I don't know how AD would handle it. However, if someone else chimes in
with That will blow everything up! then it seems like maybe you could
go with /19 or /20 networks at the primary site in AD and then manually
add any of the other ones that don't fit nicely. Maybe that could save
you some
I saw something similar using kixtart-mapped drive letters a few months
ago. The only thing affected seemed to be Office products and IE. The
knowledge base described it as unable to browse the network, but I
certainly saw it as ranging from severe latency to complete inability to
browse the
OS X? You've been cheating on us with that %#(! ?
I don't know what's so special about her I mean, after all the
plastic surgery she's nothing but UNIX.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall
Sent: Friday, January
Judging by the Exchange 2007 Microsoft Across America Launch Event that
I attended this morning, Exchange 2007 has no limits period. If you
want it to block spam, it blocks spam. If you want it to run with a
2000TB store on Standard, it will do it. If you want it to cook you
breakfast, that
Sorry, that was supposed to say NOT required
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson
Sent: Tuesday, January 16, 2007 4:48 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Who needs that much ram anyway?
Judging
The problem with Broadcom NICs is not typically the hardware. The
Broadcom drivers are absolutely horrible. In particular the Windows
Certified drivers that shipped with 2003. I have seen large file
copies using the native Windows driver move faster across 100BT than
gigabit Broadcom. In fact,
There shouldn't be a problem with running the R2 schema in an SP1
network. As to what that buys you, maybe someone else can address
that??
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Isenhour,
Joseph
Sent: Friday, January 12, 2007 4:11 PM
To:
What client OS?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Monday, December 18, 2006 1:35 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Strange Lock Out Issue
I have a user, who is not logged in
What about using the built-in Citrix printer tools? Are you talking
about copying the printer drivers, or actually publishing printers?
If you are talking about printer drivers so that remote printing works,
then the Citrix Console can do all that. Put the driver on one, and
tell it that the
Check out this article for the Exchange memory settings. There are a
few other tweaks in the registry.
http://support.microsoft.com/kb/815372
Do you have any third-party apps running on your Exchange servers? I
have seen memory leaks in third-party apps cause this kind of virtual
memory issue.
I know there are a bunch of exchange clones out there, but I have yet
to come across one I would recommend. That doesn't mean there is not
one out there. If all you want to use it for is a shared calendar, you
may want to check out a company called softalk.
http://www.softalkltd.com
They have
But I bet when you sit down in front of a computer, it knows it had
better behave :)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent: Monday, December 04, 2006 8:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE:
was out eating turkey. You people were reading the list? Dang, that's
dedication!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson
Sent: Thursday, November 30, 2006 5:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: RE: [ActiveDir] Split
If you can get to Computer Management, you could start the Telnet
service. At that point, telnet to the server and do a shutdown /r. And
I mean a standard telnet connection, not telnet to some fancy port.
I suspect you are having the dreaded rdp doesn't work for some reason
problem, which
] OT: Geeks on Thanksgiving
Well, yeah, but not when there's nummy food to be eaten, naps to be
taken
and games to watch!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson
Sent: Friday, December 01, 2006 10:03 AM
To: ActiveDir
I think 2k3r2 requires at least 16MB on C:. At least that is the error
message I have gotten before when I tried to make it smaller than that.
In 2000 I could make it 10MB without it complaining.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry
and try to set
it
to less than 16MB. If you select the no paging file option, it works
fine.
Laura
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson
Sent: Thursday, November 30, 2006 12:28 PM
To: ActiveDir@mail.activedir.org
Subject: RE
I think Susan brought this up last week or so. Here's the link she
gave. I can't find the original post
http://blogs.technet.com/petergal/archive/2006/03/23/422993.aspx
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent:
Wow, the man is busier than
I thought. Who would know he would have time to make trillions on software,
crush all competition, plot the destruction of Europe (stupid anti-trust), and still
answer email. There must be more than one the man. J
From:
[EMAIL PROTECTED]
I would think that M$ would really fit Morgan Stanley, the financial
services company, very well.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith
Sent: Thursday, November 09, 2006 4:17 PM
To: ActiveDir@mail.activedir.org
Subject: RE:
All of this is done with the assumption
that by plain ol smtp server, you mean you are going to be using POP3 on
the client side.
Option 1
Enable POP3, set up POP accounts in
Outlook, right before you POP for the first time on a client get rid of the
Exchange connection. POP the server,
Citrix should be able to move between
domains without much problem. You might have to recreate the farm connection
if you are using an SQL database, chfarm should do the trick. It might carry
over fine though.
Most of the Citrix apps run with local
credentials unless you change them, so
Check the Group Policies assigned to the
terminal server. Under Computer ConfigurationWindows
SettingsSecurity SettingsLocal PoliciesUser Rights Assignments, look
for Allow Logon through Terminal Services. This user was
probably added here.
If you add a username to any of the
Windows
Backup should truncate the log files.
However, depending on which software you are using, sometimes truncate
log files is an option that you have to select. What backup software are
you running? Are you running an exchange backup or just a file
backup of the Exchange server? If you are
Ntbackup considers the option to Flush Log
Files so obvious that it doesnt even ask. Are you seeing any errors in
the backup logs? I have seen ntbackup fail after the data was backed up but
before it flushed logs, if some of the permissions were changed. Of course
this was 3 years ago, so
http://www.microsoft.com/downloads/details.aspx?FamilyId=4516A6F7-5D44-482B-9DBD-869B4A90159Cdisplaylang=en
If they are local admins, this will not
block them from manually installing it, but if they are local admins, there
arent a whole lot of options.
From: [EMAIL
Are your users local admins? Only admins can approve IE7 for install.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Thursday, October 19, 2006 2:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Blocking IE7
I must be
Are there any error messages in the event
log? There are several problems I have seen where some kind of message
will show up in the logs that tell you where to start looking.
The most common one I have seen lately, if
you see an error in the system event log that says
The RDP
protocol
Certainly disabling the service will be
easier than removing it. That can be done network-wide via Group Policy. I
have seen a kixtart script that removed VNC, but I think that was a version
from about 6 years ago, so I dont know if that would do you any good,
especially if your users are
Elevating priveledges from DA to EA (or from physical DC access to EA)
is simple
Is this physical access to a DC in the root domain or physical access to
a DC with a forest trust to the root domain?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL
This is basically true. If you are supporting older clients or
unpatched servers, make sure you only edit the GPO's from a machine
running XP SP2 or 2003 SP1. Otherwise, you need to install a patch from
MS
http://support.microsoft.com/default.aspx?kbid=842933
2000, XP SP1, and 2003 RTM cannot
Anyone else out there dealing with the Computer Associates eTrust
Antivirus signature thing this morning?
Symptoms: The system process C:\Windows\System32\lsass.exe
terminated unexpectedly with status code 0. The system will now shut down
and restart.
After the reboot, it once again
Antivirus flagging lsass.e x e
http://isc.sans.org/diary.php?nstoryid=1665
Unsubscribe: http://isc.sans.org/notify.php
Yup
Kevin Brunson wrote:
Anyone else out there dealing with the Computer Associates eTrust
Antivirus signature thing this morning?
Symptoms: The system process C:\Windows
You might very well find that it broke the HTTP SSL service. Since
HTTPFilters runs as lsass.exe, it kinda screws things up. This is the
only problem I am still dealing with. WWW pub won't run without it. So
no OWA. Still trying to figure that one out. Other than that, we've
fixed 30 servers
I think the key to this question is a very
simple troubleshooting step. Go into DNS and look at the (same as parent
folder) records. Delete the ones that arent currently DNS servers. If
you are using AD integrated DNS, then this should be any domain controllers
that you want clients to get
When you do an nslookup for the domain,
you are going to get whatever records are listed in DNS for (same as
parent folder). If there is an IP address listed in there that is old
and obsolete, it will still show until you go in and delete it. It is possible
it was there from a time when
In Active Directory Sites and Services,
ensure that each WAN site you want segregated is configured as an AD site.
Then you can specify which servers communicate to other AD sites, as well as
the schedule for replication.
Create a new site. Configure the subnets
for that site. Add domain
Create a GPO for the computer OU.
Edit that GPO, and expand to Computer ConfigurationWindows SettingsSecurity
SettingsRestricted Groups. Right-click Restricted Groups and hit Add
Group. Add Administrators. Configure membership for this groupMembers
of this Group Add domain users,
I dont guess I ever thought about moving
mailroot, but that is a really good idea. Heres an article that tells how to
do it just so no one has to go looking..
http://support.microsoft.com/?kbid=822933
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Al Mulnick
Anyway, I think if he was gonna go out
like that, he wouldve ended it with something like:
We Apologize for the Inconvenience
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kennedy, Jim
Sent: Monday, August 14, 2006 3:08
PM
To: ActiveDir@mail.activedir.org
If you set the servers to want to
communicate between sites as bridgehead servers, then it will autogenerate site
links that fit this topology. Otherwise all of the domain controllers will
want to talk to each other. Being a member of the root domain, it will have
everything needed to get
,
be a DC.
i would still imagine if the other DC's can't talk to this DC - dcdiag and
repadmin would fail or generate errors.
On 8/10/06, Kevin Brunson [EMAIL PROTECTED]
wrote:
If you set the servers to want to communicate between sites
as bridgehead servers, then it will autogenerate
First thing I would check is the DNS
settings on the client. Are they pointing at a valid DNS server, and is it
responding?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Wednesday, August 09, 2006
1:44 PM
To: ActiveDir@mail.activedir.org
They will be able to coexist with no
problems, assuming you take all of the appropriate steps before you upgrade.
You will need to run adprep to prepare the forest and domain for the 2003
schema. Run adprep /forestprep on the schema master, and adprep /domainprep on
the infrastructure
NOT be able to recover it. You WILL break
OWA. Guaranteed. You might very well kill some other Exchange
functionality as well. It is possible you could get OWA back after a
tremendous amount of effort, but you really dont want to promote that
Exchange box.
Kevin Brunson
From:
[EMAIL PROTECTED
role is assumed by a domain controller that is
running Windows Server 2003.Robert Williams
/SNIP
Have a great day!
Robert Williams
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin
Brunson
Sent: Friday, August 04, 2006 9:32
AM
To: ActiveDir@mail.activedir.org
Subject
The only thing I have ever seen is the
Exchange Best Practices Analyzer. I cant think of a time that ever
helped me troubleshoot a problem, although PSS always insists on running it.
If it is the same thing, then what was described below looks like it would be a
significant improvement.
] On Behalf Of Kevin
Brunson
Sent: Friday, August 04, 2006
11:34 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] 2003
domain 2000,
Sorry., how did we get to the
topology generator from adprep?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Williams,
Robert
I have seen a script to do it in _vbscript_,
but not ASP. Heres a link to the
_vbscript_, maybe itll trigger something.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Friday, August 04, 2006 1:05
PM
To: ActiveDir@mail.activedir.org
Subject:
and roll it
into a .hta file and then you could access it from a webpage.
Ed Buford
Network Administrator
Granger
Community Church
630 E. University Drive
Granger, IN 46530
574.243.3506, x386
[EMAIL PROTECTED]
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin
Title: Setting FFL=2 automatically when building first DC in forest
Dont you love online translators
Am hwyl, dwi am ymateb drwy beidio a dweud dim byd mwy
nagadlewyrchu dy bwynt! =
About sail , I am being about answer
through cease I go say anything world more nor reflect he covers
Do you have the Exchange System Management
Tools installed on the other domain controllers?
From the Exchange cd, choose Install
System Management Tools Only. Basically you will choose Custom from the Setup
and tell it to only install the Tools, not the Exchange services.
I would be
There is an adprep folder on the R2 cd. Run
it just like you would for 2000 to 2003 upgrade.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Thursday, July 27, 2006
10:15 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Adding the
first
Title: Exchange rollout - How much larger does NTDS.DIT become?
How many domains, how many users, is it
650 meg on a GC or non-GC? Is this 650meg after an offline defrag? If not
when was the last time it was defragged? I am not sure it is answerable even
with that info, but it certainly
If you do it that way, I would make sure
youve got the network cable unplugged when you boot it after
imaging. Depending on what you are using the server for it could cause
problems.
I had a customer follow this path with a
domain controller. He booted the server from the old drives
R2 servers even if you dont currently have any, if you are doing
anything with DFS. I know that is not what you are asking, sorry.
Anyone disagree?
Kevin
Brunson
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Monday, July 24, 2006 4:07
PM
Title: Disabling the file open security warning for certain VBS scripts
You cant turn it off for specific
files, or even file types. You can set it via Internet Explorer GPO to turn
off the warning altogether, but I dont think you really want that.
There are two options that I know of.
,
neil
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin
Brunson
Sent: 21 July 2006 15:06
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Disabling
the file open security warning for certain VBS scripts
You cant turn it off for specific
files, or even file types
I guess the thing to remember about the
DIT file is that it will be different on every domain controller. If it is a
global catalog it might very well be bigger than the DIT file on another domain
controller that is not a GC. It will also depend on whether or not the
ntds.dit has been
So theyre blowin a lot of smoke to
disguise their actual thought process:
You are a
liability we do not want to expose our servers to. We do not believe you
to be capable of managing an Active Directory environment, and therefore we put
in our own stuff without giving you the passwords.
Certainly the biggest problem I have come
across upgrading from 2k to 2003 was because of one of these legacy
settings. I dont know who at MS decided to go from WINNT
to Windows, but it can cause some pretty serious recovery issues
if you are not using some sort of bare metal restore.
mentioned)
On 7/17/06, Kevin Brunson [EMAIL PROTECTED]
wrote:
Certainly the biggest problem I have come across upgrading
from 2k to 2003 was because of one of these legacy settings. I don't know
who at MS decided to go from WINNT to Windows,
but it can cause some pretty serious
Title: Group Policy won't rerun
Are you seeing any errors in the event
log? If you right-click on the Software Package, there is an option to
Redeploy the application. You may want to try that.
Kevin
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stu Packett
Title: Group Policy won't rerun
By the way, the errors would be in the
Application log on the client, not the server.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stu Packett
Sent: Friday, July 14, 2006 5:17
PM
To: ActiveDir@mail.activedir.org
Subject:
there!
: -Original Message-
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Kevin Brunson
: Sent: Thursday, 13 July 2006 3:00 AM
: To: ActiveDir@mail.activedir.org
: Subject: RE: [ActiveDir] Multihomed Domain Controllers
:
: I have definitely found the hosts file to be useful
Don't domain controllers register their SRV records with both primary
and secondary DNS?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, July 13, 2006 10:02 AM
To: ActiveDir@mail.activedir.org
Cc:
Make sure that the permissions are set to
Apply Group Policy for both the computers AND the student accounts. Otherwise
it will not apply the User Settings.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Piper, Pat
Sent: Thursday, July 13, 2006
11:48 AM
To:
to say that caused
problems. But as long as you know which registry keys to change if it goes
bad, you should be fine. I have seen a multitude of multihomed domain
controllers since with no issues.
Kevin Brunson
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Green
Sent
I have definitely found the hosts file to be useful on servers to keep
them from EVER getting to spyware sites. This guy has a great list :
http://pgl.yoyo.org/adservers/serverlist.php?showintro=0hostformat=host
s
Just cut and paste into the hosts file and you are good to go. I
scripted it for
that... they don't have antispyware because they don't
go anywhere to get spyware and the Enhanced IE is still on there.
Kevin Brunson wrote:
I have definitely found the hosts file to be useful on servers to keep
them from EVER getting to spyware sites. This guy has a great list :
http://pgl.yoyo.org
Sorry, forgive me for my lack of clarity.
I was on the phone with Microsoft when I wrote that, so my head was
shrinking. But dont worry, they refunded my case.
I agree with you 100%.
My rant was purely referring to the
desktop published app, not a physical workstation. I was ranting
Hijack this thread? I didn't know it could be hijacked any more than I
already had.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Freddy HARTONO
Sent: Wednesday, July 12, 2006 8:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Multihomed
it from that 2003 server to another 2003
server, or you could just leave it where it is.
Kevin
Brunson
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN
Sent: Tuesday, July 11, 2006 6:05
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Moving
to reload the original un-upgraded OS on your original CA.
Kevin
Brunson
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin
Brunson
Sent: Tuesday, July 11, 2006 8:48
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Moving a
Certificate Authority
Have you
74 matches
Mail list logo