Title: Message
Thanks
Darren, looking into it now. I have been off ill for a bit and apologize
for "posting and running" so to speak. I will post my resolution up as
soon as I have it.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren
Mar-EliaSent: 06 March 2006
The same question was asked at an MS seminar I went to about 3 or 4
years ago, and the MS rep explained that he didn't have a firm technical
answer either, and that at some early point during the dev of AD, there
was an intention to be able to host more than one AD on a DC and that
junction points
Title: Message
My
environment: W2K FL, Mix of W2K and W2K3 DC's, One Forest, One Domain, 60
DC's, all DC's bar one
are relatively well connected (smallest link is 256k).One DCis
poorly connectedon a very highly utilised 1MB
line:-(
Does anyone know
if there is a way to specify which DC a
Title: Message
Sounds
fair enough. I was worried about the default Everyone group memberships
and its appearance as default on shares etc. We have a policy to remove
it, but with over 600 servers chances are that it is still on a few of
them.
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Title: Message
All,
This
is spot on stuff...I knew there was something along these lines and it was the
Authenticated Users bit that Guido refers to that was eluding me. We are
currently in Windows 2000 FFL with a healthy mix of 50 W2K DCs and 30 or so W2K3
SP1 DCs. Due to the
Title: Message
Hey
All,
I am sure this has been covered and I
apologise in advance. We have a Windows 2k single forest/domain that is
slowly being migrated to W2K3/SP1.In generalI am againstour
domain (10k plus users) trusting any domain with non company staff
authenticating against it,
If you
do that method then the DC that you have in the test environment will have a
different name to the ones in Production which may mean that when testing
solutions (is that why you are doing this?) you will have a different names and
stuff to worry about. We achieve what you are after
GUIDs to be
modified. Not sure if this is the situation you are running into or not.
Diane
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, November 28, 2005 5:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Trusts
] On Behalf Of Smith, Brad
Sent: 29 November 2005 09:31
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Trusts.
Yep, that was one one of the 1st things I tried. It works, as does changing
focus of AD tools and eventvwr to point to the other domain.
-Original Message-
From
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: 29 November 2005 09:51
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Trusts.
Got it. I dumbed down all the signing, encrypting and NTLM prerequisites
(ie, LM and NTLM, not NTLM2) and it worked. Now I need
Message-
From: Rocky Habeeb [mailto:[EMAIL PROTECTED]
Sent: 29 November 2005 13:39
To: Smith, Brad
Subject: Your Trust creation process
Dear Brad,
You wrote:
Got it. I dumbed down all the signing, encrypting and NTLM prerequisites
(ie, LM and NTLM, not NTLM2) and it worked.
and,
and it only
not in the office at the moment but there is a microsoft Kb titled
something like creating trusts are not establised as expected, this has
about 8 steps you can walk through to trouble shoot.
Regards
Mark
-Original Message-
From: Smith, Brad [EMAIL PROTECTED]
Date: Fri, 25 Nov 2005 13:56:42
Grr. This thing won't budge. I have implemented the settings from the
article below, but still no joy. I will hopefully have missed something and
will re-check.watch this space.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: 28
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, November 28, 2005 5:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Trusts.
Grr. This thing won't budge. I have implemented the settings from the
article below, but still no joy. I
Title: RE: [ActiveDir] Proving a User is logged on to the domain
SorryIt is a legacy trust between a W2K Domain (Single Domain, Single
Forest) and a W2K3 Domain (Single Domain, Single Forest). I know how to create
trusts, that bit is easy enough, what I am having problems with is
Title: RE: [ActiveDir] Proving a User is logged on to the domain
It is
worth adding that I have configured WINS as well, and both DC's a registering
properly with it...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith,
BradSent: 25 November 2005 13:57To:
Hi List,
I am having annoying problems getting two forests to establish a trust (one
is W2K, one is W2K3). Has anyone got a reference to what permissions are
required
TIA,
Brad
This email and any attached files are confidential and copyright protected. If
you are not the addressee, any
Just as an update.
We have decided on an additional and new separate Forest/Domain
infastructure to host external user accounts...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B.
Simon-Weidner
Sent: 08 November 2005 22:24
To:
Hello List,
I have a situation I would be interested in getting feedback from you all
on. Our setup is Single Forest, Single domain, all W2K or later, DFL is W2K
Native. We have a user population of around 14k and this domain is THE
central AD service for the entire company. I am working with
@mail.activedir.org
Subject: Re: [ActiveDir] Incorporating external users...
Smith, Brad wrote:
(...)
What other issues/considerations have list reader come across when
incorporating large amounts of external users?
If You are building this solution from the scratch or You can do some
development
: Re: [ActiveDir] Incorporating external users...
Smith, Brad wrote:
Thanks, I will certainly look into that . I neglected to mention that
I need to have a solution ready for pilot within Dec/Jan time frame.
You can test Your solution with Windows 2003 R2 RC now - it is working with
Windows
always worked with Exchange and the upgrade from 5.5
will often cause that. It's valid, it's not against any best practices, but
it can be a pain to work with.
You found a workaround, but I wonder if there's another way to handle the
special characters?
Just curious mostly.
From: Smith, Brad
Neil, have a look at CreateXMLFromEnvironment.wsf and
CreateEnvironmentFromXML.wsf from C:\Program Files\GPMC\Scripts. Darren put
me onto these a week or so ago and I have been able export Users, Groups,
Group Membership, OU, GPO (incl ACLS and security) to about 80% accuracy so
far. Check out
to export an AD environment to XML
That's where I started - but I need OU perms and don't believe that script
exports that data, by default.
Did you extend the script at all?
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: 21 October
Of Smith, Brad
Sent: 21 October 2005 15:03
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Script to export an AD environment to XML
Neil, have a look at CreateXMLFromEnvironment.wsf and
CreateEnvironmentFromXML.wsf from C:\Program Files\GPMC\Scripts. Darren put
me onto these a week or so ago
);
This could be done a lot smarter I know, but for a quick fix this works and
is all I need for now.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: 12 October 2005 13:16
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting
Capistrano, California
I tell ya, if that did it for me,
I'd be the happiest man on earth...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Tuesday, October 11, 2005 1:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir
:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Tuesday, October 11, 2005 1:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.
Thanks all for the replies
Darren- I wil linvestigate the scripts you mention and see how I get on.
Al/Ed- I need to run
below.
Darren
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.
All,
I am pondering the possibility of automating
Philosopher
Protecting the world from PSTs and Bricked Backups!T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.
All,
I am
All,
I am pondering the possibility of automating the creation of development
environments. The problem I am hoping to solve is that a lot of our testing
needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present. Recreating this is a nightmare, so to alleviate
PROTECTED] On Behalf Of Smith, Brad
Sent: Wednesday, August 24, 2005 11:25 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User SIDs...
Just incase anyone else is still following this I thought I'd post an
(unfortuantely useless) update. The problem I am experiencing is not due
to large
Title: SSL question
Jorge,
Thanks for the links. I have already got my schema upgrades done, but your
comments light up another possible option. What if I weighted the new DC with a
really low SRV weight such as 5. Would this mean that a very small number
of clients would authenticate
Hey All,
Can anyone tell me where this group is stored? It isn't in the directory,
and it isn't a local group...any ideas on how to check it's membership list
is correct?
TIA,
Brad
This email and any attached files are confidential and copyright protected. If
you are not the addressee, any
:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Wednesday, August 24, 2005 5:17 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enterprise Domain Controllers
Hey All,
Can anyone tell me where this group is stored? It isn't in the directory,
and it isn't a local group...any ideas on how
will have to get the developer to add in some extra debug info me thinks.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: 22 August 2005 15:31
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User SIDs...
That is a good idea, and in my
and see if it works that way and then slowly back up to what you have that
is failing.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Friday, August 19, 2005 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User SIDs
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, August 22, 2005 6:32 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User SIDs...
I am going to duplicate the users account (can't really be bothering them
much more :-) and then remove half
Hello All,
Does anyone know the default length a users SID (Win2K DC's, WinXP
SP2clients ) can be before problems such as
http://support.microsoft.com/?kbid=327825
http://support.microsoft.com/?kbid=327825 start occuring ? Also, there
anyway to determine the actual length of a users SID???
Title: [ActiveDir] User SIDs...
Al,
thanks for that, I hadn't caught that bit of the article and have approprialtely
chastised myself. The reason I missed it is because I jumped to the end of
the article to see if it applies to Windows XP. It applies to Win2k, which
we have for DC's, but
] On Behalf Of Smith, Brad
Sent: Friday, August 19, 2005 8:29 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] User SIDs...
Hello All,
Does anyone know the default length a users SID (Win2K DC's, WinXP
SP2clients ) can be before problems such as
http://support.microsoft.com/?kbid=327825
http
tokensz.exe and run something like -
C:\tokensz /compute_tokensize
Dean
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Friday, August 19, 2005 8:29 AM
if they knew what to help with. :)
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Friday, August 19, 2005 10:49 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User SIDs...
Looks like the PAC is intact, and all SIDs
Title: DCPromo Answer fileno DNS.
Thanks
Brian/Dan, this is now up and running perfectly.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan
HolmeSent: Wednesday, August 03, 2005 8:00 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DCPromo Answer
fileno
Title: Virtual Domain Controllers
We run
multiple DC's on GSX and ESX. Eveyrthing seems have gone fine so far, and
MS will give their best endeavours on support. Most of the time they don't even
ask us if the DC is virtual ;-)
Also,
ensure that the time sync capability is disabled in the
Title: DCPromo Answer fileno DNS.
The
bit that threw me is that my DCPromo process ignored the section
[NetOptionalComponents]
DNS
= 1
Hence
first invoking.
C:\WINNT\SYSTEM32\SYSOCMGR
/I:C:\WINNT\SYSTEM32\SYSOC.INF
/u:C:\my_answer_file.txt
Also FYI - This is not the first DC on
Title: DCPromo Answer fileno DNS.
Cheers, that has worked nicely. I was a bit surprised still that
you can't drive the DCPromo wizard by using settings in the [DCPromo] section of
the answer file.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent:
Title: DCPromo Answer fileno DNS.
Hii All,
I have set up a Win2K domain (single DC, SP3) and have joined a Win2K3 member server. I have promoted the W2K3 Member server using a dcpromo answer file, but cannot seem to force it to install DNS.
Any ideas ??
Brad
PS: Answer file below.
Title: Message
There
is one way to get a definite answer, has anyone actually tested this
?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ruston,
NeilSent: Thursday, July 21, 2005 8:33 AMTo:
'ActiveDir@mail.activedir.org'Subject: RE: [ActiveDir] RILOE AD
Integration
I
Title: Message
More
fuel to the fire
"Added configuration of HP Lights-Out
Management Products to use directories without having to extend the directory's
schema. This feature requires firmware 1.80 in iLO. A firmware upgrade that
supports this feature in RILOE II is planned. "
from
Title: Message
My
understanding is none whatsoever.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ruston,
NeilSent: Monday, July 18, 2005 5:11 PMTo:
'ActiveDir@mail.activedir.org'Subject: RE: [ActiveDir] RILOE AD
Integration
Does
this mean 'no additional schema mods
I was
all set to introduce these Schema chaneg also, then this article from HP came
out saying that the next iLO version (1.80, due mid July) has "Schema-free Active Directory
Integration"
-Brad
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Francis
OuelletSent:
And
now for the actual link
http://h18013.www1.hp.com/products/servers/management/iloadv/index.html
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Francis
OuelletSent: Wednesday, July 06, 2005 1:05 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] RILOE AD
It might be worth promoting _any_ piece of hardware you have together before
doing this for many reasons. Aside from that, make sure you hardware is
listed in the MS HCl -
http://www.microsoft.com/windows/catalog/server/default.aspx?subID=22xslt=c
Something strange - if you download the MS Security Templates from the
URL below, you get a few DC Templates and they all configure the Password
Policy. Why would they do this if this policy has to be set with GPOs
linked only at the domain level?
From: [EMAIL PROTECTED]
[mailto:[EMAIL
55 matches
Mail list logo