Hi All,
Not able to connect RDC on windows 2k server
It happened yesterday.. it was working fine earlier
Terminal services has been reinstalled
Vnc is working fine
There is no firewall on the server
Terminal service is working fine showing started status.
No setting has been changed.
I have exactly that, a Servers OU and a Clients OU which I put my Workstations/Servers into.
But the default OU I am talking aboutis where all the computers go to when they are first added to the domain. They are then manually moved to the respective OU once a week.
thanks anyway
[EMAIL
This my default is a container not an OU, so the GPO does not apply.
Mark
-Original Message-
From: Frank Abagnale [EMAIL PROTECTED]
Date: Wed, 5 Oct 2005 00:46:53
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Question for your peers-GPO
I have exactly that, a Servers OU
The user account performing the backup needs to have Restore Files and
Directories rights to be able to perform a backup of the system state.
I know that it's small in the scheme of things, but anytime MS wants to
fix that I'd be happy. In other words, just granting the Back up Files
and
But my default is an OU, I used the redircmp utility to redirect the default location to an OU, not a container.Mark Parris [EMAIL PROTECTED] wrote:
This my default is a container not an OU, so the GPO does not apply.Mark-Original Message-From: Frank Abagnale <[EMAIL PROTECTED]>Date: Wed,
We have used NOD32 here for a number of years. At this point, we will not use
it on any servers. The reason is the .dll that they use to scan the web
interface for viruses and the like interferes with a lot of install programs,
running applications and it will not work with the firewall client
ADMT V3 has been
released.
http://www.microsoft.com/downloads/details.aspx?FamilyId=6F86937B-533A-466D-A8E8-AFF85AD3D212displaylang=en
http://tinyurl.com/bk98u
Mike
Celone
LAN
Administrator
Radio Frequency Systems
v.
203-630-3311
f.
203-634-2027
m.
203-537-2406
[EMAIL PROTECTED]
*** VENDOR INFORMATION - BETA
INVITATION ***
Hi!
Just as
requested below and in the AD Gripes thread, we at Special Operations Software have a new
product coming out soon that removes the limitation of just one password policy
per domainand makes your password policies much more
I'm
having a problem restoring my AD to different hardware. I know there are
some issues but I hear that people have been able to follow some MS docs and get
it done but I can't seem to pull it off.
I
working with a HP server to Dell hardware and in the next week I will be going
from HP
Title: migrating groups with sidhistory
There is an API call which will collapse the groups into a
single group but I don't think I have seen anything that exposes it from any
scripting languages. This is actually on my list of 50 or so tools I want to
scrape time together to build. The call
You can block the Policy/Policies at that OU.
I usually pre-create my computer accounts in the proper OU before joining
them to the domain. That way, I don't have to clean up any default
OU/container after the fact.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory
Title: Change AD Passwords
Well on a Mac with OS 9 which is really out dated we have
no choice but to install Netscape on these computers. Installing Netscape
just for password changing is ludicrous! There should be a way to do this
with any browser. I work for a school district with 80% of
Also, if your Forests are all Native 2003 domains you might look into their
consolidation features. Since none of your names overlap and the zones are the
same you may have better luck. I don't know the details as I've never done it
myself, but it is theoretically possible to merge them
It is? This is the first I have heard of being able to merge forests, the only way I am aware of is migrations. Anyone have more information on this if that is the case?
Phil
On 10/5/05, ActiveDirectory [EMAIL PROTECTED] wrote:
Also, if your Forests are all Native 2003 domains you might look into
You missed the discussion on Saturday. Apparently she spells everything in
the ou manner now.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, October 04, 2005 10:53 PM
I hope you know, how to find the which group policy is applying it.
group policy setting:
User configuration Administrative templates Windows Explorer Remove Map Drive and disconnect map drive
On 10/5/05, Craig Vaughan [EMAIL PROTECTED] wrote:
Hi,
Please bear with me –
You might also try ADModify from the PSS ftp
site. It allows bulk modification and also allows you to narrow down the
focus to certain OU, users etc using limited wildcards.
Bob
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Monday, October 03, 2005
admodify.net is better (and replaces that
tool)
http://www.admodify.net
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
ActiveDirectorySent: Wednesday, October 05, 2005 10:44
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Cleanup of Active Directory...
You
I found it thanks.
CAV
Craig A. Vaughan
Director
of Administration
Commerce Realty and Management Co.
32 Market Ave. SW, Suite 400
Grand Rapids, MI 49503
Phone: (616)454-7700 Ext. 246
Facsimile (616)454-1363
http://www.commercerealty.com
NOTICE: This message
You could also just manually add a proxy address to her
existing account. We do this all the time for several alias accounts such
as hostmaster, postmaster, and security etc.
You can get more flexibility by creatingan
account/mailbox, but why bother if it isn't needed.
Bob
From: [EMAIL
Actually I've always done that, used to get me in trouble in high
school English class. (And grey is spelled with an e, dammit!)
The amusing part of Saturday's discussion, I thought, was the
determination that the British Empire began losing some of its
holdings because of all the time everyone
Look into a product called Office Scan, by a company called Trend Micro. I
have been using this product happily since 1998. It saved me from the I love
you bug and a few rather nasty ones since.
I want my two dollars!
And Joe! Petitioning Webster's to include Joe-isms as an actual word.
Were testing SAV10 in our domain
environment at the moment. SAV9 caused problems with the Appletalk protocol
(Macs couldnt find shared volumes on 2K servers), and caused erroneous
results when scanning the network (every IP device showed up as having misconfigured
FTP, SMTP, and HTTP
You can. It's called Microsoft Virtual Server.
Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Sent: Tuesday, October 04, 2005
I've only been on the list a short time, but I must have missed the
mandatory Trend Micro brainwashing. :-)
So far from what I have noticed there seems to be a set answer to all AV
questions.
Question: I'm curious about the capabilities of NOD32.
Answers (en mass): You should use Trend Micro.
I came this close to ripping out Trend in my office due to the BSOD,
false positives and the infamous Friday incident. They are on probation
right now.
The ones bantered around in our A/V wars discussions:
Symantec [not yellow box but corp]
Sophos
CA
I have a fellow SBSer in AU who LOVES
I think the biggest reason people want to be able to run multiple
domains on one server is the same reason practically no one (except for
SBS) installs just one DC, and the same reason we always install a
minimum of 2 for a domain. We have a forest root and 2 child domains
model, and it takes us
SBS can have multiple DCs. The FSMOs just have to stay on the SBS box. They
can't have more than one domain in their forest because the trust
functionality is shutdown.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
Title: Anyone ever run into this problem?
I haven't seen this myself, and I was curious if anyone else had.
http://support.microsoft.com/default.aspx?scid=kb;en-us;898613
-gil
Gil Kirkpatrick
CTO, NetPro
Don''t miss the Directory Experts Conference 2006. More information at
As a representative of the SBS community there is not a day that goes by
that the 'can we cluster SBS' or 'can I have a hot server' doesn't come
up. [if you have SA you can have a cold server]
With 9/11, with Katrina, with the potential for earthquakes in
California ... honestly... the
In multiple years of doing DR drills at an off-site location, I've
never had a restore AD to alternate hardware process go anywhere
near as smoothly as I'd like. (For anyone who remembers joe's AD
Gripes thread, that was one of my big ones.) I've almost always
needed to resort to a repair
if you set up a server for a select job, lock it down only serve up
static pages.. why 'does' it need to be covered by A/V was the topic
Maybe because if your server can serve anything, it can be served in
return. Where I come from, we call it the scratch my back, I scratch your
back factor
I usually don't run into problems - they come running into me :)
Seriously, I haven't observed this. That may be because I haven't really
looked, or simply because I haven't seen any DNS-related issue attributable
to it. And, what exactly does this break anyway?
Sincerely,
Dèjì Akómöláfé,
I kinda like the idea of running a DC in a VS machine, and having an
online realtime copy of it somewhere in addition to incremental
backups... and you should be able to bring up the vhd on any box, not
just one with similar hardware, and without having to go through Laura's
7 step DR plan :)
Read the thread and see this blog post that Harlan did on the topic. I
don't think it's as cut and dried as this. The idea is that the
webserver in this instance would have no connection to your domain.
http://windowsir.blogspot.com/2005/07/av-software-on-web-servers-revisited.html
We want
Have you guys checked out the PtoV tool on VMware?
Rich Milburn wrote:
I kinda like the idea of running a DC in a VS machine, and having an
online realtime copy of it somewhere in addition to incremental
backups... and you should be able to bring up the vhd on any box, not
just one with
How would LDAP apps easily address multiple AD domains hosted on one server?
What if you wanted to make this box a GC for more than one domain? How easily
can you configure apps like Exchange to cope with this? I say easily because
you talk about SMEs using this function, which are the places
How about the VSMT for VS2005? ;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, October 05, 2005 12:45 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Active Directory wish
Jeri-
(Not sure about the thread this email came attached to but here goes)
Yes, you can use Restricted Group policy for this purpose. Its under
Computer Configuration\Windows Settings\Security Settings\Restricted
Groups. Simply link a GPO to the OU(s) where those laptop machine
accounts reside
What I want is to be able to run multiple domains on one OS installation
and segment the directories from each other. That way I don't need to
run multiple licenses of the OS, nor do I need hardware that can power 4
VMs.
I already run VMs using VMWare in my test lab; it works but I'd prefer
to be
As I understood it, these were the issues MS faced in considering the
possibility of multiple domains on one server. Maybe you could have a
server with multiple offline replicas of domains, and if the DC for one
of those went down, the replica could be brought online as a DC until
the DC could be
I am conducting a scientifically unreliable poll on my site to gather inputs
for my next big thing.
I would really appreciate your stopping by and just clicking a Yes/No button.
Takes less than a minute, and you can go back to doing your usual thing.
What about just doing it in the reverse direction, using the memberof
option as I described earlier this week? It's also described here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q810076
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
You can have additional DCs when using SBS, but the SBS server must be
the domain root.
Dan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Wednesday, October 05, 2005 1:48 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Putting the CA on a DC is a bad idea IMHO. You'd rather have dedicated CA
hardware, because as far as I have gathered, rebuilding CAs can be a real
bitch.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
One of the issues with this is that there are numerous legacy APIs for LSA
that don't have a domain parameter because there's never been an instance of
multiple domains on one host.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL
Title: Most common cause of Active Directory failures?
Greetings fellow travellers,
Here's a quick, informal, non-scientific survey. Please reply to me directly at mailto:[EMAIL PROTECTED] so we don't spam the list with responses. I've got a some swell gifts to give away at random to a
Without a shred of doubt:
C: - This is why I'm putting a DNS book together. Hope you are not doing the
same ;)
G
B
F
D
HTH
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the
In our case (empty root, 4 child domains, 3500 users), it
wasprimarily politics.We brought in two consultants (one from
a VAR, one from Microsoft), and the decision was that the best way to go, based
on politics,geographical location of the offices, and division of
administration, was the
The only thing I know about RMS is what the acronym stands for. However, your
question is about using the DC as the cert server so you don't have to
procure additional hardware, right? There is nothing wrong with that. It's a
supported configuration, and as long as you do your due diligence and
Unless I'm misunderstanding the question, I'm going to say that
that'll be a tough compare since Notes/Domino maps much more closely
to Exchange and Groupwise in terms of functionality. IE, it's a
groupware/messaging/collaboration environment rather than a proper
directory service. In most
Sounds like Microsoft Virtual Server.
Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Sent: Wednesday, October 05, 2005 2:47 PM
You're hardly alone in this. It took a little while
before the touted security of the empty root model was blown open by my esteemed
colleagues at HP (then Compaq). Lots and lots of organizations have
adopted empty-root and other multiple-domain architectures, only to regret it
later.
Actually, it may rumor has it that
there may be some licensing changes coming for the virtualized Windows world
Aric
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: Wednesday, October 05, 2005
5:55 PM
To: ActiveDir@mail.activedir.org
My employer uses Notes. I happen to think it sucks. Notes is kind of like a
app dev platform. You can make programs that run inside notes. It's a real
version of public folders with custom forms. They focus on that and then
happen to have a messaging client.
Thanks,
Brian Desmond
[EMAIL
Of course that doesn't have anything to do with AD.
Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Wednesday, October 05,
I don'tmakerecommendations based
onvaporware or rumors...
Ed Crowley MCSE+Internet MVPFreelance E-Mail
PhilosopherProtecting the world from PSTs and Bricked
Backups!
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard,
AricSent: Wednesday, October 05, 2005 6:31 PMTo:
I will be out of the office starting 10/06/2005 and will not return until
10/07/2005.
I will respond to your message when I return.
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
58 matches
Mail list logo