As an addition to the previous mails I would like to point out a particular
issue with the schema master. The installation of an Exchange 2000 server
explicitely needs to contact the DC holding the schema master. The reason
for this contact is to check whether or not the schema is updated with the
You could use the .fin and/or .biz DNS names without getting into any AD
problems. However, you should think about the fact whether or not you want
to connect AD to the internet (not now but in the future?). Don't place your
bets on renaming your domains in the future using the new domain renaming
Almost an identical situation here. I would also like to know that, as I
am the only one of me here, I could have some documentation that would
help contractors get up to speed on the network. Some day I want a
holiday, with my mobile phone, or my net connection, and then we need to
get a
As to the first question I believe the answer is no I had not
NT domains when running the upgrade in my lad to 2k3 but had no issues with the
2K domains.
To the second part - -We went from Exch
5.0 to 5.5. to 2K into our main 2K Domain when we did the original upgrade with
no
Title: Message
What's the point?
I
mean seriously - if you're using reservations for all addresses, you're
performing more work than assigning static IPsto all your machines. And
either way, it doesn't prevent someone from grabbing an unused IP address on the
subnet and getting online.
I personally don't put a lot of weight into the save your top level domain
for the Internet argument. I've been hearing that since the W2K JDP and we
are already on a second version of AD with no indication that saving your
tld will be important in any way. You could always prefix an external
Joe wrote:
This is the perfect case of when to break out a network monitor and watch
the traffic. Do what it is you are trying to do and see what the network is
doing.
Well. As a final followup to this, I can't reproduce the problem at all any
more. The computer that was doing it is not any
... going out on a limb there aren't we Robbie?? :) Sarcasm aside, it's a
point with which I happen to agree. To date, I've experienced no beneficial
behaviors when following this best practice. In fact, having implemented
both I have yet to encounter a scenario where one makes any tangible
Heck - we didn't HAVE a TLD when we built our AD forest, so we went hugely
generic - for both the AD domains and the Exchange infrastructure.
Gotta love being divested...
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Add this if possible
if the network card admits management and your
path/hubS/switches/firewall/etc. permis it, you can shutdown by sending a
'magic packet' direct that you can have (free) from several vendors in form
of utility or add-on (3com, IBM, HP Intel pro)
Some switches/routers have
Title: Message
Found this in the msdn site under the Platform
SDK
DHCP Server Management API (watch for wrapping on the
url)
http://msdn.microsoft.com/library/default.asp?url="">
I may have to stick
to netsh though. That code looked way over my head. Batch file, vb and vbscript
are more
I'm serious.
Here is a question for you. As always, if you could offer any info, I would
be very grateful. We're a small shop with only 2 Admins managing 200 users
in 4 states and we don't have the firepower you guys do.
Let's say you don't like your AD domain name and you want to change it.
Joe,
Thanks for the reply.
The users are admins on the computer, thats not a
problem.
The problem we are having with delegating Write
Account Restrictions, Write Service Principal Name,
Write DNS Host Name and Reset Password perms is that
the users/workstation techs can join a computer to the
Is there a way (utility, command, etc.) to refresh the
membership of a computers local administrators group without logging off
and back on? Im trying to get the PC to recognize changes made to the
group during that session if possible.
Mark Creamer
Systems Engineer
Cintas Corporation
Title: Message
Rob,
I am
forwarding your request to my MS TAM and MCS guy.
Todd
-Original Message-From: Robbie Allen
[mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 1:33
AMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] DHCP/Netsh - Other ways of working
Title: Message
Check
is in the mail Yusuf. :P
Thanks
for the kind words, I appreciate it. Especially being compared to Joe,
Rick, Robbie and Gil.
Todd
Myrick
-Original Message-From: Mayet, Yusuf Y
[mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003
12:12 PMTo:
Gentlemen,
We had a few folders within a specific share just dissappear earlier this morning.
At first, we thought they had been deleted (since our initial search came up with no
trace of them) and ordered a backup tape with the files. A few moments ago, we found
them...all of them. However,
I would say.
NETPRO products are a easy item to your AD wish list. (Directory TS,
Analyzer, DNS analyzer are musts.) Directory Insight if you want the change
log.
Quest Spotlight on AD is also a interesting tool. I think DT is a little
better though.
Aelita's Backup solutions for AD, and
So, you are saying he gets a Puck?
Original Message
Subject: RE: [ActiveDir] OT? - You guys rock
From: Myrick, Todd (NIH/CIT) [EMAIL PROTECTED]
Date: Thu, October 23, 2003 11:07 am
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Check is in the mail Yusuf. :P
Thanks for
Title: Message
I
wrote this as a VBScript wrapper to NETSH. We have used this to reload
4000 scopes on multiple DHCP servers. You can run this via a batch file
and supply all the required parameters or use it to run interactively for
creating new scopes. Up to you.
As
always test it in a
Title: Message
Hyena
www.systemtools.com/hyena
-Original Message-From: Cook, David A.
[mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003
12:05 PMTo: [EMAIL PROTECTED]Subject:
[ActiveDir] AD Utilities
It's budget time here and thus time to present my
wish
Steve-
Check out Sid2User, written by Euvgenii Rudnyi. You can get it at
http://www.securityfocus.com/tools/544. It will translate a SID to a text user name.
-Original Message-
From: [EMAIL PROTECTED] on behalf of Technology Listserves
Sent: Thu 10/23/2003 2:10
True, since Scottsdale was right up the road, attending DEC was easy. Now, since it
looks to be headed East, travel will be issue.
Tho, to defend NetPro, holding it back East will allow a different population attend.
Dan
Original Message
Subject: RE: [ActiveDir] OT? - You
Absolutely. I'll be there. :-)
(Not that anyone knows who I am!)
-Original Message-
From: Daniel Gilbert [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 23, 2003 3:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT? - You guys rock
True, since Scottsdale was right up the road,
You're Michael B. Smith, of course
mc (also unknown) :-)
-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 23, 2003 3:29 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT? - You guys rock
Absolutely. I'll be there. :-)
(Not that anyone knows
Title: Message
I'm having some
issues with our implementation of AD and DNS. We use Bind for DNS and have a
disjointed namespace. Is there anything other then allowing updates for a
particular host needed in order to have DDNS work right? A lot of errors are
popping up in the event logs,
Title: Message
Personally, I think a deligated zone would be the smoothest
approach. The issues with Bind can be endless as you traverse the many
nuances of difference in implementation and patch versions.
Al
From: Chris Flesher
[mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003
Title: Message
Folks,
What
is the best way to delegate write access to the employee ID field on user
objects in a domain.
Is
there something I can set on a parent domain that will replicate down to the
Child OU's, or will I have to write a script to flip the ACE on a object
property.
Sure,
Small, medium or Large.
Also BTW. Go on over to Aelita's website and click around. They have a
promo to get a t-shirt that says Master of My Active Directory. It is
really cool. My whole team got them today.
Todd Myrick
-Original Message-
From: Daniel Gilbert [mailto:[EMAIL
Title: Message
You can easily grant object and attribute specific
permissions (which is what you want here) at the root of the domain (or whatever
toplevel OU you might have where all other OUs with user accounts are designed
to be located). In your case you'd limit the ACE to User-Objects
30 matches
Mail list logo
