to reconnect you will need
permissions to write a whole bunch of attribute values on the object (homeMDB,
proxyAddresses, legacyExchangeDN, etc.).
Tony
-- Original Message --
From: Tom Kern [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date: Mon, 18
waiting?
I wouldn't expect Send As rights to make a difference. I would expect
inherited permissions to make a difference. I would also expect that your
administrative tools should be as current as the Exchange servers.
Al
On 12/19/06, Tom Kern [EMAIL PROTECTED] wrote:
I know. I have write/read
As
permissions on the user object? See the link below for the correct
application of Send As permissions.
http://msexchangeteam.com/archive/2005/01/07/348596.aspx
Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Sunday, 17 December 2006 2:22
.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Tuesday, December 05, 2006 6:12 PM
To: activedirectory
Subject: [ActiveDir] Send As(OT)
I have given a user
I have Exchange delegated full admin rights on the ex2k3 sp2 org and i
have all the read/write perms to mailbox-enabled user attributes
listed here-
http://www.microsoft.com/technet/prodtechnol/exchange/Guides/E2k3ADPerm/bdc119c9-961a-4e78-acf8-97099256f452.mspx?mfr=true
However,I'm running
From: Tom Kern
Sent: Wed 12/13/2006 7:07 PM
To: activedirectory
Subject: [ActiveDir] Object picker weirdness
I have this strange issue where when i'm updating the mangedBy
attribute
of a group with another group.
From a winXP sp2 box running ADUC, in the
object picker when I click
object
I have this strange issue where when i'm updating the mangedBy
attribute of a group with another group.
From a winXP sp2 box running ADUC, in the object picker when I click
object type.., i check off group. And everything is golden.
From a Win2k3 sp1 box running Exchange 2k3, when I select
I have given a user send As perm directly on a universal distribution group
in AD.
However, whenever this user slects the group from the GAL in the From:
field of Outlook 2k3 and attempts to send an email as that group, he gets an
error of You do not have the permission to send the message on
they also happen to be
deep in Directory Services - rare animal that can do that and carry on a
conversation with a non-geek ;)
Out of curiousity, what made you ask in the first place?
On 11/22/06, Tom Kern [EMAIL PROTECTED] wrote:
The place I'm currently at is a large 110,000 + user bank
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Thursday, November 23, 2006 9:11 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] mailNickName(OT)
I ask because the reason mailNickName is in firstname.lastname
format, is due to a dirsync process that runs once a day
-Original Message-
From: Tom Kern [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org ActiveDir@mail.activedir.org
Sent: 11/23/06 5:19 PM
Subject: Re: [ActiveDir] mailNickName(OT)
Hey, thanks Brian.
I really appreciate that.
I know you can do that with the RUS and I'm sure they know, but they don't
is one of them that I flag as fairly high priority due to my
experiences.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Tuesday, November 21
] On Behalf Of Tom Kern
Sent: Tuesday, November 21, 2006 5:19 AM
To: activedirectory
Subject: [ActiveDir] mailNickName(OT)
Is there anyway to change the format of the mailNickName attibute to
be something other than sAMAccountName automatically?
Is there something like a display specifiers change
Can anyone help me out with a script that will just query every
exchange server and SG in the org and dump out the # of mailboxes on
each store to a txt file?
The output is simple, just EX severname-SGname-store-#of mailboxes.
I can get the size of a mailbox or store but I can't seem to just
I have a server that used to be a clustered Exchange box.
Exchange and MSCS was removed(I dont know how), but the Exchange
server object is still in the config NC and ESM.
I can't right click the server in ESM and select remove.
The ex cluster 2 nodes are still live and in the domain.
The
properties of the mailbox.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Friday, October 13, 2006 5:16 AM
To: ActiveDir@mail.activedir.org
Subject: Re
Of Tom Kern
Sent: Thursday, October 12, 2006 8:46 PM
To: activedirectory
Subject: [ActiveDir] OT:Exchange/outlook auth question
This isn't really an issue but more of an request for an explanation
of how things work under the hood.
I have a mutli domain forest.
A user who is an Exchange full admin
This isn't really an issue but more of an request for an explanation
of how things work under the hood.
I have a mutli domain forest.
A user who is an Exchange full admin in one domain logs in and opens
Outlook to an mailbox that is owned by a user account in another
domain(same forest).
This
be half the battle right there but i still can't seem to implement it.
Thanks for all your help
On 9/19/06, mike kline [EMAIL PROTECTED] wrote:
Give dumpsec a try
http://www.somarsoft.com/
We have used it on our file severs and it works well.
Thanks
Mike
On 9/18/06, Tom Kern [EMAIL PROTECTED
Can someone direct me to a _vbscript_ that I can run remotely which will dump the ACl's of all file/folders on a bunch of remote servers(250)to a central Excel spreadsheet?
I assume using wmi.
Thanks, sorry for the bother but I can't seem to be able to google anything deifinitive on this.
Thanks.
What would be the best readable format to dump it to(for management).?
On 9/18/06, Brian Desmond [EMAIL PROTECTED] wrote:
The Cacls command line tool and a _vbscript_ to walk the tree (using FileSystemObject) will do the trick. ACLs aren't really spreadsheet type data IMHO.
a _vbscript_?
Thanks again.
On 9/18/06, Tom Kern [EMAIL PROTECTED] wrote:
Thanks.
What would be the best readable format to dump it to(for management).?
On 9/18/06, Brian Desmond [EMAIL PROTECTED]
wrote:
The Cacls command line tool and a _vbscript_ to walk the tree (using FileSystemObject
Anyone know of issues with Citrix Secure Access Manager in a 2 Forest set up(2-way external trust)?
I have the Citrix SAM in a source forest and I'm having issues trying to give access to log to the Presentation Server to a user from the target forest.
Here's my setup-
The user is given access
it out at the moment. I'll take your word that the password not required is true for this user. If you remove that setting (i.e. require the user to have a password) then that password would, by policy, have to be at least 6 chars in length.
On 9/6/06, Tom Kern
[EMAIL PROTECTED] wrote
I'm having this weird issue where I have a user account who is able to log in with a blank password.
The Default Domain Policy is set to a min password length of 6 characters.
The userAccountControl on the user is set to 512.
The Domain is at win2k3 DFL and FFL.
Is there any other way besides a
If you mean before the policy was set up, then, no.
This policy has been in effect for acouple ofyears and the account was created a month ago..
Maybe the PC is not getting the Default Domain Policy?
On 9/6/06, Williams, Robert [EMAIL PROTECTED] wrote:
Tom,
This is just a stab in the dark
applies regardless, because the account is stored in AD. If it's a local account, then the policy doesn't apply regardless; domain account policies don't apply to local accounts. Is this a local account or a domain account?
Laura
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Tom
ADUC.
On 9/6/06, Laura A. Robinson [EMAIL PROTECTED] wrote:
How was the account created?
Thanks,
Laura
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Wednesday, September 06, 2006 1:10 PM
To: ActiveDir@mail.activedir.orgSubject:
Re: [ActiveDir] Strange
Sorry to be so dense.
So, if i give the anonymous logon special id an ACE on the share AND enable null sessions AND actually logon anonymously, it will work?
All 3 criterion have to be met?
What about give Anonymous Logon the right to log on over the network?
Do i need to do that?
Does that do
I have a share set up on a test box. The perms on the share give anonymous logonaccess full control.
When I try to net use to the share from a stand alone workstation or a user not logged into the domain, I get prompted for a user name and password.
With Anon Logon, should'nt I just be able to map
I think it covers scripting on Exchange,win2k3 sp1,win2k3 RC2,ADAM,and MIIS among many other things.
It seems to be about 300 + more pages than the first edition of new stuff.
I haven't gotten it yet but I have the first edition which is pretty great and between that and Joe's update of the
Sorry, typo. I meant win2k3 R2 :(
On 6/14/06, Tom Kern [EMAIL PROTECTED] wrote:
I think it covers scripting on Exchange,win2k3 sp1,win2k3 RC2,ADAM,and MIIS among many other things.
It seems to be about 300 + more pages than the first edition of new stuff.
I haven't gotten it yet but I have
My company wants to use a mail stubing app called Mailbox Manager from CA.
I've been going back and forth with the tech there.
He claims that, according to him, due to a limitation in WebDAV, one of the user's proxy addresses needs to be in the format of [EMAIL PROTECTED], for users to be able to
Thanks.
What about mailNickname?
Arethere any issues if mailNickname is different than sAMAccountName in re: to WebDAV?
Thanks again
On 6/9/06, Coleman, Hunter [EMAIL PROTECTED] wrote:
Empirical evidence suggests that he shouldn't be insisting so much. Very few of our users have a proxy
I've been using it fo a while and it still requires trusts.
It even has a Trust Migration Wizard that is run as part of their Pre-Migration Activities
On 6/7/06, Phil Renouf [EMAIL PROTECTED] wrote:
Doesnt the Quest migration tool now claim to be able to migrate without any trusts? It's been a
nope.
I disabled Antigen AV and rebooted the box.
Mail is stuck in the local queue and messages awaiting directory lookup queue.
In perfmon, the VM largest Block Size starts high(~80mb) but falls down to below 16mb in about an hour.
VM Total 16mb Free Blocks is at zero as is VM Total Large Free
/06, Tom Kern [EMAIL PROTECTED] wrote:
nope.
I disabled Antigen AV and rebooted the box.
Mail is stuck in the local queue and messages awaiting directory lookup queue.
In perfmon, the VM largest Block Size starts high(~80mb) but falls down to below 16mb in about an hour.
VM Total 16mb Free
-available MBytes is 533
Pages/sec stays at zero but occasionally spikes to 90 for a sec.
No errors on the NIC's on both Exchange or GC.
Thanks
On 6/6/06, Tom Kern [EMAIL PROTECTED] wrote:
Can you tell me what counters I should be looking at to determine GC perf?
Thanks
On 6/6/06, Al Mulnick
psloggedon from Sysinternals
On 6/6/06, Harding, Devon [EMAIL PROTECTED] wrote:
Is there a Command line util., to remotely tell what user is logged into a PC?
-Devon--- This message (including any attachments) is
. The only thing these boxes have in common is Antigen..
Thanks
On 6/6/06, Al Mulnick [EMAIL PROTECTED] wrote:
In that case, can you go ahead and show us the export of those pab entries that were found to cause the issue?
Al
On 6/6/06, Tom Kern [EMAIL PROTECTED] wrote:
Sorry
Will netsh overwrite the scopes already exisitng on the target?
Also, does netsh migrate leases or just the scope and scope options?
Thanks
On 5/16/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote:
look into netsh. might be of use.On 5/12/06, Tom Kern [EMAIL PROTECTED]
wrote: I want to migrate
)Will netsh overwrite the scopes already exisitng on the target?Also, does netsh migrate leases or just the scope and scope options?Thanks
On 5/16/06, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: look into netsh. might be of use. On 5/12/06, Tom Kern
[EMAIL PROTECTED] wrote: I want to migrate
Well one thing I noticed is that the senders(and some recipients) are members of a AD security DG that has over 3300 members.
I think the categorizer has a 1500 value limit for member?
I'm gonna seperate the members into multiple local groups and then nest them into the DG.
Maybe that will help.
I want to migrate DHCP(scopes,scope options,leases) from one win2k box to another.
My issue is, the target server is running DHCP with scopes,etc already configured.
Is there anyway to migrate the source DHCP server to the target without overwriting the target's settings?
I just want to merge
I didn't get anything, Al.
Just a blank email from you...
On 5/9/06, Al Mulnick [EMAIL PROTECTED] wrote:
Thanks Al.
I sent a email to each DL and found out that what was holding it up was that 2 DL's had a member called ADCDisabledMail which I know is created by the ADC but I don't know how it would end up as a contact.
The contact had no email address.
After I removed it, all was fine.
I'm
Yup
On 5/10/06, Al Mulnick [EMAIL PROTECTED] wrote:
the way to the CAT.That should be kicked out at theclient, and if not at the client, during submission. Did you verify
that your E2K and operating system are as up to date as possible? Ifnot, how far back are you?AlOn 5/10/06, Tom Kern [EMAIL PROTECTED] wrote:
Yup On 5/10/06, Al Mulnick [EMAIL
Under the email addresses tab, it is empty(kinda like this email I'm replying to now :) )
Thanks
On 5/10/06, Al Mulnick [EMAIL PROTECTED] wrote:
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Thursday, May 04, 2006 4:19 PMTo: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Exchange queue(OT)
No, I spent about 2 secs before
://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Sunday, April 30, 2006 8:58 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Robocopy(OT)
Well, I've rebooted the server,ran a chkdsk, and still the dir will not disappear.
I've
/ad3e.htm
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Sunday, April 30, 2006 8:58 AM
To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Robocopy(OT)
Well, I've rebooted the server,ran a chkdsk, and still the dir will not disappear.
I've
I have an issue where a user sends an email to about 1800 recipients using Outlook DL's.
The email always gets stuck in the messages awaiting directory lookup queue for hours(sometimes days).
The only thing logged in the app log is-
Event Type:WarningEvent Source:MSExchangeTransportEvent
seconds that I did trying to find a solution, but I came across this article:
http://support.microsoft.com/default.aspx?kbid=884996
HTH,
Katherine
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: 04 May 2006 20:35
To: activedirectorySubject: [ActiveDir] Exchange
We are installing a new Citrix farm in a new Forest and decommissioning the old Citrix server in our old Forest.
Are there any special procedures to migrate the CAL's over to the Licensing Server in the new Forest?
Thanks
Just wondering what the query would look like in saved queries and if its even possible to do it that way.
I can do it by querying the memberof=groupi'mlookingfor an get a list of all users in that group.
Just wanted to know of i can do the reverse and query the member attrib of the group and get
Well, I've rebooted the server,ran a chkdsk, and still the dir will not disappear.
I've run Process Explorer and Filemon and nothing is acessing this dir.
Yet I can delete it and its missing the security tab(its on an ntfs vol).
How the heck can I get rid of this dir?
Has anyone had an issue
Points taken.
Thanks
Just one rehash-
Due to the adminSDHolder, account operators cannot modify other account operators.
But why should this be true as well for modifying their own properties?
Why shouldn't an account op change his/her phone # or address or displayname etc?
Is it just due to
I know account policies are domain wide but if you put a user in an OU andblock gpoinheritance, can you make that user have a non-expiring password while everyone esle is subject to the normal AD password policy?
I know this is bad security practice but can it be done this way?
Thanks
I have an admin who is an Account Operator but can't modify his own account info like address or phone number.
I know via the adminSDHolder, account ops can't modify other account ops but this user should be able to modifiy his own account.
There is no entry for Self in the ACL editor for his
now realize that Today is the Tomorrow you were worried about Yesterday? -anonFrom:
[EMAIL PROTECTED] on behalf of Tom Kern
Sent: Mon 4/24/2006 10:15 AM To: activedirectorySubject: [ActiveDir] Speaking of Adminsdholder...Does this affect users who have been delegated
/profile="">
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Tuesday, April 25, 2006 4:16 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Speaking of Adminsdholder...
You were right, the adminCount was still set to 1 but after clearing
I keep getting this error logged in the system log of my PDC FSMO-
The source server casuing the issue is another DC in the same domain(Win2k3 FFL)
Event Type:WarningEvent Source:LSASRVEvent Category:SPNEGO (Negotiator) Event ID:40960Date:10/28/2005Time:11:04:18
Time is correct on both DC's.
I don't think I should reset the password on a DC?
That seems a little drastic...
Thanks
On 4/24/06, Active Directory [EMAIL PROTECTED] wrote:
Try resetting the machine account password using NETDOM it must be run from the local machine can't be done remotely.
Thats what I thought.
But I have a admin who is an Account Operator and in a group which has Exchange Full Admin rights on the Org who gets an access denied error when trying to delete an exchange mailbox
The user he is trying to delete used to be an Account Op but I took him out of the group
How can you programatically lockout an account?
Do i have to manipulate the userAccountControl attribute or lockoutTime attrib?
Can you just do this using Adsiedit.msc or LDP.exe as well?
Just curious.
Thanks
I guess what I want to know is what attrib you can set to just lock it out...
Thanks
On 4/18/06, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
When testing, I simply use a net use command and provide the correct userID but wrong pw. Repeat until the account locks.
Simple but effective :)
neil
Only the sytem can change that.
Just curioisity.
No real reason.
I was just interested that if you wanted to lockout an account for testing purposes, you could do it with a script or mainipulating an attrib instead of making ldap or net use calls with bad passwords.
Thanks a lot for all your
I have a strange issue.
I had a help desk admin robocopy a dir from one server to another.
During the copy, for whatever reason, he canceled the robocopy job.
When he went to the target server a empty dir was created which now cannot be deleted.
I can't delete it through explorer or the command
What switches would you use to get adfind to just list all mail enabled security distribution groups that begin with DL- and only list the authorig attrib to find out who can send to that group.
I don't want any other attribs like member,etc.
Just who can send to that group?
Is this possible?
Thanks
On 3/29/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
http://blogs.brnets.com/michael/archive/2004/06/24/168.aspx
:m:dsm:cci:mvp| marcusoh.blogspot.com
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Tom KernSent: Wednesday,
of anything on any DC's. I have it installed on a member server and works fine for my entire organization.
From: [EMAIL PROTECTED] on behalf of Tom Kern
Sent: Mon 3/27/2006 4:58 PMTo: activedirectorySubject: [ActiveDir] Surf control web filter and DC'sManagement wants
Management wants to install the Surfcontrol web filter with something called Enterprise User Manager which allows the product to log which url's a user visits by user name in addition to ip and workstation name.
What troubles me is that the service has to be installed on every DC for user name
In their docs, it says EUM has to be installed on a DC
And for greater user name accuracy, they recommend installing it on all DC's.
They claim its a dll that runs as a subauth under LSA.
Are we talking about the same thing?
Thanks
On 3/27/06, Todd Hofert [EMAIL PROTECTED] wrote:
I have
dsrevoke
On 3/17/06, Harding, Devon [EMAIL PROTECTED] wrote:
When I delegate permissions to a group in ADUC to a specific OU (using the Delegate Wizard), how can I go back and see who was delegated and the permissions?
Devon
Harding
Windows Systems Engineer
Southern Wine Spirits - BSG
This may sound like a stupid question, but here goes-
When MS says that Print Operators, Account Operators,or Backup Operators are protected by the PDCE checking the ACL on the AdminSDHolder object, I never see those groups in the ACE.
Where are they listed?
How are they protected?
What ACL is
when you say if the SD of one of those objects is not the same as what is on the adminSDHolder object..., where on the adminSDHolder object are these values kept that help it determine the SD?
Thanks
On 3/17/06, joe [EMAIL PROTECTED] wrote:
The SDPROP thread monitors groups/users that are
We currently run Tivoli for monitoring and software distribution here(No, SMS and MOM are not an option).
Right now there are talks about installing Tivoli endpoints on our Win2k3 DC's for monitoring those as well.
How do people on this list feel about Tivoli for monitoring, specifically, and
VMware has a free server product-
http://www.vmware.com/products/server/
On 3/3/06, Alborzfard, Alex [EMAIL PROTECTED] wrote:
Can you get me a free copy of VMware??!!
J I like the sunbelt site too.
Alex Alborzfard
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of Alex
Getmac
On 2/23/06, Todd Hofert [EMAIL PROTECTED] wrote:
I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method?
Thanks
Todd
This e-mail and any attachments may
daserver1 It will register SPN http/daserver for computer daserver1
From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED]] On Behalf Of Tom Kern Sent: Tuesday, February 21, 2006 1:26 PM
To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] SPN issue
Thank you
I'm at the end of a win2k native to win2k3 win2k3FFL/DFL migration using Quest Migration Manager.
I've noticed we've had many login issues where users can map drives via ip but not hostname(dns is working and you can ping by name).
Also, when connecting via a drive mapping, the error recieved is
there.
The SPN in ADof my box and the server I'm connecting to seems find.
Both client and server are in the same Domain.
DNS is functioning.
Time is in sync.
Anyplace else I should be looking?
Thanks a lot.
On 2/21/06, Tom Kern [EMAIL PROTECTED] wrote:
I'm at the end of a win2k native to win2k3
anything to help me there.The SPN in AD of my box and the server I'm connecting to seems find.
Both client and server are in the same Domain.DNS is functioning.Time is in sync.Anyplace else I should be looking?Thanks a lot.On 2/21/06, Tom Kern
[EMAIL PROTECTED] wrote: I'm at the end of a win2k
/OP5080570765.opandco.com HOST/OP5080570765
On 2/21/06, Tom Kern [EMAIL PROTECTED] wrote:
I get this, when I use netbios name-
C:\Program Files\Resource Kitsetspn -R OP5080570765Failed to crack name CORP\OP5080570765 into the FQDN, (0) 1 0x2
I get this when i use FQDN-
C:\Program Files\Resource
is the Tomorrow you were worried about
Yesterday?-anon From: [EMAIL PROTECTED] on behalf of Tom Kern Sent: Tue 2/21/2006 11:52 AM
To: activedirectory Subject: Re: [ActiveDir] SPN issue Ok, I came up with some more stuff- If i use the FQDN, I can map a drive without
?-anon
From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] on behalf of Tom Kern
Sent: Tue 2/21/2006 1:01 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] SPN issue I get this, when I use netbios name-
C:\Program Files\Resource Kitsetspn -R OP5080570765 Failed
]] On Behalf Of Tom Kern Sent: Tuesday, February 21, 2006 1:26 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] SPN issue
Thank you for the advice. I will in the future. This is the output from setspn /A C:\Program Files\Resource Kitsetspn -A OP5080570765host/OP5080570765 Unable to locate
In windows 2000 Forest, what are the bare minium rights needed for a user to run perfmon?
I'd like to delegate this to someone without making them alocal admin on the box.
Is this possible?
I can't seem to find a gpo adm template that allows this for win2k.
Thanks
. Olivarez - Contractor
GD-NS
From: Tom Kern [mailto:
[EMAIL PROTECTED]] Sent: Monday, February 13, 2006 8:14 AM
To: activedirectorySubject: [ActiveDir] permon access
In windows 2000 Forest, what are the bare minium rights needed for a user to run perfmon?
I'd like to delegate this to someo
/Article/ArticleID/16529/16529.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;164018
Thanks... ... ... ...
Sergio J. Olivarez - Contractor
GD-NS
From: Tom Kern [mailto:
[EMAIL PROTECTED]] Sent: Monday, February 13, 2006 8:36 AM
To: ActiveDir@mail.activedir.org
Subject: Re
Sorry,
member servers.
remotely.
Thanks
On 2/13/06, Tom Kern [EMAIL PROTECTED] wrote:
Thank you very much!!
Thats exactly what I was looking for...
On 2/13/06, Olivarez, Sergio J Mr ANOSC/FCBS
[EMAIL PROTECTED] wrote:
Yeah sorry bout that! I realized that after I had already sent
:
[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, February 13, 2006 9:04 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] permon access
Sorry,
member servers.
remotely.
Thanks
On 2/13/06, Tom Kern [EMAIL PROTECTED]
wrote:
Thank you very much!!
Thats exactly what I was looking
KernSent: Monday, February 13, 2006 9:04 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] permon access
Sorry,
member servers.
remotely.
Thanks
On 2/13/06, Tom Kern [EMAIL PROTECTED]
wrote:
Thank you very much!!
Thats exactly what I was looking for...
On 2/13/06, Olivarez
I have a couple of servers that have lost some key perfmon counters like memory,processor,process,etc.
How can I get these back?
I don't think just running lodctr /R seems to do anything.
I read on some newsgroup about copying the perfc009.dat and perfh009.dat from the win2k cd back to system32
Really?
I mean, there is no way to just restore them via some reg entry or command or copying some .dat or .dll over?
I only ask because we are using Tivoli here for monitoring and it can't get this info and our servers are all over the US and some branches don't have any techs or anyone to come
sorry. I should've mentioned that I tried that.
The mem,processor,etc counters don't show up in exctrlst.exe either
thanks
On 2/10/06, TIROA YANN [EMAIL PROTECTED] wrote:
Hello,,Did you try to use exctrlst.exe that is available in the win2k rkit ?Here a lin for download
I'm running this query -
C:\WinAdminToolsadfind -b dc=mydomain,dc=com -f ((objectcategory=computer)(whencreated=2005111200.0z))
I get this error-
ldap_get_next_page_s: [myDC.mydomain.com] Error 0x35 (53) - Unwilling To Perform
Is this related to paging?
Am i going over the 1000 object
How do i find out that file name?
i've tried lodctr.exe /S:savedfile and then lodctr.exe /R:savedfile.
I guess the above just saves and reloads the current working counters you have and doesn't actually reset all the standard system ones.
perfmon counters are a big mystery to me. I've never
lodctr /R doesn't seem to do anything.
In the article it says -
Locate the following registry key to search for services that have a Performance subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
If i'm trying to restore the mem or processor counters, this key doesn't seem to help me.
1 - 100 of 322 matches
Mail list logo