RE: [ActiveDir] OT? - You guys rock
It is really cool. Todd, this may be a sign that you need to get out more :-) -- Original Message -- From: Myrick, Todd (NIH/CIT) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 23 Oct 2003 17:54:47 -0400 Sure, Small, medium or Large. Also BTW. Go on over to Aelita's website and click around. They have a promo to get a t-shirt that says Master of My Active Directory. It is really cool. My whole team got them today. Todd Myrick -Original Message- From: Daniel Gilbert [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 2:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT? - You guys rock So, you are saying he gets a Puck? Original Message Subject: RE: [ActiveDir] OT? - You guys rock From: Myrick, Todd (NIH/CIT) [EMAIL PROTECTED] Date: Thu, October 23, 2003 11:07 am To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Check is in the mail Yusuf. :P Thanks for the kind words, I appreciate it. Especially being compared to Joe, Rick, Robbie and Gil. Todd Myrick -Original Message- From: Mayet, Yusuf Y [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 12:12 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT? - You guys rock I agree Al that the contributions from the likes of Joe, Rick, Robbie,Todd, Gil .and and (that's the rest of the folks I haven't mentioned) have all been well appreciated. And over these past years you guys have been my inspiration and thus wanting to excel myself all of the time Presently I am at the age of 24 with only a handful of years of experience and I have learnt so much and so much more to learn from all of you. With me being located at the edge of Africa I am hoping at one time I would have the opportunity to rub shoulders with you guys sometime or the other. Thanks again guys yusuf __ __ __ For information about the Standard Bank group visit our web site www.standardbank.co.za http://www.standardbank.co.za __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] FSMO role holding DC's
Hm ... That could have been one of the ideas behind this feature. However, it seems to be a rather nasty feature, especially in AD environment that contain firewalls that separate the schema master from Exchange boxes. (I know, I know ... Firewalls WITHIN a AD environment?). There is a KB article on this issue (280178). Reading this article I get the feeling that every Exchange installation tries to UPDATE the schema (that's an interesting way of verifying the schema, isn't it?). I would prefer a Exchange installation to check the schema on a random DC. I think that the failure of an Exchange installation is one of your last worries when you're running an environment in which DCs do not replicate for weeks ;-) ... I know Microsoft has confirmed this to be a problem. But I'm not aware of the current status and plans on fixing this issue (for example by making it customizable whether or not you want this check to happen on the Schema Master). Anybody ... Anybody at all? John -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: vrijdag 24 oktober 2003 9:19 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] FSMO role holding DC's Just a thought John. Could the restriction be in place to avoid problems in cases where the E2K installation is made on a DC that has not yet received the replication changes arising from a schema update? For example, if a DC in a remote site has had replication problems and has not received updates for a week or so. Tony -- Original Message -- From: John Reijnders [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 23 Oct 2003 08:13:00 +0200 As an addition to the previous mails I would like to point out a particular issue with the schema master. The installation of an Exchange 2000 server explicitely needs to contact the DC holding the schema master. The reason for this contact is to check whether or not the schema is updated with the Exchange extensions. I consider this to be a bug because every single DC in the forests holds the Schema partition and should therefor be able to verify whether or not the Schema has been updated. This wasn't solved a couple of months ago. Mayby MS will solve it in a next Service Pack of Exchange, but untill then ... Make sure that every Exchange box can contact the Schema Master! Cheers! John Reijnders -Original Message- From: Abbiss, Mark [mailto:[EMAIL PROTECTED] Sent: maandag 20 oktober 2003 11:58 To: '[EMAIL PROTECTED]' Subject: [ActiveDir] FSMO role holding DC's I have nudged this issue in an earlier post but would like to ask again for confirmation from the collective genius contained in this list. Do all DC's in a domain HAVE to have a direct connection to the FSMO role holding machines or is there a way of proxying these roles ? What are some of the likely major implications of maintaining a DC without access to FSMO role holders ? The DC in question is replicating with other DC's, so has all objects but just doenst have any connection to the FSMO role holders. Any thoughts ? Many thanks List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] documenting servers
Just to let you know the Sourceforge site for the Windows Server Documentation Project has been approved. Mail me off list and I will set everyone up on it. Look forward to hearing from ya :) -Original Message- From: Oliver Marshall Sent: 23 October 2003 09:09 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Almost an identical situation here. I would also like to know that, as I am the only one of me here, I could have some documentation that would help contractors get up to speed on the network. Some day I want a holiday, with my mobile phone, or my net connection, and then we need to get a contractor, and the firm CERTAINLY wont pay for him to start a few weeks before I leave to get up to speed!!! I have registered the Windows Server Documentation Project with Sourceforge, and I will hear if they will set it up in the next few days. If those of you are interested want to mail me (each other) off list, then perhaps we will be able to see what happens (???) Look forward to hearing from you. Olly -Original Message- From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: 22 October 2003 17:50 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers I have multiple goals for my server docs, although DR is definitely the most important to me. The more servers we get, the more I need a way to quickly tell how much disk, how much RAM, what patch levels, what apps are running, IIS or not, what services running under what credentials, blah blah blah Is others have said, there are many ways to get at the information, but it would be nice to kick off a script and have it return what I want whenever. Management seems to think having a binder with server documentation in it as each new box gets built is sufficient. I contend it changes too often and would like something more dynamic. Maybe a scheduled polling event that writes to a database would be best. I've already started, thanks to Robbie's cookbook and Matthew Lavy's WMI Scripting, and would be happy to participate in a more global project... mc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Sort a Query with more 10000
Hi I have a Windows 2003 Active Directory and I have a OU with 10 objects, and I have a query with ASP. The problem is that when I like to present the query descending by fechaUpload (for example), Active doesn't order it. The code is the following one: oCommand.properties(size limit)=100 oCommand.properties(sort on)= fechaUpload LDAPQuery=LDAP://10.100.111.28/OU=documentos,DC=aspdocxier,DC=i2000,DC=es oCommand.CommandText=select familia, categoria, subcategoria, fechaupload, numVersiondoc, pathFTP from ' LDAPQuery ' where objectClass='doc' and familia='scanx' Thanks. Raul.
[ActiveDir] Active Directory Cookbook
Received my very own copy of Mr. Robbie Allen's "Tuna" book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou
Re: [ActiveDir] Sort a Query with more 10000
Raul Is the leading space character in fechaUpload you have below also in your actual code? This might explain it. oCommand.properties(sort on)= fechaUpload Tony -- Original Message -- From: Raul Martínez [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 24 Oct 2003 15:21:46 +0200 Hi I have a Windows 2003 Active Directory and I have a OU with 10 objects, and I have a query with ASP. The problem is that when I like to present the query descending by fechaUpload (for example), Active doesn't order it. The code is the following one: oCommand.properties(size limit)=100 oCommand.properties(sort on)= fechaUpload LDAPQuery= ldap://10.100.111.28/OU=documentos,DC=aspdocxier,DC=i2000,DC=es LDAP://10.100.111.28/OU=documentos,DC=aspdocxier,DC=i2000,DC=es; oCommand.CommandText=select familia, categoria, subcategoria, fechaupload, numVersiondoc, pathFTP from ' LDAPQuery ' where objectClass='doc' and familia='scanx' Thanks. Raul. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] W2K DC's to W2K3
After upgrading our DCs to 2003 (actually rebuilds) everything is running smoothly EXCEPT for win95. (Possibly 98 also) I know that they are no longer supported, and havent been for some time, but we are a University. We do have a deadline of Jan 1 that all 9x machines be gone. But until then we have to deal with their problems, saying they are no longer supported just doesnt cut it. The problem I am dealing with first showed up through Ghost boot disks using DOS getting access denied errors. We have given the campus a work around for this but in further testing it seems that from a 95 client (98 NT4 havent been tested yet) you cannot do a net view to the 2003 DCs but can to our 2 remaining 2000 DCs in a remote site. Does 2003 handle NET API commands differently? After extensive research we have only found and tried a few things, one being enabling anonymous LDAP access (straight from TUNA Cookbook) good book by the way. And also enabled the security setting of Network access: Let Everyone permissions apply to anonymous users. It appears that neither change has helped, any ideas would be appreciated. Paul Simpsen Windows ServerAdministrator Enterprise Systems, IT University of Oklahoma HSC 405.271.2262 ext 50230 Fax: 405.271.2181 CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please destroy all copies of this communication and any attachments.
RE: [ActiveDir] W2K DC's to W2K3
The upgrade to W2003enforces 2 policies (previously not enforced). Disabling them and thereby weakening your security(but hey ... it might get your users back to work) in the Default Domain Controllers Policy might do the job for you: Microsoft Network Server: Digitally sign communications (always)Domain Member: Digitally encrypt or sign secure channel data (always) Another thing that might help you is installing the DSClient on the W95/98 clients (ask for the newest at MS Support because the one available at the web had some bugs in it!). Cheers! John From: Simpsen, Paul A. (HSC) [mailto:[EMAIL PROTECTED] Sent: vrijdag 24 oktober 2003 16:08To: [EMAIL PROTECTED]Subject: [ActiveDir] W2K DC's to W2K3 After upgrading our DCs to 2003 (actually rebuilds) everything is running smoothly EXCEPT for win95. (Possibly 98 also) I know that they are no longer supported, and havent been for some time, but we are a University. We do have a deadline of Jan 1 that all 9x machines be gone. But until then we have to deal with their problems, saying they are no longer supported just doesnt cut it. The problem I am dealing with first showed up through Ghost boot disks using DOS getting access denied errors. We have given the campus a work around for this but in further testing it seems that from a 95 client (98 NT4 havent been tested yet) you cannot do a net view to the 2003 DCs but can to our 2 remaining 2000 DCs in a remote site. Does 2003 handle NET API commands differently? After extensive research we have only found and tried a few things, one being enabling anonymous LDAP access (straight from TUNA Cookbook) good book by the way. And also enabled the security setting of Network access: Let Everyone permissions apply to anonymous users. It appears that neither change has helped, any ideas would be appreciated. Paul Simpsen Windows ServerAdministrator Enterprise Systems, IT University of Oklahoma HSC 405.271.2262 ext 50230 Fax: 405.271.2181 CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please destroy all copies of this communication and any attachments.
RE: [ActiveDir] OT? - You guys rock
Me too then because I read that and thought Cool as well But then I have thought for some time now (at least since May or maybe April) that I needed to get out and experience more. Not sure if that is because I have been stuck in E2K really deep for that time or it is something else. But all that runs through my mind anymore is flying down to cozumel or cancun for a weekend or week getaway and looking at a tattoo or two... But first, I'm getting that cool shirt! Also, thanks for the thanks on the help or whatever it is you get out of whatever it is I do, usually people just say I give them a full inbox. :op Since Gil has been my idol since I read his AD Programming book I am thrilled to be lumped with him when kudos are passed around even though he never gave me a chicken. Bawk bawk. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Friday, October 24, 2003 3:31 AM To: [EMAIL PROTECTED] It is really cool. Todd, this may be a sign that you need to get out more :-) -- Original Message -- From: Myrick, Todd (NIH/CIT) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 23 Oct 2003 17:54:47 -0400 Sure, Small, medium or Large. Also BTW. Go on over to Aelita's website and click around. They have a promo to get a t-shirt that says Master of My Active Directory. It is really cool. My whole team got them today. Todd Myrick -Original Message- From: Daniel Gilbert [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 2:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT? - You guys rock So, you are saying he gets a Puck? Original Message Subject: RE: [ActiveDir] OT? - You guys rock From: Myrick, Todd (NIH/CIT) [EMAIL PROTECTED] Date: Thu, October 23, 2003 11:07 am To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Check is in the mail Yusuf. :P Thanks for the kind words, I appreciate it. Especially being compared to Joe, Rick, Robbie and Gil. Todd Myrick -Original Message- From: Mayet, Yusuf Y [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 12:12 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT? - You guys rock I agree Al that the contributions from the likes of Joe, Rick, Robbie,Todd, Gil .and and (that's the rest of the folks I haven't mentioned) have all been well appreciated. And over these past years you guys have been my inspiration and thus wanting to excel myself all of the time Presently I am at the age of 24 with only a handful of years of experience and I have learnt so much and so much more to learn from all of you. With me being located at the edge of Africa I am hoping at one time I would have the opportunity to rub shoulders with you guys sometime or the other. Thanks again guys yusuf __ __ __ For information about the Standard Bank group visit our web site www.standardbank.co.za http://www.standardbank.co.za __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Cookbook
Do you have the ISBN number? Sounds perfect. Olly -Original Message- From: Lou Vega [mailto:[EMAIL PROTECTED] Sent: 24 October 2003 14:38 To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Cookbook
Active Directory Cookbook for Windows Server 2003 and Windows 2000 by Robbie Allen Publisher: O'Reilly Associates; (September 23, 2003) ISBN: 0596004648 Just ordered it myself. :) -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 9:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Cookbook Do you have the ISBN number? Sounds perfect. Olly -Original Message- From: Lou Vega [mailto:[EMAIL PROTECTED] Sent: 24 October 2003 14:38 To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Confidentiality Notice: The information included in this e-mail and any attachment is intended only for the personal and confidential use of the individual or entity to which they are addressed. This message, including attachments, may contain privileged and confidential communications. If you as the reader are not the intended recipient, you are hereby notified that you have received this communication in error and that any retention, review, use or distribution of this communication or the information contained in it is strictly prohibited. If you received this e-mail in error, destroy it immediately and please notify the sender of this message. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Cookbook
ISBN- 0-596-00464-8 Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Oliver Marshall [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Cookbook tivedir.org 24/10/2003 15:42 Please respond to ActiveDir Do you have the ISBN number? Sounds perfect. Olly -Original Message- From: Lou Vega [mailto:[EMAIL PROTECTED] Sent: 24 October 2003 14:38 To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] W2K DC's to W2K3
Digitally signed is not enabled and digitally encrypt is set to when possible. And I should have stated in my original email that the DSclient is installed but it might not be the newest one. I did get the new one from MS 3 weeks ago, and posted the location to campus, but Im not sure if it has been installed. I will check. Thanks for the reply! Paul From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Reijnders Sent: Friday, October 24, 2003 9:22 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] W2K DC's to W2K3 The upgrade to W2003enforces 2 policies (previously not enforced). Disabling them and thereby weakening your security(but hey ... it might get your users back to work) in the Default Domain Controllers Policy might do the job for you: Microsoft Network Server: Digitally sign communications (always) Domain Member: Digitally encrypt or sign secure channel data (always) Another thing that might help you is installing the DSClient on the W95/98 clients (ask for the newest at MS Support because the one available at the web had some bugs in it!). Cheers! John From: Simpsen, Paul A. (HSC) [mailto:[EMAIL PROTECTED] Sent: vrijdag 24 oktober 2003 16:08 To: [EMAIL PROTECTED] Subject: [ActiveDir] W2K DC's to W2K3 After upgrading our DCs to 2003 (actually rebuilds) everything is running smoothly EXCEPT for win95. (Possibly 98 also) I know that they are no longer supported, and havent been for some time, but we are a University. We do have a deadline of Jan 1 that all 9x machines be gone. But until then we have to deal with their problems, saying they are no longer supported just doesnt cut it. The problem I am dealing with first showed up through Ghost boot disks using DOS getting access denied errors. We have given the campus a work around for this but in further testing it seems that from a 95 client (98 NT4 havent been tested yet) you cannot do a net view to the 2003 DCs but can to our 2 remaining 2000 DCs in a remote site. Does 2003 handle NET API commands differently? After extensive research we have only found and tried a few things, one being enabling anonymous LDAP access (straight from TUNA Cookbook) good book by the way. And also enabled the security setting of Network access: Let Everyone permissions apply to anonymous users. It appears that neither change has helped, any ideas would be appreciated. Paul Simpsen Windows ServerAdministrator Enterprise Systems, IT University of Oklahoma HSC 405.271.2262 ext 50230 Fax: 405.271.2181 CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please destroy all copies of this communication and any attachments.
RE: [ActiveDir] Active Directory Cookbook
0-596-00464-8 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall Sent: Friday, October 24, 2003 9:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Cookbook Do you have the ISBN number? Sounds perfect. Olly -Original Message- From: Lou Vega [mailto:[EMAIL PROTECTED] Sent: 24 October 2003 14:38 To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] AD2.0 info sources
(that's an old english saying, might be somewhat stronger in other languages!!) :) I have to write an article on AD 2.0 under Windows 2003 server. Thing is, its been given to me at very short notice, and I needesome inspiration and some information. Does anyone know of a site (other than MS) where I can get some inspiration and info for my article ? Olly List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] W2K DC's to W2K3
I guess I should have started my research with this list instead of ending here.I found the earlier posts from 2 weeks ago about 2003 and 9x clients. I will make sure that the new DSClient IS installed and go from there. I actually saw them at the time. But give me a break, my memory is what were we talking about. BAD! Thanks! Paul From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simpsen, Paul A. (HSC) Sent: Friday, October 24, 2003 9:08 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] W2K DC's to W2K3 After upgrading our DCs to 2003 (actually rebuilds) everything is running smoothly EXCEPT for win95. (Possibly 98 also) I know that they are no longer supported, and havent been for some time, but we are a University. We do have a deadline of Jan 1 that all 9x machines be gone. But until then we have to deal with their problems, saying they are no longer supported just doesnt cut it. The problem I am dealing with first showed up through Ghost boot disks using DOS getting access denied errors. We have given the campus a work around for this but in further testing it seems that from a 95 client (98 NT4 havent been tested yet) you cannot do a net view to the 2003 DCs but can to our 2 remaining 2000 DCs in a remote site. Does 2003 handle NET API commands differently? After extensive research we have only found and tried a few things, one being enabling anonymous LDAP access (straight from TUNA Cookbook) good book by the way. And also enabled the security setting of Network access: Let Everyone permissions apply to anonymous users. It appears that neither change has helped, any ideas would be appreciated. Paul Simpsen Windows ServerAdministrator Enterprise Systems, IT University of Oklahoma HSC 405.271.2262 ext 50230 Fax: 405.271.2181 CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please destroy all copies of this communication and any attachments.
RE: [ActiveDir] AD2.0 info sources
How is your Dutch ;-)? I've writte numerous articles on this topic for European magazines (Windows .Net Magazine dutch version). Feel free to ask for them if you're interested. If the short notice is too short to take a language course in Dutch you might find some inspiration on the O'Reilly site. There's some cool stuff there. Cheers! John -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: vrijdag 24 oktober 2003 16:55 To: [EMAIL PROTECTED] Subject: [ActiveDir] AD2.0 info sources (that's an old english saying, might be somewhat stronger in other languages!!) :) I have to write an article on AD 2.0 under Windows 2003 server. Thing is, its been given to me at very short notice, and I needesome inspiration and some information. Does anyone know of a site (other than MS) where I can get some inspiration and info for my article ? Olly List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Active Directory Cookbook
Agreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCT Analyst I - Web Services ITOS - Systems Enablement Maritime Life Assurance Company (902) 453-7300 x3456 Lou Vega [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To:[EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou
RE: [ActiveDir] AD2.0 info sources
Thanks John, Though I cant speak/read dutch, I would like to have a look at any you have there relating to 2003. Perhaps I could run some through Babelfish Ta Olly -Original Message- From: John Reijnders [mailto:[EMAIL PROTECTED] Sent: 24 October 2003 16:32 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD2.0 info sources How is your Dutch ;-)? I've writte numerous articles on this topic for European magazines (Windows .Net Magazine dutch version). Feel free to ask for them if you're interested. If the short notice is too short to take a language course in Dutch you might find some inspiration on the O'Reilly site. There's some cool stuff there. Cheers! John -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: vrijdag 24 oktober 2003 16:55 To: [EMAIL PROTECTED] Subject: [ActiveDir] AD2.0 info sources (that's an old english saying, might be somewhat stronger in other languages!!) :) I have to write an article on AD 2.0 under Windows 2003 server. Thing is, its been given to me at very short notice, and I needesome inspiration and some information. Does anyone know of a site (other than MS) where I can get some inspiration and info for my article ? Olly List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] DNS and CPU Usage
Hi all, I am trying to understand what is happening in the background processon a DNS server after configuring a Delegated Zone. Here is the DNS and AD (Windows 2000) DC setup ABC.COM (Top Level Domain) DNS1 DNS2 ABC.COM ADI XYZ1.ABC.COM-Delegated XYZ2.ABC.COM-Delegated XYZ3.ABC.COM-Delegated 10.X.X.X-ADI Child Domains XYZ1.ABC.COM XYZ2.ABC.COM XYZ3.ABC.COM DNS3 DNS4 DNS5 DNS6 DNS7 DNS8 XYZ1.ABC.COM-ADI XYZ2.ABC.COM-ADI XYZ3.ABC.COM-ADI ABC.COM-Secondary ABC.COM-Secondary ABC.COM-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary Configured 3 Delegated Zones on DNS1 and DNS2 servers. Everything looks good. Zone. After one hour I noticed that DNS1DNS2 servers are not responding to any DNS queries. Task Manger was showing DNS.EXE is using 500MB of memory and CPU utilization was above 60%. Has anyone seen this problem before? Secure Dynamic Update is enabled on both DNS servers. Any ideas, thoughts or comments? Any input would be really appreciated Santhosh
RE: [ActiveDir] DNS and CPU Usage
Title: Message More information on the setup? Forwarders etc are configured how? Event log is saying what? 60% doesn't seem so bad from a process standpoint, but it should still be answering. Are these large zones? Assuming the latest software on the 2000 DNS servers. -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:01 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] DNS and CPU Usage Hi all, I am trying to understand what is happening in the background processon a DNS server after configuring a Delegated Zone. Here is the DNS and AD (Windows 2000) DC setup ABC.COM (Top Level Domain) DNS1 DNS2 ABC.COM -ADI XYZ1.ABC.COM-Delegated XYZ2.ABC.COM-Delegated XYZ3.ABC.COM-Delegated 10.X.X.X-ADI Child Domains XYZ1.ABC.COM XYZ2.ABC.COM XYZ3.ABC.COM DNS3 DNS4 DNS5 DNS6 DNS7 DNS8 XYZ1.ABC.COM-ADI XYZ2.ABC.COM-ADI XYZ3.ABC.COM-ADI ABC.COM-Secondary ABC.COM-Secondary ABC.COM-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary Configured 3 Delegated Zones on DNS1 and DNS2 servers. Everything looks good. Zone. After one hour I noticed that DNS1DNS2 servers are not responding to any DNS queries. Task Manger was showing DNS.EXE is using 500MB of memory and CPU utilization was above 60%. Has anyone seen this problem before? Secure Dynamic Update is enabled on both DNS servers. Any ideas, thoughts or comments? Any input would be really appreciated Santhosh
RE: [ActiveDir] DNS and CPU Usage
Title: Message Forwarders: Child DNS servers are forwarding to top level DNS server. Top level DNS server is forwarding to ISP It is a large DNS Zone but there is no Zone transfer because it is a Delegated Zone. I havent seen any useful info in Eventlog other than DNS timeout errors and not responding error messages. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, October 24, 2003 11:19 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS and CPU Usage More information on the setup? Forwarders etc are configured how? Event log is saying what? 60% doesn't seem so bad from a process standpoint, but it should still be answering. Are these large zones? Assuming the latest software on the 2000 DNS servers. -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:01 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS and CPU Usage Hi all, I am trying to understand what is happening in the background processon a DNS server after configuring a Delegated Zone. Here is the DNS and AD (Windows 2000) DC setup ABC.COM (Top Level Domain) DNS1 DNS2 ABC.COM -ADI XYZ1.ABC.COM-Delegated XYZ2.ABC.COM-Delegated XYZ3.ABC.COM-Delegated 10.X.X.X-ADI Child Domains XYZ1.ABC.COM XYZ2.ABC.COM XYZ3.ABC.COM DNS3 DNS4 DNS5 DNS6 DNS7 DNS8 XYZ1.ABC.COM-ADI XYZ2.ABC.COM-ADI XYZ3.ABC.COM-ADI ABC.COM-Secondary ABC.COM-Secondary ABC.COM-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary Configured 3 Delegated Zones on DNS1 and DNS2 servers. Everything looks good. Zone. After one hour I noticed that DNS1DNS2 servers are not responding to any DNS queries. Task Manger was showing DNS.EXE is using 500MB of memory and CPU utilization was above 60%. Has anyone seen this problem before? Secure Dynamic Update is enabled on both DNS servers. Any ideas, thoughts or comments? Any input would be really appreciated Santhosh
RE: [ActiveDir] Active Directory Cookbook
Title: Message Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a referencethat would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's whyI thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book andany corrections: http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AMTo: [EMAIL PROTECTED]Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: [ActiveDir] Active Directory CookbookAgreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCTAnalyst I - Web Services ITOS - Systems EnablementMaritime Life Assurance Company(902) 453-7300 x3456 "Lou Vega" [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To: [EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory CookbookReceived my very own copy of Mr. Robbie Allen's "Tuna" book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou
RE: [ActiveDir] Active Directory Cookbook
Ordered it second hand... not a book I would give up it is a good quick book to refer to. And who read it memorized it and sold it back already, how exactly does that work G... -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:06 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Cookbook Just ordered it second hand from amazon (great feature) thanks for the tip. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 24 October 2003 15:52 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Cookbook ISBN- 0-596-00464-8 Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Oliver Marshall [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Cookbook tivedir.org 24/10/2003 15:42 Please respond to ActiveDir Do you have the ISBN number? Sounds perfect. Olly -Original Message- From: Lou Vega [mailto:[EMAIL PROTECTED] Sent: 24 October 2003 14:38 To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Cookbook
Title: Message I just ordered your book and can't wait to have it in my technical library. Ron -Original Message-From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:43 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Active Directory Cookbook Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a referencethat would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's whyI thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book andany corrections: http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AMTo: [EMAIL PROTECTED]Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: [ActiveDir] Active Directory CookbookAgreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCTAnalyst I - Web Services ITOS - Systems EnablementMaritime Life Assurance Company(902) 453-7300 x3456 "Lou Vega" [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To: [EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory CookbookReceived my very own copy of Mr. Robbie Allen's "Tuna" book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou �
RE: [ActiveDir] DNS and CPU Usage
Title: Message Not responding to what? Client requests right? Can you post that event entry? Any AV on these servers? They are up to date as well right? -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:35 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS and CPU Usage Forwarders: Child DNS servers are forwarding to top level DNS server. Top level DNS server is forwarding to ISP It is a large DNS Zone but there is no Zone transfer because it is a Delegated Zone. I haven't seen any useful info in Eventlog other than DNS timeout errors and not responding error messages. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Friday, October 24, 2003 11:19 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] DNS and CPU Usage More information on the setup? Forwarders etc are configured how? Event log is saying what? 60% doesn't seem so bad from a process standpoint, but it should still be answering. Are these large zones? Assuming the latest software on the 2000 DNS servers. -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:01 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] DNS and CPU Usage Hi all, I am trying to understand what is happening in the background processon a DNS server after configuring a Delegated Zone. Here is the DNS and AD (Windows 2000) DC setup ABC.COM (Top Level Domain) DNS1 DNS2 ABC.COM -ADI XYZ1.ABC.COM-Delegated XYZ2.ABC.COM-Delegated XYZ3.ABC.COM-Delegated 10.X.X.X-ADI Child Domains XYZ1.ABC.COM XYZ2.ABC.COM XYZ3.ABC.COM DNS3 DNS4 DNS5 DNS6 DNS7 DNS8 XYZ1.ABC.COM-ADI XYZ2.ABC.COM-ADI XYZ3.ABC.COM-ADI ABC.COM-Secondary ABC.COM-Secondary ABC.COM-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary Configured 3 Delegated Zones on DNS1 and DNS2 servers. Everything looks good. Zone. After one hour I noticed that DNS1DNS2 servers are not responding to any DNS queries. Task Manger was showing DNS.EXE is using 500MB of memory and CPU utilization was above 60%. Has anyone seen this problem before? Secure Dynamic Update is enabled on both DNS servers. Any ideas, thoughts or comments? Any input would be really appreciated Santhosh
RE: [ActiveDir] DNS and CPU Usage
Title: Message Yes. DNS servers are not responding to client quires. Unfortunately, I cannot post the event log entries. Any AV??? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, October 24, 2003 11:50 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS and CPU Usage Not responding to what? Client requests right? Can you post that event entry? Any AV on these servers? They are up to date as well right? -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DNS and CPU Usage Forwarders: Child DNS servers are forwarding to top level DNS server. Top level DNS server is forwarding to ISP It is a large DNS Zone but there is no Zone transfer because it is a Delegated Zone. I haven't seen any useful info in Eventlog other than DNS timeout errors and not responding error messages. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, October 24, 2003 11:19 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS and CPU Usage More information on the setup? Forwarders etc are configured how? Event log is saying what? 60% doesn't seem so bad from a process standpoint, but it should still be answering. Are these large zones? Assuming the latest software on the 2000 DNS servers. -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:01 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS and CPU Usage Hi all, I am trying to understand what is happening in the background processon a DNS server after configuring a Delegated Zone. Here is the DNS and AD (Windows 2000) DC setup ABC.COM (Top Level Domain) DNS1 DNS2 ABC.COM -ADI XYZ1.ABC.COM-Delegated XYZ2.ABC.COM-Delegated XYZ3.ABC.COM-Delegated 10.X.X.X-ADI Child Domains XYZ1.ABC.COM XYZ2.ABC.COM XYZ3.ABC.COM DNS3 DNS4 DNS5 DNS6 DNS7 DNS8 XYZ1.ABC.COM-ADI XYZ2.ABC.COM-ADI XYZ3.ABC.COM-ADI ABC.COM-Secondary ABC.COM-Secondary ABC.COM-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary Configured 3 Delegated Zones on DNS1 and DNS2 servers. Everything looks good. Zone. After one hour I noticed that DNS1DNS2 servers are not responding to any DNS queries. Task Manger was showing DNS.EXE is using 500MB of memory and CPU utilization was above 60%. Has anyone seen this problem before? Secure Dynamic Update is enabled on both DNS servers. Any ideas, thoughts or comments? Any input would be really appreciated Santhosh
RE: [ActiveDir] DNS and CPU Usage
Title: Message Anti Virus programs -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 1:04 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS and CPU Usage Yes. DNS servers are not responding to client quires. Unfortunately, I cannot post the event log entries. Any AV??? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Friday, October 24, 2003 11:50 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] DNS and CPU Usage Not responding to what? Client requests right? Can you post that event entry? Any AV on these servers? They are up to date as well right? -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:35 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS and CPU Usage Forwarders: Child DNS servers are forwarding to top level DNS server. Top level DNS server is forwarding to ISP It is a large DNS Zone but there is no Zone transfer because it is a Delegated Zone. I haven't seen any useful info in Eventlog other than DNS timeout errors and not responding error messages. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Friday, October 24, 2003 11:19 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] DNS and CPU Usage More information on the setup? Forwarders etc are configured how? Event log is saying what? 60% doesn't seem so bad from a process standpoint, but it should still be answering. Are these large zones? Assuming the latest software on the 2000 DNS servers. -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:01 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] DNS and CPU Usage Hi all, I am trying to understand what is happening in the background processon a DNS server after configuring a Delegated Zone. Here is the DNS and AD (Windows 2000) DC setup ABC.COM (Top Level Domain) DNS1 DNS2 ABC.COM -ADI XYZ1.ABC.COM-Delegated XYZ2.ABC.COM-Delegated XYZ3.ABC.COM-Delegated 10.X.X.X-ADI Child Domains XYZ1.ABC.COM XYZ2.ABC.COM XYZ3.ABC.COM DNS3 DNS4 DNS5 DNS6 DNS7 DNS8 XYZ1.ABC.COM-ADI XYZ2.ABC.COM-ADI XYZ3.ABC.COM-ADI ABC.COM-Secondary ABC.COM-Secondary ABC.COM-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary Configured 3 Delegated Zones on DNS1 and DNS2 servers. Everything looks good. Zone. After one hour I noticed that DNS1DNS2 servers are not responding to any DNS queries. Task Manger was showing DNS.EXE is using 500MB of memory and CPU utilization was above 60%. Has anyone seen this problem before? Secure Dynamic Update is enabled on both DNS servers. Any ideas, thoughts or comments? Any input would be really appreciated Santhosh
[ActiveDir] Domains in a Forest
Let's say I have adomain called DomainA.com and now my organization is talking with another organization who would like to have DomainB.com. Management at both organizations would like "pretty seamless" access to each other's resources while maintaining their own identities...i.e, DomainB does not want to be DomainB.DomainA.com. My first thoughts are to have a forest with both domains in it (Forest containing DomainA.com and DomainB.com)...but how easy/hard is that to implement when DomainA.com already exists and you need to create/add DomainB.com to the forest? I'm stepping into new territory here and would appreciate any suggestions, comments etc. concerning this. I'm researching this on the web and I know from past discussions on this list that I'm bound to learn something new here! If you need more info, let me know. r/ Lou
RE: [ActiveDir] DNS and CPU Usage
Title: Message Norton and it is up to date! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, October 24, 2003 12:11 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS and CPU Usage Anti Virus programs -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 1:04 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DNS and CPU Usage Yes. DNS servers are not responding to client quires. Unfortunately, I cannot post the event log entries. Any AV??? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, October 24, 2003 11:50 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS and CPU Usage Not responding to what? Client requests right? Can you post that event entry? Any AV on these servers? They are up to date as well right? -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DNS and CPU Usage Forwarders: Child DNS servers are forwarding to top level DNS server. Top level DNS server is forwarding to ISP It is a large DNS Zone but there is no Zone transfer because it is a Delegated Zone. I haven't seen any useful info in Eventlog other than DNS timeout errors and not responding error messages. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, October 24, 2003 11:19 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS and CPU Usage More information on the setup? Forwarders etc are configured how? Event log is saying what? 60% doesn't seem so bad from a process standpoint, but it should still be answering. Are these large zones? Assuming the latest software on the 2000 DNS servers. -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:01 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS and CPU Usage Hi all, I am trying to understand what is happening in the background processon a DNS server after configuring a Delegated Zone. Here is the DNS and AD (Windows 2000) DC setup ABC.COM (Top Level Domain) DNS1 DNS2 ABC.COM -ADI XYZ1.ABC.COM-Delegated XYZ2.ABC.COM-Delegated XYZ3.ABC.COM-Delegated 10.X.X.X-ADI Child Domains XYZ1.ABC.COM XYZ2.ABC.COM XYZ3.ABC.COM DNS3 DNS4 DNS5 DNS6 DNS7 DNS8 XYZ1.ABC.COM-ADI XYZ2.ABC.COM-ADI XYZ3.ABC.COM-ADI ABC.COM-Secondary ABC.COM-Secondary ABC.COM-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary Configured 3 Delegated Zones on DNS1 and DNS2 servers. Everything looks good. Zone. After one hour I noticed that DNS1DNS2 servers are not responding to any DNS queries. Task Manger was showing DNS.EXE is using 500MB of memory and CPU utilization was above 60%. Has anyone seen this problem before? Secure Dynamic Update is enabled on both DNS servers. Any ideas, thoughts or comments? Any input would be really appreciated Santhosh
RE: [ActiveDir] Domains in a Forest
Title: Message Well, its cake and pie, really. When setting up AD you're simply going to select the option to create a new domain in an existing forest. THe only issue will be that the two domains need to see each other via DNS - which generally means you're going to secondary each other's zones. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Lou Vega [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 1:25 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Domains in a Forest Let's say I have adomain called DomainA.com and now my organization is talking with another organization who would like to have DomainB.com. Management at both organizations would like "pretty seamless" access to each other's resources while maintaining their own identities...i.e, DomainB does not want to be DomainB.DomainA.com. My first thoughts are to have a forest with both domains in it (Forest containing DomainA.com and DomainB.com)...but how easy/hard is that to implement when DomainA.com already exists and you need to create/add DomainB.com to the forest? I'm stepping into new territory here and would appreciate any suggestions, comments etc. concerning this. I'm researching this on the web and I know from past discussions on this list that I'm bound to learn something new here! If you need more info, let me know. r/ Lou
RE: [ActiveDir] DNS and CPU Usage
Title: Message What's in the exclude list? I don't doubt it's up to date or even think you have a virus (not that it's impossible, but I'm wondering if something else is going on). -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 1:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS and CPU Usage Norton and it is up to date! -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Friday, October 24, 2003 12:11 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] DNS and CPU Usage Anti Virus programs -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 1:04 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS and CPU Usage Yes. DNS servers are not responding to client quires. Unfortunately, I cannot post the event log entries. Any AV??? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Friday, October 24, 2003 11:50 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] DNS and CPU Usage Not responding to what? Client requests right? Can you post that event entry? Any AV on these servers? They are up to date as well right? -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:35 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS and CPU Usage Forwarders: Child DNS servers are forwarding to top level DNS server. Top level DNS server is forwarding to ISP It is a large DNS Zone but there is no Zone transfer because it is a Delegated Zone. I haven't seen any useful info in Eventlog other than DNS timeout errors and not responding error messages. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Friday, October 24, 2003 11:19 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] DNS and CPU Usage More information on the setup? Forwarders etc are configured how? Event log is saying what? 60% doesn't seem so bad from a process standpoint, but it should still be answering. Are these large zones? Assuming the latest software on the 2000 DNS servers. -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:01 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] DNS and CPU Usage Hi all, I am trying to understand what is happening in the background processon a DNS server after configuring a Delegated Zone. Here is the DNS and AD (Windows 2000) DC setup ABC.COM (Top Level Domain) DNS1 DNS2 ABC.COM -ADI XYZ1.ABC.COM-Delegated XYZ2.ABC.COM-Delegated XYZ3.ABC.COM-Delegated 10.X.X.X-ADI Child Domains XYZ1.ABC.COM XYZ2.ABC.COM XYZ3.ABC.COM DNS3 DNS4 DNS5 DNS6 DNS7 DNS8 XYZ1.ABC.COM-ADI XYZ2.ABC.COM-ADI XYZ3.ABC.COM-ADI ABC.COM-Secondary ABC.COM-Secondary ABC.COM-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary 10.X.X.X-Secondary Configured 3 Delegated Zones on DNS1 and DNS2 servers. Everything looks good. Zone. After one hour I noticed that DNS1DNS2 servers are not responding to any DNS queries. Task Manger was showing DNS.EXE is using 500MB of memory and CPU utilization was above 60%. Has anyone seen this problem before? Secure Dynamic Update is enabled on both DNS servers. Any ideas, thoughts or comments? Any input would be really appreciated Santhosh
RE: [ActiveDir] Active Directory Cookbook
Title: Message It's a great book. Two questions: 1) did you guru's here on activedir come to the conclusion that, due to password complexity, a user should be created disabled? Does that affect any recipes other than 6.1, 6.2, and 6.3? 2) I think you should add one of the simplest and (in my opinion) the most common AD query as a recipe: how to find all the users in a domain. From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:43 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Cookbook Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a referencethat would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's whyI thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book andany corrections: http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AMTo: [EMAIL PROTECTED]Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: [ActiveDir] Active Directory CookbookAgreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCTAnalyst I - Web Services ITOS - Systems EnablementMaritime Life Assurance Company(902) 453-7300 x3456 "Lou Vega" [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To: [EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory CookbookReceived my very own copy of Mr. Robbie Allen's "Tuna" book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou
RE: [ActiveDir] documenting servers
I'm interested... -gil -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Just to let you know the Sourceforge site for the Windows Server Documentation Project has been approved. Mail me off list and I will set everyone up on it. Look forward to hearing from ya :) -Original Message- From: Oliver Marshall Sent: 23 October 2003 09:09 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Almost an identical situation here. I would also like to know that, as I am the only one of me here, I could have some documentation that would help contractors get up to speed on the network. Some day I want a holiday, with my mobile phone, or my net connection, and then we need to get a contractor, and the firm CERTAINLY wont pay for him to start a few weeks before I leave to get up to speed!!! I have registered the Windows Server Documentation Project with Sourceforge, and I will hear if they will set it up in the next few days. If those of you are interested want to mail me (each other) off list, then perhaps we will be able to see what happens (???) Look forward to hearing from you. Olly -Original Message- From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: 22 October 2003 17:50 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers I have multiple goals for my server docs, although DR is definitely the most important to me. The more servers we get, the more I need a way to quickly tell how much disk, how much RAM, what patch levels, what apps are running, IIS or not, what services running under what credentials, blah blah blah Is others have said, there are many ways to get at the information, but it would be nice to kick off a script and have it return what I want whenever. Management seems to think having a binder with server documentation in it as each new box gets built is sufficient. I contend it changes too often and would like something more dynamic. Maybe a scheduled polling event that writes to a database would be best. I've already started, thanks to Robbie's cookbook and Matthew Lavy's WMI Scripting, and would be happy to participate in a more global project... mc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] documenting servers
Me too -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Friday, October 24, 2003 1:46 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] documenting servers I'm interested... -gil -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Just to let you know the Sourceforge site for the Windows Server Documentation Project has been approved. Mail me off list and I will set everyone up on it. Look forward to hearing from ya :) -Original Message- From: Oliver Marshall Sent: 23 October 2003 09:09 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Almost an identical situation here. I would also like to know that, as I am the only one of me here, I could have some documentation that would help contractors get up to speed on the network. Some day I want a holiday, with my mobile phone, or my net connection, and then we need to get a contractor, and the firm CERTAINLY wont pay for him to start a few weeks before I leave to get up to speed!!! I have registered the Windows Server Documentation Project with Sourceforge, and I will hear if they will set it up in the next few days. If those of you are interested want to mail me (each other) off list, then perhaps we will be able to see what happens (???) Look forward to hearing from you. Olly -Original Message- From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: 22 October 2003 17:50 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers I have multiple goals for my server docs, although DR is definitely the most important to me. The more servers we get, the more I need a way to quickly tell how much disk, how much RAM, what patch levels, what apps are running, IIS or not, what services running under what credentials, blah blah blah Is others have said, there are many ways to get at the information, but it would be nice to kick off a script and have it return what I want whenever. Management seems to think having a binder with server documentation in it as each new box gets built is sufficient. I contend it changes too often and would like something more dynamic. Maybe a scheduled polling event that writes to a database would be best. I've already started, thanks to Robbie's cookbook and Matthew Lavy's WMI Scripting, and would be happy to participate in a more global project... mc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] documenting servers
yup -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Me too -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Friday, October 24, 2003 1:46 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] documenting servers I'm interested... -gil -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Just to let you know the Sourceforge site for the Windows Server Documentation Project has been approved. Mail me off list and I will set everyone up on it. Look forward to hearing from ya :) -Original Message- From: Oliver Marshall Sent: 23 October 2003 09:09 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Almost an identical situation here. I would also like to know that, as I am the only one of me here, I could have some documentation that would help contractors get up to speed on the network. Some day I want a holiday, with my mobile phone, or my net connection, and then we need to get a contractor, and the firm CERTAINLY wont pay for him to start a few weeks before I leave to get up to speed!!! I have registered the Windows Server Documentation Project with Sourceforge, and I will hear if they will set it up in the next few days. If those of you are interested want to mail me (each other) off list, then perhaps we will be able to see what happens (???) Look forward to hearing from you. Olly -Original Message- From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: 22 October 2003 17:50 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers I have multiple goals for my server docs, although DR is definitely the most important to me. The more servers we get, the more I need a way to quickly tell how much disk, how much RAM, what patch levels, what apps are running, IIS or not, what services running under what credentials, blah blah blah Is others have said, there are many ways to get at the information, but it would be nice to kick off a script and have it return what I want whenever. Management seems to think having a binder with server documentation in it as each new box gets built is sufficient. I contend it changes too often and would like something more dynamic. Maybe a scheduled polling event that writes to a database would be best. I've already started, thanks to Robbie's cookbook and Matthew Lavy's WMI Scripting, and would be happy to participate in a more global project... mc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] documenting servers
Off-list people, please. Oh, and you forgot your /AOL Mode tag. Mail me off list and I will set everyone up on it. - Original Message - From: Craig Cerino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:55 AM Subject: RE: [ActiveDir] documenting servers Me too -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Friday, October 24, 2003 1:46 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] documenting servers I'm interested... -gil -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Just to let you know the Sourceforge site for the Windows Server Documentation Project has been approved. Mail me off list and I will set everyone up on it. Look forward to hearing from ya :) -Original Message- From: Oliver Marshall Sent: 23 October 2003 09:09 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Almost an identical situation here. I would also like to know that, as I am the only one of me here, I could have some documentation that would help contractors get up to speed on the network. Some day I want a holiday, with my mobile phone, or my net connection, and then we need to get a contractor, and the firm CERTAINLY wont pay for him to start a few weeks before I leave to get up to speed!!! I have registered the Windows Server Documentation Project with Sourceforge, and I will hear if they will set it up in the next few days. If those of you are interested want to mail me (each other) off list, then perhaps we will be able to see what happens (???) Look forward to hearing from you. Olly -Original Message- From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: 22 October 2003 17:50 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers I have multiple goals for my server docs, although DR is definitely the most important to me. The more servers we get, the more I need a way to quickly tell how much disk, how much RAM, what patch levels, what apps are running, IIS or not, what services running under what credentials, blah blah blah Is others have said, there are many ways to get at the information, but it would be nice to kick off a script and have it return what I want whenever. Management seems to think having a binder with server documentation in it as each new box gets built is sufficient. I contend it changes too often and would like something more dynamic. Maybe a scheduled polling event that writes to a database would be best. I've already started, thanks to Robbie's cookbook and Matthew Lavy's WMI Scripting, and would be happy to participate in a more global project... mc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] documenting servers
This is an ASP page that gives lots of useful info on your windows
systems. Make sure you run in on an IIS box under credentials that have
rights.
I have other ASP pages that will report back Service Pack and hotfixes.
As always
Be sure to test this in test lab first.
I can not be responsible for the results of these scripts/ASP code
BEGIN FORM ASP
html
titleVery Simple System Query/title
CAPTIONfont size=6Very Simple System Query/font/CAPTIONhr
BRThis will query Information on ServersBRBR
FORM ACTION=serverstats.asp METHOD=POST
Server Name: INPUT NAME=ServerName VALUE=servername BR
BR
To query, press:
INPUT TYPE=submit VALUE=Submit P
/FORM BR
BDo NOT USTOP/U the browser once you submit/BBR
Please keep in mind BANDWIDTH is limited...so these queries could take
awhile to run!BRBRBR
REQUIRES REMOTE SYSTEM TO BE ON domain name DOMAIN.
/html
*END OF FORM ASP*
BEGIN RESULTS ASP
%
option explicit
response.buffer = true
'* serverStats v1.5
'* The script accepts the name of a server (through a querystring item
called server) and returns
'* information gathered by Windows Management Instrumentation v1.5. The
address would look like:
'* http://[IIS server]/server.asp?server=[server being queried]
'* e.g. http://Limbo/server.asp?server=behemoth
'*
'*
'*
'* Requirements:
'* -WMI v1.5 on all machines being queried and the IIS server hosting
the page
'* -IIS server must be Win2k server or professional running IIS 5.0
'* -A domain account that is part of the administrators group on each
machine being queried
'* (or part of the domain admins group)
'* -This user account is passed on line 97 of this script (change the
bracketed values)
'*
dim titleTag
dim objLocator
dim objService
dim strServer
dim i
dim strOS
dim itemCount
dim BeginRow: BeginRow = 1
dim EndRow: EndRow = 2
dim scriptPath: scriptPath = Request.ServerVariables(path_info)
Const BEGIN_TABLE = TABLE width=550 BORDER=0
CELLSPACING=1 CELLPADDING=2
Const END_TABLE = /TABLE
strServer = Request.Form(servername)
'
' Check to see if the machine being queried is the machine
hosting the script
' If it is, don't supply the user name or password
'
if strServer = then
strServer = Request.ServerVariables(server_name)
end if
'
' Begin page
'
Response.Write _
HTML vbcrlf _
HEAD vbcrlf _
TITLE strServer Server Statistics/TITLE
vbcrlf _
style type=text/css vbcrlf
'
' The style sheets will be different depending on whether the
user is viewing with Netscape or IE
'
if instr(1,Request.ServerVariables(http_user_agent),MSIE)
then
Response.Write _
!-- vbcrlf _
.head {font-family: Verdana, Arial, Helvetica,
sans-serif; font-size: 10px; font-weight: bold; color:'#ff'}
vbcrlf _
.category {font-family: Verdana, Arial, Helvetica,
sans-serif; font-size: 9px; font-weight: bold;} vbcrlf _
.result {font-family: Verdana, Arial, Helvetica,
sans-serif; font-size: 9px;} vbcrlf _
a {color: '#66'; text-decoration:none;}
vbcrlf _
a:hover {text-decoration:underline} vbcrlf _
-- vbcrlf
else
Response.Write _
!-- vbcrlf _
.head {font-family: Verdana, Arial, Helvetica,
sans-serif; font-size: 11px; font-weight: bold color:#ff} vbcrlf
_
.category {font-family: Verdana, Arial, Helvetica,
sans-serif; font-size: 10px; font-weight: bold;} vbcrlf _
.result {font-family: Verdana, Arial, Helvetica,
sans-serif; font-size: 10px;} vbcrlf _
-- vbcrlf
end if
Response.Write _
/style vbcrlf _
/HEAD vbcrlf _
body bgcolor=#ff vbcrlf
'
' Create the WMI locator object and manually capture the error
if there is a problem
'
on error resume next
Set objLocator =
server.CreateObject(WbemScripting.SWbemLocator)
if err then
Response.Write _
tr vbcrlf _
td class=resultThere was an error
while creating the locator objectbr vbcrlf _
err.number - err.description vbcrlf _
/td vbcrlf _
/tr vbcrlf
else
'
' Instantiate the service object. If the machine being
queried is a remote machine,
' user credentials must be
[ActiveDir] GPMC on XP
Hello from a long time listener/first time caller. I have a Windows 2000 AD Domain and I am on a call with PSS right now concerning my XP machine running the Windows 2003 AdminPak and the new GPMC utility. My problem is that when I open the Windows Settings under User Configuration I cant see anything but the Remote Installation Service topic. I cant see any other categories such as Internet Explorer Maintenance, Scripts, Security Settings, and Folder Redirection. PSS is struggling with it right now and I wanted to know if any of you have seen this before. Any help is greatly appreciated! Thank you! Mike Kemker MCSE, CNE Kimball International �
Re: [ActiveDir] documenting servers
No, no, no. Don't eMail ME off-list, eMail Oliver off-list at [EMAIL PROTECTED] and he will add you to the list. - Original Message - From: Doug Hampshire [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:03 AM Subject: Re: [ActiveDir] documenting servers Off-list people, please. Oh, and you forgot your /AOL Mode tag. Mail me off list and I will set everyone up on it. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Cookbook
Robbie, I haven't gotten my copy of your book yet, I know :-(, I waited until just recently to order it. I looked at the table of contents but did not see any thing about Certificate Services, is it there and I just missed it?? If it is not in your book, as the Master of Cookbooks can you suggest a good source for learning Certificate Services structure and installing guide. I am trying to get my head around Certificate Service in order to answer some structure questions. Dan Original Message Subject: RE: [ActiveDir] Active Directory Cookbook From: Robbie Allen [EMAIL PROTECTED] Date: Fri, October 24, 2003 9:43 am To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a reference that would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's why I thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book and any corrections: http://www.rallenhome.com/books/adcookbook/code.html http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Active Directory Cookbook Agreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCT Analyst I - Web Services ITOS - Systems Enablement Maritime Life Assurance Company (902) 453-7300 x3456 Lou Vega [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To:[EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] documenting servers
HEY - so we have a learning disability -- ease up. :o) Ok - -how many people emailed you? :O) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug Hampshire Sent: Friday, October 24, 2003 2:03 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] documenting servers Off-list people, please. Oh, and you forgot your /AOL Mode tag. Mail me off list and I will set everyone up on it. - Original Message - From: Craig Cerino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:55 AM Subject: RE: [ActiveDir] documenting servers Me too -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Friday, October 24, 2003 1:46 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] documenting servers I'm interested... -gil -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Just to let you know the Sourceforge site for the Windows Server Documentation Project has been approved. Mail me off list and I will set everyone up on it. Look forward to hearing from ya :) -Original Message- From: Oliver Marshall Sent: 23 October 2003 09:09 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers Almost an identical situation here. I would also like to know that, as I am the only one of me here, I could have some documentation that would help contractors get up to speed on the network. Some day I want a holiday, with my mobile phone, or my net connection, and then we need to get a contractor, and the firm CERTAINLY wont pay for him to start a few weeks before I leave to get up to speed!!! I have registered the Windows Server Documentation Project with Sourceforge, and I will hear if they will set it up in the next few days. If those of you are interested want to mail me (each other) off list, then perhaps we will be able to see what happens (???) Look forward to hearing from you. Olly -Original Message- From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: 22 October 2003 17:50 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] documenting servers I have multiple goals for my server docs, although DR is definitely the most important to me. The more servers we get, the more I need a way to quickly tell how much disk, how much RAM, what patch levels, what apps are running, IIS or not, what services running under what credentials, blah blah blah Is others have said, there are many ways to get at the information, but it would be nice to kick off a script and have it return what I want whenever. Management seems to think having a binder with server documentation in it as each new box gets built is sufficient. I contend it changes too often and would like something more dynamic. Maybe a scheduled polling event that writes to a database would be best. I've already started, thanks to Robbie's cookbook and Matthew Lavy's WMI Scripting, and would be happy to participate in a more global project... mc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Domains in a Forest
DomainB wants to be separate in what sense? You mean they want their login to remain the same? they want their email address to remain the same? Websites? And what resources are we needing seamless access to? Exchange in the picture? If so, do they want seamless GAL? The reason I'm asking is because these are considerations that go into answering what you are asking. More info would be helpful. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lou Vega Sent: Fri 10/24/2003 10:25 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Domains in a Forest Let's say I have a domain called DomainA.com and now my organization is talking with another organization who would like to have DomainB.com. Management at both organizations would like pretty seamless access to each other's resources while maintaining their own identities...i.e, DomainB does not want to be DomainB.DomainA.com. My first thoughts are to have a forest with both domains in it (Forest containing DomainA.com and DomainB.com)...but how easy/hard is that to implement when DomainA.com already exists and you need to create/add DomainB.com to the forest? I'm stepping into new territory here and would appreciate any suggestions, comments etc. concerning this. I'm researching this on the web and I know from past discussions on this list that I'm bound to learn something new here! If you need more info, let me know. r/ Lou winmail.dat
Re: [ActiveDir] Domains in a Forest
Separate identity - i.e., don't want to be known as DomainB.DomainA.Com, but rather known as DomainB.Com. Resources are mostly Data and Websites. Exchange is not in the picture. From what I gather so far I'm looking at a forest with a child domain (DomainA.com is the root, so DomainB.com would be my new child) and a disjointed name space for DNS purposes. Hope that clears things up a little.if not, let me know and thanks for everyone's feedback! r/ Lou - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 24, 2003 3:41 PM Subject: RE: [ActiveDir] Domains in a Forest DomainB wants to be separate in what sense? You mean they want their login to remain the same? they want their email address to remain the same? Websites? And what resources are we needing seamless access to? Exchange in the picture? If so, do they want seamless GAL? The reason I'm asking is because these are considerations that go into answering what you are asking. More info would be helpful. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lou Vega Sent: Fri 10/24/2003 10:25 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Domains in a Forest Let's say I have a domain called DomainA.com and now my organization is talking with another organization who would like to have DomainB.com. Management at both organizations would like pretty seamless access to each other's resources while maintaining their own identities...i.e, DomainB does not want to be DomainB.DomainA.com. My first thoughts are to have a forest with both domains in it (Forest containing DomainA.com and DomainB.com)...but how easy/hard is that to implement when DomainA.com already exists and you need to create/add DomainB.com to the forest? I'm stepping into new territory here and would appreciate any suggestions, comments etc. concerning this. I'm researching this on the web and I know from past discussions on this list that I'm bound to learn something new here! If you need more info, let me know. r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Cookbook
While not a cookbook per se, I have found this link useful in my understanding of PKI: http://tinyurl.com/s8y1 HTH Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Daniel Gilbert Sent: Fri 10/24/2003 11:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Cookbook Robbie, I haven't gotten my copy of your book yet, I know :-(, I waited until just recently to order it. I looked at the table of contents but did not see any thing about Certificate Services, is it there and I just missed it?? If it is not in your book, as the Master of Cookbooks can you suggest a good source for learning Certificate Services structure and installing guide. I am trying to get my head around Certificate Service in order to answer some structure questions. Dan Original Message Subject: RE: [ActiveDir] Active Directory Cookbook From: Robbie Allen [EMAIL PROTECTED] Date: Fri, October 24, 2003 9:43 am To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a reference that would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's why I thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book and any corrections: http://www.rallenhome.com/books/adcookbook/code.html http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Active Directory Cookbook Agreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCT Analyst I - Web Services ITOS - Systems Enablement Maritime Life Assurance Company (902) 453-7300 x3456 Lou Vega [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To:[EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat
RE: [ActiveDir] Active Directory Cookbook
Thanks. I can see I will have some reading to do this weekend. Dan Original Message Subject: RE: [ActiveDir] Active Directory Cookbook From: [EMAIL PROTECTED] Date: Fri, October 24, 2003 12:57 pm To: [EMAIL PROTECTED] While not a cookbook per se, I have found this link useful in my understanding of PKI: http://tinyurl.com/s8y1 HTH Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Daniel Gilbert Sent: Fri 10/24/2003 11:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Cookbook Robbie, I haven't gotten my copy of your book yet, I know :-(, I waited until just recently to order it. I looked at the table of contents but did not see any thing about Certificate Services, is it there and I just missed it?? If it is not in your book, as the Master of Cookbooks can you suggest a good source for learning Certificate Services structure and installing guide. I am trying to get my head around Certificate Service in order to answer some structure questions. Dan Original Message Subject: RE: [ActiveDir] Active Directory Cookbook From: Robbie Allen [EMAIL PROTECTED] Date: Fri, October 24, 2003 9:43 am To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a reference that would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's why I thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book and any corrections: http://www.rallenhome.com/books/adcookbook/code.html http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Active Directory Cookbook Agreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCT Analyst I - Web Services ITOS - Systems Enablement Maritime Life Assurance Company (902) 453-7300 x3456 Lou Vega [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To:[EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] FSMO role holding DC's
Title: Message Yes, it's different for Exchange 2003.- it has no communication requirement with Schema FSMO during installation- also, additional servers can be installed with Exchange Full Admin at the Administrative Group level (used to require Full Org privilege with Exchange 2000 - still need these permissions for the first server of an Org, Domain or Admin group) /Guido From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Freitag, 24. Oktober 2003 16:55To: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] FSMO role holding DC's Fixes for Exchange setup in a service pack? Really. You'll want to see if that problem of checking the schema master has been addressed in Exchange 2003 not Exchange 2000. Al -Original Message-From: Merry, Joel (US - Philadelphia) [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:37 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] FSMO role holding DC's Don't forget about the RID master. If you want to be able to create new objects on that DC it may eventually need to obtain a new set of RIDs. It also needs to talk to the PDCe to forward and/or confirm bad password attempts and fun stuff like that. -Joel -Original Message-From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 3:57 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] FSMO role holding DC's Maybe some of the Exchange MVPs on this list have more info. Andy, Tom, Missy, Kevin? -- Original Message -- From: John Reijnders [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 24 Oct 2003 09:49:15 +0200 Hm ... That could have been one of the ideas behind this "feature". However, it seems to be a rather nasty feature, especially in AD environment that contain firewalls that separate the schema master from Exchange boxes. (I know, I know ... Firewalls WITHIN a AD environment?). There is a KB article on this issue (280178). Reading this article I get the feeling that every Exchange installation tries to UPDATE the schema (that's an interesting way of verifying the schema, isn't it?). I would prefer a Exchange installation to check the schema on a "random" DC. I think that the failure of an Exchange installation is one of your last worries when you're running an environment in which DCs do not replicate for weeks ;-) ... I know Microsoft has confirmed this to be a problem. But I'm not aware of the current status and plans on fixing this issue (for example by making it customizable whether or not you want this check to happen on the Schema Master). Anybody ... Anybody at all? John -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: vrijdag 24 oktober 2003 9:19 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] FSMO role holding DC's Just a thought John. Could the restriction be in place to avoid problems in cases where the E2K installation is made on a DC that has not yet received the replication changes arising from a schema update? For example, if a DC in a remote site has had replication problems and has not received updates for a week or so. Tony -- Original Message -- From: John Reijnders [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 23 Oct 2003 08:13:00 +0200 As an addi tion to the previous mails I would like to point out a particular issue with the schema master. The installation of an Exchange 2000 server explicitely needs to contact the DC holding the schema master. The reason for this contact is to check whether or not the schema is updated with the Exchange extensions. I consider this to be a bug because every single DC in the forests holds the Schema partition and should therefor be able to verify whether or not the Schema has been updated. This wasn't solved a couple of months ago. Mayby MS will solve it in a next Service Pack of Exchange, but untill then ... Make sure that every Exchange box can contact the Schema Master! Cheers! John Reijnders -Original Message- From: Abbiss, Mark [mailto:[EMAIL PROTECTED] Sent: maandag 20 oktober 2003 11:58 To: '[EMAIL PROTECTED]' Subject: [ActiveDir] FSMO role holding DC's I have nudged this issue in an earlier post but would like to ask again for confirmation from the collective genius contained in this list. Do all DC's in a domain HAVE to have a direct connection to the FSMO role holding machines or is there a way of "proxying" these roles ? What are some of the likely major implications of maintaining a DC without access to FSMO role holders ? The DC in question is replicating with other DC's, so has all objects but
RE: [ActiveDir] Active Directory Cookbook
Title: Message Michael - 1) Yes, this is one way. Just discussed this topic on the list, with code samples, so check the archives. Setting the user to disabled and then applying the complex password is valid. 2) Not there directly ;-) Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Friday, October 24, 2003 12:35 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Cookbook It's a great book. Two questions: 1) did you guru's here on activedir come to the conclusion that, due to password complexity, a user should be created disabled? Does that affect any recipes other than 6.1, 6.2, and 6.3? 2) I think you should add one of the simplest and (in my opinion) the most common AD query as a recipe: how to find all the users in a domain. From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:43 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Cookbook Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a referencethat would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's whyI thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book andany corrections: http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AMTo: [EMAIL PROTECTED]Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: [ActiveDir] Active Directory CookbookAgreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCTAnalyst I - Web Services ITOS - Systems EnablementMaritime Life Assurance Company(902) 453-7300 x3456 "Lou Vega" [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To: [EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory CookbookReceived my very own copy of Mr. Robbie Allen's "Tuna" book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou
RE: [ActiveDir] Active Directory Cookbook
Title: Message Hey Rob, What about this donate a cookbook a month for someone who comes up with a great idea for additions to the next version of the cookbook. Basically the submissions have to follow the format of the book, and have to work. They would be judge based on the following criteria. The topic covered in AD. 1-25 points (Existing topics with a spin get up to 12.5 points; new topics getting up to 25 if worthy.) The issues identified within the topic 1-25 points. (Each issue identified gets 2.5 points for existing topics. Max 10) The solutions that meet the needs identified for each topic. 1-50 points. (Each need that gets a solution gets 5 points per solutions. Solutions should identify any GUI, CLI, and VB methods for automation.) To make things interesting if it takes off, If one of the vendors (CoughNETPRO, CoughAELITA, Cough.Quest, Cough..BV) was willing to support this contest, it would be really interesting. Just an Idea at 1AM... Toddler -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:43 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Active Directory Cookbook Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a referencethat would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's whyI thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book andany corrections: http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Active Directory Cookbook Agreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCT Analyst I - Web Services ITOS - Systems Enablement Maritime Life Assurance Company (902) 453-7300 x3456 Lou Vega [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To:[EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou
RE: [ActiveDir] Active Directory Cookbook
Todd, You are s badd Dan Original Message Subject: RE: [ActiveDir] Active Directory Cookbook From: Myrick, Todd (NIH/CIT) [EMAIL PROTECTED] Date: Fri, October 24, 2003 9:54 pm To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Hey Rob, What about this donate a cookbook a month for someone who comes up with a great idea for additions to the next version of the cookbook. Basically the submissions have to follow the format of the book, and have to work. They would be judge based on the following criteria. The topic covered in AD. 1-25 points (Existing topics with a spin get up to 12.5 points; new topics getting up to 25 if worthy.) The issues identified within the topic 1-25 points. (Each issue identified gets 2.5 points for existing topics. Max 10) The solutions that meet the needs identified for each topic. 1-50 points. (Each need that gets a solution gets 5 points per solutions. Solutions should identify any GUI, CLI, and VB methods for automation.) To make things interesting if it takes off, If one of the vendors (CoughNETPRO, CoughAELITA, Cough.Quest, Cough..BV) was willing to support this contest, it would be really interesting. Just an Idea at 1AM... Toddler -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:43 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Active Directory Cookbook Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a reference that would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's why I thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book and any corrections: http://www.rallenhome.com/books/adcookbook/code.html http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Active Directory Cookbook Agreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCT Analyst I - Web Services ITOS - Systems Enablement Maritime Life Assurance Company (902) 453-7300 x3456 Lou Vega [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To:[EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Cookbook
Title: RE: [ActiveDir] Active Directory Cookbook Dan, What are the topics in PKI architecture you want to understand? What issue are you trying to solve using PKI in your organization? What are the specific needs in your organization and what Windows 200x services do you want to deploy to meet those needs? Here are a couple of basic topics to think about. Outsourcing verses In-house operations. Self-signed CA verse Commercial. Look to mix here, and select a vendor to partner with for Public website. Automated Enrollment, verses manual enrollment. Identity proof. Reporting. (There is a lack of reporting tools available for reporting on PKI information, have to create custom reports.) Monitoring CRL availability, and CA Server availability. Windows 200x feature that use PKI. Public / Private use of PKI Hardware to support more advanced operations. Roaming profiles, verses Local Profiles. Certificates are stored in the User profile. Good idea for the user to be able to access their profile from any Wintel box. How to troubleshoot the service and the subordinate applications. How to maintain the service. That's all I can think of at 1am. Todd Myrick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 3:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Cookbook While not a cookbook per se, I have found this link useful in my understanding of PKI: http://tinyurl.com/s8y1 HTH Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Daniel Gilbert Sent: Fri 10/24/2003 11:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Cookbook Robbie, I haven't gotten my copy of your book yet, I know :-(, I waited until just recently to order it. I looked at the table of contents but did not see any thing about Certificate Services, is it there and I just missed it?? If it is not in your book, as the Master of Cookbooks can you suggest a good source for learning Certificate Services structure and installing guide. I am trying to get my head around Certificate Service in order to answer some structure questions. Dan Original Message Subject: RE: [ActiveDir] Active Directory Cookbook From: Robbie Allen [EMAIL PROTECTED] Date: Fri, October 24, 2003 9:43 am To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a reference that would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's why I thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book and any corrections: http://www.rallenhome.com/books/adcookbook/code.html http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, October 24, 2003 11:51 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Active Directory Cookbook Agreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCT Analyst I - Web Services ITOS - Systems Enablement Maritime Life Assurance Company (902) 453-7300 x3456 Lou Vega [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To: [EMAIL PROTECTED] cc: Subject: [ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Cookbook
Na, I am not that Bad, it is the guy who keeps auto responding to every message we send on the list. He needs a hockey puck; Slapshot style. Rick! Care to address the issue? Thanks, Toddler -Original Message- From: Daniel Gilbert [mailto:[EMAIL PROTECTED] Sent: Saturday, October 25, 2003 1:07 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Cookbook Todd, You are s badd Dan Original Message Subject: RE: [ActiveDir] Active Directory Cookbook From: Myrick, Todd (NIH/CIT) [EMAIL PROTECTED] Date: Fri, October 24, 2003 9:54 pm To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Hey Rob, What about this donate a cookbook a month for someone who comes up with a great idea for additions to the next version of the cookbook. Basically the submissions have to follow the format of the book, and have to work. They would be judge based on the following criteria. The topic covered in AD. 1-25 points (Existing topics with a spin get up to 12.5 points; new topics getting up to 25 if worthy.) The issues identified within the topic 1-25 points. (Each issue identified gets 2.5 points for existing topics. Max 10) The solutions that meet the needs identified for each topic. 1-50 points. (Each need that gets a solution gets 5 points per solutions. Solutions should identify any GUI, CLI, and VB methods for automation.) To make things interesting if it takes off, If one of the vendors (CoughNETPRO, CoughAELITA, Cough.Quest, Cough..BV) was willing to support this contest, it would be really interesting. Just an Idea at 1AM... Toddler -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:43 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Active Directory Cookbook Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a reference that would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's why I thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book and any corrections: http://www.rallenhome.com/books/adcookbook/code.html http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Active Directory Cookbook Agreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCT Analyst I - Web Services ITOS - Systems Enablement Maritime Life Assurance Company (902) 453-7300 x3456 Lou Vega [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To:[EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Object Perms
AH... Didn't think someone would try that but it is valid. I don't have a
lab to test right this second, but I think I would start with removing the
reset password and see if that buys anything.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ama Hanjef
Sent: Thursday, October 23, 2003 11:38 AM
To: [EMAIL PROTECTED]
Joe,
Thanks for the reply.
The users are admins on the computer, thats not a problem.
The problem we are having with delegating Write Account Restrictions, Write
Service Principal Name, Write DNS Host Name and Reset Password perms is that
the users/workstation techs can join a computer to the domain with the same
name as a computer that already exists, thus disjoining the first computer.
We are looking to make is necesary that a Domain Admin reset the computer
account before the users/workstation techs can join that computer.
--- Joe [EMAIL PROTECTED] wrote:
The user will need to be an admin on the computer itself. I know of no
way around that.
In AD if using the GUI, simply spepcify the person or group that can
do the join when creating the object.
If creating the machine acount via script, delegate the following to
the
computer:
Write Account Restrictions
Write Service Principal Name
Write DNS Host Name
Reset Password
Here is some perl code for that little piece that I use to write acl's
to an OU for that purpose.
#
# Write Account Restrictions on computer
#
if ($debug) {print Setting $securitygroup with Write Account
Restrictions on Computers...\n};
$ace =
Win32::OLE-CreateObject(AccessControlEntry);
$ace-{Trustee}=$securitygroup;
$ace-{ObjectType}={4C164200-20C0-11D0-A768-00AA006E0529};
# Account Restrictions
$ace-{InheritedObjectType}={BF967A86-0DE6-11D0-A285-00AA003049E2};
# computer
$ace-{AccessMask}=32;
$ace-{Flags}=3;
$ace-{AceType}=5;
$ace-{aceflags}=10;
$dACL-AddAce($ace);
undef $ace;
#
# Validated Write Service Principal Name on computer
#
if ($debug) {print Setting $securitygroup with Write
servicePrincipalName on Computers...\n};
$ace =
Win32::OLE-CreateObject(AccessControlEntry);
$ace-{Trustee}=$securitygroup;
$ace-{ObjectType}={F3A64788-5306-11D1-A9C5-F80367C1};
# servicePrincipalName
$ace-{InheritedObjectType}={BF967A86-0DE6-11D0-A285-00AA003049E2};
# computer
$ace-{AccessMask}=8;
$ace-{Flags}=3;
$ace-{AceType}=5;
$ace-{aceflags}=10;
$dACL-AddAce($ace);
undef $ace;
#
# Validated Write dNSHostName on computer
#
if ($debug) {print Setting $securitygroup with Write
dNSHostName on Computers...\n};
$ace =
Win32::OLE-CreateObject(AccessControlEntry);
$ace-{Trustee}=$securitygroup;
$ace-{ObjectType}={72E39547-7B18-11D1-ADEF-00C04FD8D5CD};
# dNSHostName
$ace-{InheritedObjectType}={BF967A86-0DE6-11D0-A285-00AA003049E2};
# computer
$ace-{AccessMask}=8;
$ace-{Flags}=3;
$ace-{AceType}=5;
$ace-{aceflags}=10;
$dACL-AddAce($ace);
undef $ace;
#
# Reset Password on computer
#
if ($debug) {print Setting $securitygroup with Reset Password
on Computers...\n};
$ace =
Win32::OLE-CreateObject(AccessControlEntry);
$ace-{Trustee}=$securitygroup;
$ace-{ObjectType}={00299570-246D-11D0-A768-00AA006E0529};
# Reset Password
$ace-{InheritedObjectType}={BF967A86-0DE6-11D0-A285-00AA003049E2};
# computer
$ace-{AccessMask}=256;
$ace-{Flags}=3;
$ace-{AceType}=5;
$ace-{aceflags}=10;
$dACL-AddAce($ace);
undef $ace;
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of fact hunter
Sent: Wednesday, October 22, 2003 10:39 AM
To: [EMAIL PROTECTED]
I want to allow a low level user to join a computer to the domain only
when the computer account has been pre-populated as a new account or
the account has been reset in the case of a reimage. However, I do not
want them to be able to overwrite computer accounts that are in use.
Any help is appreciated.
Ama
__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
RE: [ActiveDir] Silly Question probably....
Hmmm I downloaded that and looked at it, I like sidtoname much better F:\Dev\cpp\SidToNamesidtoname S-1-5-21-1275210071-789336058-1957994488-1113 SidToName V02.00.00cpp Joe Richards ([EMAIL PROTECTED]) March 2003 [User]: JOEHOME\hosehead The command completed successfully. F:\Dev\cpp\SidToNamesidtoname S-1-5-21-1275210071-789336058-1957994488 SidToName V02.00.00cpp Joe Richards ( mailto:[EMAIL PROTECTED] [EMAIL PROTECTED]) March 2003 [Domain]: JOEHOME The command completed successfully. F:\Dev\cpp\SidToName On the free win32 c++ tools page of www.joeware.net :op joe _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, October 23, 2003 2:50 PM To: [EMAIL PROTECTED] Steve- Check out Sid2User, written by Euvgenii Rudnyi. You can get it at http://www.securityfocus.com/tools/544. It will translate a SID to a text user name. -Original Message- From: [EMAIL PROTECTED] on behalf of Technology Listserves Sent: Thu 10/23/2003 2:10 PM To: [EMAIL PROTECTED] Cc: Subject: [ActiveDir] Silly Question probably Gentlemen, We had a few folders within a specific share just dissappear earlier this morning. At first, we thought they had been deleted (since our initial search came up with no trace of them) and ordered a backup tape with the files. A few moments ago, we found them...all of them. However, when we looked at the security properties on the folders and files, we noticed that a specific CSLID was listed there: S-1-5-21-7796645487-3596344109-306335-2737-1211 We do all of our permissioning by group assignment, of course, so I'm guessing this is probably the person or account that moved those files without knowing it. Is there a way in AD to determine whose CSLID this is? Or some 3rd-Party tool the group can recommend? I'd also be interested in any options you might have for preventing this from happening again. My thanks to the group, in advance. -Steve Steven Dunn Director, Technology Services Executive Director, Incorporated List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ attachment: winmail.dat
RE: [ActiveDir] Active Directory Cookbook
Title: Message And what have you been drinking at 1am??:-) Good thought, but my guess is that peoplewhooffer goodsuggestions probably already have a copy of the book (since they know what'sin there and what isn't). FWIW, I would be happy to mentionin the acknowledgements section anyone who suggests a recipe I include in the next edition. Robbie Allen http://www.rallenhome.com/ -Original Message-From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Saturday, October 25, 2003 12:54 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Active Directory Cookbook Hey Rob, What about this donate a cookbook a month for someone who comes up with a great idea for additions to the next version of the cookbook. Basically the submissions have to follow the format of the book, and have to work. They would be judge based on the following criteria. The topic covered in AD. 1-25 points (Existing topics with a spin get up to 12.5 points; new topics getting up to 25 if worthy.) The issues identified within the topic 1-25 points. (Each issue identified gets 2.5 points for existing topics. Max 10) The solutions that meet the needs identified for each topic. 1-50 points. (Each need that gets a solution gets 5 points per solutions. Solutions should identify any GUI, CLI, and VB methods for automation.) To make things interesting if it takes off, If one of the vendors (CoughNETPRO, CoughAELITA, Cough.Quest, Cough..BV) was willing to support this contest, it would be really interesting. Just an Idea at 1AM... Toddler -Original Message-From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:43 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Active Directory Cookbook Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a referencethat would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's whyI thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book andany corrections: http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AMTo: [EMAIL PROTECTED]Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: [ActiveDir] Active Directory Cookbook Agreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCTAnalyst I - Web Services ITOS - Systems EnablementMaritime Life Assurance Company(902) 453-7300 x3456 "Lou Vega" [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To: [EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's "Tuna" book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou
RE: [ActiveDir] You guys amaze me!
Right up front, the domain rename scares me. Everyone seems to say, yeah it is there but Before I answer anything else though, what kind of data do you have in AD? Is it the basic NOS stuff or have you deployed Exchange or other AD aware apps that have populated it? My guess is you aren't doing a lot with AD yet so most likely following option two doesn't lose much if any information that you can't export off into LDIFs and reimport after you are back to W2K DC's. Pay isn't bad. However, in relative terms you are probably doing better. 100 users per admin versus our ratio of something like 83000 users per admin and I would be lucky to be making 5x-10x what you make let alone 830x On the flip side though, you probably haven't put a provisioning system and auto password reset system into place - yet. :op joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: Thursday, October 23, 2003 10:06 AM To: [EMAIL PROTECTED] I'm serious. Here is a question for you. As always, if you could offer any info, I would be very grateful. We're a small shop with only 2 Admins managing 200 users in 4 states and we don't have the firepower you guys do. Let's say you don't like your AD domain name and you want to change it. You have 4 DCs, 3 each W2K SP3 and 1 each NT4 SP6a, so you're still in mixed mode. You could move the NT DC to 2K, then move everyone to W2K3, then raise the Forest functionality level and then play Russian Roulette with Rendom. That's one option. Or could it be as simple as DCPromoing all 3 W2K3 servers down to Standalone servers, allowing the NT4 DC which still controls the pre-W2K subdomain name to take full control of the domain again, and then DCPromoing one of the 3 W2K DCs back up to W2K as the FSMO and renaming the domain to what you want? I would love to believe I could do it and get away with it. Thank you people. PS: I don't envy you Joe. I hope you're being paid well! RH - Rocky Habeeb Microsoft Systems Administrator - James W. Sewall Company Old Town, Maine - 207.827.4456 habr @ jws.com www.jws.com - List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Cookbook
Title: Message Hey, You must be up late too. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Allen Sent: Friday, October 24, 2003 10:40 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Active Directory Cookbook And what have you been drinking at 1am??:-) Good thought, but my guess is that peoplewhooffer goodsuggestions probably already have a copy of the book (since they know what'sin there and what isn't). FWIW, I would be happy to mentionin the acknowledgements section anyone who suggests a recipe I include in the next edition. Robbie Allen http://www.rallenhome.com/ -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Saturday, October 25, 2003 12:54 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Active Directory Cookbook Hey Rob, What about this donate a cookbook a month for someone who comes up with a great idea for additions to the next version of the cookbook. Basically the submissions have to follow the format of the book, and have to work. They would be judge based on the following criteria. The topic covered in AD. 1-25 points (Existing topics with a spin get up to 12.5 points; new topics getting up to 25 if worthy.) The issues identified within the topic 1-25 points. (Each issue identified gets 2.5 points for existing topics. Max 10) The solutions that meet the needs identified for each topic. 1-50 points. (Each need that gets a solution gets 5 points per solutions. Solutions should identify any GUI, CLI, and VB methods for automation.) To make things interesting if it takes off, If one of the vendors (CoughNETPRO, CoughAELITA, Cough.Quest, Cough..BV) was willing to support this contest, it would be really interesting. Just an Idea at 1AM... Toddler -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 12:43 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Active Directory Cookbook Thanks for all of the positive feedback about the book. I give the credit to my all-star cast of reviewers :-) My main goal was to produce a referencethat would help AD admins get their job done quicker and easier. There is just too much stuff AD admins have to remember and that's whyI thought the O'Reilly cookbook format would work especially well in this case. If you have the book (or even if you don't), be sure to check out the following web site, which has all of the code in the book andany corrections: http://www.rallenhome.com/books/adcookbook/code.html Keep the feedback coming Regards, Robbie Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:51 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Active Directory Cookbook Agreed - I got mine yesterday from Amazon and I must say that this should be on the shelf of every AD administrator. Period. Michael Parent MCSE MCT Analyst I - Web Services ITOS - Systems Enablement Maritime Life Assurance Company (902) 453-7300 x3456 Lou Vega [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/24/2003 10:37 AM Please respond to ActiveDir To: [EMAIL PROTECTED] cc: Subject:[ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou
