Title: Event 2069 - AD Quota tracking table?
Hi all
Found an interesting events, havent been able to find any additional info on this yet, but from the look of it its only happening in this domain controller and it seems to be responding well.
Is this much of a concern?
Event Type:
Is the account the built in admin account (-500) or a newly created account
with the original account renamed. If so then normal account lockout
procedures should be followed.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: 28
Wouldn't Tony already be aware of such things?
DL/DG management is not a new issue by any stretch. It gets new life because the DG can now also be a SG which makes it more important to understand the ramifications of creating a new DG.
The Dev team should well aware of such things and should
Freddy, is this also a global catalog server?
It is a concern as this should not be something you see on normal servers. Also, can you describe what changed in the environment recently and what else is running on that server?
Al
On 12/28/05, Freddy HARTONO [EMAIL PROTECTED] wrote:
Hi all
I have read the Time Service white paper from Microsoft and am still
confused. I have set the default domain GPO to use NT5DS under Configure
Windows NTP Client, and set an external time server (navobs1.oar.net,0x1)
for NTPServer. I have also set Enable Windows NTP Server to enabled. There
are no
Hi,
My users connect through ICA session
to couple of Citrix desktop servers ( all windows 2000 ). The profiles
they are using are mandatory. In those profiles the IE security settings
for Internet Zones\Navigate subframes across different domain are
set to Prompt. I want this settings to be
I'm running Quest's AD Migration Manager and some workstations are experiencing issues post migration.
Their login scripts don't run(legacy not GPO scripts) and hence their drive mappings don't work.
This is sporadic as some users are fine.
The only thing these non working users have in common
Hi Douglas,
To configure domain members and DCs to use the default behavior, either
Run w32tm /config /update /syncfromflags:DOMHIER
Or check the following registrykey
HKLM\System\CCS\Services\w32time\Parameters
Type=NT5DS
To configure a server to use a NTP-Timesource (what
Adfind with the -owner switch.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Wednesday, December 28, 2005 10:02 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] command line tool to display object owner?
Can someone
Thanks. I already did the secondary of target on source and source on target dns, James. Sorry forgot to mention that.
I'll look into the kerberos over tcp, Jeff.
Thanks.
Another issue, is that some of the clients DHCP servers are still in the old domain(clients update their own A records) so
Right under my nose! Thanks for the Xmas present, joe! 8-)
Mike Thommes
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, December 28, 2005 9:12 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] command line tool to
dscals with the /A switch
On 12/28/05, joe [EMAIL PROTECTED] wrote:
Adfind with the -owner switch.-Original Message-From:
[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Thommes, Michael M.Sent: Wednesday, December 28, 2005 10:02 AM
To: ActiveDir@mail.activedir.orgSubject:
No problem. :o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Wednesday, December 28, 2005 10:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] command line tool to display object owner?
Right under my nose!
Oh yeah, to add some more issues-
Some users don't get their home directory drive mapped either(the one defined as an attribute of the user object). The server their home drive is on has been double ACL'ed to have both accounts.
Not sure why this wouldn't work for some users.
The strange thing
Tony Bailey
Senior Product Manager
Security and Compliance Solutions
http://www.microsoft.com/security/guidance/default.mspx
Sorry possibly a different Tony that what you may be thinking?
Al Mulnick wrote:
Wouldn't Tony already be aware of such things?
DL/DG management is not a
MSDE = SQL2005Express isn't it?
I'd really prefer not to introduce yet another DB technology into the mix if possible.
Joe, I think that some logic to prevent the creation of too many sids is needed in the product regardless, but I think some level of self-service is needed. I've seen too many
Wasn't different than the one I was thinking of. I wasn't thinking of the gentleman sailor, scholar, and world-travellerfrom NZ though.
I'm well aware that the Tony you speak ofis a Microsoft employeewho's considering writing a utility to fill a gap he likely sees among his customers. I was
w32tm /monitor
dc1.domain.com *** PDC *** [10.100.110.12]:
ICMP: 0ms delay.
NTP: +0.000s offset from dc1.domain.com
RefID: 'LOCL' [76.79.67.76]THIS IS THE TIME
SERVER THE PDC IS POINTING TO
A PDC that is not configured with an external time source:(default
To keep things simple, doing
Net time /setsntp:pool.ntp.org
then
net stop w32time net start w32time
and
net time /querysntp
(ALL at the PDC-E) should give acceptable result.
If it doesnt, then something at the firewall may be blocking 123
Sincerely,
Dèjì
I agree, autodl and autogroup aren't the answers, but they
were the closest MS has gotten to the answer for companies drowning in group
management issues such as the one I have most of my experience with.
I agree that if rubber stamping is all the validation that
is occurring, the company
OK, so then I am still not synching with
an external time source. I have followed the steps, and still I get the same
thing. I can not figure out what it causing it to not use the server I specify.
I am guessing it has something to do with some group policy setting? Do I need
to block
I see what you're saying, Joe. I wasn't thinking of the implementation so much as the end state. I can see where it would take a while to implement and integrate into an environment. It's certainly not something you drop in, add water, and let loose expecting great results. The rules would have to
why are you using the GPO to configure the time service on the PDC? Why not
just configure the PDC with the commands and info provided?
Jorge
From: [EMAIL PROTECTED] on behalf of Douglas M. Long
Sent: Wed 2005-12-28 18:42
To: ActiveDir@mail.activedir.org
Isn't it best practice to set the entire domain time policy at the domain
level (Default Domain Policy) instead of trying to set every machine or
every OU separately?
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Wednesday,
well, yes but it is not needed for the time service
By default the time sync within a forest/domain is automatically configured as
it shoud be...
Each client and server syncs time with the authenticating DC
Each DC syncs time with the PDC in the same domain or with parent DCs (from
You dont really need to do all
this. Give the PDC-E an auth source to sync from, and the clients will be taken
care of.
If I were you, Id undo the policies
youve set. Then Id do net time /setsntp Enter. Yeah, dont
specify anything after /setsntp. That should clear out whatever is
Yes, the Domain Controller holding the PDC Emulator Role is the
Domain-based FSMO which should be configured, ideally for external time from an
atomic clock such as the US Naval Observatory two addresses so long as you have
access through Port 123. Desktops can be configured if desired to
And we poke a hole in the firewall for the time service ...udp port 123
Almeida Pinto, Jorge de wrote:
well, yes but it is not needed for the time service
By default the time sync within a forest/domain is automatically configured as
it shoud be...
Each client and server syncs time
So, this year, due to normal adjustments in keeping our calendar in
sync with the moon (and no doubt the sun too), 2005 will exist for an
extra second this year.
See: http://msnbc.msn.com/id/8476418/
The clocks will read 11:59:60 before ticking over to 12:00:00
So... How will that affect us? If
How can I print out the OS Caption from WMI? Trying to
incorporate in a .vbs
Devon Harding
Windows Systems Engineer
Southern Wine Spirits
- BSG
954-602-2469
__This message and any attachments are solely
Devon, download scriptomatic. Itll build the code you require.
:m:dsm:cci:mvp marcusoh.blogspot.com
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon
Sent: Wednesday, December 28, 2005
5:41 PM
To: ActiveDir@mail.activedir.org
Subject:
Hi Al
Yup this is a GC.
Frankly I'm not sure what has been done to this DC as I
just started to takeover the DC yesterday. One of the things that was done most
probabbly was to standardize antivirus to SAV 9 - thats pretty much
it.
Seems like after another reboot this error doesnt appear
Hard to say how much of a problem that is. I've seen references to it being a problem with the GC which is why I asked. It would be something where you'd want to remove the GC role, and then re-add it/rebuild it based on what I've seen. I wouldn't have expected it to go away completely unless it
This error is benign as long as you are not enforcing
quotas for Active Directory objects and if you are the only downside is that a
user may be able to create more or lessobjects than they should. The
issue can occur on a DC or a GC and one of the ways it occurs is when SDProp
fixes-up
Here
you go.
Set objWMIServices = Getobject
("winmgmts:root\CIMv2")Set objWMIInstances = objWMIServices.InstancesOf
("Win32_OperatingSystem")For Each objWMIInstance In objWMIInstances WScript.Echo
objWMIInstance.CaptionNext
You can also
use an enhanced version of scriptomatic, called WMI
35 matches
Mail list logo
