LMAO...I thought my Outlook rule was broken for a second...
On 1/25/07 5:12 PM, Michael B. Smith [EMAIL PROTECTED] wrote:
I'm guessing you didn't like the answers you got on the exchange list?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stu Packett
Sent: Thursday,
Title: Active Directory Health Check tool - where can it run from?
Ahhthe good ol days of being
a premier customer. I miss those days
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Washington, Booker
Sent: Wednesday, November 01, 2006
7:09 AM
To:
Hey guys,
I'm curious how people are populating attributes such as employeeid,
employeetype, etc, specifically when creating\modifying accounts using the
GUI (ADUC)? Besides me writing something to populate the fields what other
resources do I have to allow other selected users (account
.
The latter is done
by displayspecifiers. More info found here:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/howto/adschema.mspx
/Guido
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Thursday, September 21
.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Thursday, September 21, 2006
3:04 AM
To: ActiveDir@mail.activedir.org
Subject: How are folks setting
hidden user attribs?
Hey
Correct me if Im over simplifying
things herebut doesnt 2047GB = 1.99TB (not 2.47TB) since 1024GB =
1TBright?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Wednesday, June 28, 2006
7:22 PM
To: ActiveDir@mail.activedir.org
Subject:
Check out service explorer. The trial version will do exactly what you
want...for services anyway.
http://www.scriptlogic.com/products/serviceexplorer/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Tuesday, June 27, 2006 7:32 PM
Anyone familiar with SFU out there?
At least half of my users do not have SFU attributes.
I now have the need to create NIS
accounts for all of them. Besides hitting the properties of each user and
enabling them for NIS
what other options do I have? I do happen to have the means to
Hahaha
While reading the very first sentence in
the last paragraph I was thinking to myself, what was that app that our
Engineers used to use (prior company) that wanted all of the users to have this_special_group as primary
Clearcase...they are notorious.
From:
[EMAIL
Definitely a huge thanks to everyone for making this an awesome first DEC for
me! It was great matching up faces to the email addresses I see daily. The
DR, Security and Interopt sessions were a couple of my favorites. The DJ
show was awesome!
For those not able to attend this year, make it a
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Friday, March 17, 2006 11:57 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS question
You can remove the A records with out any impact (if I remember they were for
legacy LDAP clients) but this requires
You can remove the A records with out any impact (if I remember they were for
legacy LDAP clients) but this requires more work than just removing the
records. You will have to change the registry entry below to 0 to disable
the registration of ALL A records, this includes some important DNS
Anyone know of any
good Windows 2003 mailing lists?
TIA
-Alex
Title: Message
And now I can honestly say that I can
follow this thread and not be completely lostthanks chapter
3 of the book in the signature for a great schema refresh! ;-)
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, February 06, 2006
5:32
Title: Logon issue
Funny I just (5 minutes ago) sent
an FYI to our End User Support team regarding this issue.
Heres the KB: http://support.microsoft.com/?id=244474
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, January 27, 2006
6:21 PM
To:
there's no
accounting for production. Be ready with a contingency plan in case it all
comes crashing down around your ears.
Wook
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Alex Fontana
Sent: Thursday, January 19, 2006
9:07 PM
To: ActiveDir@mail.activedir.org
As I understand it; the client machine
queries its primary DNS server for the SOA of the zone that matches the clients
primary DNS Suffix. It then attempts to register its A/PTR records with
primary for that zone. That said, as long as the clients primary dns server
knows who the SOA for
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
Synch WSUS and get to patchn
-Alex
off done on
production deployable hardware?
Im a big advocate of VM testing,
just to set the record straight.
Rick
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alex Fontana
Sent: Sunday, January 01, 2006
2:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE
I would have to agree;-) At
work I run completely on VMs using ESX. All my testing is done on a Dell
PE1800 with about 8VMs including AD, Exchange (clustered), SQL, etc.
For those looking to do simple testing of
apps check out VM Player http://www.vmware.com/vmplayer
You cant
Our main file/print server was set up to run the SFU NFS
server and is a Domain Controller. Having this box as a DC has been
stressing me out since I got here since anyone who creates home directories and
needs to modify permissions (standard practice when creating new users) needs
to have
.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Saturday, October 08, 2005 12:45 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Modifying Domain Admins Administrators Group
Call my method crude and archaic...but I have a box
Call my method crude and archaic...but I have a box that just runs
scripts...all day...nothing else. One of them is to do a simple dump of the
domain, enterprise, and schema admins group once every 30 seconds or
something and diff it against the previous run. If there's a difference I
get an
Title: Change AD Passwords
If youre willing to spend money and
have a solution that scales, i.e. does more than just AD passwords look into
P-Synch from MTech. http://www.psynch.com/
Ive used them here and at a prior
company for password changes, password expiry notifications, password
DFS is site aware, but what about
non-dfs? \\example.com will always
resolve to some domain controller, dfs or no dfs, using
round-robin dns, right?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, September 06, 2005
8:59 AM
To:
of
hardware, especially for a smaller DIT. That's just my preference
though.
Good luck,
Al
From: [EMAIL PROTECTED] on behalf of Alex Fontana
Sent: Mon 8/22/2005 9:30 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Database Corruption
ECC
For what ever reason all of our users are still in the
cn=users container. Of course after years of being like this everything
ldap refers to cn=users. Part of my master plan is to change this to an
OU structure, but Im looking for a less intrusive method of changing
this than having to
Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Alex Fontana
Sent: Fri 8
and this was the approach we used with good success.
Diane
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Friday, August 19, 2005 3:29 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Database Corruption
Started getting
Started getting the error below a few weeks ago on one of
our DCs. My first reaction is to run a non-auth restore from a day before
this started happening and let replication take care of everything else.
Any reason NOT to do this? Im concerned that this may happen again
and wasnt able to
Oddly enough, one admin here had a
ridiculously slow running ADUC, he updated his display driver and it started
responding as it should
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Tuesday, July 12, 2005 11:15
AM
To:
and machines all day long. I
deploy hundreds of servers (inc DCs), believe me, I dont use the CD in
every one of them. :)
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Friday, July 08, 2005 11:37
PM
:55 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Sysprep Win2k3 Servers...maybe a DC?
I always avoid using images on servers and instead opt for automated
builds. If I was pushed I might use an image for a server, but never
for a DC.
Phil
On 7/9/05, Alex Fontana [EMAIL PROTECTED
, I dont use the CD in
every one of them. :)
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Friday, July 08, 2005 11:37
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Sysprep
Win2k3 Servers
I know imaging and ghosting has
been talked about before, especially in regards to backing up DCs and the
conclusion is dont. I totally understand this and agree, but what about
a base image of a win2k3 server, non-domain member, that has had sysprep run
for all servers, including maybe a
Title: Exchange and disabling accounts
I wrote a batch file used during
terminations that included granting the SELF account the associate external account
permission. I used a tool called admodcmd. I believe this is the
site:
Trying to delegate control to a group of admins for user
account creation, simple enough However at this point I can not get
past the UNIX attributes tab with out the following error message:
Unable to modify the property object values:
Check credentials
There could be network
PROTECTED]On Behalf Of Alex Fontana
Sent: Monday, June 06, 2005 5:31
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Permissions
needed to modify UNIX attributes SFU 3.5
Trying to delegate control to a group of admins for user
account creation, simple enough However at this point I can
problem and havent noticed it. I
just make sure that I start it manually.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Monday, June 06, 2005 8:31
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Permissions
needed to modify UNIX attributes SFU
If the DB is dismounted and only the system mbxs are left (no user mbxs) you
can right-click the db and delete, you'll most likely get a message that it's
been removed from ESM, but that you have to manually delete the edb and stm
files. Then you can go to explorer and delete those two files.
Attributes tab when viewing a user's
properties in the AD Users and Computers tool.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alex Fontana
Sent: Wednesday, May 25, 2005
12:07 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] SFU and ADUC
Anyone know what I
While vpn'd in can you browse/access file shares? I remember having a
similar issue and the fix being the following:
http://support.microsoft.com/default.aspx?scid=kb;en-us;244474
-Alex
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent:
Anyone know what I need to install on an XP workstation to
manage the Unix attributes of a user? SFU 3.5, AD2003.
-Alex
that to Eric or someone who has actually played with this
and seen it though.
Either way, I think it is good you are
shooting it.
joe
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Saturday, May 21, 2005 10:52
PM
To: ActiveDir@mail.activedir.org
that,
I agree with Rick, mow the DC down and start over.
joe
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Tuesday, May 17, 2005 4:53
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Replication
failures - lingering objects
I have a DC
that the resolution is 1 minute so you need to schedule
something for the following minute.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alex Fontana
Sent: Friday, May 20, 2005 1:32 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] The at
/interacive command
Try:
at 10:29:00 /interactive ldp.exe
not sure on how to get around the time?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Friday, May 20, 2005 10:06
AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] The at
/interacive command
I have a DC that appears to have had some time synch
problems before I got here Subsequently, all other DCs have
discontinued replication for the cn=configuration (per repadmin) with this
DC. My question is; the first event I can see showing replication
problems with this DC is on April
Woops,
60day tombstone lifetime, not garbage
collection.
From: Alex Fontana
Sent: Tuesday, May 17, 2005 1:53
PM
To: 'ActiveDir@mail.activedir.org'
Subject: Replication failures -
lingering objects
I have a DC that appears to have had some time synch
problems before I
So what are some clever methods yall use to not
expose the password in a script?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rick Kingslan
Sent: Sunday, May 08, 2005 9:52 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO not
applied - thinks it
I dont think youre ever
gonna get SYSTEM to shutdown any system but its local one it has
no authority on any system but itself. Only thing I can think of is throwing
some credentials into the script your writing that does have the authority over
other machines, but then your askin for it
It sounds like the question is:
What is the proper method for adding a new
machine (new image, reimage, whatever) to the domain using a NetBIOS name
that already exists in the domain?
Reset the machine account and then add the
new machine (what Jorge said). In a single site you
Is there any attribute that is unique to real user accounts
only (mail enabled and non-mail enabled)? We tried teaming up objectclass=user
and givenname=*, but of course not all users have to have a given name. Then
tried teaming up the objectclass with useraccountcontrol=5*, then we found
] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Tuesday, March 01, 2005
12:48 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Querying for
all users
Is there any attribute that is unique to real user accounts
only (mail enabled and non-mail enabled)? We tried teaming up
objectclass
http://support.microsoft.com/default.aspx?scid=kb;en-us;318584
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Monday, January 10, 2005 7:39 AM
To: ActiveDir (E-mail)
Subject: [ActiveDir] OT:winsock
I keep getting an error on a win2k pro
We've seen this, unfortunately there are thousands of variants of this
worm. First things first...
Make absolute sure you are completely cleaning a machine!!! No matter
how much patching is done if the machine has already been compromised it
WILL get reinfected. We found that Mcafee, even
Interesting issue
with Netscreen 204 Firmware v5; on three occasions we have had AD replication
break between sites connected by VPN. As of now we have reverted back to
our v4 box which has worked fine for the past year. The problem seems to
be in LDAP queries, no response when using
Title: Message
Thanks all for your replies. My concern isn't so much
with the Event 1000s, or with the folks that this has already happened to as
much as it ispreventing this, possibly by using "uphclean.exe", or
understanding why all of a sudden folks are having this happen. Anyone
have
Hello
all,
we've had a few
calls this week (more this week than last) about folks' profiles being corrupt,
i.e: they are having a new profile created when they log on. User bob now
has bob.domain or in some instances even bob.domain.00, etc. I've looked
at a few machines and notice no
In an effort to
improve file server security and group management as a wholeI find myself
curious about what other folks do in similar situations.
The environment: 1
File Server, 1 Win2k3 Forest, 3 domains, Exchange 2k
Current config: A
bunch of global security groups that are pretty much
My GPO is as follows:
Activate Screen Saver: Enabled
Screen Saver EXE Name: NOT CONFIGURED
Password Protect Screen Saver: Enabled
Screen Saver Timeout: Enabled (1200 sec)
That config will allow the user to choose their own screen saver but not
allow them to change the lock screensaver feature or
The two responses make good points; can you send an email
to the address, do you get an NDR?And has the RUS stamped the
mailbox with the addresses? I've had the RUS stop stamping addresses,
which caused the mailbox not to be created (can't log in) and have had to run a
rebuild, you may want
Doesn't the subject
say it all???
Has anyone gotten
AutoDL to work? I have it all setup but when I load the webpage the two
bottom panes don't display; "Page Not Found". I'm thinking there is some
sort of security misconfig or something, but documentation is so scarce that I
have no clue
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Alex Fontana
Sent: Fri 7/30/2004 12:04 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir
: [ActiveDir] AutoDL
Why can't they use the OS search/admin baked-in tools?
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Friday, July 30, 2004 5:05 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AutoDL
I'll look at cconnect
First question is:
Do you have ANY access to the box? You can't log on locally, but can
you netsvc and start the telnet service? Can you use psexec and run
psexec \\hostname cmd to get a shell? (www.sysinternals.com look at
pstools in the utilities section, great tools and free!) Can you get to
Title: DC GPO not applying event log settings
Sorry, Win2k/SP4 all current patches
applied.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric
FleischmanSent: Tuesday, July 20, 2004 8:06 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DC GPO not
applying event log
67 matches
Mail list logo