Joe,
thanks a lot for your helpful reply and sorry that my reply took so long.
I am still waiting for a response because of my Microsoft Support ticket.
Its my goal to combine GPO´s with Security Groups to manage different
actions of the servers in the same OU.
For this reason I created some
Hi Kamlesh,
first of all, iwould enable the logging of the Netlogon Service.
I ve found an article in the WindowsITPro
The Netlogon service is one of the key Local Security Authority (LSA)
processes that run on every Windows domain controller. When you troubleshoot
authentication
Thanks for all of your answer - BUT I know about sIDHistory and how it works. I
am looking for how the authentication using sIDHistory works. Does there have
to be a secure channel in place between the target AD domain and the
not-trusted NT4 resource domain?
I also know that as soon as the
by the wording.
Or did I get it wrong again?
Cheers,
Bert
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Bert Skorupski
Gesendet: Donnerstag, 12. Mai 2005 10:16
An: ActiveDir@mail.activedir.org
Betreff: AW: [ActiveDir] Accessing NT4 resource domain via
Hi Raymond,
one thing that didn't get mentioned:
If your users dont have a profile right now, you can change the default
profile as well instead of assigning a mandatory (where the changes a user
make will be lost after every session). The default profile is being used if
a profile of the users
Hello Russ,
they just get repopulated if you delete all of them (keep one and it doesn't
get repopulated). There are multiple instances where you need to change to
keep them from repopulating. One instance to change that is the checkbox
Dean pointed out, but what I also like is just putting in
Event to it's replication partners if they are W2k? I somewhat heard that
WS2k3 - WS2k3 will always particial replicate syncs, while W2k - WS2k(3)
will always full sync?
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Dean Wells
Gesendet:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Baudino
Sent: Donnerstag, 20. Mai 2004 23:48
To: [EMAIL PROTECTED]
Subject: Re: AW: [ActiveDir] hidding users
AD list mode is interesting enough that we're going to look into it as
well. We're also looking
Maybe the AD List Mode will be an option for you:
http://www.chrisse.se/MAQB.asp?ID=34
Ulf
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Kern, Tom
Gesendet: Donnerstag, 20. Mai 2004 20:00
An: ActiveDir (E-mail)
Betreff: [ActiveDir] hidding
]
Sent by:cc:
[EMAIL PROTECTED] Subject: AW: [ActiveDir] hidding users
tivedir.org
Better this way, it
really Bugs me since its buggy.
I hope for a new Adminpak
with SP1.
Ulf
Von:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Fuller, Stuart
Gesendet: Freitag, 14. Mai 2004
21:48
An: '[EMAIL PROTECTED]'
Betreff: RE: [ActiveDir] Dial-In
Hi Chris,
If you have a backup of that domain - restore.
If you don't have a backup, and it was the fist domain in the forest (forest
root) then create a new forest and migrate step by step every of the
existing domains into the new forest (ADMT or other migration tools from 3rd
party vendors
Hello Rens,
Migrate with ADMTv2, look into the guides MS published for
a migration from one forest into another. Since you are able to keep the SID in
the SIDHistory you are able to retain permissions, however I'd also look to
reAcl the Ressources to the new SIDs. This can be done with
Hello Stephen,
I don't think so. AFAIK the only variables which you are
able to use during logon are the ones which are system variables on the clients
plus the %username%. Variables defined in the context of the user are not
available at this time.
AFAIK2 - the variable username is filled
Hi Joe,
AFIAK the passwords of the computer accounts are not set to expire, but they are
automatically changed.
The password change is done from the netlogon service. The default time in NT was 15
days, changed to 30 days in W2k and later. The client might decide to change after the
half of
Hi Russ,
there's a additional tool which would be able to help you
here.If you register theAcctInfo.dll on the Computers running Active
Directory Users and Computers it extends the property pages of a useraccount by
a Tab "Additional Account Information". On this tab you can see some more
Hi Mark,
first thing which comes to my eyes is that the base it not
started and ended with "" and "", but the whole query including base,
filter and scope is.
So what I'd try is modifying the line beginning with
strBase with
strBase = "LDAP://dc=my,dc=domain,dc=com;"
and the line starting
Hi there,
That's my problem: 15 minutes is too slow. Is there any chance to make a
kind of urgent replication like it was on a NT4 domain when you disable a
user?
Cu,
Alex
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 26. März 2003 15:10
]
m cc:
Sent by: Subject: AW: [ActiveDir] DNS
replication
I dont
seem to have much luck with my posts to this list...have I upset anyone ? have I
been blacklisted for some reason ? Do I smell bad ?
Tosupport my post regarding changing the Pre-Windows 2000 name of a
members server I found this in the Microsoft
documentation
Title: Nachricht
Well,
the best place to control user logon actions would be to write a custom ms-gina
dll.
This
way you can even let your program decide who is allowed to log
in.
There
have already been some mails about ms-gina programming.
This
way you are able to do some actions right
Depending on how deep you want to get into monitoring and how complex your
network is, a good product is RoboMon by Heroix.
Can do what you need and a whole lot morewe are just about to install it
here after comapring it with NetIQ and MOM
Mark
-Ursprüngliche Nachricht-
Von: Al
Abbiss, Mark wrote:
Depending on how deep you want to get into monitoring and how complex your
network is, a good product is RoboMon by Heroix.
Can do what you need and a whole lot morewe are just about to install it
here after comapring it with NetIQ and MOM
Mark
I thought
We have been trying for almost a year now to link 2 sites !!! the POLITICS
are the killer. Just wait until you get to who has the FSMO
roleschildren, children.
good luck and make sure you have a reservation for a berakdown sometime
early in the New Year.
Mark
-Ursprüngliche
Is it a big price difference btwn. BigIP and Win2K NLBS?
-Ursprüngliche Nachricht-
Von: Ayers, Diane [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 5. März 2002 18:09
An: '[EMAIL PROTECTED]'
Betreff: RE: [ActiveDir] Clusters - Good or Bad idea?
We've used both the NT 4.0 WLBS and WIn2K
Thank you everybody for your help!!
It has been reported (though I've not personally
experienced it) that the
DNS client tends to preference either the public servers or
the alternate
server ... this being the case, resolution against the zone(s)
representing
Active Directory will
Many thanksproblem solved...i only half configured DNS !!
Mark Abbiss
EADS Headquarters
81663 Muenchen
Deutschland
Phone : +49 (0)89 607-34776
Email:[EMAIL PROTECTED]
-Ursprüngliche Nachricht-
Von: David Lloyd [mailto:[EMAIL PROTECTED]]
Gesendet: Mittwoch, 16. Januar 2002 14:30
?
-Original Message-
From: [EMAIL PROTECTED]
[ mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] ]On Behalf Of Mike Tonazzi
Sent: 07 January 2002 06:17
To: [EMAIL PROTECTED]
Subject: AW: [ActiveDir] AD Policy Logon Error
We are using DHCP. I checked the DNS entries
. I've really liked Appmanager where
we used it at my last job.
-Original Message-
From: Abbiss, Mark [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 10, 2002 8:53 AM
To: '[EMAIL PROTECTED]'
Subject: AW: [ActiveDir] Server availability/monitoring/management tools
Thanks, looking
We are using DHCP. I checked the DNS entries and they are correct.
mike
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] Im Auftrag von
Jacqui Hurst
Gesendet: Samstag, 5. Januar 2002 12:05
An: [EMAIL PROTECTED]
Betreff: RE: [ActiveDir]
In my experience a pc that shows this behaviour has a mapping to a network
drive that doesn't exist anymore.
Sometimes a defect CD-Rom shows similar behaviour.
The box tries to access it but without success. After a while it gives it up
and then shows the available
network drives.
mike
My
domain runs fine without MS DNS. All I use is a DNS forwarder to my internet
provider.
-Ursprüngliche Nachricht-
Von:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Im Auftrag von Giovanni Bianchini
Gesendet: Dienstag, 13. November
2001 16:25
An: [EMAIL PROTECTED]
Betreff:
In Windows you can grant and deny rights. If you deny someone the right
To logon as a service and later on you grant him this right, then he'll
Still don't have the right to logon as a service. This is what the
Effective column says. Your Local Policy column probably says grant
this Right to the
is being handled,
and
could not see any deny.
Avishay
-Original Message-
From: Tom-The-Bomb [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 31, 2001 2:32 PM
To: [EMAIL PROTECTED]
Subject: AW: [ActiveDir] How do I grant user with rights to logon as a
service on local machine.
In Windows you can
Thanks to everyone who offered help and advice.
In the end the vital piece of missing advice was plug the network card of
your 'to-be-installed' domain controller, into some other network device
such as a hub or another pc´s network card. After I did that the
instalation of AD worked fine and
35 matches
Mail list logo