[ActiveDir] Pagefile sizes... Its that time of year again.

So you have a Gig of ram on a DC, what do you all set the pagefile size to? Memory +11 MB? Like to hear your feedback. Toddler List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.acti

RE: [ActiveDir] Seeking some feedback ... use of 2003 Admin. tools against a non-forest prep'd 2000 only directory ...

Title: Message Schema Extensions aren't bad, if they are documented correctly and properly replicated throughout the forest.  Rob, didn't you say that you found a way to clean up old schema extensions that Microsoft "fixed" in SP3.   Dean,   Why is it necessary for you to extend the native to

[ActiveDir] Turn off account lockout feature on a account.

Title: Message Does anyone know how to disable account lockout restrictions on a account Like a service account, but leave the rest of the accounts with the ability to be locked out?   Thanks,   Toddler

RE: [ActiveDir] WOT Unreadable code (was Connection String)

and promising work on AD over/through/around > firewalls using > IPSec and other advanced technologies. > > Rick Kingslan MCSE, MCSA, MCT > Microsoft MVP - Active Directory > Associate Expert > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > -Origina

RE: [ActiveDir] Groups and OU's

OU's What are the reasons for delegating the AD Root Identifier?  Why delegate read?   From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 6:25 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Groups and OU's  

RE: [ActiveDir] Connection String

Glenn is that what they make documentation and comments for? Toddler -Original Message- From: Glenn Corbett [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 9:38 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Connection String HAHAHAPerl I like to be able to read my cod

RE: [ActiveDir] find out with VBS: domain trusts

You can use NETDOM.EXE to do the trust and NLTEST to do the Windows 2000 trust and site views, we like to use batch files when possible to gather information quickly. Then we use a command line utility to send email to our inboxes. I am not sure if it fits into the inprocess method you were look

RE: [ActiveDir] Max Connections?

I would go into the Network Connections and select the network adapter on the server. On the Microsoft File and Print item, select properties. And make sure the settings are optimizes for file and print sharing. Next you could pull up perfmon and see what the network usage is for the box, and nu

RE: [ActiveDir] Broken RPC between DC's

You can use PORTQRY to tickle the RPC port 135 and see what is listening. I would also try 137 and 138 UDP respectively. Then check the router configuration to see what it's settings are. Toddler -Original Message- From: Ian Moran [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 20

RE: [ActiveDir] Disaster recovery scenario comments requested.

DR is such an open ended topic. First what constitutes a disaster to your organization? What systems can your organization do without? How much overhead to the capital cost are you willing to assume in your Operations to have a DR system and strategy? Can you solve DR problems with technolog

RE: [ActiveDir] Turn off account lockout feature on a account.

is me guessing).   -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Thursday, August 07, 2003 10:14 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Turn off account lockout feature on a account. Does any

RE: [ActiveDir] Groups and OU's

Title: Message Per delegation I do the following   AD <---Root Identifier     +Delegation   Give FC to the Directory Administrators, Enterprise Admins, and System; Read to the Data Administrators & Authenticated Users.     +OU or CN = Users   Give R/C/M to Full Data Admins, Jr D

RE: [ActiveDir] Turn off account lockout feature on a account.

ature on a account. system account - Original Message - From: Myrick, Todd (NIH/CIT) To: '[EMAIL PROTECTED]' Sent: Thursday, August 07, 2003 9:54 PM Subject: RE: [ActiveDir] Turn off account lockout feature on a account.   Thanks Joe,   Just wan

RE: [ActiveDir] Seeking some feedback ... use of 2003 Admin. tools against a non-forest prep'd 2000 only directory ...

t deal about people getting in the wrong places and doing the wrong things.  Finger fumbles are a natural part of using any system, and an automated tool will only solve some of these.   G.     - Original Message - From: Myrick, Todd (NIH/C

RE: [ActiveDir] WOT Unreadable code (was Connection String)

eDir] WOT Unreadable code (was Connection String) What's up Todd? You have a hankerin' for some chicken? And I probably should stop wasting everyone's inbox capacity with this silliness... Doesn't someone have some AD problems that need fixing? -gil -----Original Message

RE: [ActiveDir] Seeking some feedback ... use of 2003 Admin. tools against a non-forest prep'd 2000 only directory ...

uld be a specific value. Its also good or your 3rd level guys (like me) who dont have 1st and 2nd level banging on the door to do tasks for them if the custom tool is down.   My $0.02   Glenn   - Original Message ----- From: Myrick, Todd (NIH/CIT)

RE: [ActiveDir] Connection String

Don't make me use my Jedi Mind Trick on your butts! Toddler -+SMT+- -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 9:14 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Connection String > Come over to the 'Dark Side' with VB.NET.i

RE: [ActiveDir] NTDS Database Error

I went to www.eventid.net and searched and found the following Event ID: 1168 Source NTDS General Type Error Description Error () has occurred (Internal ID ). Please contact Microsoft Product Support Services for assistance. Error 1032 - See Q280364 & Q265089. Error -1811 - See Q28036

RE: [ActiveDir] WOT Unreadable code (was Connection String)

The Answer to the Universal Question is 42 Toddler Hitchhiking my way to Ottawa! -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:56 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) Have

RE: [ActiveDir] WOT Unreadable code (was Connection String)

That is a pretty nice Picture for a phone. Toddler -Original Message- From: Fugleberg, David A [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 4:58 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) I, for one, am proud of my SRC [1] f

RE: [ActiveDir] Special DEC offer (was ADAM Doc)

ou what. Anyone who has posted to this list in the past month and shows up in Ottawa gets a round on the house. Just mention this special offer... -g Gil Kirkpatrick CTO, NetPro -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Sunday, August 03, 2

RE: [ActiveDir] Special DEC offer (was ADAM Doc)

gt; > Getting' kinda loose and happy with *my* tab aren't you Todd? > > Tell you what. Anyone who has posted to this list in the past > month and > shows up in Ottawa gets a round on the house. Just mention > this special > offer... > > -g > >

RE: [ActiveDir] Special DEC offer (was ADAM Doc)

s up in Ottawa gets a round on the house. Just mention this special offer... -g Gil Kirkpatrick CTO, NetPro -----Original Message----- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Sunday, August 03, 2003 7:02 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADAM

RE: [ActiveDir] ADAM Doc

;ll get together one day, I'm sure. And, I'll take you up on that offer. -rtk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Sunday, August 03, 2003 9:02 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir

RE: [ActiveDir] Force user logoff

I remember seeing a script that you could run to do one of two things, if someone was logged in on one workstation, it would enforce not allowing that person to have multiple network sessions. It would log off someone or not allow them to log onto the workstation if they were logged into other wor

RE: [ActiveDir] Simultaneous password change on multiple DCs

Idan, If any bullets fly your way, I promise to put myself in front of their path, because I am "The One"... "The Toddler" I have mad powers yo... (At least in this Matrix). I think your post was not problematic in the least, and offered good information without blatant self promotion. There a

RE: [ActiveDir] ADAM Doc

e Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Gent Sent: Saturday, August 02, 2003 3:28 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADAM Doc Thanks from most of us

RE: [ActiveDir] OT: Way OT and thread hijacking to boot

BLOGS and RSS!!! Best way to keep up with what everyone is doing who has time to post to it. Maybe companies like AELITA, or NETPRO (Bindview, Quest, and all the little guys too) might want to start integrating support for RSS in their products. www.userland.com owns the protocols and RFC drafts.

RE: [ActiveDir] ADAM Doc

- www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Friday, August 01, 2003 7:39 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADAM Doc http://www.microsoft.com/downloads/details.asp

RE: [ActiveDir] I sent a virus on accident...

Title: Message Antigen is a god send!   We learned from the Love BUG.   No worries mate.   Toddler   -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 5:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] I sent a virus o

[ActiveDir] ADAM Doc

http://www.microsoft.com/downloads/details.aspx?FamilyID=9688f8b9-1034-4ef6- a3e5-2a2a57b5c8e4&DisplayLang=en List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Weblogs or Blogs

I personally use Radio and FM for my Blog (Weblog) that is hosting on Userland. I plan to move to my own hosted URL soon. Radio is a personal content management client tool, that has themes that can be used to construct a weblog. It is the one most pro's like because the content can be FTPed to

[ActiveDir] Pretting interesting site.

http://www.idefense.com Figured that I would share the information. Todd List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Object Instantiation...

Is there a way to turn off Object Instantiation in AD Users and Computers MMC or Any utility that creates objects for that matter using definitions from the AD Schema?   If so, how would you do it?   Thanks,   Todd Myrick  

[ActiveDir] FYI Identity Integration Feature Pack for Microsoft Windows Server Active Directory

Title: Message Overview Identity Integration Feature Pack for Microsoft® Windows Server(tm) Active Directory® manages identities and coordinates user details across Microsoft Active Directory, Active Directory Application Mode (ADAM), Microsoft Exchange 2000 Server, and Exchange Server 2003

RE: [ActiveDir] Identity Management using AD

] Identity Management using AD We're going to make the MV writeable...   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT)Sent: Tuesday, July 08, 2003 7:12 AMTo: '[EMAIL PROTECTED]'Subject: RE: [Acti

RE: [ActiveDir] Identity Management using AD

Murphy was the first one out with a book :P   Glenn   - Original Message - From: Myrick, Todd (NIH/CIT) To: '[EMAIL PROTECTED]' Sent: Wednesday, July 09, 2003 12:11 AM Subject: RE: [ActiveDir] Identity Management using

RE: [ActiveDir] Identity Management using AD

Title: Message My spell checker broke my joke...   I ment to say Marchitecture.  As in Marketing Architecture.   I think the who IIS part is just a bad thing..   Todd -Original Message-From: Myrick, Todd (NIH/CIT) Sent: Tuesday, July 08, 2003 1:02 PMTo: '[EMAIL PROT

RE: [ActiveDir] Identity Management using AD

: [ActiveDir] Identity Management using AD I've been told that MIIS is really just MMS 3.0 renamed.  The description of the software would seem to indicate so.  Is this true?   Mike Thommes Argonne National Laboratory -Original Message-From: Myrick, Todd (NI

RE: [ActiveDir] Taking DC Offline

Title: Message Why not use a tool like Aelita's In-trust http://www.aelita.com/products/InTrust.htm to run the scans against the production environment, I would also mention BV-Control, but I am mad at bindview right now and don't want to promote their products. (Long story).  It would be le

RE: [ActiveDir] AD, Logon times & Custom messages

Title: Message I ordered 10 StIcK's (tm) and they work great.  I name my StIck's for the special purposes they serve.  The best thing is one size fits all!   Toddler -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 8:56 AMTo: '

RE: [ActiveDir] AD DOS vulnerability

ve an issue, post back here or in the > newsgroups so > others can learn of the experience. Even if you call MS and > they say, nope, > no one is having that issue. I have found that they know of > things but won't > come fully forward with them until some minimum number of

RE: [ActiveDir] Identity Management using AD

Title: Message We are in the process of evaluating MIIS here, and AD is currently our source for authentication information, for Enterprise application, we are using a custom database running on Critical Path to sync with other application directories, and get a metaview of the information f

[ActiveDir] Best Practices Guide for Securing AD Part 1 and 2 are on the Technet site.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn ol/ad/Windows2000/maintain/BPguide/Part1/ADSECP1.asp Lets start an interesting review of the content shall we... Todd List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.h

RE: [ActiveDir] AD DOS vulnerability

Thanks Everyone for the great information. We have already begun patching the systems as a result of the information from the list. Todd Myrick -Original Message- From: Robert Moir [mailto:[EMAIL PROTECTED] Sent: Thursday, July 03, 2003 8:53 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveD

RE: [ActiveDir] Object level restore

posting is provided "AS IS" with no warranties, and confers no rights.]   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT)Sent: Tuesday, June 17, 2003 12:40 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveD

RE: [ActiveDir] Microsoft Announces Identity Managment Solution

erver as the database for user information. "   -doug   -----Original Message-----From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 12:47 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Microsoft Announces Identity Managment

[ActiveDir] Microsoft Announces Identity Managment Solution

Title: Message http://www.eweek.com/article2/0,3959,1163269,00.asp   So who knows more about his.   Todd  

RE: [ActiveDir] Attributes missing

Title: Message Which tool from Aelita were you using? DMW, EMM, or EMW?  If you have ER Disk or AD 6.5, you can do attribute level restores of objects.   Todd -Original Message-From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 9:53 AMTo:

RE: [ActiveDir] All Users Prompted to Change Password

Title: Message I personally like Hyena Pretty cheap too.  $100.00 Multi-select and one click will do you.  Can do by ou or entire domain.   Todd -Original Message-From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Monday, June 30, 2003 1:11 PMTo: '[EMAIL PROTECTED]'Subje

RE: [ActiveDir] MMS 2003 and ADAM 2003

software without hassling us every couple of days, and saves on the hardware costs of multiple AD forests (minimum 2 DCs for each instance).   For real corporate applications, we only provide a single directory, AD.   Glenn   - Origi

RE: [ActiveDir] MMS 2003 and ADAM 2003

nd saves on the hardware costs of multiple AD forests (minimum 2 DCs for each instance).   For real corporate applications, we only provide a single directory, AD.   Glenn   - Original Message ----- From: Myrick, Todd (NIH/CIT) To

RE: [ActiveDir] MMS 2003 and ADAM 2003

[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Friday, June 27, 2003 7:24 AM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: [ActiveDir] MMS 2003 and ADAM 2003 I just got word that MMS 2003 and ADAM 2003 are shipping the week of July 3rd.   Now to afford the

RE: [ActiveDir] Question About Schema Extensions.... Chicken or Egg

the Server 2003 AD schema extensions for Exchange 2003.  You lose some minor functionality, nothing major.  We are currently in production with Exchange 2003 w/o Server 2003 AD.   Benton Chase Wink From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd

[ActiveDir] Question About Schema Extensions.... Chicken or Egg

Title: Message We just learned that Exchange 2003 will be RTM next week.  And the Exchange lead is chomping at the bit to extend the schema for it.  We have two problems, we have not extended the schema for Windows 2003, and we have a site design that has some replication issues due to firew

RE: [ActiveDir] MMS 2003 and ADAM 2003

rom simple services to security uses.   Rick Kingslan  MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT)Sent: Friday, June

[ActiveDir] MMS 2003 and ADAM 2003

Title: Message I just got word that MMS 2003 and ADAM 2003 are shipping the week of July 3rd.   Now to afford the server requirements to run MMS 2003.   Requirements for MMS 2003   Windows 2003 EE SQL 2000 EE Visual Studio .NET 2003 Hardware   Makes Simple Sync look very attractive, but

RE: [ActiveDir] OT: Todd Myrick - SearchWin2000.com's 2003 Innovator Award winner

me of those millions I saved.   Toddler   -Original Message- From: Myrick, Todd (NIH/CIT) Sent: Monday, June 16, 2003 11:55 AM To: 'Pye, David' Subject: RE: Follow up article questions.   "The NIH Windows 2000 Focus group determined that the best way to deploy Windows Server 2000 a

RE: [ActiveDir] suggestions for OU delegation information sources

My preferred method is as follows. Keep OU Names simple and linked to object type or organization delegation type. Use the description attribute on each OU to describe the OU instead of making the RDN and DN describe the OU. Also Look at third party products if you have to do multiple delegation

RE: [ActiveDir] Object level restore

Behalf Of Myrick, Todd (NIH/CIT)Sent: Tuesday, June 17, 2003 12:40 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Object level restore   Stuart & Guido thanks for the reply,   I feel this thread has caused some confusion to all involved (possibly f

RE: [ActiveDir] Object level restore

d "AS IS" with no warranties, and confers no rights.]     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT)Sent: Monday, June 16, 2003 12:25 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Aelita's ER Disk

RE: [ActiveDir] Aelita's ER Disk may render AD not supported

Title: Message Stuart,   What changed in the article?  All I see is a reference to the fact that Microsoft has provided an API for vendors to use in 2003, and that it is still potentially bad to do object level restores in Windows 2000 directories.  In addition, responding to this thread tit

RE: [ActiveDir] Active Directory Monitoring with MOM

Here is one for the books. I run repadmin /showvector "dc=,dc=" The results are this. CN=NTDS Settings,CN=server1,CN=Servers,CN=Site-1,CN=Sites,CN=Configuration,DC=domain ,DC=LOCAL 7317912 CN=NTDS Settings,CN=server2,CN=Servers,CN=Site-1,CN=Sites,CN=Configuration,DC=domain ,DC=LOCAL 2959567 CN=N

RE: [ActiveDir] Active Directory Monitoring with MOM

ekend.   Rick Kingslan  MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT)Sent: Thursday, June 12, 2003 1:19 PMTo: '[EMAIL

RE: [ActiveDir] A plea to stay on-topic

Title: Message There is an article in the latest Windows 2003 magazine about how to integrate IAS and Cisco AAA.   Todd -Original Message-From: Martin Tuip [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 6:07 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] A plea t

RE: [ActiveDir] Active Directory Tools on XP Clients

Title: Message There is now a 5.0 version of Hyena out.  See if it fixes the problem.   Todd -Original Message-From: Raymond McClinnis [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 9:49 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Tools on X

RE: [ActiveDir] Active Directory Monitoring with MOM

Title: Message Well there is two schools of thought.  Tell me what it looks like and how to respond or Tell me when something is wrong and automatically respond.  I prefer a more focused view of my Active Directory, that I can delegate out to other Domain Administrators and give them a view

[ActiveDir] Exchange 2000 and 5.5 mailbox recovery tool

Title: Message Aelita just announced a utility that can do brick level recoveries of Exchange mailboxes with out the need for an Exchange recovery Site or Forest.  Works with 5.5 and 2000.  It does require a machine with enough storage to restore the volume though.   http://www.aelita.com/ne

RE: [ActiveDir] Changes to Win2003 and online AD restores

Title: Message I am not sure if anyone is currently taking advantage of this feature yet, because it is only for Windows 2003, and there is still a lot of people deploying 2000.  I do know that some vendors are in talks with Microsoft on how to implement it, and there are some concerns on th

RE: [ActiveDir] Make a former domain controller that was removed from its domain a member server and a member of a new domain.

ver and a member of a new domain.This should answer most of your questions:http://support.microsoft.com/default.aspx?scid=kb;EN-US;216498-----Original Message-From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 9:59 AMTo: '[EMAIL PROTECTED]'

[ActiveDir] Make a former domain controller that was removed from its domain a member server and a member of a new domain.

I tried to DCPROMO a domain controller down to member server status and it said that it was unable to complete the process. Might be insufficient permissions, I can't remember exactly. If you all need the log, I will dig it up. Anyway, what I want to do is forcible remove the domain controller o

[ActiveDir] Exchange 2000 MMC fix for Windows XP released.

Figured many of you might be interested in it. http://www.microsoft.com/downloads/details.aspx?FamilyID=674a4834-023d-4aa0- be6b-0ed7c3ebec3d&DisplayLang=en Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://ww

[ActiveDir] Windows 2003 Network Deployment Guide

http://www.microsoft.com/downloads/details.aspx?FamilyID=5098c84a-8a9b-4e0f- bb27-254f5bfdaaa1&DisplayLang=en#filelist Pretty good synthesis of how to plan and modify network deployments of Windows 2003 network services. Needs a section on PKI though. Todd Myrick List info : http://www.actived

[ActiveDir] Mixed to Native and Exchange 2000

I had a beef fillet marinade in Guinness this weekend, it was actually kind of sweet tasting. So I recommend that or a nice piece of buffalo filet marinade in Guinness for you AD Native Mode celebration. We converted to Native Mode last year on many of our AD Domains. Now is the pain of ADCing a

RE: [ActiveDir] Account Lockout after password reset

Check and see if they have any mapped drives using their old credentials. Todd -Original Message- From: Chuck [mailto:[EMAIL PROTECTED] Sent: Monday, March 24, 2003 12:37 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Account Lockout after password reset Hello, I have had a few users

RE: [ActiveDir] Kerberos Vulnerability

connection - other than name Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Tuesday, March

RE: [ActiveDir] Kerberos Vulnerability

d in Kerberos v4, while AD is built on Kerberos v5. Very different beast. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. > -----Original Message- > From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] >

[ActiveDir] Kerberos Vulnerability

http://www.eweek.com/article2/0,3959,937385,00.asp Just saw this and wondered if anyone on the list has a comment about it. I sent a request to our MS TAM for comment on the article and will post anything I get to the list. Todd Myrick List info : http://www.activedir.org/mail_list.htm List FA

RE: [ActiveDir] Odd looking object in AD

System State Backups.. Greetings all, I have a question about system state backups. It seems several of the products we use to backup our Domain controllers require that the account used to backup the AD and system state be a member of the administrators built-in group. I am wondering if this se

RE: [ActiveDir] Terminal Services

Title: Message http://www.microsoft.com/technet/treeview/default.asp?url="">   Has the getting started guide,  checklist, etc.   http://www.maiciao.com.tw/Documents/windows%202k/ms%20win2k%20terminal%20services/dgw2kts_book.pdf   Definitive Guide to Windows 2000 Terminal Services   You might

RE: [ActiveDir] Site Link Transitivity

Todd, I wrote an article in the March 2003 Windows & .NET mag that discusses how to control authentication traffic in this kind of scenario... it may help as well. -gil -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 8:24 AM To

RE: [ActiveDir] Site Link Transitivity

t MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Myrick, Todd (NIH/CIT) > Sent: Wednesday, March 05, 2003 7:56 AM > To: 

[ActiveDir] Site Link Transitivity

I have a question about peoples experience disabling Site Link Transitivity. I am trying to achieve a hub and spoke design where the spoke sites only replicate with the Hub's. This is to reduce the complexities of configuring firewalls in our enterprise but also to optimize replication so it is ea

RE: [ActiveDir] OT: DEC

Title: Message I am, and if I get my homework done for Gil this week I will be presenting on Integrating AD into an Enterprise Directory Architecture and leading a round table on PKI in the Enterprise.   Todd Myrick   -Original Message-From: Sullivan, Kevin [mailto:[EMAIL PR

RE: [ActiveDir] Dual Administration of partially migrated NT 4 domains

Title: Message I second what Marc says...   I would seriously look at the consulting services of the tools vendors who make the migration tools.  I would also make sure that your stress to the vendor to make the solution fit the organizational requirements not their best practice.    Todd

[ActiveDir] Active Directory Mapping tool

Greetings All, I am looking for a tool that would be able to query an AD forest and map out domain constructs, site constructs, DC's and DNS servers. Do any of you know of such a utility. Thanks in advanced Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ: http://w

[ActiveDir] GPO's and AD...

We started to do some testing in our LAB to confirm a behavior we witnessed on Workstations and Servers in a AD domain. What we wanted to confirm is that if you set a domain wide account policy, that the policy will affect not only the AD database for password and account standards, but workstatio

RE: [ActiveDir] Active Directory Governace Model

I work for the National Institutes of Health, and I was responsible for developing Architectural Standards for deploying Active Directory to encompass 27 NIH IC's and 4 HHS OPDIV's. Does that count? If so, send me an e-mail and we can begin discussing what you are trying to do. Thanks, Todd Myr

[ActiveDir] Windows & .NET Server Magazine Connections...

Just a FYI, this conference was one of the best I have attended in a while. The resort was relaxing and materials were pretty good. The reason why I send a blatant advertisement to this list is to get as many of you all to attend and maybe have a meet and greet at the conference. Lots of great in

[ActiveDir] Q224196 Question about specifiying AD replication to a single port.

Title: Message I have a question about specifiying AD Replication to a specific port.  If you do what the KB article says to do, do you have to set the port on all AD DC's to get it to work correctly, or only on the servers you want to control replication to?  I have several servers who are

[ActiveDir] MS weigh's in on AD and Network Core Services & Anti-Virus

again.   Allan Garrett A small SOCAL college -----Original Message-From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]]Sent: Thursday, November 14, 2002 12:54 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] AD and Network Core Services &

[ActiveDir] AD and Network Core Services & Anti-Virus

Title: AD and Network Core Services & Anti-Virus I have a quick question, Our operating procedures for Core Network Service (AD DCs, WINS, DDNS, CA, Exchange (Antigen), DHCP) servers has been not to run with Anti-Virus protection on them. We feel that the potential for scanner code to conflict

[ActiveDir] Domain Controllers per users...

Title: Message Greetings all,   Quick question, has anyone seen a KB or White paper that outlines the guideline of how many DC's you need per number of users.  The old rule for NT4 was 1 BDC for every 2000 active users.  I have read all the AD sizing papers etc, but just wanted to know if an

RE: [ActiveDir] AD Integration of DDNS Zone and zone replication Solution!

for proper DNS SRV records in DirectoryAnalyzer, but not sure about publication of SPNs. I'll look into it. DirectoryTroubleshooter does have a test that checks SPN publication and it has a pretty complete KB entry as well. -gil -Original Message----- From: Myrick, Todd (NIH/CIT)

[ActiveDir] AD Integration of DDNS Zone and zone replication Solution!

for a secondary zone the AD Integrated one's won't work. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -Original Message- > From: Myrick, Todd (NIH/CIT) [mailto:myrickt@;

RE: [ActiveDir] Issue enumerating more than 1000 members of a group

Aelita EDM ADSI provider automatically does described process. Vladimir Turin -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 09, 2002 1:33 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Issue enumerating more than 1000 me

[ActiveDir] Issue enumerating more than 1000 members of a group

I am using some LDAP tools to enumerate the members of a group and it will only list the first 1000 members. I have tried several tools, all with the same result. Is their a query policy that limits the number of results returned MaxResultSetSize is the only one that comes to mind. Any help is

RE: [ActiveDir] Active Directory Operations Guide

ons, but I don't know where they are on it. Mike Barnard from MSFT did a great job on the AD piece. -gil -Original Message----- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 01, 2002 12:21 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Active D

[ActiveDir] Active Directory Operations Guide

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn ol/ad/windows2000/maintain/opsguide/default.asp I have been searching for a document like this to go along with my Architecture Document, and Implementation Document. Figured I would share my find with you fine folks.

[ActiveDir] List members in a group

Title: Message We have some groups with more than 1000 members in them and when we go to list them in AD tools, we get a message saying that we reached the limit.  Where can we change the default limit?  I know about the default LDAP query policy and have already changed that information.  I

<    1   2   3   4   >