The magic number (ie, the number of unique SIDs that a token can hold) is
limited to 1000 by design (http://support.microsoft.com/kb/275266/). Once you
get above 1000, you can't logon at all, period. The best way I can think of to
evaluate the complexity and nesting of your group structure
If you're running a Certificate Authority on that DC, you can't change
the computer name without first uninstalling Certificate Services. I'm
not sure what the impact would be on the chain of trust if you reinstall
CertSvcs after the name change.
-Original Message-
From: [EMAIL
You might also check out IBM Tivoli Identity Manager. Seems to be a pretty
slick product. We're beginning to look at it pretty closely. Lots of
out-of-the-box connectors.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mark Parris
Sent: Thursday, May
Hi listers,
I'm considering MIIS for a project haven't been able to find much non-MS
information about MIIS out there on the web. Hoping for help from y'all.
One of the minor knocks against MIIS seems to be a lack of
mgmt/troubleshooting tools. Netpro claims to have filled this gap with
In my
experience, a lot of developers DON'T KNOW in detail what their apps do and what
permissions are required on what resources. They develop with Admin
accounts and make their service accounts Admins unless they're forced
otherwise. That's a sure way to keep security problems out of
