Hey all,
I am trying to create an image for Windows 2003 member servers for our
domain and the SMS/Tivoli folks want to keep the default directory for the
OS load at C:\WINNT. I have gone through the setup many times booting from
the CD and walking through the menus, but there is no option for
I solved the error temporary by switching both DNS servers back to primary
and secondary DNS servers. I will double check FSMO roles.
-Z.V.
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Rochford
Sent: Sunday, June 05, 2005 5:32 PM
To:
I believe you can do this using an answer /transform file for the
unattended install process.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta Nathaniel
V Contr NASIC/SCNA
Sent: 06 June 2005 12:06
To: ActiveDir@mail.activedir.org
Subject:
Ok, but I am trying to do it from an install that I am doing interactively.
Isnt there some kind of command line switch or something like that for
WINNT.EXE? I looked through the switches again, but none of them say they
are to change the install directory.
Nate
-Original Message-
Hi to all on the
list.
Forgive me if this
subject has been covered, as I am new to the list. I manage a school
network, and one of the issues I face is that an AD user account, the user
profile and the user's home directory share are inextricably linked. I need to
be able to create users
Hello,
I implement LDAPs (SSL) in my windows 2003 DC. Do I need to enable ipsec
service for LDAPs to function ?Is there any dependancy between LDAPs and
Ipsec or could I safely disable Ipsec service.
Thank U.
Cheers,
Yann
List info : http://www.activedir.org/List.aspx
List FAQ:
There is no dependency between IPSec and the LDAP/S function. That being
said, is there any reason that you NEED to disable IPSec? I'd leave it
running - but that's just me.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Monday,
I am trying to figure out the best way to re-image our labs (XP only)
without any interaction. Currently we are using Ghost 7.5, and it will
add the machine account to the domain, but doesn't actually join the
machine to the domain. This would be fine if the machines only needed
re-imaged twice a
No, sorry to say that there isn't. The installer is designed to take this
type of input from an answer file, and stipulated by the /u:file name
parameter.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta Nathaniel V
Contr NASIC/SCNA
Sent:
Thanks for your input.
Yes I'd like to disable services that do not need to run on DC in order to
reduce open ports :-), and i do not need Ipsec service for my DC BUT only LDAPs.
Regards,
Yann
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Rick
If you have already figured out a way to come up with a unique computer
name, you're in great shape.
To join the domain, you can do one of the following:
OPTION #1: SYSPREP SCRIPT
In your SYSPREP.INF file (if you're not familiar with what this file is,
ask and I'll elaborate), include the
Rick's right... has to be done in an ANSWERFILE. HOWEVER, you can
create an answer file with ONLY the parameters you need, and leave all
others blank. Launch the installation with an answerfile (winnt /u or
winnt32 /unattend) and it will PROMPT you for all non-answered
parameters... i.e. it's
I am confused - are you looking for the cloned machine to join or NOT
join the domain?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long
Sent: Monday, June 06, 2005 11:32 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Cloned
Ive had good luck finding solutions
like this using Google a hint is to use _vbscript_ as a
keyword, e.g. _vbscript_ users (home directories OR home
folders) Last I looked I found a lot of samples of this kind of
thing. Unfortunately I didnt capture the one I thought was best
sorry.
We've had issues with reimaged machines and the 30-day secure channel
machine password.
A machine reimaged with an old image has an old password. The only
solution after imaging seems to be remove from the domain and re-add.
Since I'm the network side vs. the user machine side, I have the luxury
Trust me on this You're going to WANT IPSec in the near future. Check
out Domain Isolation with IPSec white papers on the Microsoft site. I
don't have the links available at the moment.
This is important now, and will become even more important when and if you
decide that you have a need
Title: RE: [ActiveDir] DC's not communicating with each other
Do you know how to get the AD Fixed at this point?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
BrownSent: Friday, June 03, 2005 11:22 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC's
Additionally, is there a reason you would dcpromo it and then restore
the system state? Do you need to maintain something from there? Some
other applications that are running on the DC?
As Jorge mentions, that would be a good reason to backup the system
drive as well. If you don't need this,
Gil must be OOTO today :-)
mc
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark
Sent: Sunday, June 05, 2005 8:11 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Seeking AD monitoring software recomendations
What is the biggest difference
There are many create user scripts that
you should be able to alter to suit your needs. I would try Windows Script
Center (just google that,
and youll see it). Also, Robbie Allens site at www.rallenhome.com, and Clarence
Washingtons script site at http://cwashington.netreach.net
mc
Hi All.
I have a question about DFS.
Does DFS will use maximum of my bandwidth? If it is so, than how can i
take benifit of DFS without Compromising bandwidth utilization. (also
what can i do about DFS Replication for best network performance)
I have over 50 shares. Kindly Suggest.
--
Ravi
50 shares means nothing... How much data do you have to replicate and
how much data do you expect to change for each replication cycle? How
many DFS partners and what size pipe(s) do you have between them? What
type of data do you wish to replicate and how often?
There's a big difference, say
Thanks
This means DFS should work fine for me. I Need not to think much as i
have no big requirements of shares on my network the data is hardly
55GB. and an assumption is that my shared data is updated by around
5% everyday (approx 25mb).
On 6/7/05, Joe Pochedley [EMAIL PROTECTED] wrote:
50
Ravi,
Though your thought process is likely correct for your environment, I think
that the math is off just a magnitude:
55GB * 5% = 275MB
So, rather than being ~1MB per hour over a 24 hr. period, it's closer to
12MB per hour over the same 24 hr. period.
You know your infrastructure - the
Douglas,
There are some registry settings that turn of password changes on the
machine. This means that since the machine password is always the same you
can simply reinstate the image and it will still be part of the domain. Not
sure of the keys though, will check at work today.
When we first
Hi All,
I have a very specific problem I need help with. Automatic updating is
partly working: the critical updates are recognized, but never
downloaded, because the Background Intelligent Transfer Service (BITS)
service won't start on this PC.
When I try to start it, I get this error message:
Hi Ravi
From the microsoft.public.windows.backgroundtransfer newsgroup:
It appears that you do not have the following directory on your machine:
%ALLUSERPROFILE%\Application Data\Microsoft\Network
Create this directory and then do a 'net starts bits'.
Tony
-Original Message-
From:
Hi Tony,
Thanks a Ton its working fine Now.
--
Ravi Dogra
On 6/7/05, Tony Murray [EMAIL PROTECTED] wrote:
Hi Ravi
From the microsoft.public.windows.backgroundtransfer newsgroup:
It appears that you do not have the following directory on your machine:
%ALLUSERPROFILE%\Application
Looks like WSUS is ready for production
http://www.microsoft.com/windowsserversystem/updateservices/default.mspx
And here is some info for Exchange 2003 SP2
http://www.microsoft.com/exchange/downloads/2003/sp2/overview.mspx
winmail.dat
Trying to delegate control to a group of admins for user
account creation, simple enough However at this point I can not get
past the UNIX attributes tab with out the following error message:
Unable to modify the property object values:
Check credentials
There could be network
Hi
Alex,
I read
the doc's briefly. Are you are running a UNIX NIS server and your AD controller
is a slaveor did you set your AD controller to be a NIS
master?
Jose
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Alex
FontanaSent:
With SP2 and a feature pack you also get push email to windows mobile phones.
Mark
-Original Message-
From: Crawford, Scott [EMAIL PROTECTED]
Date: Mon, 6 Jun 2005 19:33:30
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FYI---WSUS released, Exchange 2003 SP2 coming
Thanks for
This may be a stupid question, but did you
make sure the NIS
server was running (along with the mapping service and other SFU services)? The
SFU 3.5 NIS service will not start automatically when I restart my server, just
wondering if you might have the same problem and havent noticed it. I
Yeah that is a sucky COM error. Basically means, something
screwed up in the createmailbox method invocation but Exchange doesn't want to
tell us what it is. If this is all in quicksuccession, I wouldn't be
surprised if it was a replication type issue. Hopefully when my non-CDOEXM
version
I would ask them why they need this. It may make things easier for them now
but at what point do you adopt the standard structure from MS? You could
possibly run into other apps that have issues with this. I can't think of
any valid reaons for doing this other than it is work for someone who
When have you found it not to resolve. This env var is pretty important, it
is laced all through the registry for Windows Services and applications.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Monday, June 06, 2005 1:53 PM
Ditto, last environment I did ops for was 250k users with about 400 DCs. It
is entirely based on the WAN configuration, if it was all high speed
guaranteed connectivity and you could bring it down to probably 50-60 DCs,
less if x64.
-Original Message-
From: [EMAIL PROTECTED]
Im pretty sure weve had this discussion here before, but I
cant find the thread. :( I need to programmatically purge a fairly
extensive list of mailboxes across more than a dozen mailbox servers. I cannot
wait the retention time, and I certainly cannot run the cleanup agent on 12
servers x
My current gig, we have a distributed 650 site hub/spoke environment. We're
gradually rolling DC hardware out to these sites as we get them into our
enterprise forest. A remote location here can be anywhere to a couple
hundred objects (users and computers) to approaching ten thousand (users and
Recipe 17.13 in the Windows Server
Cookbook...
It is probably on Robbie's website somewhere, I would post
it here but I am not clear if I have the rights to even though I wrote the
script. I believe it is owned by O'Reilly.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Danke. Just that Im running on Ex2000.
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of joe
Sent: Monday, June 06, 2005 10:21
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Purging
Oh... I think you are screwed. :o)
I once looked at alternate methods to do this and mailbox
reconnects but it was all MAPI based and MS was very ungiving in terms of
documentation around this stuff. What I got working was so incredibly flakey I
didn't trust it and it never made it out of
Does mbconn purge mailboxes? I just looked at it and it s like it only reconnects
I think
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, June 06, 2005 10:42
PM
To:
I see where you're coming from on all points here. The IPSec isolation
stuff *IS* hard. And, I really struggled with what to tell Yann on this
one.
OK, OK - I give. I submit to the wisdom of the 'joe'.
;o
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
AD is nis master, I never saw any specifics in the
docs, but any help is appreciated
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Monday, June 06, 2005 5:48
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Permissions needed to
Yup, everything is up and runningwed
have a few hundred users complaining if it werent.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long
Sent: Monday, June 06, 2005 6:14
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Permissions needed
Hi guys,
When, in AD Sites and Services MMC Snapin, one unchecks the bridge all site
links checkbox, what gets updated in the directory?
From what I can tell, this is stored in the Options attribute of:
cn=NTDS Settings,cn=site name,cn=sites,cn=configuration,dc=domain name
and we do an: existing
When you right click IP and select Properties and UNCHECK Bridge all site
links, the attribute options gets bit 1 (value=2^1=2) set on the object
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,root DN.
If you CHECK that checkbox, bit 1 gets cleared.
Basically Bit 1 is for bridge all
Bah. Stop it with that wisdom stuff. You are going to make me stop posting.
8^)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, June 07, 2005 12:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP SSL and
49 matches
Mail list logo
