Ok, I was under the impression from reading that DFS could be arranged
to always point to a root1, and clients would only failover to root2
if root1 could not be found - sounds to me like that isn't going on
after all
Mal
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
If you ever need to connect to a Unix machine then it will try to do a reverse look up
which needs the Ptr records.
Steve
-Original Message-
From: Rutherford, Robert [EMAIL PROTECTED]
Sent: 01/06/04 09:50:48
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Thanks Guys.
-Original Message-
From: Eric Fleischman [mailto:[EMAIL PROTECTED]
Sent: 02 June 2004 17:23
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MACS
I just checked with the PM to see if it aligns with my understanding. At
this point no decision has been made. It's still TBD.
I know the lingo is different between NT4 and AD, what are the words in
NT and AD
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Sent: Wednesday, June 02, 2004 5:45 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Trusts between NT4 and AD
The terminoligy hasn't changed.
Think of it this way - thINGS trust ED. So, the trustING domain is the
resource side of the equation, while the trustED side is the person[1]
side of the equation.
--
Roger D. Seielstad - MTS MCSE MS-MVP
It seems that outside of the FRS / replication issues, using DFS would
be a good way of virtualizing the storage location of the profiles. If
you used a DFS root to designate your storage location and you needed to
migrate/replace this location, you could update the DFS root without
having to
Actually, it's spelled security principal. Just remember that the
princiPAL is your pal. grin
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 03, 2004 7:26 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Trusts between NT4 and AD
The
Greetings gurus,
Does anyone know of a tool or script that will search the FOREST for
duplicate W2k ACCOUNTS ? We have a forest with about 45 W2K domains... And
duplicates are becoming a problem.
Has anyone ever try to search for duplicates at the forest Level rather than
domain level?
Any
I'm in the process of drawing a DFS tree for just that reason -
eliminate the server name dependencies for shares. The only thing I see
myself replicating is a small set of apps that are installed via GPO.
--
Roger D. Seielstad - MTS
I thought about using DFS for my apps installed by GPO, also. But I have
almost a Gig of applications and I was under the impression that DFS did not
replicate large amounts of data very well, even if it doesn't change often?
jb
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I heard that you can copy the bulk over, i.e. CD or something and the
replication will work it out.
Anyone know if this is true?
-Original Message-
From: Jason Benway [mailto:[EMAIL PROTECTED]
Sent: 03 June 2004 16:22
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Moving Roaming
Title: Re: [ActiveDir] In search for duplcate accounts
You will need to know what values you are trying to find. For example, people with duplicate surnames and givenNames or duplicate sAMAccountNames in a forest can be determined by using ldifde. The syntax can be a little tricky to the
I am not 100% sure, but I think what you are talking about is what MS
calls Pre-staging, see this KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;266679Product=win2000
Robert Toole
Systems Engineer
KN Logistics / Calgary
robert(dot)toole(at)kuehne-nagel(dot)com
Rutherford,
I think there's a continuum between data size and the rate of change of
that data. The lower the rate of change, the more data it can handle.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original
Folks,
have you removed the default ability that allows users on your domains to add
up to 10 PCs to your domains? If so, did you remove the ability completely or
just limit to a lower number?
Mark Creamer
Systems Engineer
Cintas Corporation
Honesty and
Integrity in Everything We Do
Yes, (removed the ability completely)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark
Sent: Thursday, June 03, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] adding PCs
Folks, have you removed the default ability that
I am getting an error when trying to
add a "monitored Server" to Active Directory Replication Monitor.AD
config:Empty ROOT with 2 Dc'sProduction domain with 3
DC'scurrently all DCs are in same site.I installed a new DC in
a new site in the production domain. I can monitorthe new server
We removed it completely also..
|-+--
| | Free, Bob|
| | [EMAIL PROTECTED] |
| | Sent by: |
| | [EMAIL PROTECTED]|
| |
Reverse lookups are sometimes performed in an attempt to minimize spoofing
also. Reverse lookup can be very useful and/or necessary.
-Original Message-
From: Steve Rochford [mailto:[EMAIL PROTECTED]
Behalf Of Steve Rochford
Sent: Thursday, June 03, 2004 3:08 AM
To: [EMAIL PROTECTED]
Title: Re: [ActiveDir] In search for duplícate accounts
Wow!!
Thanks very much for your help Brent. After your response, some coments
that come to mind... maybe you or other LDIFDE experts out there could give me
some experiences..
How could I have LDFDE OUTPUT the (for example,
Here too
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, June 03, 2004 3:02 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] adding PCs
We removed it completely also..
We removed it completely as well and created a role based
on a group that could do it. The right to add computers is by default
granted to authenticated users, not just Domain users.
The surprise we got that lead to usto this was a user from a Trusted
NT4 domain used their NT4 account to
Open ADUC, open the user properties, click account, click log on to, and
select the workstation you want the user to log onto.
**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
-Original Message-
From:
I have a problem that I'm sure the brainpower on this list can help.We're about to refresh the hardware and upgrade from win2k to XP using an automated build process. Vendor will swap out hardware, RIS a new image down, and SMS will take over to install all the applications needed.
These pcsauto
Yep. In ADUC go to your User Account/Properties...Account
tab..."Log On To" button...add computer name.
Mike
Thommes
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]Sent: Thursday, June 03, 2004
3:11 PMTo: [EMAIL PROTECTED]Subject:
[ActiveDir] AD
Title: Re: [ActiveDir] In search for duplícate accounts
My initial thoughts on this are this:
1) you could do that with a script pretty easily, but that
method would be terribly inefficient and cause a lot of traffic (if I understand
what you want to do correctly.)
2) a db would be a better
Account lockout is a security measure intended to protect
against brute force attacks. The fewer attempts allowed before lockout,
the harder it is to actually brute force an account over the network. Too
low, and you risk business interruption. Too high, and you increase your
attack surface
We have seen a number of SRV record
registrations for hosts for LDAP that arent DCs. Has anyone
experienced this before?
Thanks,
Todd
Yes... very occasionally... in the _msdcs\dc\_tcp
zone.
Have not been able to trace them down to a common
issue/application/problem. One possible culprit was the Citrix Management
Console on a couple of Citrix admin workstations. We end up looking at the
DNS records every week and deleting
There was recent XP bug in this area.
See http://support.microsoft.com/?id=825675
-steve
---BeginMessage---
Yes... very occasionally... in the _msdcs\dc\_tcp
zone.
Have not been able to trace them down to a common
issue/application/problem. One possible culprit was the Citrix
yep, this is related to the installation of MS04-011 on XP
clients - you shouldn't see this bug on other machines. I had mentioned it
before when I reported of a related issue, where MS04-011 causes Win2000 DCs to
FAIL registration of certain SRV records.
have a look at
It works on a fast link no problemo. Just jack the size of your staging
directory up.
--Brian Desmond
[EMAIL PROTECTED]
Payton on the Web! Http://www.wpcp.org
v: 773.534.0034 x135
f: 773.534.0035
-Original Message-
From: Jason Benway [mailto:[EMAIL PROTECTED]
Sent: Thursday, June
Hi, i'm one admin in charge of about 30 servers(ad,exchange,sql,etc), does anyone know
of a good cheap(free) way to monitor eventlogs without having to term or connect to
each server?
i was thinking of a perl script maybe via ms sql or mysql to send event errors or
warnings to a centralized db
http://www.microsoft.com/downloads/details.aspx?FamilyID=8cde4028-e247-45be-bab9-ac851fc166a4DisplayLang=en
or
http://support.microsoft.com/default.aspx?scid=kb;en-us;824209Product=winsvr2003
you may want to look at these..
-steve
- Original Message -
From: Kern, Tom [EMAIL
We have an issue with getting one of these puppies
to live in a Win2k3 domain.
We can see the Xserve from a win2k3 box, but
it's just coming up in it's own workgroup,
and I can't set ACLs for domain accts on
directories I create on it. I only can set ACLs for the local accts on the
I struggled with this dilemma for a long time. I tried numerous event log
monitoring tools and didn't really like any of them.
I've come up with this solution.
I run about 35 servers. Every morning, I execute a batch file that connects
to the server and runs dumpevt
36 matches
Mail list logo
