Should be working - just create a example OU with the
specific settings, adfind gPLink and gPOptions into variables (actually
gPOptions: read it once and set it statically without reading in a variable) and
use admod to write the gPLink and gPOptions-attributes of the other
OUs.
Ulf
I may have missed earlier parts to this thread, but have
you considered adding all laptops to a group and then applying a laptops GPO at
some higher level in the OU hierarchy, filtered by the group just
mentioned?
I would also re-assess the OU hierarchy and whether it is
relevant and
Hope you guys can help me out with this...
http://blogs.dirteam.com/blogs/jorge/archive/2006/02/27/570.aspx
Cheers,
Jorge
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to
Hi all,
We're looking at this moment for a way to query DNS using wildcards, but untill now, no luck!
Does anybody knows a way to do this?
Thanks,
Bart
Valid recommendation - I've missed that only WMI-Queries
were out-of-scope, group-filtering might be in scope.
Ulf
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, March 01, 2006 9:27
AMTo: ActiveDir@mail.activedir.orgSubject:
It appears as though you need an objectlifecycle
process :)
This has been discussed before - check out the archives.
Does DNS scavenging help you at all, in the short
term?
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bart Van den
WyngaertSent: 01 March 2006
This question is for Susan - SBS Goddess - but feel free to respond if
you know the answer. Can a SBS 2003 domain/forest be renamed? If so,
what's the best/recommended practice in doing it?
TIA
Alex Alborzfard
List info : http://www.activedir.org/List.aspx
List FAQ:
If you consider flattening the box and reinstalling reasonable. :-)
Remember it's got Exchange on a DC which means a rename is not supported
along with an integrated Sharepoint.
In MVPdom where we don't care about such things and sometimes we do it just
to see if you can, you have to rip out a
And remember we are a single DC/Forest... so we're more like a tree than a
forest.
;-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley
Sent: Wednesday, March 01, 2006 7:43 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SBS
Title: OT: Linux and AD authentication
Anyone know if there is a way to make a Linux box run a login script managed at the AD level (not local to the Linux machine) that could at minimum pop up our acceptable use policy? Its coming up because we have our Windows boxes displaying it on login,
Creamer, Mark wrote:
Anyone know if there is a way to make a Linux box run a login script
managed at the AD level (not local to the Linux machine) that could at
minimum pop up our acceptable use policy? It’s coming up because we have
our Windows boxes displaying it on login, and management
Title: OT: Linux and AD authentication
Check out:
www.centrify.com
www.vintela.com
neil
___Neil RustonGlobal Technology
InfrastructureNomura
International plc
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Creamer,
MarkSent: 01 March 2006
I should have explained that better Tomasz - the reason we want it managed
within AD is to make sure
the text displayed is the same everywhere. If it's part of a local script on
the individual Linux box,
we have to remember to change it in more than one place. There are other things
we'd like
Apparently some parts of ntdsutil are scriptable, see
http://support.microsoft.com/?kbid=243267 .
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simon Bembridge
Sent: Monday, February 13, 2006 1:52 AM
To: ActiveDir@mail.activedir.org
Subject:
What about migration to a new domain then ? Maybe that would be the
way around renaming?
I am not sure of the implications it might have on exchange or share point.
On 3/1/06, Susan Bradley [EMAIL PROTECTED] wrote:
And remember we are a single DC/Forest... so we're more like a tree than a
My goal is to automate a process to change Full Name and Display Name
from John Doe to Doe, John. I am not yet familiar with VB et al
scripting, so assistance would be greatly appreciated if you propose a
scripting solution.
Thank you!
...D
List info : http://www.activedir.org/List.aspx
List
Thanks for your thorough responses Susan!
Alex Alborzfard
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley
Sent: Wednesday, March 01, 2006 10:43 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename
If
Thanks for your suggestion.I wish it was that simple. :-) (not technically, but politically)Ours is very much delegated environment, spread across 50+ locations.So making sure that no single branch office admin has rights over any of the objects of other branch office is essential, thus initial
Thanks I looked at the _vbscript_ code, what it does is, takes the current links into variable and appends our new link at the end and reattaches the whole new bunch to OU again.I thought since admod has a feature of append (+,++ operators), I might not have to do the read current links +
Hello,
Against what are you trying to perform a query. it's
possible to perform a query against AD by using a csvde
command.
When using these command you are able to use some
wildcards.
Regards,
Daniel
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bart Van den
These may be of interest to you:
http://support.microsoft.com/kb/277717/en-us
http://support.microsoft.com/?kbid=300427
Mike Thommes
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Danny
Sent: Wednesday, March 01, 2006 1:42 PM
To:
Currently, I am not near a DC, to test out the exact commands... but here goes the general process..* use adfind.exe or csvde.exe to create a delimited list of current users with required attributes.* Import this file into excel
* create excel formula with displayname column as input and put the
You could also do this with ADModify:http://www.gotdotnet.com/workspaces/workspace.aspx?id=f5cbbfa9-e46b-4a7a-8ed8-3e44523f32e2
And if you want to make this change for all new user accounts that will be created as well then you might want to look into:http://support.microsoft.com/?kbid=250455
AD Gurus,
I have an weird problem for which I am not having any luck. Here you go:
Only XP computers are experiencing very slow logons (upto 5+ minutes) to the
domain. Windows 2000 professional computers dont have this problem. Now,
this is mostly happening on remote sites without local DC so
Kamlesh-
You probably already noticed this but just a minor point
that the ordering of the GPO DNs in thegpLink attribute affect the order
in which they are processed. So appending a GPO to the end of the existing
gpLink attribute puts in number one in the priority list for that container.
Hi Adeel, this setting:
-Enabled Always wait for the network at computer startup and logon in the
GPO
Will slow down an XP box pretty good, they usually login cached and let
things catch up with them.
HTH,
John
Very true point - as long as you don't need it to be a
DNS-Query you can use dsquery or admod to query for the dnsNode-Objects in the
container hosting the DNS-Zones (out of my head since none of my test-dcs is
currenty running: cn=MicrosoftDNS,cn=system,dc=xxx where xxx is either the
Hi Everyone,
I have another requirement and I am not sure how I can do
this. One of our Systems Engineers needs to restrict a user account from
mapping a drive from any other system in the domain then from the system that
we allow it to be logged in on.
In other words he does not
True but this is the default state (synchronous GP processing) on Win2K
anyway so if there is no problem on Win2K I suspect this is not the
issue.
Outside of DNS issues, you might want to fire up userenv logging and see
if the clients are hanging during GP processing.
-Original Message-
Thanks. I'll bring this up with MS and get the documentation fixed.
On 3/1/06, Almeida Pinto, Jorge de [EMAIL PROTECTED] wrote:
like global groups can only contain members from the same domain, universal groups can only contain members from the same forest. It is not possible to add objects
Storage of photos in AD using jpegPhoto or thumbnailPhoto - yay or nay?
Ichecked the archives on this and didn't see too much there beyond Guido saying don't do it. To quote:
[Grillenmeier, GuidoTue, 14 Dec 2004 12:35:42 -0800
that's likely the photo or the thumbnailPhoto attribute (both octet
Well one way to accomplish it would be to use IPSEC in
require mode and define a rule that only that workstation could contact it as
well as any other systems you want to admin it from. You could specify ESP
Null so that you do not have the encryption overhead and simply use IPSEC for
Title: Remote disconnected site -- best practice?
Hi all,I'm faced with a remote site that has decided to spin up their first server. They're totally disconnected from the enterprise intranetwork; Any user who needs access to company resources currently uses a software VPN client. At
33 matches
Mail list logo