Re: [ActiveDir] Unhappy Server
I have a windows 2000 server which is part of an AD domain that will not let me logon to it. You just see a blue screen on the console. However I can What You mean when You say blue screen, BSOD - i think not, but could You explain List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Unhappy Server
Title: Message Ctrl-alt-del and then Task manager = File = Run = explorer. Desktop should load. Any AV sw on this machine? T -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of it adminSent: Tuesday, March 02, 2004 2:21 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Unhappy Server I have a windows 2000 server which is part of an AD domain that will not let me logon to it. You just see a blue screen on the console. However I can logon using remote dektop connection but everything on this server is running very slowly. Any advise greatly appreciated, NickThis e-mail has been scanned for all viruses by Star Internet. Theservice is powered by MessageLabs. For more information on a proactiveanti-virus service working around the clock, around the globe, visit:http://www.star.net.uk
[ActiveDir] Delegation of Dial-In Tab???
Title: Message Calling any and all Delegation experts! We have 2003 DC's and OU's setup for each of our sites and have delegated out certain admin function to the local MID staff. Ex. Create/Delete Users and Computers. They have full rights over the User object within their OU but when they click on the Dial-In Tab they are getting access denied. "Could not load the Dial-in profile for this user because: Access is denied" I tried granting the following but it did not work: RAS - Modify RAS permissions (Native Mode) Object Class: User MsNPAllowDialin (Read, Write) MsNPCallingStationID (Read, Write) MsNPSavedCallingStationID (Read, Write) MsRADIUSCallbackNumber (Read, Write) MsRADIUSFramedIPAddress (Read, Write) MsRADIUSFramedRoute (Read, Write) MsRADIUSServiceType (Read, Write) MsRSSSavedCallbackNumber (Read, Write) MsRSSSavedFramedIPAddress (Read, Write) MsRASSavedFramedRoute (Read, Write) User - Parameters (Read, Write) Thanks in Advanced, Brandon
RE: [ActiveDir] Unhappy Server
Title: Message Barring the local login, what about the event viewer and perfmon? How do you normally troubleshoot these process issues? What's loaded on the box besides Windows? From: Byrd, Todd [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 9:51 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Unhappy Server From the terminal session, try loading the task manager and find out which service is going haywire and chewing up all your CPU cycles, it is probably a piece of anti-virus software, if not, there is a technet article about pre SP4 win2k boxes having a service that will randomly take up all the resources (I'll see if I can find it, I don't have it handy right now) --Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Toma VochlSent: Tuesday, March 02, 2004 8:47 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Unhappy Server Ctrl-alt-del and then Task manager = File = Run = explorer. Desktop should load. Any AV sw on this machine? T -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of it adminSent: Tuesday, March 02, 2004 2:21 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Unhappy Server I have a windows 2000 server which is part of an AD domain that will not let me logon to it. You just see a blue screen on the console. However I can logon using remote dektop connection but everything on this server is running very slowly. Any advise greatly appreciated, Nick This e-mail has been scanned for all viruses by Star Internet. Theservice is powered by MessageLabs. For more information on a proactiveanti-virus service working around the clock, around the globe, visit:http://www.star.net.uk
RE : [ActiveDir] AD and DNS
Title: Message Hi, I suggest you change the DNS zone to secondary before you demote AD. Yves Boutemy, Architecte des Réseaux Informatiques 2 avenue des TilleulsLes Floralies69380 DOMMARTINFRANCE Tél : +33 4 78 43 59 08Mobile : +33 6 62 41 59 08Email : [EMAIL PROTECTED]Site Web : http://www.boutemy.com -Message d'origine-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Mike HogenauerEnvoyé: lundi 1 mars 2004 17:33À: [EMAIL PROTECTED]Objet: [ActiveDir] AD and DNS I needing to demote one of my domain controllers because of out dated hardware, etc. This server runs our Internal DHCP Scope and also has an AD integrated DNS Zone. I know my DHCP services will still be there, what will happened to the the DNS? Will it just become a secondary zone it the Integrated Master or do I need to change this zone before I demote the Server? Thanks in advance for any advice... Mike Mike Hogenauer [EMAIL PROTECTED] Rendition Networks, Inc. 10735 Willows Rd NE, Suite 150 Redmond, WA 98052 425.636.2115 | Fax: 425.497.1149
RE: [ActiveDir] OT Error message 401.3
OK, we found that in IIS, on the Properties of the website, on the Home Directory Tab, in the Application Section, if you click on the Configuration button you will see that .resources is used as an application mapping for .NET and ASP.NET. -Original Message- From: Salandra, Justin A. Sent: Tuesday, March 02, 2004 12:45 PM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] OT Error message 401.3 If you rename the folder as anything else it works. Everyone has FULL CONTROL to this folder so that we can troublshoot and it still doesn't work as human.resources If you rename it to human.resource it works but add that s at the end and you get the error. -Original Message- From: Salandra, Justin A. Sent: Tuesday, March 02, 2004 12:28 PM To: ActiveDir (E-mail) Cc: Stephens, Brendan Subject:[ActiveDir] OT Error message 401.3 My web developer is getting the following error when trying to access a subdirectory called human.resources within our intranet. Server Error in '/' Application. _ Access is denied. Description: An error occurred while accessing the resources required to serve this request. You might not have permission to view the requested resources. Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to ACLs). Ask the Web server's administrator to give you access to 'E:\inetpub\wwwroot\intranet.chcsnet.org\human.resources'. _ Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573 Any Ideas? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Program Data container
Technically, you can put data anywhere you want in Active Directory. However, is there any reason you wouldn't create your own OU structure for an application? Have you checked MSDN for information on the program data container to see what uses it? From: Alice Joseph [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 12:55 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] "Program Data" container What is the purpose of "Program Data" container in the domain naming context of Active Directory? Is it a general purpose container where I can store any type of data or is it meant for specific purpose? Thanks Alice Joseph
RE: [ActiveDir] Program Data container
Al: Do you have any link to an MSDN page that talks about the Program Data container? If you have, let me know (I couldn't find anything, even a Google search didn't help). Technically, yes, you can put data anywhere in Active Directory. But each of those partitions and containers are there to serve some purpose (otherwise you wouldn't need a config partition, schema partition, domain parttion and a place for LostAndFound, NTDS Quotas...etc in domain partiton - technically you could put everything under one single node in there). And why would I want to create an OU structure for an application, if the application hasn't got anything to do with it? And how does it relate to the existence of a "Program Data" container? I just wanted to know what goes in there. From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 1:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Program Data container Technically, you can put data anywhere you want in Active Directory. However, is there any reason you wouldn't create your own OU structure for an application? Have you checked MSDN for information on the program data container to see what uses it? From: Alice Joseph [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 12:55 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Program Data container What is the purpose of Program Data container in the domain naming context of Active Directory? Is it a general purpose container where I can store any type of data or is it meant for specific purpose? Thanks Alice Joseph
RE: [ActiveDir] Program Data container
From http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/upgadc14.mspx Unlike the ForestPrep command, which was fairly resource-intensive, DomainPrep completes quickly. The changes in comparison to ForestPrep are relatively minor. Two new top-level containers are created, one called NTDS Quotas, just like what ForestPrep added in the Configuration container, and another container called Program Data. This is intended to be a starting point for applications to store their data instead of each vendor coming up with their own top-level OU structure. Mike Thommes Argonne National Laboratory -Original Message- From: Alice Joseph [mailto:[EMAIL PROTECTED] Sent: Tue 3/2/2004 1:34 PM To: '[EMAIL PROTECTED]' Cc: Subject: RE: [ActiveDir] Program Data container Al: Do you have any link to an MSDN page that talks about the Program Data container? If you have, let me know (I couldn't find anything, even a Google search didn't help). Technically, yes, you can put data anywhere in Active Directory. But each of those partitions and containers are there to serve some purpose (otherwise you wouldn't need a config partition, schema partition, domain parttion and a place for LostAndFound, NTDS Quotas...etc in domain partiton - technically you could put everything under one single node in there). And why would I want to create an OU structure for an application, if the application hasn't got anything to do with it? And how does it relate to the existence of a Program Data container? I just wanted to know what goes in there. _ From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 1:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Program Data container Technically, you can put data anywhere you want in Active Directory. However, is there any reason you wouldn't create your own OU structure for an application? Have you checked MSDN for information on the program data container to see what uses it? _ From: Alice Joseph [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 12:55 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Program Data container What is the purpose of Program Data container in the domain naming context of Active Directory? Is it a general purpose container where I can store any type of data or is it meant for specific purpose? Thanks Alice Joseph List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Program Data container
Alice, see this articlemight be of help. http://www.winnetmag.com/Articles/ArticleID/38775/pg/3/3.html Mark Creamer [EMAIL PROTECTED] �
RE: [ActiveDir] Program Data container
Do you have any link to an MSDN page that talks about the Program Data container? And how does it relate to the existence of a Program Data container? I just wanted to know what goes in there. I got 4 hits on MSDN, all involved the Authorization Policy Store http://msdn.microsoft.com/library/default.asp?url=/library/en-us/securit y/security/azauthorizationstore_initialize.asp Active Directory supports Application Partitions, which are also known as Non-Domain Naming Contexts. These partitions are used as a location for programs to store application data. An Authorization Manager policy store cannot be created or kept in the Application Partition; instead, use the Program Data container as the container for Active Directory Authorization Manager policy stores. From: Alice Joseph [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 11:35 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Program Data container Al: Do you have any link to an MSDN page that talks about the Program Data container? If you have, let me know (I couldn't find anything, even a Google search didn't help). Technically, yes, you can put data anywhere in Active Directory. But each of those partitions and containers are there to serve some purpose (otherwise you wouldn't need a config partition, schema partition, domain parttion and a place for LostAndFound, NTDS Quotas...etc in domain partiton - technically you could put everything under one single node in there). And why would I want to create an OU structure for an application, if the application hasn't got anything to do with it? And how does it relate to the existence of a Program Data container? I just wanted to know what goes in there. From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 1:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Program Data container Technically, you can put data anywhere you want in Active Directory. However, is there any reason you wouldn't create your own OU structure for an application? Have you checked MSDN for information on the program data container to see what uses it? From: Alice Joseph [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 12:55 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Program Data container What is the purpose of Program Data container in the domain naming context of Active Directory? Is it a general purpose container where I can store any type of data or is it meant for specific purpose? Thanks Alice Joseph List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Program Data container
I didn't have a link, I was just asking if you'd checked. There is very little about what it's there for that I see so far. This link indicates it's to be used by developers, but not a lot of detailed information beyond that http://msdn.microsoft.com/library/default.asp?url=""> If your application has nothing to do with an OU, then does it matter where you put it? I can see if you didn't want to incur the replication overhead, that it would make sense to put it in a different partition. But I can't see why you wouldn't use an OU to at least house the data you want to store to give it some organization. Ether way, maybe somebody from Microsoft will chime in with a really definitive link and let us know what the heck it's intended for vs. what it can be used for. Al From: Alice Joseph [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 2:35 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] "Program Data" container Al: Do you have any link to an MSDN page that talks about the Program Data container? If you have, let me know (I couldn't find anything, even a Google search didn't help). Technically, yes, you can put data anywhere in Active Directory. But each of those partitions and containers are there to serve some purpose (otherwise you wouldn't need a config partition, schema partition, domain parttion and a place for LostAndFound, NTDS Quotas...etc in domain partiton - technically you could put everything under one single node in there). And why would I want to create an OU structure for an application, if the application hasn't got anything to do with it? And how does it relate to the existence of a "Program Data" container? I just wanted to know what goes in there. From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 1:31 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] "Program Data" container Technically, you can put data anywhere you want in Active Directory. However, is there any reason you wouldn't create your own OU structure for an application? Have you checked MSDN for information on the program data container to see what uses it? From: Alice Joseph [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 12:55 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] "Program Data" container What is the purpose of "Program Data" container in the domain naming context of Active Directory? Is it a general purpose container where I can store any type of data or is it meant for specific purpose? Thanks Alice Joseph
RE: [ActiveDir] Program Data container
I have GOT to learn to better use these search engines ;) -Original Message- From: Thommes, Michael M. [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 2:44 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Program Data container From http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolo gies/directory/activedirectory/upgadc14.mspx Unlike the ForestPrep command, which was fairly resource-intensive, DomainPrep completes quickly. The changes in comparison to ForestPrep are relatively minor. Two new top-level containers are created, one called NTDS Quotas, just like what ForestPrep added in the Configuration container, and another container called Program Data. This is intended to be a starting point for applications to store their data instead of each vendor coming up with their own top-level OU structure. Mike Thommes Argonne National Laboratory -Original Message- From: Alice Joseph [mailto:[EMAIL PROTECTED] Sent: Tue 3/2/2004 1:34 PM To: '[EMAIL PROTECTED]' Cc: Subject: RE: [ActiveDir] Program Data container Al: Do you have any link to an MSDN page that talks about the Program Data container? If you have, let me know (I couldn't find anything, even a Google search didn't help). Technically, yes, you can put data anywhere in Active Directory. But each of those partitions and containers are there to serve some purpose (otherwise you wouldn't need a config partition, schema partition, domain parttion and a place for LostAndFound, NTDS Quotas...etc in domain partiton - technically you could put everything under one single node in there). And why would I want to create an OU structure for an application, if the application hasn't got anything to do with it? And how does it relate to the existence of a Program Data container? I just wanted to know what goes in there. _ From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 1:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Program Data container Technically, you can put data anywhere you want in Active Directory. However, is there any reason you wouldn't create your own OU structure for an application? Have you checked MSDN for information on the program data container to see what uses it? _ From: Alice Joseph [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 12:55 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Program Data container What is the purpose of Program Data container in the domain naming context of Active Directory? Is it a general purpose container where I can store any type of data or is it meant for specific purpose? Thanks Alice Joseph List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Protecting Active Directory
What is the best way to backup your domain controller so you can restore it in a disaster situation. This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message in not the intended recipient or the employer or agent responsible for delivering the message to the recipient, you are hereby notified that dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by email or telephone, and delete this message and all of its attachments.
RE: [ActiveDir] Protecting Active Directory
Title: Message The best way is to have more than one domain controller. Once you've got that redundancy, I run a system state backup on 2-3 geographically dispersed DC's using NTBackup (one of which holds the FSMO roles for the domain) and then rip that file to tape as part of the regular backup rotation. And read, then reread, then live by this info: http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/support/adrecov.mspx -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Philadelphia, Lynden - Revios Toronto [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:49 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Protecting Active DirectoryImportance: High What is the best way to backup your domain controller so you can restore it in a disaster situation.
RE: [ActiveDir] Protecting Active Directory
I like veritas backup exec. I dont know anything about the disaster recovery agent though. -Original Message- From: Philadelphia, Lynden - Revios Toronto [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:49 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Protecting Active Directory Importance: High What is the best way to backup your domain controller so you can restore it in a disaster situation.
RE: [ActiveDir] Protecting Active Directory
Title: Message What if your DCs are DNS servers, doing a system state backup and restore doesn't restore the DNS functionality and zones, etc. How do you handle this? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger SeielstadSent: Tuesday, March 02, 2004 3:05 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Protecting Active Directory The best way is to have more than one domain controller. Once you've got that redundancy, I run a system state backup on 2-3 geographically dispersed DC's using NTBackup (one of which holds the FSMO roles for the domain) and then rip that file to tape as part of the regular backup rotation. And read, then reread, then live by this info: http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/support/adrecov.mspx -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Philadelphia, Lynden - Revios Toronto [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 3:49 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Protecting Active DirectoryImportance: High What is the best way to backup your domain controller so you can restore it in a disaster situation. ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~
RE: [ActiveDir] Protecting Active Directory
1. Multiple DCs in diseparate locations. 2. Virtual DC for each domain that is shut down nightly and the disk file for each iscopied to some other location. - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia, Lynden - Revios TorontoSent: Tuesday, March 02, 2004 3:49 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Protecting Active DirectoryImportance: High What is the best way to backup your domain controller so you can restore it in a disaster situation.
[ActiveDir] AAS files and Software updates within GP
Title: AAS files and Software updates within GP Hi all, I remember some discussion a while back (could I be less specific I wonder??) about group policy software installation updates, and the effect on AAS files. I cant find this thread in the Archives but I was hoping that someone might have the entire thread that they could forward to me? TIA, Katherine [EMAIL PROTECTED]
