Re: [ActiveDir] Overlapping AD Subnet Boundaries
Overlapping AD Subnet Boundarieshello, just to stop the troll... Do you understand my others post about your network ? Is you DC set up on its network interface with a 255.255.0.0 netmask ? Your setup will work fine from an AD point of view (dssite.msc) , but not an IP routing point of view if you are really using a 255.255.0.0 Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Cline To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology G&P Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
Re: [ActiveDir] Overlapping AD Subnet Boundaries
Overlapping AD Subnet BoundariesI know there is not a direct relation, but i don't know if the original poster understand that this can't work if it's the real implementation. I think that someone knowing this wouldn't have post the question. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: joe To: ActiveDir@mail.activedir.org Sent: Saturday, January 27, 2007 9:03 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries You are mistaking machine subnetting and subnetting defined in AD. They are not connected. The definitions in AD do not have to reflect what is really happening at the routing layer. They are generally close but there isn't any technical reason why they have to be. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Friday, January 26, 2007 4:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries is it really 10.10.0.0/16 or a mistake (/24) ? Because your first site won't be able to joint the other one as it will think it's local and won't sent packet to the gateway (if it's really a /16). If it's a real /24, then it will works as expected (10.10.41.104 will be attached to the secondary site). If it's a /16 and you need router between both site, your configuration can't work from a network point of view. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Cline To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology G&P Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
Re: [ActiveDir] Overlapping AD Subnet Boundaries
i don't agree. the /24 is included in the /16. You won't have layer 3 routing between the two site, at least from the primary to the secondary. Even if it will work from a routing point of view from the secondary to the primary. what's the point ? Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: "Brian Desmond" <[EMAIL PROTECTED]> To: Sent: Saturday, January 27, 2007 6:58 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries OK well you don't need a layer 2 link to do what the OP wants... Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 12:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries hi, i am coming from network job, so i am used to sub/super netting somehow :) thanks anyway ! Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: "Brian Desmond" <[EMAIL PROTECTED]> To: Sent: Saturday, January 27, 2007 6:47 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries While your math is right you should look up supernetting and subnetting somewhere. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 > -Original Message- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU > Sent: Saturday, January 27, 2007 4:17 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries > > In my opinion, there is a pure TCP/IP network issue... > > A sample example: > The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated). > if you try to ping 10.10.41.104, it will try to communicate on the LAN, > seeking its arp. > It won't send packet to the gateway since 10.10.41.0 must be on the > LAN. > > The only way to get it work is to use a Layer 2 link between both site. > > > Regards, > Mathieu CHATEAU > http://lordoftheping.blogspot.com > > > - Original Message - > From: "Almeida Pinto, Jorge de" <[EMAIL PROTECTED]> > To: > Sent: Friday, January 26, 2007 11:37 PM > Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries > > > it will go for the second site 10.10.41.0/24 (= best matching) > > Met vriendelijke groeten / Kind regards, > Ing. Jorge de Almeida Pinto > Senior Infrastructure Consultant > MVP Windows Server - Directory Services > > LogicaCMG Nederland B.V. (BU RTINC Eindhoven) > ( Tel : +31-(0)40-29.57.777 > ( Mobile : +31-(0)6-26.26.62.80 > * E-mail : > > > > From: [EMAIL PROTECTED] on behalf of Brian Cline > Sent: Fri 2007-01-26 22:19 > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Overlapping AD Subnet Boundaries > > > > Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary > site, > and another subnet as 10.10.41.0/24 and assign it to a secondary site. > Will > AD treat a client address of, say, 10.10.41.104 as a client on the > secondary > site, or will it default to the more general primary subnet? The reason > I > ask is we now have a need for a second AD site (I can see all the > enterprise > folks grinning now) and we have quite a number of other subnets that > I'd > have to manually enter if this is not the case. I don't mind doing it, > but I > was curious either way. > > Brian Cline, Applications Developer > Department of Information Technology > G&P Trucking Company, Inc. > 803.936.8595 Direct Line > 800.922.1147 Toll-Free (x8595) > 803.739.1176 Fax > > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, > disclosed to, retained or used by, any other party. If you are not an > intended recipient then please promptly delete this e-mail and any > attachment and all copies and inform the sender. Thank you. > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
Re: [ActiveDir] Overlapping AD Subnet Boundaries
hi, i am coming from network job, so i am used to sub/super netting somehow :) thanks anyway ! Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: "Brian Desmond" <[EMAIL PROTECTED]> To: Sent: Saturday, January 27, 2007 6:47 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries While your math is right you should look up supernetting and subnetting somewhere. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: Saturday, January 27, 2007 4:17 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries In my opinion, there is a pure TCP/IP network issue... A sample example: The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated). if you try to ping 10.10.41.104, it will try to communicate on the LAN, seeking its arp. It won't send packet to the gateway since 10.10.41.0 must be on the LAN. The only way to get it work is to use a Layer 2 link between both site. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: "Almeida Pinto, Jorge de" <[EMAIL PROTECTED]> To: Sent: Friday, January 26, 2007 11:37 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries it will go for the second site 10.10.41.0/24 (= best matching) Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : From: [EMAIL PROTECTED] on behalf of Brian Cline Sent: Fri 2007-01-26 22:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology G&P Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
Re: [ActiveDir] Overlapping AD Subnet Boundaries
In my opinion, there is a pure TCP/IP network issue... A sample example: The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated). if you try to ping 10.10.41.104, it will try to communicate on the LAN, seeking its arp. It won't send packet to the gateway since 10.10.41.0 must be on the LAN. The only way to get it work is to use a Layer 2 link between both site. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: "Almeida Pinto, Jorge de" <[EMAIL PROTECTED]> To: Sent: Friday, January 26, 2007 11:37 PM Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries it will go for the second site 10.10.41.0/24 (= best matching) Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : From: [EMAIL PROTECTED] on behalf of Brian Cline Sent: Fri 2007-01-26 22:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology G&P Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
Re: [ActiveDir] Overlapping AD Subnet Boundaries
Overlapping AD Subnet Boundariesis it really 10.10.0.0/16 or a mistake (/24) ? Because your first site won't be able to joint the other one as it will think it's local and won't sent packet to the gateway (if it's really a /16). If it's a real /24, then it will works as expected (10.10.41.104 will be attached to the secondary site). If it's a /16 and you need router between both site, your configuration can't work from a network point of view. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com - Original Message - From: Brian Cline To: ActiveDir@mail.activedir.org Sent: Friday, January 26, 2007 10:19 PM Subject: [ActiveDir] Overlapping AD Subnet Boundaries Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will AD treat a client address of, say, 10.10.41.104 as a client on the secondary site, or will it default to the more general primary subnet? The reason I ask is we now have a need for a second AD site (I can see all the enterprise folks grinning now) and we have quite a number of other subnets that I'd have to manually enter if this is not the case. I don't mind doing it, but I was curious either way. Brian Cline, Applications Developer Department of Information Technology G&P Trucking Company, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax
Re[2]: [ActiveDir] Auto Logon
Hello Za, try using autlogon.exe from sysinternals: http://download.sysinternals.com/Files/Autologon.zip Works great in our case. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Thursday, August 31, 2006, 12:27:13 PM, you wrote: > Tried this and it did not work. I do not have time to worry about it for now. -Z.V [EMAIL PROTECTED] wrote: I had this problem about a year ago. I got it working in the end by changing the logon name from "user" to "[EMAIL PROTECTED]" and it worked fine, give that a go and let us know what happens C. Za Vue <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 29/08/2006 13:16 Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject [ActiveDir] Auto Logon Domain: Windows 2003 Clients: Xp w/sp2 Problem: The autologon registry hack on 3 of my lab machines will not stay permanent. All machines restart each morning at 2:00 AM and they automatically log in to the domain. In the morning if I re-apply the auto logon registry hack the machines work fine the rest of the day, no matter how many reboots.Comments? Suggestions? Thanks, Z.V. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re[6]: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool
Hello Victor,
yes, the on resume allow display no error message if the folder exist
already, it will exit in error, saying nothing...
It's dirty, i know, but it does the job we pay for !!
Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
Wednesday, August 30, 2006, 10:44:57 PM, you wrote:
VW> Nice,
VW> The script will be added to the logon script, that works, I tried that
VW> today.
VW> I saw you added the "On Error Resume Next", if the folder already exists
VW> will it then simply do nothing?
VW> Cheers,
VW> Victor
VW> -Original Message-
VW> From: [EMAIL PROTECTED]
VW> [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
VW> Sent: woensdag 30 augustus 2006 22:15
VW> To: Victor W.
VW> Cc: ActiveDir@mail.activedir.org
VW> Subject: Re[4]: [ActiveDir] Add folder with quota to existing mailboxes -
VW> via scripting or tool
VW> Hello Victor,
VW> sorry.
VW> Here is the working for the Root folder:
VW> On Error Resume Next
VW> set olApp = CreateObject("Outlook.Application")
VW> set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6).Parent
VW> set temp5 = inbox.folders.add("Added by vbscript",6)
VW> Regards,
VW> Mathieu CHATEAU
VW> http://lordoftheping.blogspot.com
VW> Wednesday, August 30, 2006, 8:01:50 PM, you wrote:
VW>> Thanks for this Mathieu, the script which creates the folder under
VW>> the inbox works good.
VW>> To create it in the root must be a little more complex because this
VW>> doesnt work yet.
VW>> When I fire up the script it prompts me with the following error:
VW>> Error: Object doesnt support this property or method:
VW>> 'olApp.GetNamespace(...).Folder'
VW>> Code: 800A01B6
VW>> Can you point me in the right direction to solve this?
VW>> Cheers,
VW>> Victor
VW>> -Original Message-
VW>> From: [EMAIL PROTECTED]
VW>> [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu
VW>> CHATEAU
VW>> Sent: maandag 28 augustus 2006 11:26
VW>> To: [EMAIL PROTECTED]
VW>> Cc: ActiveDir@mail.activedir.org
VW>> Subject: Re[2]: [ActiveDir] Add folder with quota to existing
VW>> mailboxes - via scripting or tool
VW>> this script goes through outlook.
VW>> Each user need to fire this script (or fire it via logon script).
VW>> for the Root Folder, change:
VW>> set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6)
VW>> to
VW>> set inbox = olApp.GetNamespace("MAPI").Folder("Personal Folder")
VW>> (should do the trick but i didn't test it yet)
VW>> Regards,
VW>> Mathieu CHATEAU
VW>> http://lordoftheping.blogspot.com
VW>> Monday, August 28, 2006, 11:00:14 AM, you wrote:
vwpn>>> Thanks Brian and Mathieu,
vwpn>>> I will tell a little bit more about the background of this. The
vwpn>>> customer has asked for a folder called "private" to be created in
vwpn>>> the root of every users mailbox and if possible set a quota to
vwpn>>> this
VW>> folder.
vwpn>>> After this has been done, the customer wants to instruct his
vwpn>>> users to use only this folder only as their personal/private
vwpn>>> email folder and move everything that the users sees as being
vwpn>>> private, to the private folder. From that moment on, all other
vwpn>>> folders in the users mailboxes are no longer considered as
VW> private/personal.
vwpn>>> I do have some additional questions:
vwpn>>> - how would the script look if the requirement would be to create
vwpn>>> the folder in the root.
vwpn>>> - The way the script is set up now, do I have to set up which
vwpn>>> users this script will apply to, I mean will it now apply to all
vwpn>>> users in the entire domain which are mailbox enabled?
vwpn>>> - Is there any way that I can specify which users this script has
vwpn>>> to be applied to, I mean can I run it against all mailbox enabled
vwpn>>> users in a specific OU?
vwpn>>> -
vwpn>>> -
vwpn>>> --
vwpn>>> ---
vwpn>>> Re[2]: [ActiveDir] Add folder with quota to existing mailboxes -
vwpn>>> via scripting or tool
vwpn>>> From: Mathieu CHATEAU <[EMAIL PROTECTED]>
vwpn>>> Date: Mon, 28 Aug 2006 00:24:47 +0200
vwpn>>> -
vwpn>>> -
vwpn>>> --
vwpn>>>
vwpn>>> Hello Victor,
vwpn>>> If the folder already exist, it will simply do nothing, except
Re[4]: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool
Hello Victor,
sorry.
Here is the working for the Root folder:
On Error Resume Next
set olApp = CreateObject("Outlook.Application")
set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6).Parent
set temp5 = inbox.folders.add("Added by vbscript",6)
Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
Wednesday, August 30, 2006, 8:01:50 PM, you wrote:
VW> Thanks for this Mathieu, the script which creates the folder under the inbox
VW> works good.
VW> To create it in the root must be a little more complex because this doesnt
VW> work yet.
VW> When I fire up the script it prompts me with the following error:
VW> Error: Object doesnt support this property or method:
VW> 'olApp.GetNamespace(...).Folder'
VW> Code: 800A01B6
VW> Can you point me in the right direction to solve this?
VW> Cheers,
VW> Victor
VW> -Original Message-
VW> From: [EMAIL PROTECTED]
VW> [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
VW> Sent: maandag 28 augustus 2006 11:26
VW> To: [EMAIL PROTECTED]
VW> Cc: ActiveDir@mail.activedir.org
VW> Subject: Re[2]: [ActiveDir] Add folder with quota to existing mailboxes -
VW> via scripting or tool
VW> this script goes through outlook.
VW> Each user need to fire this script (or fire it via logon script).
VW> for the Root Folder, change:
VW> set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6)
VW> to
VW> set inbox = olApp.GetNamespace("MAPI").Folder("Personal Folder") (should do
VW> the trick but i didn't test it yet)
VW> Regards,
VW> Mathieu CHATEAU
VW> http://lordoftheping.blogspot.com
VW> Monday, August 28, 2006, 11:00:14 AM, you wrote:
vwpn>> Thanks Brian and Mathieu,
vwpn>> I will tell a little bit more about the background of this. The
vwpn>> customer has asked for a folder called "private" to be created in
vwpn>> the root of every users mailbox and if possible set a quota to this
VW> folder.
vwpn>> After this has been done, the customer wants to instruct his users
vwpn>> to use only this folder only as their personal/private email
vwpn>> folder and move everything that the users sees as being private,
vwpn>> to the private folder. From that moment on, all other folders in
vwpn>> the users mailboxes are no longer considered as private/personal.
vwpn>> I do have some additional questions:
vwpn>> - how would the script look if the requirement would be to create
vwpn>> the folder in the root.
vwpn>> - The way the script is set up now, do I have to set up which
vwpn>> users this script will apply to, I mean will it now apply to all
vwpn>> users in the entire domain which are mailbox enabled?
vwpn>> - Is there any way that I can specify which users this script has
vwpn>> to be applied to, I mean can I run it against all mailbox enabled
vwpn>> users in a specific OU?
vwpn>> --
vwpn>> --
vwpn>> ---
vwpn>> Re[2]: [ActiveDir] Add folder with quota to existing mailboxes -
vwpn>> via scripting or tool
vwpn>> From: Mathieu CHATEAU <[EMAIL PROTECTED]>
vwpn>> Date: Mon, 28 Aug 2006 00:24:47 +0200
vwpn>> --
vwpn>> --
vwpn>>
vwpn>> Hello Victor,
vwpn>> If the folder already exist, it will simply do nothing, except
vwpn>> going into errors..
vwpn>> need to add a on error resume next or test if the folder exist before.
vwpn>> will create in the inbox, as a subfolder
vwpn>> I don't see your goal with this folder...except if you turn
vwpn>> special rights on it.
vwpn>> may ask them to put it [private] in the subject instead (it will
vwpn>> work for the sent folders)
vwpn>> Regards,
vwpn>> Mathieu CHATEAU
vwpn>> http://lordoftheping.blogspot.com
vwpn>> Sunday, August 27, 2006, 10:26:59 PM, you wrote:
vwpn>> Thanks Mathieu, nice.
vwpn>> Does this create a folder in the root of the mailbox?
vwpn>>
vwpn>> Access all mailboxes you say, that sounds logical. I know that
vwpn>> domain admins indeed dont actually have the full mailbox access
vwpn>> (they have some denies).
vwpn>> What if a user already has the folder, does this script take this
vwpn>> into account?
vwpn>> Again thanks.
vwpn>> Victor
vwpn>> From: Mathieu CHATEAU [mailto:[EMAIL PROTECTED]
vwpn>> Sent: zondag 27 augustus 2006 22:04
vwpn>> To: Victor W.
vwpn>> Cc: [EMAIL PROTECTED]
vwpn>> Subject: Re: [ActiveDir] Add folder with quota to existing
vwpn>> mail
Re[2]: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool
this script goes through outlook.
Each user need to fire this script (or fire it via logon script).
for the Root Folder, change:
set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6)
to
set inbox = olApp.GetNamespace("MAPI").Folder("Personal Folder")
(should do the trick but i didn't test it yet)
Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
Monday, August 28, 2006, 11:00:14 AM, you wrote:
vwpn> Thanks Brian and Mathieu,
vwpn> I will tell a little bit more about the background of this. The
vwpn> customer has asked for a folder called "private" to be created in the
vwpn> root of every users mailbox and if possible set a quota to this folder.
vwpn> After this has been done, the customer wants to instruct his users to
vwpn> use only this folder only as their personal/private email folder and
vwpn> move everything that the users sees as being private, to the private
vwpn> folder. From that moment on, all other folders in the users mailboxes
vwpn> are no longer considered as private/personal.
vwpn> I do have some additional questions:
vwpn> - how would the script look if the requirement would be to create the
vwpn> folder in the root.
vwpn> - The way the script is set up now, do I have to set up which users
vwpn> this script will apply to, I mean will it now apply to all users in the
vwpn> entire domain which are mailbox enabled?
vwpn> - Is there any way that I can specify which users this script has to be
vwpn> applied to, I mean can I run it against all mailbox enabled users in a
vwpn> specific OU?
vwpn>
vwpn> ---
vwpn> Re[2]: [ActiveDir] Add folder with quota to existing mailboxes - via
vwpn> scripting or tool
vwpn> From: Mathieu CHATEAU <[EMAIL PROTECTED]>
vwpn> Date: Mon, 28 Aug 2006 00:24:47 +0200
vwpn>
vwpn>
vwpn> Hello Victor,
vwpn> If the folder already exist, it will simply do nothing, except going
vwpn> into errors..
vwpn> need to add a on error resume next or test if the folder exist before.
vwpn> will create in the inbox, as a subfolder
vwpn> I don't see your goal with this folder...except if you turn special
vwpn> rights on it.
vwpn> may ask them to put it [private] in the subject instead (it will work
vwpn> for the sent folders)
vwpn> Regards,
vwpn> Mathieu CHATEAU
vwpn> http://lordoftheping.blogspot.com
vwpn> Sunday, August 27, 2006, 10:26:59 PM, you wrote:
vwpn> Thanks Mathieu, nice.
vwpn> Does this create a folder in the root of the mailbox?
vwpn>
vwpn> Access all mailboxes you say, that sounds logical. I know that
vwpn> domain admins indeed dont actually have the full mailbox access (they
vwpn> have some denies).
vwpn> What if a user already has the folder, does this script take this into
vwpn> account?
vwpn> Again thanks.
vwpn> Victor
vwpn> From: Mathieu CHATEAU [mailto:[EMAIL PROTECTED]
vwpn> Sent: zondag 27 augustus 2006 22:04
vwpn> To: Victor W.
vwpn> Cc: [EMAIL PROTECTED]
vwpn> Subject: Re: [ActiveDir] Add folder with quota to existing
vwpn> mailboxes - via scripting or tool
vwpn> Hello Victor,
vwpn> you will at least need an account that can access all mailboxes (not a
vwpn> domain admins one)
vwpn> (or give a script to everyone that they will execute)
vwpn> To my knowledge, quota is mailbox based. You may set up a special
vwpn> retention on this folder.
vwpn> sample _vbscript_ to create the private folder
vwpn> set olApp = CreateObject("Outlook.Application")
vwpn> set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6)
vwpn> set temp5 = inbox.folders.add("Private",6)
vwpn> hope it helps,
vwpn> Regards,
vwpn>
vwpn> Mathieu CHATEAU
vwpn> http://lordoftheping.blogspot.com
vwpn> Sunday, August 27, 2006, 8:57:03 PM, you wrote:
vwpn> Does anybody know what is the 'best' way to add
vwpn> automatically a folder to existing mailboxes and set a quota on that
vwpn> same folder?
vwpn> We would like all our users to get a folder called
vwpn> "private" added to the root of their mailbox and if possible, a quota
vwpn> to be set to that folder.
vwpn> Can this be done by scripting easily or is there perhaps
vwpn> even a tool which is capable of doing this?
vwpn> This also counts for new, still to be created users. I mean, every user
vwpn> that will be created will have to have that certain folder added to his
vwpn> or her mailbox.
vwpn> Offcourse this could be done by running the script a
vwpn> couple of times a day, checking if
Re[2]: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool
Hello joe, Adding the vbscript to the logon script would do the trick. For the rest, it also depends where you live. In France, you can't just open the employees mailboxes. Our laws protect individual's privacy. Companies sometimes prefers uses using the company mailboxes for personal use than having users opening mails on webmail, which may contain virus & co (going through smtp gateway allow more protection against virus, instead of just having the workstation antivirus as the only shield). Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Monday, August 28, 2006, 3:45:31 PM, you wrote: j> This sounds kooky. What does the customer intend to do with the rest of the j> mailbox or how do they intend to specially treat the private folder? What j> about the calendar and tasks? Private or not? j> Currently there really isn't a good technical solution to this. About the j> best is that you tack onto the end of the script you use to mailbox enable j> users and it logs into the mailbox so it gets instantiated and then creates j> the folder; you can't specify Exchange to create a folder once the mailbox j> is instantiated later. As Brian indicated, you also can't set a quota on the j> folder. j> Now with the above you still have the issue of people not using your script j> to mailbox enable users (or say doing a mailbox reconnect) so at some point j> you would have to be scanning mailboxes looking for that folder and adding j> it if missing. Depending on the number of mailboxes this could be something j> that has to be constantly running because it can take a long time to log in j> and check all of those mailboxes. Personally I hate writing scripts that j> loop through all mailboxes like that as they always seem to get screwed up j> after a bit. The whole programmatic aspect of Exchange mailboxes and logging j> into them, etc is flakey and slow, IMO. j> Probably the better solution is just to tell people, hi, if you get private j> or personal email, create a folder called private and put it in there. The j> rest of your mailbox is not considered private and we will be xxx. Where j> the xx is whatever it is the customer intends to do with the rest of the j> mailbox or how they expect to treat the private folder differently from the j> rest of the mailbox. j> Personally again, I say it is all kooky. IMO, when you really get down to j> it, none of a business mailbox is private/personal. The company can go into j> any part of any mailbox any time they want. They have legal obligations to j> do so in some cases and in other cases it could become necessary for j> troubleshooting. If the customer thinks administrators will just avoid those j> folders when working on mailboxes they are almost certainly wrong, if j> anything, if you have an admin who does that kind of perusing, that would be j> the first place they would go hunting in. j> -- j> O'Reilly Active Directory Third Edition - j> http://www.joeware.net/win/ad3e.htm j> j> -Original Message- j> From: [EMAIL PROTECTED] j> [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] j> Sent: Monday, August 28, 2006 5:00 AM j> To: ActiveDir@mail.activedir.org j> Subject: RE: [ActiveDir] Add folder with quota to existing mailboxes - via j> scripting or tool j> Thanks Brian and Mathieu, j> I will tell a little bit more about the background of this. The j> customer has asked for a folder called "private" to be created in the j> root of every users mailbox and if possible set a quota to this folder. j> After this has been done, the customer wants to instruct his users to j> use only this folder only as their personal/private email folder and j> move everything that the users sees as being private, to the private j> folder. From that moment on, all other folders in the users mailboxes j> are no longer considered as private/personal. j> I do have some additional questions: j> - how would the script look if the requirement would be to create the j> folder in the root. j> - The way the script is set up now, do I have to set up which users j> this script will apply to, I mean will it now apply to all users in the j> entire domain which are mailbox enabled? j> - Is there any way that I can specify which users this script has to be j> applied to, I mean can I run it against all mailbox enabled users in a j> specific OU? j> j> --- j> Re[2]: [ActiveDir] Add folder with quota to existing mailboxes - via j> scripting or tool j> From: Mathieu CHATEAU <[EMAIL PROTECTED]> j> Date: Mon, 28 Aug 2006 00:24:47 +0200 j>
Re: [ActiveDir] Auto Logon
Hello Za, try using autlogon.exe from sysinternals. Works in our case. Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Tuesday, August 29, 2006, 2:16:44 PM, you wrote: ZV> Domain: Windows 2003 ZV> Clients: Xp w/sp2 ZV> Problem: The autologon registry hack on 3 of my lab machines will not ZV> stay permanent. All machines restart each morning at 2:00 AM and they ZV> automatically log in to the domain. In the morning if I re-apply the ZV> auto logon registry hack the machines work fine the rest of the day, no ZV> matter how many reboots.Comments? Suggestions? ZV> Thanks, ZV> Z.V. ZV> List info : http://www.activedir.org/List.aspx ZV> List FAQ: http://www.activedir.org/ListFAQ.aspx ZV> List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re[2]: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool
Hello Victor,
If the folder already exist, it will simply do nothing, except going into errors..
need to add a on error resume next or test if the folder exist before.
will create in the inbox, as a subfolder
I don't see your goal with this folder...except if you turn special rights on it.
may ask them to put it [private] in the subject instead (it will work for the sent folders)
Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
Sunday, August 27, 2006, 10:26:59 PM, you wrote:
VW>
VW>
VW> Thanks Mathieu, nice.
VW>
VW>
VW>
VW> Does this create a folder in the root of the mailbox?
VW>
VW> Access all mailboxes you say, that sounds logical. I know that
VW> domain admins indeed dont actually have the full mailbox access (they have some denies).
VW>
VW>
VW>
VW> What if a user already has the folder, does this script take this into account?
VW>
VW>
VW>
VW> Again thanks.
VW>
VW>
VW>
VW>
VW>
VW> Victor
VW>
VW>
VW> From: Mathieu CHATEAU [mailto:[EMAIL PROTECTED]
VW> Sent: zondag 27 augustus 2006 22:04
VW> To: Victor W.
VW> Cc: ActiveDir@mail.activedir.org
VW> Subject: Re: [ActiveDir] Add folder with quota to existing
VW> mailboxes - via scripting or tool
VW>
VW>
VW> Hello Victor,
VW>
VW>
VW>
VW> you will at least need an account that can access all mailboxes (not a domain admins one)
VW>
VW> (or give a script to everyone that they will execute)
VW>
VW>
VW> To my knowledge, quota is mailbox based. You may set up a special retention on this folder.
VW>
VW>
VW> sample _vbscript_ to create the private folder
VW>
VW> set olApp = CreateObject("Outlook.Application")
VW>
VW> set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6)
VW>
VW> set temp5 = inbox.folders.add("Private",6)
VW>
VW>
VW> hope it helps,
VW>
VW>
VW> Regards,
VW>
VW> Mathieu CHATEAU
VW>
VW> http://lordoftheping.blogspot.com
VW>
VW>
VW> Sunday, August 27, 2006, 8:57:03 PM, you wrote:
VW>
VW>
VW>
VW>
VW> Does anybody know what is the 'best' way to add
VW> automatically a folder to existing mailboxes and set a quota on that same folder?
VW>
VW> We would like all our users to get a folder called
VW> "private" added to the root of their mailbox and if possible, a
VW> quota to be set to that folder.
VW>
VW>
VW>
VW> Can this be done by scripting easily or is there perhaps
VW> even a tool which is capable of doing this?
VW>
VW>
VW>
VW> This also counts for new, still to be created users. I
VW> mean, every user that will be created will have to have that
VW> certain folder added to his or her mailbox.
VW>
VW> Offcourse this could be done by running the script a
VW> couple of times a day, checking if the folder exists allready and
VW> if not, adding it. Or perhaps it can even by realised the
VW> moment a user has been created.
VW>
VW>
VW>
VW> Any ideas are greatly appreciated.
VW>
VW>
VW>
VW>
VW>
VW>
VW>
VW>
VW>
VW>
VW>
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool
Hello Victor,
you will at least need an account that can access all mailboxes (not a domain admins one)
(or give a script to everyone that they will execute)
To my knowledge, quota is mailbox based. You may set up a special retention on this folder.
sample _vbscript_ to create the private folder
set olApp = CreateObject("Outlook.Application")
set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6)
set temp5 = inbox.folders.add("Private",6)
hope it helps,
Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
Sunday, August 27, 2006, 8:57:03 PM, you wrote:
>
Does anybody know what is the 'best' way to add automatically a folder to existing mailboxes and set a quota on that same folder?
We would like all our users to get a folder called "private" added to the root of their mailbox and if possible, a quota to be set to that folder.
Can this be done by scripting easily or is there perhaps even a tool which is capable of doing this?
This also counts for new, still to be created users. I mean, every user that will be created will have to have that certain folder added to his or her mailbox.
Offcourse this could be done by running the script a couple of times a day, checking if the folder exists allready and if not, adding it. Or perhaps it can even by realised the moment a user has been created.
Any ideas are greatly appreciated.
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] [OT] CHKDSK & NTFS.SYS bugs = Security descriptor issue / resolved
Hello ActiveDir, I know this is out of topic, but it I think this is a non common issue to know about. I just came across a bug on ntfs.sys. It made chkdsk reporting many errors on security descriptors like this: Replacing invalid security id with default security id for file 1396371. Replacing invalid security id with default security id for file 1396372. Replacing invalid security id with default security id for file 1429033. Fixing mirror copy of the security descriptors data stream. Security descriptor verification completed. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these. At the beginning I just thought about data corruption. I just opened a call to pss to get the good way to handle it (it's on a MSCS cluster). In fact, this is a ntfs.sys bug, that should raise with 4 Millions of File or an MFT of 4GB. We have 1,6 Millions of files. original: http://support.microsoft.com/default.aspx?scid=kb;EN-US;913034 The Chkdsk.exe utility incorrectly identifies and resets security descriptors in Windows Server 2003 New one: http://support.microsoft.com/default.aspx?scid=kb;en-us;915691 FIX: The system stops responding during high disk activity on a computer that is running Windows Server 2003 the last version of ntfs.sys is 5.2.3790.2655 MS gave us an internal tool get trough this SD issue. You can read the full story on my blog: http://lordoftheping.blogspot.com Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] OU tareq
Hello tareq, use the restricted group make mydomain\Domain users members of the "Administrators" group. Take care of the way you do it, else it will empty the local group before appending domain users. The GPO is computer based Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Thursday, August 24, 2006, 4:13:59 PM, you wrote: > dears, How i can build a group policy that permit normal account in the active directory to login as Local Admin for any computer in one OU. tareq All-new Yahoo! Mail - Fire up a more powerful email and get things done faster. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Best Practice for replacing a DC
Hello Bob, -Buy the new server -Install W2K3 SP1 + Full update -dcpromo to the domain -Transfer all 5 FSMO roles to this new server -Make this new server Global catalog -Checkup DNS, DHCP if applicable -Wait for replication Then you should poweroff the old one to be sure everything is ok. If ok, -power on the old one -dcpromo the old one (and NO, It's not the last of the domain) -power off You should always have at least 2 DC and 2 global catalog. When all DC are W2K3, you can raise the forest and domain to native W2K3 my 2 cents Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Wednesday, August 23, 2006, 8:15:33 PM, you wrote: BA> Good Afternoon, BA> This is a rather newbie question. We have an aging HP server BA> that is our present DC it is running W2K. We would like to replace it BA> with a new box running Windows 2003 Std R2. BA> What is the best practice on bringing the new DC online and BA> decommissioning the old server. The new server will replace the DC and BA> another member server. We also have a windows 3003 Exchange Server and a BA> Windows 200 SQL Server machine that will be staying. Eventually we will BA> upgrade the Windows 2000 box to 2003 giving us a full windows 2003 BA> domain. BA> Thanks BA> Bob Anderson BA> IT Guy BA> Kent Sporting Goods. BA> List info : http://www.activedir.org/List.aspx BA> List FAQ: http://www.activedir.org/ListFAQ.aspx BA> List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re[3]: [ActiveDir] Exchange question
Just to add that they also put 5000 Mailboxes of 250MB on the server. 50GB / 5000 mailboxes = 10,24 MB of smtp queue/mailbox on average. Of course you will want a minimum size, anyway the number of mailboxes! Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Tuesday, August 22, 2006, 10:45:44 PM, you wrote: > It all depend on the smtp traffic your company has... And how fast you server process mail.. in the MS doc "Exchange Server 2003 Design and Architecture at Microsoft " MS use a 50GB partition to hold the SMTP Queue. In my opnion, it also depends who sends mail to the internet. If you have a dedicated smtp gateway, then your exchange will empty it's queue on the smtp gateway (will always success) while your smtp gateway will have to do many retries on many domain... my two cents, Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Tuesday, August 22, 2006, 10:14:09 PM, you wrote: > I don’t guess I ever thought about moving mailroot, but that is a really good idea. Here’s an article that tells how to do it just so no one has to go looking.. http://support.microsoft.com/?kbid=822933 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Tuesday, August 22, 2006 3:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Exchange question Just to add my $0.04 worth: By the time you ask what's the minimum, it's usually too late and not enough. The SMTP queue drive should, as a general rule, not get below 10% free space. The way the product works, every smtp message is accepted then acted upon. What that means to you is that SMTP messages are going to hit the disk hard. This indicates that you want to separate that I/O from the rest of the server where possible. That would mean that you'd typically place this directory on a dedicated set of spindles and the smallest drive size you'll likely find these days is a 72GB drive. If your average message is ~100KB, then you have approximately 72GB/(100KB-10%) of space before you would even want to consider that your drive should stop. That's a lot of a messages for most corporate implementations and could easily translate into several days worth of mail at those numbers. Wouldn't you want your mail system to stop sending at some point like that? So that you go find the issue and resolve it? Honestly, I think the better questions to ask are going to be along the lines of what is the typical formula for figuring out drive performance and sizing of Exchange server drives for the various i/o types? That will give you the better idea of what you can and should not get away with on those disks if you need to make changes. If you don't make changes, at least you'll know the areas to be aware of. My thoughts anyway. al On 8/22/06, Akomolafe, Deji <[EMAIL PROTECTED]> wrote: >>>minimum amount of HD space needed for the smtp to work? It depends mostly on how busy is the server. >>>Also, if the hard drive gets full will that stop the queue from delivering the emails? Of course. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.com - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Ramon Linan Sent: Tue 8/22/2006 11:51 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Exchange question Hi, I have 2 emails server in 2 different locations. All the sudden emails are not coming from one server to the other, I found out that smtp queue folder was in a hard drive that was running out of space. Do you guys know what is the minimum amount of HD space needed for the smtp to work? Also, if the hard drive gets full will that stop the queue from delivering the emails? Thanks Rezuma List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re[2]: [ActiveDir] Exchange question
It all depend on the smtp traffic your company has... And how fast you server process mail.. in the MS doc "Exchange Server 2003 Design and Architecture at Microsoft " MS use a 50GB partition to hold the SMTP Queue. In my opnion, it also depends who sends mail to the internet. If you have a dedicated smtp gateway, then your exchange will empty it's queue on the smtp gateway (will always success) while your smtp gateway will have to do many retries on many domain... my two cents, Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Tuesday, August 22, 2006, 10:14:09 PM, you wrote: > I don’t guess I ever thought about moving mailroot, but that is a really good idea. Here’s an article that tells how to do it just so no one has to go looking.. http://support.microsoft.com/?kbid=822933 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Tuesday, August 22, 2006 3:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Exchange question Just to add my $0.04 worth: By the time you ask what's the minimum, it's usually too late and not enough. The SMTP queue drive should, as a general rule, not get below 10% free space. The way the product works, every smtp message is accepted then acted upon. What that means to you is that SMTP messages are going to hit the disk hard. This indicates that you want to separate that I/O from the rest of the server where possible. That would mean that you'd typically place this directory on a dedicated set of spindles and the smallest drive size you'll likely find these days is a 72GB drive. If your average message is ~100KB, then you have approximately 72GB/(100KB-10%) of space before you would even want to consider that your drive should stop. That's a lot of a messages for most corporate implementations and could easily translate into several days worth of mail at those numbers. Wouldn't you want your mail system to stop sending at some point like that? So that you go find the issue and resolve it? Honestly, I think the better questions to ask are going to be along the lines of what is the typical formula for figuring out drive performance and sizing of Exchange server drives for the various i/o types? That will give you the better idea of what you can and should not get away with on those disks if you need to make changes. If you don't make changes, at least you'll know the areas to be aware of. My thoughts anyway. al On 8/22/06, Akomolafe, Deji <[EMAIL PROTECTED]> wrote: >>>minimum amount of HD space needed for the smtp to work? It depends mostly on how busy is the server. >>>Also, if the hard drive gets full will that stop the queue from delivering the emails? Of course. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.com - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Ramon Linan Sent: Tue 8/22/2006 11:51 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Exchange question Hi, I have 2 emails server in 2 different locations. All the sudden emails are not coming from one server to the other, I found out that smtp queue folder was in a hard drive that was running out of space. Do you guys know what is the minimum amount of HD space needed for the smtp to work? Also, if the hard drive gets full will that stop the queue from delivering the emails? Thanks Rezuma List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Enumerating Group type and Mebership...
Hello Mike,
Try this one:
-
Option Explicit
Dim objDomain, objUser, objGroup
Set objDomain = GetObject("WinNT://MyDomain")
objDomain.Filter = Array("user")
For Each objUser In objDomain
Wscript.Echo "User: " & objUser.Name
For Each objGroup In objUser.Groups
Wscript.Echo "-- Member of group: " & objGroup.Name
Next
Next
objDomain.Filter = Array("group")
For Each objGroup In objDomain
Wscript.Echo "Group: " & objGroup.Name
For Each objUser In objGroup.Members
Wscript.Echo "-- Member: " & objUser.Name
Next
Next
--------
Fire it with something like cscript dump.vbs >> dump.txt
Just my 2 cents
Mathieu CHATEAU
http://lordoftheping.blogspot.com
Tuesday, July 25, 2006, 8:49:11 PM, you wrote:
>
All,
I’m trying to enumerate all groups in my AD environment. I need to get Group name group type and group members for each group…
I’ve tried some sample _vbscript_s from http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx
Then I tried (below) but It still doesn’t seem to pull back everything I need- Any help would be great! In a perfect world - J - I need a list of all security groups and distribution groups and their members
Thanks,
Mike
Enumerate Security Groups and Member in Domain
csvde -f c:\tmp\SecurityGroups.csv -p subtree -l cn,mail,member -r "(|(&(objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640" -j c:\tmp
Enumerate Distribution Groups and Member in Domain
csvde -f c:\tmp\DistributionLists.csv -p subtree -l cn,mail,member -r "(|(&(objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2" -j c:\tmp
--
Best regards,
Mathieu mailto:[EMAIL PROTECTED]
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Can the Gods return to our domain? an ex-DC naming question
Hello Steven, why not choosing another god's name ? :) After all, this is just a name ! Since you can dcpromo down the server, it should be ok. Just be sure to remove replicate link and it's computer object from ADUC...Cleaning DNS my 2 cents, Mathieu CHATEAU Friday, August 18, 2006, 9:30:19 PM, you wrote: > Hello list, (Skip the first Paragraph if your in a rush :p It is a self introduction.) This is my first post so I would like to introduce myself and say hello to everyone and thanks for the bucket loads of good info floating around. I am relatively new to the industry and this is my first permanent job since University, I have just 8 months in my current role after 6 months of contracting for a large Aerospace company. I work for a consultancy that mainly provides software solutions using .net. I am working as a Systems Admin and am totally responsible for our internal systems (25 or so servers including development boxes) and also for several external clients server environments. I have been trying to pick up as much as possible by reading books, blogs, whitepapers and gathering advice from the many helpful individuals in this community. With that in mind forgive me for any newbie mistakes J Thanks again and on that note, I hope one day to be as useful as many of you already are. Ok so here is the situation: I am planning an Active Directory 2k and Exchange 2k upgrade to 2k3. Our servers are named after Greek / Roman Gods hence the subject. I have 2 DC’s Ceres and Hades (also the Exchange server) and a third new server running server 2k3 (Server3 – currently unnamed) which shall replace the DC Ceres. I plan to do an in place upgrade of Exchange on Hades, join Server3 to the domain install Exchange 2k3 move all the mail boxes, public folders and system folders then demote Hades remove it from the domain, rebuild it with 2003 and rejoin it again and dcpromo. Finally I will demote, remove Ceres and bin it (its very old :p) . Ok so maybe I have simplified this a bit but you get the general idea, enough to answer my question. My question is.. Can I use the name Hades again when it is rebuilt and re-made a DC? I presume if the name Ceres is given to another box it wont matter unless that box goes on to become a DC too. I know the answer to the above is yes but it requires some tweaking using ADSIedit. This is the part I don’t know. What needs to be changed and what precautions can I take before making this change to ensure I won’t mess it up? Oh and Don’t worry I am doing this on Virtual’s at the moment and will do multiple full backups on the live systems before I start this :p Thanks Steven Johnston -- Best regards, Mathieu mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Domain rename [DONE!]
Hello, I finally renamed our AD Domain yesterday ! Here are the sticky steps: For SQL, I asked the PSS : you need to go trough the SQL Setup, see: http://support.microsoft.com/default.aspx?scid=kb;EN-US;319016 Then you need to recreate ALL AD Users in SQL. For the filer/printer cluster, i followed: http://support.microsoft.com/kb/269196/ For Exchange, i followed the same KB but only after issuing the xdr-fixup. SMS 2003 Was removed and installed again after (we exported our collections/ query as MOF file) WSUS didn't have any issue, we didn't removed it. Norton passed trough without any trouble, server and client still communicate well. Citrix is a bad one, needed to create again all users, and we didn't change the farm name (same as domain); if you do so, you have to recreate all publish. For the NT Service, i used a vbscript to find all of them, the same for scheduled tasks. About the scheduled tasks, when you change the first, all are updated ! So everything was fine, except one mistake from me : I issued the /clean too fast, workstation weren't migrated yet.. Too bad..We had to brought them out & in the domain. Hope this will help others in the same case, cheers, Mathieu CHATEAU Wednesday, July 5, 2006, 9:52:53 AM, you wrote: gff> hello, gff> we are about to do a domain rename soon. gff> We Have : gff> two DC, Windows 2003 SP1 last update. gff> AD in native windows 2003 domain gff> Forest in native mode. gff> I am a bit worried about: gff> -We have 3 clusters : Exchange, Filer, SQL 2000 gff> -We have SMS 2003 (will deinstall/reinstall) gff> -We have WSUS (will deinstall/reinstall) gff> -Norton corporate 10 gff> -Citrix Metaframe PPS 3.0 gff> -We have some services that uses DOMAIN\adminaccount gff> if someone have pointer, i am interested in ! gff> Cheers, gff> Mathieu CHATEAU gff> List info : http://www.activedir.org/List.aspx gff> List FAQ: http://www.activedir.org/ListFAQ.aspx gff> List archive: http://www.activedir.org/ml/threads.aspx -- Best regards, Mathieumailto:[EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re[2]: [ActiveDir] Forestprep Failure
Hello BEN, Just for info, i already had some trouble after doing a P2V of one DC. When i tried to install Exchange on it, domainprep was freezing, trying to contact the other DC which i didn't P2V's. Zeising the role was enough, i needed to remove it from AD. cheers, Mathieu CHATEAU Thursday, July 6, 2006, 10:12:58 PM, you wrote: > Hello Mathieu, Yes, we run a fairly simple domain setup. Single domain, single forest. We are running in Windows 2000 native mode for domain and forest. Exchange 2003 is also in native mode. And nice catch on SMS, I deployed it myself and should’ve remembered to mention that. We do have SMS 2003 in our environment with the schema extended of course. ~Ben From: Mathieu CHATEAU [mailto:[EMAIL PROTECTED] Sent: Thursday, July 06, 2006 11:21 AM To: WATSON, BEN Cc: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Forestprep Failure Hello BEN, are you in Windows 2000 native mode ? the forest too ? exchange native mode ? Do you have SMS ? it extends the schema as well. Cheers, Mathieu CHATEAU Thursday, July 6, 2006, 7:43:21 PM, you wrote: > I am working to perform a domain upgrade from 2000 to 2003 R2 and I am running into problems right from the start when attempting an ADPREP /FORESTPREP. The domain also has Exchange 2003 running as well. Also, we have never extended the schema with Services for Unix 2.0 which I know can create some issues as well. I am currently working in a test environment in which we took a recent full tape backup of one of our domain controllers, and restored it in a separate network. As this is a test environment, this restored domain controller is the ONLY domain controller in existence and all FSMO roles have been transferred to it. Here is the output from my ADPREP /FORESTPREP attempt. I’m looking for assistance on how to fix these schema attributes so the FORESTPREP will be successful. As I’m working in a test environment, I am afforded the ability to make the necessary changes and see what it breaks to determine what made these schema changes (if anything). C:\WIN2K3R2\CMPNENTS\R2\ADPREP>adprep /forestprep ADPREP WARNING: Before running adprep, all Windows 2000 domain controllers in the forest should be upgraded to Windows 2000 Service Pack 1 (SP1) with QFE 265089, or to Windows 2000 SP2 (or later). QFE 265089 (included in Windows 2000 SP2 and later) is required to prevent poten tial domain controller corruption. For more information about preparing your forest and domain see KB article Q3311 61 at http://support.microsoft.com. [User Action] If ALL your existing Windows 2000 domain controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENT ER to quit. c = "attributeSyntax" attribute value for objects defined in Windows 2000 schema and extended schema do not match. A previous schema extension has defined the attribute value as "2.5.5.5" for obj ect "CN=uid,CN=Schema,CN=Configuration,DC=appsig,DC=com" differently than the sc hema extension needed for Windows 2003 server . [Status/Consequence] Adprep cannot extend your existing schema [User Action] Contact the vendor of the application that previously extended the schema to res olve the inconsistency. Then run adprep again. = "attributeId" attribute value for objects defined in Windows 2000 schema and ext ended schema do not match. A previous schema extension has defined the attribute value as "1.2.840.113556.1 .4.7000.233.28688.28684.8.192196.1165976.1266044.855334" for object "CN=roomNumb er,CN=Schema,CN=Configuration,DC=appsig,DC=com" differently than the schema exte nsion needed for Windows 2003 server . [Status/Consequence] Adprep cannot extend your existing schema [User Action] Contact the vendor of the application that previously extended the schema to res olve the inconsistency. Then run adprep again. = "isSingleValued" attribute value for objects defined in Windows 2000 schema and extended schema do not match. A previous schema extension has defined the attribute value as "TRUE" for object "CN=roomNumber,CN=Schema,CN=Configuration,DC=appsig,DC=com" differently than th e schema extension needed for Windows 2003 server . [Status/Consequence] Adprep cannot extend your existing schema [User Action] Contact the vendor of the application that previously extended the schema to res olve the inconsistency. Then run adprep again. -- Best regards, Mathieu mailto:[EMAIL PROTECTED] -- Best regards, Mathieu mailto:[EMAIL PROTECTED] List info
Re[2]: [ActiveDir] Forestprep Failure
Hello BEN, since you only did one DR, does it mean that the same coputer is both DC and Exchange ? I now limitations when Exchange is on a DC. Since you can restore again, can you shoot of exchange before ? Thursday, July 6, 2006, 10:12:58 PM, you wrote: > Hello Mathieu, Yes, we run a fairly simple domain setup. Single domain, single forest. We are running in Windows 2000 native mode for domain and forest. Exchange 2003 is also in native mode. And nice catch on SMS, I deployed it myself and should’ve remembered to mention that. We do have SMS 2003 in our environment with the schema extended of course. ~Ben From: Mathieu CHATEAU [mailto:[EMAIL PROTECTED] Sent: Thursday, July 06, 2006 11:21 AM To: WATSON, BEN Cc: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Forestprep Failure Hello BEN, are you in Windows 2000 native mode ? the forest too ? exchange native mode ? Do you have SMS ? it extends the schema as well. Cheers, Mathieu CHATEAU Thursday, July 6, 2006, 7:43:21 PM, you wrote: > I am working to perform a domain upgrade from 2000 to 2003 R2 and I am running into problems right from the start when attempting an ADPREP /FORESTPREP. The domain also has Exchange 2003 running as well. Also, we have never extended the schema with Services for Unix 2.0 which I know can create some issues as well. I am currently working in a test environment in which we took a recent full tape backup of one of our domain controllers, and restored it in a separate network. As this is a test environment, this restored domain controller is the ONLY domain controller in existence and all FSMO roles have been transferred to it. Here is the output from my ADPREP /FORESTPREP attempt. I’m looking for assistance on how to fix these schema attributes so the FORESTPREP will be successful. As I’m working in a test environment, I am afforded the ability to make the necessary changes and see what it breaks to determine what made these schema changes (if anything). C:\WIN2K3R2\CMPNENTS\R2\ADPREP>adprep /forestprep ADPREP WARNING: Before running adprep, all Windows 2000 domain controllers in the forest should be upgraded to Windows 2000 Service Pack 1 (SP1) with QFE 265089, or to Windows 2000 SP2 (or later). QFE 265089 (included in Windows 2000 SP2 and later) is required to prevent poten tial domain controller corruption. For more information about preparing your forest and domain see KB article Q3311 61 at http://support.microsoft.com. [User Action] If ALL your existing Windows 2000 domain controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENT ER to quit. c = "attributeSyntax" attribute value for objects defined in Windows 2000 schema and extended schema do not match. A previous schema extension has defined the attribute value as "2.5.5.5" for obj ect "CN=uid,CN=Schema,CN=Configuration,DC=appsig,DC=com" differently than the sc hema extension needed for Windows 2003 server . [Status/Consequence] Adprep cannot extend your existing schema [User Action] Contact the vendor of the application that previously extended the schema to res olve the inconsistency. Then run adprep again. = "attributeId" attribute value for objects defined in Windows 2000 schema and ext ended schema do not match. A previous schema extension has defined the attribute value as "1.2.840.113556.1 .4.7000.233.28688.28684.8.192196.1165976.1266044.855334" for object "CN=roomNumb er,CN=Schema,CN=Configuration,DC=appsig,DC=com" differently than the schema exte nsion needed for Windows 2003 server . [Status/Consequence] Adprep cannot extend your existing schema [User Action] Contact the vendor of the application that previously extended the schema to res olve the inconsistency. Then run adprep again. = "isSingleValued" attribute value for objects defined in Windows 2000 schema and extended schema do not match. A previous schema extension has defined the attribute value as "TRUE" for object "CN=roomNumber,CN=Schema,CN=Configuration,DC=appsig,DC=com" differently than th e schema extension needed for Windows 2003 server . [Status/Consequence] Adprep cannot extend your existing schema [User Action] Contact the vendor of the application that previously extended the schema to res olve the inconsistency. Then run adprep again. -- Best regards, Mathieu mailto:[EMAIL PROTECTED] -- Best regards, Mathieu mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Forestprep Failure
Hello BEN, are you in Windows 2000 native mode ? the forest too ? exchange native mode ? Do you have SMS ? it extends the schema as well. Cheers, Mathieu CHATEAU Thursday, July 6, 2006, 7:43:21 PM, you wrote: > I am working to perform a domain upgrade from 2000 to 2003 R2 and I am running into problems right from the start when attempting an ADPREP /FORESTPREP. The domain also has Exchange 2003 running as well. Also, we have never extended the schema with Services for Unix 2.0 which I know can create some issues as well. I am currently working in a test environment in which we took a recent full tape backup of one of our domain controllers, and restored it in a separate network. As this is a test environment, this restored domain controller is the ONLY domain controller in existence and all FSMO roles have been transferred to it. Here is the output from my ADPREP /FORESTPREP attempt. I’m looking for assistance on how to fix these schema attributes so the FORESTPREP will be successful. As I’m working in a test environment, I am afforded the ability to make the necessary changes and see what it breaks to determine what made these schema changes (if anything). C:\WIN2K3R2\CMPNENTS\R2\ADPREP>adprep /forestprep ADPREP WARNING: Before running adprep, all Windows 2000 domain controllers in the forest should be upgraded to Windows 2000 Service Pack 1 (SP1) with QFE 265089, or to Windows 2000 SP2 (or later). QFE 265089 (included in Windows 2000 SP2 and later) is required to prevent poten tial domain controller corruption. For more information about preparing your forest and domain see KB article Q3311 61 at http://support.microsoft.com. [User Action] If ALL your existing Windows 2000 domain controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENT ER to quit. c = "attributeSyntax" attribute value for objects defined in Windows 2000 schema and extended schema do not match. A previous schema extension has defined the attribute value as "2.5.5.5" for obj ect "CN=uid,CN=Schema,CN=Configuration,DC=appsig,DC=com" differently than the sc hema extension needed for Windows 2003 server . [Status/Consequence] Adprep cannot extend your existing schema [User Action] Contact the vendor of the application that previously extended the schema to res olve the inconsistency. Then run adprep again. = "attributeId" attribute value for objects defined in Windows 2000 schema and ext ended schema do not match. A previous schema extension has defined the attribute value as "1.2.840.113556.1 .4.7000.233.28688.28684.8.192196.1165976.1266044.855334" for object "CN=roomNumb er,CN=Schema,CN=Configuration,DC=appsig,DC=com" differently than the schema exte nsion needed for Windows 2003 server . [Status/Consequence] Adprep cannot extend your existing schema [User Action] Contact the vendor of the application that previously extended the schema to res olve the inconsistency. Then run adprep again. = "isSingleValued" attribute value for objects defined in Windows 2000 schema and extended schema do not match. A previous schema extension has defined the attribute value as "TRUE" for object "CN=roomNumber,CN=Schema,CN=Configuration,DC=appsig,DC=com" differently than th e schema extension needed for Windows 2003 server . [Status/Consequence] Adprep cannot extend your existing schema [User Action] Contact the vendor of the application that previously extended the schema to res olve the inconsistency. Then run adprep again. -- Best regards, Mathieu mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] GPO question
Hello Johnny, you can use the loopback in replace mode which should do the trick (then a user gpo should be in the OU, even if empty) Friday, April 7, 2006, 5:38:20 PM, you wrote: FJ> We have a GPO in place for all users to do Folder Redirection of My FJ> Documents. We are experiencing problems with long delays during this FJ> process when users connect to a Citrix Server. This started with 2003 FJ> SP1 (there is a "potential" hot fix from MS, but we are not crazy about FJ> it) FJ> The real question is that I am not finding a way to not apply that GPO FJ> when our users connect to the Citrix servers. Here is what I mean: FJ> A) Typically you can counteract a GPO applied above with a GPO that FJ> disables that same function, like we did recently with Screen Saver FJ> settings. But, Folder redirection of My Documents can not be "disabled", FJ> it is just "not configured" or Configured and pointing to the FJ> redirection location. FJ> B) There are no GPOs applied to the Terminal Server or Citrix Servers FJ> OUs, but do not want to Block inheritance of GPOs (not best practices FJ> because it is hard to troubleshoot and I am not even sure it is an FJ> option in this case). The Folder Redirection GPO is applied to the USERS FJ> OU and sub OUs based on AD Group membership. FJ> C) Loopback processing seems to be the reverse of what I am trying to FJ> do. Unless I am just not getting it. FJ> Any other ideas? FJ> Thanks FJ> Johnny Figueroa FJ> Enterprise Network Consultant/Integrator FJ> Network Services Banner Health Voice (602) FJ> 495-4195 Fax (602) 495-4406 FJ> List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re[2]: [ActiveDir] Limit Logon thru GPO
Thursday, February 16, 2006, 6:56:38 PM, you wrote: MP> Another way I have seen this done is via a logon script and the MP> users home directory, basically the directory is limited to 1 MP> connection then if this number is exceeded the computer logs the user off. MP> Very crude I know. MP> Mark MP> -Original Message- MP> From: Jacqui Hurst <[EMAIL PROTECTED]> MP> Date: Thu, 16 Feb 2006 17:46:35 MP> To:ActiveDir@mail.activedir.org MP> Subject: RE: [ActiveDir] Limit Logon thru GPO MP> MP> MP> I have seen CConnect working fine in a Windows 2003 environment. MP> MP> MP> Jacqui. MP> MP> MP> This cconnect.exe seems interesting anybody used it with 2003 MP> Server? or is it strictly a NT/2000 tool? MP> MP> MP> MP> From: [EMAIL PROTECTED] MP> [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia MP> Sent: Thursday, February 16, 2006 8:17 AM MP> To: ActiveDir@mail.activedir.org MP> Subject: RE: [ActiveDir] Limit Logon thru GPO MP> MP> There is no native way of doing this in GP, but there is the MP> Resource Kit utility Cconnect.exe that tries to accomplish the MP> same thing without messy AD partitions (not at all to imply that MP> anything remotely related to AD is messy :)) MP> MP> Darren MP> MP> MP> From: [EMAIL PROTECTED] MP> [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser MP> Sent: Thursday, February 16, 2006 7:59 AM MP> To: ActiveDir@mail.activedir.org MP> Subject: [ActiveDir] Limit Logon thru GPO MP> Sorry if this question has already been asked but I was sure I MP> saw this at one time and now I cannot find it anywhere. I am MP> beginning to think it was all just a wishful dream. MP> MP> Q. Is it possible to limit the number of logons a user may have at any one moment, using GPO? MP> MP> Microsoft has released the LimitLogin tool, which you can MP> download from MP> http://download.microsoft.com/download/f/d/0/fd05def7-68a1-4f71-8546-25c359cc0842/limitlogin.exe. MP> The tool stores logged-on information in a custom AD partition MP> (dc=limitlogin, dc=, dc=; e.g., MP> dc=limitlogin,dc=savilltech,dc=com) via a Microsoft IIS 6.0 MP> (Windows Server 2003) hosted Web service, a client component, and a logon and logoff script. MP> MP> This is the only answer I could find on the internet but surely MP> this cannot be the only way, like I mentioned I was sure I saw MP> this at one time and now I cannot find it anywhere. Was it all a MP> dream? Should MS get there act together? or did I really see this? MP> I would rather not use LimitLogon as it seems like a bit of a pain MP> in the a$$ to setup and I am pretty sure it is irreversible. MP> MP> MP> Thanks, MP> MP> MP> Aaron Visser hello, if i understand your way, you must create a share per user's home dir. One share with subdir sounds much simple to manage and should provide better performance.. If you are using one share, i am interested in your solution (as far as i can remember, the connection limit is per share and not per login connected to the shares) Mathieu CHATEAU List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] msi package
Sunday, November 27, 2005, 2:20:26 PM, you wrote: > Dear all, how can I create an msi file from installation files? any tools recommended? thank you you can use adminstudio from installshield, it's the best i have used (but a $$$ one). Winstall LE is free but limited to capture an install to make a msi. NEVER MAKE A MSI FROM A MSI ! cheers, Mathieu CHATEAU List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
