yes i need it for web content.
do you think transparent proxy will will work on windows 2000? do you think it can
work without so much difficulty and working correctly?because i want to run it for an
ISP.
-Original Message-
From: Roger Seielstad [mailto:[EMAIL
Hi all
I have read a lot of documentation on Excange 5.5
to Exchange 2000 migration, still I can find answers to some
questions
I want to migrate from 5.5 to 2K.
I have a Win2K domain already in Native mode. Users
accounts are already in A.D..
I have three 5.5 servers, they belong to
do you think that is possible to do? is it a good idea to do that? put Squid on win
2000 with transparent proxy i mena? if I will have any problem when doing that do you
think you can help me?
thanks for your advice.
roseta
-Original Message-
From: Roger Seielstad
list mode won't help you for hiding a specific link from a group's membership list.
You'll also have to worry about many other permissions to use list-mode effectivly.
E.g. Authenticated Users by default has explicit Read-Permissions on every OU and on
every object contained within. So denying
I'll take a quick shot at this - see
inline
/Guido
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stefano
CrivellaroSent: Freitag, 21. Mai 2004 09:08To:
[EMAIL PROTECTED]Subject: [ActiveDir] 5.5 to 2K migration
and A.D.
Hi all
I have read a lot of documentation on
that's spelled FEMAIL ;-)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Craig
CerinoSent: Donnerstag, 20. Mai 2004 15:25To:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Discontinue Mail
Membership
Please continue FEMALE membership
J
From:
[EMAIL PROTECTED]
Does anyone have a view about how many servers in a domain should be
domain controllers. Should it be all of them - or only a few on each
site ?
Mike.
--
Releasing funds to keep business flowing...
How many users to you have? It shouldn't be all your servers, unless you
only have 2.
-Original Message-
From: Mike Maple [mailto:[EMAIL PROTECTED]
Sent: 21 May 2004 11:28
To: [EMAIL PROTECTED]
Subject: [ActiveDir] how many domain controllers ?
Does anyone have a view about how many
as few as possible
just roughly: depending on how you define small, medium, large, this
would translate to none for small, 1 for medium and usually no more than
2-3 for large (mainly depends on other services using the DCs/GCs, such
as Exchange).
-Original Message-
From: [EMAIL
That's impossible to answer without a lot more information. How many
users do you have, how many sites, what's the bandwidth between sites,
do you have directory enabled applications, what's your budget etc. etc.
The main question would be on the number of users and in very general
terms a few
It's more of a general rule of thumb question.
If you have say 5 servers on site A, 2 on B and 3 on C. Then whats the
deciding factors ?
Mike.
-Original Message-
From: Rutherford, Robert
[mailto:[EMAIL PROTECTED]
Sent: 21 May 2004 11:33
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] how
Eg.. May last company .. 25 sites globally.
HQ with 700 users - 3 DCs
Every other site 20-50 users - 1 DC
-Original Message-
From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED]
Sent: 21 May 2004 11:36
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] how many domain controllers ?
as few
Tomato - - - taMAHto brother J
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Friday, May 21, 2004 6:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Discontinue Mail Membership
that's spelled FEMAIL ;-)
From:
[EMAIL
Hmmm..googled
FeMail and got - "Totally new,
cool and fast feMail system utilizes the newest technology available!
"http://www.femail.sissify.com/
A replacement for
ActiveDir? The most important - it promises "No
more fretting about system administrators at your
workplace!"
Lana
From:
Bow thats pretty funny
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Svetlana Kouznetsova
Sent: Friday, May 21, 2004 7:30 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Discontinue Mail Membership
Hmmm..googled
FeMail and got - Totally new, cool and
How do you get roped into all these flights? I mean South
Africa to Seattle, now to Dubai?
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
From: Carlos Magalhaes
[mailto:[EMAIL PROTECTED]
Title: Message
I take
it it's the machine, i.e. the user logs on at another machine they don't get the
issue?
Are
you getting anything showing up in the event log to give any hint of the
problem?
Rob
-Original Message-From: John Parker
[mailto:[EMAIL PROTECTED] Sent: 21
Title: RE: [ActiveDir] a good software for cache on windows 2000
I'm as much a fan of Windows 2k/2k3 as most other people,
but there's no way I'd run Windows 2000 as a transparent proxy in an ISP
setting.
First, the software just isn't there for it (at least not
that I've found, but I
Hello again out
there!
1) I am replacing
our 10/100 card on my AD box with gigabit. Other than setting the IP info
to match the what it was on the 10/100 card,is there anything else I
need to do/watch out for to ensure safe and uniterrupted communication once I
set the card up?
2) On the
Last I knew it was a registry hack (if Im
thinking of the same thing you are) I had that set up on the
workstations in my lab, but I cant locate the documentation for which
registry key it wasstill searching.
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL
Title: RE: [ActiveDir] a good software for cache on windows 2000
Brief digging hasn't found anything similar for Windows,
although it might exist.
Not sure where you were
looking but http://www.squid-cache.org/Doc/FAQ/FAQ-1.html#squid-NTgives
details of Squid for Windows. It works pretty
Ok, guys, I
really run out of any ideaswith this now:
I've tried
everything from KB article, Al suggested, I've also tried what's Joe mentioned,
as a possibility
At this point I would do two things. Please note I
don't have great reasons for suggesting them, just gut
feeling.
1. I would
Title: RE: [ActiveDir] a good software for cache on windows 2000
I doubt its possible - Squid's not been ported to Windows
from what I can find. See my other post for more detaisl..
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr.
This is what I ended up using to customize
the caption on the dialog box not sure if its the same as what
youre looking for.
In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon either change the data value for Welcome
or add a new string value called Welcome
You can search http://www.theeldergeek.com I knw hes
got the registry hacks for changing the actual logon message ( among a ton of
other hakcs).
Might be worth a look
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega
Sent: Friday, May 21, 2004 8:49 AM
That is hilarious... go through FAQ on the left if you
haven't
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Svetlana
KouznetsovaSent: Friday, May 21, 2004 7:30 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Discontinue Mail
Membership
Hmmm..googled
FeMail and
What I am hearing doesn't sound like a
myth...
How about this. Write a NET program to dump all objects and
attributes of a specified partition and see how long it takes, then run adfind
to do the same, check out what the delta is. Every test I have done like that
with adsi has adsi losing,
Title: RE: [ActiveDir] a good software for cache on windows 2000
Maybe there is another way to do this and get the effect your looking
for.
There is a device you can get from http://www.tigicorp.com/that you plug into your
system as a hard drive that acts as a 5.25 form factor hard drive. It
For production, never less than two. The max depends on your usage and your
WAN configuration and network stability.
If you have heavy usage due to apps like Exchange, you *may* need a couple
of more. I think the calculation is one GC CPU per 2 Exchange CPUs or
something like that? Though I am
I don't believe that message is tuneable without
modification of the GINA.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Thursday, May 20, 2004 5:24
PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] OT,
How to change wording on screen when computer
For Case 1, if Stefano has run NTDSAtrb then it shouldn't
be a case of first one wins. One of the two mailboxes should end up with
NTDSNoMatch in Custom Attribute 10 (either automatically or manually), so that
one will get the placeholder account. He will need to set permissions on that
Set up a debug mode on the script, when you are in that
mode (say an environment variable is set to something), the logon script will
run visible and slowly with a pause between each step and echo everything.
Alternatively set up a whole debug script. That way you can see the errors that
it
Title: Message
Winproxy will transparent proxy, cache, port map etc... most things you
could need from a proxy app.
I would go for Squid personally but you did specify you wanted a
W2K platform.
Rob
-Original Message-From: Roger Seielstad
[mailto:[EMAIL
Title: Message
It has
as many third parties use it as a back end...
http://www.acmeconsulting.it/pagine/opensource/squid/squidnt25.htm
-Original Message-From: Roger Seielstad
[mailto:[EMAIL PROTECTED] Sent: 21 May 2004
14:01To: [EMAIL PROTECTED]Subject: RE:
Ok sorry if I beat a dead horse here Lana but I have found
if the domain controller policy isn't set on DCs then any K3 DCs have a local
policy that will kick in SMB Signing. You can verify by going to the K3 DC and
running from the command line secpol.msc and then looking at the actual
Title: RE: [ActiveDir] a good software for cache on windows 2000
There are a number of appliances you could use as
well. Especially, if you are a cisco shop, you would already have a great
feature. Although proprietary, Cisco's Web
Cache Control Protocol (WCCP) allows you to transparently
I like the
etiquette rules, especially useful reminder:
"We have the
right to exploite, humilate, delete, ignore, or coddle any person at anytime for
no other reason than Our Own amusement."
and what's up
with those pink...errmm..stuff, you reguire to wear while reading FeMail? That's
Title: Message
1) No
problems.
2)
When you say u are incorporating NAT.. for what reason? Purely for internet
access? Why do you need to change your internal range to use
NAT?
Chnaging your range isn't really too much of an issue... you just
need to make sure you plan it out first, i.e.
Do you know of a good software for making
modifications to the GINA?
Ryan McDonald
Systems Administrator
joe [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
05/21/2004 09:35 AM
Please respond to
[EMAIL PROTECTED]
To
[EMAIL PROTECTED]
cc
Subject
RE: [ActiveDir] OT, How to
That site is great and thanks! I got
the main login screen changed but could not find where to change the message
that is displayed when the computer is locked.
Ryan McDonald
Systems Administrator
Craig Cerino
[EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
05/21/2004 09:10 AM
Please
Title: Message
Very cool. Didn't know they had that port. That's cool.
Wonder if they're gonna port it to .Net ;)
I'm gonna have to play with that a bit, although as I said,
I use the Unix version quite a bit already.
--
Roger D.
For Exchange, it's one GC processor to every 4 Exchange processors.
- Original Message -
From: joe [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 21, 2004 9:33 AM
Subject: RE: [ActiveDir] how many domain controllers ?
For production, never less than two. The max depends on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm wondering if anyone has accomplished the following:
Provided different security policies to multiple DC's within the same
domain, but different OU's for field techs to manage resources on
just that DC without giving Server Operators rights.
I
That's pretty rough though.If all of your users are like me, you
probably need more GC processors for each Exchange processors. If like
my dad, probably less.
Bottom line: adperf perfmon are your friend. There's no substitute for
real-world perf monitoring and proactive resolution of perf
Title: Message
Thanks Robert
for your reply.
We are
rolling over to a new ISP and have been wanting to get my workstations off of
public IPs.
For
security reasons.
Thats the
reason for the NAT.
I only have
two DCs
John Parker, MCSE
IS Admin.
Senior Technical Specialist
Yep I completely agree about perfing and baselining... Hence the statement
Though I am never a huge fan of just paper
guessing, it may work for 80% of the places
and you have one that doesn't fit that model.
Joe
P.S. Hi Brian.
-Original Message-
From: [EMAIL PROTECTED]
I like Joe Richard's option - DCPromo it out, let the tech work on it, and
DCPromo it back in
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Chris Lynch [mailto:[EMAIL
Title: Message
Oh
OK.. didn't realise you were on publics.
The
only thing to watch is that your DC's register correctly.. which they usually
do. I have performed many range changes and it's straight forward from the AD
side. I always prefer to physically bounce a DC after changing it's IP
If you want a real
shocker, go to the Inside Home
Me thinks
this an Alternative Lifestyles Site.
Thanks,
Raymond
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Svetlana
Kouznetsova
Sent: Friday, May 21, 2004 6:32 AM
To: [EMAIL PROTECTED]
Subject: RE:
Title: RE: [ActiveDir] how many domain controllers ?
The architecture we have adopted calls for one DC at each WAN-isolated location. Even the sites that have several thousand user accounts only have one DC. The DCs are reasonably beefy quad-proc servers. There are roughly forty WAN
Yes, just install the ESM on the DC
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin
Sent: Friday, May 21, 2004 1:54 PM
To: Active Directory List
Subject: [ActiveDir] MS Exchange
Tools on Domain Controller
I have an Exchange server and
Thats it? Cool.
Okay..I will give it a try.
Thank you again for the reply.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Friday, May 21, 2004 1:56 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MS
Exchange Tools on Domain
That is it however, that brings up the question... Is
Exchange Admin something you should be doing from a domain controller? As a
general rule you shouldn't be logging onto DCs very often, that way leads to
mistakes and problems. You manage the stuff from workstations. Let servers just
Title: Message
*CONFIDENTIALITY NOTICE*
This e-mail may contain information that is privileged, confidential, or otherwise exempt from disclosure under applicable law. If you are not the addressee or it appears from the context or otherwise that you have received this e-mail in error,
LOL.
I haven't gotten to the point of formatting my own LDAP
packets but I have gotten to the point that I am trying to decode them.
I did that to work out how the UDP ping stuff was working,
now have to still decode the formatting. Looks like ethereal understands it so I
can probably
Title: RE: [ActiveDir] how many domain controllers ?
One thing to consider is what happens to your WAN if the
lone DC in a site with several thousand users dies. Maybe it's ok, maybe not.
I'm guessing that the user experience will be sub-optimal
:-)
Hunter
From: Sitton Glen E
Title: RE: [ActiveDir] how many domain controllers ?
As long as there is DNS resolution (say you aren't using a
centralized DNS) you should be ok. Domain stuff isn't really heavy unless you
have Exchange or something like that beating on it. I have found that WAN site
DCs tend to be mostly
Title: Message
I use
Perl's Net::LDAP (which builds it's own packets) for all of my AD code, does
that count as studly?
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Gil KirkpatrickSent: Friday, May 21, 2004 12:26
PMTo: '[EMAIL
Hmmm... It might be possible, but is it secure in such a configuuration? I wouldn't
want to bet on it.
Paul
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sean
Sent: Friday, May 21, 2004 2:48 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] a good
Title: Message
Only if you wrote Net::LDAP. ;o)
However just using perl makes you an all aroundgood
guy. :o)
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken
CornetetSent: Friday, May 21, 2004 3:56 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP
filter
I
Title: RE: [ActiveDir] how many domain controllers ?
That's two different scenarios, though, yes? One is the DC
is down but the WAN is up, the other being the DC is up but the WAN is down. In
Glen's layout, I'd be more concerned with the former, as my luck would
havethe DC dropping at about
Title: RE: [ActiveDir] how many domain controllers ?
Ah sorry read your post backwards. Valid point. However as
long as it was up during the morning logon rush I would still expect it do
pretty well.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Coleman,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I know. I agree that this isn't good security practice. I wouldn't
recommend this as well. But, for the lack of space in most locations
(and we are only talking about 4 locations), we would just like to
give the local tech access to that DC only
Title: Message
That's
they key phrase ... as long as it is up. If a DC were to go down
inone physical location, I'm sure the user experience would be less than optimal,
but business would be able to continue.Since we're only beginning
the mass user migrations, I don't have any real-world
I only have 15,000 messages in my mailbox or something like that. It's under
1GB I think. More than most of the teachers combined.
What'd I say I would do?
--Brian Desmond
[EMAIL PROTECTED]
Payton on the Web! Http://www.wpcp.org
v: 773.534.0034 x135
f: 773.534.0035
-Original
You are of course right about LDAP being primary a directory and not
authentication protocol, but Linux's support for multiple Kerberos
realms is not good enough and it is what I have in my environment (two
W2K3 forests with cross forest Kerberos trust). I would prefer using
Kerberos for
I know this is off track but...
Joe, if you only have a single domain do you get any benefit making them all
GCs? Or any GCs?
Dan
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: Friday, May 21, 2004 6:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] how many domain
I saw there was a thread that referenced the article I
wrote a while ago for Windows .Net mag about how to control the DC location
process. I seem to have lost the thread somehow, but if you'd like a copy of the
article, you can download it from our website at
If you excuse me, I will break the inline pattern ;). It got too
unreadable.
I have seen the interoperability doc. I have also read the whole doc
mentioned in the post. It's a very good reference, but is lacking any
description of Kerberos deployments in multi-realm environments.
Personally I had
LOL. This week I had a chat with a guy from Novell. And as I do not know
much about NDS, but have some clue about AD, I was interested in the
differences between both directories. The ability to split partitions
and the replication traffic were among the things he mentioned. And my
reply was the
my cio wants to use Go To My Pc to acces his pc remotely and he would like other
managers to use this as well.
i think its really insecure and a bad bad idea.
my first question is, how does Go To My Pc really technically work? i can't find any
real details. i know it connects to their server on
Tell your CIO he's management and to butt out of the technical aspects.
Stay with the Cisco concentrator and have him use Terminal Services or
Remote Desktop.
-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED]
Sent: Friday, May 21, 2004 4:33 PM
To: [EMAIL PROTECTED]
Subject:
yeah, but how does it work on thieir end? do you need to provide port address
forwarding on your firewall/router?
what ports do you need to open up?
how is remote desktop web client more secure(aside from the fact you are not going
thru a third party server)?
thanks
-Original Message-
Ha ha. Apparently Al is fond of CLMs (Career Limiting Moves). Tom you
might perhaps suggest that any solution that goes through a third
party's servers by definition means that you lose control over the data.
Given that it's the officers of your company, that could represent a
serious breach of
Yep, and hope they don't have the desire to do more... Because you aren't
stopping them.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chris Lynch
Sent: Friday, May 21, 2004 5:11 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Domain
I seem to have lost the thread somehow,
The thread I remember was from this February, titled "
logon server discovery"
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
KirkpatrickSent: Friday, May 21, 2004 3:41 PMTo:
'[EMAIL PROTECTED]'Subject: [ActiveDir] DC locator
Sure. Keep in mind why GCs are needed. Native mode logons... UPN
resolutions... Any script or application that calls out to a GC first to
find something and then bind later to a DC. You don't have to worry where
the infrastructure master is located. If you have a simple empty root with
single
Title: Message
On the neighboring DC thing you might want to investigate
that. It isn't the case where the local DC stops functioning, the next closest
kicks in and starts working... If the local DC isn't working, unless you have
changed your defaults the next DC to be used could be ANYWHERE
If memory serves me correctly Server Operators is going to put them
under the umbrella of AdminSDHolder so you'll need to consider what
delegation has been done on them. They'll be un-delegated (so to speak)
next time SDProp kicks.
I would like to go on record as having said I don't like this
Ah - multirealm issues. I understand. Actually that support sucks in
MIT/Heimdahl, Linux is just a victim of it. Of course the MIT response is
simply Well just use one realm.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky
Hey, ~Eric said what I said, he just said it nicer and in more words. The
first doesn't surprise me, the second, immensely so.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Friday, May 21, 2004 8:34 PM
To: [EMAIL PROTECTED]
I'll never use the word always to describe any scenario, but I'll be so bold as to
refer to this scenario as often doable without syncing to another directory. Always?
Definitely not. But often, and I might even go so far as to say usually. :)
~Eric
-Original Message-
From: [EMAIL
My advice is nothing new... I'm going to say the same thing as ~Eric and
joe -- but with a stronger security warning (and at the risk of
repeating another recent discussion on this list.)
You should trust the techs that can log on locally to a domain
controller just as much as you trust your
Thanks Bob. It must have rolled out of my
Outlook folders.
-g
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Friday, May 21, 2004 5:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DC
locator article
I seem to have lost the thread
Id
like to reinforce Joes point. I go by the following rule of thumb
A Windows machine is only as stable as the worst piece of software
installed on it. The less of anything installed on any critical
machine, the better.
Logging
onto a DC should be an absolute no-no unless something
Lana,
I'm going to go out on a limb here and say that it's probably a good idea to demote the Win2K3 DC and repromote while making sure that the DNS resolver is pointed at a Win2K DC/DNS server that host the _msdcs zone for the forest. I think that server is in a sufficiently weird state that
86 matches
Mail list logo
