RE: [ActiveDir] Taking DC Offline

[Roger Seielstad]

Title: Message

The security folks *shouldn't* be admins. Kinda defeats the purpose in a lot of ways.     -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: Joe [mailto:[EMAIL PROTECTED] Sent: Friday, July 04, 2003 11:14 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Taking DC Offline How are they planning on doing those tests? If they just want to test the password complexity/strength it isn't required to give them a whole DC, only a hash dump of the password in the DIT which can be done via pwdump3. Then they can use lc3/4 to go through the text file hash dump. There is no faster way that I am aware of to test those things.   In the meanwhile I think I would also remove any ADMIN ID's from that hash if the security folks aren't already admins.     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simpsen, Paul A. (HSC) Sent: Thursday, July 03, 2003 5:32 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Taking DC Offline Our Security Director has requested that we build a temporary DC for his group. They want to take it offline and audit the current password complexity and strength. This DC will never return to the domain so I will have to manually remove the replication connections in the NTDS settings for each repl partner, plus the DNS records created. I'm just wondering if I'm missing something obvious and that this might not be such a good idea. Possibility of orphaned objects or something to that nature? It won't be online long but.....   ********************************************************************   Paul Simpsen Windows Server Administrator Enterprise Systems, IT University of Oklahoma HSC 405.271.2262 ext 50230 Fax: 405.271.2126   ******************************************************************** CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please destroy all copies of this communication and any attachments.