RE: [ActiveDir] Unsubing
No no no no no, Craig: You can check out any time you want, But you can *never* leave! Steve Egan (temp) Systems/Network Engineer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Cerino Sent: Friday, January 19, 2007 5:42 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Unsubing You are with us now - - - - you may never leave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall Sent: Friday, January 19, 2007 8:39 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Unsubing Sorry to send this to the list, but I cant find the address to unsubscribe. Can anyone help me out? As much as I love you all, my recent affair with Apple OS X has left me realising that our love is just a sham and that other delights await me. Big up'. Olly www.g2support.com/backups List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
[ActiveDir] Cisco VPN user authentication problem
Greetings, Brain Trust:
I've been troubleshooting a VPN access problem for about two days now
and have almost scratched a groove in my head - this one's a puzzler.
My boss has an IBM Lenovo T60 laptop that has the Cisco VPN client
software loaded into it. It was working just fine up until the third
week of December, allowing her to use Dialup to get into our HQ domain
from her house. When the logins failed, I thought it was due to crappy
dialup connection, since noise in the link will cause the VPN tunnel to
go down.
However, I just got her link at her house to go on wireless, and it
works just spiffy (11M up/down), and she still can't log on to the
domain with the VPN software. The connection works just fine, she can
browse with no problem. OWA works just fine.
Here's some of the troubleshooting I've done:
1) reloaded the VPN software.
2) Tried to have her log on from another machine.
3) Changed the Group authentication (made a new one) just for her.
Nothing seems to work. She logs in to the domain normally from her desk
at work using either the wireless in the laptop, or via the Ethernet
connection. Anybody else can use her laptop to get in via the VPN, so
it's not the drivers or hardware. Her problem is replicated from
ANYBODY's laptop utilizing the VPN software. It's got to be her
account, which is why I think it's something screwed up in AD.
When I monitor her attempts to log into the VPN concentrator (a Cisco
3000), sometimes it says the IKE isn't working, sometimes it says
there's no domain (domain = {not specified}), sometimes it never talks
to the 3000 at all (according to the log and the way it comes right back
with the username/password request).
Want to get even more confused? This problem started when she attempted
to change her password back to what it was - she went through the AD
administration on the primary AD box and got some kind of error. Ever
since then, things just ain't the same. I think something got scrambled
in her account. We tried disabling her account for 5 minutes and then
re-enabling, but nothing's worked.
Where should I look to see if something's amiss? I'm kinda stumped.
Steve Egan
Systems/Network Engineer
RE: [ActiveDir] Cisco VPN user authentication problem
Did that. It was the first thing I looked at, having had experience
with RADIUS before. I created a user on the 3000, and it worked fine.
BTW, we use the Kerberos/Active Directory authentication. But you knew
that...
Steve Egan (temp)
Systems/Network Engineer
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, January 19, 2007 3:00 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Cisco VPN user authentication problem
Steve;
Just for kicks. Could you create a local account for testing? This would
bypass any RADIUS/TAC+ problems and confirm the VPN client isn't at
fault. Also, Cisco released a new client about a week ago. Don't ask, my
laptop is stored for the weekend. Something like 4.881720344-1
or some such.
Anyhow, it sounds like a RADIUS problem within the server but check with
a local account on the 3000 just to eliminate what should be obvious.
Brent Eads
Employee Technology Solutions, Inc.
Office: (312) 762-9224
Fax: (312) 762-9275
The contents contain privileged and/or confidential information intended
for the named recipient of this email. ETSI (Employee Technology
Solutions, Inc.) does not warrant that the contents of any
electronically transmitted information will remain confidential. If the
reader of this email is not the intended recipient you are hereby
notified that any use, reproduction, disclosure or distribution of the
information contained in the email in error, please reply to us
immediately and delete the document.
Viruses, Malware, Phishing and other known and unknown electronic
threats: It is the recipient/client's duties to perform virus scans and
otherwise test the information provided before loading onto any computer
system. No warranty is made that this material is free from computer
virus or any other defect.
Any loss/damage incurred by using this material is not the sender's
responsibility. Liability will be limited to resupplying the material.
Steve Egan \(Temp\) [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
01/19/2007 04:39 PM
Please respond to
ActiveDir@mail.activedir.org
To
ActiveDir@mail.activedir.org
cc
Subject
[ActiveDir] Cisco VPN user authentication problem
Greetings, Brain Trust:
I've been troubleshooting a VPN access problem for about two days now
and have almost scratched a groove in my head - this one's a puzzler.
My boss has an IBM Lenovo T60 laptop that has the Cisco VPN client
software loaded into it. It was working just fine up until the third
week of December, allowing her to use Dialup to get into our HQ domain
from her house. When the logins failed, I thought it was due to crappy
dialup connection, since noise in the link will cause the VPN tunnel to
go down.
However, I just got her link at her house to go on wireless, and it
works just spiffy (11M up/down), and she still can't log on to the
domain with the VPN software. The connection works just fine, she can
browse with no problem. OWA works just fine.
Here's some of the troubleshooting I've done:
1) reloaded the VPN software.
2) Tried to have her log on from another machine.
3) Changed the Group authentication (made a new one) just for her.
Nothing seems to work. She logs in to the domain normally from her desk
at work using either the wireless in the laptop, or via the Ethernet
connection. Anybody else can use her laptop to get in via the VPN, so
it's not the drivers or hardware. Her problem is replicated from
ANYBODY's laptop utilizing the VPN software. It's got to be her
account, which is why I think it's something screwed up in AD.
When I monitor her attempts to log into the VPN concentrator (a Cisco
3000), sometimes it says the IKE isn't working, sometimes it says
there's no domain (domain = {not specified}), sometimes it never talks
to the 3000 at all (according to the log and the way it comes right back
with the username/password request).
Want to get even more confused? This problem started when she attempted
to change her password back to what it was - she went through the AD
administration on the primary AD box and got some kind of error. Ever
since then, things just ain't the same. I think something got scrambled
in her account. We tried disabling her account for 5 minutes and then
re-enabling, but nothing's worked.
Where should I look to see if something's amiss? I'm kinda stumped.
Steve Egan
Systems/Network Engineer
Message scanned by TrendMicro
Message scanned by TrendMicro
RE: [ActiveDir] Cisco VPN user authentication problem
Brent: Great minds think alike... We are thinking of saving all her files that have to be connected thru her profile, blowing it away, and building a new one (NOT with the same username!) to kind of flush things out. I was hoping the Brain Trust had something I hadn't thought of or maybe knew of somewhere to look. I'll let this simmer over the weekend and see if anybody else can contribute something that'll make/help me find the problem, IF it's solvable *without* having to re-create the account. It's gonna be messy to have to re-create email and other stuff . ...besides, you knew the job was dangerous when you took it! Steve Egan Systems/Network Engineer From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 19, 2007 3:23 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Cisco VPN user authentication problem Steve; You could setup a new account through AD or blow her existing account away and see if that doesn't clear the stick from the mud. Just attacking this as logically as I can, here. Since I do not know of a utility to check for problems with Kerberos/AD... Though it seems like there should be something out there to do just that. Bueller? Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Steve Egan \(Temp\) [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 01/19/2007 05:06 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject RE: [ActiveDir] Cisco VPN user authentication problem Did that. It was the first thing I looked at, having had experience with RADIUS before. I created a user on the 3000, and it worked fine. BTW, we use the Kerberos/Active Directory authentication. But you knew that... Steve Egan (temp) Systems/Network Engineer From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 19, 2007 3:00 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Cisco VPN user authentication problem Steve; Just for kicks. Could you create a local account for testing? This would bypass any RADIUS/TAC+ problems and confirm the VPN client isn't at fault. Also, Cisco released a new client about a week ago. Don't ask, my laptop is stored for the weekend. Something like 4.881720344-1 or some such. Anyhow, it sounds like a RADIUS problem within the server but check with a local account on the 3000 just to eliminate what should be obvious. Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Steve Egan \(Temp\) [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 01/19/2007 04:39 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject [ActiveDir] Cisco VPN user authentication problem Greetings, Brain Trust: I've been troubleshooting a VPN access problem
[ActiveDir] File replication setup problem
Howdy, Brain Trust: I have two servers, one on Poland, the other in Sweden, that I want to install FRS on (and later upgrade to DFS) so that I can back up these remote location files locally on a high-speed offsite backup here in the States. I'm attempting to go slow and do a little bit at a time. When I Run the New Replication Group Wizard and name the replication group and hit Next, the following error happens: company.com: The Active Directory schema on domain controller ftp server.domain.com cannot be read. This error might be caused by a schema that has not been extended, or was extended improperly. See Help and Support Center for information about extending the Active Directory schema. A class schema object cannot be found. I've tried and tried to extend the schema, the results are normal (no errors), and still the AD schema is broken. It swears up and down that it is a 2003 schema. I can't install AD on the Sweden server because something ain't right with it (schema), and now this. I have two servers running here in the states as DC's, and they both think they are the top dog controller because whenever I try to do something like this it tells me the schema is broken. The FTP server and the mail server are both set up as DC's, both have AD on them. How do I tell one of them that they are no longer the master? Can I just delete (remove) the AD schema from the ftp server and reinstall it without serious breakage? I'm not sure that a simple demote will do the trick. I'm enough of a thumb-fingered idiot when it comes to AD that I live in fear of really screwing the pooch if I do something like this - but I have to get it solved somehow. Somebody got a life preserver? Steve Egan (temp) Systems/Network Engineer Occasional AD fumble-fingered idiot
RE: [ActiveDir] Lockdown CD-ROM access for some
Ben, I was working in a secure govt. facility, and what we did was disable write access to the drives. Don't ask me how the Network Admins did it, though. Another thing to turn your hair white and pull it out - what about those USB storage devices? How are you going to keep *them* from being written to or read from? It used to give me nightmares, since the devices are small and easily fit into a pocket or other small area... Steve Egan (temp) Systems/Neetwork engineer Purcell Systems desk: 509 755-0341 x 110 cell: 509 893-0751 fax: 509 755-0345 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN Sent: Wednesday, December 13, 2006 7:36 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Lockdown CD-ROM access for some I have been given a task for our secured environments (by secured, I mean government clearances required) to develop a means to lock down access to the CDROM drive at a user based level. They want most users to be restricted from using the CDROM drives in anyway, but allow a certain security group the ability to have full use of their CDROM drives. As far as I can tell, there is not a group policy that allows for this type of granular lockdown of the devices. Any suggestions on how to best tackle this? Information simply cannot leave these secured environments, and they no longer want users to have unfettered access to CD/DVD burners. The drive letter of the CD drives may not always be the same, in fact some machine's drive letters may vary wildly. Thanks, ~Ben
RE: [ActiveDir] Way OT: Laptop Battery Life
The IBM T-series laptops that we use here have a battery mode that slows down the processor speed, resulting in less power consumption by the processor and less heat generated (resulting in the cooling fan cycling on and off less). Noah, if I am reading your question correctly, you are asking if spinning the disk up to speed draws significant current, and if you are constantly stopping and then re-starting the spin on the disk platter constantly does this negate the power savings of having the disk power down in the first place? As an engineer, the answer is: it depends. If the power-down/power-up cycle is sufficiently short (you're always waking the unit back up) then the answer is YES. If there are significant periods of time between sleeping and waking the machine, the answer is NO. I'd actually have to measure current draw from the platter motor to tell you what the cycle time would be. Having said that, I can tell you from experience with other dynamic systems that sometimes just leaving it run is the most advantageous/economical! Anybody else have the same conclusion? I am NOT a hard drive designer... Everybody, all of your suggestions are spot on. Especially the Network adapter and the WiFi... Steve Egan (temp) Systems/Network engineer Purcell Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Wednesday, December 13, 2006 9:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Way OT: Laptop Battery Life So your last part about disk. Does waking up from those screen and hdd settings have a negative impact on battery? That is, if you are continually giggling the track pad to wake it up, is that worse than just leaving it run for a bit? Similarly, does coming out of Sleep hit the battery? Dell put out a document about battery life. The single biggest factor was screen. Next (I think) was network adapters. What about services? Are there services to disable to improve battery run time? -- nme -Original Message- From: Williams, Chris [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 13, 2006 6:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Way OT: Laptop Battery Life The Dell D600 and D610 have a network adaptor power setting where you can tell it to disable a network adaptor if it is not live when on battery, this may help extend your battery life a bit more. We use both these models and even using the internal wireless card we still get 3.5 to 4 hours out of a battery. Our power settings are wound right down so for example the screen powers off after 1min, HDD after 5min etc. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: 13 December 2006 08:32 To: ActiveDir.org Subject: Re: [ActiveDir] Way OT: Laptop Battery Life I also read a blog this week that Vista's default Wifi configuration is set in such a way that if the wifi hotspots don't support this Vista mode - it will drain the battery pretty quick. This leads me to ask do you have any power draining features turned on or inserted? Powersave set on Disk, screen, do you have an external mouse or PCMCIA/Express cards? Regards, Mark Parris Base IT Ltd Active Directory Consultancy Tel +44(0)7801 690596 -Original Message- From: Molkentin, Steve [EMAIL PROTECTED] Date: Wed, 13 Dec 2006 14:13:22 To:ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Way OT: Laptop Battery Life I find not using mine gives me almost unlimited hours use. themolk. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jackson Shaw Sent: Wednesday, 13 December 2006 1:57 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Way OT: Laptop Battery Life Even removing the CD/DVD ROM drive during flight helps. I had the media bay battery that Brian mentions below and it made a huge difference. Subsequently, I have moved to an IBM X60 and with the standard battery in âmaximize battery lifeâ mode I usual get 9 hours. Also, donât forget to turn your screen brightness down as much as possible â it makes a huge difference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Tuesday, December 12, 2006 7:49 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Way OT: Laptop Battery Life I have this model too. Kill the Wifi and Bluetooth for starters. Wifi is Fn+F2 I think. Next, get a media bay battery from Dell â it can give you several (up to 4) more hours in my experience. I go through batteries pretty quickly â I think I killed the media bay battery (or at met its half life) in about 6 months. A combination of desk work and being mobile does this because of the uneven discharge/charge cycles. You can either be real meticulous about taking care of the batteries or start hitting
RE: [ActiveDir] OT: Possessed PCs
RF is funny stuff. Depending on the strength/frequency of the carrier wave, walls, current-carrying wires within those walls, and even rebar within concrete can act as waveguides. Toss in a healthy dose of multipathing and BFO's (Beat Frequency Oscillators) and you have a nightmare in cubicle-land. You have to walk around with a Spectrum Analyzer to appreciate what goes on in the RF spectrum in an office building, believe me. Add a rogue device that's spitting stuff out too loudly, or at just the wrong frequency, and stir. Your brains. Because you can't figure out the @#$%^$-ing problem. The sledgehammer solution works just peachy! We banned all this stuff, and our service calls went away. No more broken keyboards and mice. Wireless ain't what it's cracked up to be because there are now too many devices using the very narrow spectrum. Just ask the FCC... Steve Egan Purcell Systems System/Network Administrator desk 509 755-0341 x110 cell 509 475-7682 fax 509 755-0345 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline Sent: Monday, December 04, 2006 9:30 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Possessed PCs Please do! :-) They sit in an area that is somewhat densely clustered with cubes. However, the first two of the affected users sat in cubes next to each other with a direct line of sight to the problem source roughly 15ft away, and have a near direct line of sight to a third affected user that was about 25ft and two walls away from the source of the problem. The fourth affected user was also about 25-30ft and three walls away from the source, in the opposite direction of the third user. The row of VP offices directly across from the fourth user's office were not affected (whew!). And of course once we told the problem user what was going on, he had a little bit of fun with it first. -- Brian Cline From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson Sent: Friday 01 December 2006 17:30 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Possessed PCs When I go near wireless mice/keyboards, they stop working. (I can provide witnesses to this.) Want me to visit your office? ;-) Laura P.S. How densely clustered are these users? Does one user's interference stop if you turn off the other user's mouse? Seems like it'd be a quick way to verify that it's not somebody between them before you start cubicle crawling. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline Sent: Friday, December 01, 2006 3:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Possessed PCs Since this morning, we've ruled out the possibility of the USB mice being affected as well. Apparently those folks with USB mice who complained were not having the same kind of cursor movement -- it was just the seldom jumpy cursor (where it spasms between 2-3 pixels while idle) usually seen only with optical mice. Fortunately I've been able to see it in action today, and it definitely seems to be coming from someone else's mouse as it appears to be normal mouse movements. The affected users are roughly 30-40 feet away, so we're checking to see if there is someone between of all of them who has a wireless mouse. I like the idea of prohibiting the devices altogether. Would definitely save a lot of time -- I've not been able to get much serious work done today. -- Brian Cline From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Klassen Sent: Friday 01 December 2006 12:57 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Possessed PCs Usually I see this from interference using wireless mice. Usually it's caused by people with other wireless devices close by and they are both operating on the same channel. RF can operate through walls, so interference doesn't have to be line of sight and can come through walls, from above or below if transmitting omnidirectionally. Just had this recently where a bunch of staffers with laptops got wireless external keypads, all the same make and model, and found the range of these things was 20 feet. Cell Phones, Microwaves, and other common items may also cause this for the same reasons. I no longer allow wireless devices in my environments just to save the hassle. You say this also happens with some wired usb mice? Have you tried moving these to a different USB port on the system, preferably connected to a different USB controller? Scott Klassen From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline Sent:
RE: [ActiveDir] Split pagefile
Back in the mists of antiquity, when 3 meg disks were the norm (mainframes...), we always put any files that were going to be heavily used (in terms of r/w) closest to the spindle since the heads had less distance to travel. Fewer milliseconds to get to what you were looking for. We also optimized for disk sector interleave, but that's not important any more... Here's the point. I always put swap files, whether Linux or Windows OS, *closest* (physically) to the FAT. Where does a disk drive spend most of its time loitering? The FAT area, simply to find or record where everything is. So, yes, you have to consider where *physically* (disk geometry) you are going to put the swap file ON THE DISK, not which partition. But this is my old mainframe experience (hardware/software) talking. Steve Egan Purcell Systems System/Network Administrator desk 509 755-0341 x110 cell 509 475-7682 fax 509 755-0345 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan Sent: Thursday, November 30, 2006 10:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Split pagefile Hi, I have an answer and a question about the same. Most of my servers have 2 partition, one for the OS and the other for data, I always put the pagefile in the data partition, so yes, you can have the have the whole thing in a different partition or hard drive. Actually, Linux system always create a swap partition just for that purpose, so I wonder if it would be more efficient to always create a partition just for the pagefile... Anyone knows? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Thursday, November 30, 2006 12:09 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Split pagefile Sorry for the reply to my own post, but this article: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips /Miscellaneous/EnhancePerformancebyMovingthePagefile.html says I can move the whole thing to a different partition. I'll leave a meg on the C drive just for the dumpfile, which we limit to 64K, in case the system crashes and I can actually figure out how to read the dumpfile. But, really, is it OK to leave absolutely NO pagefile on C:/? We normally leave at least 200Mb on the C: partition when we move the rest to a different drive. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Thursday, November 30, 2006 9:55 AM To: Exchange Discussions Subject: Split pagefile Colleagues, Is there a best practice for splitting the pagefile on Exchange 2003 across multiple drives? My C drive is up to nearly 9GB used out of 10GB, and I'd like to move off most of the 3GB pagefile to maybe the database drive. We have only 500 users on that system, so performance shouldn't be too much of an issue. Thanks in advance, folks. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] OT: M$
When I was working for Uncle Sam's Flying Air Circus, *that's* what I called it - even though I was working in a hole in the ground at Minot AFB, ND. Anybody above the rank of E-5 didn't appreciate the name, but that's how it was referred to amongst the troops... Three years ago, when I was working for Space Command (as a civilian) at Diego Garcia, we called it Spacey Command. Same situation, different locale. It's all in your perspective. Anybody that objects to M$ is WAY too sensitive, in my book. But I was beaten into submission by the Military, so I'm *definitely* warped. Tempest in a Teapot, I say. Steve Egan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline Sent: Monday, November 13, 2006 9:52 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: M$ M$ its funny or injurious ? Neither. Just unfunny and beaten to death. But I did laugh out loud at US Chair Force when I went through this thread earlier. That's pretty funny. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adrian Teodorescu Sent: Monday 13 November 2006 12:16 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: M$ People are boring talking about the exchange problems and start educate each other :) Keep going Let's start again: M$ its funny or injurious ? Anyone else ? A bored list reader -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: Monday, November 13, 2006 4:46 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: M$ It's my music drive. What I'm trying to figure out is how did everyone know about it? :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Friday, November 10, 2006 1:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: M$ Ah - now I see - that must be their back-door to access every system Windows is running on ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Lefkovics Sent: Friday, November 10, 2006 9:36 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: M$ What does all this have to do with the hidden administrative share on the M: drive? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter Sent: Thursday, November 09, 2006 6:17 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: M$ You're not a fake employee, I've seen you. :-) BrettSh, too. It's that Stuart Kwan guy whose existence I'm doubting. (Come on, was that enough to inspire the rarity that is a Stuart Kwan ActiveDir post? Please? PLEASE?!?!?!?!?!?!?!?!?!?!? ;-)) On 11/9/06, Eric Fleischman [EMAIL PROTECTED] wrote: Not that I really care if people say M$ or not, but I thought I'd comment on one thing, in the name of full disclosure.. My participation on this list has __nothing__ to do with money. I don't get compensated on any level for this. Heck, I don't even work on AD anymore, so this is like 2 degrees of separation away from anything that MS compensates me for. So, is MS out to make $? Sure. Is AD part of that money-making strategy? Sure. Does that have anything to do with MS employee participation on this list? I don't think so. Others (at least those that I can recall posting here as I type this mail) on this list fall in to the same boat. A couple of them don't work on AD anymore either. Why do I hang out here? I do it because I care about customers and about AD/ADAM. It has nothing to do with my salary. It's also why I still blog about AD, answer newsgroup questions, answer internal questions (DLs, PSS, MCS, other PGs, etc.), handle direct emails from a myriad of non-MS people (some I know, some are totally out of the blue), fix code for people that ask for help, etc. I don't get paid for any of this. ~Eric Borg #145719302 Insert conspiracy theory here about how this whole mail is a lie and the man actually wrote it on behalf of the fake employee that goes by Eric Fleischman List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding,
RE: [ActiveDir] OT: new ms-Sysinternals utils: .exe size gone up like crazy!
Back in my days of programming in C, if we used the C-Worthy Interface
Library (CWIL), a simple three-line program would be a MINIMUM of 170K.
Maybe it's because a GUI is now included, or somesuch??
Steve Egan
Purcell Systems
System/Network Administrator
desk 509 755-0341 x110
cell 509 475-7682
fax 509 755-0345
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Monday, November 13, 2006 10:33 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: new ms-Sysinternals utils: .exe size gone
up like crazy!
I think MS may have signed them all. Dunno if that increases size.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On Behalf Of Javier Jarava
Sent: Monday, November 13, 2006 12:47 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: new ms-Sysinternals utils: .exe size gone
up
like crazy!
Hi!
Just a quick question to the list, to see what the honrable members
(tm)
think.
I have just d/l some of the the updated sysinternals tools from MS
(filemon,
regmon, autoruns and pstools to be precise), and I have noticed that
most if
not all the utils have grown in size A LOT.
As an example, this is the change I see from pstools v2.34 and v2.4:
Archive: SYSINTERNALS PsTools v2.34 -20060710- PsTools.zip
Length Date TimeName
122880 20/03/06 16:19 psshutdown.exe
94208 02/08/05 11:14 pskill.exe
65536 30/03/06 10:05 psloglist.exe
49152 27/03/06 13:07 psloggedon.exe
106496 21/07/05 10:22 psgetsid.exe
146704 26/07/00 12:00 pdh.dll
57344 06/04/06 14:52 psservice.exe
53248 30/12/05 03:15 psfile.exe
135168 11/07/06 09:00 psexec.exe
63786 08/07/06 11:10 Pstools.chm
135168 13/12/05 09:51 Psinfo.exe
106496 07/11/03 14:42 pssuspend.exe
86016 01/12/04 17:27 pslist.exe
57344 16/05/04 08:36 pspasswd.exe
1969 11/02/06 09:22 Eula.txt
39 10/07/06 13:58 version.txt
---
1281554 16 files
Archive: SYSINTERNALS PsTools v2.4 -20061101- PsTools.zip
Length Date TimeName
412472 01/11/06 13:07 psexec.exe
166712 01/11/06 13:06 psfile.exe
322360 01/11/06 13:07 psgetsid.exe
428856 01/11/06 13:07 Psinfo.exe
318264 01/11/06 13:07 pskill.exe
191288 01/11/06 13:06 pslist.exe
162616 01/11/06 13:06 psloggedon.exe
187192 01/11/06 13:06 psloglist.exe
170808 01/11/06 13:06 pspasswd.exe
179000 01/11/06 13:06 psservice.exe
404280 01/11/06 13:07 psshutdown.exe
375608 01/11/06 13:07 pssuspend.exe
63786 08/07/06 11:10 Pstools.chm
38 15/10/06 16:32 psversion.txt
153672 01/11/06 13:05 pdh.dll
7005 28/07/06 08:32 Eula.txt
---
3543957 16 files
Just wondering outloud what is the reason for the size change.
Different
compiler, maybe?
Thanks a lot for your time in reading thus far.
Javier Jarava
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir@mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] [OT] Best. KB. Article. Ever. (done in the voice of the Simpsons comic book dude, naturally)
Does this fall in the ID10T category? DOH! Sigh. Steve Egan Purcell Systems System/Network Administrator desk 509 755-0341 x110 cell 509 475-7682 fax 509 755-0345 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter Sent: Thursday, October 26, 2006 11:22 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] [OT] Best. KB. Article. Ever. (done in the voice of the Simpsons comic book dude, naturally) http://support.microsoft.com/kb/228001 Network Adapter Does Not Work if Unplugged -- --- Laura E. Hunter Microsoft MVP - Windows Server Networking Author: _Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll) Author: _Active Directory Cookbook, Second Edition_ (http://tinyurl.com/z7svl) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Going OT again ... Separating Database and logs on seperate disks
Okay - I just HAVE to ask... What does it Dew for you?? (ducks!) Steve Egan (Temp) Network/Systems Engineer Purcell Systems One Unix to rule them all, One Resolver to find them, One IP to bring them all, And in the Zone to Bind them. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 17, 2006 8:26 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Going OT again ... Separating Database and logs on seperate disks Yeah and I'm bummed that I can't find any Pitch Black Mountain Dew this Halloween season (okay that's realllyy off topic) joe wrote: I could only correlate sender... Susan is in California, all sorts of interesting things to experiment with out there. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm SNIP List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] OT: wikis
Ummm, what's 6 X 9 ?? Steve Egan Purcell Systems System/Network Administrator desk 509 755-0341 x110 cell 509 475-7682 fax 509 755-0345 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, October 11, 2006 4:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: wikis 42 -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, October 10, 2006 6:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: wikis So, where would the ant be 5 seconds after the box started to tumble, assuming it walks at 1 inch per hour (really slow ant). I'd really like to know :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, October 10, 2006 11:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: wikis And also, IMO, to help people realize they should question established thought patterns. I found it interesting that you teach math to children yet you don't get enough math until pretty well into university that you can understand how it actually works. Mostly though I found the story problems fun, like when you have to build an equation that will give you the point in space at any given point in time where an ant is if he is walking towards the center of a 78 RPM record at x inches per hour that is in a box that is tumbling at some fixed interval falling off the edge of the grand canyon. Completely worthless in terms useful info but a great mental exercise type problem. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Monday, October 09, 2006 10:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: wikis They like it because it shows that division by zero can bite you without being obvious. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Sunday, October 08, 2006 4:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: wikis I've seen that stunt a few times. I'm not sure the point of showing it but math teachers love to demonstrate it for some reason. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, October 05, 2006 2:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: wikis Careful, I recall a math professor in my differential equations class or maybe it was higher throwing a proof up on the board showing that 1 + 1 != 2 and it wasn't a numberical base trick I didn't follow through it, I just closed my eyes and shook my head and thought forward to my communications class as the sights were easier on the eyes... I still wonder why I went into a field with such a high ratio of men to women... :) -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson Sent: Thursday, October 05, 2006 12:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: wikis 999,998 + 2 = 1,000,000, not 100,000. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Nims Sent: Thursday, October 05, 2006 11:49 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: wikis It's funny how we quote wikis as definitive sources of information, when they can be edited by anyone and everyone :) Who vets the edits and how much does that person know about the subject matter?? Anyone can edit, which is why they are generally correct. When 100,000 people view a record, and 2 people want to change it to be incorrect, 999,998 will want to correct it. I wouldn't use a wiki as a great historical or technical source. But for encyclopedia entries, which give a good summation of a subject, they are great. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ:
RE: [ActiveDir] ip problem
Is this on a router? What kind of ACL are you using? Firewall? Steve Egan Purcell Systems System/Network Administrator desk 509 755-0341 x110 cell 509 475-7682 fax 509 755-0345 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Quatro Info Sent: Sunday, October 08, 2006 8:36 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ip problem Hi all, I have a weird issue, which seems a mask problem. I have a routed subnet at 83.161.118.XXX range, with a subnet 255.255.255.240. 16 ip addresses. Problem is that I cant connect to this 83 range from the outside from a same 83 address like 83.98.244.148 Furthermore I cant connect from this same 83 address to a external 83 address. So both ways is locked. Tried changing all subnets in every which way but no result. You folks got a clue? All input is appreciated. Thx Jorre List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] ip problem
Layer 3 refers to the ISO layers (7 in all) that make up the ISO/OSI Network model. Levels 1 and 2 are the hardware layer(s), Layer 3 gets into the routing architecture(s). When two or more networks are joined by way of the Internet, they are using Layer 3 and above to communicate. I suspect your router is not doing IP classless routing. Since I am not familiar with your router manufacturer, I will not be able to help you solve your problem. Sorry. Steve Egan Purcell Systems System/Network Administrator desk 509 755-0341 x110 cell 509 475-7682 fax 509 755-0345 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Quatro Info Sent: Sunday, October 08, 2006 9:04 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ip problem There is a router: funkwerk bintec r1200. All proper configured through a external company. What do you mean with layer 3 domains? Gr. J -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Brian Desmond Verzonden: maandag 9 oktober 2006 5:45 Aan: ActiveDir@mail.activedir.org Onderwerp: RE: [ActiveDir] ip problem Well you need a router to cross subnets ... routers connect layer 3 domains. I'm not sure if you're expecting this to be classfully routed or something ... the Internet hasn't worked that way for a very long time. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Quatro Info Sent: Sunday, October 08, 2006 11:36 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ip problem Hi all, I have a weird issue, which seems a mask problem. I have a routed subnet at 83.161.118.XXX range, with a subnet 255.255.255.240. 16 ip addresses. Problem is that I cant connect to this 83 range from the outside from a same 83 address like 83.98.244.148 Furthermore I cant connect from this same 83 address to a external 83 address. So both ways is locked. Tried changing all subnets in every which way but no result. You folks got a clue? All input is appreciated. Thx Jorre List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Major screwup on AD for my company - Can't install AD on remote server now
Boy, Al, Id dearly *love* to step away from the keyboard, keep your hands where we can see em! but I am the monkey in charge of doing this. Problem was (is?), I stupidly shut down the FTPSERVER without seeing if it was a time server, the OU master, the AD controller, and/or the PDC. Chalk it up to inexperience/stupidity. I went into this task DUMB. (FTPSERVER is the old, inactivated server, FTP1 is now the only ftp server in the organization) Id like to flatten the Sweden server and start over, but what if the problem is still there? Something is going to be broken within the AD on the Headquarters end. Im going to suck the filesystem over here to the States, then probably bare metal the little bugger. DNS seems to be working okay, replication and all. I have the HQ NAT address in the 192.168.1.x range, with Poland on 192.168.2.x and Sweden on 192.168.3.x, and the only IN-ADDR I really replicate is the 192.168.1.x Class C. I VPN tunnel to them, and Im able (when DNS is working) to login with the AD login permissions available here. Im pretty sure its working, because when I add the Sweden DNS server to the purcellsystems.com domain everything works in the Sweden office. AD is working okay ( I *think*), Im doing my level best to avoid having to tweak it in any way. Im slavishly following the instructions in Robbie Allens Active Directory Cookbook to avoid any future screw-ups. FWIW, Ive torn the servers DNS and AD down completely, rebooted the server twice, then rebuilt/reinstalled DNS and was attempting to reinstall AD when this happened. Is bare metal rebuild the only option at this point? Steve Egan Purcell Systems System/Network Administrator desk 509 755-0341 x110 cell 509 475-7682 fax 509 755-0345 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Thursday, October 05, 2006 5:18 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Major screwup on AD for my company - Can't install AD on remote server now My first instinct is to say please step away from the keyboard but that's just to make me chuckle. :) It looks like the old server, FTP1 was configured as a time server? Or was it an AD domain controller? The answer to that guides the rest of the conversation, but the best thing to do regardless is to flatten the Sweden server. Rebuild it completely with a new name and everything. Because you're not sure of the state, be sure to get a backup should you need it. If everything else is fine, then you'll want to rebuild that server, rejoin it to the appropriate domain and let it settle. Before you continue, you'll want to ensure that everything else is in good shape including dns, replication and authentication at a minimum. DNS would be my primary concern at this point. Don't mess with the forest, domain or any of the other pieces if you can help it. Upgrading the forest functional level or the domain functional level is not something you want to just walk out and pull the trigger on without understanding what it means and what the implications are. Al On 10/5/06, Steve Egan (Temp) [EMAIL PROTECTED] wrote: I'm the System/Network Engineer for Purcell Systems, and I'm afraid I've screwed the pooch on my network. Here's how: Shut down an antiquated FTP server after transferring files to the new FTP server.The old one's OS was Win2K, the new one is Win2003. I *did not* do anything to AD at the time this occurred. A day before I started working here (8/8/06) the server in Sweden was rebuilt by a local consultant.Hardware failure.He rebuilt from bare metal, and set up the DNS and AD incorrectly.The end result was a server sitting in its own domain.DNS was somehow told to replicate to the server, and was working fine. I next tried to put/rename/move the Sweden server into the Purcell.com domain.Oops, have to upgrade out of Win2000 mixed mode.No problem, I'll just transfer the AD, DNS, and PDC to a master machine running Win2003 and have lotsa machines (okay, one or two) running as PDCs and alternate DNS and AD, right? Here's where the pooch got this way - I'm a n00b when it comes to AD, and somehow in the transfer of functions I've messed up the domain something fierce.AD and DNS work just fine (replicate) on the USA and Poland servers, but I tried upgrading the Sweden server to the forest and things got cranky - it wouldn't upgrade because it swore up and down that the domain was still in pre-Win2003 mode.In frustration, I tore down DNS and AD on the Sweden server, and rebuilt them - not an easy task by remote control... The DNS rebuilt just peachy on the Sweden server, but when I go to install AD on it, it tells me that the domain ain't ready for prime time - I have to run adprep on the domain.I ran adprep the first time, and everything appeared to work just fine.Subsequent attempts are rebuffed - I've already prepared the domain, it tells
RE: [ActiveDir] Major screwup on AD for my company - Can't install AD on remote server now
You mean the people on this thread are less than honest?? ;P Steve Egan Purcell Systems System/Network Administrator desk 509 755-0341 x110 cell 509 475-7682 fax 509 755-0345 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Hargraves Sent: Friday, October 06, 2006 2:59 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Major screwup on AD for my company - Can't install AD on remote server now I know you probably haven't been there very long, but what in the heck are they thinking, making DCs mail servers and FTP servers. Might as well load them up with web services next. BTW, you probably shouldn't be posting your infrastructure in a message list. On 10/6/06, Steve Egan (Temp) [EMAIL PROTECTED] wrote: Al, will do. I tucked FTPSERVER under a desk and forgot about it. Experience has taught me the hard way not to be in a rush to tear down machines and cannibalize the parts until you are SURE it's okay to loot the corpse. Nevermind the smell AD and DNS is working as well as can be expected with a thumb-fingered choom hacking away at it! FTPSERVER *was* a DC, I think, but I'll fire up the box (OFF of the wire!) and start looking at it. SNIP
RE: [ActiveDir] Major screwup on AD for my company - Can't install AD on remote server now
Well, the servers running the DC, mail, PDC, etc. are quad-processor SuperMicros, so they aren't even sweatin' hard. I'm watching them, they're golden. (Thanks, Susan - we think alike.) (Ahem... don't look now, but we already have 8 IBM e-Business servers (quad xeon) and are getting more. Don' neeed no steeenkin' SBS's! ;P ) (Let me just unequivocally state right here that SAP is a 10,000lb gorilla...) Steve Egan Purcell Systems System/Network Administrator desk 509 755-0341 x110 cell 509 475-7682 fax 509 755-0345 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Friday, October 06, 2006 3:55 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Major screwup on AD for my company - Can't install AD on remote server now Yeah next they'll be SBS servers being installed there. (For some of us having our DCs do other things doesn't freak us out as much as it does you big serverland guys) Matt Hargraves wrote: I know you probably haven't been there very long, but what in the heck are they thinking, making DCs mail servers and FTP servers. Might as well load them up with web services next. BTW, you probably shouldn't be posting your infrastructure in a message list. On 10/6/06, *Steve Egan (Temp)* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Al, will do. I tucked FTPSERVER under a desk and forgot about it. Experience has taught me the hard way not to be in a rush to tear down machines and cannibalize the parts until you are SURE it's okay to loot the corpse. Nevermind the smell... AD and DNS is working as well as can be expected with a thumb-fingered choom hacking away at it! FTPSERVER **was** a DC, I think, but I'll fire up the box (OFF of the wire!) and start looking at it. Here's what I see for the domain: How the *^($(*^ is Sweden in there?? It's NOT an AD server, it refuses to become one... This entry is from an OLD Sweden server entry - notice how the guy before me spedded Swe(den). IF it ain't broke, don't break it!. Maybe I should just quit screwing with it - for now... I'll keep plugging away at it, I guess. Steve Egan Purcell Systems System/Network Administrator desk 509 755-0341 x110 cell 509 475-7682 fax 509 755-0345 *From:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] *On Behalf Of *Al Mulnick *Sent:* Friday, October 06, 2006 1:30 PM *To:* ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] Major screwup on AD for my company - Can't install AD on remote server now SNIP List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
