[ActiveDir] Problems with a DFS volume - ultrasound warning
Ultrasound is giving me a Missing AD objects - Corrupted Member object error for one of my replica sets. I've tried looking at KB article 312862 but I'm not sure that I understand what to do. If I look at CN=repl,CN=repl,CN=DFS Volumes,CN=File Replication Service,CN=System,DC=student,DC=cnwl,DC=ac,DC=uk in ADSIEdit there are 6 items under it, each of type ntfrsMember and with a cn=GUID name. 4 of these obviously correspond to the 4 servers which make up the set called repl; 2 of them don't - I'd guess they're some how left over from when there were other members in this replica set. The two which don't correspond to real computers have no value set for frsComputerReference. Each of the 6 items has a number of ntdsConnection objects under it. I'm guessing that there ought to be 3 on each - the 3 partner servers. The 4 good servers list their 3 partners properly (but 3 of them also list the bad GUIDs); the two bad items list a mix of servers. I'm pretty sure that when computers were removed from the replica set it was done cleanly through the GUI but I'd guess it's possible that something went wrong at this point. How do I clean up the unwanted data? We did have a DC fail earlier this year which could not be restarted so we used ntdsutil to remove it from the domain and installed a completely new machine; could this have caused the problems? Steve List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] 200 users network. Adding 2 classes to the GC
thanks for the info, how do I go about adding them to the GC? and, being a small network, do you see any dramatic effect to doing that? in terms of replication I mean. Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, October 02, 2006 11:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC SFU30 is pretty old. What you really shoulddo is apply the Windows Server 2003 R2 Schema which has the aux classes: posixAccountposixGroup joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Monday, October 02, 2006 3:06 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 200 users network. Adding 2 classes to the GC Hi, I have a Unix application that uses LDAP queries. The developer is telling me that 2 classes should be available in the GC (theyneed to query the whole forest for some information) The classes are msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC? I know how to add an attribute, do I have to go attribute by attribute? We only have 200 users and no many AD objects, is there a reason while I should not add those 2 classes, in terms of replication I mean and for small network like this. Thanks Rezuma
[ActiveDir] Forest trusts
Hello evr. I have two independent forests. Is it possible to trust forests which share a same name space. For example. I have domain in first forest domain.com and a domain in second forest my.domain.com. If not is it possible to migrate with some tools a domain my.domain.com to domain domain.com ? Thx Zdenek Lev List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Forest trusts
Both forests can be connected to each other as long as within the connected environment each domain name is unique (NetBIOS and DNS)... So if you have a forest called DOMAIN.COM (NetBIOS = DOMAIN) and another forest called SUB.DOMAIN.COM (NetBIOS = SUB) you can connect them to each and setup trusts between the forests. jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lev Zdenek Sent: Tuesday, October 03, 2006 15:35 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Forest trusts Hello evr. I have two independent forests. Is it possible to trust forests which share a same name space. For example. I have domain in first forest domain.com and a domain in second forest my.domain.com. If not is it possible to migrate with some tools a domain my.domain.com to domain domain.com ? Thx Zdenek Lev List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Forest trusts
THX for your answer a what about migration SUB.DOMAIN.COM from forest 2 to forest 1 with domain DOMAIN.COM Z. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, October 03, 2006 3:47 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Forest trusts Both forests can be connected to each other as long as within the connected environment each domain name is unique (NetBIOS and DNS)... So if you have a forest called DOMAIN.COM (NetBIOS = DOMAIN) and another forest called SUB.DOMAIN.COM (NetBIOS = SUB) you can connect them to each and setup trusts between the forests. jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lev Zdenek Sent: Tuesday, October 03, 2006 15:35 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Forest trusts Hello evr. I have two independent forests. Is it possible to trust forests which share a same name space. For example. I have domain in first forest domain.com and a domain in second forest my.domain.com. If not is it possible to migrate with some tools a domain my.domain.com to domain domain.com ? Thx Zdenek Lev List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Forest trusts
That will also be possible as long as forest 2 does not also have a DOMAIN.COM. That is what I meant with: Both forests can be connected to each other as long as within the connected environment each domain name is unique (NetBIOS and DNS)... jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lev Zdenek Sent: Tuesday, October 03, 2006 15:57 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Forest trusts THX for your answer a what about migration SUB.DOMAIN.COM from forest 2 to forest 1 with domain DOMAIN.COM Z. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, October 03, 2006 3:47 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Forest trusts Both forests can be connected to each other as long as within the connected environment each domain name is unique (NetBIOS and DNS)... So if you have a forest called DOMAIN.COM (NetBIOS = DOMAIN) and another forest called SUB.DOMAIN.COM (NetBIOS = SUB) you can connect them to each and setup trusts between the forests. jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lev Zdenek Sent: Tuesday, October 03, 2006 15:35 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Forest trusts Hello evr. I have two independent forests. Is it possible to trust forests which share a same name space. For example. I have domain in first forest domain.com and a domain in second forest my.domain.com. If not is it possible to migrate with some tools a domain my.domain.com to domain domain.com ? Thx Zdenek Lev List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Forest trusts
Don't you have to do some DNS delegations to ensure clients in one forest can find clients in the other forest? I would think that having domain.com as the tier two for both forests will cause some unique DNS headaches. Dan Original Message Subject: RE: [ActiveDir] Forest trusts From: Almeida Pinto, Jorge de [EMAIL PROTECTED] Date: Tue, October 03, 2006 6:47 am To: ActiveDir@mail.activedir.org Both forests can be connected to each other as long as within the connected environment each domain name is unique (NetBIOS and DNS)... So if you have a forest called DOMAIN.COM (NetBIOS = DOMAIN) and another forest called SUB.DOMAIN.COM (NetBIOS = SUB) you can connect them to each and setup trusts between the forests. jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lev Zdenek Sent: Tuesday, October 03, 2006 15:35 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Forest trusts Hello evr. I have two independent forests. Is it possible to trust forests which share a same name space. For example. I have domain in first forest domain.com and a domain in second forest my.domain.com. If not is it possible to migrate with some tools a domain my.domain.com to domain domain.com ? Thx Zdenek Lev List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Move all OU and USERS from one forest to another forest
Hi, I am trying to build a testing environment. I have the production forest and the testing forest, not connected at all. Is there an easy way of creating all the same OUs and users from one forest to the other?, each forest only have one domain, also, I only interested in moving some of the attributes,i.e. there is no MS exchange in the testing environment so I don't care about exchange attributes. I was going to build an script that will read from production LDAP and create objects in the other one, but is there is already something that, like a tool or script it will prefer to use it to save time. Can I use ADAM for this? Rezuma List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Move all OU and USERS from one forest to another forest
Have a look at: http://blogs.dirteam.com/blogs/jorge/archive/2005/11/19/105.aspx http://blogs.dirteam.com/blogs/jorge/archive/2005/11/19/107.aspx jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan Sent: Tuesday, October 03, 2006 16:38 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Move all OU and USERS from one forest to another forest Hi, I am trying to build a testing environment. I have the production forest and the testing forest, not connected at all. Is there an easy way of creating all the same OUs and users from one forest to the other?, each forest only have one domain, also, I only interested in moving some of the attributes,i.e. there is no MS exchange in the testing environment so I don't care about exchange attributes. I was going to build an script that will read from production LDAP and create objects in the other one, but is there is already something that, like a tool or script it will prefer to use it to save time. Can I use ADAM for this? Rezuma List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] 200 users network. Adding 2 classes to the GC
Modifying the schema except for indexing or adding PAS attributes in a forest with Windows 2000 domain controllers is really a non-event when done properly with proper OIDs and names. Indexing can work your DCs a little as the new indexes have to be created but it depends on the attribs being indexed and what type of index is being created on how much that will hit your DC. Usually I would say it is minimal impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which generates a considerable amount of replication. Simply, if you are running Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has been around for 3 years already and has a ton of AD enhancements. In a small network like yours, I wouldn't expect even a small burp even in the worst case unless you have few users and a ton (tens or hundreds of thousands)of other types of objects. You would mention that though I expect. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Tuesday, October 03, 2006 8:39 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC thanks for the info, how do I go about adding them to the GC? and, being a small network, do you see any dramatic effect to doing that? in terms of replication I mean. Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, October 02, 2006 11:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC SFU30 is pretty old. What you really shoulddo is apply the Windows Server 2003 R2 Schema which has the aux classes: posixAccountposixGroup joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Monday, October 02, 2006 3:06 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 200 users network. Adding 2 classes to the GC Hi, I have a Unix application that uses LDAP queries. The developer is telling me that 2 classes should be available in the GC (theyneed to query the whole forest for some information) The classes are msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC? I know how to add an attribute, do I have to go attribute by attribute? We only have 200 users and no many AD objects, is there a reason while I should not add those 2 classes, in terms of replication I mean and for small network like this. Thanks Rezuma
[ActiveDir] Test Lab Naming Conventions
Im trying to complete a plan for a fully isolated, permanent test lab. I intend to fully mirror our current production environment. The primary purpose will be to test disaster recovery and other procedures before production implementation. I dont intent to establish any domain trusts or other connections between the lab and production. The one question I have regards server and domain naming conventions. For those of you that have setup labs that mirror your production environments, did you use the same domain and server names in your test lab? Thanks
RE: [ActiveDir] 200 users network. Adding 2 classes to the GC
We are using windows 2003 servers. But what I need is, to add those 2 classes that already exist in the AD schema to the global catalog so they replicate through the GCs in theforest. How do I add 2 whole classes with their attributes? changing the "replicate this attribute in the global catalog" optionattribute by attribute? Thanks Rezuma From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Tuesday, October 03, 2006 11:25 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC Modifying the schema except for indexing or adding PAS attributes in a forest with Windows 2000 domain controllers is really a non-event when done properly with proper OIDs and names. Indexing can work your DCs a little as the new indexes have to be created but it depends on the attribs being indexed and what type of index is being created on how much that will hit your DC. Usually I would say it is minimal impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which generates a considerable amount of replication. Simply, if you are running Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has been around for 3 years already and has a ton of AD enhancements. In a small network like yours, I wouldn't expect even a small burp even in the worst case unless you have few users and a ton (tens or hundreds of thousands)of other types of objects. You would mention that though I expect. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Tuesday, October 03, 2006 8:39 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC thanks for the info, how do I go about adding them to the GC? and, being a small network, do you see any dramatic effect to doing that? in terms of replication I mean. Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, October 02, 2006 11:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC SFU30 is pretty old. What you really shoulddo is apply the Windows Server 2003 R2 Schema which has the aux classes: posixAccountposixGroup joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Monday, October 02, 2006 3:06 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 200 users network. Adding 2 classes to the GC Hi, I have a Unix application that uses LDAP queries. The developer is telling me that 2 classes should be available in the GC (theyneed to query the whole forest for some information) The classes are msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC? I know how to add an attribute, do I have to go attribute by attribute? We only have 200 users and no many AD objects, is there a reason while I should not add those 2 classes, in terms of replication I mean and for small network like this. Thanks Rezuma
[ActiveDir] The start type of the Background Intelligent Transfer Service service keep changing.
Hi, I am running windows 2003 SP1. When I see the event logs on Server, there are 7040 events logged every after 3 minute, where start types of BITS service keep changing. Event Type: Information Event Source: Service Control Manager Event Category: None Event ID: 7040 Date: 19-1-2006 Time: 9:40:53 User: NT AUTHORITY\SYSTEM Computer: DC2 Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Information Event Source: Service Control Manager Event Category: None Event ID: 7040 Date: 19-1-2006 Time: 9:38:37 User: NT AUTHORITY\SYSTEM Computer: DC2 Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
[ActiveDir] Group Policy Problem
The problem I am having with group policies has the
following two symptoms
1) domain
member computers are getting windows cannot query for the list of
group policy objects in the event log
2) When I try
and edit group policies I get either access denied, or cannot write to something
like
C:\WINDOWS\SYSVOL\sysvol\Domain Name\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
It would seem the group policy contained in the {31B2F340-016D-11D2-945F-00C04FB984F9}
folder is missing
There are several folder which are named similar i.e. {31B2F340-016D-11D2-945F-00C04FB984F9}_NTFRS_01ececf7
I.e. have NTFRS appended to them.
I have tried to recreate the policy by running DCGPOFIX . it
recreates the {31B2F340-016D-11D2-945F-00C04FB984F9} folder with the
policy. But after a few seconds this folder gets an NTFRS appended to it and
all the error come back.
It seems after recreating the group policy active directory
just removes it. Has any one experience any thing similar or have any
suggestions. BTW I have about 4 DC s in the domain
Lloyd
RE: [ActiveDir] Test Lab Naming Conventions
Id say that if you are looking to fully mirror your production environment and it will not be connected to the production network - then use the same convention. It will probably make it marginally easier in the test and documentation process. Cheers Rob Robert Rutherford QuoStar Solutions Limited T: +44 (0) 8456 440 331 F: +44 (0) 8456 440 332 M: +44 (0) 7974 249 494 E: [EMAIL PROTECTED] W: www.quostar.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Patton Sent: 03 October 2006 16:39 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Test Lab Naming Conventions Im trying to complete a plan for a fully isolated, permanent test lab. I intend to fully mirror our current production environment. The primary purpose will be to test disaster recovery and other procedures before production implementation. I dont intent to establish any domain trusts or other connections between the lab and production. The one question I have regards server and domain naming conventions. For those of you that have setup labs that mirror your production environments, did you use the same domain and server names in your test lab? Thanks
RE: [ActiveDir] 200 users network. Adding 2 classes to the GC
You get the R2 CD and do the forestprep, it will install the entire R2 schema which includes all of those Unix interop classes and attributes. You do not really want to do this manually or it could be troublesome later. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Tuesday, October 03, 2006 11:53 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC We are using windows 2003 servers. But what I need is, to add those 2 classes that already exist in the AD schema to the global catalog so they replicate through the GCs in theforest. How do I add 2 whole classes with their attributes? changing the "replicate this attribute in the global catalog" optionattribute by attribute? Thanks Rezuma From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Tuesday, October 03, 2006 11:25 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC Modifying the schema except for indexing or adding PAS attributes in a forest with Windows 2000 domain controllers is really a non-event when done properly with proper OIDs and names. Indexing can work your DCs a little as the new indexes have to be created but it depends on the attribs being indexed and what type of index is being created on how much that will hit your DC. Usually I would say it is minimal impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which generates a considerable amount of replication. Simply, if you are running Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has been around for 3 years already and has a ton of AD enhancements. In a small network like yours, I wouldn't expect even a small burp even in the worst case unless you have few users and a ton (tens or hundreds of thousands)of other types of objects. You would mention that though I expect. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Tuesday, October 03, 2006 8:39 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC thanks for the info, how do I go about adding them to the GC? and, being a small network, do you see any dramatic effect to doing that? in terms of replication I mean. Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, October 02, 2006 11:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC SFU30 is pretty old. What you really shoulddo is apply the Windows Server 2003 R2 Schema which has the aux classes: posixAccountposixGroup joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Monday, October 02, 2006 3:06 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 200 users network. Adding 2 classes to the GC Hi, I have a Unix application that uses LDAP queries. The developer is telling me that 2 classes should be available in the GC (theyneed to query the whole forest for some information) The classes are msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC? I know how to add an attribute, do I have to go attribute by attribute? We only have 200 users and no many AD objects, is there a reason while I should not add those 2 classes, in terms of replication I mean and for small network like this. Thanks Rezuma
Re: [ActiveDir] Group Policy Problem
1) Log errors checked?
2)NTFS permissions on Sysvol checked?
3) DNS checked?
4) Go to a client and run GPRESULT.exe?
5) Ran DNSDiag.exe?
6) Other GPOs work?
-Z.V.
Lloyd Williams wrote:
The problem I am having
with group policies has the
following two symptoms
1)
domain
member computers are getting windows cannot query for the list of
group policy objects in the event log
2)
When I try
and edit group policies I get either access denied, or cannot write to
something
like
C:\WINDOWS\SYSVOL\sysvol\Domain
Name\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
It would seem the group
policy contained in the {31B2F340-016D-11D2-945F-00C04FB984F9}
folder is missing
There are several folder
which are named similar i.e.
{31B2F340-016D-11D2-945F-00C04FB984F9}_NTFRS_01ececf7
I.e. have NTFRS appended
to them.
I have tried to recreate
the policy by running DCGPOFIX . it
recreates the {31B2F340-016D-11D2-945F-00C04FB984F9} folder with the
policy. But after a few seconds this folder gets an NTFRS appended to
it and
all the error come back.
It seems after recreating
the group policy active directory
just removes it. Has any one experience any thing similar or have any
suggestions. BTW I have about 4 DC s in the domain
Lloyd
RE: [ActiveDir] Group Policy Problem
you are experiencing morphed folders within the
SYSVOL.
see:
MS-KBQ328492_Folder Name Is Changed to
FolderName_NTFRS_
MS-KBQ290762_Using the BurFlags registry key to reinitialize File
Replication Service replica sets (depending on
the situation this solution may need additional
steps!!!)
use one of the solutions
to resolve the problem. the first one mentioned is
preferred.
jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lloyd
WilliamsSent: Tuesday, October 03, 2006 18:11To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Group Policy
Problem
The problem I am having with group
policies has the following two symptoms
1)
domain member computers are
getting windows cannot query for the list of group policy objects in
the event log
2)
When I try and edit group policies
I get either access denied, or cannot write to something
like
C:\WINDOWS\SYSVOL\sysvol\Domain
Name\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
It would seem the group policy
contained in the {31B2F340-016D-11D2-945F-00C04FB984F9} folder is
missing
There are several folder which are
named similar i.e.
{31B2F340-016D-11D2-945F-00C04FB984F9}_NTFRS_01ececf7
I.e. have NTFRS appended to
them.
I have tried to recreate the
policy by running DCGPOFIX . it recreates the
{31B2F340-016D-11D2-945F-00C04FB984F9} folder with the policy. But after
a few seconds this folder gets an NTFRS appended to it and all the error come
back.
It seems after recreating the
group policy active directory just removes it. Has any one experience any
thing similar or have any suggestions. BTW I have about 4 DC s in the
domain
Lloyd
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: [ActiveDir] 200 users network. Adding 2 classes to the GC
Hi Rezuma, I suspect you might run into the same issue I had when I did the R2 forestprep with SFU 3.5 (although you have the earlier SFU 3.0). If so, see the fixup from Steve Linehan posted to this newsgroup on 8/7/06 (and my comment from 8/12/06). Mike Thommes From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, October 03, 2006 11:25 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC You get the R2 CD and do the forestprep, it will install the entire R2 schema which includes all of those Unix interop classes and attributes. You do not really want to do this manually or it could be troublesome later. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan Sent: Tuesday, October 03, 2006 11:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC We are using windows 2003 servers. But what I need is, to add those 2 classes that already exist in the AD schema to the global catalog so they replicate through the GCs in theforest. How do I add 2 whole classes with their attributes? changing the replicate this attribute in the global catalog optionattribute by attribute? Thanks Rezuma From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, October 03, 2006 11:25 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC Modifying the schema except for indexing or adding PAS attributes in a forest with Windows 2000 domain controllers is really a non-event when done properly with proper OIDs and names. Indexing can work your DCs a little as the new indexes have to be created but it depends on the attribs being indexed and what type of index is being created on how much that will hit your DC. Usually I would say it is minimal impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which generates a considerable amount of replication. Simply, if you are running Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has been around for 3 years already and has a ton of AD enhancements. In a small network like yours, I wouldn't expect even a small burp even in the worst case unless you have few users and a ton (tens or hundreds of thousands)of other types of objects. You would mention that though I expect. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan Sent: Tuesday, October 03, 2006 8:39 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC thanks for the info, how do I go about adding them to the GC? and, being a small network, do you see any dramatic effect to doing that? in terms of replication I mean. Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, October 02, 2006 11:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC SFU30 is pretty old. What you really shoulddo is apply the Windows Server 2003 R2 Schema which has the aux classes: posixAccount posixGroup joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan Sent: Monday, October 02, 2006 3:06 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 200 users network. Adding 2 classes to the GC Hi, I have a Unix application that uses LDAP queries. The developer is telling me that 2 classes should be available in the GC (theyneed to query the whole forest for some information) The classes are msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC? I know how to add an attribute, do I have to go attribute by attribute? We only have 200 users and no many AD objects, is there a reason while I should not add those 2 classes, in terms of replication I mean and for small network like this. Thanks Rezuma
Re: [ActiveDir] Cross-domain GPO-application issue mess?
You're in a slipper world without doubt, trying to get a gpo to work in a NT4 domain. But why, even when making the user a member of the global group, the global group a member of the domain local group, and the ACL the GPO to the domain local group will it not work?Nesting isn't going to work as I recall. Your testing seems to bear this out. A suggestion would be to find a NT4 specific setting and apply it to the NT4 resource domain in the NT4 resource domain vs. wanting the 2003 forest to carry over. You'll likely get much more consistent results over time and since you're moving away from the NT4 resource domain anyway, it would be the best use of your time. Staying in an in-between formation often leads to pain in my experience and that often leads to eventual hurry up and migrate orders :) On 10/2/06, Mike Baudino [EMAIL PROTECTED] wrote: All, Here's the situation: User exists in a Server 2003 domain running in 2003 forest and domain mode GPO with user configuration including logon script is linked to OU where user exists and ACLd to a domain local group User is member of domain local group Server that user is trying to log onto is Server 2003 Standard Server exists in an NT4.0 domain that trusts the AD domain -- one-way trust as the NT4.0 domain is a resource domain When user logs onto a server in the AD domain GPO applies properly. When user logs onto the server in the NT4.0 domain no GPO applies. - Create domain global group Make AD domain global group a member of the domain local group Add user to AD domain global group and remove user from domain local group When user logs onto the server in the NT4.0 domain no GPO applies. Change ACL on GPO to by addingglobal group in AD and remove the domain local group from the ACL Change user group membership to remove the domain local group, keeping the domain global group membership When user logs onto the server in the NT4.0 domain and GPO applies properly. The issue is that we're limited in what we can do because of an outsourced arrangement with outsourcer requirements. How can I get the users in the AD domain to be able to log onto the Server 2003 boxes in the NT4.0 domain without major group membership and ACL change and without migrating the servers to AD? Ultimately, we intend to migrate the servers, but can't quickly enough to respond to this issue. We could create AD global groups to mirror the AD domain local groups, dump the users from the domain locals and add to the globals and ACL the GPOs to the global groups. That would take a bit of time but it's doable. But why, even when making the user a member of the global group, the global group a member of the domain local group, and the ACL the GPO to the domain local group will it not work? Is it just that the NT4.0 domain, despite the fact that the target server is 2003, doesn't understand the concept of an AD domain local group? Apologies for the long-winded and possibly convoluted email. It's getting late... Thanks, Mike
Re: [ActiveDir] OT: Volume licensing activation
Yeah... MS is going to get really high levels of adoption on this product...Gotta wonder what in the heck they're thinking sometimes.On 10/2/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: http://blogs.zdnet.com/microsoft/?p=26Mary Jo Foley reports that the next version of Vista will have Volumelicensing activation.List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] choose between SOAD and Netpro directory Troubleshooter.
Hello all,I don't know if it is the right place I'm about to test2 AD Troubleshootersproducts and I have to choose onethem to monitor,tshoot our AD infrastructure: Spoltligh on Active Directory (SOAD) and Netpro Active Directory Troubleshooter. Doessomeone have any experiences with the 2 products and could tell me what are the pros and cons of each of them ?Thank you,Yann Découvrez un nouveau moyen de poser toutes vos questions quel que soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici.
RE: [ActiveDir] 200 users network. Adding 2 classes to the GC
I don't think I am making myself clear. I already have those classes in the schema, I just want to add the properties that those classes have to the global catalog so they replicate throughout the forest, I don't need to install those classes in the AD, I already did that. Do I have to add attribute by attribute to the GC? Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.Sent: Tuesday, October 03, 2006 1:18 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC Hi Rezuma, I suspect you might run into the same issue I had when I did the R2 forestprep with SFU 3.5 (although you have the earlier SFU 3.0). If so, see the fixup from Steve Linehan posted to this newsgroup on 8/7/06 (and my comment from 8/12/06). Mike Thommes From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Tuesday, October 03, 2006 11:25 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC You get the R2 CD and do the forestprep, it will install the entire R2 schema which includes all of those Unix interop classes and attributes. You do not really want to do this manually or it could be troublesome later. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Tuesday, October 03, 2006 11:53 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC We are using windows 2003 servers. But what I need is, to add those 2 classes that already exist in the AD schema to the global catalog so they replicate through the GCs in theforest. How do I add 2 whole classes with their attributes? changing the "replicate this attribute in the global catalog" optionattribute by attribute? Thanks Rezuma From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Tuesday, October 03, 2006 11:25 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC Modifying the schema except for indexing or adding PAS attributes in a forest with Windows 2000 domain controllers is really a non-event when done properly with proper OIDs and names. Indexing can work your DCs a little as the new indexes have to be created but it depends on the attribs being indexed and what type of index is being created on how much that will hit your DC. Usually I would say it is minimal impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which generates a considerable amount of replication. Simply, if you are running Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has been around for 3 years already and has a ton of AD enhancements. In a small network like yours, I wouldn't expect even a small burp even in the worst case unless you have few users and a ton (tens or hundreds of thousands)of other types of objects. You would mention that though I expect. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Tuesday, October 03, 2006 8:39 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC thanks for the info, how do I go about adding them to the GC? and, being a small network, do you see any dramatic effect to doing that? in terms of replication I mean. Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, October 02, 2006 11:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC SFU30 is pretty old. What you really shoulddo is apply the Windows Server 2003 R2 Schema which has the aux classes: posixAccountposixGroup joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Monday, October 02, 2006 3:06 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 200 users network. Adding 2 classes to the GC Hi, I have a Unix application that uses LDAP queries. The developer is telling me that 2 classes should be available in the GC (theyneed to query the whole forest for some information) The classes are msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC? I know how to add an attribute, do I have to go attribute by attribute? We only have 200 users and no many AD objects, is there a reason while I should not add those 2 classes, in terms of replication I mean and for small network like this. Thanks Rezuma
RE: [ActiveDir] 200 users network. Adding 2 classes to the GC
Yes. You have to mark each attribute you want in the GC to be part of the PAS. Basically set the attribute isMemberOfPartialAttributeSet to TRUE. Ex: G:\admod -schema -rb cn=uid isMemberOfPartialAttributeSet::TRUE AdMod V01.07.00cpp Joe Richards ([EMAIL PROTECTED]) October 2006 DN Count: 1Using server: r2dc2.test.loc:389Directory: Windows Server 2003Base DN: cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc Modifying specified objects... DN: cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc... The command completed successfully To find out which attributes are involved, run this adfind -sc s:*posix* -af objectcategory=classschema maycontain the output should be something like G:\adfind -sc s:*posix* -af objectcategory=classschema maycontain AdFind V01.32.00cpp Joe Richards ([EMAIL PROTECTED]) October 2006 Using server: r2dc2.test.loc:389Directory: Windows Server 2003Base DN: CN=Schema,CN=Configuration,DC=test,DC=loc dn:CN=PosixAccount,CN=Schema,CN=Configuration,DC=test,DC=locmayContain: descriptionmayContain: gecosmayContain: loginShellmayContain: unixUserPasswordmayContain: userPasswordmayContain: homeDirectorymayContain: unixHomeDirectorymayContain: gidNumbermayContain: uidNumbermayContain: cnmayContain: uid dn:CN=PosixGroup,CN=Schema,CN=Configuration,DC=test,DC=locmayContain: memberUidmayContain: gidNumbermayContain: descriptionmayContain: unixUserPasswordmayContain: userPasswordmayContain: cn 2 Objects returned -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Tuesday, October 03, 2006 2:16 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC I don't think I am making myself clear. I already have those classes in the schema, I just want to add the properties that those classes have to the global catalog so they replicate throughout the forest, I don't need to install those classes in the AD, I already did that. Do I have to add attribute by attribute to the GC? Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.Sent: Tuesday, October 03, 2006 1:18 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC Hi Rezuma, I suspect you might run into the same issue I had when I did the R2 forestprep with SFU 3.5 (although you have the earlier SFU 3.0). If so, see the fixup from Steve Linehan posted to this newsgroup on 8/7/06 (and my comment from 8/12/06). Mike Thommes From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Tuesday, October 03, 2006 11:25 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC You get the R2 CD and do the forestprep, it will install the entire R2 schema which includes all of those Unix interop classes and attributes. You do not really want to do this manually or it could be troublesome later. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Tuesday, October 03, 2006 11:53 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC We are using windows 2003 servers. But what I need is, to add those 2 classes that already exist in the AD schema to the global catalog so they replicate through the GCs in theforest. How do I add 2 whole classes with their attributes? changing the "replicate this attribute in the global catalog" optionattribute by attribute? Thanks Rezuma From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Tuesday, October 03, 2006 11:25 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC Modifying the schema except for indexing or adding PAS attributes in a forest with Windows 2000 domain controllers is really a non-event when done properly with proper OIDs and names. Indexing can work your DCs a little as the new indexes have to be created but it depends on the attribs being indexed and what type of index is being created on how much that will hit your DC. Usually I would say it is minimal impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which generates a considerable amount of replication. Simply, if you are running Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has been around for 3 years already and has a ton of AD enhancements. In a small network like yours, I wouldn't expect even a small burp even in the worst case unless you have few users and a ton (tens or hundreds of thousands)of other types of objects. You would mention that though I expect. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
Re: [ActiveDir] Move all OU and USERS from one forest to another forest
I'm not sure if I was going to test for an Exchange environment that I wouldn't want to make sure that, at the very least, I still had the extensions in place for Exchange in the schema. On 10/3/06, Almeida Pinto, Jorge de [EMAIL PROTECTED] wrote: Have a look at:http://blogs.dirteam.com/blogs/jorge/archive/2005/11/19/105.aspx http://blogs.dirteam.com/blogs/jorge/archive/2005/11/19/107.aspxjorge-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ramon LinanSent: Tuesday, October 03, 2006 16:38To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Move all OU and USERS from one forestto another forestHi,I am trying to build a testing environment. I have the production forest and the testing forest, notconnected at all.Is there an easy way of creating all the same OUs and usersfrom one forest to the other?, each forest only have one domain, also, I only interested in moving some of theattributes,i.e. there is no MS exchange in the testingenvironment so I don't care about exchange attributes. I was going to build an script that will read fromproduction LDAP and create objects in the other one, but isthere is already something that, like a tool or script itwill prefer to use it to save time. Can I use ADAM for this?RezumaList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] OT: Volume licensing activation
When you've got 100k workstations in your environment and it takes 2-3 minutes to run through the activation and then however much time to manage the server...100k*2.5 ends up equalling about 2 year's worth of wages for a single employee (call it $120k total). I don't mind them trying to protect keys, but it's not the companies with 1k+ workstations, it's the companies with 50 workstations and 'computer geniuses' (don't you dread it when you hear that phrase - you know something's *really* screwed up) who are using invalid or stolen keys. I know that 120k might be 'beans' to a large company, but reality is that you just increased the deployment cost for a new tool. If I can run XP for an extra 2 years and use the version after Vista, then I just saved my company $120k.. I just paid my salary for the next year probably. This is how management personnel think - that's why we call them 'bean counters' because that 120k means something to them. They know that not using legit versions is not a valid solution, but they also know that saving $120k means something after you do it 10 times (and just saved the company 0.1% off their costs - every little bit counts for accountants).On 10/3/06, Brian Desmond [EMAIL PROTECTED] wrote: I read through the docs on this vl activation and it's not as bad as it sounds. They're really just trying to protect the keys. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Matt Hargraves Sent: Tuesday, October 03, 2006 1:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Volume licensing activation Yeah... MS is going to get really high levels of adoption on this product... Gotta wonder what in the heck they're thinking sometimes. On 10/2/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: http://blogs.zdnet.com/microsoft/?p=26 Mary Jo Foley reports that the next version of Vista will have Volume licensing activation. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] OT: Volume licensing activation
I dont think the docs are public so just take my word its not like the consumer activation process. Ive been in orgs larger than that, dont worry I cringed when I heard about it too. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Hargraves Sent: Tuesday, October 03, 2006 8:30 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Volume licensing activation When you've got 100k workstations in your environment and it takes 2-3 minutes to run through the activation and then however much time to manage the server... 100k*2.5 ends up equalling about 2 year's worth of wages for a single employee (call it $120k total). I don't mind them trying to protect keys, but it's not the companies with 1k+ workstations, it's the companies with 50 workstations and 'computer geniuses' (don't you dread it when you hear that phrase - you know something's *really* screwed up) who are using invalid or stolen keys. I know that 120k might be 'beans' to a large company, but reality is that you just increased the deployment cost for a new tool. If I can run XP for an extra 2 years and use the version after Vista, then I just saved my company $120k.. I just paid my salary for the next year probably. This is how management personnel think - that's why we call them 'bean counters' because that 120k means something to them. They know that not using legit versions is not a valid solution, but they also know that saving $120k means something after you do it 10 times (and just saved the company 0.1% off their costs - every little bit counts for accountants). On 10/3/06, Brian Desmond [EMAIL PROTECTED] wrote: I read through the docs on this vl activation and it's not as bad as it sounds. They're really just trying to protect the keys. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Matt Hargraves Sent: Tuesday, October 03, 2006 1:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Volume licensing activation Yeah... MS is going to get really high levels of adoption on this product... Gotta wonder what in the heck they're thinking sometimes. On 10/2/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: http://blogs.zdnet.com/microsoft/?p=26 Mary Jo Foley reports that the next version of Vista will have Volume licensing activation. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
