to look at the adschemaanalyzer which can be found in the ADAM SP1
and ADAM R2 distributions.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent
Hello,
I found it ! It was the objectGUID that I imported from the AD prod that caused
this error. I delete this entry in my ldif file and it worsked fine.
Thanks,
Yann
De: [EMAIL PROTECTED] de la part de TIROA YANN
Date: mer. 24/05/2006 10:35
À: ActiveDir
://www.windowsserverfaq.org
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA
YANN
Sent: Monday, May 22, 2006 10:59 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Delete only one object
Hello all,
I'm working on duplicating my AD env. into a test
lab.
I read lots of posts about this and choosed to use
the "CreateXMLFromEnvironment.wsf" and "CreateEnvironmentFromXML.wsf"
only.
The question is: I did a schema extension on my AD
prod and i wondered if the 2 scripts will also
Hello,
I'd like to know if it is possible to delete *only
one* object in the tombstone instead of purging all the objects ?
Thanks,
Yann
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA
YANN
Sent: Monday, May 22, 2006 10:59 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Delete only one object in the Tombstone.
Hello
.
Wook
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Saturday, March 11, 2006 2:52 PM
To: ActiveDir@mail.activedir.org
Subject: RE : [ActiveDir] Migrating AD to a lab
Hello Phil,
I'm interested about your method..
When u
Hello Phil,
I'm interested about your method..
When u put this VM into test environnement, how do u deal with DNS ? Can dns be
installed *after* the introduction of the DC/GC VM ?
Thanks for clarificaition,
Yann
De: [EMAIL PROTECTED] de la part de Phil
Hi,
Just tried it, and that works for security groups or exchange Distribution
lists.
You just have to create a custom rule event with evenid 632 to monitor that
corresponds to an add/delete memberships event.
Here is a usefull eventID lists provided by Susan Bradley on this list which
can
on a win2k/2k3 box.
Yann
De: [EMAIL PROTECTED] de la part de Harding, Devon
Date: lun. 13/02/2006 18:56
À: ActiveDir@mail.activedir.org
Objet : [ActiveDir] ldifde download
Where can I download this to run on XP
Devon Harding
Windows Systems Engineer
Hello,,
Did you try to use exctrlst.exe that is available in the win2k rkit ?
Here a lin for download
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/exct
rlst-o.asp
This will list for u all perfmon counters availables in you box, and
sometimes counters are just present but
6 21:28À:
ActiveDir@mail.activedir.orgObjet: Re: [ActiveDir] Lost perfmon
counters(OT)
sorry. I should've mentioned that I tried that.
The mem,processor,etc counters don't show up in exctrlst.exe either
thanks
On 2/10/06, TIROA
YANN [EMAIL PROTECTED]
wrote:
Hello,,Did
you try to use "exctrl
Hi,
Just launch rdp client with the /console switch as this mstsc /console,
this will give u interactive logon to your server.
Cordialement,Yann TIROACentre de Ressources
Informatique.Campus Scientifique de la DOUA.Bât. Gabriel Lippmann - 2
ème étage - salle 238.43, Bd du 11 Novembre
Title: OT: Tracking File Deletes
Hello,
here is a good start http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/13w2kadc.mspx
Don not remember the eventid corresponding to file deletions, but after
activated audit, try delete a file.directory and see in the security
True execpt if you install the rdp client on windows 2000...
:o))
Cordialement,Yann TIROACentre de Ressources
Informatique.Campus Scientifique de la DOUA.Bât. Gabriel Lippmann - 2
ème étage - salle 238.43, Bd du 11 Novembre 1918.69622 Villeurbanne
Cedex.Web: www.univ-lyon1.fr
De:
Hi,
The only way to
revertyour organization accessible is to run the commandunder Local
System privileges by passing this command in a command line windows as
this:
c:\at
time /interactive cmd.exe
Ex : c:\at12:00 /interactive
cmd.exe
So at 12:00, a command prompt
will appear with
"So at 12:00, a command prompt
will appear with Local System privileges ( type whiami to be sure)." it
is rather "type whoami to be sure".
:)
Yann
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Victor
W.Envoyé: lundi 6 février 2006 16:05À:
Hello,
I
don't check the whole kb you mentionned, but the at /interactive will just
give you the right that you have lost to perform the action described in the
KB.
Cordialement,Yann TIROACentre de Ressources
Informatique.Campus Scientifique de la DOUA.Bât. Gabriel Lippmann - 2
ème étage
Oh yes !
Just think about it, i would recommend you to check*ALL*
theACLs throught the organisation level in case
of
Here is a technet doc describing the default permissions Organization
Container,Address Lists Container,Addressing Container, and many more here
PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: maandag 6 februari 2006 16:30
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Exchange - ESM - All Address Lists and All Global
Address Lists disappeared
Hi,
The only way to revert your organization accessible is to run
would like to disable this popup warning which
appears at each users connection.
Thanks,
Yann
De: [EMAIL PROTECTED] de la part de TIROA YANN
Date: ven. 20/01/2006 22:22
À: ActiveDir@mail.activedir.org
Objet : [ActiveDir] Disable the RDP Popup security alert
have to
start ESM from that same command prompt window?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: maandag 6 februari 2006 19:28
To: ActiveDir@mail.activedir.org
Subject: RE : [ActiveDir] Exchange - ESM - All Address Lists
to try that, nice one.
I am still puzzled why I cannot run forestprep. Can anybody tell me what I have
to do to be able to run forestprep without any errors?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: maandag 6 februari 2006 20
Hi Victor,
I just had this
issue last week !
The All Address Lists has disapeared from ESM
!!!
In fact "someone"
(saw in security event log of my DC) who has the full exchange admin on the
organisation has made an error and deleted the "All Address Lists", then he
tried to recreate it
Hello,Iactivatedthe client drives redirection
whileusers log on a 2k3 TS via tsweb.But, while connecting, there is
always a RDP popupsecurity alert stating that:
"The Remote Desktop
Connection has asked a connection to your computer, do you want to:connect your
local drives to the remote
Title: Congrat Jorge !
Just read jorge's blog @ http://blogs.dirteam.com/blogs/jorge/archive/2006/01/07/387.aspxCongrat
jorge for your nomination as a MVP. :o)Will u have a microsoft professional
card as the MCP/MCSE one ?Yann
Hi joe,
Just for my understanding, the command would be,using my previous
example:
adfind -b "CN=yann\0ADEL:2a299250-27ea-4a05-bdf7-5ca9558ff733,CN=Deleted
Objects,DC=univ-lyon1,DC=fr" -showdel -f "(isdeleted=TRUE)(name=yann*)" .
Right ?
It try it and endeed, that
works faster than
understood !
thanks
Yann
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de
joeEnvoyé: jeudi 12 janvier 2006 14:49À:
ActiveDir@mail.activedir.orgObjet: RE: [ActiveDir] Strange
deleted object issue
Correct, limit search to the deleted objects container when
possible. Some
Hi Tom, i used the following:
if the user yann is deleted from AD:
1) adfind -default -showdel -f isdeleted=TRUE -gc del.txt to
list all deleted users in del.txt (the -gc query the GCs, i found it much faster
to query gcs than dcs).
2) search for your user yann and pickup it's DN
ne" well know
security principle.
Hope that helps
On 1/11/06, TIROA
YANN [EMAIL PROTECTED] wrote:
Hi Tom, i used the
following:
if the user yann is
deleted from AD:
1) adfind -default
-showdel -f isdeleted=TRUE -gc del.txt to list al
De: [EMAIL PROTECTED] de la part de Tom Kern
Date: mer. 11/01/2006 17:40
À: ActiveDir@mail.activedir.org
Objet : Re: [ActiveDir] Strange deleted object issue
That worked.
Thank you very much!!
On 1/11/06, TIROA YANN [EMAIL PROTECTED] wrote:
Not sure if that works but i am
Hi
To complete Al statements,
1) Check if the help desk person has all the required permissions on that user
by either uses dsacls(dsacls objectDN),acldiag (acldiag objectDN
/geteffective:userorgroup) or the effective permission on the security tab
of that user.
2) Check if the user
Hello,
Take a look at the Sakari Kouti's web site http://www.kouti.com/scripts.htm ,
in the Bonus Material section, you have an example (employeeid.vbs)on how to
do this.
As stated Jorge earlier, merry christmas to all of you ! :)
Yann
De: [EMAIL
I don't know if it could help you but for the same pupose as you, I found 2
attributes:
* msIIS-FTPDir - Relative user directory on an FTP Root share = Schema
definition.
* msIIS-FTPRoot -- Virtual FTP Root where user home directory resides. =
Schema definition.
I populated these 2
Hi,
Steve, may i suggest putting Web Admin Tool in the Downloads part of
activedir http://www.activedir.org/Downloads/Downloads.aspx ? You could
made it available for anyone,
if, of course, Tony murray is agree.
Yann
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
You can use this:
acldiag OU=your_ou,DC=domain,DC=com /chkdeleg _skip
This will check whether the Delegation of Control Wizard has been run for an
object.
Acldiag can be run by anybody, but the results of the output will depends on
the users's right to view ACLs of the object you are querying.
Hi,
tcpreplay might help you.
Here u can find the it; http://tcpreplay.sourceforge.net/
Here is an extract from the faq
http://tcpreplay.sourceforge.net/FAQ/node2.html#SECTION00021
Yann
De: [EMAIL PROTECTED] de la part de joe
Date: mar.
understood :)
Yann
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de
joeEnvoyé: lundi 28 novembre 2005 23:29À:
ActiveDir@mail.activedir.orgObjet: RE: [ActiveDir] When is a
domain Admin not a domain Admin?
Base assumption that I took and I expect Hunter took is
that FC was
and does a query for all OUs below it and then does a dsacls /P:N for
each OU found.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Wednesday, November 16, 2005 1:39 PM
To: ActiveDir@mail.activedir.org
Subject: RE
Hi,
The memebrof attribute is not replicated to the global catalog (port 3268), so
you did not find it at all.
Change the GC port (3268) to DC port (389).
So just modify your request as followed
ldapsearch -v -h $SERVER:389 -D CN=snvbug,CN=Users,DC=opsware,DC=com -x -W -b
Hi,
No one answered me snif snif ;o)
I think that u would probably said no it is not possible and i think it
too,...but just asked the question, we never know...
Have a nice day :)
Yann
De: [EMAIL PROTECTED] de la part de TIROA YANN
Date: lun. 14/11
: 16010108151056.0Z
lastLogonTimestamp: 127766343852388433
# search result
search: 2
result: 0 Success
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Wednesday, November 16, 2005 10:20 AM
To: ActiveDir@mail.activedir.org
Great ;)
Yann
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Almeida Pinto,
Jorge de
Envoyé : mardi 15 novembre 2005 15:01
À : ActiveDir@mail.activedir.org
Objet : [ActiveDir] OT: BLOG
For those interested, my blog:
Hello all :)
When delegating permissions at an OU level, I noticed that some
underneath Ous have not the Allow Inheritable permissions to propagate
to this object and all child objects check box checked.
Is there a way to force anyway the application of my Acls to all my
underneath Ous despite
Title: Question about inheritance at the Domain Root level.
Imade a little mistake about the subjectof
my previous mail. It is rather "how to Force application
ofinheritancefor OUs that have inheritance
blocked."Cheers,Yann
the version becomes|higher than then deleted object and the deletion is
undone.|Of course you will still need to do a non-auth restore|followed
by a auth restore if the detection of the deletion is|after the replication
window to the lag
site||Jorge||____||From:
[EMAI
Hi Michel,
If i can permit, have u solved your pb concerning this thread [ActiveDir] only
1 GPO not applying... u posted earlier in this list ? Here is your post
Subject: [ActiveDir] only 1 GPO not applying...
Hi,
I have a little problem applying a GPO.
SETUP: windows 2k native domain with
..if i understand correctly what Activedir gurus
explained to me earlier,
- Without a lag site, you must do a non-auth
restore followed by a auth restore.
- With a lag site, you only need to do a auth
restore.
I'm right ? :)
Yann
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De
.
|Of course you will still need to do a non-auth restore
|followed by a auth restore if the detection of the deletion is
|after the replication window to the lag site
|
|Jorge
|
|
|
|From: [EMAIL PROTECTED] on behalf of TIROA YANN
|Sent: Wed 10/26/2005 4:12 PM
attributes after the authoritative restore.
Ulf
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA
YANN
Sent: Wednesday, October 26, 2005 10:15 PM
To: ActiveDir@mail.activedir.org
Subject: RE : [ActiveDir] AD
What about dfs ?
Yann
De:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
De la part de Frank AbagnaleEnvoyé: mardi 25 octobre
2005 12:05À: ActiveObjet: [ActiveDir] OT:
Robocopy command..
Hi.
I have used robocopy tocopy an entire folder content from oldserver1
to newserver1.
I want to
] On Behalf Of TIROA
YANN
Sent: Thursday, October 20, 2005 3:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Microsoft password notification service
Hi,
Before continuing, Is your first problem resolved
Hello,
Yes u can do it with dsacls command which i think is a part of 2k or 2k3 rkit.
I have used it a long time ago to check the box and it wors great !
I did not remember the exact command but we will find easily by typing type
dsacls /?
The /I:T switch stated for This object and sub
-a3f23deb8114 User GUID:
0146a5d7-774b-47b8-aeb3-72db14d038ac User: MCOM\agnew_s237 Target:
personality Delivery Attempts: 1097 Queued Notifications: 3
0x0005 - Access is denied.
could you help me with this error
message?
thanks
Antonio
-Original Message-From: TIROA YANN
[mailto:[EMAIL
Title: Message
Hi,
Can youdump to usthedetails of thewhole
commandsu typethe results ?
See in the app logs for more informations.
Yann
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Antonio
ArandaEnvoyé: mercredi 19 octobre 2005 17:29À:
ActiveDir@mail.activedir.orgObjet:
Warning Level...: 0
Queue Warning Interval: 30 minutes
Disabled..: False
Total targets: 3
Thanks
Antonio Aranda
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA
YANN
Sent: Wednesday, October 19, 2005
hi,
Yes there is a built in tool in windows 2000 named
cacls
Open a command prompt and type cacls
Cheers,
Yann
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de WILLIAMS,
J.D.Envoyé: mardi 11 octobre 2005 16:36À:
ActiveDir@mail.activedir.orgObjet: RE: [ActiveDir] report on
Hello,
In my university, I had succesfully
delegated to each adminsresponsible oftheir OU the following
tasks:
- Creste.delete groups.
- Create/delete computers
- Create/delete OUs..
- Only Modify Users properties:
Adminshave no right tocreate/delete users because this task is done
by our
PROTECTED] On Behalf Of TIROA YANN
Sent: Thursday, October 06, 2005 12:09 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Question about Delegation Object Owner.
Hello,
In my university, I had succesfully delegated to each admins responsible of
their OU the following tasks
Hi Activedir List :)
A new free tool is now available here
http://www.yside.com/projects/tools.htm which name is XSync v0.2
It duplicates your real AD Domain in a test lab with no SID issues.
Thanks a lot to Chris Wall ([EMAIL PROTECTED]) who made the
information available on the ExhcangeList
Hello,
MS has released such a tool called LimitLogin that can limit the numbers of
login in any machine in a domain.
I have never tested it but you need domains admin rights in order to install
limit login in your app. partition of your active directory. And oh! yes limit
login must be
Thanks for the tips Jorge !
Have a nice day
Cordialement,
Yann TIROA
Centre de Ressources Informatique.
Campus Scientifique de la DOUA.
Bât. Gabriel Lippmann - 2 ème étage - salle 238.
43, Bd du 11 Novembre 1918.
69622 Villeurbanne Cedex.
-Message d'origine-
De : [EMAIL PROTECTED]
Hi,
Have u extend the DS logs in verbose mode ?
Try this KB from microsoft:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314980sd=tech
I will put the logging level at 5 for those following REG_DWORD values :
7 Internal Configuration
8 Directory Access
9 Internal Processing
15 Field
. That's what we did.
Yves
From: TIROA YANN
Sent: Mon 26/09/2005 3:24 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Extend the UI ofADUC on one machine
no one can help me please ? :o(
Have a nice day :)
Cheers,
Yann
no one can help me please ? :o(
Have a nice day :)
Cheers,
Yann
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de TIROA
YANNEnvoyé: vendredi 23 septembre 2005 21:32À:
ActiveDir@mail.activedir.orgObjet: [ActiveDir] Extend the UI
ofADUC on one machine
Hello,
Is there a way
been available for quite some time. If you
have a TAM just ask them for the file and they should be able to get it to
you.
Phil
On 9/21/05, TIROA
YANN [EMAIL PROTECTED]
wrote:
Hello
folks ;o)I heard that the new acctinfo2.dll has been released
Can someone could confirm me
Hello folks ;o)
I heard that the new acctinfo2.dll has been released
Can someone could confirm me this and point me to link to download it ?
Thanks for help :)
Cordialement,
Yann TIROA
Centre de Ressources Informatique.
Campus Scientifique de la DOUA.
Bât. Gabriel Lippmann - 2 ème étage
Hi,
Some ideas...
1) check if the disabled configuration user parameters is checked on the
properties of your gpo: that can avoid users GPO to be applied.
2)is security filtering with a denied ACE applied to authenticated users
instead of read apply ACEs ?
3) is WMI Filter applied with a GPO
Hello,
Don't know if there is already an answer to your
question, butin order to have the domain useradministrative rights over its own
computer, you need to put him into the local adminitrators group
onhis computer.
Cordialement,Yann
TIROACentre de Ressources Informatique.Campus
Hello,
Endeed, MIIS 2003 is great to sync multiple databases with each others,
but see what you REALLY need in your sync, because MIIS costs 12 000$/processor
!! We are about to buy it 'cause we have to sync lots databases with AD, and we
need complex codes in our environnement: miis works
Hello everybody
:o)Glad to come again to this list ;o)Is there a way to decrypt
the Pwdlastset value into readable formatother than uses the acctinfo.dll
?I'd like to import users via csvde and dump the pwdlastset
attribute,but i don't understand the format :(Ex : pwdLastSet =
value
Hi Yann,
Before I knew about joe's ADFIND (with the nice -tdc switch!), I used to
use w32tm /ntte for doing that :-)
-DaveC
Reuters IST Service Delivery
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Thursday
Hi,
Have you tried using the import/export feature that you will find in Outlook ?
I think could do this with your oulook.:
- select your contact
- go to fileimport/export
- then chose export and you will be prompt for the format of file (.txt,
.csv,.xls,etc...)
I don not remember the whole
Hi,
Ah..so for my comprehension, these Deleted Objects do not follow the Tombstone
process for a deleted objects as users,computers.. (60 days if i remind...) as
stated Rick.
Does the Stay of Execution state=15days ONLY apply to DCs state (demoted,
renamed with same name,etc..?) or any
:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Monday, August 08, 2005 11:00 AM
To: ActiveDir@mail.activedir.org
Subject: RE : [ActiveDir] DC replicating with deleted DSA object
Hi,
Ah..so for my comprehension, these Deleted Objects do not follow the Tombstone
process for a deleted objects
Oups sorry.. ...as stated Rick - I make a mistake betwenn Rick Kingslan
and Neil Ruston ;)
Sorry Neil :-)
Cheers,
Yann
De: [EMAIL PROTECTED] de la part de TIROA YANN
Date: lun. 08/08/2005 17:59
À: ActiveDir@mail.activedir.org
Objet : RE : [ActiveDir] DC
Hello all :)
I have more than 70 OUs.
In each of them, I create a group, say AdminGroup
with one or more users into it.
In OU1, i've then delegated to AdminGroup1 the
rights to only view certains attributes, and write others, create certains types
of objects such as groups, computers.
I
Cheers,
#JORGE#
From: [EMAIL PROTECTED] on behalf of TIROA YANN
Sent: Wed 8/3/2005 11:54 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Distribute a template delegation.
Hello all :)
I have more than 70 OUs.
In each of them, I create a group, say
Hi Jose,
From your 1st question, if you are in AD 2k3, you can use the saved queries
fonction that it includes in ADUC mmc.
It permits you to create a custom ldapsearch for nearly everything ou are
looking for :)
If you are still in AD2k, you can use ADSIEDIT to create your own ldapsearch,
Hello,
Do you mean rather CACLS or XACLS for reacling file system ?
I think DSACLS is for permissioning Active Directory objects.
Cheers,
Yann
De: [EMAIL PROTECTED] de la part de [EMAIL PROTECTED]
Date: mer. 03/08/2005 22:23
À: ActiveDir@mail.activedir.org
Hi,
You can use csvde to import your Domain NC and export it to your test lab.
Open a command prompt from your AD production, and type csvde -f
yourproductiondomain.csv (without quotes).
Open your .csv and replace all the DNs corresponding to your AD production, to
your AD test.
Example:
-
Hi Scott,
Thanks for the tip. It's a great tool for documentation rather than writing
long technical papers that can be easily explained by few visuals clicks ..
I test it by capturing sound and video from my desktop and it works fine :)
Now go to make a Karaoke for my colleagues :)
Todd, just to clarify my thinking ...
I would say that Domain-wide password, account lockout and kerberos policies
can only be set at the domain level. Password policies linked at the OU level
are applied to the users configured on the local machine and are ignored when
the users logs in with
Hello,
I you want a fixed value of an attribute to be copied while duplication of an
account, you *must* extend the schema as a requirement.
By default when you duplicate an account, its memberof attribute and others I
don't not remind ;( , is/are also duplicate, so that the new account
.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Monday, August 01, 2005 6:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE : [ActiveDir] Attribute default
Hello,
I you want a fixed value of an attribute to be copied while duplication of an
account, you *must
A good link about admt v2 capabilities from HP expert., including migrating
users profiles, and a comparison between admvt v2 with other third-party tools.
http://redmondmag.com/features/article.asp?EditorialsID=357
Cheers,
Yann
De: [EMAIL PROTECTED] de la
Hi
From a search in the acctivedir archives with the key words Replication
Delegating, you'll find Jorge's answer for delegating replicaton to a
non-admin user.
From the delegation wp:
Replication Management Tasks
Force replication between two servers
Extended right Replication
Hello,
We use MIIS 2003 to synchronise users identity between AD2003, openldap, Oracle
9i, and that works pretty good.
MIIS includes preintegrated directory to manage such as ADAM, novell
edirectory, Active Directory, DSML, Oracle 9i, and many more called Management
Agents (MA) or connectors.
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA
YANN
Sent: Friday, July 22, 2005 9:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [OT]Delegation of privilege
Hi everybody, I'm ok :o)
Joe, if u
Hi everybody, I'm ok :o)
Joe, if u in the process of writing an ADk3/w2k3 (and
maybee2k3 :), do not forget to let us know about it, i will be
highly interested about getting it ... wishing u will not published your
bookin Michigand
langagethat seems to hard for me to
understand :o)
2
Hi Tony :)
While we're on the topic of separate lists, I was thinking of perhaps setting
up a MIIS list. I just wonder if there would be sufficient interest?
- If so, i would be interested of suscribing to such list you would probably
create.
We have deployed MIIS 2003 for now 7 months in our
drives or share folders this way.
Yours, Sakari
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA
YANN
Sent: Monday, July 18, 2005 8:39 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Delegation
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Thursday, July 21, 2005 3:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE : [ActiveDir] Delegation of privilege
Hi joe,
I now realize that my question was not safefull in an AD design. I wanted to do
Ok, Thanks Sakari and Dan for your answers :)
I
will test TWEAKUI for Windows XP.
But in fact, my need is rather giving a user server op, or equivalent
privilege, for only *one DC* and not the whole DCs of my
Domain.
Last question: Whereall the privileges are defined for
built-in
Hi,
So u may generate a .msi with SWIADMLE.MSI free soft that is provided with
windows 2000 CD. In \VALUEADD\3RDPARTY\MGMT\WINSTLE .
It does a snapshot before and after, and will create a .msi, so u can
distribute it with GPOs.
Cheers,
Yann
-Message d'origine-
De : [EMAIL PROTECTED]
changing these search flags in
other AD implementations, which leverage restore tools that also use the
tombstone reanimation method.
/Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Samstag, 9. Juli 2005 00:03
PROTECTED] on behalf of TIROA YANN
Sent: Fri 7/8/2005 11:48 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org;
ActiveDir@mail.activedir.org
Subject: RE : [ActiveDir] Keep existing attributes from users restored.
hi Jorge ;)
Yes you're right in the fact that we must design our AD
Hello all :)
I recovered deleted users from deletion succesfully by either the following
method http://support.microsoft.com/kb/840001/en-us or the excellent adrestore
tool from sysinternals.
But when i restore deleted users, all their existing attributes (such as
telephone, fax dispalyname,
to modify the schema for
such a rare occurrence (at least I hope this is rare)?
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Friday, July 08, 2005 11:05 AM
PROTECTED] On Behalf Of TIROA YANN
Sent: Friday, July 08, 2005 11:05 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Keep existing attributes from users restored.
Hello all :)
I recovered deleted users from deletion succesfully by either the following
method http://support.microsoft.com/kb
1 - 100 of 171 matches
Mail list logo
