It might be easier to delete the AD user objects representing the wrongly
homed SystemMailboxes, purge the mailboxes and then recreate them using one
of the two methods described here:
http://support.microsoft.com/kb/316622
Cheers
Tony
-Original Message-
From: [EMAIL PROTECTED]
/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Dienstag, 19. Dezember 2006 02:32
To: [EMAIL PROTECTED]
Subject: [ActiveDir] AdminSDHolder orphans
Just wanted to get your opinion
Hi Somesh
Welcome to the discussion list.
Tony
www.activedir.org
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Somesh Sahu
Sent: Monday, 22 January 2007 6:14 p.m.
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Hi All,
Hi all,
This is somesh,New member
Hi Senthil
Please use the [OT] prefix in the subject line when posting off-topic.
Have you looked at the following KB article describing how to manually
remove the transaction log files if they are not successfully removed by a
backup?
http://support.microsoft.com/kb/240145
Tony
_
Hi Michael
Any idea why Microsoft no longer supports this method?
Tony
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Friday, 19 January 2007 6:32 a.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Different default GALs for
to write a white paper.
J
Thanks,
M
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Thursday, January 18, 2007 2:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Different default GALs for different groups
Hi Michael
Any idea why
Hi Milton
In future, please use the [OT] prefix in the subject line for off-topic
posts such as this.
Have a look at the Exchange 5.5. FAQ here for recommendations for adding
disclaimers to email messages.
http://www.swinc.com/resources/exchange/faq_db.asp?status=questions
Have you checked the Type registry parameter?
http://www.activedir.org/article.aspx?aid=74
Tony
-- Original Message --
From: Rimmerman, Russ [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date: Wed, 10 Jan 2007 20:37:53 -0600
I tried it, it
Just wanted to get your opinion on something.
When an object becomes a member of one of the groups protected by the
AdminSDHolder, the next run of the SDProp thread will:
Replace the objects security descriptor with that of the AdminSDHolder;
Disable permissions inheritance on
guys for more perms... :(
On 12/17/06, Tony Murray [EMAIL PROTECTED] wrote:
Does the account you are using to perform the reconnect have Send As
permissions on the user object? See the link below for the correct
application of Send As permissions.
http://msexchangeteam.com/archive/2005/01/07
Some news about ordb.org shutting down for those of you that might use it.
http://ordb.org/news/?id=38
Tony
Sent via the WebMail system at mail.activedir.org
List info :
Does the account you are using to perform the reconnect have Send As
permissions on the user object? See the link below for the correct
application of Send As permissions.
http://msexchangeteam.com/archive/2005/01/07/348596.aspx
Tony
-Original Message-
From: [EMAIL PROTECTED]
Also have a look at DNSLint - a great tool for checking your SRV records are
published in DNS correctly.
http://support.microsoft.com/kb/321046
Tony
-- Original Message --
From: Al Mulnick [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date:
Hi Daniel
If this is an AD-integrated zone, it might be helpful to back-up the zone to
file before you go ahead with the change - just in case you lose any records
you might later want back.
http://www.activedir.org/article.aspx?aid=102
Tony
-- Original Message
Because you need to define the query first. The Query string is display only,
i.e. it will display the query that you build using the Define Query option.
Tony
-- Original Message --
From: [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date:
I did Laura's test (the thread was wearing me down ;-)).
Even with the policy set to Object Creator it still shows Domain Admins as
the owner if I create an object with an account that is member of Domain
Admins. In my case the Domain Admins group is a member of the built-in
Administrators
Well, I've done some more testing and the results are interesting.
In both instances I have the policy in place and set to Object Creator.
1.
If the account used for AD object creation is a member of Domain
Admins the owner is shown as Domain Admins.
2.
If the
Hi Ajay
Not sure what network objects you are interested in, but you do have the
ability to reanimate tombstoned objects. The main issue with this is that not
all of the attributes are preserved when the object is tombstoned, which means
you won't get back everything that was lost using this
You might be able to find out who created it by looking at the Owner in the
Security tab. However if the account used to create the object is a member of
Domain Admins it will show this as owner instead of the specific user's name.
There was a discussion thread on this a couple of days ago.
You will need to modify dssec.dat to expose the property.
http://www.activedir.org/article.aspx?aid=24#11
Tony
-- Original Message --
From: WATSON, BEN [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date: Thu, 30 Nov 2006 09:34:39 -0800
I'm
Hi Michael
If you have Account Management auditing enabled you should see 624 events that
show the account used to create new accounts. Here's an example.
***
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 624
Date:
Hi Ravi
Have you checked the NTFS security in addition to the IIS settings?
I had a similar problem before and it had to do with the policy settings for
User Rights Assignments.
Guests had been added to the list of those denied access in the following
setting:
Computer Configuration -
You could do worse than the Exchange Server Cookbook. It's got most of the
common management and support tasks. There is no spreadsheet showing all the
tasksbut there is an index :-)
http://www.oreilly.com/catalog/exchangeckbk/
Tony
-- Original Message
Hi
all
Just a couple of
things.
I will be out of
the country for three weeks from tomorrow, with only intermittent access to
email. While I am away Matty Holland will be looking after the
list. If you see any problems or need help with unsubscribing, etc. then
Matty is your
Have you looked at this Perl sample from the AD Cookbook?
http://techtasks.com/code/viewbookcode/1608
Another alternative is to write your script around Joe's ADFIND (or even
OldCMP). ADFIND has the ability to handle the date formats in a user-friendly
way.
Tony
-- Original Message
You can set a security group filter on the GPO. The archive link shows a
method described by Darren Mar-Elia.
http://www.mail-archive.com/activedir@mail.activedir.org/msg42964.html
Tony
-- Original Message --
From: Alberto Oviedo [EMAIL PROTECTED]
I'll look into it.
Tony
-- Original Message --
From: Paul Williams [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date: Wed, 18 Oct 2006 09:49:09 +0100
Yeah, I sort of bitched about it last month when I had some time to reply.
I see about 90 -
Hi all
I've renamed a domain using the rendom utility. All appears to have gone well,
but I now get 5781 Netlogon errors in the System event log complaining that it
can't register DNS records associated with the old domain. This doesn't appear
to affect anything, but I'm keen to know why
] On Behalf Of Tony Murray
Sent: Monday, October 16, 2006 9:19 PM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Lingering info following domain rename with rendom
Hi all
I've renamed a domain using the rendom utility. All appears to have gone well,
but I now get 5781 Netlogon errors in the System
I've been talking to a vendor about an application they are developing. It
involves running ADAM instances on XP Pro machines (laptops) that replicate
with a centralised ADAM instance running on W2K3. I don't have further details
at this stage, but I believe the they are planning to use the
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Wednesday, October 04, 2006 7:34 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] ADAM on XP Pro
I've been talking to a vendor about an application they are developing.
It involves running ADAM instances on XP Pro machines (laptops
My impression from reading the on-line documentation is that the use of ADAM
Proxy Objects and bind redirection is frowned upon anyway.
Proxy users are designed for special circumstances and should only be used as
a last resort, when Windows principals cannot be used directly.
and
ADAM bind
to
do simple bind. It isn't supported with SASL.
BTW, does FCB work with bind proxies? I've never tried.
Joe K.
- Original Message -
From: Tony Murray [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Thursday, September 28, 2006 9:27 PM
Subject: Re: [ActiveDir] ADAM bind
What error code do you see on the mobile device with ActiveSync?
I've found this table to be helpful in the past.
http://www.pocketpcfaq.com/faqs/activesync/exchange_errors.php
Tony
-- Original Message --
From: Ravi Dogra [EMAIL PROTECTED]
Reply-To:
@mail.activedir.org
Date: Tue, 26 Sep 2006 06:11:53 +0530
support code 85010004
Your account does not have permission to sync with your current
settings. Contact your Microsoft Exchange administrator.
On 9/26/06, Tony Murray [EMAIL PROTECTED] wrote:
What error code do you see on the mobile device
Thanks both of you. I understand the concept of X.500 addresses being
useful for maintaining the ability to reply to senders whose mailbox has
moved elswhere. It doesn't explain why:
A) they are required for the IIFP. At a basic level I can manually emulate
the GAL sync behaviour by creating a
Yeah, good to have you back on board, Rick. What have you been up to?
Tony
-- Original Message --
From: ASB [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date: Thu, 21 Sep 2006 15:37:45 -0400
Welcome back, Rick. :)
-ASB
On 9/21/06, Rick
Two forest scenario. IIFP 1a. Both forests Windows 2003 SP1 and Exchange 2003
SP2.
After initial setup and synchronisation I notice that my synced users (and
their corresponding Contact objects in the second forest) acquire two new X500
addresses (one for each Exchange org).
Simple question
Hi all
I recently came across this free ldap editor:
http://www.ldapeditor.com/
It has some nice features, such as the ability to sort attributes by name, save
searches, edit, etc.
Might be of interest to this community.
Tony
Are these maybe clients that have printers published in AD. The pruner on the
DCs might be trying to contact the print queues on these workstations.
Just a thought.
Tony
-- Original Message --
From: Brian Desmond [EMAIL PROTECTED]
Reply-To:
Here's an example of a fairly simple VBScript that will create a spreadsheet
and list all the computers (plus their details) below a given level. You
should be able to tweak it to give you the information you need.
Tony
set objExcel = WScript.CreateObject(Excel.Application)
objExcel.Visible
Yann
Did you see this?:
http://www.mcse.ms/message568787.html
Tony
-- Original Message --
From: Yann [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date: Thu, 7 Sep 2006 20:25:02 +0200 (CEST)
Hello all,
I have 2 sites Exchange 5.5
ADMT should be used for moving objects between domains.
Movetree should now only used for objects that cannot be moved using ADMT (e.g.
Contacts)
Tony
-- Original Message --
From: HBooGz [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date:
Not sure what's going on so I have temporarily suspended his subscription.
Tony
List owner and humourless [EMAIL PROTECTED]
Sent via the WebMail system at mail.activedir.org
List info :
like this is resolved, but he hasn't
been receiving anything from the list either. Apparently this is a zero
tolerance zone. Oddly enough, that's not in the FAQ, maybe it should be
added.
Matt
On 9/3/06, Tony Murray [EMAIL PROTECTED] wrote:
Hey Brandon
Amusing though it is, the list
I've not seen it used by any specific app. Bear in mind that it is:
multivalued
not indexed
not a member of the partial attribute set (i.e. not replicated via GC)
Tony
PS. I've always wanted to extend the schema with a new attribute named
tracesOfPeanuts, simply so I can see May Contain:
Hey Brandon
Amusing though it is, the list is not really the place for this.
Tony (list owner)
-- Original Message --
From: Brandon Pierce [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date: Sat, 2 Sep 2006 23:13:41 -0600
George Bush has a
Hi Mark
Yes, I found out about this recently. A customer I am working with has the
Maximum Event Log Size for DCs set to 4GB for the security event log. Their
log was overwriting existing events at about 470MB and I couldn't figure it
out. After some digging I found the following information
It's not well documented. The best source I found is the whitpaper:
Integration of Windows 2000 Printing with Active Directory
http://www.microsoft.com/windows2000/docs/printad.doc
Here's an extract.
The pruning service, which runs on each domain controller, performs this
automatic removal
Not if pruning is disabled, no.
-- Original Message --
From: joe [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date: Mon, 28 Aug 2006 01:20:09 -0400
Even if the pruning is disabled?
--
O'Reilly Active Directory Third Edition -
Hi all
I've been looking at SPA and have been trying to get it to report all LDAP
searches. I've managed to get it to report searches, but the results are
inconsistent. For example, if I kick off the performance capture and then run
an LDAP search that exceeds the configured warning levels I
to expert level to 10
which will cause the report to have all entries in it.
Thanks,
-Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Thursday, August 24, 2006 10:23 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Server Performance Advisor
I agree with Jorge. Seizing is not a for the faint-hearted, as Brett's post
from a while back shows...
http://www.mail-archive.com/activedir@mail.activedir.org/msg39683.html
Tony
-- Original Message --
From: Almeida Pinto, Jorge de [EMAIL PROTECTED]
Have a look at Dean's SchemaDiff on the download page:
http://www.activedir.org/Downloads/Downloads.aspx
Tony
-- Original Message --
From: WATSON, BEN [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date: Mon, 14 Aug 2006 14:28:47 -0700
Hey
PROTECTED]
http://msetechnology.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Monday, August 14, 2006 8:03 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] ADFind Query
Have a look at Dean's SchemaDiff
Hi all
Thisa
reminder that there are a couple of methods by which your can share your AD
knowledge and experience with thewider
community.In
addition to the ability to create your own acticles on ActiveDir.org (http://www.activedir.org/Register.aspx)
you can also have your ownblog space
It depends a little on what you're looking for.
Let's say you have a meeting room (MR1) and a user (Bob Smith) has Send on
Behalf of permissions for the meeting room. A search using MR1 would use
publicDelegatesBL (the back link attribute) and would look something like this:
msDs-User-Account-Control-Computed is a constructed attribute. Constructed
attributes cannot be set manually because they are automatically maintained by
the system.
Tony
-- Original Message --
From: David Aragon [EMAIL PROTECTED]
Reply-To:
We'll write this off as a one-off addressing error, shall we?
Tony
PS. Is Saturaday a wet Saturday?
-- Original Message --
From: HBooGz [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Date: Mon, 31 Jul 2006 15:53:02 -0400
Since we're all pretty
Have you thought of creation a custom administrative template for the
registry change for deployment via Group Policy?
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog
ies/management/gp/admtgp.mspx
Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
authentication from your forest trust
(when choosing DomA2 in the logon window). If that's ok for you, this is a
solution, but then you might as well get rid of the forest trust...
/Guido
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Freitag
Title: Replication Problem After DC Demotion
Are the DNS client settings on the DC in the remaining site maybe pointing
to the old DC?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Riley, Devin
Sent: Friday, 14 July 2006 12:35 p.m.
To: ActiveDir@mail.activedir.org
Here's the scenario
Forest trust between ForestA and ForestB.
ForestA has two domains DomA1 (placeholder root) and DomA2
ForestB has one domain DomB
Users from DomA2 sometimes log into DomB member machines. DomA2 is
not shown in the drop-down list of domain names in the login dialog.
DomA1 is
Hi all
I have temporarily suspended Steven Comeaus
subscription, which should stop the out of office replies hitting the list.
Tony
This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me
://blog.joeware.net/2006/07/11/445/---
I'm serious, you will learn absolutely nothing about Defending Security
Infrastructures.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, July 11, 2006 9:56 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir
You can only add members to Domain Local groups across the forest
trust. Behaviour by design.
Tony
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf
Sent: Friday, 16 June 2006 7:56 a.m.
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Cross forest
Tuna on the front?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: 14 June 2006 06:19
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Active Directory Cookbook 2e
.is now out.
http://www.oreilly.com/catalog
Hi Myke
Yes it is possible. Have a look at the sample scripts that come with
the Group Policy Management Console (GPMC).
http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4
b35-9272-dd3cbfc81887DisplayLang=en
Tony
-Original Message-
From: [EMAIL PROTECTED]
file in the %programfiles%\gpmc\scripts
folder.
Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Thursday, 15 June 2006 9:38 a.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] gpo and script
Hi Myke
Yes it is possible
what the
differences between the 1st and 2nd editions are. Is it
Errata or new content?
So I am now wondering why should I buy this, apart from the
Authors and the Blue Fin Tuna on the front?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Tony Murray
Sent: 14 June 2006 06
I have manually unsubscribed the address.
Tony
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Phil Renouf
Sent: Wednesday, 14 June 2006 8:12 a.m.
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] UserName Psswd Script
Hi Pete,
Have you
is now out.
http://www.oreilly.com/catalog/activedckbk2/
Tony
This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this
Heres another option.
http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=45
There is a Group Policy setting that allows you to override any DNS
Servers configured in client IP settings (either manuall or via DHCP).
Unfortunately, it only works on XP.
Computer
Hi M@
Responses in-line.
Tony
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha
Weerasinghe
Sent: Tuesday, 13 June 2006 8:08 a.m.
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] bitwise filters
Guys,
I have a few questions on bitwise
Great info ~Eric!
The link to the start of the thread is:
http://www.activedir.org/ml/msg08620.aspx
We've just moved the archive onto the ActiveDir.org web site and we're
having one or two teething problems with the search feature. :-)
Tony
-Original Message-
From: [EMAIL
Hi Yann
One option would be to enable logging of all LDAP searches against
the DC.
http://www.activedir.org/article.aspx?aid=97
Tony
PS. Were just loading a new version of the site, so it might
take a few minutes before you can load the page.
From:
[EMAIL PROTECTED]
Hi all
I have to move an Enterprise CA from one DC
to another. The following article appears to show the required steps.
How to move a certification
authority to another server
http://support.microsoft.com/?kbid=298138
For those of you that have done this, is
the process as
You can set the default language and prevent users from changing the
regional settings in Control Panel using the following setting:
USER\Administrative Templates\Control Panel\Regional and Language
Options
Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
On the Scope tab of the GPO in the GPMC look at the Security Filtering
section. The default is to have the policy applied to Authenticated
Users. Probably the easiest option for you is to:
- Create a group and add the 55 users as members.
- Remove Authenticated Users from the Security Filter.
-
The search filter shown below would not be the cause of any issues
associated with an X.500 address. We probably need to see more of the
code. The attribute mail is single-valued, so the X500 address is
stored in the proxyAddresses attribute.
Once the displayName attribute is returned from
Third, an X500 address would be unusual,...
Not an everyday occurrence, I agree, but I see these pretty frequently
with organizations that have migrated within Exchange 5.5 and then have
migrated to Exchange 2000/2003 (or an ADC is in place). Typically, they
are used to support replies to
No, the memberOf attribute, as a back-link to the member
attribute, is own by the system and cannot be written to. You will need to
modify the member attribute on the group object you want to add to.
Tony
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Teo De Las
As James correctly points out - we do need a little
more information to go on. However, as this is the same Exchange
Organization (single forest) we're talking aboutthere may be no need for
an SMTP connector. It depends on how the routing groups are
configured. Perhaps Ajay could provide a
Title: How To Determine What GC a Server is Using?
How about netstat b ? Look for mad.exe
connecting to port 3268 (or 3269 for SSL).
Tony
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stu Packett
Sent: Friday, 26 May 2006 1:13 p.m.
To:
Milton (and everyone else), it would be good if you can use OT:
in the subject field if you plan to post something off the topic of AD.
That way others can use Inbox rules to filter the messages out if they dont
want to see them.
In response to your question, I think we need a little
Hi Russ
Just out of idle curiosity, I would be interested to know why you
decided to extend the schema to flag all service accounts. Ive
seen organisations use a specific naming convention to identify service
accounts before, but never adding a new attribute.
Tony
From:
I have a rule that auto-deletes Als emails as a matter of
course. J
I can confirm what others have said that the emails are visible
in Outlook 2007. Still checking to see if there is a way to resolve
this on the list server side, but havent found anything yet.
Tony
From:
Website: http://www.windowsserverfaq.org
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, May 16, 2006 12:10 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Is there a way to force users to logon to
domain?
I have a rule that aut
Hi all
Does anyone know the story of what happened to the Microsoft Audit
Collection System (MACS)? It doesn't appear to have made it as a
free download (as was suggested in some TechEd presentations a few
years back). Some references indicate that it has been rolled into
MOM 2005, but I
It's part of the next MOM release... forget everything you used to know
about it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Sunday, April 30, 2006 8:48 PM
To: activedir@mail.activedir.org
Subject: [ActiveDir] OT: Microsoft
Nltest perhaps?
C:\Documents and Settings\Administrator.SRDC2nltest /dsgetdc:north
DC: \\DCN1
Address: \\192.168.5.2
Dom Guid: 3efc188a-c7bb-4c72-9129-262d4a4b8fba
Dom Name: NORTH
Forest Name: north.com
Dc Site Name: NORTH
Our Site Name: NORTH
Flags: PDC GC
You work for an imaginary company? :-)
You can check the secure channel using nltest, as follows:
Nltest /sc_query:domain /server:server_name
e.g
Nltest /sc_query:MYDOM /server:MYSRV
Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros,
You will have noticed that messages are now
coming through again. The problem has been resolved and all should
be back to normal. Any emails sent to the list during the outage will not
have been queued, so please send again.
Thanks to the 732 of you who alerted me to the
fact that the
Hi all
I was discussing GAL sync using IIFP with
someone today and he said he thought there was a requirement for the DC that
IIFP uses to be 2003. I cant see this requirement in the product
documentation. Can anyone confirm this?
Tony
This communication, including any
@mail.activedir.org
Subject: RE: [ActiveDir] IIFP GAL Sync
I'm pretty sure
it it works fine with W2K AD. MIIS itself needs to run on WS2K3 though.
-gil
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Tony Murray
Sent: Tuesday, April 11, 2006 2:16 PM
To: ActiveDir
You could look at it the other way and ask what the benefit would be of
performing the schema extensions now as opposed to later. The full GC
sync that used to cause a replication storm (in certain AD environments)
does not occur with 2003 DCs.
Given that, historically, Microsoft is not exempt
I think that was always on the cards after VMWare made their entry-level
server product free.
http://www.vmware.com/products/server/
Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, 4
Talk about kicking a man when he's down! I would have loved to have been there
- and not only for the vats of single malt you guys seem to have had without me.
Alas, my employer failed to be persuaded by my forceful argument [1] for
attending.
Perhaps I need one of those roving evangelist
Hi all
Has anyone had any success with logging
inefficient and/or expensive searches in ADAM?
Ive tried following the suggestions
shown in the link below, but substituting NTDS with the name of
the ADAM instance in the registry settings (e.g. ADAM_Instance1).
worked fine. I nevertried it on
the original version but would be surprised if it didn't work for that as well.
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Tony Murray
1 - 100 of 623 matches
Mail list logo
