Hi Gil,
>> Put your fingers on the table! Slap! ;-) [3] Yes - sorry -
>> |I'm german
>> ;-)
> It sounds more like you're a Catholic nun!
Big belly, big feet, trolling around slowly on the ms campus when we met - I
can see that I appeared to you as penguin ;-)
> BTW, ich bin halb-deutsch. Mein
Outch - Sorry Brett!
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
|Sent: Wednesday, October 19, 2005 5:20 AM
|To: Send - AD mailing list
|Subject: RE: [ActiveDir] Knowing when users were deleted.
|Importance: Low
|
|Such beauty in a mere
I have finished the initial pass through the adfind updates. I have done
some testing and allowed a few others to test it and am now opening up the
beta to this list, please don't forward as I don't want a bunch of people
using the beta 2 months from now.
o Phantom Root capability (-pr) - Allows
And just so you do not think I am making
this up here is the public reference that documents it: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/5a86ab0f-c7eb-45ed-9e5e-514173bf15e3.mspx
:-)
Thanks,
-Steve
From:
[EMAIL PROTECTED] [mailto:[E
Have you cleared (archived) the logs since
the new settings???
Dan
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, October 18, 2005
6:54 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Security Log
file size not reachi
This problem is described in http://support.microsoft.com/default.aspx?scid=kb;en-us;312571
. The fix allows the automatic archiving of the log files but does not explain
why the problem occurs. The issue is around the fact that a contiguous block
of memory is needed for all of the log fi
"Does placing the
DC inside a virtual machine add any security? Would it be harder for someone
with physical access to compromise the DC? The white paper does not really make
this clear. Also, I am assuming that a host machine would be a domain member,
right? Does it authenticate off the vir
Such beauty in a mere typo -
"Hi Bratt"
... still laughing at the irony ;o)
ah hahahahaha
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B.
Simon-Weidner
Sent: Tues
Is the local setting perhaps being overwritten by a Group
Policy setting? Just a thought.
Tony
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, 19 October 2005 2:54
p.m.To: ActiveDir@mail.activedir.orgSubject: [ActiveDir]
Security Log fil
Hi Charlie
Thanks for that, yeah basically it works under DA/EA but that's an overkill
as I only want to delegate basic stuff to site admins (yeah problem with
distributed control :(
Any suggestions...of course other than buying quest adrestore
(wishlist)..otherwise ill most probabbly backup to a
We recently increased our auditing and
set the security log file size to 1G, but the security log over-writes
at about 409MBs; thus never reaching the 1G security log file size.
Windows 2003 Domain Controllers
Anyone with any ideas ?
Hi Peter,
Peter Jessop wrote:
1. Are you moving away from Active Directory to NIS? If not, keeping
DNS on Windows is a zero cost / zero impact issue. If it's AD integrated,
then the cost is nil. It's a no cost part of the DC package.
If you need to move from AD you can consider OpenLDA
Yep, add to that the integrated authentication. I know Rick pointed out
some authentication options, but if you have to analyze the move, consider
the support and security implications when this is a) less secure (maybe)
and harder to make work.
AD-Integrated makes more sense if you intend to ke
First try this DCOM fix,
http://searchwinsystems.techtarget.com/tip/0,289483,sid68_gci1091907,00.html
then this script...
@echo off
Echo Stopping The Remote Assistance Service...
net stop rdsessmgr
sleep 5
Echo Running Fix for Remote Assistance...
%systemroot%\system32\sessmgr
.exe -se
http://www.scorpionsoft.com/blog/archives/2005/10/sbs_firewall_da.html
The first thing was on the need for the product itself. From the results
of our survey, 96% of the SBSers out there find their logs tedious to go
through, and would love a dashboard view of their (or their customer's)
firew
Thanks everyone for the info!
Mike Newell
Sr. Network Engineer
Dimensional Fund Advisors
310-633-7889
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Tuesday, October 18, 2005 9:29 AM
To: ActiveDir@mail.activedir.org
Subject
Subinacls has issues with spaces and is used in Rich's script. When doing
files I didn't find a fast way around and had to use the 8.1 name. Sucks -
doesn't it?
Ulf
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank
AbagnaleSent: Tuesday, October 18, 2005 3:4
Hi Bratt,
I knew, however assuming performance and size issues I'd prefer to get a
better solutions within the OS for auditing AD instead of bloating it up for
retrieving "some" information.
But thanks to your prior post I'd vote for a auditing within AD as well, if
it's even decreasing the metad
A little late to put my 2 cents in, but I guess better late than never.
I've used NAGIOS, Kaseya, and MonitorIT. If you're comfortable with
Linux I'd go with NAGIOS, you can't go wrong with the price: FREE.
Otherwise the other two are viable options, you get a whole lotta
features. The down side i
Trouble getting Remote Assistance going. XP w/ SP2 in a 2K3 domain. XP
firewall disabled on both boxes.
Two computers for test. Both in the same OU. GPO forces offer and invite
enabled with a group having the permissions. RSOP on both machines shows
it is all taking effect. Both logged on users
Yes forward zone is created for my domain and all folders are there.
stopping netlogon is also not resolving the issue.
On Tue, 18 Oct 2005 17:59:48 +0200, "Peter Jessop" <[EMAIL PROTECTED]>
said:
>The reason I am asking this question is that now it is the policy to
>move to Open Source wherever possible. Thus HP-UX will move to Linux,
>MS office will move to Open Office etc.
Ahh, I see.
Moving your DNS to a BIN
Hi Ulf,
Nice to have met you too..
>>Put your fingers on the table! Slap! ;-)
>>[3] Yes - sorry - I'm german ;-)
It sounds more like you're a Catholic nun!
We're pretty much in agreement. The real answer (as it always seems to
be) is to analyze the threats, assess the risks, and make the
appro
On 10/18/05, Rick Kingslan <[EMAIL PROTECTED]> wrote:
> OK. It makes more sense.
>
> 1. Are you moving away from Active Directory to NIS? If not, keeping
> DNS on Windows is a zero cost / zero impact issue. If it's AD integrated,
> then the cost is nil. It's a no cost part of the DC packag
Thanks, I'll get this information and send it back
Mike
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Rick
KingslanSent: Tuesday, October 18, 2005 10:59 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC
replication
There
Hey Mike... it translates to this (stolen from Adfind help):
-bit Bitwise operator filter conversion enable
:AND:= converts to :1.2.840.113556.1.4.803:=
:OR:= converts to :1.2.840.113556.1.4.804:=
So .803 is an AND ...
:m:dsm:cci:mvp marcusoh.blogsp
It doesn't!
1.2.840.113556.1.4.803 is the equivalent of AND which is a LDAP matching
rule object identifier (OID)
It is bit 2 not because of the =2 but because of:
2^0=1 (1st bit)
2^1=2 (2nd bit)
Etc.
2^9=512 (10th bit)
Etc.
2^12=4096 (13th bit)
Etc.
2^16=65536 (17th bit)
Etc.
userAccountContro
Mike Williams wrote:
We just installed a server offsite. It is connected by VPN through a PIX
525 and a PIX 501. After installing it, it was decided that it needs to
be a domain controller. Ran dcpromo on it and there were no errors
reported. The problem I have with it now is that it seems to b
Title: Message
run
dcdiag /s:servername and netdiag on that server and see what they report.
You
can then run a netdiag /fix to fix trivial errors.
You
can pipe these to a file as such:
netdiag > netdiag_servername.txt
dcdiag
/s:servername > dcdiag_servername.txt
Make
sure your
it was working fine earlier.
yes i have 2 more dc's in my network and trusting is on.
My dns is pointing to my DC DNS and is forwarding to my ISP in addition to my DNS Server.
actually i was getting some error in my network with other DC. i am unable to access the other DC From UNC Path. on t
OK. It makes more sense.
1. Are you moving away from Active Directory to NIS? If not, keeping
DNS on Windows is a zero cost / zero impact issue. If it's AD integrated,
then the cost is nil. It's a no cost part of the DC package.
2. DNS on a Windows server as the primary system does invo
If your DNS is not answering for the domain that AD lives
in, the yes - your replication will not work.
1. If you go to the DNS applet, do you have a DNS
Forward zone created for your domain?
2. If the domain is there, what is in the DNS
zone? Are there other 'folder's' inside, or just D
Ravi Dogra wrote:
Hi All,
Need your help for troubleshooting my DNS Server which is also my DC.
I have an ADC also which is working fine but unfortunately DNS is not
updated.
Current scenario is :-
Nslookup says:- primary dns non existance domain.
Event Viewer says:- replication
There are a number of ports with TCP and UDP/TCP required
that must be available for full communication from DC to DC to succeed.
Likely one or more of these are blocked and a ping is great for basic
connectivity.
From both sides of the VPN, run DCDIAG /v > dcdiag.log
and a netdiag /v >ne
I work an IT department of an autonomous goverment ministry. I
actually have no wish to move DNS to Linux as it works perfectly ok as
it is. At the moment it is integrated.
The reason I am asking this question is that now it is the policy to
move to Open Source wherever possible. Thus HP-UX will m
Hi All,
Need your help for troubleshooting my DNS Server which is also my DC.
I have an ADC also which is working fine but unfortunately DNS is not updated.
Current scenario is :-
Nslookup says:- primary dns non existance domain.
Event Viewer says:- replication is not working for me.
Mike Newell wrote:
(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.1
13556.1.4.803:=2))
How does 1.2.840.113556.1.4.803 translate to the second bit?
Just wanting to get this straight.
1.2.840.113556.1.4.803 is RuleOID corresponding to AND test and
1.2.840.113556.1.4.8
All I ask is that you keep yourself patched and secure.
My crowd uses DNS forwarders thus we are dependent on the patching of
our ISPs to be secure from DNS poisoning.
If you are an ISP.do your part and stay secure so that my SBS
community can be secure.
Rick Kingslan wrote:
Peter,
T
Hello,
I am looking at some of these saved queries below and I don't see how
they work.
http://www.netpro.com/forum/messageview.cfm?catid=29&threadid=257
I *think* I understand how the bit flags work but how does the LDAP
query correspond to those flags? If I look at say, the disabled user
query
We just installed a server offsite. It is connected
by VPN through a PIX 525 and a PIX 501. After installing it, it was decided that
it needs to be a domain controller. Ran dcpromo on it and there were no errors
reported. The problem I have with it now is that it seems to be replicating in
o
Peter,
Though it may appear that I have a vested interest in keeping you on our OS,
those that know me know that if a reasonable argument is presented - I will
assist in the migration for our customers. It's simply good practice and
good relations.
Typically, when I hear that a customer wants to
Are you talking AD integrated DNS? If so, I would ask why move to BIND
(unless you are trying to get your DNS servers off of the same machine
as the DC, in which case I guess you would be looking at the cost
benefit of running a free OS)? Are there currently any problems? If not,
then why switch?
Ulf, what Al (well the suggestion on the plate) is suggesting is taht the
"something to centralize that info", _is_ AD replication. Implying the
data is in AD.
Cheers,
-Brett
On Tue, 18 Oct 2005, Ulf B. Simon-Weidner wrote:
> | Wherever the information gets put, it should be a) done as
> |th
The proposal was no history, nor even a history of who modified it, merely
who made the current state of the AD be the way it is. In order to do
that, you must track the modifier (whether by "backlink", GUID, SID, DN,
samAccountName, whatever) at the replication conflict level, ergo for each
attr
Put double quotes around the printer
names, but you have to use Chr(34)... try this:
Rich
‘begin script -
On Error Resume Next
Dim objShell, objArgs, objWMIService, objItem
Dim strComputer, strPrinter, colItems
Set objShell = WScript.CreateObject
("WScript.Shell")
Rich,
I noticed that the script does not work against Printers which have spaces between their share names. e.g for a Printer called USATPR001 it works fine, but for a printer which share name is US NY PRT 05 it fails, I assume it's because of the spaces.
What would I need to allow the script t
One of my peeves with BE; it requires domain admin rights to completely
back up a DC. You can't get system state without it.
http://seer.support.veritas.com/docs/243033.htm
**
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
*
Do you have a firewall running on the DCs?
Freddy HARTONO wrote:
Veritas and DC backup
Hi all,
Just a quick question, is anyone using
Backupexec to backup domain controllers - remotely perhaps?
Basically we have a distributed model
here and we are trying to let the site
Title: Veritas and DC backup
Hi all,
Just a quick question, is anyone using Backupexec to backup domain controllers - remotely perhaps?
Basically we have a distributed model here and we are trying to let the site admins manage the domain controllers (in terms of restarting the server) - yea
I have _vbscript_s using WSH extensively for handling computer migrations .
I have used WMI just for finding the serialnumber of machine, everything else is handled by WSH.
And my scripts are in the range of 500 to 10 K lines, and I have done some 3000+ migrations with these scripts.
So, I can say
Hi,
I'm not sure if I would want this in the AD DB as this would mean a
larger DIT (as every change is stamped... - how many versions are kept
as history?) and additional replication traffic. I would prefer a better
central auditing solution instead of having to check each DC to see for
who made a
joe wrote:
Correct, you can currenlty only get the when and the where (DC Where not
Client Where).
Which raises the question. How many people would like a metadata stamp
with the GUID or SID of the userid that made the modification for a
given attribute (or value if appropriate)? Or would it
I would be interested to here from people who have migrated Windows
DNS to Linux.
I am aware of the basic issues (need for DDNS and service records.)
I am particularly interested in:
1) Viability and scalability
2) Versions used and recommended
3) Security ramifications due to lack of secure updat
53 matches
Mail list logo
