Were the answers along the lines of "it can't be done"?
http://www.akomolafe.com/Portals/1/Write%20out%20the%20SMTP%20Addresses%20of%20users%20OR%20Groups.txt
YMWV
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ //
Sometimes, rebuilding OUs is not a Bad Idea :)
Try DSacls or something GUI-sh from Netpro and co.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/
Why are you using adsiedit to rehome a mailbox? Doesn't the move mailbox wizard
work for your needs?
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/
I would not recommend that you do this. Please read the document I referenced
in my previous response. Also, see Ulf's brief description/explanation of the
behavior that you are seeing. I really recommend that you try to understand
what is going on here.
Sincerely,
_
Read http://www.netpro.com/forum/files/authentication_topology.pdf
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
for x64 guests is becoming a sticking point for me.
Regads,
Aric (who's Ben?)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Saturday, January 20, 2007 9:29 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Remote DC's on Virtual S
if its impossible to
support, switching machines would mean you simply have to swap out that
set of registers as well, I guess ... just curious.
Cheers,
BrettSh [msft]
posting "as is"
On Thu, 18 Jan 2007, Akomolafe, Deji wrote:
> >>> one runs on bare metal and other
I don't think that is a "Microsoft" position. Probably a personal preference
and opinion of the "internal" people. Publicly, MS supports Exchange
virtualization starting from E2K3 SP2, running on VS R2.
Sincerely,
_
(, / | /) /) /)
ry Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: Noah Eiger
Sent: Thu 1/18/2007 4:53 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Remote DC's on Virtual Server
I realize this
e based on
allocation guarantees, 4-way SMP guests, 64-bit guests :->
Nothing wrong with Virtual Server, but I see it more on par with VMware Server
than ESX/Virtual Infrastructure.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Thursday, Janu
the manuals for your infrastructure because you don't work
with it day in and day out.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Thursday, January 18, 2007 1:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Remote DC's on Virtual Serve
ESX (VMWare) is good - and pricey. And very strict as to hardware specs. And
complex to setup and administer. And, I could be wrong on this, NOT
(MS)-supported for virtualizing DCs.
Virtual Server, on the other hand, is good, not pricey, less picky, more
supported (I believe it's actually valid
One little addition:
There is a 32-bit version of E2K7, although it neither intended to be used in
production, nor supported if choose to ignore the caveat.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
)
t one.
Thanks,
-Steve
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Tuesday, January 16, 2007 3:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS problem. Periodically have to clear the cache
How are these servers configured in TCP/IP? Wh
I had this issue a long time back with a similar product made by a previous
employer. I won't go back into the details, but the problem is that computer
passwords were being restored to previous states that no longer match those on
the DCs at the present state. A manual or scripted rejoin is us
How are these servers configured in TCP/IP? Who is forwarding to whom? And what
is the SP level? If you want to take this off-list, you can do so by directly
emailing me.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___//
Or these:
http://support.microsoft.com/kb/152300/EN-US/
http://support.microsoft.com/kb/149447/EN-US/
HTH
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/
See http://msmvps.com/blogs/ehlo/archive/2005/04/21/43813.aspx
HTH
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
>>>Santa brought me coupon for a new home computer, redeemed the coupon and
>>>built the system
So, what exactly did YOU do?
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(
isting ACLs
set on file server.
I'm a bit surprise that the system (AD<->file server) leave this dirty sid and
that there is no synchronisation that updates the "link" between the AD object
and the ACE
What is the reason ? could this behavior be altering ?
I'd l
It's "normal". You should be permissioning your resources with groups instead
of directly with user accounts. Groups tend to last longer, so you don't have
to deal with the horrible SIDs.
Sincerely,
_
(, / | /) /) /)
/---| (/_
erely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: Akomolafe, Deji
Sent: Thu
Sorry, Tony. I've been away from emails for most of the week. Did you get a
useful response to your question? If not, does my 2-part AdminSDHolder blog
(http://www.akomolafe.com/JustSaying/tabid/193/EntryID/19/Default.aspx and
http://www.akomolafe.com/JustSaying/tabid/193/EntryID/20/Default.aspx
http://support.microsoft.com/default.aspx?scid=kb;KO;275554
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
and lack of exposure to
sophisticated IT environments.
But I won't.
:-)
Laura
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Friday, December 15, 2006 2:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO
Tim,
it is the
sent those of my employer and for all I
know, may even pi$$ off my employer. :-)
Laura
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Friday, December 15, 2006 1:42 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO
I wouldn't put it in
t intended to represent those of my employer and for all I
know, may even pi$$ off my employer. :-)
Laura
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Friday, December 15, 2006 1:42 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista G
ista GPO
They won't do it if Microsoft makes it so they CAN'T do it. I feel Microsoft
should be applauded for forcing admins to do their jobs correctly for a change,
instead of giving in to the lazy or uninformed amongst us.
Just my opinion,
Tim
From: [EMAIL PROTECTED] [mailto:[EMAIL PROT
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: Darren Mar-Elia
Sent: Fri 12/15/2006 10:21 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO
Come on D
AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO
So Microsoft should encourage their bad practices?
Laura
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Friday, December 15, 2006 12:39 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [Acti
>>> People don't seem to have a problem with that concept when it comes to game
>>> consoles :)
Bad analogy. Go stand in the corner, no wii for you :)
When people start running their businesses on game consoles, then you can come
back and compare. For now, it's just plain incomprehensible that
weirdness
Thanks alot! That helped.
I wonder why it worked from my XP box?
Thanks again
On 12/13/06, Akomolafe, Deji <[EMAIL PROTECTED]> wrote:
http://support.microsoft.com/default.aspx/kb/829756
Sin
http://support.microsoft.com/default.aspx/kb/829756
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(
convert the zone from AD-intg to Primary. The zone should be written to
system32\dns folder after that. Once you have the file, you can go back and
convert the zone to AD-intg again.
Another option is to use dnscmd to dump the zone info to file. You can use
/enumrecords or /zoneprint, depending
Lithium batteries are resilient to the charge/discharge issues associated with
earlier batteries. Generally, you want to replace batteries after about 18
months, because that's when depreciation sets in.
Sincerely,
_
(, / | /) /) /)
another thread then?
On 12/11/06, Akomolafe, Deji <[EMAIL PROTECTED] > wrote:
John,
now that your DNS is working on the server, you need to make sure that your
clients are using ONLY this server as their DNS server.
Reconfigure your clients' "Primary DNS" ser
John,
now that your DNS is working on the server, you need to make sure that your
clients are using ONLY this server as their DNS server.
Reconfigure your clients' "Primary DNS" server entries in TCP/IP configuration
to have the IP address of your DNS server. Remove any other IP address that yo
http://support.microsoft.com/kb/300202
Pay attention to the part that says "To Remove the Root DNS Zone"
Then look at the part that says: "To Configure Forwarders". You only NEED to do
this part IF your ISP is blocking you from running DNS on their network. In
that case, you will point your DNS
OW-TO configure the other DNS server (in TCP/IP configuration)? Sorry I am
newbie on this service.
Also, I already remove and reinstalled the DNS however no luck. The same
problem.
John
- Original Message
From: "Akomolafe, Deji" <[EMAIL PROTECTED]>
To: ActiveDir@mail.activ
Do you have another DNS server? If yes, then configure the problematic server
to use this other DNS server (in TCP/IP configuration). If no, then remove and
reinstall DNS.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___//
Seen this? http://support.microsoft.com/kb/817470
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
CSE/Security
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Akomolafe, Deji
> Sent: Monday, November 27, 2006 6:49 PM
> To: ActiveDir@mail.activedir.or
http://technet2.microsoft.com/WindowsServer/en/library/b4d96434-0fde-4370-bd29-39e4b3cc7da81033.mspx?mfr=true
You owe me a beer for making me do your google :)
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
Since someone has already taken the time to address this, I will simply refer
you to
http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1040355,00.html
If you still have questions after that, then ask away.
Sincerely,
_
(, / | /)
Neil,
You responded to the thread where Steve already corrected himself. Read the doc
you cited again. Only the EDC membership changes during the process you
described. EDC itself is NOT created at this point. It is merely made a member
of the newly-created "Windows Authorization Access" group.
/
|-+-->
| | |
| | |
| | |
| | "Akomolafe, Deji" |
| | <[EMAIL PROTECTED]> |
| | Sent by: |
| | [EMAIL PROTECTED]|
| |
>>> Its not viewable/searchable under ADUC even with advanced features turned
>>> on
That is an incorrect statement.
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_
ia.govt.nz/
|-+-->
| | |
| | |
| | |
| | "Akomolafe, Deji" |
| | <[EMAIL PROTECTED]> |
| | Sent by: |
| | [EMAIL PROTECTED]|
|
>>>I can confirm we do not have an "Enterprise Domain Controllers" group in any
>>>of the domains.
Really? How did you confirm that? In ADUC (with "Advanced Features" enabled in
View) and doing a custom search for "enterprise", simply looking in the
"Foreign Security Principals" containers?
S
Getting the new Exchange server in there and moving mailboxes, PFs, RG master
role, etc, is fairly easy. The main work is involved in getting the old server
out of the mix. This (http://support.microsoft.com/?id=822931) should help
somewhat.
Sincerely,
_
in addition to the DNS
cleanup (which I'm guessing is what Deji meant by "AD/DNS/Sites", but just in
case...). Given the, um, quirkiness of this environment, I suspect you may have
a difficult demotion ahead. I assume you've done metadata cleanup before? If
not, feel free to post
I believe I recommended this early on in the thread. Sometimes, it's easier
(wiser) to not fight the fire. Demote, clean it out of AD/DNS/Sites. If you
have the luxury, wipe and reinstall the box, otherwise, just do a rename of the
box. Renaming it is strongly recommended unless you have script
>>>Also keep in mind scavenging only applies to records that have timestamps
>>>(which are typically dynamically created.)
Keep in mind that you CAN enable scavenging on static records. The facility is
in dnscmd. So, please don't assume that your static records are safe from
scavenging just b
Russ,
The possibility of unintentionally losing important records is the greatest
danger inherent in scavenging. This is why I pointed you to that document.
Please read it, Another reason to read it is that the problem you are
experiencing is discussed in that document. Just look at it, and sca
You need some quiet time (and your favorite bottle/keg of liquor) with this
document
http://www.microsoft.com/technet/prodtechnol/windows2000serv/plan/w2kdns2.mspx
If you are in a hurry, just skip down to the "Aging and Scavenging" part.
Enjoy
Sincerely,
_
Compare the IP registered for phmaindc1 in DNS to the actual IP address of this machine. Do you see any discrepancy?
Is this your only DC? If not, then I'd demote it, clean it completely out of AD (ADUC, AD Site and services, DNS), and then re-promote it.
Sincerely, _
2006 8:43 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Restrict VPN Access By Computer Name
"Expensive" ISA appliances... let's qualify that
Akomolafe, Deji wrote:
> Yes, you will need a CA for EAP. Ideally, you'd do a machine cert,
> because machines are what you wan
Yes, you will need a CA for EAP. Ideally, you'd do a machine cert, because machines are what you want to filter.
Are you providing hosted services to your clients, or what?
Yes, there are ISA appliances. There have been since 2004.
Sincerely, _ (, /
ay? -anon
From: Laura A. RobinsonSent: Tue 11/14/2006 8:04 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: M$
That last line really was unnecessary, Deji.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, DejiSent: Monday, November 13, 2006 8:39 PMTo: Act
Which part of it do you not understand?
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ M
You are right, Calling-Station-Identifier (in some cases) map to the telephone number. In 802.1x scenario, though, it's usually the MAC, but I have also seen it map to the client's IP address. I attribute this to some vendors not reading the RFC or just opting to do it their way. In our situatio
Call-Station-Identifier is a much more stable and reliable filter - it is the Client's MAC address. "Client Friendly Name" is optional and may not be sent in many VPN negotiation. The identifier will very likely be sent (I don't want to say ALWAYS since I don't have any relevant doc that say tha
You know what I find amazing here?
That you felt compelled to lend more visibility to this topic, when it, truly, does not deserve an iota of your time. I see people use "M$" in conversations, I note their names and learn to avoid them. It's the same thing I do with people who use "1337" and s
--
Please let me know how I can contact you Deji
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, DejiSent: Monday, November 06, 2006 10:19 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange --NDR--
4.4.7 is "usually" the other server
4.4.7 is "usually" the other server's problem. If you want, I can privately help you verify this, if you send me the domain/ip of the other server in a private (off-list) message.
Sincerely, _ (, / | /) /) /) /---| (/_ _
Title: Active Directory Health Check tool - where can it run from?
The tool actually lists out the specific requirements for running it. You just need to read the "default.htm" that is part of the generated report.
Sincerely, _ (, / | /)
Tool.penetration
Tony took a vacation and this is what this list is turning into
Time to go wash my brains.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__
You never mentioned anything about a "product".
Anywhooo, see http://www.rlmueller.net/primary_group.htm, then go see what Richard did in http://www.rlmueller.net/Programs/EnumUserGroups.txt
Sincerely, _ (, / | /) /) /) /---
whoami -group
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory S
I hope you are kidding. Orlando was The.Worst.TechEd.Ever
Muggy as hell.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /)
How about you just do instr(objOperatingSystem.Caption, "Vista") > 0 Then wscript.quit
There is something quirky with the caption in Vista. They even misspelled Microsoft :)
Sincerely, _ (, / | /) /) /) /---| (/_ __ _
Are you on the W2K3 SP2 Beta program? If you are not, find a way to get in there and get SP2.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/
: [EMAIL PROTECTED] on behalf of Darren Mar-Elia
Sent: Mon 10/2/2006 4:55 PM
To: ActiveDir@mail.activedir.org
Subject: Re: RE: [ActiveDir] OT: DesktopStandard acquired by Microsoft
Haha. This is the first time I've been on the receiving end Deji. You can't
blame ME for this one :). Just f
What's with you and acquisitions, dude? :-p
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
support.Jabber.com
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Direct
http://www.rlmueller.net/ComputerRole.htm
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/
Sorry for jumping into this in the middle. I've been partially following the thread.
To the OP, have you tried:
Convert the zone from AD-intg to Primary one DC
Updating the server data file on that server (done by r-clicking the zone and clicking "update")
Delete the zone from the other DC
Not according to my birth certificate.
See anything "random" here: Dèjì Akómöláfé? Me neither ;-p
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/
Yikes! Is it Halloween yet?
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP
I think there is just one version of the R2 CD. The main CD (CD1) has Standard, Enterprise and Datacenter flavors, but the contents of CD2 look the same to me.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _
Much as I hate to say it, convenience may win here. I know, I know . it's
bad form to have non-expiring passwords, etc, etc. Been there, preached that.
However, the usability factor is a non-trivial design consideration, and even
though we all agree that Sales people are not the most clue-ful
In addition to what Robert is saying, take a look at http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3RPCHTTPDep/0849cb53-f1f9-419b-bb74-82bc010e247f.mspx?mfr=true
There are many things that can be responsible for this failure, and you need to selectively eliminate each.
Si
pool.ntp.org is a pool of reliable public time servers. Point your server to that, or point it to your router if policy says no external (finger)pointing. By the way, what is the reason given for prohibiting external time source?
Sincerely, _ (, / |
OK. The account under discussion is "512". Had to refresh my brains because I just took your 1-4 bullet points and said, uh-uh, there is a way to have an enabled password-less account. Granted it won't be "512" and will be useless, it is still enabled.
Sorry, Paul.
Sincerely, _
erver ?then on the child server i would create a primary of the dnsdomain zone sales.company.orgwould i need a secondary on the primary dns server ?
On 9/15/06, Akomolafe, Deji <mailto:[EMAIL PROTECTED]> wrote:
Yes, I would. From parent to the child DNS server. Then create a Primary or
s now 512 and can't get to that state without a password meeting complexity.
--Paul
- Original Message -
From: Akomolafe, Deji
To: ActiveDir@mail.activedir.org
Sent: Friday, September 15, 2006 4:52 AM
Subject: RE: [ActiveDir] Strange password issue
I think you are missing 5
en to other ways to architect the DNS structure for a single parent with single child. what are the "recommended" steps for this type of DNS setup ? Domain delgation ? all AD-integrated ?
On 9/14/06, Akomolafe, Deji < [EMAIL PROTECTED]> wrote:
Here's what I'd do:
En
yes
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww
I think you are missing 5.
5. The account was created programmatically disabled with PWD_NOT_REQD set. So, we have 546 UAC. Then someone programmatically set UAC to 544 or went into ADUC and manually enabled the account.
It's a feasible scenario, no?
Sincerely, _
Yes. You run Mac. LOL
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Dir
1Description:Zone jacwf.phippsny.org expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
On 9/14/0
I guess if you have "Widows", then someone must have "expired" :)[1]
What is the exact error message?
[1] Please don't take offense. I'm just in a laughing mood :)
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _
think we discovered the problem... things were just locked down a *tad* too much.
On 9/13/06, Akomolafe, Deji <mailto:[EMAIL PROTECTED]> wrote:
Look at your default recipient policy. What's set there? Just curious.
Look at your default recipient policy. What's set there? Just curious.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /)
now they are denied, delays when they try to access the ipsec isolated DC?Bryan LucasServer AdministratorTexas Christian University-Original Message-From: [EMAIL PROTECTED][mailto: [EMAIL PROTECTED]] On Behalf Of James Eaton-LeeSent: Wednesday, September 13, 2006 5:39 AMTo: ActiveDir@mail.act
lf Of James Eaton-LeeSent: Wednesday, September 13, 2006 5:39 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Isolating a DCAkomolafe, Deji wrote:> I highly recommend that you readhttp://www.windowsitpro.com/articles/print.cfm?articleid=37935>> Then, as a fall-back option, look
>>>At what point you’re better off going with something like Shavlik or Patchlink?
For a 1700 users environment, WSUS will do.
>>>What do they give you that WSUS doesn’t?
They do give you some bells and whistles, but you will have to download a trial version of each, install them and compare
I highly recommend that you read http://www.windowsitpro.com/articles/print.cfm?articleid=37935
Then, as a fall-back option, look for the isolation using IPSec whitepapers on Microsoft site. I can't find them now, but I know that they exist. They show you how to restrict communication with a s
Ugh! I wish they would invent a computerish thingamabob that reads your mind and paste the link you are thinking :0.
Here's the sample script.
http://www.akomolafe.com/Portals/1/add-to-loc-grp.txt
Sincerely, _ (, / | /) /) /)
BTW, here's how I add the ADMT account to the relevant admin groups before the known good "Restricted Group" option was invented. If you find out that "Restricted Group" is not working for you, try the script option.
Sincerely, _ (, / | /)
1 - 100 of 967 matches
Mail list logo
