Or the reverse of that ;)
Welcome back Joe.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, April 14, 2005 8:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT Exchange question.
(Gotta love how many Exchange
You may additionally want to check the software running on the DC's in
question if the files are copied and then deleted. Until replication I
wouldn't expect the files to change on newly promoted dc.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Have you read the disaster recovery whitepaper about Exchange on Microsoft's
site yet?
My guess is that you don't have enough of the relevant information, but it's
possible you can salvage some of it. There are also utilities out there
that might be helpful if you really want that data.
Al
I don't believe I've seen something that will show that it performed the
name resolution with local information other than a debug trace (OS debugger
attached to winsock I would guess). Would be cool to have a tool that
showed all of that though. Something that shows:
SuperDupernamelookup.exe:
Wouldn't it make more sense to have the PDCe use the workstation as your
reliable time source and let the rest of AD do it's thing? It has that
built into the product because of how important time sync is to AD
functionality.
Just curious.
Al
-Original Message-
From: [EMAIL
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, April 11, 2005 4:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SLOWW Logons
I find that fix fascinating mostly because the problem description mentions
that other users that used these machines
This is probably what you're referring to:
(1023 sid's) http://support.microsoft.com/default.aspx?scid=kb;en-us;322970
this: http://support.microsoft.com/kb/280830/ (much lower number)
IIRC, 2003 domains can handle more, but I think ~Eric was the one that
posted something about that. Maybe he
I'm not a great vbscripter, but I play one on the internet sometimes :)
Your script looks like this:
Set objWSHNetwork = CreateObject(WScript.Network) 'create network object
strConnectString = \\servername\Boston_IT2
strConnectString = \\servername\Boston_IT
strResult
do you then get
around that, as I can buy a tool off the shelf that'll do it.
I've not yet attempted to write code to fiddle, that'll be when I'm bored
over the next few days.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Friday, April 08, 2005 9:13 AM
Sounds familiar. Wasn't there something in the readme about that (post sp
readme? )
You may also want to post which version of the post-sp3-roll-up you're
trying to install (isn't it time to call it a service pack already???)
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I find that fix fascinating mostly because the problem description mentions
that other users that used these machines worked fine and because the
problem followed the users.
Does this mean that you applied this to the other machines as well?
Al
-Original Message-
From: [EMAIL
IIRC, that's information that's contained in the store and not in the
directory. Have you checked the exchange tools to see what you can do with
that?
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon
Sent: Monday, April 11, 2005 4:34
How'd you try to edit it? And why do you let admins
have rights if you can't trust them?
http://msdn.microsoft.com/library/default.asp?url="">
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of PAUL
MAYESSent: Friday, April 08, 2005 10:03 AMTo:
Certainly good advice ~Eric.
:)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Wednesday, April 06, 2005 5:10 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SLOWW Logons
Staring a new thread from the original
06, 2005 5:42 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD logging
Given the severity of the situation I set them all to 2 and have been
watching the logs
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday
that supports
NTLMv2 and SMB signing.
Jose :-)
---
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mulnick, Al
Sent: Wednesday, April 06, 2005 6:03 AM
To: ActiveDir@mail.activedir.org
troubleshoot why other accounts see to just
vanish?!?!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Thursday, April 07, 2005 6:13 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD logging
Did you notice ~Eric's post?
I
I assume you've seen this: http://support.microsoft.com/kb/325379
And since you've already disabled SMB signing the next step would be turn on
auditing and check for and correct the errors you see.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
up.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Tuesday, April 05, 2005 3:32 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GroupBy type queries in LDAP
Maybe I'm missing something. How do you already know
*Looks* like one of the hosts on the network is trying to use this server to
register for the t. domain. You may want to look into which of the hosts
would be doing that.
'- DNS server(s) primary for the records to be registered is not running'
would be applicable.
Al
-Original
:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, April 06, 2005 9:04 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GroupBy type queries in LDAP
I see what you're saying now. Might be interesting, although seems a chatty
way to do it.
Should we mock it up
http://www.microsoft.com/technet/prodtechnol/exchange/2000/deploy/upgrademig
rate/series/planningguide/p_01_tt1.mspx#ENAA
Might be of interest to you. Would need a few tweaks, but it's mostly what
you need I would imagine.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
How much data are those two users pulling down from the domain controllers
(network trace?) What's different about them?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Wednesday, April 06, 2005 3:38 PM
To:
Which registry setting did you set? And why there? Why not via GPO around
account auditing?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer
Sent: Wednesday, April 06, 2005 3:51 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD
Subject: RE: [ActiveDir] SLOWW Logons
I don't info but they only have three small policies applied to them
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, April 06, 2005 4:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
The default GPO also has auditing set for the domain right now to audit
success and failure for all objects.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, April 06, 2005
PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, April 04, 2005 2:34 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GroupBy type queries in LDAP
Is it just user objects?
((objectClass=User)(objectCategory=Person)(Attribute1=*)) Would return
all
user objects that have a value
but kept up to date in real
time if you are constantly syncing with no additional query time needed.
joe
[1] Ok being entirely relative.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Tuesday, April 05, 2005 9:28 AM
To: ActiveDir
Why would you not want to use it on the entire site (for the sake of
argument?)
I'm not sure I get it. Wouldn't you want it for all of owa?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Tuesday, April 05, 2005 12:34 PM
To:
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Tuesday, April 05, 2005 11:54 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GroupBy type queries in LDAP
...that value and insert into the hash using it as the key...
I think that would not work Joe. The reason being
http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-
9FA7-3A95C9540112displaylang=en
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Thursday, March 31, 2005 5:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE:
I'm trying to figure out why you wouldn't want to
assume that the accont is either gone or tombstoned? Why the verification
step of looking for tombstoned items?
In any event, it takes different rights and settings to
see those tombstoned objects. I wouldn't guess that Zeffy would care
I understand that very well. I'm looking to find the
meaning and perspective behind the request.
Even a transient error could be problematic if you *could*
match it to the tombstoned object because the same issue could still exist.
To prevent the transient errors from occuring, one
I see no particular reason that WINS should care what domain it's in. WINS
job is to do name resolution similar to the function of DNS. Neither really
cares where it lives as long as it lives.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
of my GAL entry.
Anyway, Al, let me know if the reasons given for regional in the previous
email make sense or not. I agree, company goals would be paramount.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Tuesday, March 29
I would argue that WINS is required when setting up some applications. SMS
and Exchange come to mind.
Using the child WINS servers is more than enough for what you're talking
about. I wouldn't take them away completely, but rather just use the
existing. I do that now and don't usually
Always good advice. You can read some details and the registry keys about
it here (for 2000 in this case):
http://www.microsoft.com/technet/archive/windows2000serv/technologies/active
directory/deploy/adguide/adplan/adpch02.mspx
I would have to say to the original poster's question that the
Is it possible that the accounts were deleted during the
replication issues and are now being propagated?
Have you checked the deleted objects container to see if it
exists there on any of the DC's (since replication was indicated, it might not
hurt to check multiple DC's)?
From: [EMAIL
Phil, you know he's for hire right? He has a p*mp and everything last I
heard. :)
That said, it is interesting to see a regional specific approach to name
resolution. Some like it, some don't. I'd be interested to hear why, Joe
because I think it would depend on the company goals whether or
Yes. When you create the query, choose the OU you want. Then use a custom
query and use an LDAP filter search filter on the advanced tab.
Make sense?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Shawn Hayes
Sent: Tuesday, March 29, 2005 3:32 PM
3:54 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP search filter
I end up with something like this but get no information
(((ou=)(name=Comit*))(objectClass=user)(name=*))
This is not a filter from what I can tell
Mulnick, Al [EMAIL PROTECTED] 03/29/05 03:46PM
Yes
Title: Storing dates in AD
Ithink it still depends on how you intend to use the
data.
For example, if you're going to pull other information of
similar type (maybe pwdLastSet?) it would make sense to use the same
format.
Al
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Title: Kerberos and proxy servers
Are you trying to auth to the proxy server itself with
IE?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Isenhour,
JosephSent: Tuesday, March 29, 2005 3:38 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Kerberos and proxy
Help me remember: Why is it that we wouldn't be able to move a user across
an AG? I can understand not being able to move a server across an AG
boundary, but a user doesn't make sense to me in a native org.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
be no issues in cross-AG mailbox
moves. I am sure I have done this at least in test and probably in
production.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 28, 2005 9:24 AM
To: ActiveDir@mail.activedir.org
Subject
Can you give some more background about what they want to see? When you say
logon duration, what does that mean to the managers and is there some other
reason they want to see that information other than for reporting?
I ask that because some users don't logout, but rather lock the
There's no point in deleting it either. You could, but why mess with it? In
native mode, it won't matter.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, March 25, 2005 11:04 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Which LDAP traffic are you thinking of?
Typically LDAP traffic is passed by an application/client for the purpose of
either white pages type lookup or for identification and authentication.
LDAP authentication, by it's nature is unsecure. It passes credentials in
the clear on the wire.
Did
And when you say duplicates names, are they representing different users or
the same users from different forests?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, March 23, 2005 11:23 AM
To:
.
Mulnick, Al
[EMAIL PROTECTED]
T.com To
Sent by: ActiveDir@mail.activedir.org
According to the docs they do work for intraforest as well. It's just been
so long since I've used it I can't remember exactly which path you want in
this situation.
ADMT is a valid tool for domain consolidation (which is essentially what
you're doing). The naming conflicts settings are
That's an awesome explanation, but I think there is still the bit about how
to tell what sysvol the client ended up using. Funny thing is, outside of a
trace, I don't see that as information that's accessible. At least not
easily.
I'm still curious however.
Al
-Original Message-
I've used this in that situation. You can change it from the three days on
there to whatever you like and since it uses subtree search, you can use
either a specific OU or the entire domain directory if you want. It is per
domain.
The script will email a notification with a link to the web
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Tuesday, March 22, 2005 10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Password Expiration Prompt
I've used this in that situation. You can change it from the three days on
there to whatever
Start by looking at the event log on the machine. From there, can you
remote to the machine? If so, try looking at the MMC from that machine's
perspective.
You may also want to look at replication and make sure that it's consistent
(AD repl).
Al
-Original Message-
From: [EMAIL
I wouldn't say either was more secure than the other. I haven't used it in
a while, but last I checked the client didn't support two-factor
authentication unlike putting some other authentication in front of the OWA
server. Other than that, I would view the two as being equal in terms of
Can't imagine why that wouldn't be possible. NTDSUTIL is similar to NETSH
in that you can run the commands from a single call.
i.e. ntdsutil command command command command. Etc
http://www.jsifaq.com/SUBJ/tip4600/rh4675.htm
And
You can pull the disaster docs at Microsoft (should be off of
http://www.microsoft.com/ad ) and re-use a lot of that. There are KB
articles as well.
As for the original poster's question,
The plan is this at the moment: when our server cathes fire, is flooded or
stolen, we take a recent tape
in nearly every session for
several days.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Friday, March 18, 2005 10:08 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Continuity planning and AD
You can pull the disaster docs
To answer both questions:
Yes, sidHistory is supposed to be temporary but for some that's the
lifetime of the product. It's all temporary in the scheme of things right?
As for can you hold more than one sid in the sidHistory attribute, yes you
can.
Additional sIDHistory Information
The
@mail.activedir.org
Subject: Re: [ActiveDir] Can you expire a computer account in AD
That's exacctly what i intend to do. Disable those suckers.
thanks all
- Original Message -
From: Mulnick, Al [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Tuesday, March 15, 2005 2:44 PM
Subject: RE
and services,
I am planning to get a traffic analyzer and I need an alert when something
wrong goes in the Event Viewer, I have many servers and can't login to each
server daily to check the event log, or should I?
thanks,
rc
On Mon, 14 Mar 2005 09:00:49 -0500, Mulnick, Al [EMAIL PROTECTED]
wrote
Of Mulnick, Al
Sent: Monday, March 14, 2005 3:12 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: vbs help
I believe this is what you're looking for:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/ht
ml/wsmthregread.asp
-Original Message-
From
:#e is what I found
on microsoft's site.
Thanks,jb
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Tuesday, March 15, 2005 9:12 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: vbs help
I don't have 10.0 installed
I take you have already seen this doc, correct?
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/examp
le_code_to_retrieve_changes_using_usnchanged.asp
One reason I can think of that would explain why no results is that there
are no changes that meet that criteria. Have you
I'm just curious why you would want to expire a computer account? I would
guess you could if you really set your mind to it, but not sure what
advantage that would provide.
??
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent:
He beat me to it ;0)
You may also want to couple that with a simple ping method to validate if
the machine actually exists or not. Might cross reference it with DHCP/DNS
if ping is too much overhead.
Just some thoughts.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Sounds like your site settings are not working as expected. Have you
verified your AD sites are correct?
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer
Sent: Tuesday, March 15, 2005 2:11 PM
To: ActiveDir@mail.activedir.org
speed connection should I remove the sites and let
everything fall under one site?
Thx
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Tuesday, March 15, 2005 11:14 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Hard
I believe this is what you're looking for:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/ht
ml/wsmthregread.asp
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Monday, March 14, 2005 3:05 PM
To: '[EMAIL
You could add FUD to that list for many orgs. There
was also a time where MBA/MGMT wanted to outsource for best in class focus
(think Brightmail).
Those days are behind us with the concept of black-box
implementations and such, but that doesn't change the mindset.
FWIW, I don't buy the
I do this, but I hadn't notice that behavior. What situation are you seeing
this with? Any particular app?
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe
Sent: Wednesday, March 09, 2005 4:18 PM
To: ActiveDir@mail.activedir.org
no effect.
-DaveC
Reuters AITS Infrastructure
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, March 09, 2005 5:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Command shell under RUNAS
I do this, but I
I think Murray brings up some good points. What are your requirements
exactly?
To differentiate between the products (or others) you'll need to understand
what the ultimate goal is and what you have to work with. For example, is
this a RACF sync? Or LDAP or ?? What exactly needs to sync?
scared at what a really pissed off AD programmer could pull off.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP
transformation, object matching, delta syncing, etc are pretty standard in
the tool world, without having to re-script the weel.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: 08 March 2005 04:03 PM
To: ActiveDir@mail.activedir.org
Why are you changing the password for the account and then later deleting
it? Isn't that redundant?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim Sutton
Sent: Monday, March 07, 2005 7:17 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir]
To be fair, Exchange setup requires WINS. Without it, setup fails.
Outside of that, Exchange requires shortname resolution, but the only answer
to verify that you have shortname resolution is to use WINS/Netbios
resolution.
Can you run without it? Yep. Is it supported? Not currently.
4024
E: [EMAIL PROTECTED]
W: www.TBandA.com
Eastgate House
10 Eastgate
Leeds
LS2 7JL
Office Location Map
-Original Message-
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: 07 March 2005 14
I haven't done it lately, but I would assume you can bind to the root and
iterate the children looking for OU objects. You could also create a query
that searches the domain for objectClass of organizationalUnit and then add
each of the ones you find to the application nodes.
An example ldap
Personally? I like to think of AD as a GUI to Microsoft's implementation of
LDAP. That simplifies a lot of things for me. However, there is more to it
than that and the books you ordered should help in clarifying that.
You don't need to know LDAP to make AD work, but it helps. It's a great
a bit
scared at what a really pissed off AD programmer could pull off.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory
I assume you're talking about this?
http://support.microsoft.com/?kbid=248793
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Mezzone
Sent: Monday, March 07, 2005 11:25 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Renaming Accounts
reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir
scared at what a really pissed off AD programmer could pull off.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory
and LDAP
Yeah, well there's that...
But that doesn't mean it isn't *good* :)
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 10:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory
Potatoe/Potato sort of thing.
It is LDAP and it is an upgrade path from legacy systems such as WINNT.
How you use it plays a part. If you use it as a LDAP directory, then it
*is* a LDAP directory right? If you use it as a WINNT 5.x domain, then it
*is* a WINNT 5.x domain.
To say it's a
reading it back in like 2001 or so and getting a bit
scared at what a really pissed off AD programmer could pull off.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 11:58 AM
To: ActiveDir
Wouldn't it make more sense to just turn that off and send them a
notification via the third-party app? What's their recommendation?
al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Olegario, Alan
Sent: Monday, March 07, 2005 4:30 PM
To:
and then shoot them over an email but
figured I'd try to see if there's any easy way to change the text first.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 07, 2005 4:42 PM
To: ActiveDir@mail.activedir.org
Subject: RE
I wouldn't use SASL for this myself. I don't believe I'd want my customer
data in the windows SAM as that could run into scalability issues (that's
why we went with AD in a distributed fashion vs. local SAM right?)
From your description, a simple bind is the way to go. You'll want to
secure the
will likely drive this to
some sort of unique solution. ADAM is just a lot easier and more integrated
to work with than the other identity stores.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Sunday, March 06, 2005 11:28 AM
To: ActiveDir
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Friday, March 04, 2005 4:48 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP and related Exchange question
I think you interpreted it better than I did. He wrote back and said he
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Thursday, March 03, 2005 10:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: VBScript Question
Figured the Navy was still part of the government :)
I asked the question
PROTECTED] On Behalf Of Mulnick, Al
Sent: Thursday, March 03, 2005 10:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP and related Exchange question
Right, and although it's possible that cdoexm has some of this built in,
it's not likely (and not something I've seen in there before
.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Friday, March 04, 2005 10:53 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP and related Exchange question
GUID is likely NOT an option in a multiple forest scenario
:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Friday, March 04, 2005 10:53 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP and related Exchange question
GUID is likely NOT an option in a multiple forest scenario or multiple
identity stores. But the concept can be applied
] On Behalf Of Mulnick, Al
Sent: Friday, March 04, 2005 1:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP and related Exchange question
How did they handle people changing their names?
I see the ID, but does that ID make sense when the user changes their name
from Joe
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Friday, March 04, 2005 1:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP and related Exchange question
How did they handle people changing their names?
I see the ID, but does that ID make sense
15000 users on the move at any given time?
Anyway, for the move between OU's, have you considered a self-serv app or
something that's (semi)automated inside of the move process? I haven't been
in that large environment in a while, but seems that might make sense for
between OU movement at the
1 - 100 of 854 matches
Mail list logo
