I dont have a UPN configured, but I
tried using the DN of the user object with the same results.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, April 03, 2006 11:02
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] ADAM Bind
with ADAM
Hi Susan,
If you try using an ADM template to add the key you may have a problem since
it includes binary settings that can't be set via ADM Templates.
Alan Cuthbertson
Policy Management Software:-
http://www.sysprosoft.com/index.php?ref=activedirf=pol_summary.shtml
ADM Template Editor:-
As long as we're eating this type of food...
There is no argument that 2-factor auth is going to be stronger and therefore preferred. To argue it would be extremely difficult.
The assertions in the article are made based on 1950's data. Hmm...
Interesting, but I think he makes his case that 7
One of our sister companies was sold off and the WAN link has been
removed. But the domain ,including exchange 2003, information is still
in our AD forest. Can I just delete the administrative group in Exchange
and then remove the domain in domains and trusts.
Since now of that domains servers
If you usedthe correct bind string (DN/upn), the
second most likely issue of an Invalid Credentials error on bind is a bad
password.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark
Use getsid.exe of the support tools.
How come you are using regmon. I thought sysinternals was a no no :0)M@
On 02/04/06, Rodrigo Blanco [EMAIL PROTECTED] wrote:
Freddy,is there any stadard way (tools included in the W2K3 OS) to verify theSID of a machine? I am not allowed to install or use any
Jason-
You need to do a metadata cleanup using ntdsutil. The syntax/steps is
below (as I recall)
Ntdsutil
Metadata cleanup
Connections
Connect to server somelivedc
Quit
Select operation target
List domains
Select domain K
Quit
Remove selected domain
Quit
Quit
You can just dump the exchange
Thanks Katherine. That's the one I was thinking of.
On 4/1/06, Katherine Coombs [EMAIL PROTECTED] wrote:
Al,
I think that this is what you're referring to?
http://support.microsoft.com/kb/895949/
Cheers,
Katherine Coombs
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Al
I am planning a move of our exchange servers and two domain controllers
out of our current single site to a new separate site. We had MS come in
and do a healthcheck on Exchange, and its one of their recommendations.
We don't have all the subnets in our network added into the current site
yet.
Are you actually using ldap_search or are you using
ADSI as Dejialluded to in his
response?
If you are actually using the LDAP API directly, then
you must use ldap_search_ext*or ldap_search_init_page coupled with
ldap_get_next_page so the paging control (and page value) can be submitted
if getsid doesnt work (if i remember correctly this is only
for user accounts not comp)- try psgetsid or
newsid.exe
Thank you and have a splendid
day!
Kind Regards,
Freddy Hartono
Group Support
Engineer
InternationalSOS Pte Ltd
mail:
[EMAIL PROTECTED]
phone: (+65)
6330-9785
From:
If you are absolutely positive the DN and the password are
correct, then did you change any ADAM settings such as
RequireSecureSimpleBind?
Also try using adfind to connect to ADAM using the -u -up
and -simple switches. Possibly some odd connection settings are set in your
LDP.
something
... Remembering to connect to the domain naming master DC in the steps
below, of course :)
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: 04 April 2006 15:51
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Removing a
How about:
dsquery computer -samid computer_name_here
| dsget computer sid
Mike Thommes
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of matheesha weerasinghe
Sent: Tuesday, April 04, 2006
10:56 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Empty
Let's see the output of ipconfig /all from the affected server.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
I don't see how delegation helps in this case. Apparently AD
issues a ticket for this service. But I went ahead and trust the
computer account for delegation anyway, and it still fails.
TerryOn 4/3/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Do you need to trust the computer
For the purpose of binary settings, one can either use .REG file or usefree PolicyMaker registry CSE from desktopstandards.com
http://www.desktopstandard.com/PolicyMakerRegistryExtension.aspx--Kamlesh~Be the change you want to see in the
If you'd just copy and paste the output into the body of your email, I may be
able to see it. I have a very aggressive spam/attachment filter here.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /
Yep,
youre right shouldnt matter. What little Ive
done w/ SPNs has always been setting the user account against a hostname.
Never tried w/ just the computer account.
:m:dsm:cci:mvp|
marcusoh.blogspot.com
How about
dsquery * domainroot -Filter
((objectCategory=Computer)(sAMAccountName=computername)) -attr
objectSID
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz Weblog:
http://msmvps.org/UlfBSimonWeidner Website:
Anyone know of an Exchange mailing list like this one? I find lots of
blogs but no active mailing lists such as this. I gain lots of valuable
insight for AD and would like to do the same with Exchange 2003.
Thanks
Jerry Condra - Technology Consultant
Tier III AD/Exchange Support
HP Consulting
http://groups.yahoo.com/group/exchange-2003/
Martin Tuip
MVP Exchange
- Original Message -
From: Condra, Jerry W Mr HP [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Tuesday, April 04, 2006 12:18 PM
Subject: [ActiveDir] Exchange mailing lists
Anyone know of an Exchange
Try this one. www.msexchange.org "Condra, Jerry W Mr HP" [EMAIL PROTECTED] wrote: Anyone know of an Exchange mailing list like this one? I find lots ofblogs but no active mailing lists such as this. I gain lots of valuableinsight for AD and would like to do the same with Exchange
Give this one a shot.
http://groups.yahoo.com/group/Exchange2000/
Charlie
-Original Message-
From: Condra, Jerry W Mr HP [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 04, 2006 2:18 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Exchange mailing lists
Anyone know
We seem to be drifting considerably here...
We went from how come hostname.exe doesn't work to how to
get the objectsid of a computer object.
I
could be wrong but I don't see the relevance of the SID, the computer's nor the
computer object's, on the ability of hostname.exe to function.
1. Yes this is fine and often recommended. Best to keep as few subnets as
possible just for the simplicity of it all and ongoing maintenance.
2. You could either carve out a little portion of the subnet for these
machines or move them to another clean IP segment or even just configure
the
Adprep /forestprep, as said by Brian will upgrade your entire forest.
Not just your child domain. So keeping that in mind, the change would
be visible to all your domains, not just that particular child domain.
On 4/3/06, James Carter [EMAIL PROTECTED] wrote:
Hi,
I have a root domain with
If you have a single domain, just make every DC a GC (do
this from sites and services - dssite.msc). If you have multiple domains, you
will probably want to sit down and read up on GC placement guidelines as Al
mentioned, just start googling for MSKB articles or looking at the AD Deployment
28 matches
Mail list logo