[ActiveDir] ADMT 3 Released
ADMT V3 has been released. http://www.microsoft.com/downloads/details.aspx?FamilyId=6F86937B-533A-466D-A8E8-AFF85AD3D212displaylang=en http://tinyurl.com/bk98u Mike Celone LAN Administrator Radio Frequency Systems v. 203-630-3311 f. 203-634-2027 m. 203-537-2406 [EMAIL PROTECTED]
RE: [ActiveDir] Setting the default UPN when migrating accounts u sing ADMT
Guido, Thanks for pointing that out. I had never tried it so I wasn't sure. It's not such a big deal anymore then. I just got access to the ADMT v3 beta so I'm going to try it out. See what else it has. Mike From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 10, 2005 3:04 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Setting the default UPN when migrating accounts using ADMT afaik that's a non-configurable option in ADMT - same for v3 (release date is slipping every time I mention the last one I know - so I won't mention it hoping it will stay ;-) However, I've been using the v3 Beta quite successfully for a while and didn't have a stability issue or any other things go wrong once - as such I wouldn't want to touch v2 any more as v3 really runs much better. Regarding your actual "problem": not sure why you wouldn't want ADMT to use the root-domain'ssuffixfor the UPNon your accounts = they also have the child domain's suffix as an implicit UPN anyways (i.e. you user can logon as [EMAIL PROTECTED]AND as [EMAIL PROTECTED]). Ofcourse you might have other reasons for not having the extra UPN with the root-name - but beware that you don't loose the ability to logon with the child-domain suffix due to this. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Celone, MikeSent: Mittwoch, 10. August 2005 21:42To: 'ActiveDir@mail.activedir.org'Subject: [ActiveDir] Setting the default UPN when migrating accounts using ADMT In my test lab I have a single Win2k3 root domain and 2 child domains. I am using ADMT 2 (when is 3 coming out, it's been in Beta for over a year now) to migrate the accounts over. Everything works great except for the UPN. For some reason it's always taking the name of the root domain and not of the child domains. Is there a way to make ADMT use the child domain UPN. I figured I'd ask before I write a script to do it for me. Mike
[ActiveDir] Setting the default UPN when migrating accounts using ADMT
In my test lab I have a single Win2k3 root domain and 2 child domains. I am using ADMT 2 (when is 3 coming out, it's been in Beta for over a year now) to migrate the accounts over. Everything works great except for the UPN. For some reason it's always taking the name of the root domain and not of the child domains. Is there a way to make ADMT use the child domain UPN. I figured I'd ask before I write a script to do it for me. Mike
[ActiveDir] OT: Microsoft Outlook Mobile Manager
Anyone have a copy of this? I've used it in the past but I can't put it on my new machine. Microsoft discontinued it when Exchange 2003 was announced it would have these capabilities built in. It used to be a free download on Microsoft's site but it's gone now. If anyone has a copy of this or knows where I can get it, hit me up offline. Mike
[ActiveDir] Where does AD store the Dial In settings?
I need to get a list of users that have Dial In set to Allow Access but I can't seem to find what attribute AD uses to store this information. Any help? Mike
RE: [ActiveDir] Where does AD store the Dial In settings?
Title: RE: [ActiveDir] Where does AD store the Dial In settings? You guys rock! Thanks! -Original Message- From: Coleman, Hunter [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 27, 2005 4:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Where does AD store the Dial In settings? ::fold:: :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of joe Sent: Thursday, January 27, 2005 1:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Where does AD store the Dial In settings? :op I see your response and raise it a adfind -default -f (objectcategory=person)(msNPAllowDialin=TRUE) samaccountname joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, January 27, 2005 3:33 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Where does AD store the Dial In settings? http://www.readymaids.com/Portals/1/Find%20Users%20allowed%20to%20use%20VPN. t xt Enjoy - and remember to thank Hunter :) Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Charlie Kaiser Sent: Thu 1/27/2005 12:11 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Where does AD store the Dial In settings? msNPAllowDialIn ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Celone, Mike Sent: Thursday, January 27, 2005 11:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Where does AD store the Dial In settings? I need to get a list of users that have Dial In set to Allow Access but I can't seem to find what attribute AD uses to store this information. Any help? Mike List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] time server
Title: time server I've had problems with machines that are not part of the domain being unable to synch with the time service on a DC. It seems that if the machine is not part of the domain you are unable to use it as a time NTP or SNTP server. Mike From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Monday, January 10, 2005 3:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Its an AVAYA S8700 Media Server. The phone system admin showed me the web page where the Network Time Server should be configured on the AVAYA. It doesnt let me choose which protocol, it simply has a place for the IP address or DNS name of the Network Time Server. We entered the IP, and it says Could not update Network Time Server (as if it tries to query and fails). We can ping the AVAYA from the DC, and they are on the same subnet. I think (though unconfirmed) that the AVAYA runs on a proprietary Linux version. Only other option I thought might be a factor is Multicast client support, which is currently set to no. Our AD domains are Windows 2000. mc From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan MuggliSent: Monday, January 10, 2005 3:02 PMTo: ActiveDir@mail.activedir.org; Send - AD mailing listSubject: RE: [ActiveDir] time server I own the time service for Windows, so I can field the OS question. The NTP server in Windows 2003 is NTP V3 RFC compliant and third party NTP clients can (well *should*) be able to sync with it. When you say doesnt seem to recognize, is there an error message? How does it find a valid NTP server? -Nathan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Monday, January 10, 2005 11:07 AMTo: Send - AD mailing listSubject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx --Dean WellsMSEtechnology* Email: [EMAIL PROTECTED]http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, January 10, 2005 1:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, January 10, 2005 11:27 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesnt seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
RE: [ActiveDir] RDP
Title: RE: [ActiveDir] RDP What type of server is this? Specifically what video card? I had a machine I was using as a test server with an ATI card in it. Whenever I connected via Terminal Services the thing would boot on me. Updating the video card driver fixed it for me. Mike -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Monday, November 15, 2004 3:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP When it tries to connect, before the log on screen. Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. The problem I am having is when I try to connect remotely via Remote Desktop Protocol, the server reboots. It worked fine before the upgrade. Has anyone experienced this problem or know a solution? Does this happen as soon as the connection is established, or while you're logging on? I've never been a fan of domain controller upgrades. Too many things can break or become unstable. You're better off demoting it and rebuilding it from scratch. - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] OT: Turn on Integrated Windows Authentication in IE 6
I have to turn on the Enable Intergrated Windows Authentication underAdvanced options in IE6 on some 400+ desktops. Does anyone know what theregistry key this is? I would like to create an ADM file and use a GPO toturn this on for all the desktops at once. I can't seem to find where it'sset though. Any help is greatly appreciated.Mike
RE: [ActiveDir] OT: Turn on Integrated Windows Authentication in IE 6
Title: RE: [ActiveDir] OT: Turn on Integrated Windows Authentication in IE 6 Thanks Bob. Just curious where did you find this information? Mike -Original Message- From: Free, Bob [mailto:[EMAIL PROTECTED]] Sent: Friday, June 25, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Turn on Integrated Windows Authentication in IE 6 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings EnableNegotiate DWORD value 1 0 is off From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Celone, Mike Sent: Friday, June 25, 2004 8:06 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] OT: Turn on Integrated Windows Authentication in IE 6 I have to turn on the Enable Intergrated Windows Authentication under Advanced options in IE6 on some 400+ desktops. Does anyone know what the registry key this is? I would like to create an ADM file and use a GPO to turn this on for all the desktops at once. I can't seem to find where it's set though. Any help is greatly appreciated. Mike List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO - File and Printer Sharing.
Title: RE: [ActiveDir] GPO - File and Printer Sharing. We had a few users that would like to turn that off also. What we did was use snetcfg.exe in a batch file as a startup script. Since it runs in the localsystem account it can add file/printer sharing without the user being a admin on the machine. You can find the snetcfg.exe file at http://www.jsiinc.com/subj/tip4700/rh4705.htm Mike -Original Message- From: Dale, Rick [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 22, 2004 2:20 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO - File and Printer Sharing. Thanks guys, I have some users that are obstinate and they go in and turn off file and printer sharing which also takes the IPC$ share pipe off which then does not allow remote admin on their machine. So basically I wanted to be able to force them to have it turn on. I guess if I manually enable it then disable access to the network config that would work. Thanks again for your input. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 22, 2004 1:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO - File and Printer Sharing. Hey Rick... You can turn off the server service, even with a GPO, but then no one gets there, not even admins...as far as i know. It's a bit awkwards...but, in computer configuration/windows settings/security settings/local policies/user rights assignments/deny access to this computer from the network You can specify a global group in there.It's actually the opposite of what you want. I think they can create shares, but group members can't get to them. I really think this was an oversight from MS on the Group PoliciesI've mentioned it to them several times. I seem to remember you could do this with NT, and a system policy. John |-+-- | | Darren Mar-Elia | | | [EMAIL PROTECTED]| | | om | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 06/22/2004 12:58 PM | | | Please respond to | | | ActiveDir | | | | |-+-- --- -| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: RE: [ActiveDir] GPO - File and Printer Sharing. | --- -| Rick- No way that I know of to do this from GPO. The challenge is that its a bunch of binary reg keys that get messed with when you turn this on or off--per connection. I did a quick look through netsh and didn't see any commands there, but I may have missed it. Alternatively, if you want to shut it down completely, I think you can still turn off the Server service, which was the way to do it in NT 4. Probably need to test that though. Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dale, Rick Sent: Tuesday, June 22, 2004 9:22 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] GPO - File and Printer Sharing. Hi, I know there is a way to force enable or disable File Printer Sharing but I can not find it. How do you force that via a GPO? Thanks for the input. Rick List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Using a non-standard TLD in your domain name?
We are reviewing designs for our global AD environment and one suggestion what so usea non-standard TLD for our domain instead of the usual .com, org,net, etc. Onegroup is arguing that using a non-standard TLD is better for security. Can someone expand on this. When they were asked to they simply said theyheard it from a consultant. Are there any applications that will be expecting a normal TLDand may not work with a non-standard TLD?What are thepros/cons of using a non-standard TLD? Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 Mike Celone ([EMAIL PROTECTED]) ([EMAIL PROTECTED]).vcf Description: Binary data
RE: [ActiveDir] OT: Connecting Cisco Switches
Title: RE: [ActiveDir] OT: Connecting Cisco Switches Yes. Well at least on the 2924, 2924XL, and 2924M, we had to use a crossover cable. Mike -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 05, 2004 2:27 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Connecting Cisco Switches When connecting two Cisco 2950 Switches together, do you need to use a cross over cable to connect them? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] WMI Providers after NT4 PDC upgraded to Win2k
When we performed our AD upgrade we built a new PDC and upgraded that one to Win2k so that we wouldn't have to migrate. Our plan was to rebuild that machine eventually but we never got the chance to yet. I'm trying to do some performance monitoring on this and I noticed it's missing all the NTDS counters. I assume that's because it doesn't have the correct WMI providers since it was an upgrade of NT. Is there a way to add these now? Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 Mike Celone ([EMAIL PROTECTED]) ([EMAIL PROTECTED]).vcf Description: Binary data
[ActiveDir] Certificate Services
We are looking to add a certificate to one of our web servers so we can do an https session over it. This will be for our users to access OWA over a secure connection. Instead of purchasing a certificate from Verisign we would like to put up a CA server and use our own certificates.Is this the common way of doing this? Once the certificate is issued doesthe OWA server need to talk to the DC anymore? I'm new to all the certificate stuff so any help is appreciated! Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 Mike Celone ([EMAIL PROTECTED]) ([EMAIL PROTECTED]).vcf Description: Binary data
RE: [ActiveDir] Certificate Services
Title: RE: [ActiveDir] Certificate Services Thanks guys. One question about this line The client will require access to the CA machine if only one machine is hosting all functions. I'm a little confused by this. The server that the cert will be installed on is in a DMZ. We plan on putting it in our network and installing the cert on it and the putting it back in the DMZ. Client accessing this from the internet would not be able to hit the CA then. Wouldn't the client be getting the cert from the server in the DMZ instead and wouldn't have to talk to the CA. Oh and thanks for the link on Technet. I was looking for it before but couldn't find it. Mike -Original Message- From: John Singler [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 20, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Certificate Services Also, if you don't want to go through the hassle of installing a CA you can generate a cert using OpenSSL. Very easy. As Al already mentioned users will get a popup using this method as well. Resource: http://eal.us/blog/_archives/2003/6/2/25109.html (make sure you take note of the section that deals with OWA) Good luck, john Mulnick, Al composed the following message @ 01:11 PM 4/20/2004: The certificate doesn't do anything about authentication from a DC standpoint necessarily. The DC is still required for authentication of the user credentials as well as authorization services. The certificate will allow your user to encrypt the conversation from the web client to the web server thereby adding a layer of protection to the conversation from prying eyes (or sniffers as the case may be). Using your own certificate can be done, but often the overhead isn't worth it. Allowing a third party to manage the cert is a lot easier in terms of management, reliability, hardware, etc. The client will require access to the CA machine if only one machine is hosting all functions. Add to that they will get a popup asking if they want to use this cert since it's not in the cache to date. It's just not as clean from a user interface perspective, but workable if all else is worth it to you. http://www.microsoft.com/technet/security/topics/crypto/cryptpki.mspx http://www.microsoft.com/technet/security/topics/crypto/cryptpki.mspx is a primer for Windows 2000 PKI that may help to explain some of the additional components. AL -- From: Celone, Mike [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 20, 2004 12:00 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Certificate Services We are looking to add a certificate to one of our web servers so we can do an https session over it. This will be for our users to access OWA over a secure connection. Instead of purchasing a certificate from Verisign we would like to put up a CA server and use our own certificates. Is this the common way of doing this? Once the certificate is issued does the OWA server need to talk to the DC anymore? I'm new to all the certificate stuff so any help is appreciated! Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] enterprise-wide accounts
Thanks for correcting me on this. I would much rather use restricted groups than have the script I run everytime the machine is booted up. Mike From: joe [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 13, 2004 8:55 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] enterprise-wide accounts Mike, the functionality recently changed, that was a subject of a conversation on this list. Many of us were quite happily surprised to learn of the change. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, GuidoSent: Tuesday, April 13, 2004 6:23 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] enterprise-wide accounts won't Restricted groups remove any groups that are in the administrators group now except for the ones you specify? not if you have Win2k SP4 or Win2k3 and use the "MemberOf" option of the restricted groups. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike CeloneSent: Mittwoch, 14. April 2004 00:07To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] enterprise-wide accounts Alternatively you can do what we do here. We have a startup script that runs from a GPO that adds a group to the local administrators group everytime the machine is started up. The script looks like this net localgroup administrators /add "domain\admins" Just create a UG for all theadmins and add them to it, then when the servers are rebooted add this script will run and add the group to the machine's local administrator group. If you can't wait for the servers to be rebooted you can create a script that will read the servers in line by line and add this group to their local administrators group. Don't get me wrong Guido's solution will work also but won't Restricted groups remove any groups that are in the administrators group now except for the ones you specify? Mike From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, GuidoSent: Tuesday, April 13, 2004 5:47 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] enterprise-wide accounts domain admins is a global group and as such you can't add users from other domains to it. While other global groups can be converted to universal groups, you can't do so for the domain admins group. a solution to your problem is to use the restricted groups GPO feature (which will not work for your legacy machines in the AD domain) to add a universal group to the administrators group of all Server-OUs. I wouldn't want to set this GPO at the domain level, as then you're putting your AD domains at risk as well, if you do something wrong... The UG to use can either be the Enterprise Admins group or any other UG you assign for the task. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M.Sent: Dienstag, 13. April 2004 22:16To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] enterprise-wide accounts What about adding them to each domain admins group for each domain? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Tuesday, April 13, 2004 4:05 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] enterprise-wide accounts We'd like to eventually trim down the number of domains and get to an OU-based administrative model. But in the mean time, we have identified a couple of people that we want to have domain admin rights in all domains. I know that making them an enterprise admin allows them domain admin rights on the DCs in each domain because of membership in the BUILTIN\Administrators group in each domain. But that doesn't allow logon to all the member servers. How do I best grant "domain admin-level" rights across all domains in the forest with a single logon for each of these persons? Looking for a best practice. Thanks! Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do
RE: [ActiveDir] SUS 2.0 Beta
Title: RE: [ActiveDir] SUS 2.0 Beta There will be an upgrade path for WUW/SUS 2.0. However it hasn't been worked out yet. Mike -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 2:43 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta I was hoping I would be able to install SUS 2.0 over my existing SUS server since I do not have the resources to have it on another server. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad Sent: Wednesday, April 14, 2004 2:32 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta There's a client upgrade (which might be able to be done automatically) and I'd assume you'd want to install it into another IIS virtual server. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 1:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Does anyone know what the upgrade process is going to be from SUS to SUS 2.0? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad Sent: Wednesday, April 14, 2004 1:41 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Same way all other products are announced. My information has it that you've got a few months still before it goes public. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Philadelphia, Lynden - Revios Toronto [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 1:10 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] SUS 2.0 Beta How will we be notified when it is ready for public use Lynden -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 12:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta I believe its currently considered a closed beta, by invitation only. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Robbie Foust [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 12:24 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] SUS 2.0 Beta Looks like you can sign up for the open evaluation version here: http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx But I haven't been able to locate the beta version yet. Haven't found a Guest ID yet either. - Robbie Robbie Foust, IT Analyst Systems and Core Services Duke University England, Christopher M wrote: Greetings, I guess SUS 2.0 Beta has been released: _http://www.nwc.com/showitem.jhtml?articleID=18400592_ Does anyone have a Guest ID to get in on the Beta? Or is there just a download somewhere? Thanks all, Chris Christopher England Systems Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Join other DCs to an SBS2k or 2k3 domain?
Can someone confirm something for me? Can you join a Win2k or Win2k3 server to a domain created with SBS 2k or SBS2k3 and the run DCPROMO and bring it online as a DC. I thought that you could not do that with SBS. I thought SBS could be the only domain controller in your domain. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 Mike Celone ([EMAIL PROTECTED]) ([EMAIL PROTECTED]).vcf Description: Binary data
RE: [ActiveDir] Join other DCs to an SBS2k or 2k3 domain?
Thanks Michael. Mike From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 3:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Join other DCs to an SBS2k or 2k3 domain? You can't have trusts on the SBS server, so it kinda depends on what you mean by "migrate". Additional DCs are for "backup purposes only" and are not intended to provide any other services :-P (Can it be done, if you have extra boxes and non-SBS software to play with? Yes. Is it a licensing violation? Yes.) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Celone, MikeSent: Thursday, April 08, 2004 2:00 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Join other DCs to an SBS2k or 2k3 domain? This isn't for me so no licensing issues involved here. Just brainstorming. Hmm I always thought that you could not do that with SBS. I've also read somewhere that you could not migrate users from an SBS built domain to another AD domain. I assumed this was because you could not have Win2k or 2k3 DCs in the domain. So would it also be possible to migrate users from an SBS domain to a Win2k domain? Assuming of course you have license to do so. Thanks for the clarification. Mike From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 2:51 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Join other DCs to an SBS2k or 2k3 domain? Yes, you can. The SBS server must be "at the root" of the domain, to be "legal". The SBS tools don't allow you to move the FSMO roles, but you can do so at the other servers once they are are promoted. So, I must advise you not to do that, because it would be a licensing violation. :-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Celone, MikeSent: Thursday, April 08, 2004 1:35 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Join other DCs to an SBS2k or 2k3 domain? Can someone confirm something for me? Can you join a Win2k or Win2k3 server to a domain created with SBS 2k or SBS2k3 and the run DCPROMO and bring it online as a DC. I thought that you could not do that with SBS. I thought SBS could be the only domain controller in your domain. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406
[ActiveDir] AD Consultants
Before I start just to let you know I checked with Tony before sending this to the list. Does anyone know anyone companies in the North Eastern US area that does AD consulting and design? My CIO would like to bring in a consulting company to help us out with a global AD design for our company. If anyone has any suggestions or needs more infomation please email OFF the list. Any and all help is appreciated. Mike
RE: [ActiveDir] Vice pres Account Lockout ?
"Also (the kicker) his account has the "password never expires" set to never expire" This will have no effect on being able to lockout his account. His account is being locked out not expiring. They are two different things. Are there any services that running under his domain account? Your getting no hits from either DC using the lockout status tool? Mike From: Mike Hogenauer [mailto:[EMAIL PROTECTED] Sent: Friday, April 02, 2004 1:19 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Vice pres Account Lockout ? HELP. I'm having a seriousAccount lockout problem!! The VP of my company's account gets locked out every time he changes his password. This time I had him log off all terminal Server sessions, he rebooted his system, and still his account gets locked out. Also (the kicker) his account has the "password never expires" set to never expire. I've used the account lockout tool, and also ran a search on LDAP to look for multiple entry's of his account, still no clues... Could it be a policy running somewherethat I'm missing? I've also set the account lockout policy settings to 50 invalid login attempt and I've disabling this policy before, still nothing seems to work. We're running a native 2000 single site domain with 2 domain controllers. ANY help is greatly appreciated.. Thanks in advance. Mike
[ActiveDir] CSVDE Problem
I must be doing something stupid that I can't seem to figure out. I'm trying to use CSVDE to export all the users from our domain. Now whenever I run the program and specify to only export user objects it exports everything on me! Here the command line I am using: csvde -f c:\file.csv -d "dc=xx,dc=yyy,dc=com" -r "(objectClass=user)" Shouldn't this command only export user objects? For some reason it's exportingboth computer and user objects from the domain. What am I doing wrong? Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406
[ActiveDir] OT: Exchange 5.5 SMTP Log Parser
Title: OT: Exchange 5.5 SMTP Log Parser Anyone know of a log parser for Exchange 5.5 IMC logs? I downloaded Microsoft's log parser 2.0 but it doesn't seem to do Exchange 5.5 logs. I've got to dig through some big logs files and I was hoping to parse them first. Mike
RE: [ActiveDir] OT: Exchange 5.5 SMTP Log Parser
Title: Message Thanks Roger. That will work perfectly! Mike From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 11:42 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: Exchange 5.5 SMTP Log Parser What kind of logs, and what are you looking for? This is a little log file condenser that I wrote for the IMS logs a while back: http://www.wiredeuclid.com/modules.php?op=modloadname=Sectionsfile=indexreq=viewarticleartid=5page=1 -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 11:07 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] OT: Exchange 5.5 SMTP Log Parser Anyone know of a log parser for Exchange 5.5 IMC logs? I downloaded Microsoft's log parser 2.0 but it doesn't seem to do Exchange 5.5 logs. I've got to dig through some big logs files and I was hoping to parse them first. Mike
[ActiveDir] Multiple Trees questions
I've got a few questions about using multiple trees in a forest. Are there transitive Kerberos trusts across the trees in Win2k? Win2k3? What's the advantage/disadvantages of going with 3 seperate trees vs 1 single tree with an empty root and 3 child domains? Assuming we implement Exchange 2k3 does having 3 seperate trees mean 3 seperate Exchange organizations? We have already implemented AD in our US offices but now our Europe office and Asia-Pacific offices are looking to join into our AD structures. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406
RE: [ActiveDir] Multiple Trees questions
Thanks for the reply Al. When I said 3 seperate trees I meant 3 trees within the same forest. There would be no empty root domain but we would all be part of the same forest. We are definetly not looking to go with 3 seperate forests. I'm wondering how much adminsitration overhead we would be adding to by having 3 trees within the same forest. Mike From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 12:48 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Multiple Trees questions Thoughts inline From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 11:53 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Multiple Trees questions I've got a few questions about using multiple trees in a forest. Are there transitive Kerberos trusts across the trees in Win2k? Win2k3? [Mulnick, Al]You can set up trusts, butdo you need them to be transitive? What's the end requirement thatyou need if you go this route? What's the advantage/disadvantages of going with 3 seperate trees vs 1 single tree with an empty root and 3 child domains? [Mulnick, Al]The only reason to go withseparate forests is the way you manageyour environment and security. If you have to have three separate trees, it can be done, but it's much more complexand administratively a burden if you use multiple trees for everything from upgrades to administrivia. It does have the advantage of allowing you to implement schema changing apps with less risk however which should count for something. However, if you're a company that allows people to move betwen countries, the migration process could be a PITA. Assuming we implement Exchange 2k3 does having 3 seperate trees mean 3 seperate Exchange organizations?[Mulnick, Al]have you read the Planning an Exchange 2003 document on www.microsoft.com/exchange/library ? It talks about the pros and cons of a multi-org Exchange deployment and how Microsoft sees it working. It's worth your time to read it to help answer this and many more questions about the app. We have already implemented AD in our US offices but now our Europe office and Asia-Pacific offices are looking to join into our AD structures. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406
RE: [ActiveDir] Multiple Trees questions
Yes that's correct a single forest. Thanks for the answers.I was pretty sure on most of them but it always helps to make sure I was reading the information from Microsoft's site correctly! Mike From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 1:22 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Multiple Trees questions D'OH. Nothing like using a contradictory example to illustrate my point. Should have been "sub3.domainA.com" From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 11:12 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Multiple Trees questions I read the question differently, coming from the standpoint of everything within a single forest. If that's correct, then my thoughts: a) Yes b) Trees are all about DNS namespaces. If you need domainA.com and domainB.com and domainC.comwithin the same forest, then you are forced into multiple trees. On the other hand, if you can have domainA.com and sub1.domainA.com, sub2.domainA.com, and sub3.domain.com, then a single tree is your answer. c) Should be workable with a single Exchange organization, as Exchange is forest-wide in scope, not restriced to tree-wide. From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 10:48 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Multiple Trees questions Thoughts inline From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 11:53 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Multiple Trees questions I've got a few questions about using multiple trees in a forest. Are there transitive Kerberos trusts across the trees in Win2k? Win2k3? [Mulnick, Al]You can set up trusts, butdo you need them to be transitive? What's the end requirement thatyou need if you go this route? What's the advantage/disadvantages of going with 3 seperate trees vs 1 single tree with an empty root and 3 child domains? [Mulnick, Al]The only reason to go withseparate forests is the way you manageyour environment and security. If you have to have three separate trees, it can be done, but it's much more complexand administratively a burden if you use multiple trees for everything from upgrades to administrivia. It does have the advantage of allowing you to implement schema changing apps with less risk however which should count for something. However, if you're a company that allows people to move betwen countries, the migration process could be a PITA. Assuming we implement Exchange 2k3 does having 3 seperate trees mean 3 seperate Exchange organizations?[Mulnick, Al]have you read the Planning an Exchange 2003 document on www.microsoft.com/exchange/library ? It talks about the pros and cons of a multi-org Exchange deployment and how Microsoft sees it working. It's worth your time to read it to help answer this and many more questions about the app. We have already implemented AD in our US offices but now our Europe office and Asia-Pacific offices are looking to join into our AD structures. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406
RE: [ActiveDir] security event log audits
Will this work for Win2k servers also? Mike From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 1:40 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] security event log audits MACS (MS Audit Collector System) will do all of that for you and likely much more efficient than what you'd do yourself (and more secure as well) - should be released soon (I think with 2003 SP1) /Guido From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Dienstag, 16. März 2004 19:18To: [EMAIL PROTECTED]Subject: [ActiveDir] security event log audits Has anyone had success putting together something home-grown to centralize security event logs into a sql database? If so, I wanted to get some tips on how the tables should be set up - can all events that are captured in the security log be placed in the same table, or do different events have their own structure and would have to go into separate tables? Also, I'm familiar with EventCombMT and eldump - are there any other tools I should be considering to pull the data? I'm assuming I'll need to use something like one of those to act as the middleware between the logs and the database. Thanks... Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do
RE: [ActiveDir] [OT] SMS LIST???
Title: [OT] SMS LIST??? There's one hosted by Topica. The address is [EMAIL PROTECTED]. Excellent contributors on the list and it's very very active. FYI it's run by www.MyItForum.com and will be migrating to their list server starting Monday so you may want to wait till then to subscribe. Rod Trent runs the list (whom I'm pretty sure subscribes to this list too) so he can provide more information. Mike From: Brown, Bill [contractor] [mailto:[EMAIL PROTECTED] Sent: Friday, March 05, 2004 3:22 PMTo: ActiveDirListSubject: [ActiveDir] [OT] SMS LIST??? To All, Can anyone recommend a list for SMS that has quality contributors - like this one? R/Bill
RE: [ActiveDir] Find and delete/disable all your old computer acc ounts real easy
Title: Message www.joeware.net Oldcmp is the name of the utility. Works great! Mike From: J0mb [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 11:08 AMTo: [EMAIL PROTECTED]Subject: R: [ActiveDir] Find and delete/disable all your old computer acc ounts real easy i must have missed the post, is that free version still available somewhere? thank you Robert, last I checked it is appropriate to get permission from the list owner prior to submitting product plugs. Additionally, I think you're a little late, since we all have had access to a free version from one of the list members not too long ago. -Original Message-From: Robert Lundh [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 6:59 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Find and delete/disable all your old computer accounts real easy If you want to find old computer accounts quick and east and be able to delete them as wellI suggest you take a look atActive Directory Janitor (http://www.adjanitor.com) It will do exactly this for you in a controlled and quick way. It can be downloaded and tested right away. I also want to say that I work for a vendor and that I am curious to hear your feedback. Thanks guys! /Robert
RE: [ActiveDir] MS04-004
Title: RE: [ActiveDir] MS04-004 Anyone know if this also applies to ftp connections too. On the SMS list one guy says it does and others say it doesn't? I haven't deployed the patch yet but plan on doing it soon. Mike -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 11, 2004 3:24 PM To: Exchange2000 (E-mail); ActiveDir (E-mail) Subject: [ActiveDir] MS04-004 If any of you use Basic Authentication over HTTP or HTTPS you need to read this. http://www.microsoft.com/technet/treeview/default.asp?url=""> Bulletin/MS04-004.asp http://www.microsoft.com/technet/treeview/default.asp?url=""> /Bulletin/MS04-004.asp The cumulative patch for IE no longer supports http://username:[EMAIL PROTECTED]/resource Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Changing DHCP Servers
There's a utility in the Win2k Resource kit called DHCPEXIM. You can also get it here http://tinyurl.com/36j2m. I know it works for Win2k, not sure about Win2k3 though. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 From: Jerry Johnson [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 8:52 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Changing DHCP Servers Everyone I have added a w2k3 DC into our network and am gradually giving it more responsibility, so far so good. The next thing I want to do is make it our DHCP server (currently being held by win2k server that is going to be formatted and made into w2k3). I have created an identical scope on the new box but have not activated it. Is it just a matter of deactivating the old and activating the new, or is it more involved than that? Thank You Jerry Scicom Data Services Minnetonka,Mn
RE: [ActiveDir] Computer Migration Issues with ADMT - FIXED :- )
Title: RE: [ActiveDir] Computer Migration Issues with ADMT - FIXED :- ) I haven't moved anymore machines in the lab yet. I'll be migrating about 25 machines or so Wed night and I can let you know how it goes then. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED]] Sent: Monday, February 09, 2004 11:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Computer Migration Issues with ADMT - FIXED :- ) Thanks for the update Tim. 7 min calculation according to my testing in the lab. I believe Mike is also doing the same testing in the lab. Mike, Do you have any update for us? Santhosh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Wright, T. MR NSSB Sent: Friday, February 06, 2004 9:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Computer Migration Issues with ADMT - FIXED :- ) Santosh/Mike, We successfully migrated about 6000 computers using ADMT ver.2 set to reboot 1 min. after completion. Santosh, I'm not sure where you are getting the 7 min. from. ADMT issues a message to the workstation to start ADMTagent.exe, immediately after you click the close button. You can verify this by looking in Task Manager on the machine you are trying to migrate, you should see ADMTagent listed in the active processes. It could actually take much longer or much shorter depending on the amount of data and profiles that are on the machine which you are trying to migrate. The more data the longer it will take. We migrated a 2TB file server and it took about an hour. HTH, -Tim -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED]] Sent: Friday, February 06, 2004 12:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Computer Migration Issues with ADMT - FIXED :- ) Mike Sudhir, My computer migration problem has been fixed! I learned something today, Be patient. Here is the time calculation according to my testing. If you select the 5 minutes option during the computer migration, the actual restart time = 7min + selected 5 min is a total of 12 min. If you select 1 min, the restart time = 7 min + 1 min. 7 min is a fixed time for ADMT to issue a message to the workstation. After that 7 min you will see the shutdown message and it will give you the selected time during the computer migration(5, 1 etc). 7 min is according to my testing in the lab but I think the MS actual value is 5 min. Mike, I would recommend you test in the lab with a 1 min option and wait for 8 min. You will see the restart message on the workstation. Good luck and be patient :- ) Thanks, Santhosh From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Santhosh Sivarajan Sent: Friday, February 06, 2004 8:43 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Computer Migration Issues with ADMT Thanks Mike. I am going to test your solution in the lab today! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Celone, Mike Sent: Friday, February 06, 2004 7:42 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Computer Migration Issues with ADMT Santosh, I moved a total of 3 machines yesterday in our lab and was able to get them to reboot successfully. Instead of changing the time to 1 minute I left it at 5. Those machines rebooted without issue. I then tried again changing the time to 1 minute. Those machines would not reboot. It seems if you change the time to less than 5 minutes it does not issue a reboot. As for the below error messages you will see them in the logs if you just do a test and not a migration. Every test I've done using ADMT displays the 2nd error message in the logs. Mike From: Sudhir Kaushal [mailto:[EMAIL PROTECTED]] Sent: Friday, February 06, 2004 12:17 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Computer Migration Issues with ADMT Hi Santosh, It is true that account is created but the machines just dont reboot. In my case i tried even changing the time from 1 min to 5 min. But the machines just dont reboot. Even after rebooting the machines manually, the domain name remained the same. After checking the logs on c:\temp on the clients machine i found this error failed to change the domain affiliation (hr=8007054b), the specified domain does not exist or could not be contacted . Because of this i concluded that account creation on the Target domain is may be because of ADMT agent, which gets properly installed on the client machine and do the necessary changes, but client is not able to contact the Target domain and hence dont reboot on their own. The other most common error i have seen in the logs is that hr=800706fb The security database on the server does not have a computer account for this workstation trust
RE: [ActiveDir] Other Listsrvs
Title: Message This is probably the very best SMS list out there. Lots of knowledgeable folks there. http://www.topica.com/lists/MSSMS/ Mike From: Steve Shaff [mailto:[EMAIL PROTECTED] Sent: Monday, February 09, 2004 1:58 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Other Listsrvs This is a general question for the group. I am in charge more than just the active directory, schema, trusts, etc. I have found that this has been a valuable source of information and I would like to know if anyone knows of other listsrvs that deal with SMS and/or exchange, that are as good as this one? Thanks,S
RE: [ActiveDir] Computer Migration Issues with ADMT
Title: RE: [ActiveDir] Computer Migration Issues with ADMT Santosh, I moved a total of 3 machines yesterday in our lab and was able to get them to reboot successfully. Instead of changing the time to 1 minute I left it at 5. Those machines rebooted without issue. I then tried again changing the time to 1 minute. Those machines would not reboot. It seems if you change the time to less than 5 minutes it does not issue a reboot. As for the below error messages you will see them in the logs if you just do a test and not a migration. Every test I've done using ADMT displays the 2nd error message in the logs. Mike From: Sudhir Kaushal [mailto:[EMAIL PROTECTED] Sent: Friday, February 06, 2004 12:17 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Computer Migration Issues with ADMT Hi Santosh, It is true that account is created but the machines just dont reboot. In my case i tried even changing the time from 1 min to 5 min. But the machines just dont reboot. Even afterrebooting the machines manually, the domain name remained the same. After checking the logs on c:\temp on the clients machine i found this error "failed to change the domain affiliation (hr=8007054b), the specified domain does not exist or could not be contacted" . Because of thisi concluded that account creation on the Target domain is may be because of ADMT agent, which gets properly installed on the client machine and do the necessary changes, but client is not able to contact the Target domain and hence dont reboot on their own. The other most common error i have seen in the logs is that "hr=800706fb The security database on the server does not have a computer account for this workstation trust relationship". Again I guess this is related with the Administrative permissionin the domain. Santosh what error you are getting in the logs? Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED]Sent: Thursday, February 05, 2004 7:31 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Computer Migration Issues with ADMT Yes. you are right mike. I don't think it is due to name resolution problem. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Celone, MikeSent: Thursday, February 05, 2004 7:38 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Computer Migration Issues with ADMT So your saying that the machines won't reboot because they can't resolve the target domain? This can't be true because all the machines I tried it on join to the target domain (I see the account created) but just don't reboot. After I reboot them manually they log into the new domain without any issues. Why would the machine have to resolve the target domain to reboot anyways? Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 From: Sudhir Kaushal [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 1:29 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Computer Migration Issues with ADMT Hi Santosh, I had this problem while migrating the computer accounts and the things i concluded are as follows: This error is because the ADMT agent on the source domain clients is not able to resolve the target domain. I tried first creating static WINS record of the target domain in the source domain WINS server. Though MIcrosoft dont recommend it. It didn't worked out for me, may be for the simple fact that WINS resolution is not supported when ur target Win2K domain is using DNS for the name resolution. I was migrating from NT 4.0 to Win2K. If you r using DNS in the source domain and if it doesn't have resource record of Target domain, then create it. so that ADMT agent should be able to resolve the Target domain name from the source domain DNS. Like "Targetdomain.com" . If u r using only WINS in the source domain, then make sure that u have the WINS record of the target domain in the source domain WINS server. If u r using DHCP then u can make all ur source domain clients to use DNS of Target domain by making the configuration for DNS in DHCP . So that ADMT agent could able to resolve the target domain name from Target domain DNS server only. For me the first one worked out. I hope it works for u too. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 05, 2004 4:18 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Computer Migration Issues with ADMT I
RE: [ActiveDir] Computer Migration Issues with ADMT
Title: RE: [ActiveDir] Computer Migration Issues with ADMT So your saying that the machines won't reboot because they can't resolve the target domain? This can't be true because all the machines I tried it on join to the target domain (I see the account created) but just don't reboot. After I reboot them manually they log into the new domain without any issues. Why would the machine have to resolve the target domain to reboot anyways? Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 From: Sudhir Kaushal [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 1:29 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Computer Migration Issues with ADMT Hi Santosh, I had this problem while migrating the computer accounts and the things i concluded are as follows: This error is because the ADMT agent on the source domain clients is not able to resolve the target domain. I tried first creating static WINS record of the target domain in the source domain WINS server. Though MIcrosoft dont recommend it. It didn't worked out for me, may be for the simple fact that WINS resolution is not supported when ur target Win2K domain is using DNS for the name resolution. I was migrating from NT 4.0 to Win2K. If you r using DNS in the source domain and if it doesn't have resource record of Target domain, then create it. so that ADMT agent should be able to resolve the Target domain name from the source domain DNS. Like "Targetdomain.com" . If u r using only WINS in the source domain, then make sure that u have the WINS record of the target domain in the source domain WINS server. If u r using DHCP then u can make all ur source domain clients to use DNS of Target domain by making the configuration for DNS in DHCP . So that ADMT agent could able to resolve the target domain name from Target domain DNS server only. For me the first one worked out. I hope it works for u too. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 05, 2004 4:18 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Computer Migration Issues with ADMT I remember someone posted a message here 3 or 4 weeks ago with an ADMT and computer migration question. I have the same problem in the lab. After the computer migration, it won't restart automatically. I have to manually restart the computer. Does anyone remember that question? If you still have a copy of that email thread could you forward it to me? Thanks, Santhosh List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] GPO explanations
I seem to remember someone on the list had a Excel spreadsheet that had a listing of with all the settings in the default GPOs and explanations for each one. I could of swore I found it on Microsoft's site but I can't now. Anyone have this handy?
RE: [ActiveDir] GPO explanations
Thanks Bob. That was it! Thanks everyone else who sent me other sheets. They've all been handy. Mike From: Free, Bob [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 03, 2004 2:55 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] GPO explanations http://www.microsoft.com/downloads/details.aspx?FamilyId=7821C32F-DA15-438D-8E48-45915CD2BC14displaylang=en From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 03, 2004 10:31 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] GPO explanations I seem to remember someone on the list had a Excel spreadsheet that had a listing of with all the settings in the default GPOs and explanations for each one. I could of swore I found it on Microsoft's site but I can't now. Anyone have this handy?
RE: [ActiveDir] GPO explanations
Dead link Mike From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 03, 2004 3:00 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] GPO explanations Or maybe this one? http://www.ptmarketing.com/PolicySettings.zip From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug HampshireSent: Tuesday, February 03, 2004 1:57 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] GPO explanations This what you're looking for? - Original Message - From: Celone, Mike To: '[EMAIL PROTECTED]' Sent: Tuesday, February 03, 2004 10:30 AM Subject: [ActiveDir] GPO explanations I seem to remember someone on the list had a Excel spreadsheet that had a listing of with all the settings in the default GPOs and explanations for each one. I could of swore I found it on Microsoft's site but I can't now. Anyone have this handy?
[ActiveDir] NT4 BDC question
We have a single NT4 machine that is a BDC in our AD. Right now the netlogon service has been turned off because we are trying to get all machines to authenticate to our 3 Win2k DCs. We would shutdown and remove this server but it has Autodesk Licence Manager on it and well it's being a PITA to move. We need to go into Native mode so that I can use ADMT with SIDHistory and migrate our other domain in. So my question is this. If we were to promote AD into Native mode and shutoff the netlogon service on the NT4 BDC would it get cranky that it can't replicate with the other DCs anymore? Or would it not even try anymore since the netlogon service it turned off? We plan on moving ADLM but right now it's not a priority and we need to start migrating in this other NT4 domain. ADLM runs with the local service account and doesn't need access rights to the network at all. Is there anything I am missing here? Mike
RE: [ActiveDir] NT4 BDC question
Thanks guys. I'll take a look at it. Mike From: Depp, Dennis M. [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 03, 2004 4:30 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] NT4 BDC question Also make sure you have a good backup of the system state before you run Upromote. Actually I seem to recall UPromote making a backup as part of the process. When we migrated to Active Directory, we ran this on over 50 computers. I only had 2 computers that had major problems. One was resolved with UPromote tech support and the second we had to restore the system state. It is still an excellent product. Denny From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, HunterSent: Tuesday, February 03, 2004 3:52 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] NT4 BDC question Mike- You might want to consider using Upromote (http://www.purenetworking.net/Products/UPromote/UPromote.htm) to drop your NT4 BDC to a standalone server. We did this on several machines that were DCs in domains we were consolidating. Worked great for us...but if you go this route be sure to test it in a lab setting first. Hunter From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 03, 2004 1:24 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] NT4 BDC question We have a single NT4 machine that is a BDC in our AD. Right now the netlogon service has been turned off because we are trying to get all machines to authenticate to our 3 Win2k DCs. We would shutdown and remove this server but it has Autodesk Licence Manager on it and well it's being a PITA to move. We need to go into Native mode so that I can use ADMT with SIDHistory and migrate our other domain in. So my question is this. If we were to promote AD into Native mode and shutoff the netlogon service on the NT4 BDC would it get cranky that it can't replicate with the other DCs anymore? Or would it not even try anymore since the netlogon service it turned off? We plan on moving ADLM but right now it's not a priority and we need to start migrating in this other NT4 domain. ADLM runs with the local service account and doesn't need access rights to the network at all. Is there anything I am missing here? Mike
RE: [ActiveDir] OT: slipstreaming Win2K
You mean this? http://support.microsoft.com/default.aspx?scid=kb;en-us;828930Product=win2000 Mike From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:06 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] OT: slipstreaming Win2K I've successfully slipstreamed service packs into a Win2K install media before, but never looked into adding any hotfixes to it. So I started looking into how to do it, and was surprised to find dialog from one of Microsoft's online tech chats, in which the rep said you can't do that. Did I misunderstand, or can I really not add hotfixes to a slipstream image? Thanks...oh, and Tony - thanks also from me for a great list! Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do
RE: [ActiveDir] net time
Title: RE: [ActiveDir] net time That's the way it's supposed to work. All your DCs will act as time servers and your clients will synch with them. They just synch their time with the PDC-E which should be set to use and outside time service. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, December 19, 2003 12:38 PM To: ActiveDir (E-mail) Subject: [ActiveDir] net time Everyone, I have my PDC Emulator on a server that is set to a SNTP server on the web, however all my others servers when I type in net time /set point to a different server that holds no roles what so ever for AD, it is just a DC. What am I doing worng. Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Using InstallShield in a Startup Script
Title: Message I did that exact thing to simulate LocalSystem context. I created a batch file that would just create a text file on the remote null share and it works. Also the batch file was able to copy the files from the null share to the machine in the startup script. Thanks for the help though. Mike From: marcus [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2003 9:53 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Using InstallShield in a Startup Script Maybe I'm missing something here... but how did you simulate the LocalSystem context accessing the Null Share path to ensure that part was working? If you decide to look at this again, I would suggest looking into that part of it... just drop a few lines to create a text file, with what process it's at: Echo creating temp path\text.txt md c:\temp Echo creating v5r2 path\text.txtmd c:\temp\V5R2echo copying files blah blah blah... copy \\server\iseries\*.* c:\temp\v5r2c:\temp\v5r2\setup -s -f1z:\iseriesv5r2.iss -f2c:\v5r2.log -SMS From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Celone, MikeSent: Thursday, November 20, 2003 4:02 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: Using InstallShield in a Startup Script I realized I goofed on that when I typed it earlier. I responded back right after that with the corrected line. My batch file does use complete paths. I've given up already and am using psexec to do it instead. Thanks for all the help Mike From: Steve Rochford [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 2:17 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Using InstallShield in a Startup Script I'd agree with your 3) below - the reference to z:\ will fail because you've done nothing to map that drive. As douglas said, you need to use full paths - c:\temp\v5r2\setup -s -f1\\server\iseries\v5r2.iss -f2c:\v5r2.log -SMS or c:\temp\v5r2\setup -s -f1c:\temp\v5r2.iss -f2c:\v5r2.log -SMS should work. I think the admin rights is irrelevant here - the startup script is running as local system - but the other thing to look out for is that "domain computers" must have read access to the folder \\server\iseries. Steve -Original Message-From: Stefano Tufillaro [mailto:[EMAIL PROTECTED] Sent: 20 November 2003 13:21To: [EMAIL PROTECTED]Subject: Re: [ActiveDir] OT: Using InstallShield in a Startup Script 1) No silent is not equal unattended. Silent means I'm logged my session, is active with my rights, access etc. AND I see anything. Unattended means that never the system ask to me an aswer by a click or a prompt or like situation. It's a boolean serie unattended but visible unattendedand visible visible and attended 2) What admion rights ? Admin domain rights? workstation rights ? RunAs Admin rights ? The logon process not automatically give the right combination immediately and the task where live the logon scripts when will can become 'administrating' ? 3) look at at yor 4th line. Probably the erroris there c:\temp\v5r2\setup -s -f1z:\iseriesv5r2.iss -f2c:\v5r2.log -SMS -Original Message-From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 11:41 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Using InstallShield in a Startup Script I tried this and it does the same thing. I have a script that lists all processes running on the machine and I can see setup.exe in there but it never does anything. I'm starting to think you can't use an InstallShield installer until you are logged in. I can see it copy the files down and the install starts but that's it. Also InstallShield never creates the log file either. Here's an example of the batch file: md c:\tempmd c:\temp\V5R2copy \\server\iseries\*.* c:\temp\v5r2c:\temp\v5r2\setup -s -f1z:\iseriesv5r2.iss -f2c:\v5r2.log -SMS Mike From: Douglas M. Long [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 4:41 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Using InstallShield in a Startup Script If you are able to get to the share, but the script is not executing the .exe, try copying the file from the shareto the local machine (in your script) and then running setup.exe. Just make sure to use full paths in all instances
RE: [ActiveDir] OT: Using InstallShield in a Startup Script
Title: Message -The install is totally silent except that it places an icon near your clock while it is installing. You can click on that to see the status of the install. I'm wondering if because the explorer shell is not loaded at that point it won't run? - Since I'm running it as a Startup script it is running in the LocalSystem account. It should have full control over the machine. - I would run it as a logon script but the program needs admin rights to install. A good portion of our users do not have Admin rights. Thanks for the help everyone! Mike From: Baekelant, Erik [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 8:04 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: Using InstallShield in a Startup Script not really an expert on this, but here are two suggestions: - Is it really a silent install (silent isn't equal to unattended) ? - Some setups do require Admin rights/does the setup create reg keys/shortscuts in part of the profile - Would it be a problem to run the script at logon time instead ? Erik -Original Message-From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 11:41 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Using InstallShield in a Startup Script I tried this and it does the same thing. I have a script that lists all processes running on the machine and I can see setup.exe in there but it never does anything. I'm starting to think you can't use an InstallShield installer until you are logged in. I can see it copy the files down and the install starts but that's it. Also InstallShield never creates the log file either. Here's an example of the batch file: md c:\tempmd c:\temp\V5R2copy \\server\iseries\*.* c:\temp\v5r2c:\temp\v5r2\setup -s -f1z:\iseriesv5r2.iss -f2c:\v5r2.log -SMS Mike From: Douglas M. Long [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 4:41 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Using InstallShield in a Startup Script If you are able to get to the share, but the script is not executing the .exe, try copying the file from the shareto the local machine (in your script) and then running setup.exe. Just make sure to use full paths in all instances -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Celone, MikeSent: Wednesday, November 19, 2003 4:12 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Using InstallShield in a Startup Script Has anyone ever called an InstallShield setup from a startup script before? I have a simple batch file that calls an InstallShield setup.exe filefrom a startup script but it never seems to run. The setup.exe file is on a server with a Null Share. I've verified that the script is able to reach the file but the setup does not seem to run. The machine I'm testing it on says "Running startup scripts" when it boots up for about 15 minutes but the setup program is never run. If I login to the machine and run the file it works without any problems. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406
RE: [ActiveDir] OT: Using InstallShield in a Startup Script
Title: Message I realized I goofed on that when I typed it earlier. I responded back right after that with the corrected line. My batch file does use complete paths. I've given up already and am using psexec to do it instead. Thanks for all the help Mike From: Steve Rochford [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 2:17 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Using InstallShield in a Startup Script I'd agree with your 3) below - the reference to z:\ will fail because you've done nothing to map that drive. As douglas said, you need to use full paths - c:\temp\v5r2\setup -s -f1\\server\iseries\v5r2.iss -f2c:\v5r2.log -SMSor c:\temp\v5r2\setup -s -f1c:\temp\v5r2.iss -f2c:\v5r2.log -SMS should work. I think the admin rights is irrelevant here - the startup script is running as local system - but the other thing to look out for is that "domain computers" must have read access to the folder \\server\iseries. Steve -Original Message-From: Stefano Tufillaro [mailto:[EMAIL PROTECTED] Sent: 20 November 2003 13:21To: [EMAIL PROTECTED]Subject: Re: [ActiveDir] OT: Using InstallShield in a Startup Script 1) No silent is not equal unattended. Silent means I'm logged my session, is active with my rights, access etc. AND I see anything. Unattended means that never the system ask to me an aswer by a click or a prompt or like situation. It's a boolean serie unattended but visible unattendedand visible visible and attended 2) What admion rights ? Admin domain rights? workstation rights ? RunAs Admin rights ? The logon process not automatically give the right combination immediately and the task where live the logon scripts when will can become 'administrating' ? 3) look at at yor 4th line. Probably the erroris there c:\temp\v5r2\setup -s -f1z:\iseriesv5r2.iss -f2c:\v5r2.log -SMS -Original Message-From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 11:41 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Using InstallShield in a Startup Script I tried this and it does the same thing. I have a script that lists all processes running on the machine and I can see setup.exe in there but it never does anything. I'm starting to think you can't use an InstallShield installer until you are logged in. I can see it copy the files down and the install starts but that's it. Also InstallShield never creates the log file either. Here's an example of the batch file: md c:\tempmd c:\temp\V5R2copy \\server\iseries\*.* c:\temp\v5r2c:\temp\v5r2\setup -s -f1z:\iseriesv5r2.iss -f2c:\v5r2.log -SMS Mike From: Douglas M. Long [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 4:41 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Using InstallShield in a Startup Script If you are able to get to the share, but the script is not executing the .exe, try copying the file from the shareto the local machine (in your script) and then running setup.exe. Just make sure to use full paths in all instances
[ActiveDir] Using InstallShield in a Startup Script
Has anyone ever called an InstallShield setup from a startup script before? I have a simple batch file that calls an InstallShield setup.exe filefrom a startup script but it never seems to run. The setup.exe file is on a server with a Null Share. I've verified that the script is able to reach the file but the setup does not seem to run. The machine I'm testing it on says "Running startup scripts" when it boots up for about 15 minutes but the setup program is never run. If I login to the machine and run the file it works without any problems. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406
RE: [ActiveDir] Using InstallShield in a Startup Script
I tried this and it does the same thing. I have a script that lists all processes running on the machine and I can see setup.exe in there but it never does anything. I'm starting to think you can't use an InstallShield installer until you are logged in. I can see it copy the files down and the install starts but that's it. Also InstallShield never creates the log file either. Here's an example of the batch file: md c:\tempmd c:\temp\V5R2copy \\server\iseries\*.* c:\temp\v5r2c:\temp\v5r2\setup -s -f1z:\iseriesv5r2.iss -f2c:\v5r2.log -SMS Mike From: Douglas M. Long [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 4:41 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Using InstallShield in a Startup Script If you are able to get to the share, but the script is not executing the .exe, try copying the file from the shareto the local machine (in your script) and then running setup.exe. Just make sure to use full paths in all instances -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Celone, MikeSent: Wednesday, November 19, 2003 4:12 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Using InstallShield in a Startup Script Has anyone ever called an InstallShield setup from a startup script before? I have a simple batch file that calls an InstallShield setup.exe filefrom a startup script but it never seems to run. The setup.exe file is on a server with a Null Share. I've verified that the script is able to reach the file but the setup does not seem to run. The machine I'm testing it on says "Running startup scripts" when it boots up for about 15 minutes but the setup program is never run. If I login to the machine and run the file it works without any problems. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406
RE: [ActiveDir] Using InstallShield in a Startup Script
Oops messed up the batch file. It read like this I mean: md c:\tempmd c:\temp\V5R2copy \\server\iseries\*.* c:\temp\v5r2c:\temp\v5r2\setup -s -f1c:\temp\v5r2\iseriesv5r2.iss -f2c:\v5r2.log -SMS From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 5:41 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Using InstallShield in a Startup Script I tried this and it does the same thing. I have a script that lists all processes running on the machine and I can see setup.exe in there but it never does anything. I'm starting to think you can't use an InstallShield installer until you are logged in. I can see it copy the files down and the install starts but that's it. Also InstallShield never creates the log file either. Here's an example of the batch file: md c:\tempmd c:\temp\V5R2copy \\server\iseries\*.* c:\temp\v5r2c:\temp\v5r2\setup -s -f1z:\iseriesv5r2.iss -f2c:\v5r2.log -SMS Mike From: Douglas M. Long [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 4:41 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Using InstallShield in a Startup Script If you are able to get to the share, but the script is not executing the .exe, try copying the file from the shareto the local machine (in your script) and then running setup.exe. Just make sure to use full paths in all instances -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Celone, MikeSent: Wednesday, November 19, 2003 4:12 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Using InstallShield in a Startup Script Has anyone ever called an InstallShield setup from a startup script before? I have a simple batch file that calls an InstallShield setup.exe filefrom a startup script but it never seems to run. The setup.exe file is on a server with a Null Share. I've verified that the script is able to reach the file but the setup does not seem to run. The machine I'm testing it on says "Running startup scripts" when it boots up for about 15 minutes but the setup program is never run. If I login to the machine and run the file it works without any problems. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406
RE: [ActiveDir] Virus Protection
Title: RE: [ActiveDir] Virus Protection Which version of eTrust? We are using v6 and we haven't seen any issues with memory leaks on our terminal servers. We did however not allow the realmon.exe process to start for each user because it can eat up quite a bit of memory if you have multiple users on the machine. The realmon.exe process is just the icon that shows up in the tasktray. As long as the services are started you will still be protected. Mike -Original Message- From: Damon R. Erickson [mailto:[EMAIL PROTECTED]] Sent: Friday, November 07, 2003 2:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Virus Protection We've had a lot of problems with eTrust memory leaks on dual processor terminal servers. CA has a patch but it doesn't seem to be resolving all of the issues. Damon Erickson Netgain Technology -Original Message- From: Comeau, Steven [mailto:[EMAIL PROTECTED]] Sent: Friday, November 07, 2003 12:49 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Virus Protection I like McAfee and Computer Associates eTrust. Steven Duuude Comeau Systems Administrator Main Tape 1 Capital Drive, Suite 101 Cranbury, NJ 08512 1-800-526-8273 x332 -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED]] Sent: Friday, November 07, 2003 1:36 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Virus Protection Anyone recommend any good virus protection software for windows 2000 server? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Background
Title: RE: [ActiveDir] Background In Internet Explorer right click an image on a webpage and choose Set as Background. Maybe that's how she's doing it? -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 06, 2003 11:07 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Background How is it possible that a regular user can change her background if you disable the Background tab through a GPO to all users? I checked and she doesn't have that tab, the GPO is working correctly. Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Simple DNS Question
We are getting ready to upgrade out NT4 domain to AD and I have a simple DNS question. Right now we use domain.com internally for our network. However when we go to AD we want to use ad.domain.com for our domain name and keep domain.com for just our static DNS entries we have. This way all the dynamic entries are seperated from the static ones. My question is I want to create the domain name before we upgrade our PDC.Our PDC is also our primary DNS server.In the NT4 DNS admindo I create the DNS zone under domain.com (shows up as a subfolder) or do I create a totally new zone called ad.domain.com (shows up as a seperate domain from domain.com in the list)? Or is there any difference in how I set it up? Oram I just being picky about something that doesn't even matter? Thanks Mike
RE: [ActiveDir] OT - IE6 Unattended install
You should be able to use the IE6 Administator Kit for this. We use it to build our own IE6 installation that is customized for our company. http://www.microsoft.com/windows/ieak/downloads/default.asp Mike From: Rick Reynolds [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 3:10 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] OT - IE6 Unattended install Anyone have an msi file and info on how to customize, I have been searching all morning and cant find anything.
RE: [ActiveDir] OT: SUS Question
Title: RE: [ActiveDir] OT: SUS Question When we setup SUS we approved all patches. If the machine already had the patch it just ignored it. It did not reapply patches that were already on the machine. Mike -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 24, 2003 1:11 PM To: ActiveDir (E-mail) Subject: [ActiveDir] OT: SUS Question I am setting up a SUS Server inhouse and I am in the middle of syncing with MS. My question is that the server is downloading all the patches from MS, like ones from 2002 on. Should I not approve those updates and only start from this day on or should I allow those updates to be approved? Most computers have already had these patches in the past, what would the harm be to have them reapplied, or would they even reapply if they already exist? Your help is appreciated. Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS does SPs now
Title: RE: [ActiveDir] SUS does SPs now You must approve the updates before a client can download them. If you don't want SPs being pushed out then just don't approve it. Mike From: Mayet, Yusuf Y [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 10:30 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] SUS does SPs now I don't think I would want SP's just being deployed to my server especially as I would be caught in a predicament when all my servers stop functioning the next day. I don't mind the patches and hotfixes for the moment. -Original Message- From: Parker, Edward [mailto:[EMAIL PROTECTED]] Sent: 18 September 2003 16:14 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] SUS does SPs now I got this after My Sync last night. I did not have to upgrade or anything. I hope this is not old news. Microsoft Software Update Services (SUS) now provides Windows service packs (SPs), in addition to critical and security updates.SUS will deliver Windows XP SP1, Windows 2000 SP4, and all future service packs for Windows 2000, Windows XP, and the Windows Server(tm) 2003 family of products. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ __ For information about the Standard Bank group visit our web site www.standardbank.co.za__Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way.Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference.___
RE: [ActiveDir] SUS does SPs now
Title: RE: [ActiveDir] SUS does SPs now If the SP is installed through SUS it will show up in Add/Remove programs on the server. You can uninstall through that. Mike -Original Message- From: Comeau, Steven [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 18, 2003 2:12 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS does SPs now I like the idea of doing service packs, but only to systems outside of my main servers. Will SUS allow you to do rollbacks in the event of serious issues that service packs bring that cause us to commiserate here? Maybe an UN-SUS feature? Steven Duuude Comeau Systems Administrator Main Tape 1 Capital Drive, Suite 101 Cranbury, NJ 08512 1-800-526-8273 x332 -Original Message- From: England, Christopher M [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 18, 2003 10:27 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS does SPs now News to me as well. Here is a little blurb that now appears on the SUSAdmin welcome page: Microsoft Software Update Services (SUS) now provides Windows service packs (SPs), in addition to critical and security updates.SUS will deliver Windows XP SP1, Windows 2000 SP4, and all future service packs for Windows 2000, Windows XP, and the Windows Server(tm) 2003 family of products. Yay Microsoft! Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University -Original Message- From: Parker, Edward [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 18, 2003 9:14 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] SUS does SPs now I got this after My Sync last night. I did not have to upgrade or anything. I hope this is not old news. Microsoft Software Update Services (SUS) now provides Windows service packs (SPs), in addition to critical and security updates.SUS will deliver Windows XP SP1, Windows 2000 SP4, and all future service packs for Windows 2000, Windows XP, and the Windows Server(tm) 2003 family of products. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS - ot? not sure
Title: RE: [ActiveDir] SUS - ot? not sure Have you run the IIS Lockdown tool on this machine and turned off ASP? Mike -Original Message- From: Jennifer Fountain [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 11, 2003 4:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS - ot? not sure looks like this: Set oRegExp = New RegExp What I did do was reregister asp.dll and it seems to have resolved the issue but I am getting this: The page cannot be displayed There is a problem with the page you are trying to reach and it cannot be displayed. Please try the following: Open the localhost home page, and then look for links to the information you want. Click the Refresh button, or try again later. Click Search to look for information on the Internet. You can also see a list of related sites. HTTP 500 - Internal server error Internet Explorer Jenn -Original Message- From: Costanzo, Ray [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 11, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS - ot? not sure What's on line 37 of corporate.inc? Ray at work -Original Message- From: Jennifer Fountain [mailto:[EMAIL PROTECTED]] I am having an issue with the Software Update Service - I keep getting this error when I start the webpage: Technical Information (for support personnel) Error Type: (0x8002801D) Library not registered. /autoupdate/administration/shared/corporate.inc, line 37 ** The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. Distribution, publication, or retransmission of this message is strictly prohibited. This message may be a bank to client communication and as such is priviliged and confidential. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. The sender of this e-mail specifically opts-out of the Electronic Signatures and Global and National Commerce Act (E-Sign) and any and all similar state and federal acts. Accordingly, but without limitation, any and all documents, contracts, and ageements must contain a handwritten signature of the sender to be legal, valid, and enforceable. ** List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS Feedback...
Title: RE: [ActiveDir] SUS Feedback... We also use SUS with great results. I'm looking forward to using SUS 2.0 with support for other apps, especially Office. Another new feature in SUS 2.0 is deadline installs. So you assign an update and the user has until a certain time to install it. If not done by that time it installs automatically. Mike -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 09, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS Feedback... I think SUS is great for what it does... in my environment I don't need NT4 or Win9x support. I do need non-domain workstation and server support, so I developed a few scripts that set the appropriate registry entries to make that work. I push the scripts and SUS pulls the patches. I'll be happy when it's better integrated with Office, SQL, etc. etc. etc. The feature set of SUS 2.0 should be nice. For environments that need to support the push model, Update Expert (St. Bernard) and HFNetChk Pro (Shavlik) both work well. I have them deployed at several clients. And, of course, SMS for you large environment (and large IT staff) guys/gals. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 09, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] SUS Feedback... Is anyone out there running Software Update Service? I want to gage what the general opinion of the service is. I personally think that there probably needs to be two approaches when it comes to a service like this. One is a pull service based on GPO agent configuration, the other is a push service based on a need to force workstation updates on down-level clients, and those that seem to ride outside the SUS zone. Any comments? Thanks, Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Users Logged In
Title: RE: [ActiveDir] Users Logged In Actually mine was included in the Win2k Resource Kit and it's srvmgr.exe. Mike -Original Message- From: Free, Bob [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 29, 2003 2:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Users Logged In Not to sound like an absolute n00b or anything, Too late :-] start|run|svrmgr -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 29, 2003 10:49 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Users Logged In Not to sound like an absolute n00b or anything, but where is Server Manager? On Tuesday, July 29, 2003, at 01:06 AM, Milind Patil wrote: You can use the Server Manager for the same.. -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 29, 2003 11:59 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Users Logged In How do I know what users are currently logged in? They are all logging into the domain into active directory but I don't know where to see the users that are currently logged and which ones aren't. Secondly would it show if they are idle? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Win2k SP4 + Exchange 5.5 bug
For anyone still running Exchange 5.5 out there I found a bug in Win2k SP4. I was setting up a temporary Exchange 5.5 server on Win2k Server and installed SP4. Exchange installs fine but upon running the Optimizer you get the following error: "The services's list of dependent services could not be enumerated. -[800FF336]. Only workaround right now is to uninstall SP4. Mike
RE: [ActiveDir] Win2k SP4 + Exchange 5.5 bug
I have not installed it yet on any of our Exchange production servers. I assume this would also affect them though too. Mike From: Arendt, Jordan LRN [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 12:47 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Win2k SP4 + Exchange 5.5 bug Did this affect any servers with Ex 5.5 already installed? That is, has anyone experienced problems putting SP4 on a server with Ex 5.5 already installed? Jordan -Original Message-From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: July 22, 2003 9:30 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Win2k SP4 + Exchange 5.5 bug For anyone still running Exchange 5.5 out there I found a bug in Win2k SP4. I was setting up a temporary Exchange 5.5 server on Win2k Server and installed SP4. Exchange installs fine but upon running the Optimizer you get the following error: "The services's list of dependent services could not be enumerated. -[800FF336]. Only workaround right now is to uninstall SP4. Mike
RE: [ActiveDir] Win2k SP4 + Exchange 5.5 bug
Thanks. That worked! Mike From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 12:24 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Win2k SP4 + Exchange 5.5 bug Mike- If you stop all Exchange services before running the Optimizer, including the system attendant,this error disappears and you can continue on through the perfwiz windows. Hunter From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 9:30 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Win2k SP4 + Exchange 5.5 bug For anyone still running Exchange 5.5 out there I found a bug in Win2k SP4. I was setting up a temporary Exchange 5.5 server on Win2k Server and installed SP4. Exchange installs fine but upon running the Optimizer you get the following error: "The services's list of dependent services could not be enumerated. -[800FF336]. Only workaround right now is to uninstall SP4. Mike
RE: [ActiveDir] OT: Printer Moves
You can use Microsoft Print Migrator to move the queues to a new server. http://www.microsoft.com/windows2000/technologies/fileandprint/print/download.asp Then just use rundll32 printui.dll,PrintUIEntry in your login scripts to move them to a new print server. You can do rundll32 printui.dll,PrintUIEntry /? for all the switches. Used this technique recently to migrate everyone over to anew print server. Mike From: Daniel Chaveco [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 11:17 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] OT: Printer Moves Is there a way to move printers/queues in one Windows 2000 print server to another new Windows 2000 print server without having to recreate them and go to each client PC to set upthe new printer session as well. Thanks -Dan Do you Yahoo!?SBC Yahoo! DSL - Now only $29.95 per month!
RE: [ActiveDir] WinPE and RIS
Title: Message We have a copy of it from our Select agreement. It has the default WinXP background but only the command prompt can be used. Maybe the background is what he is referring to as the GUI? Mike From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 11:18 AMTo: [EMAIL PROTECTED] The one that I have from my MCS folks is CLI only - no GUI. FWIW. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Thursday, June 05, 2003 9:14 AMTo: [EMAIL PROTECTED] I have the Select version and it runs the standrad xp graphical background with its only interface being a command prompt window. Not much of a gui --Sent from my BlackBerry Wireless Handheld - Original Message - From: ActiveDir-owner Sent: 06/05/2003 03:01 AM To: "'[EMAIL PROTECTED]'" [EMAIL PROTECTED] Subject: RE: [ActiveDir] WinPE and RIS I think there is difference between the OEM version and the version you get from SELECT agreement. Marc From: Joe L. Casale [mailto:[EMAIL PROTECTED] Sent: donderdag 5 juni 2003 5:44To: [EMAIL PROTECTED] Hey Roger, what ya mean no GUI? I have it from my OEM pack, and use it many a time, it has a GUI. It's a "light" version of windows, that's all... jlc From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2003 7:25 AMTo: '[EMAIL PROTECTED]' WinPE is a full 32-Bit command line based OS - meaning that in a nutshell, its XP without a GUI. The upshot is that you no longer need DOS drivers for anything - NIC, CDROM, etc. You can use the same drivers that the final OS will use, which is a HUGE deal because of the increasing lack of support for DOS drivers from NIC vendors. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: De Schepper Marc [mailto:[EMAIL PROTECTED] Sent: Saturday, May 31, 2003 5:59 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] WinPE and RIS Hey all, This may not be a question for this group, but I don't know where I can ask this question. My question is: Why using a RIS for installing WinPE? Either I don't see why WinPE is used for, or I'm missing something here... * Dit e-mail bericht inclusief eventuele ingesloten bestanden kan informatie bevatten die vertrouwelijk is en/of beschermd door intellectuele eigendomsrechten. Dit bericht is uitsluitend bestemd voor de geadresseerde(n). Elk gebruik van de informatie vervat in dit bericht (waaronder de volledige of gedeeltelijke reproductie of verspreiding onder elke vorm) door andere personen dan de geadresseerde(n) is verboden. Indien u dit bericht per vergissing heeft ontvangen, gelieve de afzender hiervan te verwittigen en dit bericht te verwijderen. This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the addressees. Any use of the information contained herein (including but not limited to total or partial reproduction or distribution in any form) by other persons than the addressees is prohibited. If you have received this e-mail in error, please notify the sender and delete its contents. * * Dit e-mail bericht inclusief eventuele ingesloten bestanden kan informatie bevatten die vertrouwelijk is en/of beschermd door intellectuele eigendomsrechten. Dit bericht is uitsluitend bestemd voor de geadresseerde(n). Elk gebruik van de informatie vervat in dit bericht (waaronder de volledige of gedeeltelijke reproductie of verspreiding onder elke vorm) door andere personen dan de geadresseerde(n) is verboden. Indien u dit bericht per vergissing heeft ontvangen, gelieve de afzender hiervan te verwittigen en dit bericht te verwijderen. This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the addressees. Any use of the information contained herein (including but not limited to total or partial reproduction or distribution in any form) by other persons than the addressees is prohibited. If you have received this e-mail in error, please notify the sender and delete its contents. *
RE: [ActiveDir] AD users question
Title: RE: [ActiveDir] AD users question They are used by IIS for anonymous access. Do you have IIS installed on one of your DCs? Mike -Original Message- From: John Balos [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 13, 2003 2:18 PM To: [EMAIL PROTECTED] In AD there is an IUSR_... and IWAM_... user profile. Do these serve as anonymous login accounts? Do they need to be left open or can they be disabled? How are they used and how do they interact with the network? My concern is that I just don't want to have user accounts out there wide open if they're not being used. Can someone please shed some light on this? Thanks, John List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exclamation on DHCP
Title: Message Actually it means that the scope is getting low on addresses. It has a different symbol (I think it's red colored) if you run out of addresses. We have this problem periodically. Mike From: Tim Hines [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 9:24 AMTo: [EMAIL PROTECTED] I believe that it means that you have filled the scope and there are not any other addresses to give. Tim Hines, MCSA, MCSE (2000 NT4)MVP - Active Directory "If you catch a man a fish, he eats for a day. If you teach a man to fish he eats for a lifetime" - Original Message - From: Carlos Magalhaes To: '[EMAIL PROTECTED]' Sent: Friday, January 24, 2003 9:03 AM Subject: [ActiveDir] Exclamation on DHCP Hey all, Just seen something new a blue exclamation mark just appeared on my dhcp servers MMC (Win2k) whats that all about? Regards, Carlos Magalhaes