Hi,
How can I export the details of the members of a group like their
firstname, lastname, display name, smtp address etc... I had tried with
both csvde ldifde but not able to get all the information. Also is
there any list which can show all the attributes of a user...
Dhiraj Haritwal
No. This would only apply for things running in the context of the
computer account (e.g. services as SYSTEM or NETWORK SERVICE). When you
go \\server file:///\\server in explorer you connect as ben not
bensmachine...
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From:
I have a consultant that is asking for domain admin rights on 2 member
servers. I have google it but nothing seems to work out right. The servers
are on the domain but the consultant just has a domain user account.
He can logon on to the servers while they are on the domain but the
administrative
If he only needs admin rights on these 2 machines, just add his domain
account into the local admins group on both servers.
You can install any missing tools onto those servers, too.
Does that help?
neil
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Patrick
Sent:
If he just needs administrative equivalent permissions on THOSE TWO
MEMBER SERVERS you can put his account into the local administrators
group of each server...If he is logged on, tell him to log out and log
on AFTER you have added his account to the groups. DOMAIN ADMIN
quirevalent permissions is
Hi Yann,
You r right but what is the procedure to move the CA's to the new DC?
Thanks Regds.
Dinesh
From: Yann [EMAIL PROTECTED]Reply-To: ActiveDir@mail.activedir.orgTo: ActiveDir@mail.activedir.orgSubject: RE : Re: [ActiveDir] Moving ADCDate: Tue, 9 Jan 2007 19:12:17 +0100 (CET)MIME-Version:
I might go so far as to create a new account for the consultant. Inform
the consultant to only use the new account when they need to perform the
work on the two servers. A new account will allow you to audit their
work and also watch for creep. Also, do not give the elevated
account e-mail or
Hi all,
I have one *Domain Contoller* (name dc01) in India and other one *DC* (name
dc02) in remote location. Bothe *DC* can Communication. I have told to
change user login authentication from *DC01* to *DC02.*
So how I can perform this task. Pls help me. I din't find any doc related
this.
I've been having an issue for some time where Vista (w2k3 domain member)
will work fine for a while, then suddenly start asking for proxy
authentication for browsing - and won't accept what I give it, even
though other network access is fine, and I can even connect to
\\proxysrv\mspclnt
You can't just change the authenticating DC from X to Y.
A DC for authentication is located by using DNS. By default clients
search for a DC that has records in DNS for their own site (DCs
physically there or covering the site) and when none found a query for
the DCs that have registered
You need sites. Check out:-
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog
ies/directory/activedirectory/stepbystep/adsrv.mspx#EFE
Sorry if the URL its a bit long you may have to glue it back together
...
From: [EMAIL
Hi,
Thanks for the replies.
birthDate already exists - can you take advantage of it?
Where would I find this? If it already exists I think I'd be better off
using that one.
Thanks,
--
Matt Brown [EMAIL PROTECTED]
Sr. Consultant for Student Technology Fee
website: http://techfee.ewu.edu/
In addition to the below, if we assume that DC01 and DC02 are both in
the *same* site, then perhaps ajay should consider DNS weighting, so
that DC02 is used 'in preference' to DC01.
As usual, it's a 'it depends' style question.
neil
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Return Receipt
Your RE: [ActiveDir] How to change login authentication
document:
wasJustin Leney/US/DCI
received
by:
at:01/10/2007 10:03:00 AM
Visit http://discoverystore.com for award-winning toys, fan favorite DVDs, and
unique gifts.
This
I thought of that...
I think you mean DNS Priority (which will always use the DC with the
lowest value) instead of DNS Weight (which would still use the other DC,
but less/more frequently depending on the weight configuration) ;-))
You can't just change the authenticating DC from X to
Assuming the servers are at least Windows 2000 or newer, the administrative
tools can be installed using adminpak.msi which is found in
%systemroot%\system32 which is usually c:\winnt\system32 or c:\windows\system32.
It is also possible to delegate control in the AD over a couple of servers
It's an attribute of the user class.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown
Sent: Wednesday, January 10, 2007 8:53 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Which ISA firewall client do you have? The new one that supports ISA?
Rich Milburn wrote:
Ive
been having an issue for some time where Vista (w2k3
domain member) will work fine for a while, then suddenly start asking
for proxy
authentication for browsing and wont accept what
Return Receipt
Your RE: [ActiveDir] How to change login authentication
document:
I can't seem to find the birthDate attribute in any of my classes.
Looking in MMC-ActiveDirectorySchema.
Thanks,
--
Matt Brown [EMAIL PROTECTED]
Sr. Consultant for Student Technology Fee
website: http://techfee.ewu.edu/
+--+
| 509.359.6972 ph. - 509.359.7087
Return Receipt
Your RE: [ActiveDir] How to change login authentication
document:
(and these days I can't assume)
64 or 32?
64 there's a needed hotfix for Vista 64 to work with ISA.
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Which ISA firewall client do you have? The new one that supports ISA?
Rich Milburn wrote:
I’ve been having an issue for some time where
KB917902
http://support.microsoft.com/kb/917902/en-us
on second thought ... that might/prob not applicable...we only need it
as ISA is on our DC and Vista 64 doesn't play nice with that setup.
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Which ISA firewall client do you have? The new
Yeah. Joe just emailed me too offlist - I seem to be hallucinating. I've
seen it in so many directories I guess I thought it was part of the
standard g. My suggestion is to keep birthDate in HR but you can
easily extend the schema to include it if you want.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
Hello, all. I am receiving an Access Denied error when attempting to add a
New Link into an existing DFS namespace.
I am a DA/EA and I have checked the ACL's on the appropriate AD objects
and they look correct.
Any ideas would be appreciated.
Thanks,
James
dfs-error.PNG
Description: PNG image
Yes. But I have the issue even after uninstalling it. I've tried
Ultimate x64, and Enterprise x86, (both RTM) and the new firewall client
with each. I have had this problem with many pre-release builds too,
raised the issue many times in beta and it was always non-repro. I
asked some Microsoft
I don't blame it ;-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, January 10, 2007 11:28 AM
To: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Cc: ActiveDir@mail.activedir.org
Subject: Re:
James,
Any specific event log entries around then?
Do you have a big forest? How recently was the root setup (i.e. had it
had time to replicate this information everywhere)?
I'm interested by the phrase look correct - what do you mean?
Just so I have it right in my head - you are trying to
I have a machine (at least one I know of) that isn't syncing time with
the domain controller its logging into. I've restarted the win32time
service on it to see if that would sync it and it doesn't. Any
suggestions on where to start? The DC and the client are off by about 9
minutes.
Try the command...
w32tm /resync /rediscover
See if that helps the client figure out where it should look for time.
~Ben
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Wednesday, January 10, 2007 2:12 PM
To:
I don't see any interesting event log entries.
Not a big forest really, 5 domains, 120,000 users, 1 DFS site.
The root has been around for 4 years.
By look correct I mean that DA/EA have full rights on the DFS attributes
in the domain.
You are correct, R1 and existing DFS root.
Thanks for the
James,
I may not be able to help, but I hope at least I don't confuse things.
Does your DA/EA account have both share and NTFS permissions to the link
you are trying to add?
themolk.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL
All
Sorry for the OT topic. I have a PC I use as my lab with VMs. It has
Vista Ultimate and only has 2GB of RAM and was working fine. However I
tried to upgrade the memory by using a 512MB module and the PC wont
boot now. It blue screens with a message similar to KB 929777.
I tried getting the
Sorry! I meant to ask is there anyone with a Vista RTM X86 PC with
more than 2GB of RAM.
Thanks
M@
On 1/11/07, Matheesha Weerasinghe [EMAIL PROTECTED] wrote:
All
Sorry for the OT topic. I have a PC I use as my lab with VMs. It has
Vista Ultimate and only has 2GB of RAM and was working fine.
Yes - I have a Dell Precision that has 4GB RAM, and which has had both Vista
x86 and x64 on it and it doesn't BSOD.
The issue in the KB seems to be with devices that use DMA and you have more
than 4GB of RAM. That used to cause issues on XP as well (which is why I
believe SP2 for XP limited the
I verified that DA/EA has Full Control both share and NTFS.
James Masters
Systems Architecture and Engineering
The Kroger Co.
Office: (859) 363-2346
Cell:(859) 653-8644
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve
Sent:
I didnt configure the memory dumps for this machine. I assume a kernel
dump is preferred over minidump? Either way I will check and let you
know. Thanks for the reply.
On 1/11/07, Ken Schaefer [EMAIL PROTECTED] wrote:
Yes - I have a Dell Precision that has 4GB RAM, and which has had both Vista
Minidump is 100kb, whilst a kernel dump is 150MB+ I would prefer you to
email me a 80-100kb file in the first instance if that is enough to solve the
problem :-)
Cheers
Ken
From: [EMAIL PROTECTED] on behalf of Matheesha Weerasinghe
Sent: Thu 11/01/2007 12:49 PM
Sure ;-) I was just trying to get as much info as you needed the first time ;-)
Sending the minidump offline
On 1/11/07, Ken Schaefer [EMAIL PROTECTED] wrote:
Minidump is 100kb, whilst a kernel dump is 150MB+ I would prefer you to
email me a 80-100kb file in the first instance if that is
I tried it, it says:
The computer did not resync because no time data was available
I followed http://support.microsoft.com/kb/929276 but it was already set
right
Try the command...
w32tm /resync /rediscover
See if that helps the client figure out where it should look for
http://www.minasi.com/newsletters/nws0306.htm
Fixing Time Synchronization Problems
My XP desktop stopped synchronizing its time with the domain. The Event
Log kept showing that the desktop hadn't time-synced with any of my DCs
in weeks. That worried me because if my workstation's
Have you checked the Type registry parameter?
http://www.activedir.org/article.aspx?aid=74
Tony
-- Original Message --
From: Rimmerman, Russ [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date: Wed, 10 Jan 2007 20:37:53 -0600
I tried it, it
James,
Domain or stand-alone root? (should have asked that earlier...)
themolk.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, 11 January 2007 11:45 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
James,
Where is the link located that you are trying to add - is it within the
DFS structure already published?
themolk.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, 11 January 2007 11:45 AM
To:
James...
...and one more thing - it might have something to do with the fact that
the folder is set to replicate. Where is the FRS-Staging folder for the
replica you are adding the link to, and do you have permission to that
folder?
Thanks! :)
themolk.
-Original Message-
From:
Domain root
James Masters
Systems Architecture and Engineering
The Kroger Co.
Office: (859) 363-2346
Cell:(859) 653-8644
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve
Sent: Wednesday, January 10, 2007 10:38 PM
To:
It is within the structure already published
James Masters
Systems Architecture and Engineering
The Kroger Co.
Office: (859) 363-2346
Cell:(859) 653-8644
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve
Sent: Wednesday, January 10,
I apologize for my DFS illiteracy, but I'm not sure what you mean by the
FRS-Staging folder...
James Masters
Systems Architecture and Engineering
The Kroger Co.
Office: (859) 363-2346
Cell:(859) 653-8644
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
So let me get this straight...
You have a root with folders like this:
RootFolder
--Folder1
--Folder2
You've published the RootFolder as your domain root, and it is shared
accordingly, so when you go to \\domain\rootfoldershare you see folder1
and folder2.
You then are trying to add a
James,
DFS under Win2K3 R1 uses the File Replication System (the same one that
replicates the SYSVOL share's contents) to replicate files. It's a bit
kludgy, which is why DFSR under Win2K3 R2 is such a breath of fresh air
(to be frank I think it would do what you are trying to do, but I get
that
I'm trying to add a new link to a new share (call it Folder3)
James Masters
Systems Architecture and Engineering
The Kroger Co.
Office: (859) 363-2346
Cell:(859) 653-8644
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve
Sent:
Thanks for the info, that helps
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve
Sent: Wednesday, January 10, 2007 11:29 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: DFS Access Denied Error
James,
DFS under Win2K3
OK, so Folder3 exists and lives totally outside the existing DFS root or
it's actual location - this is a new share that you are trying to add as
a link - yes?
Sorry to be so persnickety - just want to make sure I understand your
situation.
As a matter of interest, if you create another
No problem - and yes, that is correct.
I have created a separate DFS root, added a link to Folder3 and
everything works fine.
Think my existing DFS root is whacked?
James Masters
Systems Architecture and Engineering
The Kroger Co.
Office: (859) 363-2346
Cell:(859) 653-8644
-Original
James,
This may sound harsh, but it could be. Humour us all and try deleting
the root and rebuilding it and let us know...
themolk.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, 11 January 2007 3:36 PM
To:
Will do - thanks much for your help.
James Masters
Systems Architecture and Engineering
The Kroger Co.
Office: (859) 363-2346
Cell:(859) 653-8644
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve
Sent: Thursday, January 11, 2007
56 matches
Mail list logo
