Hi all,
I recently deployed a clean install of a Windows Server 2003 DC but since we
were in the process of taking a server image for other builds of other DC's
in the forest, I mistakingly left the netbios name of the server as our
server guys had left it! Anyway, I only realize this mistake
Hi all,
Has anyone stopped the publication of generic SRV records in thier hub-spoke
environment. We have a multi-domain Windows 2000 native mode environment
that I need to restrict clients at branch sites to authenticate only locally
(preferred) and in the event of a site failure back to a
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Monday, 7 November 2005 2:00 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Certificate Services AD
Can anyone please recommend a good web resource for deploying certificate
services
Hi all,
Can anyone please recommend a good web resource for deploying certificate
services in an Active Directory environment.
I was interested in best practices for CA hierarchy, stand-alone or
enterprise, hardware config. etc.
Thanks in advance.
List info :
Hi,
We have about 7 domain administrators in a particular child domain. I just
found out someone added the DBA Group to part of the Administrators group in
this domain. Not necessary, not required nor is it a policy. Event logs have
obviously been overwritten therefore I would like to know
Hi,
We're in the process of planning to migrate from Notes to Exchange and one
the dependenices of this migration is a SAN environment.
Has anyone utilized the services of any independent consulting bodies to
carry out a SAN assessment. Essentially, helping in the process of
determining
PROTECTED] On Behalf Of Devan Pala
Sent: Wednesday, September 21, 2005 11:04 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: SAN Assessment
Hi,
We're in the process of planning to migrate from Notes to Exchange and
one
the dependenices of this migration is a SAN environment.
Has anyone
: [ActiveDir] Pop-up Blocker Settings with GPO's
Date: Thu, 04 Aug 2005 16:58:00 -0700
On Thu, 04 Aug 2005 12:42:22 -0500, Devan Pala [EMAIL PROTECTED]
said:
Do you know what/where it is?
Computer / Administrative Templates / Windows Components / Internet
Explorer / Pop-up allow list.
There's
Hi all,
Is it possible to modify the pop-up blocker sites exception list to allow
pop-ups from sites through a GPO?
Thanks,
Devan.
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
:30:22 -0500, Devan Pala [EMAIL PROTECTED]
said:
Hi all,
Is it possible to modify the pop-up blocker sites exception list to
allow pop-ups from sites through a GPO?
It's supposed to be. The GPO settings exist. Our workstations aren't
paying attention to them, though.
RM
List info : http
Hi,
Does anyone know if its possible to tweak a domain controller so that
authentication requests from a client that exceed 2000 bytes (not sure if
thats the default for Windows 2000 domains XP) may be authenitcated by the
DC.
I know its possible with a regisrty hack on the client by
not the server starting the conversation ;o)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Friday, July 29, 2005 10:36 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] UDP vs TCP
Hi,
Does anyone know if its possible to tweak
, we just push that registry setting out to all
users. I've never seen a difference when logging in.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Friday, July 29, 2005 11:26 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] UDP
Hi Murray,
In our environment I utilize WSUS by Microsoft.
I've created a WSUS Pilot Group and placed several servers in it, one of
them being a DC. When MS releases new patches, they are reviewed then
approved for the Pilot Group first. After the servers in the Pilot Group
have the update
frsdiag here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=43CB658E-8553-4DE7-811A-562563EB5EBFdisplaylang=en
Good luck!
steve
- Original Message -
From: Devan Pala [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Tuesday, June 28, 2005 10:19 AM
Subject: RE
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Monday, June 27, 2005 6:02 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Default Domain Policy Issues
Hi all,
After making changes to the Password Policy (Enforing password History) for
a child
]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Tuesday, June 28, 2005 7:00 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Default Domain Policy Issues
Well I've just downloaded Sonar and Ultrasoound.
Sonar tells me evrything is OK!
Not sure what I'm looking for actually, how
Hi all,
After making changes to the Password Policy (Enforing password History) for
a child domain's Default Domain Policy it reverts back to the previous
setting right after the replication cycle has completed with other DC's.
I don't see any out of the ordinary NTFRS log events.
Any leads
: [ActiveDir] Default Domain Policy Issues
Date: Mon, 27 Jun 2005 15:17:51 -0700
What OS and what Service pack are all DC's at?
steve
- Original Message -
From: Devan Pala [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Monday, June 27, 2005 3:01 PM
Subject: [ActiveDir] Default Domain
Hi all,
There is supposedly a security option in Windows (I don't see it on my
Windows 2000 Domain Controllers but is present on my Windows XP Professional
system and I'm assuming on Windows Server 2003).
Network Security: Do not store LAN Manager hash value on next password
change
Computer
Hi all,
I've attached an administrative template you may find beneficial for
allowing non administrators the privilege to approve or disapprove updates.
I noticed that in our environment, the remote IS Administrators were not
able to delay the restart of a computer (in this case a domain
Hi all,
Does anyone know how to export local GPO's (in a Non-Domain environment) to
multiple computers?
Thanks,
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
and then use secedit to automate importing it onto your
target machines.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Wednesday, April 27, 2005 7:58 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Exporting Local Group Policies
Hi
service (Network Connections) running?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Wednesday, April 13, 2005 2:47 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Installed NIC's not displayed
Hi,
I have a couple of domain
Hi,
I have a couple of domain controllers (Windows 2000 Advanced Server, SP4).
When I go to Network and Dialup Connections I cannot see the installed
NIC's.
The only way I can see them is in a command prompt through ipconfig/ all.
Anyone ever experienced anything like this? Everything else is
Hi all,
Anyone with Paypal accounts please do not send any information to this post.
This is being forwarded to the Paypal security team.
Thanks,
Original Message Follows
From: io o
Reply-To: ActiveDir@mail.activedir.org
To: activedir activedir@mail.activedir.org
Subject: [ActiveDir]
Hi,
I had recently posted about a virus outbreak in our environment, now that we
have the virus contained I notice some of the normal Windows functionality
hasn't been working properly.
Its a Windows 2000 Domain Controller.
Here are some of the issues: the control panel doesn't display the way
Hi,
You may also place this code inside a login scriptjust renames the 'My
Computer' portion of the remote server to its netbios name.
HTH
Firefox - Rediscover the web
Original Message Follows
From: Salandra, Justin A. [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
The code would help right.8-)
Const MY_COMPUTER = H11
Set objNetwork = CreateObject(Wscript.Network)
objComputerName = objNetwork.ComputerName
Set objShell = CreateObject(Shell.Application)
Set objFolder = objShell.Namespace(MY_COMPUTER)
Set objFolderItem = objFolder.Self
objFolderItem.Name =
Hi,
Has anyone used SUS to deploy Windows XP Service Pack 2 to their client
computers?
I am doing some testing and basically how can one schedule an installation
and effectively have it deployed automatically after the 2nd missed
(scheduled) installation.
E.g.
1. Set SUS through GPO to
Hi,
Can anyone recommend a good training class designed to cater for those
looking to increase their skill set specifically for upgrading a Windows
2000 network to Windows Server 2003?
Thanks in advance.
Firefox - Make the switch today and rediscover the web
List info :
Hi al,
I tested with WXPSP2RC2 and ran into minor issues with GPO templates, only
if you are administering with the W2K3 Administration tools.
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/relsprc2.mspx#top
See the section under Change and Configuration, Compatibility of
Hi all,
We have a remote (satellite) office that does not have any local DC's as its
only temporary.
The office is setup to connect to one of the other main offices (which is a
spoke) in the overall scheme of things. 2 Nortel VPN appliances on either
end of the network provides connectivity
Hi James,
Hyena (which I think still has a 30 day free trial) does this job
wonderfully. In fact, it will also create the new directories with specified
permissions.
Hope this helps...
Original Message Follows
From: James Payne [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL
Hi,
I am in the midst of testing and eventually activating DNS aging and
scavenging for all zones on a particular DNS server (ADI zones).
This server also has a secondary copy of the forest-wide _msdcs zone,
obviously being a secondary zone it should not affect the aging and
scavenging of
.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Devan Pala [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 11:35 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Checklist for changing IP Address
Hi all,
I have2 DC's in a site that need IP's to be updated to reflect network changes.
Both DC's are DNS servers (ADI), DHCP servers (with manual redundant scopes, which are not changing). Each point to themselves for DNS and the other for secondary, with forwarding enabled to the forest root
WebLog - www.msmvps.com/willhack4food
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Tuesday, June 08, 2004 4:19 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Checklist for changing IP Address on DC
Hi all,
I have 2 DC's in a site that need IP's to be updated
I have this setup for a forest root with 2 child domains and the _msdcs zone
(esp. in a W2K domain environment) is a must for replication since it uses
it to find the forest-wide locator records.
Preferably I would only make secondaries of the _msdcs.forestname.com on the
other child domain
Hi,
Is it possible to modify the User Property Pages (GUI) to include a Employee
ID or Number attribute within a user object.
Thanks,
_
FREE pop-up blocking with the new MSN Toolbar get it now!
Hi,
I'm sure this has been covered in previous posts but how can I create a GPO
object and link it to the Domain Controllers OU but only apply it to a
couple of domain controllers for testing purposes?
Is it removing the authenticated users group and adding the specific domain
controllers to
Hi,
I recently sent a post with regards to creating a seperate GPO for DC's to
utilize SUS and Windows Updates.
So far everything looks and works the way I want it to. The only thing I am
trying to figure out is if there is a way to auto download and schedule the
install but not reboot the
Hi all,
Question:
Has anyone experienced issues or know of any 'gotchas' with linking other
GPO objects to the Domain Controllers OU in addition to the Default Domain
Controllers Policy.
Rationale:
I would like to have a GPO ready that essentially has Windows Update enabled
for deploying
Hi,
Does anyone have a script or reference to something that can modify the
Terminal Services Profile property tab under each user. I would like to
change this for hundreds of users.
Thanks,
_
Dream of owning a home? Find out how
Thank You all.
I know I'm well on my way to getting this acheived.
Hyena has the nice GUI and I would also like to try the script from a W2K3
member server with the 'TerminalServicesProfilePath' property.
Cheers,
Original Message Follows
From: Devan Pala [EMAIL PROTECTED]
Reply
|System|Group Policy.
Darren Mar-Elia
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Monday, January 26, 2004 8:10 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Limiting GPO's to Network Logons
Hi,
In a single domain environment, how
Hi,
Does anyone use a logon banner in their environment? While trying to implement this in our environment I see that the banner's dialog box is rather big (as compared to what i remember seeing in a Windows NT 4.0 domain). Foraline of text it just seems ridiculous to have the dialog box set to
Hi,
I have this one domain controller that does not seem to be truncating the
log files but instead creating additional and chewing up space right after
the nightly backups have initiated/ completed.
Service Pack 3 is running on this DC. I was only able to find an article
(Q272425) that was
While on the subject of DC privileges, is it possible to allow server
administrators to administer DHCP, DNS while the policy of restricted
snap-ins is enabled?
Also, how do we allow non-domain admins (only server operators) rights to
modify IP configuration on the DC's. I know there are GPO's
con2prt on the resource kit works like a charm,
HTH...
8-)
Original Message Follows
From: Richard Sumilang [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Connect to printer
Date: Tue, 1 Apr 2003 10:26:45 -0800
I have a Windows 2000 network running
Hi all,
Can someone direct me to a good resource on how to setup the (forest-wide)
_msdcs zone as secondary zones for other sites etc. for replication, which
is a recommended practice by MS.
Most MS literature suggests deleting this folder first then creating the
zone as a primary ADI and
Hi All,
I have the following errors occcurring between 2 sites (inter-site) between
2 domains (root and child).
Errors appear on the root DC (also a GC, and Preferred Bridgehead for
Site1).
In Site2, a preferred Bridgehead (also a GC) does not show errors.
Funny thing is only the
Hi,
In a hub-spoke topology with preferred bridgehead servers, I have set
inter-site replication of the four naming contexts (between 2 domains) to be
NOT available during peak (local) logon times 8am - 10am.
How can I confirm that it is the spoke that this is restricted at and not,
in our
One method may be to use the resource kit utility Con2Prt, works great with
login scripts.
8-)
Original Message Follows
From: Byrne, Steve [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [ActiveDir] assign printers to users via group policy
Date: Sat, 9 Nov
Hi all,
We may have a situation which may present disconnecting domain controllers
(including the ones that hold domain FSMO Roles) for somwhere between 3-6
weeks and perhaps more (facilities issue).
I've found a good list in the (MS Operations Guide) that includes best
practices etc. for
Hi all,
I'm trying to devise a script that will copy the contents of the ERD without
actually requiring to provide a floppy. We used to do this in my old job
(NT) with rdisk and have the script dump the files to a directory on a
weekly basis.
For a start what is the command line to execute
Hello Folks,
I'm in the process of documenting the setup of a secondary DNS server of the
root domain (ADI) to a child domain. Is it best practice to point the server
hosting the secondary zone in the child domain to all
root DC's or just one? I guess in the event of failure of that DC the zone
Hello all,
While on the subject of Citrix/ Terminal Services, has anyone come across
the need to modify the user object class to include an attribute for 'Login
Scripts' with the 'Terminal Server Profile'?
There is a need for us to run another login script to map some drives to a
Hi,
Thanks for all your replies earlier.
Yes, it is true that the server only has 6 drive bays. The array controller
has 2 internal and 2 external ports but I can only use one internally since
the 6 drive bays only terminate to one SCSI port. (in this particular
server). Reason for buying the
Message-
From: Devan Pala [mailto:dpala;hotmail.com]
Sent: Monday, October 21, 2002 4:15 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] RAID Configuration on DC's Part 3
Hi,
Thanks for all your replies earlier.
Yes, it is true that the server only has 6 drive bays. The array controller
has 2
Hello all,
I have the option to either build our site domain controllers/ global
catalog servers with the following configurations:
Array 1 (RAID 1): OS, SYSVOL Page File
Array 2 (RAID 1): Transaction Logs
Array 3 (RAID 1): Database (NTDS.DIT)
OR
Array 1 (RAID 1): OS, SYSVOL Page File
Array
FYI:
The server only has 6 drive bays (Compaq/HP DL380G2). Otherwise, I would
have done a hardware Raid 1, Raid 1, Raid 5 configuration like the root
domain controllers.
Cheers,
_
Internet access plans that fit your
Hi all,
My question centers upon restricting OU Admins the ability to create
Universal Groups but allowing them to create Global Groups and of course
Domain Local Groups.
The design involves OUs based on geographical locations and we would like
local administration to be able to create
from magic.
--- Arthur C. Clarke
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Devan Pala
Sent: Tuesday, September 17, 2002 10:53 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Diagnostic Tools
Hi,
Has anyone had success
Hi,
Has anyone had success with the 'Branch Office' QA scripts? That is, the
batch files and visual basic scripts that check the servers state etc. using
the common tools such as dcdiag, netdiag etc.
Also, does anyone have any ideas on how to automate this process on DC's in
a forest. I'm
Scenario: a typical hub and spoke topology
Background:
Empty root domain, 2 child domains.
Under one of the child domains there will be several spokes.
KCC will select bridgehead servers (BH) for both the hub and the remote
sites (spokes).
Question:
If there are 2 GC's at the remote branch
:[EMAIL PROTECTED]]On Behalf Of Devan Pala
Sent: Wednesday, June 26, 2002 5:30 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] GC Placements
Scenario: a typical hub and spoke topology
Background:
Empty root domain, 2 child domains.
Under one of the child domains there will be several spokes.
KCC
Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
Any sufficiently advanced technology
is indistinguishable from magic.
--- Arthur C. Clarke
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Devan Pala
Sent: Wednesday, June 26, 2002 3:33 PM
68 matches
Mail list logo