Dito on the Firewall: I've had this with a client who insisted that they
don't have any XP or W2k Clients - after the AD migration we found 500 W2k
Laptops connecting via a Firewall - logon took 15 - 20 min. Switched the
domain to NT4 Emulation until the Firewall was changed and everything was
OK.
ng message will be shown to the user, and an Event Log
message (1529) will be posted.- Loopback Group Policy processing will be
applied, using the Group Policy Objects scoped to the machine.- An Event Log
message (1109) will be posted stating that Loopback was invoked in replace
mode.
Hope
this hel
ot; - new Value of
UserAccountControl will be " _
newAcctCtrl " : " userdn If bolDebug = False
Then Set objUser = GetObject("LDAP://"
objRS.Fields(0).Value) objUser.Put
"userAccountControl", newAcctCtrl
objUser.SetInfo Set objUser =
Nothing End If End If
Hello Michael,
this is a different kind of replication. Replmon monitors
the replication of Active Directory Informations, such as configuration, the
global Schema and the Domain Informations like your OU-Structure, Users, Groups
and Computers (to name the most common examples).
FRS is the
Hello Bart,
see the following post:
http://groups.google.de/[EMAIL PROTECTED]
Ulf B. Simon-Weidner
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Vermeire
BartSent: Dienstag, 6. April 2004 06:43To:
[EMAIL PROTECTED]Subject: [ActiveDir] using
dsacls.exe
Hi,
I am
Hello Bart,
see the following post:
http://groups.google.de/[EMAIL PROTECTED]
Ulf B. Simon-Weidner
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Vermeire
BartSent: Dienstag, 6. April 2004 06:43To:
[EMAIL PROTECTED]Subject: [ActiveDir] using
dsacls.exe
Hi,
I am
ED] On Behalf Of Ulf B.
Simon-WeidnerSent: Donnerstag, 8. April 2004 17:10To:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] using
dsacls.exe
Hello Bart,
see the following post:
http://groups.google.de/[EMAIL PROTECTED]
Ulf B. Simon-Weidner
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] O
Hello Brent,
this is very easy to accomblish: you just need to add the inetOrgPerson
class to the objectClass attribute of the user using adsiedit or a script.
Ulf
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
Sent: Dienstag, 20.
;-)
Ulf B. Simon-Weidner
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Chris Jones
Gesendet: Samstag, 8. Mai 2004 01:13
An: [EMAIL PROTECTED]
Betreff: [ActiveDir]
Hi guys,
I need some help here.
We have a single forest with 2 domain
Hello Rens,
Migrate with ADMTv2, look into the guides MS published for
a migration from one forest into another. Since you are able to keep the SID in
the SIDHistory you are able to retain permissions, however I'd also look to
reAcl the Ressources to the new SIDs. This can be done with
Hello Stephen,
I don't think so. AFAIK the only variables which you are
able to use during logon are the ones which are system variables on the clients
plus the %username%. Variables defined in the context of the user are not
available at this time.
AFAIK2 - the variable username is filled
Hi Joe,
AFIAK the passwords of the computer accounts are not set to expire, but they are
automatically changed.
The password change is done from the netlogon service. The default time in NT was 15
days, changed to 30 days in W2k and later. The client might decide to change after the
half of
Hi Russ,
there's a additional tool which would be able to help you
here.If you register theAcctInfo.dll on the Computers running Active
Directory Users and Computers it extends the property pages of a useraccount by
a Tab "Additional Account Information". On this tab you can see some more
Hi Mark,
first thing which comes to my eyes is that the base it not
started and ended with "" and "", but the whole query including base,
filter and scope is.
So what I'd try is modifying the line beginning with
strBase with
strBase = "LDAP://dc=my,dc=domain,dc=com;"
and the line starting
Better this way, it
really Bugs me since its buggy.
I hope for a new Adminpak
with SP1.
Ulf
Von:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Fuller, Stuart
Gesendet: Freitag, 14. Mai 2004
21:48
An: '[EMAIL PROTECTED]'
Betreff: RE: [ActiveDir] Dial-In
Maybe the AD List Mode will be an option for you:
http://www.chrisse.se/MAQB.asp?ID=34
Ulf
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Kern, Tom
Gesendet: Donnerstag, 20. Mai 2004 20:00
An: ActiveDir (E-mail)
Betreff: [ActiveDir] hidding
Event to it's replication partners if they are W2k? I somewhat heard that
WS2k3 - WS2k3 will always particial replicate syncs, while W2k - WS2k(3)
will always full sync?
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Dean Wells
Gesendet:
that if they don't find a profile for the user.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Raymond McClinnis
Gesendet: Dienstag, 8. Juni 2004 01:47
An: [EMAIL PROTECTED]
Betreff: [ActiveDir] Setting Desktop
. This is even
easy to script with dnscmd.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Rimmerman, Russ
Gesendet: Dienstag, 8. Juni 2004 22:49
An: '[EMAIL PROTECTED]'
Betreff: [ActiveDir] Root Hints
We
of the year :-(
Gruesse - Sincerely,
Ulf B. Simon-Weidner
:[EMAIL PROTECTED] On Behalf Of Ulf B.
Simon-Weidner
Sent: Wednesday, July 07, 2004 6:32 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Delegation of Callback-Number
Hi there,
I have a customer who where we implemented the least permissions
necessary for each group fulfilling
You are using a E-Mail or Reply-to with just cyrus without and
@maildomain - seems so that some mailsystems of the other companies add
their own domains ;-)
Gruesse - Sincerely,
Ulf B. Simon-Weidner
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED
,
Ulf B. Simon-Weidner
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rimmerman, Russ
Sent: Friday, July 23, 2004 1:26
PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] NTP
server
So your firewall lets only the PDC
emulator go out the NTP port, and all devices
,
Ulf B. Simon-Weidner
- Ursprüngliche Nachricht -
Von: Devan Pala[EMAIL PROTECTED]
Gesendet: 02.08.04 16:41:33
An: [EMAIL PROTECTED][EMAIL PROTECTED]
Betreff: [ActiveDir] VPN Authentication
Hi all,
We have a remote (satellite) office that does not have any
no worries if the events logged at a specific day
would be more than the memory allowed for the log, and no events are lost.
HTH
Gruesse - Sincerely,
Ulf B. Simon-Weidner
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On Behalf Of Guy Teverovsky
Sent
, but perhaps you can play around with some other keys and
figure out what syntax is being used and what the printkey might be.
After you found the
regkey create a adm-file to put that into a policy.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Title: Message
Hi Steve,
still the same, no matter
what OS, Forest or Domain Mode or SP.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield
Sent: Wednesday, September 01,
2004 4:07 AM
To: [EMAIL
Gruesse - Sincerely,
Ulf B. Simon-Weidner
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Monday, September 06, 2004 11:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] user object attribute delegation
dear all, am looking
different DHCP-Options such as DNS-Suffix or
DNS-Servers.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brent
WestmorelandSent: Tuesday, September 07, 2004 10:53
PMTo: [EMAIL PROTECTED]Subject: Re:
[ActiveDir] Set Preferred
Title: Message
Hello Andrew,
no, that's not able to extract in AD.
The most popular solution for that request is to log that
to a central file or database within the logon-script.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
issues which are not
reproducable on real HW. But who cares - if I want support I need to be able to
reproduce the behavior anyways and I'd be able to try THEN if they are b/c of
using newsid instead.
Gruesse -
Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps&
-Attributes
for that group? Just a guess.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
-Original Message-
From: [EMAIL PROTECTED
of a different partition into the
folder: compression status will be inherited from the folder
Gruesse -
Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsser
, November 30, 2004 7:58 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] IT PrOlympics Challenge on WindowsITPro
Ulf B. Simon-Weidner wrote:
Worse - I would have liked to participate as well, but they
didn't say
that we don't qualify if we win, they just allowed access
to the guide
Ulf. I'm from Scotland and
when I registered I was told I could only download the ebook
but not register for the actual contest. This is a shame as
everyone knows that the best Active Directory Pros are from Europe. :)
:-D
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP
Hi John,
There are some bugs in the Tab, see here:
http://www.windowsserverfaq.org/faq/DialInTab.asp
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http
You could also create a Helprequest right out of
theHelp and Support Centerif you have Windows XP and Remote Support
is enabled.
Gruesse -
Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSi
Did my wife complain to you?
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
-Original Message-
From: [EMAIL PROTECTED
"dc="
If you
want all groups you can go with
dsquery group domainroot -name * | dsget group -members | find /c /i
"dc="
DISCLAIMER: Examples not tested, but should work (at least slightly
modified). I'm to lazy tofire up a DC to test right now
;-)
Gruesse -
Sincerely,
\Services\Lanmanserver\Shares
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps:
blocked::http://tinyurl.com/44zcz http://tinyurl.com/44zcz
Weblog: blocked::http://msmvps.org/UlfBSimonWeidner
http://msmvps.org/UlfBSimonWeidner
WebSite: http
-08002B30309D}]
@=hex(2):25,00,75,00,73,00,65,00,72,00,6e,00,61,00,6d,00,65,00,25,00,20,00,\
40,00,20,00,25,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,6e,00,61,\
00,6d,00,65,00,25,00,00,00
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http
infrastructure
of the scenario).
I change every MOC I'm teaching that way - much more convenient for me and
the students.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http
IIRC you only need to specify write rights on the
bginfo.bmp file. But it's been a while.
Gruesse -
Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsser
-9b56de3d187c.mspx
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile:
http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489
Hi Rick,
Stop whining ;-)
You've been asked on 7/17 by Robbie.
Ulf
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
|Sent: Sunday, October 16, 2005 2:14 PM
|To: ActiveDir@mail.activedir.org
|Subject: RE: [ActiveDir] salary(OT)
|
|Oh,
I'd be interested as well.
BTW for the original request (don't have it here separatelly to reply) I've
been told that there are some 3rd party tools which allow that kind of
Audit. E.g. inTrust from Quest claims to plug in front of the LSASS and
control which actions to log, which ones to apply
Hmm.
Do we really want to excuse prior failure of proper auditing by putting more
data into AD? Wouldn't that lead into every request of non-configured
auditing to requests for extending the AD? Do it right the first way.
I completely agree that we should make the people more auditing aware, and
Hmm - I wouldn't 100% call the domain the authentication boundary.
Authentication in a W2k+ Network without any mods not to rely on the GC is
done - as you said - via DC of the same domain the account resides plus any
GC of the forest - not necessarily that a GC which resides in the same
domain
BTW - let us know when we can start the ad-campaign in our blogs / websites
;-)
Ulf
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of
|[EMAIL PROTECTED]
|Sent: Monday, October 17, 2005 2:40 PM
|To: ActiveDir@mail.activedir.org
|Subject: RE:
has kept up, only that
|the hardware is
|bigger, faster, stronger and cheaper.
|[2] I'm making that up, but it sounds reasonable
|
|
|
|
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B.
|Simon-Weidner
|Sent: Sunday, October 16, 2005 4:42 PM
, stronger and cheaper.
|[2] I'm making that up, but it sounds reasonable
|
|
|
|
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B.
|Simon-Weidner
|Sent: Sunday, October 16, 2005 4:42 PM
|To: ActiveDir@mail.activedir.org
|Subject: RE: [ActiveDir] Knowing
is the
|security boundary - statement?
|Jorge
|
|
|
|From: [EMAIL PROTECTED] on behalf of Ulf B.
|Simon-Weidner
|Sent: Mon 10/17/2005 11:24 PM
|To: ActiveDir@mail.activedir.org
|Subject: RE: [ActiveDir] Global Catalog
|
|
|
|Hmm - I wouldn't 100% call the domain
may just need to knock a few more edges off before
|submitting this FMR ;)
|
|
|From: Ulf B. Simon-Weidner [EMAIL PROTECTED]
|Reply-To: ActiveDir@mail.activedir.org
|To: ActiveDir@mail.activedir.org
|Subject: RE: [ActiveDir] Knowing when users were deleted.
|Date: Mon, 17 Oct 2005 23:36:44 +0200
of Ulf B.
||Simon-Weidner
||Sent: Mon 10/17/2005 11:24 PM
||To: ActiveDir@mail.activedir.org
||Subject: RE: [ActiveDir] Global Catalog
||
||
||
||Hmm - I wouldn't 100% call the domain the authentication boundary.
||
||Authentication in a W2k+ Network without any mods not to rely
|on the GC
||is done
is in AD.
|
|Cheers,
|-Brett
|
|
|On Tue, 18 Oct 2005, Ulf B. Simon-Weidner wrote:
|
| | Wherever the information gets put, it should be a) done as the
| |default yet configurable b) centrally viewable (I should
|NOT have to
| |visit each DC in my forest to find the data) and
| |c) be included
Subinacls has issues with spaces and is used in Rich's script. When doing
files I didn't find a fast way around and had to use the 8.1 name. Sucks -
doesn't it?
Ulf
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank
AbagnaleSent: Tuesday, October 18, 2005
in a mere typo -
|
|Ulf
|Hi Bratt
|/Ulf
|
|... still laughing at the irony ;o)
|
|ah hahahahaha
|
|--
|Dean Wells
|MSEtechnology
|* Email: [EMAIL PROTECTED]
|http://msetechnology.com
|
|
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B.
|Simon-Weidner
|Sent
depends on the
|particular organization.
|
|BTW, ich bin halb-deutsch. Mein mutter ist aus Berlin.
|
|-g
|
|
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B.
|Simon-Weidner
|Sent: Monday, October 17, 2005 11:20 PM
|To: ActiveDir@mail.activedir.org
IIRC
Repadmin /syncall /Aje
Ulf
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
|Sent: Wednesday, October 19, 2005 10:48 PM
|To: ActiveDir@mail.activedir.org
|Subject: RE: [ActiveDir] Force a Domain Sync
|
|Look into repadmin /syncall
|
Title: Message
Hi Al,
you don't need IIS running on the machine where Virtual Server is
running. IIS supports the admin website, and you can put this on any other
server, and have couple servers managed from one machine. Since we are talking
about VS in BOs I'd recommend putting the virtual
I have to second that - I don't see much performance issues when
admininterface and the vs-host are seperated. The mgmt traffic should be
pretty low, the higher traffic is when connecting onto a machine via RDP,
VSRC or the webbased VSRC. Either or they will cause the traffic between the
VS-host
I've done it during the day at a customer, but without much experience I
would strongly recommend doing it after hours! There are always minor things
which might happen, and without experience you don't know how to respond to
them right away, so give yourself the rest and peace of after hours.
I did those too, and some other things to consider
were:
* Putting them inside a virtual machine with faked Subnetting in AD: Take
a class C Network and split it in AD Sites and Services, not TCP/IP, then you
can spare the router
* Assign the site membership for the host via GPO if it is in
Hallo Michel,
Look a the VB-Script in KB 817433 ( http://support.microsoft.com/?id=817433
), especially the SetInheritanceFlag-Function.
Ulf
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of
|Bruyere, Michel
|Sent: Wednesday, October 26, 2005 12:48
of time in so if there is a disaster, you can
|get the data from the lag site??
|
|Thanks
|
|Russ
|
|
|
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Ulf
|B. Simon-Weidner
|Sent: Tuesday, October 25, 2005 5:00 PM
|To: ActiveDir
=kb;en-us;840001
http://support.microsoft.com/default.aspx?scid=kb;en-us;840001) in order to
repopulate the group memberships information (member and memberof
attributes).
Yann
_
De: [EMAIL PROTECTED] de la part de Ulf B. Simon-Weidner
Date: mer. 26/10/2005 21:35
À: ActiveDir
3. IIRC W2k and XP has a password age of 30 days, NT4 of 15 days. The
Clients usually start to attempt to renew the password after half of the
password age, so 7,5-15 on NT and 15-30 on W2k+.
Ulf
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent:
Hello Nathaniel,
What about the last known good bootoption (might work if you experience the
bsod before logon)?
Any other possibilities like save boot?
If one of these work you can try to find the failing device, and get rid of
the driver / whatever it needs to get it working again.
What about
That was working with W2k, doesn't work anymore since the screensaver has
lower priviledges in XP, WS2k3.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken
CornetetSent: Friday, November 04, 2005 6:41 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Hello Devan,
The book Ken references is pretty good, the author, Brian Komar, did a lot
of PKI-Deployment at major companies across the US and the world, is a
visiting speaker at a lot of conferences like TechEds and is MVP for Windows
Security. His company is specialized in PKI-Deployments.
He
[mailto:[EMAIL PROTECTED] On Behalf Of Susan
Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Windows 2003 r2 Enterprise [not standard] [and not a free upgrade]
Excepting for customers with Software Assurance, and you only need the
enterprise version on the Federation Servers and Federation
and if anyone has seen it before.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz Weblog:
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
before? OK - I've already fixed it by renaming
netlogon.dns and restarting netlogon, but I'm curious if anyone has ideas
where this might come from and if anyone has seen it before.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die
Expertentipps": http
has seen it before.
Gruesse -
Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz Weblog:
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Hi Danny,
I also agree that using not state-of-the-art hardware is better than missing
redundancy.
I've done multiple lag-site dcs virtualized on one physical hardware, used
clients or virtual machines for domain migrations as the update server, and
would also recommend to use better older
dsquery group domainroot -name mygroup | dsget group -members
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile:
http
|
|-Original Message-
|From: [EMAIL PROTECTED] [mailto:ActiveDir-
|[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
|Sent: Friday, November 25, 2005 1:06 PM
|To: ActiveDir@mail.activedir.org
|Subject: Re: [ActiveDir] Query out all user members in nested groups
|
|Ulf B. Simon-Weidner wrote:
| Hi Aaron
it to the system folder Id be very careful
and test it prior to implementation. Also be aware that you need to disable the
file screening policy every time you are deploying an update or servicepack or
when you are installing new components.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book
Hi Susan,
I've seen issues with tombstones sitting around, such as bad written
software who still sees them. The main other reason for finally getting rid
of the tombstones is to free Active Directory space, but that shouldn't be
an issue in a SBS-Domain.
On the other hand I do not see the need
So they don't age out if you disable the DLT-S-S, only if you stop the
DLT-C-S and let the DLT-S-S run for another 90 days.
Hmm - thinking if it wouldn't be neat to use dynamic objects for DLT (and
DNS?)
Ulf
|-Original Message-
|From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
If you want somehow prevent admins from rebooting the system remove
them from the local security setting which enables them to shutdown the system.
Note: the other group joe mentioned is created so you can controll
whos able to shutdown the system (such as domain admins)
Note 2: the
Hi
Dan,
as
joe said you can also modify the search base, so when creating the saved query
select the seach base (its on the first screen of the dialog which lets
you add a saved query, not in the definition of the query itself). Sorry
dont have the interface in front of me so Im not
Hello Shane,
look at psloggedon from www.sysinternals.com, this might help you.
Ulf
|-Original Message-
|From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Shane De Jager
|Sent: Thursday, December 01, 2005 10:50 AM
|To: ActiveDir@mail.activedir.org
|Subject: [ActiveDir]
,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
http://www.windowsserverfaq.org
Profile:
http
knows or would be willing to support this. Theoretically
changing the name to lowercase shouldnt influence anything, but is
anyone really sure that theres no application or process who relies on
the same domain name and does not a unsensitive case compare?
Gruesse - Sincerely,
Ulf B. Simon
need to run
one command in your startup and logon-scripts to make the clients aware of that
policy.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP -
Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http
start w32time
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
http
.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book
Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile:http://mvp.support.microsoft.com/profile="">
From: [EMAIL PROTE
Cool Darren is blogging.
And already in OPML-o-Matter:
http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/12/30/80015.aspx
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book
Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
=%22automatic+site+coverage%22+%2Bsite%3Amicrosoft.comFORM=QBRE
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book
Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile:http
have the rights to change them again.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book
Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile:http://mvp.support.microsoft.com/profile
I’ll be there. I’m looking forward to meet everyone (again) – I love
those Conferences with a lot of community interaction!
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book
Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Collins
On 1/5/06, Ulf B. Simon-Weidner
[EMAIL PROTECTED]
wrote:
I'll be there. I'm
looking forward to meet everyone (again) – I love those Conferences with a lot
of community interaction!
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book
Windows XP - Die Expertentipps: http
there – bummer.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
http
areas of the
hotels.
Hope that Vegas is a more fun place – in Orlando they were shutting
everything down at 1am, in Barcelona at least the Hilton did the same.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book
Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http
which takes care that USB-Memory-Devices
such as a thubdrive are working.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile:
http
of the next user (Or
Enter / Arrow-right for the next attribute of the same user).
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile:
http
above since I dont know that for sure, however those are
the things Id check before implementing them into a production environment
Im responsible for.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book
Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org
Don't search for the book - search for yourself:
Joe Richards Active Directory
... gets you straight to your book.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http
1 - 100 of 236 matches
Mail list logo