RE: [ActiveDir] OT: NetIQ or MOM
My experience of their support is same. This included both support with setup problems and creating custom monitoring rules. Jacqui from:Abbiss, Mark [EMAIL PROTECTED] date:Thu, 09 Oct 2003 16:25:47 to: [EMAIL PROTECTED] subject: RE: [ActiveDir] OT: NetIQ or MOM I really couldnt say. The support team in the US will be different. I have just had nothing but incredible support from the UK team. Patience of saints :-) -Original Message- From: Chris Flesher [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 9. Oktober 2003 17:19 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: NetIQ or MOM What is their support like in the US? I see they are based in the UK. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark Sent: Thursday, October 09, 2003 9:23 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: NetIQ or MOM ps. Itheon have another prodcut eQ wehich will monitor multi platform set ups. -Original Message- From: Chris Flesher [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 9. Oktober 2003 16:13 To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: NetIQ or MOM We're looking at NetIQ for monitoring our Windows/SQL stuff, as well as what it can do on Unix (Solaris, AIX). However, with Microsoft going head on into monitoring, should I be worried about the affect this will have on NetIQ in the short/long term? Which is a better product right now? Which has better cross-platform support? We are a dominantly Windows in this department, with Unix in there as well. Thank you for any info you may have. Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] AD delegation white paper
Have come back to the list after a while away - the paper on AD delegation from MS looks to be of some good value - is this published yet ?? GT List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD delegation white paper
Not yet, I think it is a month out... Just my guess. Kevin -Original Message- From: Graham Turner [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 6:02 PM To: [EMAIL PROTECTED] Have come back to the list after a while away - the paper on AD delegation from MS looks to be of some good value - is this published yet ?? GT List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Group Policy
Title: Group Policy People Can anyone point me in the right direction, I changed the domain group policy to enforce password changes on the users, I have since removed the changes to the policy. However I now have a situation where not even the administrator can change a password. It complains that the password doesn't meet the minimum requirements, even though all of the requirements have been removed. My intention was to make everyone change passwords across the Domain and then create individual OU policies once I had a clean start point. Any suggestions on a fix will be welcome. Regards John Slack (VisionLogistics IT Support) Mailto:[EMAIL PROTECTED] www.visionlogistics.com/uk Tel: +44 1782 652200 Fax: +44 1782 652266
RE: [ActiveDir] Group Policy
Title: Message Two things. First, you can't enforce different password policies on different OUs - so don't even plan on it. Second, the only time I've seen that is with a user logged onto a downlevel client (most often 9x), trying to change from a non-complex password which was in place prior to the complexity being enabled. Only fix I found for that was an admin changing the password to one which met the complexity requirements then having the user log in with that password and change to a new one. In other words - its not the new password, its the old one, which is being tested for complexity - which doesn't make sense, but that's apparently what's happening. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: John Slack [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2003 10:20 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Group Policy People Can anyone point me in the right direction, I changed the domain group policy to enforce password changes on the users, I have since removed the changes to the policy. However I now have a situation where not even the administrator can change a password. It complains that the password doesn't meet the minimum requirements, even though all of the requirements have been removed. My intention was to make everyone change passwords across the Domain and then create individual OU policies once I had a clean start point. Any suggestions on a fix will be welcome. Regards John Slack (VisionLogistics IT Support) Mailto:[EMAIL PROTECTED] www.visionlogistics.com/uk Tel: +44 1782 652200 Fax: +44 1782 652266
RE: [ActiveDir] AD delegation white paper
I talked to the PM involved last week, and he indicated a couple of weeks. Grain-of-salt-rules apply. -gil Gil Kirkpatrick CTO, NetPro -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2003 6:33 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD delegation white paper Not yet, I think it is a month out... Just my guess. Kevin -Original Message- From: Graham Turner [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 6:02 PM To: [EMAIL PROTECTED] Have come back to the list after a while away - the paper on AD delegation from MS looks to be of some good value - is this published yet ?? GT List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SMS Server 2003: AD schema extensions
Amen to that - full disclosure on the content of schema extensions is a must. BTW, Robbie, my copy of the Tuna book showed up from Amazon yesterday - Having read the chattter on the list, I preordered it awhile ago. After all the praise and anticipation on this list, it wasn't exactly what I expectedit was EVEN BETTER. This is exactly the kind of practical, logically organized info I wish I'd had 3+ years ago. Like your Cat book, it's a must-have. Well Done! For those of you that have not yet seen the book, much of it is organized in the format of Problem/Solution/Discussion/Reference. For each problem, it shows you how to solve it via the GUI, via the command line, AND via scripting. Very nice. http://www.amazon.com/exec/obidos/tg/detail/-/0596004648/ Dave -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 8:49 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] SMS Server 2003: AD schema extensions The MS SFU 3.0 team also refused to provide LDIF files for their schema extensions. Microsoft really needs to set the example here. Most people are worried enough about extending the schema and when you can't even get the LDIF files it only exacerbates the situation. Robbie Allen http://www.rallenhome.com/ -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 7:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SMS Server 2003: AD schema extensions Thanks Guido. This is good info. I like the idea of having the LDIF files available for testing schema updates outside the application itself. As Robbie Allen has pointed out in various books, articles and forums, LDIF files provide a useful self-documenting method of keeping track of your schema changes. It struck me as odd that the LDIF files for SMS 2003 are not available. I know it's not in RTM yet, but I'm guessing the schema definitions have been finalised for some time now. I would prefer to see a consistent approach across all Microsoft products for schema changes. ISA Server, for example, provides the ldif files on the CD. Tony -- Original Message -- From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 9 Oct 2003 11:46:01 +0200 Tony, I don't have an LDIF file, but here are some details on the schema extensions as reported from the SMS2003 'Extadsch.exe' utility: Defined attribute cn=MS-SMS-Site-Code. Defined attribute cn=mS-SMS-Assignment-Site-Code. Defined attribute cn=MS-SMS-Site-Boundaries. Defined attribute cn=MS-SMS-Roaming-Boundaries. Defined attribute cn=MS-SMS-Default-MP. Defined attribute cn=mS-SMS-Device-Management-Point. Defined attribute cn=MS-SMS-MP-Name. Defined attribute cn=MS-SMS-MP-Address. Defined attribute cn=MS-SMS-Ranged-IP-Low. Defined attribute cn=MS-SMS-Ranged-IP-High. Defined class cn=MS-SMS-Management-Point. Defined class cn=MS-SMS-Server-Locator-Point. Defined class cn=MS-SMS-Site. Defined class cn=MS-SMS-Roaming-Boundary-Range. Note that most of the attributes are replicated to the GC... Also realize, that if you are absolutely against extending the Schema for SMS - the extensions are not a must for SMS 2003 to function. However, if the schema is not extended, it will be necessary to use WINS to enable resolution of MPs and SLPs (and I'd rather get away from any WINS dependencies if I can). Also, SMS Advanced Security requires to extend the schema - I haven't looked at this feature yet, so I'm not really sure what it means. /Guido -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Montag, 6. Oktober 2003 10:55 To: [EMAIL PROTECTED] Subject: [ActiveDir] SMS Server 2003: AD schema extensions Does anyone have the ldif files for the SMS Server 2003 schema extensions? I realise it's early days, but I can't find any detailed documentation on what the schema update does. Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive:
RE: [ActiveDir] SMS Server 2003: AD schema extensions
Hear hear! ...the very first day with my copy I started with one of Robbie's recipes and managed to fill in a list of a couple hundred subnets that I would have otherwise had to enter manually into ADSS. Great job, RA By the way, the script is on Clarence Washington's scripting site http://cwashington.netreach.net. If you have a bunch of subnets to create, feel free to use it, improve it, etc... mc -Original Message- From: Fugleberg, David A [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2003 3:32 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SMS Server 2003: AD schema extensions Amen to that - full disclosure on the content of schema extensions is a must. BTW, Robbie, my copy of the Tuna book showed up from Amazon yesterday - Having read the chattter on the list, I preordered it awhile ago. After all the praise and anticipation on this list, it wasn't exactly what I expectedit was EVEN BETTER. This is exactly the kind of practical, logically organized info I wish I'd had 3+ years ago. Like your Cat book, it's a must-have. Well Done! For those of you that have not yet seen the book, much of it is organized in the format of Problem/Solution/Discussion/Reference. For each problem, it shows you how to solve it via the GUI, via the command line, AND via scripting. Very nice. http://www.amazon.com/exec/obidos/tg/detail/-/0596004648/ Dave -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 8:49 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] SMS Server 2003: AD schema extensions The MS SFU 3.0 team also refused to provide LDIF files for their schema extensions. Microsoft really needs to set the example here. Most people are worried enough about extending the schema and when you can't even get the LDIF files it only exacerbates the situation. Robbie Allen http://www.rallenhome.com/ -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 7:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SMS Server 2003: AD schema extensions Thanks Guido. This is good info. I like the idea of having the LDIF files available for testing schema updates outside the application itself. As Robbie Allen has pointed out in various books, articles and forums, LDIF files provide a useful self-documenting method of keeping track of your schema changes. It struck me as odd that the LDIF files for SMS 2003 are not available. I know it's not in RTM yet, but I'm guessing the schema definitions have been finalised for some time now. I would prefer to see a consistent approach across all Microsoft products for schema changes. ISA Server, for example, provides the ldif files on the CD. Tony -- Original Message -- From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 9 Oct 2003 11:46:01 +0200 Tony, I don't have an LDIF file, but here are some details on the schema extensions as reported from the SMS2003 'Extadsch.exe' utility: Defined attribute cn=MS-SMS-Site-Code. Defined attribute cn=mS-SMS-Assignment-Site-Code. Defined attribute cn=MS-SMS-Site-Boundaries. Defined attribute cn=MS-SMS-Roaming-Boundaries. Defined attribute cn=MS-SMS-Default-MP. Defined attribute cn=mS-SMS-Device-Management-Point. Defined attribute cn=MS-SMS-MP-Name. Defined attribute cn=MS-SMS-MP-Address. Defined attribute cn=MS-SMS-Ranged-IP-Low. Defined attribute cn=MS-SMS-Ranged-IP-High. Defined class cn=MS-SMS-Management-Point. Defined class cn=MS-SMS-Server-Locator-Point. Defined class cn=MS-SMS-Site. Defined class cn=MS-SMS-Roaming-Boundary-Range. Note that most of the attributes are replicated to the GC... Also realize, that if you are absolutely against extending the Schema for SMS - the extensions are not a must for SMS 2003 to function. However, if the schema is not extended, it will be necessary to use WINS to enable resolution of MPs and SLPs (and I'd rather get away from any WINS dependencies if I can). Also, SMS Advanced Security requires to extend the schema - I haven't looked at this feature yet, so I'm not really sure what it means. /Guido -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Montag, 6. Oktober 2003 10:55 To: [EMAIL PROTECTED] Subject: [ActiveDir] SMS Server 2003: AD schema extensions Does anyone have the ldif files for the SMS Server 2003 schema extensions? I realise it's early days, but I can't find any detailed documentation on what the schema update does. Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List
[ActiveDir] Renaming a User
Title: [ActiveDir] Renaming a User Hello everyone, When I create a new user in Active Directory its name becomes the first name (space) last name. I would like to configure it so that it automatically generates the name as being the combination of the first initial, middle initial and the first six letters of the last name. I can rename the user. It has no impact on AD. I am trying to do this due to another application that needs to synchronize with AD and it is not capable of having spaces in the name. I used to set up User Manager to do this for me, but I am at a loss for setting it up in AD. Thank you in advance for any help offered. Vince Campbell ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.