Can anyone share an end-to-end
business process or a listing of security controls used to manage Kerberos
Delegation in Windows 2000 Advanced Server or Windows Server
2003?
Thanks,
-
Alan
We
use the following technique to remove unused or obsolete computers from our
environment:
Run daily
script on all computers that have NOT refreshed their pwdLastSet value
=xx days (xx implies age is configurable)
Report
findings in HTML format to a centralized location
What
I've read from Microsoft ...
GC Partial Attribute Set (PAS)
In Windows 2000, modification required full
rebuild of GC (full synchronization of read-only naming context)
When an additional attribute
was marked for inclusion in the GC, all GC servers reset their USNs
] On Behalf Of Isham, Alan
ASent: Monday, November 17, 2003 1:41 PMTo:
[EMAIL PROTECTED]
Joe, thanks for the reply.
Similarly, Intel has developed a command line tool to
enumerate all group memberships, but for mass consumption by the "office worker"
community, you can't beat an
a mail to A.L.
yourself as well ;-). Anyone else don't like this "update" ?
;-))
Cheers,
Guido
From: Isham, Alan A [mailto:[EMAIL PROTECTED]
Sent: Freitag, 14. November 2003 17:46To:
[EMAIL PROTECTED]Subject: [ActiveDir] MMC ADUC doesn't
view groups I am a member of in my non local
m sure you can add some weight to it with a mail to A.L.
yourself as well ;-). Anyone else don't like this "update" ?
;-))
Cheers,
Guido
From: Isham, Alan A [mailto:[EMAIL PROTECTED]
Sent: Freitag, 14. November 2003 17:46To:
[EMAIL PROTECTED]Subject: [ActiveDir] MMC ADUC doesn't
view groups
Anyone have a known
workaround for the issue below?
I installed MMC Active Directory Users and Computers from
Windows Server 2003 (version 5.2.3790.0) on a new desktop. I can no longer
view groups I am a member of in groups that reside outside of my local domain
like I could with Windows
Little insight regarding what we do
We run a weekly process examining pwdLastSet (which is GC enabled) information. If
the computer hasn't updated its password in =xx days, the system is permanently
deleted. In addition, we are modifying our process to embrace the many Windows Server
2003
Similarly, Intel executes a virtual forest schema expansion test
procedure before going live with any schema change. However, I must
counter Gil's comment regarding 'the cost of extending the schema is
low' because our last 'minor' schema expansion in November 2002 was
billed at 325 man hours
Title: Message
It might have always
been this way, but I don't recall.
Recently, we had a
user escalate an issue requiring us to investigate date and time information on
the user's account. To our surprise, we noticed the time was "11:7:2" and
"17:1:40" which aren't human readable time
Title: Message
See
the white paper at http://www.microsoft.com/windowsserver2003/docs/adam.doc
All of
your answers re: platform compatibility will be answered.
P.S.
google.com has a host of AD/AM info. to be surfed
-Original Message-From: Mulder, Joeri (NL - Amsterdam)
Background: In recent months, we have discovered (reactively) a number
of customers who are content dumping the entire Workers OU (70,000+
objects) at pretty frequent intervals, which is causing mini denial of
service attacks on our domain controllers in small pipe locations.
Has anyone limited
Title: .NET training recommendations for IT technical product managers
Background: I'm a technical product manager overseeing Active Directory at Intel. I work closely with domain infrastructure, AD tools, and Exchange 2000 engineering teams and always find myself behind the 8 ball on .NET
13 matches
Mail list logo