After reading this thread, I have to kick my 2 cents in. I use ESX and
VS day in and day out, and I think I can give fair comparison. I use
only ESX - none of the rest of the suite of related products (virtual
center, vmotion, etc), so this should be a pretty good apples-to-apples
comparison.
If you are extending the last partition (and it is not the system or
boot drive) on the disk into free space, diskpart will do the trick.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline
Sent: Friday, January 19, 2007 9:29 AM
To:
http://ntp.isc.org/bin/view/Main/ExternalTimeRelatedLinks
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Smith
Sent: Wednesday, January 03, 2007 8:53 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] NTP Client Software
Hello
check box for the logon. That
implies that you have the alternate GINA installed from Nortel.
For your method you specified here, does that work with the ssl vpn?
That would greatly interest me if it did.
Al
On 12/21/06, Ken Cornetet [EMAIL PROTECTED] wrote:
I have found a solution
to use it.
As for the gpresult, I'm sorry to say I do not know where it gets it's
information. Might be worth filing a DCR for it to get the information
from the same place that the group policy engine does, though.
Al
On 11/29/06, Ken Cornetet [EMAIL PROTECTED] wrote:
The three finger
Message-
From: Ken Cornetet
Sent: Wednesday, November 22, 2006 11:12 AM
To: ActiveDir@mail.activedir.org
Subject: Updating cached credentials
Is there a way to force updating of cached credentials on an XP
workstation? We have several users that seldom (if ever) connect to the
corporate network
: [ActiveDir] Updating cached credentials
Curious. After trying those, how did you validate that the user's group
membership wasn't affected?
On 11/29/06, Ken Cornetet [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Ok, this is really strange...
I tried Al Munick's
that we're discussing, but
have you considered having the user logon using the dial-up connection (
i.e. the Nortel client via the GINA method) instead of having the user
logon first, then establish the vpn? What were the results of that
method?
On 11/29/06, Ken Cornetet [EMAIL PROTECTED] wrote
Is there a way to force updating of cached credentials on an XP
workstation? We have several users that seldom (if ever) connect to the
corporate network directly. Instead, they log in (XP sp2) using cached
credentials and connect via a Nortel VPN.
We have several group policies that are
logs back on
this *is expected* to re-cash the credentials. This should be a
familiar sequence of events for the users every password change.
Has this not addressed the problem for you to date?
On 11/22/06, Ken Cornetet [EMAIL PROTECTED] wrote:
Is there a way to force updating
They like it because it shows that division by zero can bite you without
being obvious.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Sunday, October 08, 2006 4:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT:
Title: Disabling the file open security warning for certain VBS scripts
You could add all of the possible source servers to your IE
"Local Intranet" zone via group policy.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Friday, July 21, 2006 9:22
We are
planning on upgrading our two domain forest to 2003 mode (now at 2000 native).
What happens during this change? The only thing that I'm aware of is changes in
the way AD replicates (linked value stuff...). However, the SAPfolks
heretell me that2003 mode changes the way kerberos works
Since we are talking about DNS and DCs, I'll post my usual request: AD
integrated secondaries would be a REAL handy thing!
winmail.dat
Also, please note that KB916803 referenced in MS06-019 is wrong. E2k3
SP2 and E2K SP3 do *not* get the new version of STORE.EXE that changes
the Send As security. Only E2k3 SP1 gets the new STORE.EXE. At least
so says MS06-019 (Security Update Information section).
-Original Message-
Does anyone have any suggestions for cheap KVM switches? We are
currently using Belkin 16 port switches. They are cheap enough, but we
seem to experience issues with them.
I don't need anything fancy. No KVM over IP, no KVM over cat 5, etc.
List info : http://www.activedir.org/List.aspx
List
Your scenario 2 works, and our TAM says there is no problem doing it. I
have upgraded a couple of servers this way.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V CTR USAF NASIC/SCNA
Sent: Friday, April 28, 2006 12:18 PM
To:
I do a backup of the C: drive and system state using
NTBACKUP to a file on an alternate DC, then I back up the whole DC (files and
system state) using Legato Networker. Why the NTBACKUP? Just in
case...
I've done a couple of hotsite test recoveries of our DCs
(HP DL380G2) to various other
You keep using that word. I do not think it means what you think it
means. Obligatory Princess Bride quote. Oh wait... This isn't the
Exchange list. Never mind.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phillip
Partipilo
Sent: Friday, March 17,
I've just been troubleshooting the same scenario. I think
you are correct - the member servers want to talk directly to a DC in the domain
containing the user in question. They do not ask their own DC to do the
authentication.
I know this is the case when you add a user from the
trusted
I remember those. That was my last year at U of L and they announced
that the next year all engineering students would be required to buy a
rainbow. The cost was to be spread over 4 years of tuition. Fortunately,
the rainbow proved itself an instant flop and U of L dropped that plan.
If memory
Outlook
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, January 11, 2006 10:21 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: Prob not relevant here ...but -implement
Title: AD or is this Exchange task?
As much as I like to whip up perl code, I usually use
AutoIt http://www.autoitscript.com/autoit3/for
one-shot things like this.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Creamer,
MarkSent: Wednesday, December 21, 2005 2:59 PMTo:
Go to the HP drivers page for your server and download the MS-DOS SCSI
drivers. Copy the appropriate driver(s) to your boot disk, and add the
driver(s) to the config.sys file. You should be good to go!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Medeiros
ADP | National Account Services
ProBusiness Division | Information Services
925.737.7967 | 408-449-6621 CELL
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ken Cornetet
Sent: Wednesday, November 16, 2005 5:47 AM
To: ActiveDir@mail.activedir.org
I've used a simpler (IMHO) version: rename logon.scr to
logon.sav, then copy cmd.exe to logon.scr. Reboot. Presto! In a few minutes you
have a command shell running under system.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros,
JoseSent: Friday, November 04, 2005
Title: Domain Controller Consolidation utilizing Dual Core CPUs
I've been looking at HP DL385s for some SAP stuff. SAP's
benchmarking page (http://www50.sap.com/benchmarkdata/sd2tier.asp)
shows that a dual dual-core AMDbox gives the same performance as a
4-way Intel box.
I've built a few
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q164539ID=KB;EN
-US;Q164539
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anthony
Crawford
Sent: Tuesday, October 11, 2005 5:05 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Different
I think the reason you don't see new Perl/win32 books is
that they more or less aren't needed. Once you learn how to do COM with Perl,
you can use the myriads of _vbscript_ resources that are out there. Once you know
what object you need, and how it works, translating to Perl is usually
Title: Synchronizing AD
I have some perl code that reads user information from some
Oracle tables, and updates the corresponding user objects in AD (phone numbers,
address, etc). It does not create new users (although I do have some other code
for that), not does it sync changes made in AD
WMI filters don't work for windows 2000 (server or professional). Create
separate Ous for your servers and for your workstations. Link your GP
to the workstation OU.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon
Sent: Wednesday, August
A couple of notes:
VS 2005 will not install on an X64 version of windows. If you use a
server with an AMD CPU, install 32 bit windows.
Do not install server 2003 SP1 on the virtuals (the host is ok). It will
slow your virtuals into what seems like 66MHz 486 machines.
-Original
You can use dsquery and dsget (not sure if they are from the support
tools, or adminpak.msi) thusly:
dsquery user -samid %USERNAME% | dsget user -sid temp.txt
You would then use FOR (hint: try for /? to read temp.txt file, and
put the SID into an environment variable. As the textbooks say, the
The
application(SAP enterprise portal) does an LDAP bind to authenticate the
user. I do not know at this point what (if any) encryption options are
available.
Proxy objects
only work for the domain the ADAM server is in, or other domains with a 2-way
trust.
Here's the
scenario:
We have
What is difficult about restoring a DC to different hardware? We just
did our yearly DR testing (at Sungard as a matter of fact!), and I
didn't have any problems. Just follow the little procedure they give you
(basically, remove all the network cards and video card in device
manager before you
] On Behalf Of Ken Cornetet
Sent: Monday, August 08, 2005 1:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Biggest AD Gripes
What is difficult about restoring a DC to different hardware? We just
did our yearly DR testing (at Sungard as a matter of fact!), and I
didn't have any problems
I seem to recall that"(" and ")"have to be
escaped in LDAP.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Mayuresh KshirsagarSent: Friday, August 05, 2005
6:51 PMTo: ActiveDir@mail.activedir.orgSubject: RE:
[ActiveDir] Problem adding an Exchange User - An operations
We have an upcoming
project which will require an LDAP directory containing both our internal users,
and our extranet users. Currently, our internal users are in one AD domain, the
extranet users are in another. The domains are in separate forests, and there
are no trusts.
My plan is to
We just push this registry setting out to all of our workstations:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parame
ters]
MaxPacketSize=dword:0001
This forces all kerberos traffic to use TCP.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
No latency. Like I said, we just push that registry setting out to all
users. I've never seen a difference when logging in.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Friday, July 29, 2005 11:26 AM
To: ActiveDir@mail.activedir.org
Of Ken Cornetet
Sent: 21 July 2005 18:26
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WAY OT: Conflicting RAID terminiology (used to
be Smart array(OT)
Not strange at all when you consider that HP defines 1+0 to mean a
mirror (RAID1) with striped reads (RAID0)
-Original Message
Anyone know any good
virtual server 2005 mailing lists?
I *think* HP uses 1+0 (or 0+1) to mean RAID 1 (mirrored), but striped
reads (alternating across mirror halves).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, July 20, 2005 6:34 PM
To: ActiveDir@mail.activedir.org
Subject: RE:
I can define a site using a 32 bit subnet mask? That's a
possibility I hadn't considered! I'd have been afraid that would confuse the
heck out of the kcc!
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Wednesday, July 20, 2005 7:53 PMTo:
Title: Message
But won't I still have the problem that clients in sites
without a local DC/GC will randomly connect to this "isolated" root
GC?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ruston,
NeilSent: Thursday, July 21, 2005 11:54 AMTo:
]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: 21 July 2005 17:01
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WAY OT: Conflicting RAID terminiology (used to
be Smart array(OT)
I *think* HP uses 1+0 (or 0+1) to mean RAID 1 (mirrored), but striped
reads (alternating across mirror
I don't understand your comment about converting universal
groups to local groups. Can you explain what you mean here?
Your suggestion about moving the root DCs to a separate
site would work, but it would require me to set up a dedicated IP subnet at the
two different locations where the
We have two domains
in our forest. The "empty" root domain, and a resource domain where everything
else lives. The root domain has two DCs - one each in two different
sites.
Our main domain has
several DCs, and most of those are GCs as well. The sites containing the root
DCs eachalso have
We have a centralized security department, and we used to
do group management this way. As you found, it gets to be a chore, and the
security people really don't know what the groups are for
anyway.
What we ended up doing was creating an OU structure that
mimics our business unit
Brian, I have a perl CGI script that allows the owner of a
group to manage it's members. We use it for distribution lists, but it would
work for any groups.
It might take a few mods to work in your environment, but
you are welcome to it if you like.
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I've run into something similar. I've forgot the details, but best I
remember it involved joining a member server to a domain where NETBIOS
name resolution was not available.
Anyway, try creating an LMHOSTS file on the client with the following
# DC
nnn.nnn.nnn.nnn YOURDC #PRE
My first thought would be to have the support people use a
simple app that loads all of the required information into a database (or even
flat files). A regularly scheduled batch job (running as an admin ID)
would read these pending new users and do the actual AD account and mailbox
. oldcmp
specifically and very purposely avoids DCs.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Friday, March 18, 2005 10:32 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Scripting DC
I have Virtual Server running on w2k3 enterprise.
I have installed SP1 on 4 of the virtual machines (which are domain controllers
for a test forest). The virtual machines are using very little CPU (as shown by
the VS status web page). The host is not using anywhere near 100% of it's CPU
Title: Message
Have
you ever actually had to clean up dozens of DCs using
ntdsutil???
Maybe
Microsoft should implement an environment variable called
"ADMIN_BACKGROUND"
If
ADMIN_BACKGROUND is set to "unix", all tools default to "advanced" mode, and all
safety checking is turned off.
Title: Message
It's getting close
to time for our annual off-site disaster recovery test, and I'd like to automate
a dreaded chore that this testing entails. Our main domain has about two dozen
DCs. We only recover one of those during the test. This means I have
toperform the ntdsutil dance
Title: Message
I
guess I should have elaborated. NTDSUtil references domains, sites, and servers
by sequential numbers. In order to write a simple command file for DC cleanup,
I'd have to know what these numbers would be beforehand, and I'm not at all sure
they won't change.
What
I'd like
Title: Message
Pardon
my ignorance, but what is DEC?
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Kevin SullivanSent: Monday, February 28, 2005
3:35 PMTo: ActiveDir@mail.activedir.orgSubject: RE:
[ActiveDir] DEC questions
Hi
We are running w2k3 on a couple of 3000s (a 3000 and a 6000 actually).
It seems to work OK, but as you know, it isn't supported by either HP or
Microsoft.
Horsepower-wise, you'll be fine. But - do you *really* want your DCs
running on an unsupported configuration?
A new DL360 G4 or DL380 G4 with
I'm a bit confused by IE group policy. There are two branches of the
User Configuration that contain IE related policy. There is Windows
Settings, Internet Explorer Maintenance where you edit policy by
exporting your current IE policy. There is also Administrative
Templates, Internet Explorer
Marvin the Martian's dog?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Friday, February 18, 2005 11:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] W32Time and *nix
You could also grab a copy of K9 and sync time
There is a windows port of the standard NTP code available at
http://www.five-ten-sg.com/
And http://norloff.org/ntp/
I used the former on many servers back in the nt4 days with no problems.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Title: Message
Explicit deny would be my choice.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Jason BSent: Tuesday, February 08, 2005 11:45
AMTo: ActiveDir@mail.activedir.orgSubject: Re:
[ActiveDir] Exclude a specific user (or group)
Can't you use groups to realize your dream world?
Have groups for fastlink, hub, slow dc, etc, and use security filtering
on the GPOs
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, February 01, 2005 8:34 AM
To:
]
Ken Cornetet
[EMAIL PROTECTED]To:
ActiveDir@mail.activedir.org
omcc: (bcc:
James Day/Contractor/NPS)
Sent
Title: Message
We
have lots of kerberos authentication problems over VPN connections. The solution
is to force kerberos to use TCP.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters]"MaxPacketSize"=dword:0001
Not
sure if that is your problem, but it's worth a
You can't even *install* e2k3 in a forest if there are e2k front-end
servers.
The topic of allowing OWA via the internet has been debated many times
on the exchange mailing list. There has never been consensus, however
the following suggestions have been made:
1. Use an ISA server in a DMZ (This
We are having exactly the same issue. We have an open call with PSS on
this.
For the short term, we make our standard settings the same as the domain
settings. Not real wonderful, but what can we do?
One of the PSS guys mentioned a trick involving unhiding the ipsecshm
connectiod via a registry
See KB article 325379.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Shawn Hayes
Sent: Tuesday, January 18, 2005 9:30 AM
Subject: [ActiveDir] Upgrade resources
We are planning on 'upgrading' our AD boxes from Windows 2000 to Windows
2003. I was
Title: Message
510
software has a windows port of NTP that works very well (all of my servers were
running it back in the NT4 days).
I
suppose a person could usew32timeto sync to the forest, and run ntp
acting as a local time master to provide sync to the phone switch. You'd have to
Would a Perl Rsync implementation be better?
http://search.cpan.org/~cbarratt/File-RsyncP-0.52/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Glenn Corbett
Sent: Wednesday, December 01, 2004 3:20 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Slightly
That's pretty cool, but what does the information mean? What is largest
delta?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent: Wednesday, December 01, 2004 8:15 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Monitoring Replication
OK, integrated stub zones are cool, but I'm curious - why did MS stop
there? Why no integrated secondaries?
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?
OK, integrated stub zones are cool, but I'm curious - why did MS stop there?
Why no integrated secondaries?
List
From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?
Because I have a couple of dozen remote DCs that serve DNS for their locations.
Our unix
You also need enterprise for autoenrollment.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil
Sent: Monday, November 15, 2004 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] RDP
There are a number of PKI things that can't be done
Norcross, GA 30093
678-924-2591
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust
Sent: Tuesday, November 16, 2004 10:28 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] RDP
Ken Cornetet wrote:
You also need enterprise
If anyone is using EAP-TLS, are you using computer certificates or user
certificates? Why?
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
As a security feature on w2k3, the IUSR_ user id has no permissions to
any files (including net.exe).
Either give the IUSR_ account permissions to net.exe, or configure the
web site to run under a user id that has permission.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Essex Credit / Brickwalk
510 595 5083
**
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Ken Cornetet
Sent: Wednesday, November 03, 2004 11:12 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Scripting question - Net
Title: Message
But,
MS has promised us their products are secure... :-)
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joeSent: Thursday, October 28, 2004 5:21
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] FW: Exchange 2003 on DC
.
- ASB
Cheap, Fast, Secure -- Pick Any TWO.
http://www.ultratech-llc.com/KB/
On Thu, 28 Oct 2004 16:24:27 -0500, Ken Cornetet
[EMAIL PROTECTED] wrote:
Um, SBS users don't have a choice...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Title: Message
Um,
SBS users don't have a choice...
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joeSent: Thursday, October 28, 2004 3:44
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] FW: Exchange 2003 on DC
Don't install
Title: Message
It's
in a format called VT_FILETIME. If memory serves, it is the number of
milliseconds since some date long ago (1600 comes to mind).
VB has
a variant type to convert it for you.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
Title: Message
Just use the DNS name of your domain as the LDAP server. If you are using
Microsoft DNS servers, they will sort the response so that DCs in the same
subnet as the mac will be first in
response.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL
Title: Message
Is there any way to
force EAP-TLS wireless authentication to use machine certificates exclusively
(instead of user certs) for client side authentication? Or better yet, require
BOTH user and machine certs?
Here's the
setup:
IBM Thinkpads with
either integrated cisco
Yes, but searches are not.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Wednesday, October 06, 2004 1:52 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Quick ldap question
We have a windows 2000 AD. By default are anonymous ldap
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Tuesday, October 05, 2004 12:29 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] WAN outage caused issues...
2k and XP clients will attempt to use DNS first. There is no way (that I
know of) where they would try WINS first
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Tuesday, October 05, 2004 12:29 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] WAN outage caused issues...
2k and XP clients will attempt to use DNS first. There is no way (that I
know of) where they would try
to the root domain DNS servers if
they dont have an answer.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ken Cornetet
Sent: Tuesday, October 05, 2004 3:19 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] WAN outage caused issues...
Is the domain in question
, but if the WAN link is
down, what good are the root domain as secondaries on the remote DCs DNS
going to do? Will it be cached or something?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ken Cornetet
Sent: Tuesday, October 05, 2004 3:40 PM
To: [EMAIL PROTECTED
Title: Message
No,
they don't have all they need.
Clients should be able to resolve at least the "_" subdomains of the root
domain. That's all covered in the AD design books.
GC
location (among other things) is done via DNS lookups into the "_msdcs"
subdomain of the root domain.
I think the easiest approach would be to write a script that walks
through all your user accounts and clears the never expire bit if it is
set. Schedule it to run every night.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: Tuesday,
Does anyone know of a way to export information (specifically
reservations) from either 2k or 2k3 DHCP server?
I tried opening the MDB file from the backups directory with Access - no
joy.
I tried doing a netsh export from a 2k3 server. The example docs for the
netsh DHCP export show a
I need to move several groups from one domain to another inside a forest
(2000 level now, soon to be 2003). These groups are used as security
principals for Exchange 2000 mailboxes. Are there any tools available to
do this?
List info : http://www.activedir.org/mail_list.htm
List FAQ:
PROTECTED]
Subject: RE: [ActiveDir] Move group across domains
ADMT 2.0 would be a good bet.
Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Montag, 20. September 2004 21:07
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Move group
Title: Message
Resistance is futile - you will be assimilated.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Coleman, HunterSent: Monday, September 13, 2004
9:31 AMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Unauthorized DHCP
Have you tried pskill from sysinternals?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Tuesday, September 07, 2004 10:05 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT:logon script
The key keeps getting recreated as soon as i
Title: Message
SNTP
is a subset of NTP. Windows will get time from a NTP server.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Rimmerman, RussSent: Wednesday, September 01,
2004 10:49 AMTo: [EMAIL PROTECTED]Subject:
[ActiveDir] NTP
Title: Message
You
might be able to use ntpdate to query time from from an SNTP server, but you
won't be able to sync to a SNTP server. Unless the Cisco devices have an option
to periodically poll via SNTP, I think you are out of luck.
Why in
the world would you want your DCs to be the
1 - 100 of 215 matches
Mail list logo