RE: [ActiveDir] Server Monitoring
As far as SNMP goes - -I really like What'sUp Gold - -Unfortunately when the did the newest version release - the Went to What's Up Pro -- and it if FAR inferior to their previous product. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Monday, October 17, 2005 9:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks at the event logs and tells daily health status of my server. Like today my email tells me my server has been running for 6 hours [just rebooted it last night] and it gives me an overview if auto services are not running, critical alerts and critical errors in the event logs. It tells me memory/disk size, cpu use, top processes, if the backup ran, and aggregates the alerts from all the log files. It's a health mon that dumps it's data into a msde database and builds the email to be sent internally or externally. What it does now, is only pulls data from the one box, the SBS box. but I can go into
RE: [ActiveDir] Server Monitoring
http://www.serversalive.com/ Works for us and the price is right! Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Monday, October 17, 2005 8:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks at the event logs and tells daily health status of my server. Like today my email tells me my server has been running for 6 hours [just rebooted it last night] and it gives me an overview if auto services are not running, critical alerts and critical errors in the event logs. It tells me memory/disk size, cpu use, top processes, if the backup ran, and aggregates the alerts from all the log files. It's a health mon that dumps it's data into a msde database and builds the email to be sent internally or externally. What it does now, is only pulls data from the one box, the SBS box. but I can go into health mon and build my own monitors and grab those event logs from other machines [need to so that just
RE: [ActiveDir] Server Monitoring
Are you simply looking for server going down or service availability? I.E. do want something at a lower, or higher level, than just a simple ping/SNMP status check? Have a look, based on budget, at NetIQ AppManager or MS MOM 2005. I have a preference for AM myself. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Cerino Sent: 17 October 2005 15:39 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Server Monitoring As far as SNMP goes - -I really like What'sUp Gold - -Unfortunately when the did the newest version release - the Went to What's Up Pro -- and it if FAR inferior to their previous product. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Monday, October 17, 2005 9:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks at the event logs and tells daily health status of my server. Like today my email tells me my server has been running for 6 hours [just
RE: [ActiveDir] Server Monitoring
Have you looked at MOM? http://www.microsoft.com/mom/default.mspx Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Monday, October 17, 2005 9:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks at the event logs and tells daily health status of my server. Like today my email tells me my server has been running for 6 hours [just rebooted it last night] and it gives me an overview if auto services are not running, critical alerts and critical errors in the event logs. It tells me memory/disk size, cpu use, top processes, if the backup ran, and aggregates the alerts from all the log files. It's a health mon that dumps it's data into a msde database and builds the email to be sent internally or externally. What it does now, is only pulls data from the one box, the SBS box. but I can go into health mon and build my own monitors and grab those event logs from other machines [need to so that just haven't gotten around to it]. Right now if someone
Re: [ActiveDir] Server Monitoring
We use big brother for monitoring and paging http://www.bb4.org/ I haven't used this one but the free version of power admin may do the trick for you http://www.poweradmin.com/ServerMonitor/Free.asp I've used uptime in the past as well and have had success with it. You can download it from here http://www.microsoft.com/ntserver/nts/downloads/management/uptime/default.asp Thanks Mike On 10/17/05, Thommes, Michael M. [EMAIL PROTECTED] wrote: http://www.serversalive.com/Works for us and the price is right! Mike Thommes-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] ] On Behalf Of John ParkerSent: Monday, October 17, 2005 8:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Server MonitoringHello all... We are searching for a tool that will monitor server uptime and send outan alert when a server goes down.Anyone have a suggestion?Does not have to be too complicated.Everything is Win2K AD fully spacked. Thank you in advance.John Parker, MCSEIS Admin.Senior Technical SpecialistAlpha Display Systems.Alpha Video7711 Computer Ave.Edina, MN. 55435952-896-9898 Local800-388-0008 Watts 952-896-9899 Fax612-804-8769 Cell952-841-3327 Direct[EMAIL PROTECTED]Be excellent to each other---End of LineOriginal Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP][mailto:[EMAIL PROTECTED]]Sent: Sunday, October 16, 2005 9:49 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Knowing when users were deleted.I give carte blanche to folks to wack me upside the head if I get tooannoying. :-)Rick Kingslan wrote: Susan,Really - I know you too well.You're not going to lurk.Get in thegame.It appears most folks want to hear what you have to say from the SmallBusiness arena.And, if it broadens the message of managing and maintainingthe systems - it's good for all.Just please - stop convincing yourself you're lurkingYou'rearen't!You're too valuable to do so...:o)Rick [msft] --Posting is provided AS IS, and confers no rights or warranties ...-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Susan Bradley,CPAaka Ebitz - SBS Rocks [MVP]Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Knowing when users were deleted.sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inboxat 6 a.m have asked for a dashboard. I can handle a daily emailthey can't.At a NTuser group meeting I was at ...some of the dashboard tools in Linuxwere discussed.Nagios in particular was one they used for monitoring.Monitoring -- MRTG: The Multi Router Traffic Grapher:http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases(ACID):http://acidlab.sourceforge.net/Intrustion detection - Snort.org:http://www.snort.org/Monitoring - Nagios: Home:http://www.nagios.org/ Traffic probe - ntop - network top:http://www.ntop.org/head.htmlSusan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem.And then after the scale its... okay what the heck is the servertrying to tell me?I'm still a fan of www.eventid.net over microsoft.com's click here.Rick Kingslan wrote:And, as you know that does work well in SBSland.However, when the scale grows, so do the requirements.IN the Medium to Enterprisespace, the idea is more along the lines of a system or series ofsystems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services,etc.Which, is right where MOM 2005 drops into the picture.If it _IS_the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available.It's just that insteadof getting an e-mail per server (most admins would just begin tocreate a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information.Scale makes the problem much tougher, as I'm sure you can imagineRick [msft] --Posting is provided AS IS, and confers no rights or warranties ...-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of SusanBradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurkingIn SBSland we have a daily monitoring email [well ... I send it dailyanyway, but it's configurable] and it looks at the event logs and tells daily health status of my server.Like today my email tells me my server has been running for 6 hours[just rebooted it last night] and it gives me an overview if auto services are not running, critical alerts and critical errors in theevent logs.It tells me memory/disk size, cpu use, top processes, if the backupran, and aggregates the alerts from all the log files. It's a health mon that dumps it's data into a msde database andbuilds the
RE: [ActiveDir] Server Monitoring
Thank you all for your suggestions.I definitely have some homework to do for now. Thank you again... John Parker, MCSEIS Admin.Senior Technical SpecialistAlpha Display Systems. Alpha Video7711 Computer Ave.Edina, MN. 55435952-896-9898 Local800-388-0008 Watts952-896-9899 Fax612-804-8769 Cell952-841-3327 Direct [EMAIL PROTECTED]"Be excellent to each other"---End of Line--- -Original Message-From: mike kline [mailto:[EMAIL PROTECTED]Sent: Monday, October 17, 2005 8:54 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Server Monitoring We use big brother for monitoring and paging http://www.bb4.org/ I haven't used this one but the free version of power admin may do the trick for you http://www.poweradmin.com/ServerMonitor/Free.asp I've used uptime in the past as well and have had success with it. You can download it from here http://www.microsoft.com/ntserver/nts/downloads/management/uptime/default.asp Thanks Mike On 10/17/05, Thommes, Michael M. [EMAIL PROTECTED] wrote: http://www.serversalive.com/Works for us and the price is right! Mike Thommes-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] ] On Behalf Of John ParkerSent: Monday, October 17, 2005 8:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Server MonitoringHello all...We are searching for a tool that will monitor server uptime and send outan alert when a server goes down.Anyone have a suggestion?Does not have to be too complicated.Everything is Win2K AD fully spacked. Thank you in advance.John Parker, MCSEIS Admin.Senior Technical SpecialistAlpha Display Systems.Alpha Video7711 Computer Ave.Edina, MN. 55435952-896-9898 Local800-388-0008 Watts 952-896-9899 Fax612-804-8769 Cell952-841-3327 Direct[EMAIL PROTECTED]"Be excellent to each other"---End of LineOriginal Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP][mailto:[EMAIL PROTECTED]]Sent: Sunday, October 16, 2005 9:49 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Knowing when users were deleted.I give carte blanche to folks to wack me upside the head if I get tooannoying. :-)Rick Kingslan wrote: Susan,Really - I know you too well.You're not going to lurk.Get in thegame.It appears most folks want to hear what you have to say from the SmallBusiness arena.And, if it broadens the message of managing and maintainingthe systems - it's good for all.Just please - stop convincing yourself you're lurkingYou'rearen't!You're too valuable to do so...:o)Rick [msft] --Posting is provided "AS IS", and confers no rights or warranties ...-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Susan Bradley,CPAaka Ebitz - SBS Rocks [MVP]Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Knowing when users were deleted.sorry .. I know...I know...lurk..lurkThe consultant crowd who can't handle 300 SBS boxes hitting their inboxat 6 a.m have asked for a dashboard. I can handle a daily emailthey can't.At a NTuser group meeting I was at ...some of the dashboard tools in Linuxwere discussed.Nagios in particular was one they used for monitoring.Monitoring -- MRTG: The Multi Router Traffic Grapher:http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases(ACID):http://acidlab.sourceforge.net/Intrustion detection - Snort.org:http://www.snort.org/Monitoring - Nagios: Home:http://www.nagios.org/ Traffic probe - ntop - network top:http://www.ntop.org/head.htmlSusan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:Yup information overload 'is' a problem.And then after the scale its... okay what the heck is the servertrying to tell me?I'm still a fan of www.eventid.net over microsoft.com's click here.Rick Kingslan wrote:And, as you know that does work well in SBSland.However, when the scale grows, so do the requirements.IN the Medium to Enterprisespace, the idea is more along the lines of a system or series ofsystems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services,etc.Which, is right where MOM 2005 drops into the picture.If it _IS_the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available.It's just that insteadof getting an e-mail per server (most admins would just begin tocreate a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information.Scale makes the problem much tougher, as I'm sure you can imagineRick
RE: [ActiveDir] rebooting a patched, but stubborn DC
Hi Steven/Freddy/Douglas, This time the server is a Compaq, running with an Intel(R) PRO/1000 XF Server Adapter, no DRAC-type cards, RAID-controller is builtin. Some Googling did bring up some hits regarding Exchange and I wonder what kind of communication breakdown happens between a GC that wants to shutdown and an Exchange client (ie, Outlook) that is currently using this GC for GAL information. Maybe our AD/Exchange experts can throw some light on this. Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Presley, Steven Sent: Sunday, October 16, 2005 11:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] rebooting a patched, but stubborn DC Well you are definitely not alone. Something like this just happened to me while patching my Exchange clusters (only happened to 1 out of 18, so its pretty rare). After patching and telling the passive node to reboot it was completely inaccessible even after 15 minutes (normally it does not take this long to reboot). I could not ping or TS into the box. iLO was my life saver though. Connected with iLO and no hung services, nothing funny in the event log...just was not network accessible (even on the private network with its partner node). Had to reboot it via iLO (using the standard start\shutdown procedure..no cold boot required) and it eventually went down and came back up happy. I hope there is not some gremlin in the recent round of patches that is going to stick its head out when the clock strikes midnight. Best regards, Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Sunday, October 16, 2005 7:56 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] rebooting a patched, but stubborn DC Hi Susan, Thanks for the response. No UPS issues. Checked the services remotely and didn't find anything unusual. The DC did finally reboot on its own shortly after I sent out my first message - about 2 hours after the original patching and message saying it wanted to reboot and I clicked OK. The event logs showed nothing of any consequence, just a big (2 hour) gap in the system event log entries (between the entry saying it initiated shutdown and the entry saying the system was coming back up). The security log showed no gaps at all. Am I the only one that sees this kind of behavior on W2K3/SP1 servers? I normally don't use the /console switch when I TS in (eg, mstsc.exe /console). I wonder if that could speed the process up. Mike Thommes From: [EMAIL PROTECTED] on behalf of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sat 10/15/2005 3:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] rebooting a patched, but stubborn DC APC UPS's and you don't have the latest ver on there? HP with a UPS? Can you get into services and see if something is 'stopping'? Got any ILO ability there [or suitable other remote techniques]? Thommes, Michael M. wrote: So I have remotely (TS connection) applied the latest Windows patches to one of my DCs. Patches went on fine. Said it needed to reboot. I clicked Restart. And two hours later, it still has not rebooted, but it did terminate the TS session. I have tried to kick it via a shutdown /f /r command from another DC. Still no luck. Issue same command remotely with the big Kahuna account, and it says a shutdown is in progress. It appears to still be serving up clients, e.g., no discernable ill effects. I have seen this periodically in the past with other servers. Anyone have any comments/thoughts are this irritating, weekend sigh activity? TIA! Mike Thommes List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Kix to VBS
Could I add multiple reg key changes to this vbs? I would have to define a new sPath at the end right? -Devon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Friday, October 14, 2005 5:51 PM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Kix to VBS Hi, Try the following: Cheers, jorge 'http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk /wmi/enumvalues_method_in_class_stdregprov.asp ### Const HKCU = H8001 Set oReg=GetObject(winmgmts:{impersonationLevel=impersonate}!\\.\root\defau lt:StdRegProv) sPath = Software\IXOS On Error Resume Next sKeyExist = False oReg.EnumKey HKCU, sPath, arrSubKeys For Each sSubKey In arrSubKeys If UCase(sSubKey) = IXOS_ARCHIVE Then sKeyExist = True Exit For End If Next Set sSubKey = Nothing Set arrSubKeys = Nothing If sKeyExist = True Then sPath = Software\IXOS\IXOS_ARCHIVE\Viewer\Printing On Error Resume Next oReg.EnumKey HKCU, sPath, arrSubKeys sKeyExist = False For Each sSubKey In arrSubKeys If UCase(sSubKey) = FAX Then sKeyExist = True Exit For End If Next Set sSubKey = Nothing Set arrSubKeys = Nothing If sKeyExist = False Then oReg.CreateKey HKCU, sPath \FAX oReg.SetDWORDValue HKCU, sPath \FAX, PaperSize, 1 Else On Error Resume Next oReg.EnumValue HKCU, sPath, arrValueNames, arrValueTypes sValueExist = False For Each sValue In arrValueNames If sValue = PaperSize Then sValueExist = True Exit For End If Next Set sValue = Nothing Set arrValueNames = Nothing Set arrValueTypes = Nothing If sValueExist = True Then oReg.GetDWORDValue HKCU, sPath \FAX, PaperSize, MYValueData If MYValueData 1 Then oReg.SetDWORDValue HKCU, sPath \FAX, PaperSize, 1 End If Else oReg.SetDWORDValue HKCU, sPath \FAX, PaperSize, 1 End If End If End If ### From: [EMAIL PROTECTED] on behalf of Harding, Devon Sent: Fri 10/14/2005 7:48 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Kix to VBS I'm having a tough time converting this kix script to ..vbs. Any Ideas? ; This change will fix an IXOS problem where the default paper size is A4 instead of Letter If KeyExist(HKCU\Software\IXOS\IXOS_ARCHIVE) = 1 If KeyExist(HKCU\Software\IXOS\IXOS_ARCHIVE\Viewer\Printing\FAX) = 0 AddKey(HKCU\Software\IXOS\IXOS_ARCHIVE\Viewer\Printing\FAX) EndIf If ReadValue(HKCU\Software\IXOS\IXOS_ARCHIVE\Viewer\Printing\FAX,PaperSi ze) 1 WriteValue(HKCU\Software\IXOS\IXOS_ARCHIVE\Viewer\Printing\FAX,PaperS ize,1,reg_dword) EndIf EndIf Devon Harding Windows Systems Engineer Southern Wine Spirits - BSG 954-602-2469 __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] salary(OT)
Robbie kills me... :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, October 17, 2005 6:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] salary(OT) Joe, I'm not sure what you've been smoking lately, but it must be good. A few clarifications We had more reviewers for AD3e than any other book I've done recently. People were asking us to review the book so we never had a problem finding enough reviewers. Rick, don't take offense. The book is going to be released the last day of December and will be in stores in January. Originally they said it was going to be in stores by December, but apparently that isn't the case now. Lastly, they are expecting to sell quite a bit more than 2000 copies. The first sell-in may be more than 2000 copies. O'Reilly wouldn't have done this book (much less expedite it) if they thought they'd sell only 2000 copies. They intend to do some special promotions with this book and hopefully it will have a significant store presence (ie, a few copies in most stores.) The 100ft ocean liner is still out of the question, but you should have no problem purchasing a used hole-free 10ft jon boat with one oar off ebay. Regards, Robbie Allen http://www.rallenhome.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, October 14, 2005 7:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] salary(OT) Hey I needed to maintain a certain quality Did you send something to Robbie to say you wanted to review it? In the end we were begging for reviewers, I even took Dean as a reviewer and you know the edge I had to be on for that He kept wanting to spell words wrong. Eventually I just took out all references to the words color, humor, and other or words. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Friday, October 14, 2005 7:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] salary(OT) joe said: Again, the reviewers did a fantastic job. Of which, you will all notice when the book comes out, I am _NOT_ one of those reviewers. joe said: They kept me honest Which is one of the reason _WHY_ I was not one of those reviewers Rick P.S. Hey, joe :op -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, October 14, 2005 6:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] salary(OT) Not out yet, I am expecting Mid November or Early December. I sent an email to see if I can find out. The book is NOT written in my voice, I tried as best as possible to maintain the voice that was there. I simply revised it though I did add a Chapter on ADAM and a chapter on some basic Exchange/AD Scripting. If you have the first or second edition I think you will find this edition worthy of picking up even if you don't have Windows Server 2003 SP1 or R2. I tried fleshing out and changing anything I didn't feel was right. Also the reviewers all did a bangup job finding things I missed. I admit I didn't sleep much in August or September. Tony may have noticed a lull in the list volume, me working on that book saved at least 2 bazillion helpless bits from being sacrificed. I learned that revising a book may actually be harder than writing a book from scratch and you get paid less. Well maybe it is depending on if you know what you want to write about. With revising you can't just write, you have to read, reread, write, reread, write, reread, tweak, reread. When you change the flow and feel and voice it is like hitting a brick wall when reading. I am sure I didn't get rid of all of the bricks but I certainly tried to knock the walls down to a point where you can step over them without too much trouble. Anyway, I spent less time writing the ADAM chapter than I spent updating the security chapter. I know now that I probably should have just rewritten from scratch and it would have gone faster. Oh well, live and learn or don't live long. Again, the reviewers did a fantastic job. They kept me honest when I tried to skip over some stuff when I got tired and I thank them profusely. I tried to do them justice in the small space provided to me for acknowledgements. Those are the things people tend not to look at at the front of the book. I do ask that if you pick up the book, you do look. Those, folks, deserve, the: attention. joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Server Monitoring
Nagios does the trick (free too) - www.nagios.org. MOM is another one (www.microsoft.com). Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Monday, October 17, 2005 9:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks at the event logs and tells daily health status of my server. Like today my email tells me my server has been running for 6 hours [just rebooted it last night] and it gives me an overview if auto services are not running, critical alerts and critical errors in the event logs. It tells me memory/disk size, cpu use, top processes, if the backup ran, and aggregates the alerts from all the log files. It's a health mon that dumps it's data into a msde database and builds the email to be sent internally or externally. What it does now, is only pulls data from the one box, the SBS box. but I can go into health mon and build my own monitors
[ActiveDir] NDTS.DIT sizes
Odd question I have 8 different DCs in a few sites; replication seems to be working great, all servers windows 2003 ENT. All servers have plenty of disk space. When I look at the actual size of my ntds.dit file, its relatively the same on all DCs except for one which is 30 MB larger than the others and the last date modified is 8/9/05, this server holds no roles either. Does this mean that Im having FRS problems on this server? Thanks in advance, Mike
Re: [ActiveDir] Server Monitoring
In the SBS consultant space we see more of www.levelplatforms.com and hyblue.com than MOM... Brian Desmond wrote: Nagios does the trick (free too) - www.nagios.org. MOM is another one (www.microsoft.com). Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Monday, October 17, 2005 9:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks at the event logs and tells daily health status of my server. Like today my email tells me my server has been running for 6 hours [just rebooted it last night] and it gives me an overview if auto services are not running, critical alerts and critical errors in the event logs. It tells me memory/disk size, cpu use, top processes, if the backup ran, and aggregates the alerts from all the log files. It's a health mon that dumps it's data into a msde database and builds the email to be sent
Re: [ActiveDir] Server Monitoring
Remote administration, IT infrastructure management, IT management software: http://www.kaseya.com/ Forgot one more. Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: In the SBS consultant space we see more of www.levelplatforms.com and hyblue.com than MOM... Brian Desmond wrote: Nagios does the trick (free too) - www.nagios.org. MOM is another one (www.microsoft.com). Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Monday, October 17, 2005 9:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks at the event logs and tells daily health status of my server. Like today my email tells me my server has been running for 6 hours [just rebooted it last night] and it gives me an overview if auto services are not running, critical alerts and critical errors in the event logs. It tells me memory/disk size, cpu use, top processes, if
RE: [ActiveDir] NDTS.DIT sizes
A more likely explanation (assuming 30Mb is small compared to the overall DIT file size) is that this database is more fragmented than the other databases on the other DCs. The amount of whitespace consumed within a database can be ascertained via this KB: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/975c456e-8b79-4ace-8363-82543236dbb3.mspx neil ___Neil RustonGlobal Technology InfrastructureNomura International plcTelephone: +44 (0) 20 7521 3481 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike HogenauerSent: 17 October 2005 16:39To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] NDTS.DIT sizes Odd question I have 8 different DCs in a few sites; replication seems to be working great, all servers windows 2003 ENT. All servers have plenty of disk space. When I look at the actual size of my ntds.dit file, its relatively the same on all DCs except for one which is 30 MB larger than the others and the last date modified is 8/9/05, this server holds no roles either. Does this mean that Im having FRS problems on this server? Thanks in advance, Mike PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies.
RE: [ActiveDir] NDTS.DIT sizes
In many environments, 30 MB would be considered a small difference in sizes between DITs. In a very small environment I have, the difference is 18 MB. In large environments I have seen differentials in the GBs. In many cases larger differentials are due to white space in the DIT. As for FRS, there should be no relation between problems it is having and the size of the DIT. Regards, Aric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Monday, October 17, 2005 8:38 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] NDTS.DIT sizes Odd question I have 8 different DCs in a few sites; replication seems to be working great, all servers windows 2003 ENT. All servers have plenty of disk space. When I look at the actual size of my ntds.dit file, its relatively the same on all DCs except for one which is 30 MB larger than the others and the last date modified is 8/9/05, this server holds no roles either. Does this mean that Im having FRS problems on this server? Thanks in advance, Mike
[ActiveDir] Global Catalog
Hi Just a quick and easy question to profs: Can AD domain controller of one domain (one.com) with Global Catalog function enabled somehow process logon request of user from different domain (other.biz), in case when all domain controllers for that other domain (other.biz) are not reachable? I believe - no. Am I right? Thanks, Pete -- Bezmaksas e-pasta adreses piedāvā http://pasts.delfi.lv/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Server Monitoring
Not sure if it's been mentioned but we've had good success for red or green status with WhatsUp Gold. It can also be configured to send an alert when something goes down. Has a web based interface that can be monitored from the desktop if desired. Jerry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Monday, October 17, 2005 10:44 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Server Monitoring In the SBS consultant space we see more of www.levelplatforms.com and hyblue.com than MOM... Brian Desmond wrote: Nagios does the trick (free too) - www.nagios.org. MOM is another one (www.microsoft.com). Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Monday, October 17, 2005 9:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks
RE: [ActiveDir] Kix to VBS
Look at http://www.lissware.net, Volume 1, Sample 1.01 to 1.25 - WSHScript.vbs, which uses a series of functions. In this list of functions, you will find two generic routines to play with: ReadRegistryFunction.vbs and WriteRegistryFunction.vbs. With these two, you are all set. I reproed the ReadRegistry one below. Note that from the WSH object model, RegWrite method does not support REG_MULTI_SZ. If you need to update REG_MULTI_SZ, you need to use the WMI model. For this see http://www.lissware.net, Vol 2, Sample 3.03 to 3.09 - WMIRegistry.wsf (Second code exerpt below). HTH. ' Author: Alain Lissoir ([EMAIL PROTECTED]) ' ' ISBN 182664 - Understanding WMI Scripting (Digital Press) ' ISBN 182990 - Leveraging WMI Scripting (Digital Press) ' WSH Technique Private Function ReadRegistry (objFileName, strKeyName, KeyValueName, strRegType) Dim strRegKey Dim varRegKeyValue() Dim intIndice Dim strTempValue On Error Resume Next strRegKey = strKeyName \ KeyValueName WriteToFile objFileName, ** Reading registry ' strRegKey '( strRegType ). strTempValue = WshShell.RegRead (strRegKey) If Err.Number Then ErrorHandler objFileName, ReadRegistry, Err, boolErrorPopup Exit Function End If Select Case strRegType Case REG_BINARY ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = h Right(00 Hex(strTempValue(intIndice)), 2) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_DWORD ReDim varRegKeyValue(0) varRegKeyValue(0) = h Hex (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) Case REG_MULTI_SZ ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = strTempValue(intIndice) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_EXPAND_SZ ReDim varRegKeyValue(0) varRegKeyValue(0) = WshShell.ExpandEnvironmentStrings (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) Case Else ReDim varRegKeyValue(0) varRegKeyValue(0) = strTempValue WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) End Select ReadRegistry = varRegKeyValue End Function ' WMI technique -- Select Case intKeyType Case REG_SZ intRC = objWMIClass.SetStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_MULTI_SZ intRC = objWMIClass.SetMultiStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_EXPAND_SZ intRC = objWMIClass.SetExpandedStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_BINARY intRC = objWMIClass.SetBinaryValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_DWORD intRC = objWMIClass.SetDWORDValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) End Select -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Monday, October 17, 2005 8:25 AM To: ActiveDir@mail.activedir.org
[ActiveDir] slightly OT: MissionControl for MIIS
Hi listers, I'm considering MIIS for a project haven't been able to find much non-MS information about MIIS out there on the web. Hoping for help from y'all. One of the minor knocks against MIIS seems to be a lack of mgmt/troubleshooting tools. Netpro claims to have filled this gap with MissionControl for MIIS. Does anyone have any experience with this tool that you'd be willing to share? I'm interested in high-level stuff at this point, such as: What's the licensing scheme? In your opinion, does MissionControl fulfill it's promises? What's your impression of ease of implementation, usability, overall bang-for-the-buck, etc? Thanks! --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] slightly OT: MissionControl for MIIS
Hi David, The licensing scheme is per-production-MIIS-server-processor (like MIIS), plus a charge for each 5 management agents. Test servers, or processors not used by MIIS aren't counted. The rest of the questions I'll leave to others, as I suspect my opinions are biased :) You might get more feedback on MIIS-related topics from the MMSUG Yahoo group. -gil CTO, NetPro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McClure David Sent: Monday, October 17, 2005 9:19 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] slightly OT: MissionControl for MIIS Hi listers, I'm considering MIIS for a project haven't been able to find much non-MS information about MIIS out there on the web. Hoping for help from y'all. One of the minor knocks against MIIS seems to be a lack of mgmt/troubleshooting tools. Netpro claims to have filled this gap with MissionControl for MIIS. Does anyone have any experience with this tool that you'd be willing to share? I'm interested in high-level stuff at this point, such as: What's the licensing scheme? In your opinion, does MissionControl fulfill it's promises? What's your impression of ease of implementation, usability, overall bang-for-the-buck, etc? Thanks! --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] RIS WinPE Question
I am running WinPE on W2k3 server, only change I have done in .SIf is OsLoadOptions = /noguiboot /fastdetect /minint imagetype = WinPE You might find great help related to WinPE on : http://www.911cd.net/forums/ -- Kamlesh On 10/16/05, Dan Holme [EMAIL PROTECTED] wrote: I hope some of you brainiacs can help me out here. I have a WinPE image loaded into a W2K3 RIS server. It launches as a standard image just fine, but creates a computer account in AD. I know that W2K3 SP1 is supposed to have the functionality where I can change the *.sif value ImageType=Flat to ImageType=WinPE and then WinPE is supposed to show up in my "TOOLS" menu, but it doesn't. It just disappears as an option altogether. I've tried various combinations of the Choice Options GPO, including Disabling all options EXCEPT Tools, at which point the PXE client just says "Can't show you anything ha ha ha." (or something evil to that effect). After 2 hours of experimentation and googling, I'm at wits end… Any help would be greatly appreciated. Dan -- ~~~Fortune and Love befriend the bold~~~
RE: [ActiveDir] Kix to VBS
Which method is preferred, WSH or WMI? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: Monday, October 17, 2005 12:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Kix to VBS Look at http://www.lissware.net, Volume 1, Sample 1.01 to 1.25 - WSHScript.vbs, which uses a series of functions. In this list of functions, you will find two generic routines to play with: ReadRegistryFunction.vbs and WriteRegistryFunction.vbs. With these two, you are all set. I reproed the ReadRegistry one below. Note that from the WSH object model, RegWrite method does not support REG_MULTI_SZ. If you need to update REG_MULTI_SZ, you need to use the WMI model. For this see http://www.lissware.net, Vol 2, Sample 3.03 to 3.09 - WMIRegistry.wsf (Second code exerpt below). HTH. ' Author: Alain Lissoir ([EMAIL PROTECTED]) ' ' ISBN 182664 - Understanding WMI Scripting (Digital Press) ' ISBN 182990 - Leveraging WMI Scripting (Digital Press) ' WSH Technique Private Function ReadRegistry (objFileName, strKeyName, KeyValueName, strRegType) Dim strRegKey Dim varRegKeyValue() Dim intIndice Dim strTempValue On Error Resume Next strRegKey = strKeyName \ KeyValueName WriteToFile objFileName, ** Reading registry ' strRegKey '( strRegType ). strTempValue = WshShell.RegRead (strRegKey) If Err.Number Then ErrorHandler objFileName, ReadRegistry, Err, boolErrorPopup Exit Function End If Select Case strRegType Case REG_BINARY ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = h Right(00 Hex(strTempValue(intIndice)), 2) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_DWORD ReDim varRegKeyValue(0) varRegKeyValue(0) = h Hex (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) Case REG_MULTI_SZ ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = strTempValue(intIndice) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_EXPAND_SZ ReDim varRegKeyValue(0) varRegKeyValue(0) = WshShell.ExpandEnvironmentStrings (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) Case Else ReDim varRegKeyValue(0) varRegKeyValue(0) = strTempValue WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) End Select ReadRegistry = varRegKeyValue End Function ' WMI technique -- Select Case intKeyType Case REG_SZ intRC = objWMIClass.SetStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_MULTI_SZ intRC = objWMIClass.SetMultiStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_EXPAND_SZ intRC = objWMIClass.SetExpandedStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_BINARY intRC = objWMIClass.SetBinaryValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_DWORD intRC = objWMIClass.SetDWORDValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) End Select -Original Message- From: [EMAIL
RE: [ActiveDir] Global Catalog
Yes you are correct. The answer is No. A domain within a forest is the authentication boundary. So when all DCs of domain other.biz are unavailable the users from other.biz will not be able to log on as there is no DC available to authenticate the user at logon and create the access token. During logon a GC is contacted to check if universal group memberships exist for the user account logging on. Jorge From: [EMAIL PROTECTED] on behalf of Pete Sent: Mon 10/17/2005 5:57 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Global Catalog Hi Just a quick and easy question to profs: Can AD domain controller of one domain (one.com) with Global Catalog function enabled somehow process logon request of user from different domain (other.biz), in case when all domain controllers for that other domain (other.biz) are not reachable? I believe - no. Am I right? Thanks, Pete -- Bezmaksas e-pasta adreses piedava http://pasts.delfi.lv/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Server Monitoring
Whats Up Gold -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Monday, October 17, 2005 9:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks at the event logs and tells daily health status of my server. Like today my email tells me my server has been running for 6 hours [just rebooted it last night] and it gives me an overview if auto services are not running, critical alerts and critical errors in the event logs. It tells me memory/disk size, cpu use, top processes, if the backup ran, and aggregates the alerts from all the log files. It's a health mon that dumps it's data into a msde database and builds the email to be sent internally or externally. What it does now, is only pulls data from the one box, the SBS box. but I can go into health mon and build my own monitors and grab those event logs from other machines [need to so that just haven't gotten around to it]. Right now if someone [usually me] fat
RE: [ActiveDir] Server Monitoring
GFI's Network Server Monitor is another to check out.. Works well for us. http://www.gfi.com/nsm/ Nate - Nathan Henderson Network Engineer Northwest University ph 425.889.5358 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Monday, October 17, 2005 6:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks at the event logs and tells daily health status of my server. Like today my email tells me my server has been running for 6 hours [just rebooted it last night] and it gives me an overview if auto services are not running, critical alerts and critical errors in the event logs. It tells me memory/disk size, cpu use, top processes, if the backup ran, and aggregates the alerts from all the log files. It's a health mon that dumps it's data into a msde database and builds the email to be sent internally or externally. What it does now, is only pulls data from the one box, the SBS box. but I can go into
RE: [ActiveDir] Kix to VBS
Devon, my personal opinion is to avoid WSH when possible, just because I have run into cases wehre I used a vbscript custom action in an MSI package, and the WSH is unavailable [1] to the Windows Installer. Since I ran that, if I think I might need to use this cool new thing I figured out how to do with vbscript in an MSI, then I try to use WMI or other methods, even if WSH exposes them more easily. But that's my personal preference, and I am by no means a scripting guru :) Rich [1] http://msdn.microsoft.com/library/default.asp?url=/library/en-us/msi/set up/scripts.asp: Note The installer runs script custom actions directly and does not use the Windows Script Host. The WScript object cannot be used inside a script custom action because this object is provided by the Windows Script Host. Objects in the Windows Script Host object model can only be used in custom actions if Windows Script Host is installed on the computer by creating new instances of the object, with a call to CreateObject, and providing the ProgId of the object (for example WScript.Shell). Depending on the type of script custom action, access to some objects and methods of the Windows Script Host object model may be denied for security reasons. --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Monday, October 17, 2005 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Kix to VBS Which method is preferred, WSH or WMI? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: Monday, October 17, 2005 12:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Kix to VBS Look at http://www.lissware.net, Volume 1, Sample 1.01 to 1.25 - WSHScript.vbs, which uses a series of functions. In this list of functions, you will find two generic routines to play with: ReadRegistryFunction.vbs and WriteRegistryFunction.vbs. With these two, you are all set. I reproed the ReadRegistry one below. Note that from the WSH object model, RegWrite method does not support REG_MULTI_SZ. If you need to update REG_MULTI_SZ, you need to use the WMI model. For this see http://www.lissware.net, Vol 2, Sample 3.03 to 3.09 - WMIRegistry.wsf (Second code exerpt below). HTH. ' Author: Alain Lissoir ([EMAIL PROTECTED]) ' ' ISBN 182664 - Understanding WMI Scripting (Digital Press) ' ISBN 182990 - Leveraging WMI Scripting (Digital Press) ' WSH Technique Private Function ReadRegistry (objFileName, strKeyName, KeyValueName, strRegType) Dim strRegKey Dim varRegKeyValue() Dim intIndice Dim strTempValue On Error Resume Next strRegKey = strKeyName \ KeyValueName WriteToFile objFileName, ** Reading registry ' strRegKey '( strRegType ). strTempValue = WshShell.RegRead (strRegKey) If Err.Number Then ErrorHandler objFileName, ReadRegistry, Err, boolErrorPopup Exit Function End If Select Case strRegType Case REG_BINARY ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = h Right(00 Hex(strTempValue(intIndice)), 2) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_DWORD ReDim varRegKeyValue(0) varRegKeyValue(0) = h Hex (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) Case REG_MULTI_SZ ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = strTempValue(intIndice) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_EXPAND_SZ ReDim varRegKeyValue(0) varRegKeyValue(0) = WshShell.ExpandEnvironmentStrings (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0)
RE: [ActiveDir] Documenting AD
Joe, You're right... Sorry for that... Let me guess... Because objectCategory is indexed and because objectClass is not although you suggest to index it? ;-) Cheers, Jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, October 13, 2005 23:55 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Documenting AD Jorge, we need to introduce you to objectcategory. ;o) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Thursday, October 13, 2005 6:16 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Documenting AD What could be interesting is just having the information, not how it is presented. For the documentation of the site and replication topology (and of course others like OUs structure, members of powerfll groups, etc.) you could use something like ADFIND. OK, the presentation of it may not be the most beautifull for documentation but it could be used my EUR 0,0002 Cheers, Jorge ADFIND: http://www.joeware.net/win/free/tools/adfind.htm determine sites: adfind -config -f (objectClass=site) -dn determine subnets and associated subnets: adfind -config -f (objectClass=subnet) distinguishedname siteobject determine properties of the intersite transports adfind -config -f (objectClass=interSiteTransport) determine site links and associated sites: adfind -config -f (objectClass=sitelink) distinguishedname sitelist determine all Site link bridges and its properties adfind -config -f (objectClass=siteLinkBridge) determine all NTDS Site Settings objects for each site and its properties adfind -config -f (objectClass=nTDSSiteSettings) determine all NTDS Settings objects for each DC and its properties adfind -config -f (objectClass=nTDSDSA) determine all replication connections and its properties adfind -config -f (objectClass=nTDSConnection) From: [EMAIL PROTECTED] on behalf of Peter Johnson Sent: Thu 10/13/2005 11:36 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Documenting AD Also you IP subnets to Site Mappings need to be documented. I.E. a list of all IP subnets and what site in Active Directory Sites and services they belong to. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: 12 October 2005 18:27 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Documenting AD [Brett]spending time working on AD Replication, AD backup/restore Did you create ASR and will a DC who masters changes (per joe's comments) and who goes down and has to be rebuilt via ASR have the USN rollback problems you guys are talking about? [Hint] Keep it simple. Some of us cannot follow all of this because you guys are so far out there, we couldn't track you even with the Hubble telescope. Just tell me my ASRs are OK RH ___ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, October 12, 2005 11:42 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Documenting AD Additional components: = Schema Database Administrative support model Domain controller spec DC/GC placement Exchange topology and design DNS design (zone type, placement etc etc) SYSVOL/FRS DFS Administration: === User and group admin and tools DC admin/support and tools Forest admin and ownership GPO admin and tools I'll stop there and let others chime in... neil ___ Neil Ruston Global Technology Infrastructure Nomura International plc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Sutton Sent: 12 October 2005 16:28 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Documenting AD Hey all, Being the local bod with AD knowledge at work I've been volunteered the job of documenting our domain (possibly more than one if this goes well). Whilst being a good little job it has already caused me a few problems, mainly just how much detail to put in, so I thought I'd ask for some pearls of wisdom from you guys. What do you lot do? How do you go about it? etc so far I'm thinking along these lines: - a general AD layout diagram detailing the OU structure - Visio will be the weapon of choice I think - list all GPO's, where they're linked to and what they do etc - a breakdown of sites and their links - a breakdown of replication settings - listing of service accounts with descriptions and reasons for existence (maybe?) - trusts between any other domains - detail FSMO roles ... and that's kinda where I run out of ideas lol what do you'll reckon? Have I missed or gone overboard on anything? if I've got the time I'd like to try and script as much of this as possible, but if anyone knows of something
RE: [ActiveDir] Server Monitoring
Agreed ( not WUP) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Monday, October 17, 2005 1:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Server Monitoring Whats Up Gold -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Monday, October 17, 2005 9:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks at the event logs and tells daily health status of my server. Like today my email tells me my server has been running for 6 hours [just rebooted it last night] and it gives me an overview if auto services are not running, critical alerts and critical errors in the event logs. It tells me memory/disk size, cpu use, top processes, if the backup ran, and aggregates the alerts from all the log files. It's a health mon that dumps it's data into a msde database and builds the email to be sent internally or externally. What it does now, is
RE: [ActiveDir] Server Monitoring
We use ActiveXperts (.com), it used to be the same engine as the GFI tool, but the GFI tool has a much better UI for creating the monitors - I'd go with GFI at this point. It's fairly inexpensive, not really 'enterprise' ready (based on rule creation), but the number of rules that you can create and the ability to hook into vbs scripts works well for us. Thanks, JD -Original Message- From: John Parker [mailto:[EMAIL PROTECTED] Sent: Monday, October 17, 2005 8:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Monitoring Hello all... We are searching for a tool that will monitor server uptime and send out an alert when a server goes down. Anyone have a suggestion? Does not have to be too complicated. Everything is Win2K AD fully spacked. Thank you in advance. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: Sunday, October 16, 2005 9:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily anyway, but it's configurable] and it looks at the event logs and tells daily health status of my server. Like today my email tells me my server has been running for 6 hours [just rebooted it last night] and it gives me an overview if auto services are not running, critical alerts and critical errors in the event logs. It tells me memory/disk size, cpu use, top processes, if the backup ran, and aggregates the alerts from all the log files. It's a health mon that dumps it's data into a msde
[ActiveDir] DFS using a Hidden Share
Is it possible to create a DFS Root that is hidden using the $ symbol in the name \\domainname.org\dfsroot$ Thanks Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED]
RE: [ActiveDir] DFS using a Hidden Share
Yep, no problem jorge From: [EMAIL PROTECTED] on behalf of Salandra, Justin A. Sent: Mon 10/17/2005 9:41 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DFS using a Hidden Share Is it possible to create a DFS Root that is hidden using the $ symbol in the name \\domainname.org\dfsroot$ file:///\\domainname.org\dfsroot$ Thanks Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Global Catalog
Hmm - I wouldn't 100% call the domain the authentication boundary. Authentication in a W2k+ Network without any mods not to rely on the GC is done - as you said - via DC of the same domain the account resides plus any GC of the forest - not necessarily that a GC which resides in the same domain is available but the logon will work. Ulf I also don't agree with the general 'Forest is the security boundary'-statement B. Simon-Weidner |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |Almeida Pinto, Jorge de |Sent: Monday, October 17, 2005 6:47 PM |To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Global Catalog | |Yes you are correct. The answer is No. A domain within a |forest is the authentication boundary. So when all DCs of |domain other.biz are unavailable the users from other.biz |will not be able to log on as there is no DC available to |authenticate the user at logon and create the access token. |During logon a GC is contacted to check if universal group |memberships exist for the user account logging on. | |Jorge | | | |From: [EMAIL PROTECTED] on behalf of Pete |Sent: Mon 10/17/2005 5:57 PM |To: ActiveDir@mail.activedir.org |Subject: [ActiveDir] Global Catalog | | | |Hi | |Just a quick and easy question to profs: | |Can AD domain controller of one domain (one.com) with Global |Catalog function enabled somehow process logon request of user |from different domain (other.biz), in case when all domain |controllers for that other domain (other.biz) are not reachable? | |I believe - no. |Am I right? | |Thanks, | |Pete | | |-- |Bezmaksas e-pasta adreses piedava http://pasts.delfi.lv/ |List info : http://www.activedir.org/List.aspx |List FAQ: http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | | |This e-mail and any attachment is for authorised use by the |intended recipient(s) only. It may contain proprietary |material, confidential information and/or be subject to legal |privilege. It should not be copied, disclosed to, retained or |used by, any other party. If you are not an intended recipient |then please promptly delete this e-mail and any attachment and |all copies and inform the sender. Thank you. |List info : http://www.activedir.org/List.aspx |List FAQ: http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ | List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] salary(OT)
BTW - let us know when we can start the ad-campaign in our blogs / websites ;-) Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |[EMAIL PROTECTED] |Sent: Monday, October 17, 2005 2:40 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] salary(OT) | |Joe, I'm not sure what you've been smoking lately, but it must |be good. A few clarifications | |We had more reviewers for AD3e than any other book I've done recently. |People were asking us to review the book so we never had a |problem finding enough reviewers. Rick, don't take offense. | |The book is going to be released the last day of December and |will be in stores in January. Originally they said it was |going to be in stores by December, but apparently that isn't |the case now. | |Lastly, they are expecting to sell quite a bit more than 2000 |copies. The first sell-in may be more than 2000 copies. |O'Reilly wouldn't have done this book (much less expedite it) |if they thought they'd sell only 2000 copies. They intend to |do some special promotions with this book and hopefully it |will have a significant store presence (ie, a few copies in |most stores.) The 100ft ocean liner is still out of the |question, but you should have no problem purchasing a used |hole-free 10ft jon boat with one oar off ebay. | |Regards, |Robbie Allen |http://www.rallenhome.com/ | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of joe |Sent: Friday, October 14, 2005 7:36 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] salary(OT) | |Hey I needed to maintain a certain quality | |Did you send something to Robbie to say you wanted to review |it? In the end we were begging for reviewers, I even took Dean |as a reviewer and you know the edge I had to be on for |that He kept wanting to spell words wrong. |Eventually I just took out all references to the words color, |humor, and other or words. | | | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan |Sent: Friday, October 14, 2005 7:31 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] salary(OT) | |joe said: Again, the reviewers did a fantastic job. | |Of which, you will all notice when the book comes out, I am |_NOT_ one of those reviewers. | |joe said: They kept me honest | |Which is one of the reason _WHY_ I was not one of those reviewers | |Rick | |P.S. Hey, joe :op | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of joe |Sent: Friday, October 14, 2005 6:10 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] salary(OT) | |Not out yet, I am expecting Mid November or Early December. I |sent an email to see if I can find out. | |The book is NOT written in my voice, I tried as best as |possible to maintain the voice that was there. I simply |revised it though I did add a Chapter on ADAM and a chapter on |some basic Exchange/AD Scripting. If you have the first or |second edition I think you will find this edition worthy of |picking up even if you don't have Windows Server 2003 SP1 or |R2. I tried fleshing out and changing anything I didn't feel |was right. Also the reviewers all did a bangup job finding |things I missed. I admit I didn't sleep much in August or |September. Tony may have noticed a lull in the list volume, me |working on that book saved at least 2 bazillion helpless bits |from being sacrificed. | |I learned that revising a book may actually be harder than |writing a book from scratch and you get paid less. Well maybe |it is depending on if you know what you want to write about. |With revising you can't just write, you have to read, reread, |write, reread, write, reread, tweak, reread. When you change |the flow and feel and voice it is like hitting a brick wall |when reading. I am sure I didn't get rid of all of the bricks |but I certainly tried to knock the walls down to a point where |you can step over them without too much trouble. Anyway, I |spent less time writing the ADAM chapter than I spent updating |the security chapter. I know now that I probably should have |just rewritten from scratch and it would have gone faster. Oh |well, live and learn or don't live long. | |Again, the reviewers did a fantastic job. They kept me honest |when I tried to skip over some stuff when I got tired and I |thank them profusely. I tried to do them justice in the small |space provided to me for acknowledgements. |Those are the things people tend not to look at at the front |of the book. I do ask that if you pick up the book, you do |look. Those, folks, deserve, |the: attention. | | | joe |List info : http://www.activedir.org/List.aspx |List FAQ: http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ | List info :
RE: [ActiveDir] Knowing when users were deleted.
I've discussed something like this recently: display a monitoring summary at every admin login, e.g. instead of the annoying configure your server thingie ;-) There are just to many admins not paying any attention to the event logs, so if they don't go into event logs bring the event logs to them :D Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Susan |Bradley, CPA aka Ebitz - SBS Rocks [MVP] |Sent: Monday, October 17, 2005 3:33 AM |To: ActiveDir@mail.activedir.org |Subject: Re: [ActiveDir] Knowing when users were deleted. | |here she goes again.. I know ... I'm terrible at lurking | |In SBSland we have a daily monitoring email [well ... I send |it daily anyway, but it's configurable] and it looks at the |event logs and tells daily health status of my server. | |Like today my email tells me my server has been running for 6 |hours [just rebooted it last night] and it gives me an |overview if auto services are not running, critical alerts and |critical errors in the event logs. | |It tells me memory/disk size, cpu use, top processes, if the |backup ran, and aggregates the alerts from all the log files. | |It's a health mon that dumps it's data into a msde database |and builds the email to be sent internally or externally. | |What it does now, is only pulls data from the one box, the SBS |box. but I can go into health mon and build my own monitors |and grab those event logs from other machines [need to so that |just haven't gotten around to it]. | |Right now if someone [usually me] fat fingers a password, for |example, it gives me an alert in the email of the last time it |occurred and how many occurrances. Basically it's tracking |the critical alerts in all the event logs and summarizing the |events along with the number of events in the email [and |showing the last time the event occurred so you can start your |investigation from that point back] | |For SBS it's in the box, it's a gui wizard that builds |this pretty little html email that my server builds and hits |me every morning at 6 a.m and says Hey here's how I'm |doing...how are you?. It's the mid market that doesn't have |this. [and yes, we've told Mothership Redmond they need to |steal this sucker and put it in the mid market server bundle] | |Does it make me more aware of events on my server? Oh you |betcha it does. Which is why this needs to be as you |say...native in small and medium serversheck I'd strongly |argue that no server should be shipped without some admin |somewhere getting an in your face report on that sucker. | |I'll go to Frys and buy bigger harddrives if I need to. But |give me a big fat audit log file and I'm a happy camper. | | |Al Mulnick wrote: | |I'll see your Eurocents and add raise you two. :) | |I fully understand where you're coming from Ulf. Adding this |information |into the DIT when it is currently possible to get is |something that grates |against common sense and common engineering principles even |if you subscribe |to belts and braces methodologies. | |However, I think two things make this a worthwhile request with a big |payoff. First to Laura's point about diminishing returns. I |agree, at some |point there will be diminishing returns. I also believe that |as hardware |gets bigger (i.e. Standard 80 GB hard drives, 1 GB memory in |workstation |machines, etc. [1]) the bar gets raised until we get to the |diminishing |return. Since we're targeting 80/20 out of the box [2] it |seems reasonable |that 80% of the deployments would benefit from such a change. |The other 20 |would be those that a) don't care or know about such things |and b) those |that can't tolerate the additional overhead and therefore |wouldn't want to |deploy it. I say tough pickles to them. :) Seriously, this |could be on by |default but configurable (group policy?) to disable it as a |performance |issue etc. | |Second, I think that the major benefit is the ability to |actually get usable |information native to the product vs. having to invest in a |third party |product. Why? Because today in order to get that information |I have to have |something that scrapes the Security logs looking for such |information. Is |this a good idea? I think it is. Is it something that could |be native? I |think it could and should be native if technically feasible. | |Making us look in a particular DC's event logs is more |difficult than it |should be without yet another product. That's fine for the |really large |companies that have deeper pockets, and larger needs. For |the small to |medium businesses, it should not be so difficult nor should |it *require* SQL |licensing or expertise. | | | |[1] I'm not saying that the quality has kept up, only that |the hardware is |bigger, faster, stronger and cheaper. |[2] I'm making that up, but it sounds reasonable | | | | |-Original Message- |From: [EMAIL PROTECTED]
Re: [ActiveDir] slightly OT: MissionControl for MIIS
I'd be interested in hearing if any of you have been using this. Having used MIIS a bit lately I'd love to hear about anything that makes it easier to manage. Phil On 10/17/05, Gil Kirkpatrick [EMAIL PROTECTED] wrote: Hi David,The licensing scheme is per-production-MIIS-server-processor (likeMIIS), plus a charge for each 5 management agents. Test servers, or processors not used by MIIS aren't counted. The rest of the questionsI'll leave to others, as I suspect my opinions are biased :)You might get more feedback on MIIS-related topics from the MMSUG Yahoogroup. -gilCTO, NetPro-Original Message-From: [EMAIL PROTECTED][mailto: [EMAIL PROTECTED]] On Behalf Of McClure DavidSent: Monday, October 17, 2005 9:19 AMTo: 'ActiveDir@mail.activedir.org'Subject: [ActiveDir] slightly OT: MissionControl for MIIS Hi listers,I'm considering MIIS for a project haven't been able to find muchnon-MSinformation about MIIS out there on the web.Hoping for help fromy'all.One of the minor knocks against MIIS seems to be a lack of mgmt/troubleshooting tools.Netpro claims to have filled this gap withMissionControl for MIIS.Does anyone have any experience with this toolthat you'd be willing to share?I'm interested in high-level stuff at thispoint, such as:What's the licensing scheme?In your opinion, doesMissionControl fulfill it's promises?What's your impression of ease ofimplementation, usability, overall bang-for-the-buck, etc? Thanks!---This message and any included attachments are from Siemens MedicalSolutionsUSA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privilegedorotherwise confidential information.Unauthorized review, forwarding,printing,copying, distributing, or using such information is strictly prohibited and maybe unlawful.If you received this message in error, or have reason tobelieveyou are not authorized to receive it, please promptly delete thismessage andnotify the sender by e-mail with a copy to [EMAIL PROTECTED]Thank youList info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspxList archive:http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Knowing when users were deleted.
Another Hmm. I'd still like to see that better configured that putting it into the AD if the infos are already there (or configurable). We could request to make it default to log that kind of info. And as far as we are talking about looking into every server: Where's ACS? And also SNMP would be an option to get notified on a single system instead of looking into every DC. Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick |Sent: Monday, October 17, 2005 3:10 AM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Knowing when users were deleted. | |I'll see your Eurocents and add raise you two. :) | |I fully understand where you're coming from Ulf. Adding this |information into the DIT when it is currently possible to get |is something that grates against common sense and common |engineering principles even if you subscribe to belts and |braces methodologies. | |However, I think two things make this a worthwhile request |with a big payoff. First to Laura's point about diminishing |returns. I agree, at some point there will be diminishing |returns. I also believe that as hardware gets bigger (i.e. |Standard 80 GB hard drives, 1 GB memory in workstation |machines, etc. [1]) the bar gets raised until we get to the |diminishing return. Since we're targeting 80/20 out of the |box [2] it seems reasonable that 80% of the deployments would |benefit from such a change. The other 20 would be those that |a) don't care or know about such things and b) those that |can't tolerate the additional overhead and therefore wouldn't |want to deploy it. I say tough pickles to them. :) |Seriously, this could be on by default but configurable (group |policy?) to disable it as a performance issue etc. | |Second, I think that the major benefit is the ability to |actually get usable information native to the product vs. |having to invest in a third party product. Why? Because today |in order to get that information I have to have something that |scrapes the Security logs looking for such information. Is |this a good idea? I think it is. Is it something that could |be native? I think it could and should be native if |technically feasible. | |Making us look in a particular DC's event logs is more |difficult than it should be without yet another product. |That's fine for the really large companies that have deeper |pockets, and larger needs. For the small to medium |businesses, it should not be so difficult nor should it |*require* SQL licensing or expertise. | | | |[1] I'm not saying that the quality has kept up, only that the |hardware is bigger, faster, stronger and cheaper. |[2] I'm making that up, but it sounds reasonable | | | | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. |Simon-Weidner |Sent: Sunday, October 16, 2005 4:42 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Knowing when users were deleted. | | |Hmm. | |Do we really want to excuse prior failure of proper auditing |by putting more data into AD? Wouldn't that lead into every |request of non-configured auditing to requests for extending |the AD? Do it right the first way. | |I completely agree that we should make the people more |auditing aware, and it would be great to have a centralized |auditing together with some force of configuration instead of |the per server events and auditing which is rearly configured. | |However I'm not sure if I want this kind of data in the AD. | |Just my Eurocents. | |Ulf | ||-Original Message- ||From: [EMAIL PROTECTED] ||[mailto:[EMAIL PROTECTED] On Behalf Of Laura E. ||Hunter ||Sent: Sunday, October 16, 2005 10:28 PM ||To: ActiveDir@mail.activedir.org ||Subject: Re: [ActiveDir] Knowing when users were deleted. || ||Various thoughts from this thread: || ||[1] I agree with Al and Paul[1] on a desire for that sort of |metadata. ||I'm not as convinced of the trade-off value of bloating the DIT for ||full undelete information, particularly in monster big environments. ||For my teeny-tiny single domain it probably wouldn't be that bad of a ||hit, but I imagine that the laws of diminishing returns would quickly ||set in. || ||[2] Please finish the thought, Brett, I'm sure I'd find it ||helpful/enlightening/informative even if it's only speaking in ||hypotheticals. || ||[3] It's Gil and Darren's turn to crack me up today, I guess joe is ||taking a break. || || ||[1] *waves* Hi Paul! Glad to see you alive post-Summit. || ||- L ||List info : http://www.activedir.org/List.aspx ||List FAQ: http://www.activedir.org/ListFAQ.aspx ||List archive: ||http://www.mail-archive.com/activedir%40mail.activedir.org/ || | | |List info : http://www.activedir.org/List.aspx |List FAQ: http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ |List info :
RE: [ActiveDir] Knowing when users were deleted.
ACS is now integrated into MOM3 which is coming I don't know when. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Monday, October 17, 2005 5:37 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Knowing when users were deleted. Another Hmm. I'd still like to see that better configured that putting it into the AD if the infos are already there (or configurable). We could request to make it default to log that kind of info. And as far as we are talking about looking into every server: Where's ACS? And also SNMP would be an option to get notified on a single system instead of looking into every DC. Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick |Sent: Monday, October 17, 2005 3:10 AM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Knowing when users were deleted. | |I'll see your Eurocents and add raise you two. :) | |I fully understand where you're coming from Ulf. Adding this |information into the DIT when it is currently possible to get |is something that grates against common sense and common |engineering principles even if you subscribe to belts and |braces methodologies. | |However, I think two things make this a worthwhile request |with a big payoff. First to Laura's point about diminishing |returns. I agree, at some point there will be diminishing |returns. I also believe that as hardware gets bigger (i.e. |Standard 80 GB hard drives, 1 GB memory in workstation |machines, etc. [1]) the bar gets raised until we get to the |diminishing return. Since we're targeting 80/20 out of the |box [2] it seems reasonable that 80% of the deployments would |benefit from such a change. The other 20 would be those that |a) don't care or know about such things and b) those that |can't tolerate the additional overhead and therefore wouldn't |want to deploy it. I say tough pickles to them. :) |Seriously, this could be on by default but configurable (group |policy?) to disable it as a performance issue etc. | |Second, I think that the major benefit is the ability to |actually get usable information native to the product vs. |having to invest in a third party product. Why? Because today |in order to get that information I have to have something that |scrapes the Security logs looking for such information. Is |this a good idea? I think it is. Is it something that could |be native? I think it could and should be native if |technically feasible. | |Making us look in a particular DC's event logs is more |difficult than it should be without yet another product. |That's fine for the really large companies that have deeper |pockets, and larger needs. For the small to medium |businesses, it should not be so difficult nor should it |*require* SQL licensing or expertise. | | | |[1] I'm not saying that the quality has kept up, only that the |hardware is bigger, faster, stronger and cheaper. |[2] I'm making that up, but it sounds reasonable | | | | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. |Simon-Weidner |Sent: Sunday, October 16, 2005 4:42 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Knowing when users were deleted. | | |Hmm. | |Do we really want to excuse prior failure of proper auditing |by putting more data into AD? Wouldn't that lead into every |request of non-configured auditing to requests for extending |the AD? Do it right the first way. | |I completely agree that we should make the people more |auditing aware, and it would be great to have a centralized |auditing together with some force of configuration instead of |the per server events and auditing which is rearly configured. | |However I'm not sure if I want this kind of data in the AD. | |Just my Eurocents. | |Ulf | ||-Original Message- ||From: [EMAIL PROTECTED] ||[mailto:[EMAIL PROTECTED] On Behalf Of Laura E. ||Hunter ||Sent: Sunday, October 16, 2005 10:28 PM ||To: ActiveDir@mail.activedir.org ||Subject: Re: [ActiveDir] Knowing when users were deleted. || ||Various thoughts from this thread: || ||[1] I agree with Al and Paul[1] on a desire for that sort of |metadata. ||I'm not as convinced of the trade-off value of bloating the DIT for ||full undelete information, particularly in monster big environments. ||For my teeny-tiny single domain it probably wouldn't be that bad of a ||hit, but I imagine that the laws of diminishing returns would quickly ||set in. || ||[2] Please finish the thought, Brett, I'm sure I'd find it ||helpful/enlightening/informative even if it's only speaking in ||hypotheticals. || ||[3] It's Gil and Darren's turn to crack me up today, I guess joe is ||taking a break. || || ||[1] *waves* Hi Paul! Glad to see you alive post-Summit. || ||- L ||List info :
RE: [ActiveDir] Global Catalog
Well, I call it that way because a user can authenticate with only DCs from its domain available (assuming the requirement for a GC is disabled) but cannot authenticate without a DC from its domain while having a GC available. You are correct that any GC in the forest may be used if the GC requirement is enabled (by default) or even use the crappy universal group caching feature. So you need a DC from your domain to authenticate and that is why a domain is called the authentication boundary (at least for me ;-) ) So why don't you agree with the general - forest is the security boundary - statement? Jorge From: [EMAIL PROTECTED] on behalf of Ulf B. Simon-Weidner Sent: Mon 10/17/2005 11:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Global Catalog Hmm - I wouldn't 100% call the domain the authentication boundary. Authentication in a W2k+ Network without any mods not to rely on the GC is done - as you said - via DC of the same domain the account resides plus any GC of the forest - not necessarily that a GC which resides in the same domain is available but the logon will work. Ulf I also don't agree with the general 'Forest is the security boundary'-statement B. Simon-Weidner |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |Almeida Pinto, Jorge de |Sent: Monday, October 17, 2005 6:47 PM |To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Global Catalog | |Yes you are correct. The answer is No. A domain within a |forest is the authentication boundary. So when all DCs of |domain other.biz are unavailable the users from other.biz |will not be able to log on as there is no DC available to |authenticate the user at logon and create the access token. |During logon a GC is contacted to check if universal group |memberships exist for the user account logging on. | |Jorge | | | |From: [EMAIL PROTECTED] on behalf of Pete |Sent: Mon 10/17/2005 5:57 PM |To: ActiveDir@mail.activedir.org |Subject: [ActiveDir] Global Catalog | | | |Hi | |Just a quick and easy question to profs: | |Can AD domain controller of one domain (one.com) with Global |Catalog function enabled somehow process logon request of user |from different domain (other.biz), in case when all domain |controllers for that other domain (other.biz) are not reachable? | |I believe - no. |Am I right? | |Thanks, | |Pete | | |-- |Bezmaksas e-pasta adreses piedava http://pasts.delfi.lv/ |List info : http://www.activedir.org/List.aspx |List FAQ: http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | | |This e-mail and any attachment is for authorised use by the |intended recipient(s) only. It may contain proprietary |material, confidential information and/or be subject to legal |privilege. It should not be copied, disclosed to, retained or |used by, any other party. If you are not an intended recipient |then please promptly delete this e-mail and any attachment and |all copies and inform the sender. Thank you. |List info : http://www.activedir.org/List.aspx |List FAQ: http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ | List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Global Catalog
|So why don't you agree with the general - forest is the |security boundary - statement? Cause IMHO the domain is a security boundary against accidential security issues, the forest against malicious/criminal. Companies usually trust their admins of different domains but might want to protect them against accidential mistakes or gaining rights easily. A different domain would be sufficient then. However if you want to protect yourself against admins with criminal energy (and I consider manipulating SID-History on purpose as criminal energy) the forest is the security boundary. So I agree a plain vanilla statement the domain is the security boundary is wrong, however I don't like the same plain vanilla statement of the forest - should be more clearly pointed out if we are talking about criminal intentions or accidential intentions (which includes let's try quickly if we are able to ... - does not include hacking). Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |Almeida Pinto, Jorge de |Sent: Monday, October 17, 2005 11:59 PM |To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Global Catalog | |Well, I call it that way because a user can authenticate with |only DCs from its domain available (assuming the requirement |for a GC is disabled) but cannot authenticate without a DC |from its domain while having a GC available. You are correct |that any GC in the forest may be used if the GC requirement is |enabled (by default) or even use the crappy universal group |caching feature. So you need a DC from your domain to |authenticate and that is why a domain is called the |authentication boundary (at least for me ;-) ) | |So why don't you agree with the general - forest is the |security boundary - statement? |Jorge | | | |From: [EMAIL PROTECTED] on behalf of Ulf B. |Simon-Weidner |Sent: Mon 10/17/2005 11:24 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Global Catalog | | | |Hmm - I wouldn't 100% call the domain the authentication boundary. | |Authentication in a W2k+ Network without any mods not to rely |on the GC is done - as you said - via DC of the same domain |the account resides plus any GC of the forest - not |necessarily that a GC which resides in the same domain is |available but the logon will work. | |Ulf I also don't agree with the general 'Forest is the |security boundary'-statement B. Simon-Weidner | ||-Original Message- ||From: [EMAIL PROTECTED] ||[mailto:[EMAIL PROTECTED] On Behalf Of |Almeida Pinto, ||Jorge de ||Sent: Monday, October 17, 2005 6:47 PM ||To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org ||Subject: RE: [ActiveDir] Global Catalog || ||Yes you are correct. The answer is No. A domain within a |forest is the ||authentication boundary. So when all DCs of domain other.biz are ||unavailable the users from other.biz ||will not be able to log on as there is no DC available to |authenticate ||the user at logon and create the access token. ||During logon a GC is contacted to check if universal group |memberships ||exist for the user account logging on. || ||Jorge || || || ||From: [EMAIL PROTECTED] on behalf of Pete ||Sent: Mon 10/17/2005 5:57 PM ||To: ActiveDir@mail.activedir.org ||Subject: [ActiveDir] Global Catalog || || || ||Hi || ||Just a quick and easy question to profs: || ||Can AD domain controller of one domain (one.com) with Global Catalog ||function enabled somehow process logon request of user from different ||domain (other.biz), in case when all domain controllers for |that other ||domain (other.biz) are not reachable? || ||I believe - no. ||Am I right? || ||Thanks, || ||Pete || || ||-- ||Bezmaksas e-pasta adreses piedava http://pasts.delfi.lv/ ||List info : http://www.activedir.org/List.aspx ||List FAQ: http://www.activedir.org/ListFAQ.aspx ||List archive: ||http://www.mail-archive.com/activedir%40mail.activedir.org/ || || || || ||This e-mail and any attachment is for authorised use by the intended ||recipient(s) only. It may contain proprietary material, confidential ||information and/or be subject to legal privilege. It should not be ||copied, disclosed to, retained or used by, any other party. |If you are ||not an intended recipient then please promptly delete this e-mail and ||any attachment and all copies and inform the sender. Thank you. ||List info : http://www.activedir.org/List.aspx ||List FAQ: http://www.activedir.org/ListFAQ.aspx ||List archive: ||http://www.mail-archive.com/activedir%40mail.activedir.org/ || | | |List info : http://www.activedir.org/List.aspx |List FAQ: http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ | | |List info : http://www.activedir.org/List.aspx |List FAQ: http://www.activedir.org/ListFAQ.aspx |List archive:
RE: [ActiveDir] Knowing when users were deleted.
Where's ACS? As the beta came to a end, the last I was told the agent would be in R2 (free) and the collector would be a separate product (!free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Monday, October 17, 2005 2:37 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Knowing when users were deleted. Another Hmm. I'd still like to see that better configured that putting it into the AD if the infos are already there (or configurable). We could request to make it default to log that kind of info. And as far as we are talking about looking into every server: Where's ACS? And also SNMP would be an option to get notified on a single system instead of looking into every DC. Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick |Sent: Monday, October 17, 2005 3:10 AM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Knowing when users were deleted. | |I'll see your Eurocents and add raise you two. :) | |I fully understand where you're coming from Ulf. Adding this |information into the DIT when it is currently possible to get |is something that grates against common sense and common |engineering principles even if you subscribe to belts and |braces methodologies. | |However, I think two things make this a worthwhile request |with a big payoff. First to Laura's point about diminishing |returns. I agree, at some point there will be diminishing |returns. I also believe that as hardware gets bigger (i.e. |Standard 80 GB hard drives, 1 GB memory in workstation |machines, etc. [1]) the bar gets raised until we get to the |diminishing return. Since we're targeting 80/20 out of the |box [2] it seems reasonable that 80% of the deployments would |benefit from such a change. The other 20 would be those that |a) don't care or know about such things and b) those that |can't tolerate the additional overhead and therefore wouldn't |want to deploy it. I say tough pickles to them. :) |Seriously, this could be on by default but configurable (group |policy?) to disable it as a performance issue etc. | |Second, I think that the major benefit is the ability to |actually get usable information native to the product vs. |having to invest in a third party product. Why? Because today |in order to get that information I have to have something that |scrapes the Security logs looking for such information. Is |this a good idea? I think it is. Is it something that could |be native? I think it could and should be native if |technically feasible. | |Making us look in a particular DC's event logs is more |difficult than it should be without yet another product. |That's fine for the really large companies that have deeper |pockets, and larger needs. For the small to medium |businesses, it should not be so difficult nor should it |*require* SQL licensing or expertise. | | | |[1] I'm not saying that the quality has kept up, only that the |hardware is bigger, faster, stronger and cheaper. |[2] I'm making that up, but it sounds reasonable | | | | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. |Simon-Weidner |Sent: Sunday, October 16, 2005 4:42 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Knowing when users were deleted. | | |Hmm. | |Do we really want to excuse prior failure of proper auditing |by putting more data into AD? Wouldn't that lead into every |request of non-configured auditing to requests for extending |the AD? Do it right the first way. | |I completely agree that we should make the people more |auditing aware, and it would be great to have a centralized |auditing together with some force of configuration instead of |the per server events and auditing which is rearly configured. | |However I'm not sure if I want this kind of data in the AD. | |Just my Eurocents. | |Ulf | ||-Original Message- ||From: [EMAIL PROTECTED] ||[mailto:[EMAIL PROTECTED] On Behalf Of Laura E. ||Hunter ||Sent: Sunday, October 16, 2005 10:28 PM ||To: ActiveDir@mail.activedir.org ||Subject: Re: [ActiveDir] Knowing when users were deleted. || ||Various thoughts from this thread: || ||[1] I agree with Al and Paul[1] on a desire for that sort of |metadata. ||I'm not as convinced of the trade-off value of bloating the DIT for ||full undelete information, particularly in monster big environments. ||For my teeny-tiny single domain it probably wouldn't be that bad of a ||hit, but I imagine that the laws of diminishing returns would quickly ||set in. || ||[2] Please finish the thought, Brett, I'm sure I'd find it ||helpful/enlightening/informative even if it's only speaking in ||hypotheticals. || ||[3] It's Gil and Darren's turn to crack me up today, I guess joe is ||taking a break. || || ||[1] *waves* Hi Paul! Glad to see you alive post-Summit. || ||- L ||List info :
RE: [ActiveDir] Global Catalog
I think it is better to describe a domain as a policy and administration boundary (and a replication boundary), rather than a weak security boundary. It is more precise, and IMO, given the automatic domain trusts in a forest, there is not much of a security boundary between domains. And given the ease with which malware is distributed (through email and web pages for instance), the distinction between criminal and unintentional is thin, if not non-existent. People with criminal intent subvert administrative machines and accounts all the time. So even if you think your domain admin threats are all in the non-malicious category (not a smart way to think in any case), once the domain admin is exposed to some malware script, they've effectively taken on the criminal intent. -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Monday, October 17, 2005 3:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Global Catalog |So why don't you agree with the general - forest is the |security boundary - statement? Cause IMHO the domain is a security boundary against accidential security issues, the forest against malicious/criminal. Companies usually trust their admins of different domains but might want to protect them against accidential mistakes or gaining rights easily. A different domain would be sufficient then. However if you want to protect yourself against admins with criminal energy (and I consider manipulating SID-History on purpose as criminal energy) the forest is the security boundary. So I agree a plain vanilla statement the domain is the security boundary is wrong, however I don't like the same plain vanilla statement of the forest - should be more clearly pointed out if we are talking about criminal intentions or accidential intentions (which includes let's try quickly if we are able to ... - does not include hacking). Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |Almeida Pinto, Jorge de |Sent: Monday, October 17, 2005 11:59 PM |To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Global Catalog | |Well, I call it that way because a user can authenticate with |only DCs from its domain available (assuming the requirement |for a GC is disabled) but cannot authenticate without a DC |from its domain while having a GC available. You are correct |that any GC in the forest may be used if the GC requirement is |enabled (by default) or even use the crappy universal group |caching feature. So you need a DC from your domain to |authenticate and that is why a domain is called the |authentication boundary (at least for me ;-) ) | |So why don't you agree with the general - forest is the |security boundary - statement? |Jorge | | | |From: [EMAIL PROTECTED] on behalf of Ulf B. |Simon-Weidner |Sent: Mon 10/17/2005 11:24 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Global Catalog | | | |Hmm - I wouldn't 100% call the domain the authentication boundary. | |Authentication in a W2k+ Network without any mods not to rely |on the GC is done - as you said - via DC of the same domain |the account resides plus any GC of the forest - not |necessarily that a GC which resides in the same domain is |available but the logon will work. | |Ulf I also don't agree with the general 'Forest is the |security boundary'-statement B. Simon-Weidner | ||-Original Message- ||From: [EMAIL PROTECTED] ||[mailto:[EMAIL PROTECTED] On Behalf Of |Almeida Pinto, ||Jorge de ||Sent: Monday, October 17, 2005 6:47 PM ||To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org ||Subject: RE: [ActiveDir] Global Catalog || ||Yes you are correct. The answer is No. A domain within a |forest is the ||authentication boundary. So when all DCs of domain other.biz are ||unavailable the users from other.biz ||will not be able to log on as there is no DC available to |authenticate ||the user at logon and create the access token. ||During logon a GC is contacted to check if universal group |memberships ||exist for the user account logging on. || ||Jorge || || || ||From: [EMAIL PROTECTED] on behalf of Pete ||Sent: Mon 10/17/2005 5:57 PM ||To: ActiveDir@mail.activedir.org ||Subject: [ActiveDir] Global Catalog || || || ||Hi || ||Just a quick and easy question to profs: || ||Can AD domain controller of one domain (one.com) with Global Catalog ||function enabled somehow process logon request of user from different ||domain (other.biz), in case when all domain controllers for |that other ||domain (other.biz) are not reachable? || ||I believe - no. ||Am I right? || ||Thanks, || ||Pete || || ||-- ||Bezmaksas e-pasta adreses piedava http://pasts.delfi.lv/ ||List info : http://www.activedir.org/List.aspx ||List FAQ: http://www.activedir.org/ListFAQ.aspx ||List archive:
RE: [ActiveDir] Kix to VBS
If you are Windows and above and don't need REG_MULTI_SZ updates, I would go for WSH (pretty simple model). If you need to do more complex stuffs, I would use WMI (which is actually used from WSH as it is the scripting engine). /Alain -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Monday, October 17, 2005 9:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Kix to VBS Which method is preferred, WSH or WMI? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: Monday, October 17, 2005 12:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Kix to VBS Look at http://www.lissware.net, Volume 1, Sample 1.01 to 1.25 - WSHScript.vbs, which uses a series of functions. In this list of functions, you will find two generic routines to play with: ReadRegistryFunction.vbs and WriteRegistryFunction.vbs. With these two, you are all set. I reproed the ReadRegistry one below. Note that from the WSH object model, RegWrite method does not support REG_MULTI_SZ. If you need to update REG_MULTI_SZ, you need to use the WMI model. For this see http://www.lissware.net, Vol 2, Sample 3.03 to 3.09 - WMIRegistry.wsf (Second code exerpt below). HTH. ' Author: Alain Lissoir ([EMAIL PROTECTED]) ' ' ISBN 182664 - Understanding WMI Scripting (Digital Press) ' ISBN 182990 - Leveraging WMI Scripting (Digital Press) ' WSH Technique Private Function ReadRegistry (objFileName, strKeyName, KeyValueName, strRegType) Dim strRegKey Dim varRegKeyValue() Dim intIndice Dim strTempValue On Error Resume Next strRegKey = strKeyName \ KeyValueName WriteToFile objFileName, ** Reading registry ' strRegKey '( strRegType ). strTempValue = WshShell.RegRead (strRegKey) If Err.Number Then ErrorHandler objFileName, ReadRegistry, Err, boolErrorPopup Exit Function End If Select Case strRegType Case REG_BINARY ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = h Right(00 Hex(strTempValue(intIndice)), 2) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_DWORD ReDim varRegKeyValue(0) varRegKeyValue(0) = h Hex (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) Case REG_MULTI_SZ ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = strTempValue(intIndice) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_EXPAND_SZ ReDim varRegKeyValue(0) varRegKeyValue(0) = WshShell.ExpandEnvironmentStrings (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) Case Else ReDim varRegKeyValue(0) varRegKeyValue(0) = strTempValue WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) End Select ReadRegistry = varRegKeyValue End Function ' WMI technique -- Select Case intKeyType Case REG_SZ intRC = objWMIClass.SetStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_MULTI_SZ intRC = objWMIClass.SetMultiStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_EXPAND_SZ intRC = objWMIClass.SetExpandedStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_BINARY intRC = objWMIClass.SetBinaryValue (intHiveType, _ strBaseKey, _ strKeyName, _
RE: [ActiveDir] Knowing when users were deleted.
Not sure that's going to fix the issue though, unless I'm missing something. Wherever the information gets put, it should be a) done as the default yet configurable b) centrally viewable (I should NOT have to visit each DC in my forest to find the data) and c) be included in the base product. I can see no valuable way to otherwise do this. Having to deploy yet another product doesn't fix the problem, it exacerbates it; it's even worse if it's a reskit item as those aren't supported nor as heavily tested. This is important enough that it should be and should meet those criteria above. We may just need to knock a few more edges off before submitting this FMR ;) From: Ulf B. Simon-Weidner [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Knowing when users were deleted. Date: Mon, 17 Oct 2005 23:36:44 +0200 Another Hmm. I'd still like to see that better configured that putting it into the AD if the infos are already there (or configurable). We could request to make it default to log that kind of info. And as far as we are talking about looking into every server: Where's ACS? And also SNMP would be an option to get notified on a single system instead of looking into every DC. Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick |Sent: Monday, October 17, 2005 3:10 AM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Knowing when users were deleted. | |I'll see your Eurocents and add raise you two. :) | |I fully understand where you're coming from Ulf. Adding this |information into the DIT when it is currently possible to get |is something that grates against common sense and common |engineering principles even if you subscribe to belts and |braces methodologies. | |However, I think two things make this a worthwhile request |with a big payoff. First to Laura's point about diminishing |returns. I agree, at some point there will be diminishing |returns. I also believe that as hardware gets bigger (i.e. |Standard 80 GB hard drives, 1 GB memory in workstation |machines, etc. [1]) the bar gets raised until we get to the |diminishing return. Since we're targeting 80/20 out of the |box [2] it seems reasonable that 80% of the deployments would |benefit from such a change. The other 20 would be those that |a) don't care or know about such things and b) those that |can't tolerate the additional overhead and therefore wouldn't |want to deploy it. I say tough pickles to them. :) |Seriously, this could be on by default but configurable (group |policy?) to disable it as a performance issue etc. | |Second, I think that the major benefit is the ability to |actually get usable information native to the product vs. |having to invest in a third party product. Why? Because today |in order to get that information I have to have something that |scrapes the Security logs looking for such information. Is |this a good idea? I think it is. Is it something that could |be native? I think it could and should be native if |technically feasible. | |Making us look in a particular DC's event logs is more |difficult than it should be without yet another product. |That's fine for the really large companies that have deeper |pockets, and larger needs. For the small to medium |businesses, it should not be so difficult nor should it |*require* SQL licensing or expertise. | | | |[1] I'm not saying that the quality has kept up, only that the |hardware is bigger, faster, stronger and cheaper. |[2] I'm making that up, but it sounds reasonable | | | | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. |Simon-Weidner |Sent: Sunday, October 16, 2005 4:42 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Knowing when users were deleted. | | |Hmm. | |Do we really want to excuse prior failure of proper auditing |by putting more data into AD? Wouldn't that lead into every |request of non-configured auditing to requests for extending |the AD? Do it right the first way. | |I completely agree that we should make the people more |auditing aware, and it would be great to have a centralized |auditing together with some force of configuration instead of |the per server events and auditing which is rearly configured. | |However I'm not sure if I want this kind of data in the AD. | |Just my Eurocents. | |Ulf | ||-Original Message- ||From: [EMAIL PROTECTED] ||[mailto:[EMAIL PROTECTED] On Behalf Of Laura E. ||Hunter ||Sent: Sunday, October 16, 2005 10:28 PM ||To: ActiveDir@mail.activedir.org ||Subject: Re: [ActiveDir] Knowing when users were deleted. || ||Various thoughts from this thread: || ||[1] I agree with Al and Paul[1] on a desire for that sort of |metadata. ||I'm not as convinced of the trade-off value of bloating the DIT for ||full undelete information, particularly in monster big environments. ||For my teeny-tiny single domain
Re: [ActiveDir] Knowing when users were deleted.
Is there a line? 'Cause if there's a line, I'd just like to know :) Regarding this thread. I have to say it's interesting to see the many sides differences based on experience and scale. But I think to bring this back a bit, I'm not sure that the SBS concept can work as well in the scaled up version. Here's what I mean: if I get an email from each DC, that's just as bad (almost) as if I went out and got the information manually. It's just that I pushed the information vs. pulled it. We blurred this a bit when we brought in the event logs for the audit information, but I think the concept we originally started to look at was surrounding the information regarding who deleted an object. That information is collected by the system and may be logged in the security log if the settings are so configured. The difference is whether we use a push or a pull model. A pull model is very inefficient, but push is pretty inefficient as well as we scale up. What makes more sense *so I thought before talking to bldg 7 Garage door opener* was that we could tag the deleted item with the sid or similar on the deleted object upon deletion. That allows it to replicate to all DC's and keeps the information with the relevant object. Having to deploy a third party product or reskit utility or ?? is not my idea of being able to keep this information where it should be. I also think putting the information on the object, could lead to additional products related to reanimation. I think so anyway. *just curious who's listening. I've heard he can close the door as well. From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. Date: Sun, 16 Oct 2005 19:48:52 -0700 I give carte blanche to folks to wack me upside the head if I get too annoying. :-) Rick Kingslan wrote: Susan, Really - I know you too well. You're not going to lurk. Get in the game. It appears most folks want to hear what you have to say from the Small Business arena. And, if it broadens the message of managing and maintaining the systems - it's good for all. Just please - stop convincing yourself you're lurking You're aren't! You're too valuable to do so... :o) Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 9:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. sorry .. I know...I know...lurk..lurk The consultant crowd who can't handle 300 SBS boxes hitting their inbox at 6 a.m have asked for a dashboard. I can handle a daily email they can't. At a NTuser group meeting I was at ...some of the dashboard tools in Linux were discussed. Nagios in particular was one they used for monitoring. Monitoring -- MRTG: The Multi Router Traffic Grapher: http://mrtg.hdl.com/mrtg.html Graphical console for Snort - Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/ Intrustion detection - Snort.org: http://www.snort.org/ Monitoring - Nagios: Home: http://www.nagios.org/ Traffic probe - ntop - network top: http://www.ntop.org/head.html Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Yup information overload 'is' a problem. And then after the scale its... okay what the heck is the server trying to tell me? I'm still a fan of www.eventid.net over microsoft.com's click here. Rick Kingslan wrote: And, as you know that does work well in SBSland. However, when the scale grows, so do the requirements. IN the Medium to Enterprise space, the idea is more along the lines of a system or series of systems pumping this type of information into paging and making intelligent decisions based on the audit, event, alerts, services, etc. Which, is right where MOM 2005 drops into the picture. If it _IS_ the event aggregator, or if it's pushing up to a bigger overall item such as HP OpenView - that data is available. It's just that instead of getting an e-mail per server (most admins would just begin to create a rule to send these to DEV/NUL after a while...) MOM collects, enforces and reports this same type of information. Scale makes the problem much tougher, as I'm sure you can imagine Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sunday, October 16, 2005 8:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Knowing when users were deleted. here she goes again.. I know ... I'm terrible at lurking In SBSland we have a daily monitoring email [well ... I send it daily
RE: [ActiveDir] Kix to VBS
I've always had better luck with WMI. YMMV -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Monday, October 17, 2005 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Kix to VBS Which method is preferred, WSH or WMI? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: Monday, October 17, 2005 12:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Kix to VBS Look at http://www.lissware.net, Volume 1, Sample 1.01 to 1.25 - WSHScript.vbs, which uses a series of functions. In this list of functions, you will find two generic routines to play with: ReadRegistryFunction.vbs and WriteRegistryFunction.vbs. With these two, you are all set. I reproed the ReadRegistry one below. Note that from the WSH object model, RegWrite method does not support REG_MULTI_SZ. If you need to update REG_MULTI_SZ, you need to use the WMI model. For this see http://www.lissware.net, Vol 2, Sample 3.03 to 3.09 - WMIRegistry.wsf (Second code exerpt below). HTH. ' Author: Alain Lissoir ([EMAIL PROTECTED]) ' ' ISBN 182664 - Understanding WMI Scripting (Digital Press) ' ISBN 182990 - Leveraging WMI Scripting (Digital Press) ' WSH Technique Private Function ReadRegistry (objFileName, strKeyName, KeyValueName, strRegType) Dim strRegKey Dim varRegKeyValue() Dim intIndice Dim strTempValue On Error Resume Next strRegKey = strKeyName \ KeyValueName WriteToFile objFileName, ** Reading registry ' strRegKey '( strRegType ). strTempValue = WshShell.RegRead (strRegKey) If Err.Number Then ErrorHandler objFileName, ReadRegistry, Err, boolErrorPopup Exit Function End If Select Case strRegType Case REG_BINARY ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = h Right(00 Hex(strTempValue(intIndice)), 2) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_DWORD ReDim varRegKeyValue(0) varRegKeyValue(0) = h Hex (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) Case REG_MULTI_SZ ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = strTempValue(intIndice) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_EXPAND_SZ ReDim varRegKeyValue(0) varRegKeyValue(0) = WshShell.ExpandEnvironmentStrings (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) Case Else ReDim varRegKeyValue(0) varRegKeyValue(0) = strTempValue WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) End Select ReadRegistry = varRegKeyValue End Function ' WMI technique -- Select Case intKeyType Case REG_SZ intRC = objWMIClass.SetStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_MULTI_SZ intRC = objWMIClass.SetMultiStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_EXPAND_SZ intRC = objWMIClass.SetExpandedStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_BINARY intRC = objWMIClass.SetBinaryValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_DWORD intRC = objWMIClass.SetDWORDValue (intHiveType, _
RE: [ActiveDir] rebooting a patched, but stubborn DC
Patched another one of my production DC yesterday via windows update instead of updateexpert and - same issues with the dell server (strangely). Had to do shutdown /r /f via rcmd to get it back online. However the other domain controller with updateexpert is rebooting fine.. Will be doing mass patching soon, hopefully this isnt going to be reoccuring :( Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9740 - temp -Original Message- From: Thommes, Michael M. [mailto:[EMAIL PROTECTED] Sent: Monday, October 17, 2005 10:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] rebooting a patched, but stubborn DC Hi Steven/Freddy/Douglas, This time the server is a Compaq, running with an Intel(R) PRO/1000 XF Server Adapter, no DRAC-type cards, RAID-controller is builtin. Some Googling did bring up some hits regarding Exchange and I wonder what kind of communication breakdown happens between a GC that wants to shutdown and an Exchange client (ie, Outlook) that is currently using this GC for GAL information. Maybe our AD/Exchange experts can throw some light on this. Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Presley, Steven Sent: Sunday, October 16, 2005 11:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] rebooting a patched, but stubborn DC Well you are definitely not alone. Something like this just happened to me while patching my Exchange clusters (only happened to 1 out of 18, so its pretty rare). After patching and telling the passive node to reboot it was completely inaccessible even after 15 minutes (normally it does not take this long to reboot). I could not ping or TS into the box. iLO was my life saver though. Connected with iLO and no hung services, nothing funny in the event log...just was not network accessible (even on the private network with its partner node). Had to reboot it via iLO (using the standard start\shutdown procedure..no cold boot required) and it eventually went down and came back up happy. I hope there is not some gremlin in the recent round of patches that is going to stick its head out when the clock strikes midnight. Best regards, Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Sunday, October 16, 2005 7:56 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] rebooting a patched, but stubborn DC Hi Susan, Thanks for the response. No UPS issues. Checked the services remotely and didn't find anything unusual. The DC did finally reboot on its own shortly after I sent out my first message - about 2 hours after the original patching and message saying it wanted to reboot and I clicked OK. The event logs showed nothing of any consequence, just a big (2 hour) gap in the system event log entries (between the entry saying it initiated shutdown and the entry saying the system was coming back up). The security log showed no gaps at all. Am I the only one that sees this kind of behavior on W2K3/SP1 servers? I normally don't use the /console switch when I TS in (eg, mstsc.exe /console). I wonder if that could speed the process up. Mike Thommes From: [EMAIL PROTECTED] on behalf of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sat 10/15/2005 3:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] rebooting a patched, but stubborn DC APC UPS's and you don't have the latest ver on there? HP with a UPS? Can you get into services and see if something is 'stopping'? Got any ILO ability there [or suitable other remote techniques]? Thommes, Michael M. wrote: So I have remotely (TS connection) applied the latest Windows patches to one of my DCs. Patches went on fine. Said it needed to reboot. I clicked Restart. And two hours later, it still has not rebooted, but it did terminate the TS session. I have tried to kick it via a shutdown /f /r command from another DC. Still no luck. Issue same command remotely with the big Kahuna account, and it says a shutdown is in progress. It appears to still be serving up clients, e.g., no discernable ill effects. I have seen this periodically in the past with other servers. Anyone have any comments/thoughts are this irritating, weekend sigh activity? TIA! Mike Thommes List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ:
RE: [ActiveDir] rebooting a patched, but stubborn DC
Hi Freddy, Thanks for the feedback! I hope your mass patching goes well. It's a lot easier to notice this kind of stuff when you're doing one-sies where you can keep track of a server's connectivity during a reboot with a repeating ping. Be aware of the issues brought forth by MS05-051 (http://support.microsoft.com/?kbid=909444). I will be interested in your experiences. Thanks. Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Freddy HARTONO Sent: Monday, October 17, 2005 8:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] rebooting a patched, but stubborn DC Patched another one of my production DC yesterday via windows update instead of updateexpert and - same issues with the dell server (strangely). Had to do shutdown /r /f via rcmd to get it back online. However the other domain controller with updateexpert is rebooting fine.. Will be doing mass patching soon, hopefully this isnt going to be reoccuring :( Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9740 - temp -Original Message- From: Thommes, Michael M. [mailto:[EMAIL PROTECTED] Sent: Monday, October 17, 2005 10:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] rebooting a patched, but stubborn DC Hi Steven/Freddy/Douglas, This time the server is a Compaq, running with an Intel(R) PRO/1000 XF Server Adapter, no DRAC-type cards, RAID-controller is builtin. Some Googling did bring up some hits regarding Exchange and I wonder what kind of communication breakdown happens between a GC that wants to shutdown and an Exchange client (ie, Outlook) that is currently using this GC for GAL information. Maybe our AD/Exchange experts can throw some light on this. Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Presley, Steven Sent: Sunday, October 16, 2005 11:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] rebooting a patched, but stubborn DC Well you are definitely not alone. Something like this just happened to me while patching my Exchange clusters (only happened to 1 out of 18, so its pretty rare). After patching and telling the passive node to reboot it was completely inaccessible even after 15 minutes (normally it does not take this long to reboot). I could not ping or TS into the box. iLO was my life saver though. Connected with iLO and no hung services, nothing funny in the event log...just was not network accessible (even on the private network with its partner node). Had to reboot it via iLO (using the standard start\shutdown procedure..no cold boot required) and it eventually went down and came back up happy. I hope there is not some gremlin in the recent round of patches that is going to stick its head out when the clock strikes midnight. Best regards, Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Sunday, October 16, 2005 7:56 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] rebooting a patched, but stubborn DC Hi Susan, Thanks for the response. No UPS issues. Checked the services remotely and didn't find anything unusual. The DC did finally reboot on its own shortly after I sent out my first message - about 2 hours after the original patching and message saying it wanted to reboot and I clicked OK. The event logs showed nothing of any consequence, just a big (2 hour) gap in the system event log entries (between the entry saying it initiated shutdown and the entry saying the system was coming back up). The security log showed no gaps at all. Am I the only one that sees this kind of behavior on W2K3/SP1 servers? I normally don't use the /console switch when I TS in (eg, mstsc.exe /console). I wonder if that could speed the process up. Mike Thommes From: [EMAIL PROTECTED] on behalf of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Sat 10/15/2005 3:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] rebooting a patched, but stubborn DC APC UPS's and you don't have the latest ver on there? HP with a UPS? Can you get into services and see if something is 'stopping'? Got any ILO ability there [or suitable other remote techniques]? Thommes, Michael M. wrote: So I have remotely (TS connection) applied the latest Windows patches to one of my DCs. Patches went on fine. Said it needed to reboot. I clicked Restart. And two hours later, it still has not rebooted, but it did terminate the TS session. I have tried to kick it via a shutdown /f /r command from another DC. Still no luck. Issue same command remotely with the big Kahuna account, and it says a shutdown is in progress. It appears to still be serving up clients, e.g., no discernable ill effects. I have seen this periodically in
RE: [ActiveDir] Kix to VBS
I meant if you are Windows 2000 and above ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: Monday, October 17, 2005 5:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Kix to VBS If you are Windows and above and don't need REG_MULTI_SZ updates, I would go for WSH (pretty simple model). If you need to do more complex stuffs, I would use WMI (which is actually used from WSH as it is the scripting engine). /Alain -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Monday, October 17, 2005 9:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Kix to VBS Which method is preferred, WSH or WMI? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: Monday, October 17, 2005 12:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Kix to VBS Look at http://www.lissware.net, Volume 1, Sample 1.01 to 1.25 - WSHScript.vbs, which uses a series of functions. In this list of functions, you will find two generic routines to play with: ReadRegistryFunction.vbs and WriteRegistryFunction.vbs. With these two, you are all set. I reproed the ReadRegistry one below. Note that from the WSH object model, RegWrite method does not support REG_MULTI_SZ. If you need to update REG_MULTI_SZ, you need to use the WMI model. For this see http://www.lissware.net, Vol 2, Sample 3.03 to 3.09 - WMIRegistry.wsf (Second code exerpt below). HTH. ' Author: Alain Lissoir ([EMAIL PROTECTED]) ' ' ISBN 182664 - Understanding WMI Scripting (Digital Press) ' ISBN 182990 - Leveraging WMI Scripting (Digital Press) ' WSH Technique Private Function ReadRegistry (objFileName, strKeyName, KeyValueName, strRegType) Dim strRegKey Dim varRegKeyValue() Dim intIndice Dim strTempValue On Error Resume Next strRegKey = strKeyName \ KeyValueName WriteToFile objFileName, ** Reading registry ' strRegKey '( strRegType ). strTempValue = WshShell.RegRead (strRegKey) If Err.Number Then ErrorHandler objFileName, ReadRegistry, Err, boolErrorPopup Exit Function End If Select Case strRegType Case REG_BINARY ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = h Right(00 Hex(strTempValue(intIndice)), 2) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_DWORD ReDim varRegKeyValue(0) varRegKeyValue(0) = h Hex (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) Case REG_MULTI_SZ ReDim varRegKeyValue(Ubound(strTempValue)) For intIndice = 0 to Ubound(strTempValue) varRegKeyValue (intIndice) = strTempValue(intIndice) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(intIndice) Next Case REG_EXPAND_SZ ReDim varRegKeyValue(0) varRegKeyValue(0) = WshShell.ExpandEnvironmentStrings (strTempValue) WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) Case Else ReDim varRegKeyValue(0) varRegKeyValue(0) = strTempValue WriteToFile objFileName, _ strRegKey ( UCase(strRegType) ) - varRegKeyValue(0) End Select ReadRegistry = varRegKeyValue End Function ' WMI technique -- Select Case intKeyType Case REG_SZ intRC = objWMIClass.SetStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_MULTI_SZ intRC = objWMIClass.SetMultiStringValue (intHiveType, _ strBaseKey, _ strKeyName, _ varKeyNameValue) Case REG_EXPAND_SZ intRC = objWMIClass.SetExpandedStringValue (intHiveType, _ strBaseKey, _ strKeyName, _
[ActiveDir] AD/Group policy KBs
The Register DNS records with connection-specific DNS suffix policy setting does not work correctly in Windows Server 2003: http://support.microsoft.com/?kbid=896615 A duplicate access control entry is added to child records in a DNS zone when you add security groups to the root of the DNS zone in Windows Server 2003: http://support.microsoft.com/?kbid=898613 TechNet Support WebCast: Configuring subnets for Active Directory sites in Windows Server 2003: http://support.microsoft.com/?kbid=909429 You receive a SV_PROBLEM_WILL_NOT_PERFORM error when you try to raise the domain functional level to Windows Server 2003 on a domain controller that is running Windows Server 2003 Service Pack 1: http://support.microsoft.com/?kbid=895139 A domain user may be unable to log on with cached credentials after an administrator unlocks a Windows XP-based workstation: http://support.microsoft.com/?kbid=888516 The Windows Security Center appears in English after you update the Group Policy settings in Windows XP: http://support.microsoft.com/?kbid=903242 When use the Group Policy Object Editor on a computer that is running Windows Server 2003 or Windows XP to change GPOs on a remote domain controller, the changes do not take affect for a long time: http://support.microsoft.com/?kbid=896669 The expiration date may be set incorrectly when you use Active Directory Services Interface (ADSI) to set the expiration date of a user account on a Windows XP-based computer: http://support.microsoft.com/?kbid=905199 -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/