Daniel
Well, one option would be to simply skip the Global Group part and add your accounts
directly to the UG.
A problem with UGs in Windows 2000 AD was that they potentially created a lot of
replication traffic between GCs. Any change to a UG membership would result in the
whole
yes, for DLs this would definitely be an issue - in a multi-domain
forest be sure only to use UGs as DLs... (and DON'T nest GGs into the
UGs). In a single domain forest it doesn't matter.
/Guido
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
Hmmm, my MCSE study guide says to login using Safe Mode to get around GPOs
that stop interactive logons (I only remember this because it's not
something I've heard/seen mentioned before). I assume that's not a goer
then?
Cheers
Ken
- Original Message -
From: Aaron Visser [EMAIL
Hunter,
that worked perfectly. Better yet, after studying what you added, I think I
actually understand it! J
Thank you!
mc
From: Coleman, Hunter
[mailto:[EMAIL PROTECTED]
Sent: Monday, July 26, 2004 6:45
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] setting
We're majorly
scr*wed right now. Someone linked our default domain controller policy to
our whole domain yesterday. That really foobars log on locally rights on
every PC. Of course no one will fess up to it. I just enabled
Success auditing of Directory Service Accesses as we were only
The time on workstations, servers, and DCs within your forest should
converge to the time of the PDC role holder of the root domain.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;224799
-Original Message-
From: Rimmerman, Russ [mailto:[EMAIL PROTECTED]
Sent: Monday, July 26,
Resetting the computeraccount in the OU?
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Namens Ken Schaefer
Verzonden: dinsdag 27 juli 2004 13:26
Aan: [EMAIL PROTECTED]
Onderwerp: Re: [ActiveDir] Any way out of this mess?
Hmmm, my MCSE study guide says to
Should be ok to simply remove the link. The settings from the DDC GPO should not
persist after removal.
Tony
-- Original Message --
From: Rimmerman, Russ [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Tue, 27 Jul 2004 08:34:19 -0500
We're majorly
What started this? Was it after a specific patch?
-Original Message-
From: Jacob Stabl [mailto:[EMAIL PROTECTED]
Sent: 27 July 2004 15:21
To: [EMAIL PROTECTED]
Subject: [ActiveDir] LSASS.EXE!
Ok I have been having this problem for quite a while and I have been
ignoring it because I
I saw this on one of our test bench DCs. IIRC, I applied MS04-011 and that
resolved the problem.
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Hunter
-Original Message-
From: Jacob Stabl [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 8:21 AM
To: [EMAIL
Are you using Windows 2003 Server or Windows 2000 Server?
Also do you have event log info that you could post which corresponds to
these shutdown events?
r/
Lou
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl
Sent: Tuesday, July 27, 2004
Have had the same at a customer...no virusses found etc...
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
applying that patch resolved the problem for me.
Gr Jorre
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Namens Rutherford, Robert
A client computer (or server) in AD will synchronize with the DC that it
authenticates and establishes a secure channel with, the browse list has
nothing to do with AD time synchronization. Time will automatically flow
down AD from the forest root.
The 9x clients can't do NTP in the absense of
Try downloading and running MacAfee Stinger, as it usually finds worms
that other AV software don't. And patch!!!
http://vil.nai.com/vil/stinger/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter
Sent: Tuesday, July 27, 2004 10:29 AM
My bets are on Sasser. Reapply MS04-011 and reboot.
Diane
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rutherford,
Robert
Sent: Tuesday, July 27, 2004 7:28 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LSASS.EXE!
What started this? Was it after
I had the same issue. Definitely don't have sasser. Windows 2003, and
it's happened once or twice on one of the DC's
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ayers, Diane
Sent: Tuesday, July 27, 2004 9:37 AM
To: [EMAIL PROTECTED]
Subject: RE:
I have a
VB script that I wrote to create contacts I suppose it could easily be
modified to generate users. It reads
input from an Excel spreadsheet in CVS format, checks for duplicates, and
generates an error log [if needed] as it goes. Contact me off-list and I will be glad to share
The biggest problem you'll face will likelybe
automated leveling of accounts across resources such as Exchange and
databases. The rest of it's really easy to script. Lifecycle
management is better handled with third-party tools or MIIS sincethey
handle the removal of accounts from systems
I have seen, on w2k3 DC's, lsass crash and the server reboots...which
sounds a bit different from what you experienced ? If you have a
corresponding DS Event Log warning (1173) then this hotfix might be for you:
http://support.microsoft.com/default.aspx?scid=kb;[LN];826819
Also, have seen
Nathan,
Would you happen to be using
Datatel for student/staff/faculty records??
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brown, Bill [contractor]
Sent: Tuesday, July 27, 2004 1:02
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Batch
Account Creation
No, we're actually in the process of moving to Power Campus
from Jenzabar's PX product. It's a big summer of upgrades for
us.
Thanks for the responses.
-Nate
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Doug M.
LongSent: Tuesday, July 27, 2004 10:33 AMTo:
[EMAIL
If you obtain a dump from the next occurrence I could take a look and
probably resolve the issue for you.
~Eric
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Johnson, Chris
Sent: Tuesday, July 27, 2004 11:40 AM
To: [EMAIL PROTECTED]
Subject: RE:
Hey Group,
Does anyone know of a website that is more for AD or Exchange Admin
jobs, other then Monster or Hotjobs? I thought that if anyone knew, it
would be this group.
Thanks,
S
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List
Hello all
I am looking to expand the amount of storage space
on the network and am considering a NAS solution running Windows Storage Server
2003 (WSS). I am looking for feedback on NAS in general and WSS in particular.
Are there any AD or licensing issues with WSS? (My hunch is that
Dice is usually good, you need to be careful how you search there though
to find jobs labeled incorrectly or with the wrong keywords.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff
Sent: Tuesday, July 27, 2004 1:17 PM
To: [EMAIL PROTECTED]
there are a lot of provisioning and sync-apps that can do
this for you in a very automated fashion - search for "user provisioning" and
you'll get lots of hits on google
alternatively, you can leverage the new DS cmdline-tools
from 2003 (DSADD, DSMOD etc.) and/or a couple of scripts that
Is there a way within AD and other security settings to allow a Desktop
Support section the ability to create and maintain printers without
putting them into the local admin group on the servers. Currently we
are not using the Printers OU for AD. The printers are added the old
way thru the add
Sounds like something to do with ticket type. This may help, as it helped me with
a samba/AD integration problem.
http://support.microsoft.com/default.aspx?scid=kb;en-us;833708
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Chris Flesher
Sent: Tuesday, July
Are there any AD or licensing issues with WSS? (My hunch is that AD views
this as just another member server). Dell offers an OEM version. Any issues
there?
It's just another member server, like any other. It's only available through
OEM.
It seems that the NIC would be a huge bottleneck. Is
Make an OU for desktop support add users there
In printer propertiessecurity tab add OU there and give full rights...
Never tried but guess that's the way.
Gr J
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Namens Cothern Jeff D. Team EITC
That lets them modify current printers yes. But not create new ones.
Which is my dilemma.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Quatro Info
Sent: Tuesday, July 27, 2004 4:36 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD and printer
Chris,
Here is a response from our Kerberos
guy regarding your question:
Mike
Thommes
Argonne National Laboratory
-Original Message-From: Engert, Douglas E.
Sent: Tuesday, July 27, 2004 3:46 PMTo: Thommes, Michael
M.Subject: Re: FW: [ActiveDir] Kerberos interoperability
question
32 matches
Mail list logo
