I agree with Al in that I don't see an obvious way to do this from a
single command line. The key, as he mentioned, is going to be getting a
list of unique department numbers and section numbers. I'd probably
separate those out into two distinct lists, one for departments and one
for sections.
don't know how to do scripting like this yet.
And I'll certainly holler if I run out of options.
Thanks again,
~Ben
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter
Sent: Tuesday, January 23, 2007 9:12 AM
To: ActiveDir@mail.activedir.org
Subject: RE
IMHO, ESX/VM Infrastructure and Virtual Server are like apples and
oranges. Yes, they are both virtualization environments, but have vastly
different capabilities. VM Infrastructure has a much broader and deeper
feature set that does come with added cost and complexity.
Regardless, in the
- Directory Services
www.akomolafe.com x-excid://3277/uri:http://www.akomolafe.com -
we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
_
From: Coleman, Hunter
Sent: Thu 1/18/2007 1:24 PM
To: ActiveDir@mail.activedir.org
Subject
No, you will still need to extend the schema to support DFS:
http://technet2.microsoft.com/WindowsServer/en/library/84445c1b-a418-4a0
9-a50c-5f3258cfc5b51033.mspx?mfr=true
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Vinnie Cardona
Sent: Friday,
http://www.google.com/search?sourceid=navclientie=UTF-8rls=GGLD,GGLD:2004-22,GGLD:enq=windows+alternate+data+stream
http://support.microsoft.com/kb/814594/en-us
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Antonio
ArandaSent: Wednesday, October 25, 2006 10:17 AMTo:
Rob-
This came up just the other day. Check http://www.mail-archive.com/activedir@mail.activedir.org/msg47273.htmland
see if the responses there help.
Hunter
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Huber, Rob (HNI
Corp)Sent: Tuesday, October 24, 2006 8:10 AMTo:
You may be running into this: http://support.microsoft.com/kb/825675/en-us
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ramon
LinanSent: Monday, August 28, 2006 12:15 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] nslookup. AD beginer
question
Hi
Everyone,
Can't you code your ASP so that it points to the same DC
when it creates the user account that PeopleSoft is using for
authentication?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lucas,
BryanSent: Friday, August 04, 2006 12:05 PMTo:
ActiveDir@mail.activedir.orgSubject:
A different approach is for the Exch Full Admin to simply
grant him/herself Full Mailbox Access-Allow on an individual,as-needed
basis. I prefer this because it requires a conscious effort on the admin's part
to access someone else's mailbox, regardless of what your corporate use policies
Check to see if someone removed the explicit Deny for the
individual account on Send-As/Receive-As at the Exchange Org level, and if not
whether it's getting overridden by an explicit Allow further down the
hierarchy.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of WATSON,
You can start with this http://www.microsoft.com/technet/scriptcenter/scripts/network/client/list/nwlsvb05.mspx?mfr=trueand
add in some logic to query AD for DCs and Exchange servers and then run the
scriptcenter code against those particular servers.
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I'm wondering why you would want to do that. You can tell
if a person is using the defaults by checking mDBUseDefaults, and if she is not
you can pull actual limits from mDBStorageQuota, mDBOverQuotaLimit, and
mDBOverHardQuotaLimit.
Hunter
From: [EMAIL PROTECTED]
[mailto:[EMAIL
If each 2k3DC is newly promoted, as opposed to an in-place
upgrade, then the .dit on those DCs will essentially be compacted with minimal
whitespace. Were you planning on rebuilding your DCs as part of the migration,
or doing in-place upgrades?
From: [EMAIL PROTECTED]
[mailto:[EMAIL
You'll probably have better luck if you post this in one of
the Exchange newsgroups (microsoft.public.exchange*) or lists (http://groups.yahoo.com/group/exchange-2003/)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ajay
KumarSent: Tuesday, June 13, 2006 11:43 PMTo:
Empirical evidence suggests that he shouldn't be insisting
so much. Very few of our users have a proxy address of [EMAIL PROTECTED], and
we have no problems getting to subfolders via OWA. I'm sure you could take a
test user account in your environment and duplicate
this.
From: [EMAIL
On 6/9/06, Coleman,
Hunter [EMAIL PROTECTED]
wrote:
Empirical
evidence suggests that he shouldn't be insisting so much. Very few of our
users have a proxy address of [EMAIL PROTECTED], and we have no problems getting
to subfolders via OWA. I'm sure you could take a test user
Title: AD lag sites and replication
This may be further out on the unsupported limb than you
want to crawl, but IIRC Deanreferenced an alternative to lag sites in his
part of the joe and Dean show at DEC. You could schedule a script that toggles
the replication epoch value and during
What happens when you run the script interactively, as opposed to within
the login script?
You can (should?) tighten the security on this...granting Self allow on
Write Description should be sufficient.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
What criteria are you using to determine that a user is inactive?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Myke
Sent: Wednesday, April 19, 2006 8:39 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] automatic account disable
hi guys,
it's
Have you looked at http://support.microsoft.com/kb/314282and
http://technet2.microsoft.com/WindowsServer/en/Library/4a1f420d-25d6-417c-9d8b-6e22f472ef3c1033.mspx?
And are you sure that the lingering objects are the root cause of the
replication problems, and not vice-versa?
From: [EMAIL
Using virtual disk file backups or images for AD disaster
recovery has USN-rollback perils that have been discussed several times here.
It's worth a visit to the archives to check those out before staking your
disaster recovery abilities on this strategy.
On the other hand, using AD-aware
http://support.microsoft.com/kb/237677/en-ushasinstructionsonexportingtheOUstructure
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard Michael
TyersSent: Tuesday, March 21, 2006 10:13 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Export AD user list
in
Never used Tivoli. From an RFP that an IBM vendor presented
usa couple of years ago, I thought it was excessively complex, at least
for our environment.
Regardless of the product, if it installs an agent on your
DCs and you don't control the monitoring framework, then you're creating an
You're just upset that ADAM has gone Mormon :-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, February 17, 2006 12:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1
A couple of reasons
1. As people keep
Title: Replication traffic monitoring & accounting
You can look at the NTDS perfmon counters, which include
some replication traffic metrics. You might also want to look at your SYSVOL for
recent large (relatively speaking) files that someone may have inserted via
group policy objects.
Are you wanting them to run perfmon against your domain
controllers, or against member servers/workstations? Locally, or
remotely?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Monday, February 13, 2006 8:14 AMTo:
activedirectorySubject: [ActiveDir] permon
http://support.microsoft.com/?kbid=300702if you have 2k3
members
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Monday, February 13, 2006 9:04 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] permon
access
Sorry,
member servers.
remotely.
Thanks
says to allow the Performance Logs and Alerts service on the local
boxto use an account that has the "logon as service" right on the remote
server.
Is this my only solution?
Thanks
On 2/13/06, Coleman,
Hunter [EMAIL PROTECTED]
wrote:
http://support.microsoft.com/?kbid=300702 if yo
Try it with a capital "Z"
adfind -b
dc=mydomain,dc=com -f
"((objectcategory=computer)(whencreated=2005111200.0Z))"
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Friday, February 10, 2006 1:53 PMTo:
activedirectorySubject: [ActiveDir] ldap error during
adfind -default -f
"(objectCategory=person)([EMAIL PROTECTED])" dn
You can change your search base as necessary. This also
assumes that you want to check the primary SMTP address, and not match on a
secondary address.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Teo De
(objectCategory=user)(displayName=\20))
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sitton Glen
ESent: Tuesday, February 07, 2006 10:17 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] DSQUERY filter for
space character only
I need to run an obscure DSQUERY with
Two options come to mind, I'm sure there are
others...
1) Build a set of scripts and put a web front-end on them,
which would allow others to move the user account and as part of the move, the
OUone groups would get stripped and the OUtwo groups would get
added.
2) Directly delegate the
You can pull it with WMI (not sure about the PE scenario)
http://windowssdk.msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_tasks__networking.asp
(watch the wrap)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
"can't" and "unsupported" are two different
things
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Navroz
ShariffSent: Monday, February 06, 2006 2:12 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Roaming
Profiles
That's interesting...I have been doing
You can only take ownership of an object, not push it onto
another security principal. Look at dsacls and the "wo" flag, running in the
security context of the 3rd party.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Crawford,
ScottSent: Wednesday, February 01, 2006 3:46
IIRC, some of the userAccountControl flags got pulled
out into discrete attributes in ADAM. I think that UF_DONT_EXPIRE_PASSWD is now
represented by ms-DS-User-Dont-Expire-Password. However, even with
ms-DS-User-Dont-Expire-Password set to False and pwdLastSet set to 0, I'm still
not seeing
What is strange, though, is that a bind attempt using an account with
pwdLastSet of 0 fails, and a subsequent query (using a different
account) of msds-UserPasswordExpired on the original account still
doesn't show it as true. I would have expected the construction to occur
on the later query.
The error message is pretty accurate
:-)
Try it this way
oFileName =
Inputbox("c:\cpuuse.txt","CPU Usage","CPUuse.txt")
Set FSO =
CreateObject("Scripting.FileSystemObject")
Set oFile =
FSO.CreateTextFile(oFileName,
True)
strComputer = "."
Set objWMIService =
GetObject("winmgmts:\\"
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom
Sent: Monday, January 23, 2006 7:19 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: speaking of AD books...
I lost track of which book
Here is part of a script that I poached from somewhere. It's only set to
stop a list of services, but you could include a second step in the
For...Next loop that calls the oInstance.ExecMethod_(StartService)
after you've stopped the service.
Watch for line wraps and such...
sComputer = 'enter
Look at netdom.exe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 3:03 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD computer accounts being removed
On 1/18/06, Crawford, Scott [EMAIL PROTECTED]
Try it as
adfind -h DC1 -b
"cn=schema,cn=configuration,dc=myco,dc=private" -s base
objectVersion
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah
EigerSent: Wednesday, January 18, 2006 3:27 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] adfind
question
Hi
Maybe the ability to change the security context for certain operations
within a session? Like a task-specific run-as. I haven't thought this
all the way through in terms of security implications, but usually when
I fire up ADUC it's with a non-privileged account, and then I have to go
back with a
Turn up auditing and then parse the Security event logs on your domain
controllers. There are a variety of ways to partially or fully automate
this, including EventComb and scripting.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nigel Glasgow
Sent:
Where are the C$/D$ shares? On the PDC, BDC, member
server?
What happens when you put the migrated account directly in
the NT4 Local Administrators group and bypass the nested group
config?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chandra
BurraSent: Wednesday,
Try adfind with the -showdel flag
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Tuesday, January 10, 2006 8:11 AMTo:
activedirectorySubject: [ActiveDir] Strange deleted object
issue
I have this weird issue-
A user object is missing from my win2k native
Create a user account, then delete it. Note which DC you're
connected to for the delete, then check the security log on that DC. Look at all
of the events around the time you deleted the account so that you'll know what
is actually getting logged.
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Oh no, there was no mention of civility anywhere
:-)
From: Brian Desmond
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Friday, January 06, 2006 7:39 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: DEC
2006
Oh you mean you
witnessed them being civil to each
Check the application event logs on the exchange servers
for ESE 220. Text of those should show the size of each store as the backup of
the store begins. Given a list of your Exchange servers, you could script that
up to check them all and dump out the results to a file.
From: [EMAIL
You're saying you don't take your laptop bag to the gym? :-)
-Original Message-
From: [EMAIL PROTECTED] on behalf of Mark Parris
Sent: Thu 1/5/2006 3:56 PM
To: ActiveDir@mail.activedir.org
Cc:
Subject: RE: [ActiveDir] OT: DEC 2006
Ask your company what problem they hope to solve, or what
added functionality they hope to get, by going with a 3rd party product. Then
ask them if that problem/functionality is worth the purchase and implementation
cost.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
You've hit the masterAccountSID problem that crops up when
a mailbox-enabled account gets disabled. http://support.microsoft.com/default.aspx?scid=kb;en-us;278966
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah
EigerSent: Wednesday, December 14, 2005 5:45 PMTo:
It's been ages since we ran our migration, but at the time we scripted
it using the sample scripts that accompanied ADMT. If you go that route,
you can have multiple log files that are uniquely named and not run into
the session confusion. You'll also get much more consistent results from
the
You're sure that it wasn't your client cache returning the
value after the initial query?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
ADSent: Wednesday, December 07, 2005 7:36 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Found bug in Active
Directory DNS
The reference is on line 155 of the script. Go to Alain's
site (www.lissware.net) and scroll down to
the link for "Script Kit of Volume 2". Download that and extract the whole
thing...you should get a directory structure, and themain script is in
\Volume_2_ScriptKits\Chapter_04\Sample 4.02
http://msdn.microsoft.com/library/default.asp?url="">(watch the URL
wrap)
There's a section in there that covers the mailbox
permissions.
Hunter
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Amy
HunterSent: Friday, December 02, 2005 3:17 AMTo:
Well, if they truly have full control over all objects,
then they could add themselves into the Domain Admins group. Moot
point...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Morley,
ScottSent: Monday, November 28, 2005 12:59 PMTo:
ActiveDir@mail.activedir.orgSubject:
Probably the easiest thing to do is save the spreadsheet
into a delimitted text file (tab-delimitted in the code below), then open the
file and read each line:
Const ForReading = 1
strSourceFile = "yourFile.txt"
Set objFSO =
CreateObject("Scripting.FileSystemObject")Set objSourceFile =
We've used Boot and Nuke, which has several options for number of 0/1
write passes. http://dban.sourceforge.net/
I'm not sure what Joe's -safe option would be on something like this :-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent:
with the
original If,Then statements (without the 0).
Thanks All...
From: [EMAIL PROTECTED] on behalf of Coleman, Hunter
Sent: Mon 11/14/2005 6:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] strGrooup?
OK, looking at this a bit closer than my first reply
Comment out your "on error resume next" line and run the
script. What errors show up?
Hunter
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding,
DevonSent: Monday, November 14, 2005 4:05 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir]
strGrooup?
I cannot
OK, looking at this a bit closer than my first reply, if
the user is in Windows_Group and/or any of the other groups, what are the odds
that that group will happen to be first in the strGroup string? InStr will
return the position of the first occurrance, so unless it happens to be the
Yes, this is scriptable. Perl vs VBS? Either will work, so
I'd go with whatever you are most comfortable with.
How quickly are your source directories going to refill,
and how quickly are is your destination directory going to get cleaned up by the
different process?
From: [EMAIL
s
about 4gig a batch.
The
destination dir empties in about 10-15secs.
also the
destinantion dir can only handle 1000 files at a time before being
emptied.
thanks
On
11/9/05, Coleman, Hunter [EMAIL PROTECTED]
wrote:
Yes, this is
scriptable. P
"It depends..."
We're running some production Exchange front-end servers on
ESX and they perform as well as others that we have on physical hardware.
Connector servers are also good candidates. Heavily loaded mailbox servers...I
agree with you there.
Hunter
From: [EMAIL PROTECTED]
What's your sizing of mail stores and mailboxes there --
Chuck
-Original Message-From: Coleman, Hunter
[EMAIL PROTECTED]To: ActiveDir@mail.activedir.orgSent: Fri, 28 Oct
2005 08:35:27 -0600Subject: RE: [ActiveDir] Exchange now supported on
virtual hardware
"It depends...&qu
then
nothing-
no quit or rset or anything.
thanks alot
On 10/12/05, Coleman,
Hunter [EMAIL PROTECTED]
wrote:
Network
trace is probably the way to go, but lacking that...if you telnet to port 25
on the remote corp's mail host, and issue an ehlo command, do you get back a
Title: Adding users to local Admin group
The restricted groups setting falls under the Computer
Config section of the GPO, so it's not going to apply to all machines they log
into. It's only going to apply to the computers that receive the
GPO.
Put the computers that are going to be used in
Title: Message
That won't work, since the restricted groups setting is
under the Computer Config part of the GPO.
Hunter
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of CHIANESE,
DAVIDSent: Thursday, October 13, 2005 9:49 AMTo:
ActiveDir@mail.activedir.orgSubject: RE:
th first", then my server issues a
bdat, then nothing-
no quit or rset or anything.
thanks alot
On 10/12/05, Coleman, Hunter [EMAIL PROTECTED]
wrote:
Network trace is probably the
Unless there are different requirements at various branches
for domain-wide settings, like password policies, or there are political
obstacles, I would go with as few domains as possible. Start with a single
domain, and then increase that number only if you run into circumstances that
Network trace is probably the way to go, but lacking
that...if you telnet to port 25 on the remote corp's mail host, and issue an
ehlo command, do you get back a list of supported verbs? What are they, or if
not, what do you get back? Do that from your workstation and also from the
Exchange
Title: RE: [MVP-Directory Services] October MVP Awards
John-
Some more details please...
What do you have in place now, in terms of Active Directory
and Exchange (versions, layout, etc)? Or is this a brand new install of
everything?
Are you talking about Exchange forestprep/domainprep, or
If you create an object, you are the owner of the object
and have full control over it. Seems like your options include removing their
create/delete OU rights and making them go through you, or setting up a proxied
system (e.g. web page) that will do the creation for them.
You could run a
From AD's perspective, the RDN is Some User (or cn=Some User). It
does not include anything beyond that, such as OU or container paths.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chuck Chopp
Sent: Thursday, September 29, 2005 9:54 PM
To:
If you have a folder and subfolders that need to maintain
the same set of permissions, grant the permissions to a group at the top foler
and propagate them down; then manage the group membership to grant/revoke
permissions.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
http://www.listleague.com/
Go to "View Hosted Lists by Interest", then Microsoft
Management, then MOM
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding,
DevonSent: Friday, September 30, 2005 8:46 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: Microsoft
Don't know on 1, but for 2 get PFDavAdmin which is either in the Exchange
Resource Kit or downloadable from Microsoft. It will let you set permissions on
a folder and then propagate them down to subfolders.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
I think the way I'd approach it is to build a script that
checks users for roaming profiles, and puts them in a security group if they do.
Schedule the script to run on a regular basis. Then use the security group for
GPO filtering.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Why should Exchange not think that servername.domain.tld is
a domain?
Can
you resolve servername.domain.tld from the Exchange server? How about from the
smarthost?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Monday, September 26, 2005 5:32 PMTo:
Does "servername.domain.tld" have MX and A records in DNS?
Is this one of your servers, or does domain.tld belong to someone
else?
What happens when you try to telnet on port 25 from your
Exchange server to servername.domain.tld?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
My preference would be that the application vendor include a set of LDIF
files. That way all of the schema mods are in plain view and AD service
owners (domain admins, schema admins) can see what is getting changed.
Unless the schema mods were well documented by the vendor, I wouldn't
run an
Fred-
This is not possible. While you can make it more difficult
for the user to do things you don't want him to, if you give him either physical
access to the DC or the ability to log on to the DC, he is in a position to
elevate his permissions to the point of owning your forest.
If you
http://www.unix.org.ua/orelly/perl/sysadmin/ch06_05.htmwould be a good
start
From: Kern, Tom
[mailto:[EMAIL PROTECTED] On Behalf Of Kern,
TomSent: Wednesday, September 21, 2005 2:30 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] disabling
users
I only have time to learn one
If you have the time, pick up a copy of Pierre Bijaoui's Scaling
Microsoft Exchange 2000. I don't think it's been updated for Exchange
2003, but most everything he covers in there carries forward. It's very
good information on building storage infrastructure for Exchange,
including SANs.
It may
I'd create the Workstations OU and the Servers OU. Then write a script
that looks at each of the machines in the computers container, and based
on what you find in the operatingSystem attribute have the script move
the object to the appropriate OU.
I'd also not leave new computer objects in the
I'd also look at running hardware diagnostics, particularly on the disk
subsystem and controller. No point in restoring or repromoting if there is an
unresolved hardware problem.
-Original Message-
From: [EMAIL PROTECTED] on behalf of Steve Linehan
Sent: Fri
What problem do you have (or are trying to prevent) that makes you want
to set up teaming? I only ask because you will be adding complexity to
your environment that may not be justified by the perceived benefit. On
the other hand, maybe it will...
Hunter
-Original Message-
From: [EMAIL
No. You're running into the msExchMasterAccountSID problem.
http://support.microsoft.com/default.aspx?scid=kb;en-us;555410 has
information, and points to the NoMAS tool. You can also handle this by
setting the attributes manually or via script.
-Original Message-
From: [EMAIL PROTECTED]
and their
mailboxes?
Should you just expire the account to a date in the past and then you
can access their box?
or can you give Self full mailbox access to a disabled account and
then access the box?
which way works?
thanks alot
On 8/17/05, Coleman, Hunter [EMAIL PROTECTED] wrote:
No. You're running
in the past and then you
can access their box?
or can you give Self full mailbox access to a disabled account and
then access the box?
which way works?
thanks alot
On 8/17/05, Coleman, Hunter [EMAIL PROTECTED] wrote:
No. You're running into the msExchMasterAccountSID problem.
http
Watch for line wraps; you'll want to put your code between a While/Wend
loop.
Dim fso, ts
Const ForReading = 1
Set fso = CreateObject(Scripting. FileSystemObject)
Set ts = fso.OpenTextFile(c:\test.txt, ForReading, True)
While NOT ts.AtEndOfStream
strComputer = ts.ReadLine()
rest of your code
.
Phil
On 8/10/05, Coleman, Hunter [EMAIL PROTECTED] wrote:
ADFind: http://www.joeware.net/win/free/tools/adfind.htm
Example 6 from the command line help (adfind.exe /?) should be a good
starting point for you.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
I expect they lack Exchange View Only Admin permissions (or higher).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Thursday, August 11, 2005 8:27 AM
To: activedirectory
Subject: [ActiveDir] account operators
is there any reason an
AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] account operators
I thought AO had complete rights to the user object which would include
exchange attribs.
i guess they still need rights to the store?
is that it?
thanks
On 8/11/05, Coleman, Hunter [EMAIL PROTECTED] wrote:
I expect
Yes, but you will also need to grant Reviewer rights on your mailbox to
the user, and they will have to open it as a secondary mailbox or create
a shortcut to it instead of File-Open other user's folder-(Calendar
from drop-down list)
-Original Message-
From: [EMAIL PROTECTED]
that work?
thanks
On 8/11/05, Coleman, Hunter [EMAIL PROTECTED] wrote:
Yes, but you will also need to grant Reviewer rights on your mailbox
to
the user, and they will have to open it as a secondary mailbox or
create
a shortcut to it instead of File-Open other user's
folder-(Calendar
from drop
ADFind: http://www.joeware.net/win/free/tools/adfind.htm
Example 6 from the command line help (adfind.exe /?) should be a good
starting point for you.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Freddie Coleman
III
Sent: Wednesday, August 10, 2005
...or ADAM. These kinds of requests have a tendency to creep beyond the
original scope, which can have unintended consequences if the upfront
planning falls short.
Hunter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday,
1 - 100 of 274 matches
Mail list logo
