Thanks, Brian. Dont you sleep? Its late in Chicago ;-)
802.1x is the direction they are heading. Right now, it is
cost-prohibitive. So the question is less can I control this access but should
I? Is that over-reacting?
Again with the VPN. My thoughts were to push it with an MSI,
so I
Ich werde ab 08.06.2006 nicht im Büro sein. Ich kehre zurück am 26.06.2006.
Ich werde Ihre Nachricht nach meiner Rückkehr beantworten.
In dringenden Fällen zum Thema Active Directory bitte meinen Kollegen Herrn Joerg Reichel ansprechen.
Ursprüngliches Thema: [ActiveDir Digest]
I agree with that. Besides that, my description of the situation is
probably not as clear as it should be.
What I am trying to say is that you can only uninstall Exchange by
choosing 'remove components' when you have the necessary rights at the
AG. That implies that it then does something to
Slight correction, it should say UNinstalling instead of installing in
this section:
What I am now trying to get clear is how this differs from not
installing Exchange but simply only removing the server object
from ESM without uninstalling Exchange from that server.
- Oorspronkelijk
I think now I have around 3500+ groups that has way long CN
and displayname mostly created by ADC, so in the samaccountname its only taking
the first 20 characters...
Personally i prefer shortnames as exchange only uses
displayname for address book so it doesnt matter whats the
Hello everyone,
Simple question - just want to verify:
Single forest\single domain comprised on 2 domain controllers physically in one location. We would like tophysically move one of the domain controllers (the 2nd onepromoted)toa new location (eventually both - during the complete data
They've apparently renamed it http://www.lucent.com/products/solution/0,,CTID+2020-STID+10439-SOID+1456-LOCL+1,00.html
You probably own a copy of somewhere ;)
On 6/8/06, Brian Desmond [EMAIL PROTECTED] wrote:
WTF is QIP anyway? I've heard of BIND and Windows DNS.
Thanks,
Brian Desmond
No, you are correct in your assumptions. There are changes on the local server, yes. Many many changes. But you also must make changes in the directory from name res to the directory itself.
Exchange relies on Active Directory for it's directory services. It has none (well.. mostly not one of
Title: Virtual DCs
Along these lines, has anyone seen an
actual best practices whitepaper for MS Virtual Server? How to configure disk
arrays, controller cache, how many VHDs per volume, memory allocation, etc.
Bryan Lucas
Server Administrator
Texas Christian University
(817)
Actually, I would consider it a good idea unless you have a specific reason not to. What really uses the group samaccountname? Users won't typically see it, so it's relegated to backroom work. Making the cn and samaccountname would, in my opinion, be a best practice. In the case of Exchange, I
Robert;
One thing that immediately comes to
mind would be external DNS structures that may or may not change. Likewise,
depending on the location your time servers may also require some tweaking
- depending on the distance. If this is a short move then theres probably
little to worry
thoughts in-line
-ajm
On 6/8/06, Noah Eiger [EMAIL PROTECTED] wrote:
Thanks, Brian. Don't you sleep? It's late in Chicago ;-)
Sleep? That's something he can catch up on later on in life ;)
802.1x is the direction they are heading. Right now, it is cost-prohibitive. So the question is less
A good place to start is the following checklist that Jorge posted awhile back:
How to move a DC to another site?:
http://blogs.dirteam.com/blogs/jorge/archive/2005/11/25/165.aspx
There have also been a number of discussions that you can find in the
list archives:
We have discovered several machines that were spitting out SceCli
1202 warnings (Security policies were propagated with warning. 0x4b8) in the
Event Log. We found that our secedit.sdb on one of our sysprepd
image was corrupted. On the problematic PCs, we did a
esentutl /p
The thing I'm not wild about with third-party clients (OSX etc.) is
that they often don't play well with security features like SMB
signing - if the Macs are hitting a Windows file server, most of the
Apple documentation will tell you to turn it off entirely. Similar
things can also happen if
You shouldnt have any issues,
except the subnet/site.
Robert
Rutherford
QuoStar
Solutions Limited
The Enterprise
Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12 5HH
T:
+44 (0)
Of course, just note that youll
need to ensure DNS records are correct for the servers to find each other for
repl.
Robert
Rutherford
QuoStar
Solutions Limited
The Enterprise
Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12
Tony Murray wrote:
Hi Yann
One option would be to enable logging of all LDAP searches against the DC.
http://www.activedir.org/article.aspx?aid=97
This is useful information. Wish I would have had it on Monday when our
MIT KDC/KCA was having problems getting info out of AD. Ended
Thanks for the responses - I wonder if it would just be easier to create a new DC at the new location (within the new AD site).
From: Laura E. HunterSent: Thu 6/8/2006 9:38 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Domain Controller - Location Move
A good place to start is
Given that you only have 2 DCs in the whole forest, your
below solution may prove to be prudent.
I would hate to have an issue whilst the org was reliant
upon just 1 DC!
Do clients use the DCs for DNS name resolution too, for
example? If so, how will you cater for the IP change and the
Thanks Joe and Al.In all honesty, I'm far from a programmer and i wouldn't go so far as to say I'm an Active Directory expert like most on this list. I'm going to pass your information to my developers who are working on a web app in .Net with the hopes of authenticating users against our AD. I've
If you can then yes.
Robert
Rutherford
QuoStar
Solutions Limited
The Enterprise
Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12 5HH
T:
+44 (0) 8456 440
331
Title: High CPU utilization during GPO updates
Anybody out there seen the issue in the subject and if so what did you do to alleviate the issue.
Thanks,
Shawn
Are you running Windows 2000 or 2003 DCs?
Chuck
Title: High CPU utilization during GPO updates
I have seen this happen on clients processing GP when
"expensive" policy operations were occurring such as setting file or registry
permissions on large trees. Where is this happening? Server or Client? Is this
during foreground or background
Title: High CPU utilization during GPO updates
Processor utilization issues have only been noticed by
clients. I would say background processing because it is not an issue
during logon
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Thursday,
All DCs are 2003 SP1 with R2 installed
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Thursday, June 08, 2006 2:05 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] High CPU utilization during GPO updates
Are you running
Title: High CPU utilization during GPO updates
Ok. If you can note the time when this is occurring, you
can correlate it with a timestamp in a verbose userenv log and see which part of
processing is doing this.
Darren
Darren Mar-Elia
For comprehensive
Windows Group Policy Information,
Ok - thanks -- that's better than what you would see on Windows 2000 --
Darren can give you good info...
Chuck
After this thread (I believe Dean asked what the error was at one point,
but I can't find that tip of the thread right now), I decided to go
ahead and test this.
http://blogs.technet.com/efleis/archive/2006/06/08/434255.aspx
I'll blog some more on other things we found along the way over the next
Great info ~Eric!
The link to the start of the thread is:
http://www.activedir.org/ml/msg08620.aspx
We've just moved the archive onto the ActiveDir.org web site and we're
having one or two teething problems with the search feature. :-)
Tony
-Original Message-
From: [EMAIL
You could build the archive on ADAM, and enable the indexes to allow for
efficient medial substring indexes. :)
~Eric
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Thursday, June 08, 2006 6:07 PM
To: ActiveDir@mail.activedir.org
It is hard to provide any additional information that would be useful
without some specifics about the actual problems they are facing/what isn't
working/what code they are trying. From a firewall perspective, at a bare
minimum you need LDAP ports open to your DC, depending on whether you want
http://blogs.technet.com/guarddog/archive/2006/06/08/434188.aspx
Nothing beats coming into the office on a Monday morning and finding out
that one of your VP’s is complaining about how long it takes to get
logged into his desktop. They usually won’t even give you a chance to
grab some coffee.
I don't know, some of my posts might invoke the dreaded Admin Limit Exceeded
in ADAM... You know the one... The one you were going to write a blog entry
about when there were too many entries in a non-linked multivalue
attribute...
:)
--
O'Reilly Active Directory Third Edition -
QIP is Lucent's implementation of DNS and DHCP. I think one
of their main claims to fame is their delegation model, I don't know though, I
didn't run it, I was a consumer.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
Theyre keeping me a little busy down at the fun factory, so Im
up pretty late. Actually I just flew back in yesterday from a client so I was
handling backlog.
How is .1x cost prohibitive. Have you looked at the NAC products
most major VPN providers have to handle your fears about
Oh I’ve heard of this thing. I got a client that could use it if
they were smart. Muchos pesos. Miami Pesos, that is.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Al Mulnick
Sent: Thursday, June 08,
You set it to request not require - never had an issue.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter
Sent: Thursday, June 08, 2006 8:48 AM
To: ActiveDir@mail.activedir.org
It looks corrupted in IE7B2 on k3dp1.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Thursday, June 08, 2006 5:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE:
Thanks all for the thoughts. I think that the thing I will
need to communicate to these folks is simply the tradeoffs and the risks. They
run many apps that force full admin rights on the workstations and have
concluded that this is an acceptable risk. Well see what they say. In
the end, I
41 matches
Mail list logo
