hey joe - good questions - let me clarify:
1. no we purposely don't - this would cause excessive replication and as
you've mentioned, there's no guarantee that we would be able to write
the value. But the goal of this information is not to show who is
_currently_ logged on a machine (I wouldn't us
Hi Alain, thanks for your response, it all looks very clever. I have tried running the following command: WMIManageSD.Wsf /E2KMailbox:"cn=POTrust,ou=group mailboxes,OU=,DC=spinnaker,DC=org" /adsi WMIManageSD.Wsf /E2KMailbox:"cn=POTrust,ou=group mailboxes,OU=,DC=spinnaker,DC=org" /de
Title: AD Wish list
In my experience, if it’s going to
be in the ,00s, it’s going to be a script. J
Al Maurer
Service
Manager, Naming and Authentication Services
IT
| Information Technology
Agilent
Technologies
(719)
590-2639; Telnet 590-2639
http://activedirectory.it.agilent.com
Thanks, Susan. I imagine if we can establish the trust after applying the
transition pack, we'll be good to go.
Funny about that "Setup cannot continue because the version of Windows on your
computer is newer than the version on the CD." Warning. Had the same warning
and ending experience whe
Do you have
the Functions folder available? It contains a series of functions used by
WMIManageSD.Wsf
Next you must
register the DLL with REGSVR32 in the resource folder. Then you are all
set.
By default,
WMIManageSD.Wsf must be in Folder XYZ while Functions folder must be at the same
lev
The reference is on line 155 of the script. Go to Alain's
site (www.lissware.net) and scroll down to
the link for "Script Kit of Volume 2". Download that and extract the whole
thing...you should get a directory structure, and the main script is in
\Volume_2_ScriptKits\Chapter_04\Sample 4.02
Correction. I meant to say: " Esentutl utility with the /d switch ". Not
Eseutil /d.
Sincerely,
Jose Medeiros
ADP | National Account Services
ProBusiness Division | Information Services
925.737.7967 | 408-449-6621 CELL
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROT
She replied offline, very likely a single bit flip, tragedy, they aren't
one release later (Longhorn), where this would've probably been
non-disruptively handled, logged, and possibly self-healed:
http://blogs.technet.com/efleis/archive/2005/01.aspx
Anyway, this kind of thing is usually hardware
I did? :-) I think I still said all I know is what the poster said :-)
I think I need a course in event log reading because even with the logs,
and the default size of the logs, I still don't see a smoking gun. The
directory services one is filled with events 'post' blow up.
What is intere
Those are fine ideas. You may want to have a closer look at that hardware.
Whichever the vendor, they usually have their own diagnostics. It's time
consuming, but often worth checking along with checking for known issues
with drivers, firmware, etc.
In my experience, I've mostly seen this t
Well at least the corruption occurred on just a single DC. One thing that has
bugged me about Active Directory is not being able to select if you want a DC
in a remote office to not have the ability to replicate back in a large
enterprise environment. Since most remote offices only have a few pe
Will Read Only DC's take care of this? I don't know much about them yet, but it makes sense that if the copy of the dit that a DC has is RO that it won't try to replicate that anywhere and would only be the recipient of replication. Anyone with more knowledge about how RO DC's will work to comment
I was
not aware that Microsoft had incorporated such a feature in AD 2003. I know for
a fact that Microsoft did not have this feature when AD 2000 was first released
because I mentioned it to several Microsoft AD & premier support
specialists and they each confirmed it was not available ( H
We do not replicate corruption so if you have local
corruption as noted below there is no worry that it would replicate around to
other servers in the environment.
Thanks,
-Steve
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phil
RenoufSent: Monday, December 05, 2005 1
I was thinking about Longhorn :) It has been brought up here as a possible longhorn feature a couple of times, but yeah that doesn't help much for the immediate future.
Phil
On 12/5/05, Medeiros, Jose <[EMAIL PROTECTED]> wrote:
I was not aware that Microsoft had incorporated such a feature in A
RODCs are a LongHorn feature. It will be one-way
replication to the RODCs. They will not replicate out anything. If you are on
the LongHorn beta you should be able to test this right now.
But as Steve (one of the really good PSS guys) said
and I can concur as I have seen my share of corrupt
How can I remove the logon.bat from all my user (2000+)
accounts at one time in my domain? I’ve switch to GPO for the logon
scripts.
Devon Harding
Windows Systems Engineer
Southern Wine & Spirits
- BSG
954-602-2469
_
As far as I can recall the new DC model will be very similar to a DNS model
with certain files in a constant replication configuration and the. Information
that needs to be kept safe is cached only.
Mark
-Original Message-
From: Phil Renouf <[EMAIL PROTECTED]>
Date: Mon, 5 Dec 2005 15:18
Try ADmodify for a GUI
tool...
Diane
http://tinyurl.com/5ruog
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding,
DevonSent: Monday, December 05, 2005 12:40 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] remove logon
script?
How can I remove the logon.
Adfind and admod from joeware.net
Adfind –f “(&(objectCategory=person)(objectClass=user)(scriptpath=logon.bat))”
–default –dsq | admod –unsafe scriptpath-
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTE
This is a fairly old and ugly vbs script, and
it only works for one OU in the domain, but it should get the job done. You’ll
need to modify strPathToContainer and strDomain.
Option Explicit
Dim strPathToContainer, strDomain
Dim oUser, oUserContainer
strPathToContainer =
"OU=Stude
If
that failsafe is built in then I am just being a worry wort and I have to admit,
I have yet to experience this particular problem.
Sincerely,Jose MedeirosADP | National Account
ServicesProBusiness Division | Information Services925.737.7967 |
408-449-6621 CELL
-Original Message
One tiny correction :)
Adfind
–f “(&(objectCategory=person)(objectClass=user)(scriptpath=logon.bat))”
–default –dsq | admod –unsafe scriptpath:-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Monday, December 05, 2005 4:00 PMTo:
ActiveDir@mail.actived
Title: AD Wish list
I would have to concur, reporting is pretty heavy duty
stuff.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Monday, December 05, 2005 9:50
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
AD Wish list
In my experien
Here is a little code snippet I posted here previously for
enumerating mailbox permissions
http://www.mail-archive.com/activedir@mail.activedir.org/msg14221.html
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Amy
HunterSent: Monday, December 05, 2005 7:41 AMTo:
Active
Ah, sorry I must have missed the intent. :o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Monday, December 05, 2005 4:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Getting computer name from a username
hey j
Nope, there is no last used. Kind of hard to define last used for a group
anyway, for instance for a security group it would be the last time anyone
from the group logged in and the group SID was stuffed in the user's token.
If you are talking security groups, the best to do is change the group to
It seems I have been answering a lot of questions like this
lately...
You can not put parts of the DN into the LDAP query. The
only way to control what branches a query looks at are
1. Permissions
2. Search base
3. Search scope.
You need to be the most specific you need to be to either
Got it. Thanks
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, December 05, 2005 3:12 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Obsolete Domain groups
Nope, there is no last used. Kind of hard to define last used fo
Select all the accounts at once, then select the properties, then remove the
logon.bat file name from the AD account attribute. It will change it on all of
them at once. This capability was first introduced in NT4 somewhere around
sp5or sp6. Or you can of course script it using the command " net
Novell.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros,
JoseSent: Monday, December 05, 2005 11:24 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Ntds.dit file
corruption
I was
not aware that Microsoft had incorporated such a feature in AD 2003. I
Thanks For the scoop, Joe!!!
And yes, I LOVE ADFIND, but it
doesn’t provide a result set within the MMC… I’m trying to do
an MMC (AD UC snap-in) Saved Query as the basis for a custom Taskpad …
Sorry I wasn’t clear about that. Guess I’m out of luck.
Thanks again, though! At leas
Hi
Dan,
as
joe said you can also modify the search base, so when creating the saved query
select the seach base (it’s on the first screen of the dialog which let’s
you add a saved query, not in the definition of the query itself). Sorry –
don’t have the interface in front of me so I’m n
What is this MMC thing you speak of?
;o)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan
HolmeSent: Monday, December 05, 2005 6:36 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Saved Query for
Distinguished Name Contains
Thanks For the
scoop, J
When you perform a system state backup on a domain controller that is
running Windows Server 2003 with Service Pack 1, Backup may fail:
http://support.microsoft.com/?kbid=909265
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.acti
BDC
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carpenter Robert
A Contr WROCI/Enterprise IT Sent: Monday, December 05, 2005 5:33
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Ntds.dit file corruption
Novell.
From: [EMAIL PROTECTED]
[mailto:[EMAI
For full disclosure I am no longer in the Microsoft
Services organization, I was the last time Joe talked to me where I was an
Advisory Support Engineer (AKA Alliance Support). I am now a Product
Technology Specialist for Directories and Identities in Microsoft's technical
pre-sales organiz
37 matches
Mail list logo