List,
surfing google, realized that it is something that happens with a great
frequency and not just with this specific directory we are using (Active
Directory). Have you ever experienced performing a search to a
directory, through SSL, and the search gets hang?
It won't happen using a ldap
Using ldp.exe;
rootDSE query for supportedExtension will you the OID:
4 supportedExtension:
1.3.6.1.4.1.1466.20037 = ( LDAP_SERVER_START_TLS_OID );
1.3.6.1.4.1.1466.101.119.1 = ( LDAP_TTL_REFRESH_OID );
1.2.840.113556.1.4.1781 = ( LDAP_SERVER_FAST_BIND_OID );
1.3.6.1.4.1.4203.1.11.3 = (
I have a web application which currently has a url of
http://nzine33svr/businessobj/enterprise/infoview
I would like to have some kind of redirector for this web link so that a user
only needs to type in http://webi and it will forward the request to the
correct url.
How can I accompish
DNS only maps names to IP addresses. It doesn't do anything with respect to
paths.
You could point the hostname webi to the same IP address as the host
nzine33svr and configure your web server software to accept requests for
either HTTP host header.
Then, to redirect the user to the correct
Almost sounds like a FTP phishing Trojan. Check the machine for virii with
a couple of up to date scanners as well. I have noticed a marked increase
in port 21 attack traffic as of late. There are any number of Trojans that
can accomplish this as well.
Likewise, do you allow any anonymous
Thank you for the response Al.
To answer your ultimate question, which was “Does that help, or ??”, then I
would have to lean more towards ?? in my case. Not to say you didn’t give some
excellent options, but unfortunately it all boils down to me simply not being
any sort of a programmer
Cool, thanks Lee. It works. :)
Joe
- Original Message -
From: Lee Flight [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Tuesday, January 23, 2007 5:13 AM
Subject: Re: [ActiveDir] Who Am I request
Using ldp.exe;
rootDSE query for supportedExtension will you the OID:
4
If this can happen with any LDAP directory and not just AD, then it sounds
like the issue is with the Oracle SSL stack.
Does the search hang permanently or just take a long time to execute?
Sometimes an SSL operation is slowed down a lot due to client certificate
authentication requested by
What are you comfortable with for administration?
How'd the attributes get populated in the first place?
joe's tool wouldn't be the tool of choice for this problem. To clarify that,
I mean to say that it wouldn't be the only tool because there's logic that
has to occur that is specific to your
I agree with Al in that I don't see an obvious way to do this from a
single command line. The key, as he mentioned, is going to be getting a
list of unique department numbers and section numbers. I'd probably
separate those out into two distinct lists, one for departments and one
for sections.
We're looking at moving to Exchange 2007 (currently on Sun JES IMAP). Is
there anyone out there with a 5 to 10K user base that would be willing
to answer some questions?
tia, al
--
Al Lilianstrom
CD/CSI/CSG
[EMAIL PROTECTED]
List info : http://www.activedir.org/List.aspx
List FAQ
Hello Dmitri,
thanks for your reply. The server I connect to is pre-LH (Windows 2003 I
think), which doesn't support WhoAmI.
You suggested that I read tokenGroups, but I have no user object to read it
from. All I have generic connection to a LDAP server (I need to use the
OpenLDAP library for
Joe, List,
yes! It does sound like it is something with Oracle SSL engine. I let
the process (search) running for more than 3 hours (so I think it is not
a problem of slow communication/authentication) and it never returned.
When it was issued a CTRL+C to abort the procedure (which was running
We have a software developer in our group who has developed a Corporate
Directory application that acts as our internal employee directory on our
intranet. It also includes an administrative side which gives certain
individuals (mostly HR) the ability to create and disable user accounts when
Hey all,
I am looking for an application that can monitor and alert the usage of USB/PS2
devices on the clients (mostly XP). If a user plugs in a new keyboard,
disconnects a mouse or tries to use a DOK - I need to be able to record the
action and trigger alerts based on different criteria.
If you did a bind to the directory with that user object, then you should be
able to do a search to find the user object you used for the bind. This
might only be complicated if you authenticated with a foreign domain user,
but I doubt you are doing that.
The exact nature of the search would
I know nothing about Oracle (never seen it, never touched it), so I can't
help at all there. However, I'd suggest going back to the vendor to help
you troubleshoot this. The fact that the issue seems to be restricted to
their LDAP/SSL stack suggests that they should be able to help
I believe you know how, but may not have the programmatic tool knowledge
yet. I think this is a great oppty to learn though, if you can make the
time.
Since the HR department did this manually, it almost screams that you could
manually do this in same fashion. That's a lot of work most likely.
Thanks for the response Hunter. Yeah, that's pretty much the logic that
I had come down to. By the way, what is the real difference between
Powershell and VBScript anyway? I've been hearing more and more about
Powershell lately, and since I'm going to take the time to learn a
scripting
Yeah, I agree. I see the logic in how to get to the solution, but I just don’t
have the programmatic tool knowledge yet. I may not have the time to hold off
this project until I can figure it out myself programmatically, but I am going
to set aside my evenings at home until I learn how to do
So I have a VBScript that I use to map a network drive to a DFS share,
as follows:
strDriveLetter = S:
strBaseDrivePath = \\domain name\dfs root\share name\
Set objNetwork = CreateObject(WScript.Network)
objNetwork.MapNetworkDrive strDriveLetter, strBaseDrivePath
set objNetwork = nothing
Bonus question: Do you know what you call somebody who gets a dev to do
this kind of coding work? :)
A: Boss.
Of course, the same could be said about the person that told you to setup
the groups like that. But it could be helpful to keep some perspective I
suspect.
On 1/23/07, WATSON, BEN
It's been a while since I've been responsible for mail systems, but I'm
happy to help if you like. Due to the nature of the list, it might be best
to ping off-line.
Al
On 1/23/07, Al Lilianstrom [EMAIL PROTECTED] wrote:
We're looking at moving to Exchange 2007 (currently on Sun JES IMAP). Is
I saw something similar using kixtart-mapped drive letters a few months
ago. The only thing affected seemed to be Office products and IE. The
knowledge base described it as unable to browse the network, but I
certainly saw it as ranging from severe latency to complete inability to
browse the
I'm using IIS and I used ie and smartftp to test. I attached the log that
shows when it was working and when it stopped working and then when it
started working right after the user changed the password. It seems to stop
working not when their password expires but when they start getting the
do you get same results in Microsoft's client?
On 1/23/07, Antonio Aranda [EMAIL PROTECTED] wrote:
I'm using IIS and I used ie and smartftp to test. I attached the log
that shows when it was working and when it stopped working and then when it
started working right after the user changed
Could you try again with the attachment or log snippet in text form if the
list server isn't accepting large attachments?
Brent Eads
Employee Technology Solutions, Inc.
Office: (312) 762-9224
Fax: (312) 762-9275
The contents contain privileged and/or confidential information intended
Let's say I did a simple bind with user TestUser, but the user record is
actually located at CN=TestUserCN,OU=Users1,DC=company,DC=com and it can
(as far as I know) only be recognized by having sAMAccountName TestUser.
I could probably find the user by searching under DC=company,DC=com with a
Hello all and happy new year:-),
Say:
- Site A with DCa that is also dns (integrated to AD).
- Site B that is a new site.
my goal: dcpromo a new DC (DCb) in site B.DCb will be also dns (integrated to
AD).
- DCa DCb belong to the same domain (domain.local).
My AD is w2k3 FFL mode.
Yann,
Create a child DNS domain for the site containing DCb, and establish DCb as the
authoritative server for that domain. If you have resources in Sitea you'll
then need to ensure there is a forwarder set up for resolution, etc. Remember
that separate DNS domains can exist within the one
If you mean the command-line, yes.
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Tuesday, January 23, 2007 2:56 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] ftp access
do you get same results in Microsoft's client?
On
Hi all
I didn't OT this even though I'm making modifications to Exchange since
the question seems to be adsiedit related and therefore related to AD.
I'm trying to modify an attribute for a mailbox using adsiedit.
Particularly I'm rehoming it's database by modifying the homeMDB
attribute.
The
Read http://www.netpro.com/forum/files/authentication_topology.pdf
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
Hello Yann,
this is usual and happens because Site B was configured in Active Directory
before DC B was there and assigned to that site. Automatic Site Coverage is
the process which is taking care of this effect. What it does, is making
sure that every site in Active Directory has DCs. If a DC
Steve,
Thanks for fast reply;
My example is the reflect of what i had in real production.
So in my production, i have about 15 sites AD and we are in the process of
migration (adding more sites).
So you mean that i have to create 15 child dns domain and set each DCs in
each
Disregard...I figured it out. I missed a character change further down
the value string. Doh! But I now have a better understanding of that
error. :-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Condra, Jerry W
Mr HP
Sent: Tuesday, January 23, 2007
We are embarking on a project to clean up our OUs structure and reassign
permissions that have grown unmanageable over time. To accomplish this
it would be nice to be able to dump permissions on all OU objects and
individual object types (users, computers, etc) so that we can determine
who has
I would not recommend that you do this. Please read the document I referenced
in my previous response. Also, see Ulf's brief description/explanation of the
behavior that you are seeing. I really recommend that you try to understand
what is going on here.
Sincerely,
_
Why are you using adsiedit to rehome a mailbox? Doesn't the move mailbox wizard
work for your needs?
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/
Sometimes, rebuilding OUs is not a Bad Idea :)
Try DSacls or something GUI-sh from Netpro and co.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/
I needed to move SystemMailboxes which won't move with the wizard.
Somehow several were homed on one database and it caused event sink
problems. This was the easiest method.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Tuesday,
I think that's fine. Remember that AD has a global catalog, so you can
search across the whole forest quite easily.
I'm not actually certain that you can do a simple bind with a user from a
different domain, but maybe you can. My multi-domain LDAP knowledge is a
little weak since I don't
You can do an x-domain simple bind within the forest. You can not do it
x-forest.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan
Sent: Tuesday, January 23, 2007 3:18 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Who Am I
It might be easier to delete the AD user objects representing the wrongly
homed SystemMailboxes, purge the mailboxes and then recreate them using one
of the two methods described here:
http://support.microsoft.com/kb/316622
Cheers
Tony
-Original Message-
From: [EMAIL PROTECTED]
I'm forced to ask - why do you want to move SystemMailboxes? You
shouldn't ever need to. There is a reason that the move mailbox wizard
doesn't move them.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Condra, Jerry W
Mr HP
Sent: Tuesday, January 23,
Deji, Ulf, All,
Good article - thanks. Also thanks to Ulf - that was a much better solution and
much better idea than mine. I do not profess to be a DNS legend, but am
continuing to learn...
themolk.
From: [EMAIL PROTECTED] [mailto:[EMAIL
It works and has a pretty good performance. Thanks a lot!
Alexandr
Dne středa 24 leden 2007 00:18 Joe Kaplan napsal(a):
I think that's fine. Remember that AD has a global catalog, so you can
search across the whole forest quite easily.
I'm not actually certain that you can do a simple bind
You shouldn't be doing this.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On Behalf Of Condra, Jerry W Mr HP
Sent: Tuesday, January 23, 2007 5:59 PM
To: ActiveDir@mail.activedir.org
I do.
That sounds a lot like a bug to me. What version of IIS?
On 1/23/07, Antonio Aranda [EMAIL PROTECTED] wrote:
If you mean the command-line, yes.
--
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Tuesday, January
Thanks for clearing that up. I appreciate it.
Joe K.
- Original Message -
From: Eric Fleischman [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Tuesday, January 23, 2007 5:52 PM
Subject: RE: [ActiveDir] Who Am I request
You can do an x-domain simple bind within the forest.
Powershell is the latest-greatest command shell for Windows.
http://www.microsoft.com/technet/scriptcenter/webcasts/ps.mspx has some
webcasts on it, and
http://www.microsoft.com/windowsserver2003/technologies/management/power
shell/faq.mspx is the FAQ. I don't see VBScript going away anytime soon,
Hi,
Have a look at:
* http://www.kouti.com/adreport/ (not free)
* ACLReport.vbs v1.01 (free - http://www.kouti.com/scripts.htm
ACLReport.vbs v1.01
This script creates an HTML file named ACLReport.htm, that contains all the
ACLs of a given Active Directory tree. By modifying three lines in the
52 matches
Mail list logo
