Re: [ActiveDir] Last Logon Details
Rick That's a tricky one. There are two attributes (pwdLastSet and lastLogon) that could help you. The unfortunate thing is that these attributes are not replicated between DCs. This means that in order to get up-to-date information you need to query every DC in the domain. This may be ok for small environments, but is impractical for organisations with larger infrastructures. Things improve with Windows Server 2003 AD with the introduction of the lastLogonTimestamp attribute which *is* replicated and gives an approximate time of the last logon. It's approximate because it is only updated at 1 week intervals (to cut down on replication traffic). This feature requires the Windows Server 2003 domain functional level. Some further info here. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/server/dsadmin_concepts_accounts.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad/win2k3only_a_lastlogontimestamp.asp Tony -Original Message- From: Jones, Rick J.(Desktop Engineering) [mailto:[EMAIL PROTECTED] Sent: Freitag, 28. März 2003 00:18 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Last Logon Details Hi; I am trying to retrieve the last logon account information for a specific computer account from Active Directory. Does anyone have a script to do this? Or... If you have another way to determine when the system last logged onto the network. This is so we can verify that the account is an active entry. Rick J. Jones List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Synchronization with Unix and Oracle
Title: Message Please can anyone clear my doubt When ADS is configured to replicate with Oracle/Unix Ldap on what basis replication take place Here what I presume is ADS has its own domain boundary secured and it wont replicate to any other server. is there any configuration required on Oracle/Unix regs Milind -Original Message-From: Ryan Finnesey [mailto:[EMAIL PROTECTED]Sent: Friday, March 28, 2003 3:32 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Synchronization with Unix and Oracle I have worked with them and they have very good support. We had to sync Novel NDS, 8 Active Directory Forests and a people soft database. Ryan -Original Message-From: Martin Tuip [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:40 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Synchronization with Unix and Oracle That is what I was thinking of as well. CPS does have good customer base and not just small companies. Martin Tuip MVP Exchange www.sharepointserver.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy AnderssonSent: Thursday, March 27, 2003 7:21 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Synchronization with Unix and Oracle CPS-Systems have really improved the ODBC interface in SimpleSync and can both Provision new User Accounts as well as maintain pre-existing accounts, from any Oracle feed, either LDAP or CSV. I know of a client that is installing this solution this weekend - with the result being a fully automatic update from PeopleSoft/Oracle => AD. Regards, /Jimmy --Jimmy Andersson, Q Advice ABMicrosoft MVP - Active Directory www.qadvice.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amit ZinmanSent: Thursday, March 27, 2003 4:02 PMTo: [EMAIL PROTECTED] Biztalk is cool, but more for data Exchange. We are more interested in synchronizing passwords or providing some sort of smart logon or unified administration or even single-sign –on (one can just dream). Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:14 PMTo: '[EMAIL PROTECTED]' Services for Unix would help with the Unix side - if you're trying to integrate AD and NIS for instance. Oracle and AD would probably have to be custom done - depending on what you're trying to do. The MS Biztalk server site has a link to a third party Biztalk module that will interface with AD, and then just interface your Oracle stuff to Biztalk. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message-From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 AMTo: ActiveDir Mailing ListSubject: [ActiveDir] Synchronization with Unix and Oracle Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 **Disclaimer Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly prohibited. ***
RE: [ActiveDir] Reset BadPwdCount property for users
>Thing is...You can go into ADSIEdit and modify it
But is that against "the content rules" ???
Content rules determine the mandatory and optional attributes of the class instances
that are stored in the directory. New objects must contain all of the mandatory
attributes that are specified by the classSchema object in the schema and can contain
any of the optional attributes. In Active Directory, the content rules are completely
expressed by the mustHave, mayHave, mayContain, systemMustContain, and
systemMayContain attributes of the schema definitions for each class.
In addition, specific marked attributes have additional restrictions imposed by the
Security Account Manager (SAM). SAM read-only objects consist of the following:
revision, objectSID, domainReplica, creationTime modifiedCount,
modifiedCountAtLastPromotion, nextRID, serverState, samAccountType,
isCriticalSystemObject, dbcsPwd, ntPwdHistory,lmPwdHistory, lastLogon, lastLogoff,
badPasswordTime, badPwdCount ,logonCount, supplementalCredentials
-Original Message-
From: John F. Hann [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 27, 2003 3:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Reset BadPwdCount property for users
Thing is...You can go into ADSIEdit and modify it
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Thursday, March 27, 2003 5:09 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Reset BadPwdCount property for users
It's a SAM read-only object AFAIK, you can't modify it.
-Original Message-
From: John F. Hann [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 27, 2003 2:02 PM
To: ActiveDir List
Subject: [ActiveDir] Reset BadPwdCount property for users
Is the BadPwdCount property read only? I have tried to reset this with the
following script and get errors
Set Ulist = GetObject("LDAP://ou=My Users,DC=My,DC=domain,DC=com")
For Each User In Ulist
If user.badpwdcount > 5 then
WScript.Echo(user.fullname & " " & user.badpwdcount)
user.badpwdcount = 0
user.setinfo
End if
Next
John Hann
BancorpSouth
662.678.7179
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Reset BadPwdCount property for users
Thing is...You can go into ADSIEdit and modify it
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Thursday, March 27, 2003 5:09 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Reset BadPwdCount property for users
It's a SAM read-only object AFAIK, you can't modify it.
-Original Message-
From: John F. Hann [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 27, 2003 2:02 PM
To: ActiveDir List
Subject: [ActiveDir] Reset BadPwdCount property for users
Is the BadPwdCount property read only? I have tried to reset this with the
following script and get errors
Set Ulist = GetObject("LDAP://ou=My Users,DC=My,DC=domain,DC=com")
For Each User In Ulist
If user.badpwdcount > 5 then
WScript.Echo(user.fullname & " " & user.badpwdcount)
user.badpwdcount = 0
user.setinfo
End if
Next
John Hann
BancorpSouth
662.678.7179
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Reset BadPwdCount property for users
Title: Message
err.number = -2147016651
And it
does not reset to 0
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Gil KirkpatrickSent: Thursday, March 27, 2003
4:19 PMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Reset BadPwdCount property for users
Hi
John,
I
would have thought that it was read-only, but I didn't see anything in the
schema or the SD that would make it read-only. What kind of errors are you
getting?
-gil
-Original Message-From: John F. Hann
[mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:02
PMTo: ActiveDir ListSubject: [ActiveDir] Reset
BadPwdCount property for users
Is the
BadPwdCount property read only? I have tried to reset this with
the following script and get errors
Set Ulist =
GetObject("LDAP://ou=My
Users,DC=My,DC=domain,DC=com")For Each User In Ulist If
user.badpwdcount > 5
then WScript.Echo(user.fullname &
" " & user.badpwdcount)
user.badpwdcount = 0
user.setinfo End ifNext
John Hann
BancorpSouth
662.678.7179
RE: [ActiveDir] Last Logon Details
Hi; I am trying to retrieve the last logon account information for a specific computer account from Active Directory. Does anyone have a script to do this? Or... If you have another way to determine when the system last logged onto the network. This is so we can verify that the account is an active entry. Rick J. Jones List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Reset BadPwdCount property for users
It's a SAM read-only object AFAIK, you can't modify it.
-Original Message-
From: John F. Hann [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 27, 2003 2:02 PM
To: ActiveDir List
Subject: [ActiveDir] Reset BadPwdCount property for users
Is the BadPwdCount property read only? I have tried to reset this with the following
script and get errors
Set Ulist = GetObject("LDAP://ou=My Users,DC=My,DC=domain,DC=com")
For Each User In Ulist
If user.badpwdcount > 5 then
WScript.Echo(user.fullname & " " & user.badpwdcount)
user.badpwdcount = 0
user.setinfo
End if
Next
John Hann
BancorpSouth
662.678.7179
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Reset BadPwdCount property for users
Title: Message
Hi
John,
I
would have thought that it was read-only, but I didn't see anything in the
schema or the SD that would make it read-only. What kind of errors are you
getting?
-gil
-Original Message-From: John F. Hann
[mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:02
PMTo: ActiveDir ListSubject: [ActiveDir] Reset
BadPwdCount property for users
Is the BadPwdCount
property read only? I have tried to reset this with the following
script and get errors
Set Ulist =
GetObject("LDAP://ou=My
Users,DC=My,DC=domain,DC=com")For Each User In Ulist If
user.badpwdcount > 5
then WScript.Echo(user.fullname & "
" & user.badpwdcount) user.badpwdcount =
0 user.setinfo End
ifNext
John Hann
BancorpSouth
662.678.7179
RE: [ActiveDir] Synchronization with Unix and Oracle
Title: Message I have worked with them and they have very good support. We had to sync Novel NDS, 8 Active Directory Forests and a people soft database. Ryan -Original Message- From: Martin Tuip [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:40 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Synchronization with Unix and Oracle That is what I was thinking of as well. CPS does have good customer base and not just small companies. Martin Tuip MVP Exchange www.sharepointserver.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson Sent: Thursday, March 27, 2003 7:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Synchronization with Unix and Oracle CPS-Systems have really improved the ODBC interface in SimpleSync and can both Provision new User Accounts as well as maintain pre-existing accounts, from any Oracle feed, either LDAP or CSV. I know of a client that is installing this solution this weekend - with the result being a fully automatic update from PeopleSoft/Oracle => AD. Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amit Zinman Sent: Thursday, March 27, 2003 4:02 PM To: [EMAIL PROTECTED] Biztalk is cool, but more for data Exchange. We are more interested in synchronizing passwords or providing some sort of smart logon or unified administration or even single-sign –on (one can just dream). Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:14 PM To: '[EMAIL PROTECTED]' Services for Unix would help with the Unix side - if you're trying to integrate AD and NIS for instance. Oracle and AD would probably have to be custom done - depending on what you're trying to do. The MS Biztalk server site has a link to a third party Biztalk module that will interface with AD, and then just interface your Oracle stuff to Biztalk. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message- From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 AM To: ActiveDir Mailing List Subject: [ActiveDir] Synchronization with Unix and Oracle Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753
Re: [ActiveDir] Synchronization with Unix and Oracle
Title: Message Martin, Good of you to give us a 'thumbs up' ! Will we see you at Tech Ed / MEC 2003 this year? Take care, Jerry - Original Message - From: Martin Tuip To: [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:39 PM Subject: RE: [ActiveDir] Synchronization with Unix and Oracle That is what I was thinking of as well. CPS does have good customer base and not just small companies. Martin Tuip MVP Exchange www.sharepointserver.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy AnderssonSent: Thursday, March 27, 2003 7:21 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Synchronization with Unix and Oracle CPS-Systems have really improved the ODBC interface in SimpleSync and can both Provision new User Accounts as well as maintain pre-existing accounts, from any Oracle feed, either LDAP or CSV. I know of a client that is installing this solution this weekend - with the result being a fully automatic update from PeopleSoft/Oracle => AD. Regards, /Jimmy --Jimmy Andersson, Q Advice ABMicrosoft MVP - Active Directory www.qadvice.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amit ZinmanSent: Thursday, March 27, 2003 4:02 PMTo: [EMAIL PROTECTED] Biztalk is cool, but more for data Exchange. We are more interested in synchronizing passwords or providing some sort of smart logon or unified administration or even single-sign on (one can just dream). Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:14 PMTo: '[EMAIL PROTECTED]' Services for Unix would help with the Unix side - if you're trying to integrate AD and NIS for instance. Oracle and AD would probably have to be custom done - depending on what you're trying to do. The MS Biztalk server site has a link to a third party Biztalk module that will interface with AD, and then just interface your Oracle stuff to Biztalk. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message-From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 AMTo: ActiveDir Mailing ListSubject: [ActiveDir] Synchronization with Unix and Oracle Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753
[ActiveDir] Reset BadPwdCount property for users
Title: Message
Is the BadPwdCount
property read only? I have tried to reset this with the following
script and get errors
Set Ulist =
GetObject("LDAP://ou=My
Users,DC=My,DC=domain,DC=com")For Each User In Ulist If
user.badpwdcount > 5
then WScript.Echo(user.fullname & " "
& user.badpwdcount) user.badpwdcount =
0 user.setinfo End
ifNext
John Hann
BancorpSouth
662.678.7179
RE: [ActiveDir] Synchronization with Unix and Oracle
Title: Message That is what I was thinking of as well. CPS does have good customer base and not just small companies. Martin Tuip MVP Exchange www.sharepointserver.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy AnderssonSent: Thursday, March 27, 2003 7:21 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Synchronization with Unix and Oracle CPS-Systems have really improved the ODBC interface in SimpleSync and can both Provision new User Accounts as well as maintain pre-existing accounts, from any Oracle feed, either LDAP or CSV. I know of a client that is installing this solution this weekend - with the result being a fully automatic update from PeopleSoft/Oracle => AD. Regards, /Jimmy --Jimmy Andersson, Q Advice ABMicrosoft MVP - Active Directory www.qadvice.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amit ZinmanSent: Thursday, March 27, 2003 4:02 PMTo: [EMAIL PROTECTED] Biztalk is cool, but more for data Exchange. We are more interested in synchronizing passwords or providing some sort of smart logon or unified administration or even single-sign –on (one can just dream). Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:14 PMTo: '[EMAIL PROTECTED]' Services for Unix would help with the Unix side - if you're trying to integrate AD and NIS for instance. Oracle and AD would probably have to be custom done - depending on what you're trying to do. The MS Biztalk server site has a link to a third party Biztalk module that will interface with AD, and then just interface your Oracle stuff to Biztalk. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message-From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 AMTo: ActiveDir Mailing ListSubject: [ActiveDir] Synchronization with Unix and Oracle Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753
Re: [ActiveDir] AD synchronization
Title: Message No need. The groups that are created are global groups which are unaffected by a changeover to native mode. Very good question though... Marc Zukerman Senior Network Engineer Greenwich Technology Partners - Original Message - From: Don Murawski (Lenox) To: '[EMAIL PROTECTED]' Sent: Thursday, March 27, 2003 1:55 PM Subject: RE: [ActiveDir] AD synchronization Ok, let me ask this. When forest prep and domain prep was ran, the child domain was in mixed mode, since we have switched to native. Should domain prep be ran again? -Original Message-From: Marc Zukerman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 12:15 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] AD synchronization Assuming you are keeping the organization name the same, no you do not need to run it again. Domain prep needs to be run once for each domain that exists. It's a very quick thing that creates the groups for you. If you will not have an Exchange server in a domain, it still doesn't hurt to run it. This will give you the group structure that you may want to use anyway. Marc Zukerman Senior Network Engineer Greenwich Technology Partners - Original Message - From: Don Murawski (Lenox) To: '[EMAIL PROTECTED]' Sent: Thursday, March 27, 2003 12:05 PM Subject: RE: [ActiveDir] AD synchronization It's been a year since since forest prep was ran, does it need to be ran again? Also, does domain prep need to ran? We have an empty root domain, with two child domains. One of the child domains will have two E2k servers, one will be OWA only. -Original Message-From: Marc Zukerman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 11:13 AMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] AD synchronization Yes, but it's just the GC sync, not AD. - Original Message - From: Don Murawski (Lenox) To: [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 10:21 AM Subject: [ActiveDir] AD synchronization If forest prep has already been ran, and a new E2k Server is brought up does a full AD Synchronization take place on all GCs? Don L. Murawski Sr. Network Administrator WorldTravel BTI Phone: (404) 923-9468 Fax: (404) 949-6710 Cell: (678) 549-1264 <>
RE: [ActiveDir] Restart/Start Services Right
Great news Guido, and an answer to a post someone made from a month ago. Thanks. "GRILLENMEIER,GUIDO (HP-Germany,ex1)" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 03/26/2003 03:22 PM Please respond to ActiveDir To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> cc: Subject: RE: [ActiveDir] Restart/Start Services Right Oh yes, I've set this up for many customers. There are no drawbacks by placing the DCs in OUs underneath the Domain Controller OU. You should definitely stick to the rule, not to change any setting in the Sub-OU GPO, that you are also setting in the Default Domain Controllers GPO. There used to be a supportability issue from Microsoft with this approach, but they're currently changing their mind as it's the only way to achieve specific administrative goals in an AD environment. E.g. we're also using the Sub-OU approach to grant local admins the permissions/user right to shut down "their" DC (and no other DC). This is important in the event of NIC failures or whatever, where the central admins can't reach the machine... And they have physical access to the box anyways, which is much more of a security hole, if you so want. I'm still waiting for an official statement from MS on the supportability, but we've been using this solution very successfully ever since the introduction of AD... /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 26. März 2003 15:36 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Restart/Start Services Right Have you done this in practice Guido? Are there any drawbacks to separating DC's into OU's under the domian controller container? "GRILLENMEIER,GUIDO (HP-Germany,ex1)" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 03/26/2003 02:46 AM Please respond to ActiveDir To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> cc: Subject: RE: [ActiveDir] Restart/Start Services Right Using subinacl is not the best approach to manage the service permissions on a DC; I'd only use it on a standalone system or on Win2k members in an NT4 domain - in AD GPOs are the preferred way and the "Security Settings\System Service" get you where you want to be. But yes, neither the Default Domain Policy nor the Default Domain Controller Policy meet the goal to grant specific permissions on single DCs. The way around this is simply to add sub-OUs UNDERNEATH the Domain Controllers OU (e.g. one for each office hosting a DC) and to place the DCs in the appropriate OU. You can now add additional GPOs for DCs in a specific office (like granting permissions on services) while still being covered by the general Default Domain and Default Domain Controllers Policies. /Guido -Original Message- From: Free, Bob [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 26. März 2003 00:12 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Restart/Start Services Right >I think u can do it Domain Security Policy \Security Settings \ System service Doesn't meet his requirement, Default Domain Policy is common to all DC's in the DC OU. "specific office based administrators to restart/start services on specific domain controllers." Conceivably it could be done on individual DC's with subinacl but I have never tried it. SUBINACL /SERVICE \\MachineName\ServiceName /GRANT=[DomainName\]UserName[=Access] The values that 'Access' can take are: F : Full Control R : Generic Read W : Generic Write X : Generic eXecute L : Read controL Q : Query Service Configuration S : Query Service Status E : Enumerate Dependent Services C : Service Change Configuration T : Start Service O : Stop Service P : Pause/Continue Service I : Interrogate Service U : Service User-Defined Control Commands -Original Message- From: Milind Patil [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 4:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Restart/Start Services Right I think u can do it Domain Security Policy \Security Settings \ System services regs Milind -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 2:56 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Restart/Start Services Right Good Morning/Afternoon/Evening All, I have many DCs in many locations. I basically want to allow specific office based administrators to restart/start services on specific domain controllers. How would I go about this? Is it possible? Thanks and Best Regards, Rob Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely thos
RE: [ActiveDir] AD synchronization
Title: Message Ok, let me ask this. When forest prep and domain prep was ran, the child domain was in mixed mode, since we have switched to native. Should domain prep be ran again? -Original Message-From: Marc Zukerman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 12:15 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] AD synchronization Assuming you are keeping the organization name the same, no you do not need to run it again. Domain prep needs to be run once for each domain that exists. It's a very quick thing that creates the groups for you. If you will not have an Exchange server in a domain, it still doesn't hurt to run it. This will give you the group structure that you may want to use anyway. Marc Zukerman Senior Network Engineer Greenwich Technology Partners - Original Message - From: Don Murawski (Lenox) To: '[EMAIL PROTECTED]' Sent: Thursday, March 27, 2003 12:05 PM Subject: RE: [ActiveDir] AD synchronization It's been a year since since forest prep was ran, does it need to be ran again? Also, does domain prep need to ran? We have an empty root domain, with two child domains. One of the child domains will have two E2k servers, one will be OWA only. -Original Message-From: Marc Zukerman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 11:13 AMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] AD synchronization Yes, but it's just the GC sync, not AD. - Original Message - From: Don Murawski (Lenox) To: [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 10:21 AM Subject: [ActiveDir] AD synchronization If forest prep has already been ran, and a new E2k Server is brought up does a full AD Synchronization take place on all GCs? Don L. Murawski Sr. Network Administrator WorldTravel BTI Phone: (404) 923-9468 Fax: (404) 949-6710 Cell: (678) 549-1264 <>
RE: [ActiveDir] Synchronization with Unix and Oracle
Title: Message CPS-Systems have really improved the ODBC interface in SimpleSync and can both Provision new User Accounts as well as maintain pre-existing accounts, from any Oracle feed, either LDAP or CSV. I know of a client that is installing this solution this weekend - with the result being a fully automatic update from PeopleSoft/Oracle => AD. Regards, /Jimmy --Jimmy Andersson, Q Advice ABMicrosoft MVP - Active Directory www.qadvice.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amit ZinmanSent: Thursday, March 27, 2003 4:02 PMTo: [EMAIL PROTECTED] Biztalk is cool, but more for data Exchange. We are more interested in synchronizing passwords or providing some sort of smart logon or unified administration or even single-sign –on (one can just dream). Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:14 PMTo: '[EMAIL PROTECTED]' Services for Unix would help with the Unix side - if you're trying to integrate AD and NIS for instance. Oracle and AD would probably have to be custom done - depending on what you're trying to do. The MS Biztalk server site has a link to a third party Biztalk module that will interface with AD, and then just interface your Oracle stuff to Biztalk. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message-From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 AMTo: ActiveDir Mailing ListSubject: [ActiveDir] Synchronization with Unix and Oracle Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753
Re: [ActiveDir] AD synchronization
Title: Message Assuming you are keeping the organization name the same, no you do not need to run it again. Domain prep needs to be run once for each domain that exists. It's a very quick thing that creates the groups for you. If you will not have an Exchange server in a domain, it still doesn't hurt to run it. This will give you the group structure that you may want to use anyway. Marc Zukerman Senior Network Engineer Greenwich Technology Partners - Original Message - From: Don Murawski (Lenox) To: '[EMAIL PROTECTED]' Sent: Thursday, March 27, 2003 12:05 PM Subject: RE: [ActiveDir] AD synchronization It's been a year since since forest prep was ran, does it need to be ran again? Also, does domain prep need to ran? We have an empty root domain, with two child domains. One of the child domains will have two E2k servers, one will be OWA only. -Original Message-From: Marc Zukerman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 11:13 AMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] AD synchronization Yes, but it's just the GC sync, not AD. - Original Message - From: Don Murawski (Lenox) To: [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 10:21 AM Subject: [ActiveDir] AD synchronization If forest prep has already been ran, and a new E2k Server is brought up does a full AD Synchronization take place on all GCs? Don L. Murawski Sr. Network Administrator WorldTravel BTI Phone: (404) 923-9468 Fax: (404) 949-6710 Cell: (678) 549-1264 <>
RE: [ActiveDir] AD synchronization
Title: Message It's been a year since since forest prep was ran, does it need to be ran again? Also, does domain prep need to ran? We have an empty root domain, with two child domains. One of the child domains will have two E2k servers, one will be OWA only. -Original Message-From: Marc Zukerman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 11:13 AMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] AD synchronization Yes, but it's just the GC sync, not AD. - Original Message - From: Don Murawski (Lenox) To: [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 10:21 AM Subject: [ActiveDir] AD synchronization If forest prep has already been ran, and a new E2k Server is brought up does a full AD Synchronization take place on all GCs? Don L. Murawski Sr. Network Administrator WorldTravel BTI Phone: (404) 923-9468 Fax: (404) 949-6710 Cell: (678) 549-1264 <>
Re: [ActiveDir] AD synchronization
Title: Message Yes, but it's just the GC sync, not AD. - Original Message - From: Don Murawski (Lenox) To: [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 10:21 AM Subject: [ActiveDir] AD synchronization If forest prep has already been ran, and a new E2k Server is brought up does a full AD Synchronization take place on all GCs? Don L. Murawski Sr. Network Administrator WorldTravel BTI Phone: (404) 923-9468 Fax: (404) 949-6710 Cell: (678) 549-1264 <>
RE: [ActiveDir] Synchronization with Unix and Oracle
Title: Message Since Oracle user admin can be done with SQL statements (I think), there's no reason BizTalk couldn't be used. It would also help link AD to your HR/ERP/CRM apps. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message-From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 10:02 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Synchronization with Unix and Oracle Biztalk is cool, but more for data Exchange. We are more interested in synchronizing passwords or providing some sort of smart logon or unified administration or even single-sign -on (one can just dream). Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:14 PMTo: '[EMAIL PROTECTED]' Services for Unix would help with the Unix side - if you're trying to integrate AD and NIS for instance. Oracle and AD would probably have to be custom done - depending on what you're trying to do. The MS Biztalk server site has a link to a third party Biztalk module that will interface with AD, and then just interface your Oracle stuff to Biztalk. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message-From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 AMTo: ActiveDir Mailing ListSubject: [ActiveDir] Synchronization with Unix and Oracle Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753
[ActiveDir] AD synchronization
Title: Message If forest prep has already been ran, and a new E2k Server is brought up does a full AD Synchronization take place on all GCs? Don L. Murawski Sr. Network Administrator WorldTravel BTI Phone: (404) 923-9468 Fax: (404) 949-6710 Cell: (678) 549-1264 <>
Re: [ActiveDir] Synchronization with Unix and Oracle
Or Compaq/HP's LDSU, which is more flexible and less costly when you consider the ease of use! Missy - Original Message - From: John Hicks/MIS/HQ/KEMET/US To: [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 10:19 AM Subject: RE: [ActiveDir] Synchronization with Unix and Oracle I believe Microsoft MetaDirectory should handle this Amit Zinman <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 03/27/2003 10:02 AM Please respond to[EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject RE: [ActiveDir] Synchronization with Unix and Oracle Biztalk is cool, but more for data Exchange. We are more interested in synchronizing passwords or providing some sort of smart logon or unified administration or even single-sign –on (one can just dream). Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:14 PMTo: '[EMAIL PROTECTED]' Services for Unix would help with the Unix side - if you're trying to integrate AD and NIS for instance. Oracle and AD would probably have to be custom done - depending on what you're trying to do. The MS Biztalk server site has a link to a third party Biztalk module that will interface with AD, and then just interface your Oracle stuff to Biztalk. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message-From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 AMTo: ActiveDir Mailing ListSubject: [ActiveDir] Synchronization with Unix and Oracle Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753
RE: [ActiveDir] Synchronization with Unix and Oracle
I believe Microsoft MetaDirectory should handle this Amit Zinman <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 03/27/2003 10:02 AM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject RE: [ActiveDir] Synchronization with Unix and Oracle Biztalk is cool, but more for data Exchange. We are more interested in synchronizing passwords or providing some sort of smart logon or unified administration or even single-sign –on (one can just dream). Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:14 PM To: '[EMAIL PROTECTED]' Services for Unix would help with the Unix side - if you're trying to integrate AD and NIS for instance. Oracle and AD would probably have to be custom done - depending on what you're trying to do. The MS Biztalk server site has a link to a third party Biztalk module that will interface with AD, and then just interface your Oracle stuff to Biztalk. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message- From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 AM To: ActiveDir Mailing List Subject: [ActiveDir] Synchronization with Unix and Oracle Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753
RE: [ActiveDir] Synchronization with Unix and Oracle
Title: Message Biztalk is cool, but more for data Exchange. We are more interested in synchronizing passwords or providing some sort of smart logon or unified administration or even single-sign –on (one can just dream). Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:14 PM To: '[EMAIL PROTECTED]' Services for Unix would help with the Unix side - if you're trying to integrate AD and NIS for instance. Oracle and AD would probably have to be custom done - depending on what you're trying to do. The MS Biztalk server site has a link to a third party Biztalk module that will interface with AD, and then just interface your Oracle stuff to Biztalk. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message- From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 AM To: ActiveDir Mailing List Subject: [ActiveDir] Synchronization with Unix and Oracle Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753
RE: [ActiveDir] Synchronization with Unix and Oracle
Title: Message Services for Unix would help with the Unix side - if you're trying to integrate AD and NIS for instance. Oracle and AD would probably have to be custom done - depending on what you're trying to do. The MS Biztalk server site has a link to a third party Biztalk module that will interface with AD, and then just interface your Oracle stuff to Biztalk. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message-From: Amit Zinman [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:49 AMTo: ActiveDir Mailing ListSubject: [ActiveDir] Synchronization with Unix and Oracle Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753
[ActiveDir] Synchronization with Unix and Oracle
Hi, If any of you ever did synchronize your AD with Oracle or Unix I would love to hear your input on this matter. Thanks, Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753
RE: [ActiveDir] Mixed to Native
lol. Cheers Roger Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 Roger Seielstad <[EMAIL PROTECTED]To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> .com> cc: Sent by: Subject: RE: [ActiveDir] Mixed to Native [EMAIL PROTECTED] tivedir.org 27/03/2003 12:06 Please respond to ActiveDir The worst part of the mixed to native mode conversion is picking which refreshing beverage you're going to enjoy when its done. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 27, 2003 5:49 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Mixed to Native > > > > Hi All, > > I've finally migrated my last remote office into my 2000 > domain. All of my NT BDCs are gone and I'm 100% 2000 on the > DCs I still have a couple offices on NT workstations. > It's been some time since I've focussed on 2000 and can't > remember if there are any gotchas with the move from mixed to native? > > I've read back through all my documentation/notes, but that > no substitute to real worl experience... Can anyone offer > some guidance? > > Thanks and BR, > > Rob > > > Robert Rutherford > MIS Department - DEK > +44 (0)1305 208232 > +44 (0)7970 122362 > > > > > > This E-mail and any files transmitted with it are in > commercial confidence and intended solely for the use of > the individual or entity to whom they are addressed. > If you have received this E-mail in error please notify the > Administrator by E-mail ([EMAIL PROTECTED]). > Any views or opinions expressed are solely those of the > author and do not necessarily represent those of > DEK International., or its affiliates. > > This footnote signifies that this message has been > checked for viruses by MailswpUK1 > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ
RE: [ActiveDir] Mixed to Native
Always a good Guinness! -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 7:06 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Mixed to Native The worst part of the mixed to native mode conversion is picking which refreshing beverage you're going to enjoy when its done. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 27, 2003 5:49 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Mixed to Native > > > > Hi All, > > I've finally migrated my last remote office into my 2000 > domain. All of my NT BDCs are gone and I'm 100% 2000 on the > DCs I still have a couple offices on NT workstations. > It's been some time since I've focussed on 2000 and can't > remember if there are any gotchas with the move from mixed to native? > > I've read back through all my documentation/notes, but that > no substitute to real worl experience... Can anyone offer > some guidance? > > Thanks and BR, > > Rob > > > Robert Rutherford > MIS Department - DEK > +44 (0)1305 208232 > +44 (0)7970 122362 > > > > > > This E-mail and any files transmitted with it are in > commercial confidence and intended solely for the use of > the individual or entity to whom they are addressed. > If you have received this E-mail in error please notify the > Administrator by E-mail ([EMAIL PROTECTED]). > Any views or opinions expressed are solely those of the > author and do not necessarily represent those of > DEK International., or its affiliates. > > This footnote signifies that this message has been > checked for viruses by MailswpUK1 > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Mixed to Native
The worst part of the mixed to native mode conversion is picking which refreshing beverage you're going to enjoy when its done. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 27, 2003 5:49 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Mixed to Native > > > > Hi All, > > I've finally migrated my last remote office into my 2000 > domain. All of my NT BDCs are gone and I'm 100% 2000 on the > DCs I still have a couple offices on NT workstations. > It's been some time since I've focussed on 2000 and can't > remember if there are any gotchas with the move from mixed to native? > > I've read back through all my documentation/notes, but that > no substitute to real worl experience... Can anyone offer > some guidance? > > Thanks and BR, > > Rob > > > Robert Rutherford > MIS Department - DEK > +44 (0)1305 208232 > +44 (0)7970 122362 > > > > > > This E-mail and any files transmitted with it are in > commercial confidence and intended solely for the use of > the individual or entity to whom they are addressed. > If you have received this E-mail in error please notify the > Administrator by E-mail ([EMAIL PROTECTED]). > Any views or opinions expressed are solely those of the > author and do not necessarily represent those of > DEK International., or its affiliates. > > This footnote signifies that this message has been > checked for viruses by MailswpUK1 > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Mixed to Native
Hi All, I've finally migrated my last remote office into my 2000 domain. All of my NT BDCs are gone and I'm 100% 2000 on the DCs I still have a couple offices on NT workstations. It's been some time since I've focussed on 2000 and can't remember if there are any gotchas with the move from mixed to native? I've read back through all my documentation/notes, but that no substitute to real worl experience... Can anyone offer some guidance? Thanks and BR, Rob Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
