It works in Spanish.
On 5/22/05, Rimmerman, Russ [EMAIL PROTECTED] wrote:
From: Rimmerman, Russ [EMAIL PROTECTED]To: ActiveDir@mail.activedir.org
Return-Path: [EMAIL PROTECTED]X-OriginalArrivalTime: 22 May 2005 03:42:23.0132 (UTC) FILETIME=[43819DC0:01C55E80]X-imss-version: 2.025X-imss-result:
Hello ;-)
I had a strange issue yesterday.
An administrator who has full control(ct) of his OU and the child objects, was
not able to modify a user account properties or password. The security option
of the user object shows that the admin was not on the user object acl: the
inheritance case
Hi,
In my opinion the following recovery situations exist when it comes to AD:
(1) Accidental object deletions
(2) Your forest/domain drops dead
(3) A DC drops dead
(1) Accidental object deletions
I agree with Joe that people should only have those permissions needed to do
their work and this
Where the heck does Last success @ 1952-08-19 22:59.10. come from? I know
MS uses the year 1601 as the starter date, but I have never seen 1952 or
something else before AD was ever available.
In this case as you're already doing... kill the old DC and rebuild it
CHEERS
#JORGE#
-Original
So if I read this correctly, I don't need to get a license for win2k/xp clients
to work?
I only need a license to be legal?
How do those clients know to use the license I bought and not the built in one?
What's the point in getting licenses if all your clients are 2k/xp then?
Thanks
Hi,
Have you seen Delegated permissions are not available and inheritance is
automatically disabled (http://support.microsoft.com/?id=817433)
This article describes how you can configure which default protected groups
are protected or not by the adminsdholder object. Although possible I do not
I think Jorge summarized the issue quite well, and pointed out some important
considerations. I hope MS is paying attention to this thread b/c there are
some customer needs here that would be (I think) easy to address in future
releases.
1) I do know that there are some VERY large companies
Hi Jorge,
WAAOOU ! Endeed i was not aware that print operators group was able to log on
to my DCs and do task as reboot !!
And yes,my DCs are also prints servers. maybe it's not good for security...
but it's hard to convince my direction to buy a server ONLY for printers
purposes.
How strange, you're the 2nd person that's asked me that in as many days :-/
No particular ordering -
1. Caching Global Groups
- sugar coatedcauses additional admin. requirements/sugar coated
- non-sugar coatedridiculous, why cache what the DC already has
explicit knowledge
For the sake of security you could move the print server role to other
server(s) in your environment that are member servers. In this case you
cannot use the print operators group if a member server is the print server.
You need at least permissions to:
* Create printer instances
* Install printer
What I mentioned also applies to some other built-in groups...
see also
http://www.windowsecurity.com/articles/Built-in-Groups-Delegation.html
#JORGE#
-Original Message-
From: TIROA YANN
To: Jorge de Almeida Pinto; [EMAIL PROTECTED];
ActiveDir@mail.activedir.org
Sent: 5/22/2005 3:56 PM
Title: RE: [ActiveDir] Adminsdholder Propertiy Qustion...
Thanks for all the technical
links, i've began to read "Delegated permissions
are not available and inheritanceis automatically disabled", and il looks very
interesting. with many workarounds concerning my
needs..
Go now
Ouch. Hasn't replicated since 1952... That is certainly
interesting. I would say that is a bug somewhere though I guess it could
represent a corrupted LDAP attribute value holding the replication status info.
:o)
Out of curiosity I would look at your replication frequency
and and try to
1. I expect so. I also know of very large companies who have looked at and
rejected the idea. It comes down to the admins at the company and what
guidance they have received. I don't think there is anything saying the
mechanism isn't supported. In fact we have had at least one person on the
list
I like it when Dean posts longer answers.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Sunday, May 22, 2005 10:25 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Sticky group membership - Solved
How strange, you're the 2nd
Yes, I am strange - thank you very much. And, Bob's your Uncle, I know have
the information that I needed.
Thanks, Dean!
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Sunday, May 22, 2005 9:25 AM
To: Send - AD mailing list
I think that you just like when Dean posts answers - period.
;o)
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Sunday, May 22, 2005 12:06 PM
To: 'Send - AD mailing list'
Subject: RE: [ActiveDir] Sticky group membership - Solved
I like
Yeah1952, nice huh? ;-)
I love starting a new job and seeing an AD
setup like this!
We have one site, replication is still
trying and incrementing the number of failures. Its still under 60
days; so I guess technically I *could*
turn replication back on and we *should*
be ok, Im just
(1)
In the Netherlands when you own a car and you drive with it, by law you at
least must have a basic insurance that covers liability. This simply means
that when you cause damage with your car the other party gets paid to repair
their damage. You, however, have to pay for your own damage.
This
Hi Dean :-)
So if I've understood your first point correctly, there is no benefit at all
to caching Global Groups, not even performance, e.g for LDAP searches?
They're simply lumped in there because they cannot be differentiated form
UGs.
Tony
-Original Message-
From: [EMAIL PROTECTED]
20 matches
Mail list logo