RE: [ActiveDir] Domain clients hangs before logon, multiple issues

Dito on the Firewall: I've had this with a client who insisted that they don't have any XP or W2k Clients - after the AD migration we found 500 W2k Laptops connecting via a Firewall - logon took 15 - 20 min. Switched the domain to NT4 Emulation until the Firewall was changed and everything was OK.

RE: [ActiveDir] Cross forest policies - boxes in Win2k domain, users in win2k3 s ingle domain forest

ng message will be shown to the user, and an Event Log message (1529) will be posted.- Loopback Group Policy processing will be applied, using the Group Policy Objects scoped to the machine.- An Event Log message (1109) will be posted stating that Loopback was invoked in replace mode. Hope this hel

RE: [ActiveDir] Password Never Expires...

ot; - new Value of UserAccountControl will be " _ newAcctCtrl " : " userdn If bolDebug = False Then Set objUser = GetObject("LDAP://" objRS.Fields(0).Value) objUser.Put "userAccountControl", newAcctCtrl objUser.SetInfo Set objUser = Nothing End If End If

RE: [ActiveDir] Move FSMO Roles Affect Permissions?

Hello Michael, this is a different kind of replication. Replmon monitors the replication of Active Directory Informations, such as configuration, the global Schema and the Domain Informations like your OU-Structure, Users, Groups and Computers (to name the most common examples). FRS is the

RE: [ActiveDir] using dsacls.exe

Hello Bart, see the following post: http://groups.google.de/[EMAIL PROTECTED] Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Vermeire BartSent: Dienstag, 6. April 2004 06:43To: [EMAIL PROTECTED]Subject: [ActiveDir] using dsacls.exe Hi, I am

RE: [ActiveDir] using dsacls.exe

Hello Bart, see the following post: http://groups.google.de/[EMAIL PROTECTED] Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Vermeire BartSent: Dienstag, 6. April 2004 06:43To: [EMAIL PROTECTED]Subject: [ActiveDir] using dsacls.exe Hi, I am

RE: [ActiveDir] using dsacls.exe

ED] On Behalf Of Ulf B. Simon-WeidnerSent: Donnerstag, 8. April 2004 17:10To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] using dsacls.exe Hello Bart, see the following post: http://groups.google.de/[EMAIL PROTECTED] Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] O

RE: [ActiveDir] User to InetOrgPerson Class

Hello Brent, this is very easy to accomblish: you just need to add the inetOrgPerson class to the objectClass attribute of the user using adsiedit or a script. Ulf -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland Sent: Dienstag, 20.

AW: [ActiveDir]

;-) Ulf B. Simon-Weidner -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Chris Jones Gesendet: Samstag, 8. Mai 2004 01:13 An: [EMAIL PROTECTED] Betreff: [ActiveDir] Hi guys, I need some help here. We have a single forest with 2 domain

AW: [ActiveDir] Dieing forest

Hello Rens, Migrate with ADMTv2, look into the guides MS published for a migration from one forest into another. Since you are able to keep the SID in the SIDHistory you are able to retain permissions, however I'd also look to reAcl the Ressources to the new SIDs. This can be done with

AW: [ActiveDir] Variables allowed for creating home folders

Hello Stephen, I don't think so. AFAIK the only variables which you are able to use during logon are the ones which are system variables on the clients plus the %username%. Variables defined in the context of the user are not available at this time. AFAIK2 - the variable username is filled

AW: [ActiveDir] Cached Domain Credential logon expiry for Win2k/X P

Hi Joe, AFIAK the passwords of the computer accounts are not set to expire, but they are automatically changed. The password change is done from the netlogon service. The default time in NT was 15 days, changed to 30 days in W2k and later. The client might decide to change after the half of

AW: [ActiveDir] Replication issues

Hi Russ, there's a additional tool which would be able to help you here.If you register theAcctInfo.dll on the Computers running Active Directory Users and Computers it extends the property pages of a useraccount by a Tab "Additional Account Information". On this tab you can see some more

AW: [ActiveDir] help querying for groups

Hi Mark, first thing which comes to my eyes is that the base it not started and ended with "" and "", but the whole query including base, filter and scope is. So what I'd try is modifying the line beginning with strBase with strBase = "LDAP://dc=my,dc=domain,dc=com;" and the line starting

AW: [ActiveDir] Dial-In Property Sheet and Windows XP SP1

Better this way, it really Bugs me since its buggy. I hope for a new Adminpak with SP1. Ulf Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Fuller, Stuart Gesendet: Freitag, 14. Mai 2004 21:48 An: '[EMAIL PROTECTED]' Betreff: RE: [ActiveDir] Dial-In

AW: [ActiveDir] hidding users

Maybe the AD List Mode will be an option for you: http://www.chrisse.se/MAQB.asp?ID=34 Ulf -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Kern, Tom Gesendet: Donnerstag, 20. Mai 2004 20:00 An: ActiveDir (E-mail) Betreff: [ActiveDir] hidding

AW: [ActiveDir] Indexing attributes in GC's

Event to it's replication partners if they are W2k? I somewhat heard that WS2k3 - WS2k3 will always particial replicate syncs, while W2k - WS2k(3) will always full sync? -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Dean Wells Gesendet:

AW: [ActiveDir] Setting Desktop Settings via Group Policy

that if they don't find a profile for the user. Gruesse - Sincerely, Ulf B. Simon-Weidner -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Raymond McClinnis Gesendet: Dienstag, 8. Juni 2004 01:47 An: [EMAIL PROTECTED] Betreff: [ActiveDir] Setting Desktop

AW: [ActiveDir] Root Hints

. This is even easy to script with dnscmd. Gruesse - Sincerely, Ulf B. Simon-Weidner -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Rimmerman, Russ Gesendet: Dienstag, 8. Juni 2004 22:49 An: '[EMAIL PROTECTED]' Betreff: [ActiveDir] Root Hints We

[ActiveDir] Delegation of Callback-Number

of the year :-( Gruesse - Sincerely, Ulf B. Simon-Weidner

RE: RE: [ActiveDir] Delegation of Callback-Number

:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Wednesday, July 07, 2004 6:32 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Delegation of Callback-Number Hi there, I have a customer who where we implemented the least permissions necessary for each group fulfilling

RE: [ActiveDir] two ops

You are using a E-Mail or Reply-to with just cyrus without and @maildomain - seems so that some mailsystems of the other companies add their own domains ;-) Gruesse - Sincerely, Ulf B. Simon-Weidner -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED

RE: [ActiveDir] NTP server

, Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Friday, July 23, 2004 1:26 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] NTP server So your firewall lets only the PDC emulator go out the NTP port, and all devices

RE: [ActiveDir] VPN Authentication

, Ulf B. Simon-Weidner - Ursprüngliche Nachricht - Von: Devan Pala[EMAIL PROTECTED] Gesendet: 02.08.04 16:41:33 An: [EMAIL PROTECTED][EMAIL PROTECTED] Betreff: [ActiveDir] VPN Authentication Hi all, We have a remote (satellite) office that does not have any

RE: [ActiveDir] By design or configurable ?

no worries if the events logged at a specific day would be more than the memory allowed for the log, and no events are lost. HTH Gruesse - Sincerely, Ulf B. Simon-Weidner -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Guy Teverovsky Sent

RE: [ActiveDir] [Active Dir] Print Screen Policy

, but perhaps you can play around with some other keys and figure out what syntax is being used and what the printkey might be. After you found the regkey create a adm-file to put that into a policy. Gruesse - Sincerely, Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: [ActiveDir] Password policy scenerio

Title: Message Hi Steve, still the same, no matter what OS, Forest or Domain Mode or SP. Gruesse - Sincerely, Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield Sent: Wednesday, September 01, 2004 4:07 AM To: [EMAIL

RE: [ActiveDir] user object attribute delegation

Gruesse - Sincerely, Ulf B. Simon-Weidner -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner Sent: Monday, September 06, 2004 11:24 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] user object attribute delegation dear all, am looking

RE: [ActiveDir] Set Preferred DC

different DHCP-Options such as DNS-Suffix or DNS-Servers. Gruesse - Sincerely, Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent WestmorelandSent: Tuesday, September 07, 2004 10:53 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Set Preferred

RE: [ActiveDir] Users and Computers

Title: Message Hello Andrew, no, that's not able to extract in AD. The most popular solution for that request is to log that to a central file or database within the logon-script. Gruesse - Sincerely, Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED

RE: [ActiveDir] Password Policy question

. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner WebSite: http://www.windowsserverfaq.org -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf

RE: [ActiveDir] OT: Virtual Server 2005

issues which are not reproducable on real HW. But who cares - if I want support I need to be able to reproduce the behavior anyways and I'd be able to try THEN if they are b/c of using newsid instead. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps&

RE: [ActiveDir] Controlling access to AD based on the network tec hnology used

-Attributes for that group? Just a guess. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner WebSite: http://www.windowsserverfaq.org -Original Message- From: [EMAIL PROTECTED

RE: [ActiveDir]

of a different partition into the folder: compression status will be inherited from the folder Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps":http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner WebSite: http://www.windowsser

RE: [ActiveDir] IT PrOlympics Challenge on WindowsITPro

, November 30, 2004 7:58 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] IT PrOlympics Challenge on WindowsITPro Ulf B. Simon-Weidner wrote: Worse - I would have liked to participate as well, but they didn't say that we don't qualify if we win, they just allowed access to the guide

RE: [ActiveDir] IT PrOlympics Challenge on WindowsITPro

Ulf. I'm from Scotland and when I registered I was told I could only download the ebook but not register for the actual contest. This is a shame as everyone knows that the best Active Directory Pros are from Europe. :) :-D Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP

RE: [ActiveDir] dial-in tab in ADUC

Hi John, There are some bugs in the Tab, see here: http://www.windowsserverfaq.org/faq/DialInTab.asp Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner WebSite: http

RE: [ActiveDir] remote desktop sharing tool

You could also create a Helprequest right out of theHelp and Support Centerif you have Windows XP and Remote Support is enabled. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps":http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSi

RE: [ActiveDir] Change Control Systems

Did my wife complain to you? Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner WebSite: http://www.windowsserverfaq.org -Original Message- From: [EMAIL PROTECTED

RE: [ActiveDir] Obtaining a count of members in a group

"dc=" If you want all groups you can go with dsquery group domainroot -name * | dsget group -members | find /c /i "dc=" DISCLAIMER: Examples not tested, but should work (at least slightly modified). I'm to lazy tofire up a DC to test right now ;-) Gruesse - Sincerely,

RE: [ActiveDir] migrate home dirs

\Services\Lanmanserver\Shares Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: blocked::http://tinyurl.com/44zcz http://tinyurl.com/44zcz Weblog: blocked::http://msmvps.org/UlfBSimonWeidner http://msmvps.org/UlfBSimonWeidner WebSite: http

RE: [ActiveDir] Display Computer Name on Desktop

-08002B30309D}] @=hex(2):25,00,75,00,73,00,65,00,72,00,6e,00,61,00,6d,00,65,00,25,00,20,00,\ 40,00,20,00,25,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,6e,00,61,\ 00,6d,00,65,00,25,00,00,00 Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http

RE: [ActiveDir] Display Computer Name on Desktop

infrastructure of the scenario). I change every MOC I'm teaching that way - much more convenient for me and the students. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner WebSite: http

RE: [ActiveDir] OT: bginfo

IIRC you only need to specify write rights on the bginfo.bmp file. But it's been a while. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps":http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner WebSite: http://www.windowsser

RE: [ActiveDir] Stupid question alert... where exactly is the tombstone value set?

-9b56de3d187c.mspx Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489

RE: [ActiveDir] salary(OT)

Hi Rick, Stop whining ;-) You've been asked on 7/17 by Robbie. Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan |Sent: Sunday, October 16, 2005 2:14 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] salary(OT) | |Oh,

RE: [ActiveDir] Knowing when users were deleted.

I'd be interested as well. BTW for the original request (don't have it here separatelly to reply) I've been told that there are some 3rd party tools which allow that kind of Audit. E.g. inTrust from Quest claims to plug in front of the LSASS and control which actions to log, which ones to apply

RE: [ActiveDir] Knowing when users were deleted.

Hmm. Do we really want to excuse prior failure of proper auditing by putting more data into AD? Wouldn't that lead into every request of non-configured auditing to requests for extending the AD? Do it right the first way. I completely agree that we should make the people more auditing aware, and

RE: [ActiveDir] Global Catalog

Hmm - I wouldn't 100% call the domain the authentication boundary. Authentication in a W2k+ Network without any mods not to rely on the GC is done - as you said - via DC of the same domain the account resides plus any GC of the forest - not necessarily that a GC which resides in the same domain

RE: [ActiveDir] salary(OT)

BTW - let us know when we can start the ad-campaign in our blogs / websites ;-) Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |[EMAIL PROTECTED] |Sent: Monday, October 17, 2005 2:40 PM |To: ActiveDir@mail.activedir.org |Subject: RE:

RE: [ActiveDir] Knowing when users were deleted.

has kept up, only that |the hardware is |bigger, faster, stronger and cheaper. |[2] I'm making that up, but it sounds reasonable | | | | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. |Simon-Weidner |Sent: Sunday, October 16, 2005 4:42 PM

RE: [ActiveDir] Knowing when users were deleted.

, stronger and cheaper. |[2] I'm making that up, but it sounds reasonable | | | | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. |Simon-Weidner |Sent: Sunday, October 16, 2005 4:42 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Knowing

RE: [ActiveDir] Global Catalog

is the |security boundary - statement? |Jorge | | | |From: [EMAIL PROTECTED] on behalf of Ulf B. |Simon-Weidner |Sent: Mon 10/17/2005 11:24 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Global Catalog | | | |Hmm - I wouldn't 100% call the domain

RE: [ActiveDir] Knowing when users were deleted.

may just need to knock a few more edges off before |submitting this FMR ;) | | |From: Ulf B. Simon-Weidner [EMAIL PROTECTED] |Reply-To: ActiveDir@mail.activedir.org |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Knowing when users were deleted. |Date: Mon, 17 Oct 2005 23:36:44 +0200

RE: [ActiveDir] Global Catalog

of Ulf B. ||Simon-Weidner ||Sent: Mon 10/17/2005 11:24 PM ||To: ActiveDir@mail.activedir.org ||Subject: RE: [ActiveDir] Global Catalog || || || ||Hmm - I wouldn't 100% call the domain the authentication boundary. || ||Authentication in a W2k+ Network without any mods not to rely |on the GC ||is done

RE: [ActiveDir] Knowing when users were deleted.

is in AD. | |Cheers, |-Brett | | |On Tue, 18 Oct 2005, Ulf B. Simon-Weidner wrote: | | | Wherever the information gets put, it should be a) done as the | |default yet configurable b) centrally viewable (I should |NOT have to | |visit each DC in my forest to find the data) and | |c) be included

RE: [ActiveDir] Subinacl print queue

Subinacls has issues with spaces and is used in Rich's script. When doing files I didn't find a fast way around and had to use the 8.1 name. Sucks - doesn't it? Ulf From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank AbagnaleSent: Tuesday, October 18, 2005

RE: [ActiveDir] Knowing when users were deleted.

in a mere typo - | |Ulf |Hi Bratt |/Ulf | |... still laughing at the irony ;o) | |ah hahahahaha | |-- |Dean Wells |MSEtechnology |* Email: [EMAIL PROTECTED] |http://msetechnology.com | | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. |Simon-Weidner |Sent

RE: [ActiveDir] Global Catalog

depends on the |particular organization. | |BTW, ich bin halb-deutsch. Mein mutter ist aus Berlin. | |-g | | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. |Simon-Weidner |Sent: Monday, October 17, 2005 11:20 PM |To: ActiveDir@mail.activedir.org

RE: [ActiveDir] Force a Domain Sync

IIRC Repadmin /syncall /Aje Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob |Sent: Wednesday, October 19, 2005 10:48 PM |To: ActiveDir@mail.activedir.org |Subject: RE: [ActiveDir] Force a Domain Sync | |Look into repadmin /syncall |

RE: [ActiveDir] Virtual Servers in Branch Offices

Title: Message Hi Al, you don't need IIS running on the machine where Virtual Server is running. IIS supports the admin website, and you can put this on any other server, and have couple servers managed from one machine. Since we are talking about VS in BOs I'd recommend putting the virtual

RE: [ActiveDir] Virtual Servers in Branch Offices

I have to second that - I don't see much performance issues when admininterface and the vs-host are seperated. The mgmt traffic should be pretty low, the higher traffic is when connecting onto a machine via RDP, VSRC or the webbased VSRC. Either or they will cause the traffic between the VS-host

RE: [ActiveDir] Windows 2000 / Exchange 2000 Upgrade to 2003

I've done it during the day at a customer, but without much experience I would strongly recommend doing it after hours! There are always minor things which might happen, and without experience you don't know how to respond to them right away, so give yourself the rest and peace of after hours.

RE: [ActiveDir] AD Lag Site

I did those too, and some other things to consider were: * Putting them inside a virtual machine with faked Subnetting in AD: Take a class C Network and split it in AD Sites and Services, not TCP/IP, then you can spare the router * Assign the site membership for the host via GPO if it is in

RE: [ActiveDir] script to check the inheritance from the security Tab...

Hallo Michel, Look a the VB-Script in KB 817433 ( http://support.microsoft.com/?id=817433 ), especially the SetInheritanceFlag-Function. Ulf |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |Bruyere, Michel |Sent: Wednesday, October 26, 2005 12:48

RE: [ActiveDir] AD Lag Site

of time in so if there is a disaster, you can |get the data from the lag site?? | |Thanks | |Russ | | | |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Ulf |B. Simon-Weidner |Sent: Tuesday, October 25, 2005 5:00 PM |To: ActiveDir

RE: [ActiveDir] AD Lag Site - solves the groups memberships issue ?

=kb;en-us;840001 http://support.microsoft.com/default.aspx?scid=kb;en-us;840001) in order to repopulate the group memberships information (member and memberof attributes). Yann _ De: [EMAIL PROTECTED] de la part de Ulf B. Simon-Weidner Date: mer. 26/10/2005 21:35 À: ActiveDir

RE: [ActiveDir] NT enumeration

3. IIRC W2k and XP has a password age of 30 days, NT4 of 15 days. The Clients usually start to attempt to renew the password after half of the password age, so 7,5-15 on NT and 15-30 on W2k+. Ulf From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernSent:

RE: [ActiveDir] Crashed Root DC HELP!

Hello Nathaniel, What about the last known good bootoption (might work if you experience the bsod before logon)? Any other possibilities like save boot? If one of these work you can try to find the failing device, and get rid of the driver / whatever it needs to get it working again. What about

RE: [ActiveDir] Reset Domain Admin Password in Windows Server 2003 AD

That was working with W2k, doesn't work anymore since the screensaver has lower priviledges in XP, WS2k3. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken CornetetSent: Friday, November 04, 2005 6:41 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]

RE: [ActiveDir] Certificate Services AD

Hello Devan, The book Ken references is pretty good, the author, Brian Komar, did a lot of PKI-Deployment at major companies across the US and the world, is a visiting speaker at a lot of conferences like TechEds and is MVP for Windows Security. His company is specialized in PKI-Deployments. He

RE: [ActiveDir] Incorporating external users.......

[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Windows 2003 r2 Enterprise [not standard] [and not a free upgrade] Excepting for customers with Software Assurance, and you only need the enterprise version on the Federation Servers and Federation

[ActiveDir] Netlogon.dns (2)

and if anyone has seen it before. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org

RE: [ActiveDir] Netlogon.dns (2)

before? OK - I've already fixed it by renaming netlogon.dns and restarting netlogon, but I'm curious if anyone has ideas where this might come from and if anyone has seen it before. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http

RE: [ActiveDir] Netlogon.dns (2)

has seen it before. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org

RE: [ActiveDir] Improving your AD's fault tolerance with old hardware?

Hi Danny, I also agree that using not state-of-the-art hardware is better than missing redundancy. I've done multiple lag-site dcs virtualized on one physical hardware, used clients or virtual machines for domain migrations as the update server, and would also recommend to use better older

RE: [ActiveDir] Query out all user members in nested groups

dsquery group domainroot -name mygroup | dsget group -members Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile: http

RE: [ActiveDir] Query out all user members in nested groups

| |-Original Message- |From: [EMAIL PROTECTED] [mailto:ActiveDir- |[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko |Sent: Friday, November 25, 2005 1:06 PM |To: ActiveDir@mail.activedir.org |Subject: Re: [ActiveDir] Query out all user members in nested groups | |Ulf B. Simon-Weidner wrote: | Hi Aaron

RE: [ActiveDir] How to restrict .exe file copy on my local exchange server

it to the system folder Id be very careful and test it prior to implementation. Also be aware that you need to disable the file screening policy every time you are deploying an update or servicepack or when you are installing new components. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book

RE: [ActiveDir] Tombstone value

Hi Susan, I've seen issues with tombstones sitting around, such as bad written software who still sees them. The main other reason for finally getting rid of the tombstones is to free Active Directory space, but that shouldn't be an issue in a SBS-Domain. On the other hand I do not see the need

RE: [ActiveDir] Disabling Distributed Link Tracking Server on domain Controllers

So they don't age out if you disable the DLT-S-S, only if you stop the DLT-C-S and let the DLT-S-S run for another 90 days. Hmm - thinking if it wouldn't be neat to use dynamic objects for DLT (and DNS?) Ulf |-Original Message- |From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On

RE: [ActiveDir] Preventing local admin from rebooting servers

If you want somehow prevent admins from rebooting the system remove them from the local security setting which enables them to shutdown the system. Note: the other group joe mentioned is created so you can controll whos able to shutdown the system (such as domain admins) Note 2: the

RE: [ActiveDir] Saved Query for Distinguished Name Contains

Hi Dan, as joe said you can also modify the search base, so when creating the saved query select the seach base (its on the first screen of the dialog which lets you add a saved query, not in the definition of the query itself). Sorry dont have the interface in front of me so Im not

RE: [ActiveDir] Getting computer name from a username

Hello Shane, look at psloggedon from www.sysinternals.com, this might help you. Ulf |-Original Message- |From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shane De Jager |Sent: Thursday, December 01, 2005 10:50 AM |To: ActiveDir@mail.activedir.org |Subject: [ActiveDir]

RE: [ActiveDir] Delegate disable/enable user accounts

, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org http://www.windowsserverfaq.org Profile: http

RE: [ActiveDir] Domain case

knows or would be willing to support this. Theoretically changing the name to lowercase shouldnt influence anything, but is anyone really sure that theres no application or process who relies on the same domain name and does not a unsensitive case compare? Gruesse - Sincerely, Ulf B. Simon

RE: [ActiveDir] Help with VB script to map printers

need to run one command in your startup and logon-scripts to make the clients aware of that policy. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http

RE: [ActiveDir] Time Service

start w32time Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org http

RE: [ActiveDir] Urgently Yes or No

. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile:http://mvp.support.microsoft.com/profile=""> From: [EMAIL PROTE

RE: Re: [ActiveDir] icmp's

Cool Darren is blogging. And already in OPML-o-Matter: http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/12/30/80015.aspx Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner

RE: [ActiveDir] DCs generating SRV records for 2 sites!?

=%22automatic+site+coverage%22+%2Bsite%3Amicrosoft.comFORM=QBRE Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile:http

RE: [ActiveDir] Enable Windows Integrated Authentication through GPO

have the rights to change them again. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile:http://mvp.support.microsoft.com/profile

RE: [ActiveDir] OT: DEC 2006

I’ll be there. I’m looking forward to meet everyone (again) – I love those Conferences with a lot of community interaction! Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner

RE: [ActiveDir] OT: DEC 2006

Collins On 1/5/06, Ulf B. Simon-Weidner [EMAIL PROTECTED] wrote: I'll be there. I'm looking forward to meet everyone (again) – I love those Conferences with a lot of community interaction! Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http

RE: [ActiveDir] OT: DEC 2006

there – bummer. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org http

RE: [ActiveDir] OT: DEC 2006

areas of the hotels. Hope that Vegas is a more fun place – in Orlando they were shutting everything down at 1am, in Barcelona at least the Hilton did the same. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http

RE: [ActiveDir] USB Detection in my Network

which takes care that USB-Memory-Devices such as a thubdrive are working. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile: http

RE: [ActiveDir] ADUC updates - Was Expired Accounts

of the next user (Or Enter / Arrow-right for the next attribute of the same user). Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile: http

RE: [ActiveDir] Multiple Password Policies

above since I dont know that for sure, however those are the things Id check before implementing them into a production environment Im responsible for. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org

RE: [ActiveDir] OT: speaking of AD books...

Don't search for the book - search for yourself: Joe Richards Active Directory ... gets you straight to your book. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http

  1   2   3   >