Title: Message
Thanks
everyone for your help --- it will make my life a lot
easier!
Andrew
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Perdue David J Contr InDyne/Enterprise ITSent:
Thursday, September 09, 2004 2:00 AMTo:
'[EMAIL
Stumbled upon an issue couple of days ago and wanted to hear what you guys think about
it.
Suppose that your AD is called myad.com and you also configure additional UPN suffix
"company.com".
Now I create 2 users in child.myad.com child domain:
1) sAMAccountName: guy
userPrincipalName: [EMAIL
Title: Message
The below link on JSI shows a way to pull it from the
DCs.
http://www.jsiinc.com/SUBQ/tip8400/rh8433.htm
Dave
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Caple,
AndrewSent: Tuesday, September 07, 2004 10:07 PMTo:
[EMAIL PROTECTED]Subject: [ActiveDir]
-BEGIN PGP SIGNED MESSAGE-
Time sync is working on all DC's fine.
We check that no other admin tasks were taking place, for a period of time,
30 minutes, we had over 700 event id for 8139, this has now dropped to just
5 in the past 2 hours. We stopped the ADC replication, restarted the AD
IIRC, the 8139 error actually talks about modifications that were made on
the source and target out of order. The source target was updated after the
source before sync in other words. This can be caused by time sync issues
as you can imagine, but in your case if the time sync is properly working
Title: Message
Are you referring to "in the past"? Only by looking at
security audit records or writing an app that stores the information, as other
people have already said.
But if you are referring to "currently logged on", you can
get that:
http://www.microsoft.com/technet/community/sc
While I can't get this information from Active Directory, it is possible
to get this information from the domain controllers. You can look
through your security logs on the domain controllers for event 540.
This event will give you the user who logged on and also the ip address
of the machine they
Kerberos is the protocol of choice in Windows 2000/2003 domains.
Kerberos will be initially used on any authentication requests between a
Winsows 2000 or higher client and a Windows 2000/2003 resource. If the
resource is an NT 4.0 server of if Kerberos fails, the authentication
will resort to NTLM
-BEGIN PGP SIGNED MESSAGE-
We are seeing quite a few MSADC 8139 errors that talk about ensuring the
servers are in sync. We have confirmed our Win2k DC's and Ex5.5 servers are
in sync to within sub 1 second.
Any ideas why these we still get this alert.
Roy
*
-BEGIN PGP SIGNED MESSAGE-
We are seeing quite a few MSADC 8139 errors that talk about ensuring the
servers are in sync. We have confirmed our Win2k DC's and Ex5.5 servers are
in sync to within sub 1 second.
Any ideas why these we still get this alert.
Roy
***
>It uses either Kerberos or NTLM based on the best protocol that can be negotiated >(using >the Negotiate protocol). >I dont believe you can disable the netlogon. Also, your question doesnt make >sense to me >as the server IS using Kerberos (or NTLM) to authenticate the user to >AD.Oh, I don't
11 matches
Mail list logo