Ah. Interesting... His app must be doing something with older API calls as LDAP should have been unaffected by that change. I guess if he were falling back to NTLM authentication on the bind that might be involved.
I think this one falls into the category of "prod the vendor" to make them figure out what they are doing and do it properly instead. ------------- http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Sunday, March 28, 2004 9:07 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Linking other GPO objects to Domain Controllers Hi Joe, Yep, I realize it is a strange request but we needed to test some issues with the W2K3 setting "Microsoft Network Server - Digitally sign communications always" and a consultant doing some work with outside-application AD authentication using LDAP. He is able to bind to a particular DC where we were toggling the setting. We were looking for that "fine control" and wanted to restrict our changes to a particular DC. Mike Thommes -----Original Message----- From: joe [mailto:[EMAIL PROTECTED] Sent: Sat 3/27/2004 8:46 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] Linking other GPO objects to Domain Controllers Hey Michael, looks like you got an answer from Darren (though I dislike processing GPOs based on group memberships). However, would it be ok to ask WHY you would want to do this? Setting up DCs as one offs is usually a great way to court a troubleshooting problem that is a pain in the butt to resolve later. joe ------------- http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Wednesday, March 24, 2004 2:33 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Linking other GPO objects to Domain Controllers Related question: Because of some testing we are doing in a production environment (yes, I know - ahem, ah try a test environment; can't in this situation), we would like to override the policy "Microsoft Network Server - digitally sign communications (always)" that is set in the Default Domain Controllers policy by using the local Domain Controller policy on a particular DC. But it appears not to be "overrideable". Is this the expected behavior? If so, how could we accomplish this? TIA! Mike Thommes -----Original Message----- From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 12:14 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Linking other GPO objects to Domain Controllers Agreed. Not much downside to this as long as you're not putting policies on these other GPOs that conflict with any set in the DDC policy. Even in that case, you just have to manage the conflicts. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, Robert Sent: Wednesday, March 24, 2004 9:14 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Linking other GPO objects to Domain Controllers It's common practice to add other GPO links to the DC OU. -----Original Message----- From: Devan Pala [mailto:[EMAIL PROTECTED] Sent: 24 March 2004 15:44 To: [EMAIL PROTECTED] Subject: [ActiveDir] Linking other GPO objects to Domain Controllers Hi all, Question: Has anyone experienced issues or know of any 'gotchas' with linking other GPO objects to the Domain Controllers OU in addition to the Default Domain Controllers Policy. Rationale: I would like to have a GPO ready that essentially has Windows Update enabled for deploying approved updates from a central SUS server. When an update is available, tested and if required, the GPO is linked to the Domain Controllers OU and available for install depending on each DC's detection cycle and configured parameters. Why not modify the Default Domain Controllers Policy? At least this way, I will have complete control of when updates are pushed and importantly, if I would like to retract the updates unlinking this 'other' GPO is easier and I believe safer than changing configuration settings on the Default Domain Controllers Policy. Another nice feature would be that the by unlinking this policy the update would also be removed from the Windows Update folder on each client (the DC). Your thoughts, suggestions and comments are as always, appreciated. Thanks, Devan. _________________________________________________________________ Find a broadband plan that fits. Great local deals on high-speed Internet access. https://broadband.msn.com/?pgmarket=en-us/go/onm00200360ave/direct/01/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any use (including retransmission or copying) of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient of this transmission, please contact the sender and delete the material from any computer. The sender is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Any replies to this email may be monitored by the MCPS-PRS Alliance for quality control and other purposes. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
