Yeah, but you can just ignore it and it's not the default Users
or Computers containers. Still, is there a safe way to remove
those? Similarly there's a safe way to remove the Default-First-Site-Name
stuff too?
Mike
On Mon, 04 Dec 2006 20:28:42 -0800
Susan Bradley, CPA aka Ebitz - SBS Rocks
Put duct tape over the top and forget about them.
Seriously...you mess with those (especially the OU stuff) and you will
break some wizards in SBS. Kinda like the Kitchen Sink stuff you
live with it or if you do mess with 'em, please do so not on a client's
box and only on your own that
Hi!
Sorry if this question is a bit off-topic to the list, but I've seen
some Exchange-related questions here, so I know there is Exchange
expertise hanging around ;) and I didn't know where to ask; please
feel free to point me to the proper forums (forii?) to ask in.
I am looking for a way to
Excellent mail list ... keep up the good work!
But can anyone help me ..
For various reasons we have extended the schema in our Active Directory
(test only at present) to add further local attributes to users.
All is working well until I attempt to make use of the data in these
extra
in-line:
Mitch Reid wrote:
We had a few user accounts that were deleted and then recreated and
nobody will take responsibility.
I used ADSIedit to verify the creation date/time.
While auditing is enabled, the Security log rolled and we missed the
event (yes I know it's an issue).
Assuming
Hosted SBS with Outlook 2003
Office Live http://office.microsoft.com/en-us/outlook/HA100809831033.aspx
Not 2003 without a SBS box on the backend but 2007 uses Office Live to
share calendars.
40 people and you don't have a server... wow.the control freak in me
is freaking out. We put
I know there are a bunch of exchange clones out there, but I have yet
to come across one I would recommend. That doesn't mean there is not
one out there. If all you want to use it for is a shared calendar, you
may want to check out a company called softalk.
http://www.softalkltd.com
They have
But I bet when you sit down in front of a computer, it knows it had
better behave :)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent: Monday, December 04, 2006 8:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE:
So, SBS sounds like the solution to your problem. Have you considered
bringing in someone from a good local consulting firm that targets the
SMB space and knows how to sell SBS on all levels (technical to exec)?
Honestly, almost every SBS deal I've done it's started out with such and
such manager
If you have any kind of a complex environment, you'll find volume activation
to be very frustrating indeed:
1. The KMS service can't support more than one key, so if you have Longhorn
VL clients in your environment you have to put up a second KMS
infrastructure for them.
2. You can't (rather,
Ok, thanks. It's only a testing machine. I'll leave it alone.
Mike
On Tue, 05 Dec 2006 00:10:56 -0800
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote:
Put duct tape over the top and forget about them.
Seriously...you mess with those (especially the OU stuff) and you
A friend of mine has asked me to ask the group the following Exchange related
question.
An Exchange 2003 environment that has been upgraded from Exchange 2000 needs to
have SMTP reconfigured for outbound mail. There are two proposals on the table
but they are not sure of the best approach.
1
Mark,
In scenario 2 will your SMTP server in the DMZ subnet be part of the Exchange
organization? If so the whole DMZ thing isn't really going to get you much if
anything. Personally I think DMZs are outdated and not a good model anymore.
I would go with option 1.
Thanks,
Brian Desmond
If you use OWA for remote mail access number 1 is the best choice. You then
publish your OWA through the ISA server.
If your incoming smtp is only from messagelabs and you do not need/use OWA then
I would consider skipping to choice three, with nothing out front and only
allow port 25 from
I'd say that you should test it. Create and link a policy where you've set
system objects: default owner for objects created by members of the
administrators group to Object creator. Then create a user in AD and
check the ownership.
Laura
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I would go with option 3 - send and receive directly from your trusted
external partner, message labs. The only benefit to having a DMZ based
relay is that you don't have to open tcp25 to/from your trusted network to
the outside vendor. Not sure there is enough of a risk there to warrant a
DMZ
While Laura and yourself make valid points, you are both talking about
solutions that do not exist today. I'm just trying to help the OP with
the problem he is having right now. Getting into the full licensing
overhead of Vista, not to mention LH, could, and undoubtedly will, take
weeks and/or
Inline...
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harvey Kamangwitz
Sent: Tuesday, December 05, 2006 11:28 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: Vista Activation and KMS
If you have any kind of a complex environment, you'll find
If you are member of ADMINISTRATORS directly or indirectly through a
CUSTOM group it will by default list ADMINISTRATORS. Changing the policy
lists the object creator.
If you are member of DOMAIN ADMINS also, it will list DOMAIN ADMINS
Is this what you mean?
If the latter is the case
I am not at all talking about solutions that don't exist today. Go to a
Vista machine and take a look at slmgr.vbs.
Laura
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi
Sent: Tuesday, December 05, 2006 12:39 PM
To: ActiveDir@mail.activedir.org
Doh! Okay, now I think I get what you're referencing in item 1.
There's a reason for that- LH isn't out yet. When LH is out, that won't be
an issue. :-)
Laura
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson
Sent: Tuesday, December 05, 2006 12:48
Yes, but so do most people. ;-)
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson
Sent: Tuesday, December 05, 2006 10:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Possessed PCs
But I bet when you sit down in front of a computer, it
Have you tested this?
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Tuesday, December 05, 2006 12:53 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Is it possible to determine who created an AD
object?
If you are member
As much effort is going into the whole activation thing, why not just ship
it with a bloody dongle already.
Phillip Partipilo
Parametric Solutions Inc.
Jupiter, Florida
(561) 747-6107
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harvey Kamangwitz
Sent:
?
which part?
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : see sender
I suspect that people aren't really familiarizing themselves with how
activation works. It's really not rocket science once you understand it.
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phillip Partipilo
Sent: Tuesday, December 05, 2006 1:53 PM
To:
I did Laura's test (the thread was wearing me down ;-)).
Even with the policy set to Object Creator it still shows Domain Admins as
the owner if I create an object with an account that is member of Domain
Admins. In my case the Domain Admins group is a member of the built-in
Administrators
Test what I wrote in my other response.
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Tuesday, December 05, 2006 2:29 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Is it possible to determine who created an AD
object?
?
I personally am not ready to stick a Vista box as a Licensing server.
ISA still doesn't have a firewall client that works for one... and I've
yet to find a a/v that doesn't BSOD my tablet pc or act strangely on
another box I built.
In fact I'm still using my Technet 'for testing purposes'
DING DING DING!!! WE HAVE A WINNER!
System Object != Directory Object.
If you're really feeling like having fun, test this out with file system
objects and with messing around with Domain Admins versus Administrators
membership. Okay, maybe not everybody finds that fun. Never mind. :-)
Laura
?
just like I wrote it and tony confirmed it
do you have other experiences?
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel :
The Windows Server 2003 KMS host will be out soon. In the meantime, Vista is
perfectly acceptable to use and it's incredibly simple to decommission it as
a KMS host when you implement a Win2K3 host. No TAM support needed.
Again, I'd really encourage people to thorougly read the documents I
BTW, speaking strictly about directory objects, if you use an account that
is NOT a member of Domain Admins but IS a member of Administrators (DLG),
the ownership of the object works exactly the same way as it does if the
account is a member of Domain Admins and not a direct member of
No, Jorge, Tony did not confirm what you wrote, he confirmed what I wrote in
my very first reply to you in this thread. I quote: Even with the policy
set to Object Creator it still shows Domain Admins as the owner if I
create an object with an account that is member of Domain Admins.
The policy
Just to make sure everybody understands what I am saying, I'm going to
summarize this one last time.
If I create an object in AD while I am logged on with an account that is a
member of Domain Admins, Domain Admins becomes the owner of the object. NOT
the Administrators group. NOT the object
Does anybody have anything particularly good or bad to say about Quest's
Recovery Manager product?
We are evaluating it for an 2 forests, and 3 domains.
As always, thanks for all of your insight and expertise.
-James
List info : http://www.activedir.org/List.aspx
List FAQ:
?
oh, and yes I did test it and got the results I mentioned earlier...when not a
member of DA but a member of Adms it lists the object creator after changing
the policy
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server -
?
sorry to say, but I have different results...mailed them offline to Laura
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel :
I have given a user send As perm directly on a universal distribution group
in AD.
However, whenever this user slects the group from the GAL in the From:
field of Outlook 2k3 and attempts to send an email as that group, he gets an
error of You do not have the permission to send the message on
Yaargh. Now I started messing around further, because when I first tested
this when this thread began so as to verify my rather rusty recollection, my
recollection was that it worked as Jorge outlined (only for accounts that
are members of the Administrators group in the domain and not for Domain
See my most recent post. Are you performing your testing on the PDC
emulator? I'm really a bit baffled as to what's going on at this point and
am curious if you've been testing on multiple DCs so I can see if you get
the same results I do.
Thanks,
Laura
_
From: [EMAIL PROTECTED]
Thanks for the responses so far - I have also been kicked for not mentioning
that there is a Juniper server in the equation to which OWA is published.
So OWA goes through the Juniper appliance in another dmz and does not touch the
ISA dmz.
Still the same responses?
Regards,
Mark Parris
Okay, folks, I think I may have an answer to the behavior I've been seeing
with an account that is NOT a Domain Admin but IS an Administrator not
showing as the individual owner of the object when the policy is set to
object creator.
The only thing I can think of is this- I've been doing this all
Well itâs a Juniper NetScreen probably not a server ... just a firewall. I'd
either throw ISA there behind the Juniper or just go with option three and
point the NAT on your Juniper straight to the backend.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original
Well, I've done some more testing and the results are interesting.
In both instances I have the policy in place and set to Object Creator.
1.
If the account used for AD object creation is a member of Domain
Admins the owner is shown as Domain Admins.
2.
If the
On 12/5/06, Laura A. Robinson [EMAIL PROTECTED] wrote:
Inline...
--
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Harvey Kamangwitz
*Sent:* Tuesday, December 05, 2006 11:28 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] OT:
James - Recovery Manager for Exchange, AD or both?
We've been very happy with Quest Recovery Manager for Exchange. No experience
with the AD product...
--James
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, December
47 matches
Mail list logo
