I might go so far as to create a new account for the consultant. Inform
the consultant to only use the new account when they need to perform the
work on the two servers. A new account will allow you to audit their
work and also watch for creep. Also, do not give the elevated
account e-mail or
Hey, Santa brought me coupon for a new home computer, redeemed the
coupon and built the system. Doesn't that count as work??
Dan
Original Message
Subject: RE: [ActiveDir] OT: Hello?
From: Crawford, Scott [EMAIL PROTECTED]
Date: Thu, January 04, 2007 3:35 pm
To:
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Hello?
Only if you had to install Linux.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Thursday, January 04, 2007 4:04 PM
To: ActiveDir
to install Linux.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Thursday, January 04, 2007 4:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Hello?
Hey, Santa brought me coupon for a new home
unitl the no-refresh
and refresh intervals expire.
Daniel Gilbert
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
this will help.please chime in.
-vC
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Thursday, December 07, 2006 11:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DNS scavenging question
I have a rather off the wall
Before I flood this list with inane LCS questions, I was wondering if
anyone out here has any experience with attempting to use granular
permissioning with LCS?
I know the application is written to be used domain-wide but due to
business requirements I must attempt to limit use to a single OU.
I
requires that all the ACL's from the /domainprep are present
for the install to work. But after the fact we removed the LCS ACL's and
let our in-house provisioning system handle it.
-Brandon
From: [EMAIL PROTECTED] on behalf of Daniel Gilbert
Sent: Thu 10
you a list
of which ones are pretty generic and which ones require some thought
for provisioning.
-Brandon
From: [EMAIL PROTECTED] on behalf of Daniel Gilbert
Sent: Thu 10/19/2006 1:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LCS
Something tells me you should be ducking and running
Original Message
Subject: [ActiveDir] I'm shareing the Best Kept Secret I know.
From: Fleming, Dave (DotComm) [EMAIL PROTECTED]
Date: Tue, October 17, 2006 6:29 am
To:
Top Ten Things Men Understand About Women
Off Track?
Original Message
Subject: RE: [ActiveDir] what is the meaning of OT in front of the
subject
From: Ramon Linan [EMAIL PROTECTED]
Date: Thu, October 05, 2006 6:39 am
To: ActiveDir@mail.activedir.org
Some of the subjects have that OT preceding the subject,
Don't you have to do some DNS delegations to ensure clients in one
forest can find clients in the other forest?
I would think that having domain.com as the tier two for both forests
will cause some unique DNS headaches.
Dan
Original Message
Subject: RE: [ActiveDir] Forest
Hide the cheap stuff too!
Original Message
Subject: Re: [ActiveDir] I'm Baaack!
From: Laura E. Hunter [EMAIL PROTECTED]
Date: Thu, September 21, 2006 1:25 pm
To: ActiveDir@mail.activedir.org
Quick! Hide the good silverware!
On 9/21/06, Akomolafe, Deji [EMAIL
Susan,
Can you suggest a good ID 10 T's guide to SBS 2003 book? I assume
from your e-mail address you know more than the average SA about SBS.
Shameless request for information. And being the SBS NOOB that I am
looking for any information I can get my hands on to provide my
customer with the
We created OU's and removed all users except for Domain Admins (of
course we left the SYSTEM access). The OU never shows up for
non-Domain Admins.
Domain Admins have full access to the OU and can add as many objects as
they want.
Dan
Original Message
Subject: [ActiveDir]
OK here is a question that will show my lack of AD knowledge:
If you promote a new domain controller and no subnet association exists,
doesnt that domain controller default to the default-first-site?
I know it makes sense to create a new site, assign a subnet to that site
but
..
If that
Yeah Sergio,
You could even use that that information to say...allow OU Admins the
ability to view the logs of the domain controllers local to them.
Dan
Original Message
Subject: RE: [ActiveDir] Server 2003 DNS Admins group permissions
From: Olivarez, Sergio J Mr
To: 'ActiveDir@mail.activedir.org' ActiveDir@mail.activedir.org
Dan,
You guys doing that now?
Lee
-Original Message-
From: Daniel Gilbert [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 06, 2006 2:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Server
I found him. :)
Original Message
Subject: RE: [ActiveDir] Where's Deji.. (was Quiet? DEC? Related?)
From: Mark Parris [EMAIL PROTECTED]
Date: Mon, April 03, 2006 12:41 am
To: ActiveDir@mail.activedir.org
Sorry Could not resist.
-Original Message-
From:
server is authorative for.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: 16 March 2006 23:59
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Live Communications Server errors
Since I was in a lab environment and I
Sorry my spelling was alittle off, gwtting should be getting
Dan
Original Message
Subject: [ActiveDir] Live Communications Server errors
From: Daniel Gilbert [EMAIL PROTECTED]
Date: Thu, March 16, 2006 12:38 pm
To: ActiveDir@mail.activedir.org
Does anyone
]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Thursday, March 16, 2006 2:39 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Live Communications Server errors
Does anyone if their is a forum dedicated to Live Communications Server
(LCS)??
I am trying to establish a working
setting up anything new:
http://msmvps.com/blogs/bradley/archive/2004/12/04/22348.aspx
Ah yes, my issue was with the XP firewalls...
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
I had to set up a DNS record. Let me see if I remember what I did.
Daniel Gilbert wrote
, CPA aka Ebitz - SBS Rocks [MVP] wrote:
I had to set up a DNS record. Let me see if I remember what I did.
Daniel Gilbert wrote:
I thought so at first but, according to the LCS documentation if I
manually configure the clients I would not need DNS.
Just to be on the safe side I
To All:
I have run into an issue here that has me stumped. I am attempting to
remove an application from a Windows Server 2003 Standard Edition with
SP1 installed.
During the removal process I get the following error: Error 1720: There
is a problem with this Windows Installed package. A script
Found it:
http://support.microsoft.com/default.aspx?scid=kb;en-us;290301
Thanks to everyone.
Dan
Original Message
Subject: [ActiveDir] Windows Installer failure
From: Daniel Gilbert [EMAIL PROTECTED]
Date: Fri, January 20, 2006 8:31 am
To: ActiveDir@mail.activedir.org
Check out a product called Change Auditor for Active Directory (CAAD)
from NetPro (www.netpro.com).
*Not plugging the product just answering the e-mail*
Dan
Original Message
Subject: [ActiveDir] Change Auditor tools
From: Rascher, Raymond [EMAIL PROTECTED]
Date:
Have you cleared (archived) the logs since
the new settings???
Dan
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, October 18, 2005
6:54 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Security Log
file size not
Yann,
There are some utilities you can purchase that will alert you when an
object is deleted, added, modified...
Dan
Original Message
Subject: [ActiveDir] Knowing when users were deleted.
From: Yann [EMAIL PROTECTED]
Date: Thu, October 13, 2005 11:56 pm
To:
Not to hijack this thread but, I hope lurking remains free.
Dan
Original Message
Subject: RE: [ActiveDir] salary(OT)
From: joe [EMAIL PROTECTED]
Date: Thu, October 13, 2005 2:50 pm
To: ActiveDir@mail.activedir.org
I have found that shooting for your contract
.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Saturday, March 12, 2005 11:20 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Have fun at DEC
I believe I am the proud owner of the last DEC chicken. Gil gave
To All:
Is there a way to script the setting of the Delete this record when it
becomes stale checkbox?
I am attempting to setup a test forest with multiple domains to do some
testing/learning about DNS scavenging. I have found a script that creates
resource records (thank you Robbie
I believe the command is adprep /forestprep and then adprep /domainprep
to add a Windows 2003 domain controller into a Windows 2000 domain.
Dan
Original Message
Subject: [ActiveDir] A forestprep question
From: Shadow Roldan [EMAIL PROTECTED]
Date: Tue, March 15, 2005 11:18
I believe I am the proud owner of the last DEC chicken. Gil gave it to
me at DEC in Ontario.
Sure wish I could have made it to DEC this year.
Dan
Original Message
Subject: RE: [ActiveDir] Have fun at DEC
From: joe [EMAIL PROTECTED]
Date: Fri, March 11, 2005 5:16 pm
To:
To All:
(Sorry for the long post)
I was wondering what everyone uses to facilitate user moves in a large
environment?
Scenario: Root domain with six (6) child domains. Each child domain has
between thirty (30) to sixty (60) OUs. These OUs are geographic
locations spread around a region. Each
integrate it.
These are the fun types of problems to solve :)
My $0.04 anyway,
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Friday, March 04, 2005 2:47 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] User
Might need to be the Americans against the Canadians since the next DEC is
scheduled for Vancouver B.C.
Dan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd
(NIH/CIT)
Sent: Tuesday, November 30, 2004 4:33 AM
To: [EMAIL PROTECTED]
Subject: RE:
Can this list suggest a good Exchange 2000/2003 list?
I am now being tasked with providing Exchange 2003 support and hope to
find an Exchange list that can provide the same high quality support,
suggestions, and advise as this list.
Daniel
List info : http://www.activedir.org/mail_list.htm
I assume you created the proper named forward zone, this happened to me
once. Make sure the zone allows dynamic updates.
Once the new server is pointing to itself for DNS run net stop netlogon and
net start netlogon from the command prompt. This should re-register the
proper SRV records.
You
Title: Message
Steve,
Creating a password policy and linking it
to an OU will affect local accounts only. So, if I understood your post
correctly, a domain user can have a zero length password, but if they wanted to
create or reset a local account say, on a workstation, they will need
Is there a way to speed up the process for Global Catalog removal?
I know the proper Microsoft steps, but I was hoping there was a script
out there to speed up the process.
Dan
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Friday, July 16, 2004 4:00 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] GC removal
Is there a way to speed up the process for Global Catalog removal?
I know the proper Microsoft steps, but I was hoping
He's new give him time :)
Original Message
Subject: RE: [ActiveDir] What's a directory partition head?
From: Kevin Sullivan [EMAIL PROTECTED]
Date: Wed, June 30, 2004 12:41 pm
To: [EMAIL PROTECTED]
Hehe
Sorry but that is funny...
-Original Message-
From:
Title: Message
Try dcpromo /forceremoval. This will
remove AD from the server and turn it back into a standalone.
Dan
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Malachi Burke
Sent: Monday, June 14, 2004 5:17
PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir]
I think the next DEC should include a roundtable on the Pro's and Con's of
Cats and Dogs in AD. :-O
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Sunday, May 16, 2004 7:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] [OT] Cats dogs (was
Cats treat humans like slaves, now a Dog, it knows how to greet you at the
door after a rough day in the forest. Ever come home after a rough day and
have the Cat greet you with anything other than distain?
Dan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Nothing appeared in the event logs. I
was able to clear up the problem. Do know why this worked but here is
what I did:
Added the new Enterprise Admin to the
Remote Desktop tab in SYSTEM properties. Let him log in successfully, had
him log off, removed him from Remote Desktop tab, had
OK, I followed KB250455. Opened ADUC, created new users and display in ADUC
MMC (main window) was correct, i.e. lastname, firstname. Users created
before KB250455 unchanged, i.e. firstname lastname.
Ran the script in KB277717 on the OU that contained users created before
KB250455 was run.
how about these?
Best Practices for Delegating Active Directory Administration (2.7 MB)
http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1-48fa-9730-dae7c0a1d6d3DisplayLang=en
Best Practices for Delegating Active Directory Administration Appendices (4.2 MB)
Tha back at'cha Todd.
Some turkey to hold me over during the Black Hawk Down Fest.
Dan
Original Message
Subject: [ActiveDir] Happy Thanksgiving...
From: Myrick, Todd (NIH/CIT) [EMAIL PROTECTED]
Date: Wed, November 26, 2003 12:02 pm
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
UPS finally delivered my copy of the Active Directory
Cookbook.
After a hundred pages, I must agree, Robbie Allen has a best
seller here. I would love to find a way to put this book in binder and
stick in at my desk. Sort of camouflage it so it looks like a regular
notes bonder. I know
Robbie,
I haven't gotten my copy of your book yet, I know :-(, I waited until just recently to
order it. I looked at the table of contents but did not see any thing about
Certificate Services, is it there and I just missed it??
If it is not in your book, as the Master of Cookbooks can you
PROTECTED] on behalf of Daniel Gilbert
Sent: Fri 10/24/2003 11:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Active Directory Cookbook
Robbie,
I haven't gotten my copy of your book yet, I know :-(, I waited until
just
recently to order it. I looked at the table of contents
Todd,
You are s badd
Dan
Original Message
Subject: RE: [ActiveDir] Active Directory Cookbook
From: Myrick, Todd (NIH/CIT) [EMAIL PROTECTED]
Date: Fri, October 24, 2003 9:54 pm
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Hey Rob,
What about this
Title: Message
Hey,
You must be up late too.
Dan
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Allen
Sent: Friday, October 24, 2003
10:40 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Active
Directory Cookbook
And what
So, you are saying he gets a Puck?
Original Message
Subject: RE: [ActiveDir] OT? - You guys rock
From: Myrick, Todd (NIH/CIT) [EMAIL PROTECTED]
Date: Thu, October 23, 2003 11:07 am
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Check is in the mail Yusuf. :P
Thanks for
guys rock
From: Creamer, Mark [EMAIL PROTECTED]
Date: Thu, October 23, 2003 11:42 am
To: [EMAIL PROTECTED]
Wow...from Scottsdale to Washington?? Yuck ;-)
mc
-Original Message-
From: Daniel Gilbert [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 23, 2003 2:14 PM
To: [EMAIL
Title: Message
To All:
I am looking for some answers to questions I have about the REPADMIN
command. I am running the Windows
2003 Support Tools version of the command with the following switches: /replsum
/bysrc /bydest /sort:delta
I get a display like the following:
Replication Summary
Does the -1 setting tell the system it never expires?
-Original Message-
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Friday, October 03, 2003 4:24 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Password Policy - Challenge
See I knew the word challenge in the subject would bring
Title: Message
"I
want a chicken damnit." I am afraid the last NetPro chicken already has a home
;-)
(It is
proudly displayed with prior DEC nametags and books)
-Original Message-From: Joe
[mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 6:38
PMTo: [EMAIL
Title: Message
Hang
on to it. I will see if I can rise to the "challenge" and get on via low
speed delivery as apposed to ducking :-)
-Original Message-From: Myrick, Todd
(NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Friday, October 03,
2003 7:40 AMTo: '[EMAIL
Title: Message
No
fair :-( The rest of us haven't had a chance to read Robbie's
book.
Dan
-Original Message-From: Myrick, Todd
(NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02,
2003 4:25 AMTo: '[EMAIL PROTECTED]'Subject:
RE: [ActiveDir] Logon Takes too
Title: Message
I was
there too! Learned a lot.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 02, 2003 9:42 AMTo:
[EMAIL PROTECTED]Cc: '[EMAIL PROTECTED]';
[EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: DS
ConferenceI was
Title: Message
The
Final Chicken hopes to make a cameo appearance at the next DEC.
;-)
-Original Message-From: Sullivan, Kevin
[mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003
10:56 AMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] OT: DS Conference
Second
Can you set the expiration date out far enough to allow you to have an
expiration date.
Then run a script that will expire a portion of the users in say two weeks.
Re-run the script with a different set of users with expiration set to 4
weeks aways and so on??
Dan
-Original Message-
Title: Message
one
word - Haiku
-Original Message-From: Gil Kirkpatrick
[mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 12:36
PMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] OT: DS Conference
Thanks for the compliments!
I
think this was our best
Any indication of the failure in the Event Logs??
Dan
-Original Message-
From: Frustrated Admin [mailto:[EMAIL PROTECTED]
Sent: Monday, September 29, 2003 1:50 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Software Install to DC's via GPO
Yeah, I did that as well as rebooted
Title: Message
And a
hard question might be???
-Original Message-From: Gil Kirkpatrick
[mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 1:39
PMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] LDAP query on ObjectSID attribute
We're giving a couple of them
People hear it and still stay out on break :-)
-Original Message-
From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 19, 2003 11:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String)
Very, very jealous... It is a horrible
One thing to do is use NTDSUTIL to sieze the RID master role. Remove all
references to the failed DC in AD (ADSI edit, Sites and Services, DNS,)
Let replication update all DC's.
You should then be able to bring the server back using it's original name.
HTH
-Original Message-
From:
Or maybe DirectoryInsight :-)
-Original Message-
From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 2:15 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Home Labs Interconnected
This sounds like a job for Directory Lockdown!
Toddler
We do. It is our way to display the GPO's in human readable format.
Dan
-Original Message-
From: Ellis, Debbie [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 10:32 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Group Policy
Does anyone have a Group Policy Spreadsheet ?
Gil,
I believe I will take you up on that :-)
Dan
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 03, 2003 9:26 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Special DEC offer (was ADAM Doc)
Getting' kinda loose and happy with *my* tab aren't
Hey, I've seen movies of his toys. He can afford a beer or two.
Off we go, into the wild blue yonder...
Dan
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Monday, August 04, 2003 10:27 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Special DEC offer (was
Title: Message
Chris,
I am sure you raised this issue to the "higher
ups" you mentioned, but, wouldn't be easier to develop an OU
architecture that broke the 20,000 users up into separate OUs for
management. That way those 40-50 OU
Admins would be further broken up to their respective
75 matches
Mail list logo