 
  Does anyone 
have a Guest ID to get in on the Beta? Or is there just a 
  download 
somewhere?
   
Thanks all,
Chris
   

Christopher England
Systems Administrator
MCSA, Server+, Network+, A+
College Information Technology Office
Indiana University
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive: 
   http://www.mail-archive.com/activedir%40mail.activedir.org/
   
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Darren Mar-Elia]

Yes, painfully, that is true. MS Marketing strikes again. I can just see
the advertising:

Trust your network to a WUS

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christopher
Hummert
Sent: Wednesday, April 14, 2004 11:09 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

Waitisn't the next version called WUS now or am I mistaken?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Wednesday, April 14, 2004 10:57 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

Does anyone know what the upgrade process is going to be from SUS to SUS
2.0?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 1:41 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

Same way all other products are announced.

My information has it that you've got a few months still before it goes
public.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Philadelphia, Lynden - Revios Toronto 
 [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, April 14, 2004 1:10 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 How will we be notified when it is ready for public use
 
 
 Lynden
 -Original Message-
 From: Roger Seielstad [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, April 14, 2004 12:57 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 I believe its currently considered a closed beta, by invitation only.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Robbie Foust [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 12:24 PM
  To: [EMAIL PROTECTED]
  Subject: Re: [ActiveDir] SUS 2.0 Beta
  
  Looks like you can sign up for the open evaluation version here:
  
  http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
  
  But I haven't been able to locate the beta version yet.  
  Haven't found a
  Guest ID yet either.
  
  - Robbie
  
  Robbie Foust, IT Analyst
  Systems and Core Services
  Duke University
  
  
  
  
  England, Christopher M wrote:
  
   Greetings,
  
   I guess SUS 2.0 Beta has been released: 
   _http://www.nwc.com/showitem.jhtml?articleID=18400592_
 Does anyone
   have a Guest ID to get in on the Beta? Or is there just a
 download
   somewhere?
  
   Thanks all,
   Chris
  
   
   Christopher England
   Systems Administrator
   MCSA, Server+, Network+, A+
   College Information Technology Office Indiana University
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] DFS use question

[E Brown]

This falls to conflict resolution of last-writer wins.
You can leverage something like sharepoint to checkout documents if this is
too much of an issue. But FRS is for seamless file replication and out of
scope for design considerations.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Wednesday, April 14, 2004 3:40 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] DFS use question


I have another question, how do you prevent the situation where a user at
one site opens a document and a user at the remote site opens and starts
editing the same document?  What happens then?  How do you prevent that?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of E Brown
Sent: Wednesday, April 14, 2004 3:12 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS use question


If you decide to use dfs\frs do the following as tuning guide...

1. Create as many separate trees as opposed to one large one.
2. Use latest frs hotfix
3. Have each partner have only one upstream  downstream partner
4. Do a backup so that recovery is easier.
5. Connect server to switch and use full-duplex
6. Change the change order maximum from 8 to 100 changes- will cause
additional load on the upstream partner
7. Take a look at Q329491
8. Take a look at the recovery scripts that make recovery faster. Restore
from backup even old is better than replicating in all data.
9. Remove large files that don't change much and replicate them via robocopy
if they are static.
10. Refer to the 2003 BODG for newest functionality.
11. Use proper monitoring tools and stability will be excellent.
12. Don't virus scan ntfrs.jdb file.

Let me know how this goes.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, April 13, 2004 6:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS use question

I concur... especially considering the restore time in the event that
replication screws up and critical information is pushed off to a
Staging area, inaccessible to the user.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, April 12, 2004 11:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS use question

With all due respect to those that absolutely think that FRS v1 is hot,
I'm
quite pleased that there has been this level of success with it.

However, even Microsoft admits that FRS iswell, broken.  It gets
better
with each QFE, Service Pack and HotFix, but the basics are just flat
broken.

I'm not sure that I'd recommend it for anything remotely critical. But,
to
each his own.

Rick Kingslan  MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of E Brown
Sent: Monday, April 12, 2004 2:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS use question

This is not out of the realm of FRS.
I work with some folks that sync 240+GB between 12 servers using T-1 as
well..
There are some tuning factors that should be followed:

What is DFS topology?
Make sure you using dfs  frs tuning docs.
Setup Ultrasound to monitor...
Let me know if you need more details.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Sunday, April 11, 2004 7:06 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] DFS use question


We have one of our largest sites in England and another large site in
the
US, with at least a full T-1 between the two sites.  We have a share
with
about 70GB of data in it, that both sites regularly need to access.
Would
this be something we could use DFS for with automatic replication, or is
this way out of DFS's range?  And if it's out of the range of DFS, how
are
others solving this issue?  A program like Veritas Storage Replicator,
or
NSI DoubleTake?  Or will DFS suffice?

~~
This e-mail is confidential, may contain proprietary information of the
Cooper Cameron Corporation and its operating Divisions and may be
confidential or privileged.

This e-mail should be read, copied, disseminated and/or used only by the
addressee. If you have received this message in error please delete it,
together with any attachments, from your system.
~~
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : 

RE: [ActiveDir] SUS 2.0 Beta

[Celone, Mike]

Title: RE: [ActiveDir] SUS 2.0 Beta





There will be an upgrade path for WUW/SUS 2.0. However it hasn't been worked out yet.


Mike 


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, April 14, 2004 2:43 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta


I was hoping I would be able to install SUS 2.0 over my existing SUS server since I do not have the resources to have it on another server.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 2:32 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta


There's a client upgrade (which might be able to be done automatically) and I'd assume you'd want to install it into another IIS virtual server.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.



 -Original Message-
 From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, April 14, 2004 1:57 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Does anyone know what the upgrade process is going to be from SUS to 
 SUS 2.0?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of Roger 
 Seielstad
 Sent: Wednesday, April 14, 2004 1:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Same way all other products are announced.
 
 My information has it that you've got a few months still before it 
 goes public.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
 
 
  -Original Message-
  From: Philadelphia, Lynden - Revios Toronto 
  [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, April 14, 2004 1:10 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  How will we be notified when it is ready for public use
  
  
  Lynden
  -Original Message-
  From: Roger Seielstad [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, April 14, 2004 12:57 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  I believe its currently considered a closed beta, by
 invitation only.
  
  --
  Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator 
  Inovis Inc.
  
  
   -Original Message-
   From: Robbie Foust [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, April 14, 2004 12:24 PM
   To: [EMAIL PROTECTED]
   Subject: Re: [ActiveDir] SUS 2.0 Beta
   
   Looks like you can sign up for the open evaluation version here:
   
   http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
   
   But I haven't been able to locate the beta version yet. 
   Haven't found a
   Guest ID yet either.
   
   - Robbie
   
   Robbie Foust, IT Analyst
   Systems and Core Services
   Duke University
   
   
   
   
   England, Christopher M wrote:
   
Greetings,
   
I guess SUS 2.0 Beta has been released: 
_http://www.nwc.com/showitem.jhtml?articleID=18400592_
  Does anyone
have a Guest ID to get in on the Beta? Or is there just a
  download
somewhere?
   
Thanks all,
Chris
   

Christopher England
Systems Administrator
MCSA, Server+, Network+, A+
College Information Technology Office Indiana University
   
   List info : http://www.activedir.org/mail_list.htm
   List FAQ : http://www.activedir.org/list_faq.htm
   List archive: 
   http://www.mail-archive.com/activedir%40mail.activedir.org/
   
  List info : http://www.activedir.org/mail_list.htm
  List FAQ : http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info : http://www.activedir.org/mail_list.htm
 List FAQ : http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info : http://www.activedir.org/mail_list.htm
 List FAQ : http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Rod Trent]

This was asked and answered in the recent Microsoft public chat on WUS, but
I can't seem to locate the chat transcripts page.  Anyone have a link?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Wednesday, April 14, 2004 1:57 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

Does anyone know what the upgrade process is going to be from SUS to SUS
2.0?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 1:41 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

Same way all other products are announced.

My information has it that you've got a few months still before it goes
public.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Philadelphia, Lynden - Revios Toronto 
 [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, April 14, 2004 1:10 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 How will we be notified when it is ready for public use
 
 
 Lynden
 -Original Message-
 From: Roger Seielstad [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, April 14, 2004 12:57 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 I believe its currently considered a closed beta, by invitation only.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Robbie Foust [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 12:24 PM
  To: [EMAIL PROTECTED]
  Subject: Re: [ActiveDir] SUS 2.0 Beta
  
  Looks like you can sign up for the open evaluation version here:
  
  http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
  
  But I haven't been able to locate the beta version yet.  
  Haven't found a
  Guest ID yet either.
  
  - Robbie
  
  Robbie Foust, IT Analyst
  Systems and Core Services
  Duke University
  
  
  
  
  England, Christopher M wrote:
  
   Greetings,
  
   I guess SUS 2.0 Beta has been released: 
   _http://www.nwc.com/showitem.jhtml?articleID=18400592_
 Does anyone
   have a Guest ID to get in on the Beta? Or is there just a
 download
   somewhere?
  
   Thanks all,
   Chris
  
   
   Christopher England
   Systems Administrator
   MCSA, Server+, Network+, A+
   College Information Technology Office Indiana University
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Philadelphia, Lynden - Revios Toronto]

Try using a PC until you reinstall your SUS to WUS


Lynden

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 14, 2004 2:43 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

I was hoping I would be able to install SUS 2.0 over my existing SUS
server since I do not have the resources to have it on another server.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 2:32 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

There's a client upgrade (which might be able to be done automatically)
and I'd assume you'd want to install it into another IIS virtual server.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, April 14, 2004 1:57 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Does anyone know what the upgrade process is going to be from 
 SUS to SUS
 2.0?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Roger Seielstad
 Sent: Wednesday, April 14, 2004 1:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Same way all other products are announced.
 
 My information has it that you've got a few months still 
 before it goes
 public.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Philadelphia, Lynden - Revios Toronto 
  [mailto:[EMAIL PROTECTED] 
  Sent: Wednesday, April 14, 2004 1:10 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  How will we be notified when it is ready for public use
  
  
  Lynden
  -Original Message-
  From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
  Sent: Wednesday, April 14, 2004 12:57 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  I believe its currently considered a closed beta, by 
 invitation only.
  
  --
  Roger D. Seielstad - MTS MCSE MS-MVP
  Sr. Systems Administrator
  Inovis Inc.
   
  
   -Original Message-
   From: Robbie Foust [mailto:[EMAIL PROTECTED] 
   Sent: Wednesday, April 14, 2004 12:24 PM
   To: [EMAIL PROTECTED]
   Subject: Re: [ActiveDir] SUS 2.0 Beta
   
   Looks like you can sign up for the open evaluation version here:
   
   http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
   
   But I haven't been able to locate the beta version yet.  
   Haven't found a 
   Guest ID yet either.
   
   - Robbie
   
   Robbie Foust, IT Analyst
   Systems and Core Services
   Duke University
   
   
   
   
   England, Christopher M wrote:
   
Greetings,
   
I guess SUS 2.0 Beta has been released: 
_http://www.nwc.com/showitem.jhtml?articleID=18400592_ 
  Does anyone 
have a Guest ID to get in on the Beta? Or is there just a 
  download 
somewhere?
   
Thanks all,
Chris
   

Christopher England
Systems Administrator
MCSA, Server+, Network+, A+
College Information Technology Office
Indiana University
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive: 
   http://www.mail-archive.com/activedir%40mail.activedir.org/
   
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
This message is intended for the use of the individual or entity to which it is 
addressed and may contain information that is privileged, confidential and exempt from 
disclosure under applicable law.  If the reader of this message in not the intended 
recipient or the employer or agent responsible for delivering the message to the 
recipient, you are hereby notified that dissemination, distribution or copying of this 
communication is strictly prohibited.  If you 

RE: [ActiveDir] moving domain admins

[Mulnick, Al]

If you open it up in LDP, what do you see (authenticated of course)?

Is it possible that there's a replication issue?  Have you checked the logs
of the domains to see what's logged when you attempt to connect?

Just where did they move the domain administrators from/to?  Just from
cn=users to something else?

Al 

-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 14, 2004 2:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] moving domain admins

another labyrinthine cross post(sorry)-

Also, i fire up adsi edit from their domain and i can only get to the
organization in the config partition. when on go to the security tab, there
are no entries.
how can they just lose permissions to certain parts of the config
paritition? the only change made was the root domain of the forest installed
exchange 2003, but i doubt that had anything to do with.
i'm very puzzled.




-Original Message-
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 1:16 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] moving domain admins


Heck of a cross post, isn't it? 

Moving the domain administrators group is not something that should cause
this type of issue.  

What else was done during those changes? 

-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 12:45 PM
To: Admin Issues (E-mail)
Cc: ActiveDir (E-mail)
Subject: [ActiveDir] moving domain admins

I know moving the default exchange groups out of the users folder can screw
things up as exchange expects to find them there, but will moving the domain
admins from the users folder into another ou(no gpo applied) screw things up
with exchange or any other services in ad?
I only ask because some admin in another domain moved this group and now
when i open exchange manager in their domain, i can't see the servers or any
admin groups. i'm running exchange manager as their administrator account
and thier domain admins have full exchange rights on their admin group.
other than that exchange is functioning normally.
thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Windows 2003 and Windows 98 issue

[Michael Wallendahl]

Downlevel clients (win9x/nt) do not support NTLMV2 authentication unless
you install the Active Directory Client Extensions for Windows 95/98
and Windows NT 4.0 on the client machines.

NTLMV2 is not turned on by default on Windows 2000, but maybe Windows
2003 turns it on automatically?

If so, you can download the AD Client Extensions from here:
http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/adextension.asp

HTH,
-Mike

On Wed, Mar 31, 2004 at 04:21:09PM +0200, Peter Johnson wrote:
 ...
 4.) DCPROMO the new Windows 2003 server.
 
  
 
 The moment step 4 happens none of my Windows 98 machines can login to
 the domain. I get an error message that The password is incorrect or
 access to logon server has been denied. 
 
  
 
 After reading through the sparse documentation I installed the
 DSCLIENT2003 that I got from PSS as well as IE 6.0 SP1 and turned on
 NTLMV2 authentication and turned off SMB signing on the DC's. None of
 these steps made any difference. The moment I demoted the Windows 2003
 DC to a member server the problem disappeared. I've not gone any further
 with the process since then,
 
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] moving domain admins

[Kern, Tom]

I see nothing strange in ldp and no replication errors in event log or rep monitor.
I think its a permissions issue but i have nowhere to begin looking and as far as i 
know nothing has been changed. They don't really have an IT dept(we admin them) so no 
one would even know how to change something anyway.
I can see the server and admin group using enterprise manager from my domain just not 
theirs(where the server is located). However when i try to access the directory tab of 
the server, i get information about directory services could not be entirely 
obtained. make sure exchange management service is running. exchange management 
service IS running.
very strange indeed.
any other thoughts, tips?
thanks

-Original Message-
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 3:38 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] moving domain admins


If you open it up in LDP, what do you see (authenticated of course)?

Is it possible that there's a replication issue?  Have you checked the logs
of the domains to see what's logged when you attempt to connect?

Just where did they move the domain administrators from/to?  Just from
cn=users to something else?

Al 

-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, April 14, 2004 2:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] moving domain admins

another labyrinthine cross post(sorry)-

Also, i fire up adsi edit from their domain and i can only get to the
organization in the config partition. when on go to the security tab, there
are no entries.
how can they just lose permissions to certain parts of the config
paritition? the only change made was the root domain of the forest installed
exchange 2003, but i doubt that had anything to do with.
i'm very puzzled.




-Original Message-
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 1:16 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] moving domain admins


Heck of a cross post, isn't it? 

Moving the domain administrators group is not something that should cause
this type of issue.  

What else was done during those changes? 

-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 12:45 PM
To: Admin Issues (E-mail)
Cc: ActiveDir (E-mail)
Subject: [ActiveDir] moving domain admins

I know moving the default exchange groups out of the users folder can screw
things up as exchange expects to find them there, but will moving the domain
admins from the users folder into another ou(no gpo applied) screw things up
with exchange or any other services in ad?
I only ask because some admin in another domain moved this group and now
when i open exchange manager in their domain, i can't see the servers or any
admin groups. i'm running exchange manager as their administrator account
and thier domain admins have full exchange rights on their admin group.
other than that exchange is functioning normally.
thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Roger Seielstad]

At the MVP summit, even the WUS product team was appologizing for the
name.

I was kinda hoping they're rename MIIS to the Windows Identity
Integration Server.


--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, April 14, 2004 2:44 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Yes, painfully, that is true. MS Marketing strikes again. I 
 can just see
 the advertising:
 
 Trust your network to a WUS
 
  
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Christopher
 Hummert
 Sent: Wednesday, April 14, 2004 11:09 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Waitisn't the next version called WUS now or am I mistaken?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
 Justin A.
 Sent: Wednesday, April 14, 2004 10:57 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Does anyone know what the upgrade process is going to be from 
 SUS to SUS
 2.0?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Roger Seielstad
 Sent: Wednesday, April 14, 2004 1:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Same way all other products are announced.
 
 My information has it that you've got a few months still 
 before it goes
 public.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Philadelphia, Lynden - Revios Toronto 
  [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 1:10 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  How will we be notified when it is ready for public use
  
  
  Lynden
  -Original Message-
  From: Roger Seielstad [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 12:57 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  I believe its currently considered a closed beta, by 
 invitation only.
  
  --
  Roger D. Seielstad - MTS MCSE MS-MVP
  Sr. Systems Administrator
  Inovis Inc.
   
  
   -Original Message-
   From: Robbie Foust [mailto:[EMAIL PROTECTED]
   Sent: Wednesday, April 14, 2004 12:24 PM
   To: [EMAIL PROTECTED]
   Subject: Re: [ActiveDir] SUS 2.0 Beta
   
   Looks like you can sign up for the open evaluation version here:
   
   http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
   
   But I haven't been able to locate the beta version yet.  
   Haven't found a
   Guest ID yet either.
   
   - Robbie
   
   Robbie Foust, IT Analyst
   Systems and Core Services
   Duke University
   
   
   
   
   England, Christopher M wrote:
   
Greetings,
   
I guess SUS 2.0 Beta has been released: 
_http://www.nwc.com/showitem.jhtml?articleID=18400592_
  Does anyone
have a Guest ID to get in on the Beta? Or is there just a
  download
somewhere?
   
Thanks all,
Chris
   

Christopher England
Systems Administrator
MCSA, Server+, Network+, A+
College Information Technology Office Indiana University
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive: 
   http://www.mail-archive.com/activedir%40mail.activedir.org/
   
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS 2.0 Beta

[Bernard, Aric]

And I was hoping that they would rename SUS2.0/WUS to Microsoft Product
Update Services...

- Aric

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 1:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

At the MVP summit, even the WUS product team was appologizing for the
name.

I was kinda hoping they're rename MIIS to the Windows Identity
Integration Server.


--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, April 14, 2004 2:44 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Yes, painfully, that is true. MS Marketing strikes again. I 
 can just see
 the advertising:
 
 Trust your network to a WUS
 
  
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Christopher
 Hummert
 Sent: Wednesday, April 14, 2004 11:09 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Waitisn't the next version called WUS now or am I mistaken?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
 Justin A.
 Sent: Wednesday, April 14, 2004 10:57 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Does anyone know what the upgrade process is going to be from 
 SUS to SUS
 2.0?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Roger Seielstad
 Sent: Wednesday, April 14, 2004 1:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Same way all other products are announced.
 
 My information has it that you've got a few months still 
 before it goes
 public.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Philadelphia, Lynden - Revios Toronto 
  [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 1:10 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  How will we be notified when it is ready for public use
  
  
  Lynden
  -Original Message-
  From: Roger Seielstad [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 12:57 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  I believe its currently considered a closed beta, by 
 invitation only.
  
  --
  Roger D. Seielstad - MTS MCSE MS-MVP
  Sr. Systems Administrator
  Inovis Inc.
   
  
   -Original Message-
   From: Robbie Foust [mailto:[EMAIL PROTECTED]
   Sent: Wednesday, April 14, 2004 12:24 PM
   To: [EMAIL PROTECTED]
   Subject: Re: [ActiveDir] SUS 2.0 Beta
   
   Looks like you can sign up for the open evaluation version here:
   
   http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
   
   But I haven't been able to locate the beta version yet.  
   Haven't found a
   Guest ID yet either.
   
   - Robbie
   
   Robbie Foust, IT Analyst
   Systems and Core Services
   Duke University
   
   
   
   
   England, Christopher M wrote:
   
Greetings,
   
I guess SUS 2.0 Beta has been released: 
_http://www.nwc.com/showitem.jhtml?articleID=18400592_
  Does anyone
have a Guest ID to get in on the Beta? Or is there just a
  download
somewhere?
   
Thanks all,
Chris
   

Christopher England
Systems Administrator
MCSA, Server+, Network+, A+
College Information Technology Office Indiana University
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive: 
   http://www.mail-archive.com/activedir%40mail.activedir.org/
   
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: 

RE: [ActiveDir] SUS 2.0 Beta

[Rod Trent]

SUSServer.com is hosting a contest for a better name:

http://forums.susserver.com/index.php?showtopic=2032 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 4:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

At the MVP summit, even the WUS product team was appologizing for the name.

I was kinda hoping they're rename MIIS to the Windows Identity Integration
Server.


--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Darren Mar-Elia [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, April 14, 2004 2:44 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Yes, painfully, that is true. MS Marketing strikes again. I can just 
 see the advertising:
 
 Trust your network to a WUS
 
  
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Christopher 
 Hummert
 Sent: Wednesday, April 14, 2004 11:09 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Waitisn't the next version called WUS now or am I mistaken?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, 
 Justin A.
 Sent: Wednesday, April 14, 2004 10:57 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Does anyone know what the upgrade process is going to be from SUS to 
 SUS 2.0?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Roger 
 Seielstad
 Sent: Wednesday, April 14, 2004 1:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Same way all other products are announced.
 
 My information has it that you've got a few months still before it 
 goes public.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Philadelphia, Lynden - Revios Toronto 
  [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 1:10 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  How will we be notified when it is ready for public use
  
  
  Lynden
  -Original Message-
  From: Roger Seielstad [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 12:57 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  I believe its currently considered a closed beta, by
 invitation only.
  
  --
  Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator 
  Inovis Inc.
   
  
   -Original Message-
   From: Robbie Foust [mailto:[EMAIL PROTECTED]
   Sent: Wednesday, April 14, 2004 12:24 PM
   To: [EMAIL PROTECTED]
   Subject: Re: [ActiveDir] SUS 2.0 Beta
   
   Looks like you can sign up for the open evaluation version here:
   
   http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
   
   But I haven't been able to locate the beta version yet.  
   Haven't found a
   Guest ID yet either.
   
   - Robbie
   
   Robbie Foust, IT Analyst
   Systems and Core Services
   Duke University
   
   
   
   
   England, Christopher M wrote:
   
Greetings,
   
I guess SUS 2.0 Beta has been released: 
_http://www.nwc.com/showitem.jhtml?articleID=18400592_
  Does anyone
have a Guest ID to get in on the Beta? Or is there just a
  download
somewhere?
   
Thanks all,
Chris
   

Christopher England
Systems Administrator
MCSA, Server+, Network+, A+
College Information Technology Office Indiana University
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive: 
   http://www.mail-archive.com/activedir%40mail.activedir.org/
   
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: 

RE: [ActiveDir] SUS 2.0 Beta

[Christopher Hummert]

Oh man this is a wonderful site. Thanks for passing along the link.
Hopefully I'll be able to find the answers to some of the SUS questions I
have. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent
Sent: Wednesday, April 14, 2004 1:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

SUSServer.com is hosting a contest for a better name:

http://forums.susserver.com/index.php?showtopic=2032 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Wednesday, April 14, 2004 4:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS 2.0 Beta

At the MVP summit, even the WUS product team was appologizing for the name.

I was kinda hoping they're rename MIIS to the Windows Identity Integration
Server.


--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

 -Original Message-
 From: Darren Mar-Elia [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, April 14, 2004 2:44 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Yes, painfully, that is true. MS Marketing strikes again. I can just 
 see the advertising:
 
 Trust your network to a WUS
 
  
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Christopher 
 Hummert
 Sent: Wednesday, April 14, 2004 11:09 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Waitisn't the next version called WUS now or am I mistaken?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, 
 Justin A.
 Sent: Wednesday, April 14, 2004 10:57 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Does anyone know what the upgrade process is going to be from SUS to 
 SUS 2.0?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Roger 
 Seielstad
 Sent: Wednesday, April 14, 2004 1:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] SUS 2.0 Beta
 
 Same way all other products are announced.
 
 My information has it that you've got a few months still before it 
 goes public.
 
 --
 Roger D. Seielstad - MTS MCSE MS-MVP
 Sr. Systems Administrator
 Inovis Inc.
  
 
  -Original Message-
  From: Philadelphia, Lynden - Revios Toronto 
  [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 1:10 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  How will we be notified when it is ready for public use
  
  
  Lynden
  -Original Message-
  From: Roger Seielstad [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, April 14, 2004 12:57 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] SUS 2.0 Beta
  
  I believe its currently considered a closed beta, by
 invitation only.
  
  --
  Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator 
  Inovis Inc.
   
  
   -Original Message-
   From: Robbie Foust [mailto:[EMAIL PROTECTED]
   Sent: Wednesday, April 14, 2004 12:24 PM
   To: [EMAIL PROTECTED]
   Subject: Re: [ActiveDir] SUS 2.0 Beta
   
   Looks like you can sign up for the open evaluation version here:
   
   http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
   
   But I haven't been able to locate the beta version yet.  
   Haven't found a
   Guest ID yet either.
   
   - Robbie
   
   Robbie Foust, IT Analyst
   Systems and Core Services
   Duke University
   
   
   
   
   England, Christopher M wrote:
   
Greetings,
   
I guess SUS 2.0 Beta has been released: 
_http://www.nwc.com/showitem.jhtml?articleID=18400592_
  Does anyone
have a Guest ID to get in on the Beta? Or is there just a
  download
somewhere?
   
Thanks all,
Chris
   

Christopher England
Systems Administrator
MCSA, Server+, Network+, A+
College Information Technology Office Indiana University
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive: 
   http://www.mail-archive.com/activedir%40mail.activedir.org/
   
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 

[ActiveDir] moving domain admins

[Kern, Tom]

I know moving the default exchange groups out of the users folder can screw things up 
as exchange expects to find them there, but will moving the domain admins from the 
users folder into another ou(no gpo applied) screw things up with exchange or any 
other services in ad?
I only ask because some admin in another domain moved this group and now when i open 
exchange manager in their domain, i can't see the servers or any admin groups. i'm 
running exchange manager as their administrator account and thier domain admins have 
full exchange rights on their admin group. other than that exchange is functioning 
normally.
thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] re: domain move

[Kern, Tom]

Also, i fire up adsi edit from their domain and i can only get to the organization in 
the config partition. when on go to the security tab, there are no entries.
how can they just lose permissions to certain parts of the config paritition? the only 
change made was the root domain of the forest installed exchange 2003, but i doubt 
that had anything to do with.
i'm very puzzled.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] SUS 2.0 Beta

[Ken Schaefer]

It is a closed beta at this stage. I spoke to some of the WUS people, and
they said that until they had finalised and filed some patent applications,
there were legal reasons they couldn't take on more than x people.

Cheers
Ken

~~
From: Robbie Foust [EMAIL PROTECTED]
Subject: Re: [ActiveDir] SUS 2.0 Beta


: Looks like you can sign up for the open evaluation version here:
:
: http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx
:
: But I haven't been able to locate the beta version yet.  Haven't found a
: Guest ID yet either.
:
: - Robbie
:
: Robbie Foust, IT Analyst
: Systems and Core Services
: Duke University
:
:
:
:
: England, Christopher M wrote:
:
:  Greetings,
: 
:  I guess SUS 2.0 Beta has been released:
:  _http://www.nwc.com/showitem.jhtml?articleID=18400592_ Does anyone
:  have a Guest ID to get in on the Beta? Or is there just a download
:  somewhere?

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/