RE: [ActiveDir] SUS 2.0 Beta
Title: RE: [ActiveDir] SUS 2.0 Beta http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TuanSent: 15 April 2004 04:51To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] SUS 2.0 Beta Anyone can tell me where to download beta version of WUS? Thanks. Tuan From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 2:00 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] SUS 2.0 Beta There will be an upgrade path for WUW/SUS 2.0. However it hasn't been worked out yet. Mike -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 2:43 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta I was hoping I would be able to install SUS 2.0 over my existing SUS server since I do not have the resources to have it on another server. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad Sent: Wednesday, April 14, 2004 2:32 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta There's a client upgrade (which might be able to be done automatically) and I'd assume you'd want to install it into another IIS virtual server. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 1:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Does anyone know what the upgrade process is going to be from SUS to SUS 2.0? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Seielstad Sent: Wednesday, April 14, 2004 1:41 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Same way all other products are announced. My information has it that you've got a few months still before it goes public. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Philadelphia, Lynden - Revios Toronto [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 1:10 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] SUS 2.0 Beta How will we be notified when it is ready for public use Lynden -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 12:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta I believe its currently considered a closed beta, by invitation only. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.-Original Message- From: Robbie Foust [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 12:24 PMTo: [EMAIL PROTECTED] Subject: Re: [ActiveDir] SUS 2.0 Beta Looks like you can sign up for the open evaluation version here: http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx But I haven't been able to locate the beta version yet. Haven't found aGuest ID yet either. - Robbie Robbie Foust, IT AnalystSystems and Core Services Duke University England, Christopher M wrote:Greetings, I guess SUS 2.0 Beta has been released: _http://www.nwc.com/showitem.jhtml?articleID=18400592_ Does anyone have a Guest ID to get in on the Beta? Or is there just a download somewhere? Thanks all, Chris Christopher England Systems Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University List info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ :
RE: [ActiveDir] scripting admin
On a related note, I'm working on a VBScript to Perl code converter. Input some VBScript code and output the (roughly) equivalent Perl code. I just started a couple of weeks ago, but should have something in a month or so if anyone is interested. Robbie Allen http://www.rallenhome.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, April 14, 2004 2:38 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] scripting admin I'll second this. I've only run into one thing where I couldn't get Perl to work (deep, dark, ugly MAPI stuff...) Other than that, it's almost trivial to look at VBScript and convert it to perl. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, April 13, 2004 11:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] scripting admin I say Perl... The activestate dist is great. I am not aware of anything off the top of my head you can do in vbscript that you can't do in perl. You may want to learn enough vbscript to convert vbscripts others have written to perl. Overall for really simple things vbscript may be easier at first glance, but as the complexity rises vbscript shows its issues and perl starts to shine. Grab Robbie Allen's AD Cookbook which has some perl in it, also his Managing Enterprise Active Directory Services has quite a bit of perl in it. Most everything I tend to post here in terms of scripts and do in general is perl. joe - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, April 13, 2004 10:32 PM To: ActiveDir (E-mail) Subject: [ActiveDir] scripting admin sorry for what is more of a personal advice question- i'm a perl guy and i was wondering if for proper windows scripting, should i learn VBscript or can i get away with most admining with perl and activestate. i run a couple of linux and unix servers, so perl makes sense, but would it behove me to learn VBscript or even VB to effectively script my win2k ad enviorment or can i get away with perl and its integer conversion et al and be a good admin mastering only one lang? thanks in advance List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] scripting admin
Robbie Allen (rallen) wrote: On a related note, I'm working on a VBScript to Perl code converter. Input some VBScript code and output the (roughly) equivalent Perl code. I just started a couple of weeks ago, but should have something in a month or so if anyone is interested. Hand Raised! That would be cool. Me and VBScript just don't seem to get along. al Robbie Allen http://www.rallenhome.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, April 14, 2004 2:38 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] scripting admin I'll second this. I've only run into one thing where I couldn't get Perl to work (deep, dark, ugly MAPI stuff...) Other than that, it's almost trivial to look at VBScript and convert it to perl. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, April 13, 2004 11:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] scripting admin I say Perl... The activestate dist is great. I am not aware of anything off the top of my head you can do in vbscript that you can't do in perl. You may want to learn enough vbscript to convert vbscripts others have written to perl. Overall for really simple things vbscript may be easier at first glance, but as the complexity rises vbscript shows its issues and perl starts to shine. Grab Robbie Allen's AD Cookbook which has some perl in it, also his Managing Enterprise Active Directory Services has quite a bit of perl in it. Most everything I tend to post here in terms of scripts and do in general is perl. joe - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, April 13, 2004 10:32 PM To: ActiveDir (E-mail) Subject: [ActiveDir] scripting admin sorry for what is more of a personal advice question- i'm a perl guy and i was wondering if for proper windows scripting, should i learn VBscript or can i get away with most admining with perl and activestate. i run a couple of linux and unix servers, so perl makes sense, but would it behove me to learn VBscript or even VB to effectively script my win2k ad enviorment or can i get away with perl and its integer conversion et al and be a good admin mastering only one lang? thanks in advance -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS 2.0 Beta
Glad Rod passed on the pointer to susserver.com. Some of the new name suggestions are hilarious mc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] moving domain admins
Well, let's backup. Where and why did they move the domain admins group? Can you move it back and see if your issue gets resolved? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins I see nothing strange in ldp and no replication errors in event log or rep monitor. I think its a permissions issue but i have nowhere to begin looking and as far as i know nothing has been changed. They don't really have an IT dept(we admin them) so no one would even know how to change something anyway. I can see the server and admin group using enterprise manager from my domain just not theirs(where the server is located). However when i try to access the directory tab of the server, i get information about directory services could not be entirely obtained. make sure exchange management service is running. exchange management service IS running. very strange indeed. any other thoughts, tips? thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:38 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins If you open it up in LDP, what do you see (authenticated of course)? Is it possible that there's a replication issue? Have you checked the logs of the domains to see what's logged when you attempt to connect? Just where did they move the domain administrators from/to? Just from cn=users to something else? Al -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins another labyrinthine cross post(sorry)- Also, i fire up adsi edit from their domain and i can only get to the organization in the config partition. when on go to the security tab, there are no entries. how can they just lose permissions to certain parts of the config paritition? the only change made was the root domain of the forest installed exchange 2003, but i doubt that had anything to do with. i'm very puzzled. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 1:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins Heck of a cross post, isn't it? Moving the domain administrators group is not something that should cause this type of issue. What else was done during those changes? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 12:45 PM To: Admin Issues (E-mail) Cc: ActiveDir (E-mail) Subject: [ActiveDir] moving domain admins I know moving the default exchange groups out of the users folder can screw things up as exchange expects to find them there, but will moving the domain admins from the users folder into another ou(no gpo applied) screw things up with exchange or any other services in ad? I only ask because some admin in another domain moved this group and now when i open exchange manager in their domain, i can't see the servers or any admin groups. i'm running exchange manager as their administrator account and thier domain admins have full exchange rights on their admin group. other than that exchange is functioning normally. thanks List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] moving domain admins
they moved it to another ou that has no group policy applied to it. i moved it back, still the same. i don't think it has anything to do with moving the group anymore. we are a multi domain win2k forest. the root domain is in win2k native mode, every other domain is mixed. we are in exchange2k native mode, though i think ther is a exchange2003 server in the root domain now. thats all that has been changed this specfic domain is the only one with an issue. hope that helps a little -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:03 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Well, let's backup. Where and why did they move the domain admins group? Can you move it back and see if your issue gets resolved? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins I see nothing strange in ldp and no replication errors in event log or rep monitor. I think its a permissions issue but i have nowhere to begin looking and as far as i know nothing has been changed. They don't really have an IT dept(we admin them) so no one would even know how to change something anyway. I can see the server and admin group using enterprise manager from my domain just not theirs(where the server is located). However when i try to access the directory tab of the server, i get information about directory services could not be entirely obtained. make sure exchange management service is running. exchange management service IS running. very strange indeed. any other thoughts, tips? thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:38 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins If you open it up in LDP, what do you see (authenticated of course)? Is it possible that there's a replication issue? Have you checked the logs of the domains to see what's logged when you attempt to connect? Just where did they move the domain administrators from/to? Just from cn=users to something else? Al -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins another labyrinthine cross post(sorry)- Also, i fire up adsi edit from their domain and i can only get to the organization in the config partition. when on go to the security tab, there are no entries. how can they just lose permissions to certain parts of the config paritition? the only change made was the root domain of the forest installed exchange 2003, but i doubt that had anything to do with. i'm very puzzled. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 1:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins Heck of a cross post, isn't it? Moving the domain administrators group is not something that should cause this type of issue. What else was done during those changes? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 12:45 PM To: Admin Issues (E-mail) Cc: ActiveDir (E-mail) Subject: [ActiveDir] moving domain admins I know moving the default exchange groups out of the users folder can screw things up as exchange expects to find them there, but will moving the domain admins from the users folder into another ou(no gpo applied) screw things up with exchange or any other services in ad? I only ask because some admin in another domain moved this group and now when i open exchange manager in their domain, i can't see the servers or any admin groups. i'm running exchange manager as their administrator account and thier domain admins have full exchange rights on their admin group. other than that exchange is functioning normally. thanks List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive:
RE: [ActiveDir] scripting admin
Way Cool! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Allen (rallen) Sent: Thursday, April 15, 2004 7:23 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] scripting admin On a related note, I'm working on a VBScript to Perl code converter. Input some VBScript code and output the (roughly) equivalent Perl code. I just started a couple of weeks ago, but should have something in a month or so if anyone is interested. Robbie Allen http://www.rallenhome.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, April 14, 2004 2:38 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] scripting admin I'll second this. I've only run into one thing where I couldn't get Perl to work (deep, dark, ugly MAPI stuff...) Other than that, it's almost trivial to look at VBScript and convert it to perl. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, April 13, 2004 11:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] scripting admin I say Perl... The activestate dist is great. I am not aware of anything off the top of my head you can do in vbscript that you can't do in perl. You may want to learn enough vbscript to convert vbscripts others have written to perl. Overall for really simple things vbscript may be easier at first glance, but as the complexity rises vbscript shows its issues and perl starts to shine. Grab Robbie Allen's AD Cookbook which has some perl in it, also his Managing Enterprise Active Directory Services has quite a bit of perl in it. Most everything I tend to post here in terms of scripts and do in general is perl. joe - http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, April 13, 2004 10:32 PM To: ActiveDir (E-mail) Subject: [ActiveDir] scripting admin sorry for what is more of a personal advice question- i'm a perl guy and i was wondering if for proper windows scripting, should i learn VBscript or can i get away with most admining with perl and activestate. i run a couple of linux and unix servers, so perl makes sense, but would it behove me to learn VBscript or even VB to effectively script my win2k ad enviorment or can i get away with perl and its integer conversion et al and be a good admin mastering only one lang? thanks in advance List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Migration Dilemma
Hunter,The user accounts were all created by a script and an email was sent to the new account so it became a mailbox. Permissions were then assigned to the mailbox to allow the NT 4 domain account owner rights to the mailbox so they are still authenticating with the old domain controllers. There is an Exchange 5.5 and ADC in the mix but it is at another site so hopefully this wont cause any issues. Basically we just want to migrate the groups and group memberships over as well as all the old file permissions so we can decommission the old domain. Initially we had thought the ADMT was going to be able to help us by allowing us to tie the SID from the old account to the new account, but it looks like that is only an option if you dont already have the user accounts created. Thank you for the response!AdamFrom: Coleman, Hunter [EMAIL PROTECTED]Subject: RE: [ActiveDir] Migration DilemmaDate: Wed, 14 Apr 2004 09:50:16 -0600Reply-To: [EMAIL PROTECTED]What are the desired results?How were the user accounts and mailboxes created in the new domaininitially? Are the users authenticating against the mailboxes with their NT4 accounts, or with the AD accounts? Is there an Exch 5.5 organization andan ADC in the mix?Hunter -Original Message-From: Morris, Adam [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 9:41 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Migration DilemmaHello,We are in the process of planning our migration from NT 4 to Windows 2000AD. Last year we deployed a minimal AD site in order to roll-out Exchange2000 for our users. User accounts and mailboxes were created in the newdomain but no users were migrated. Some initial testing with the ADMTindicates that it will not produce the desired results. At this time I can see 2 possible plans of action and I'm looking for somebetter options. (Like maybe another way to migrate the SID's to the newaccounts in AD or a way to get ADMT to update the existing accounts insteadof replacing them).Plan 1: Back up all the user mailboxes, wipe the AD accounts, use ADMT tomove all the accounts/gropus, and then restore mailbox data.Plan 2: Spend the time to develop custom scripts that will add/create theappropriate groups and script as much of the migration as possible.Currently we have close to 150 groups for around 400 users and multiple fileservers so the thought of doing a manual migration process is prettypainful. If anybody has any suggestions or thoughts I'd much appreciate thefeedback.Thank you!Adam MorrisList info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -
[ActiveDir] Importing IPSEC Policies into an OU
Hey all, This might seem kinda odd and maybe I'm just doing something wrong. But I tried to import an IPSEC policy (that basically just does port blocking) into and AD but I keep getting rejected due to permissions (apparently). Now I don't have Domain Admin rights to the domain, however I have been delegated complete authority to the OU that I'm working in. Does anyone know if there are additional issues dealing with the importing of IPSec policies at OU levels that I might be missing? Thanks, Chuck -- Charles D. Carerros Systems Administrator Information Technology Office College of Letters and Science University of Wisconsin -- Milwaukee [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] moving domain admins
What version is the child domain at (sp level of Windows DC?) and were the child domains domain prepp'd? Were both child domains treated the same? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins they moved it to another ou that has no group policy applied to it. i moved it back, still the same. i don't think it has anything to do with moving the group anymore. we are a multi domain win2k forest. the root domain is in win2k native mode, every other domain is mixed. we are in exchange2k native mode, though i think ther is a exchange2003 server in the root domain now. thats all that has been changed this specfic domain is the only one with an issue. hope that helps a little -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:03 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Well, let's backup. Where and why did they move the domain admins group? Can you move it back and see if your issue gets resolved? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins I see nothing strange in ldp and no replication errors in event log or rep monitor. I think its a permissions issue but i have nowhere to begin looking and as far as i know nothing has been changed. They don't really have an IT dept(we admin them) so no one would even know how to change something anyway. I can see the server and admin group using enterprise manager from my domain just not theirs(where the server is located). However when i try to access the directory tab of the server, i get information about directory services could not be entirely obtained. make sure exchange management service is running. exchange management service IS running. very strange indeed. any other thoughts, tips? thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:38 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins If you open it up in LDP, what do you see (authenticated of course)? Is it possible that there's a replication issue? Have you checked the logs of the domains to see what's logged when you attempt to connect? Just where did they move the domain administrators from/to? Just from cn=users to something else? Al -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins another labyrinthine cross post(sorry)- Also, i fire up adsi edit from their domain and i can only get to the organization in the config partition. when on go to the security tab, there are no entries. how can they just lose permissions to certain parts of the config paritition? the only change made was the root domain of the forest installed exchange 2003, but i doubt that had anything to do with. i'm very puzzled. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 1:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins Heck of a cross post, isn't it? Moving the domain administrators group is not something that should cause this type of issue. What else was done during those changes? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 12:45 PM To: Admin Issues (E-mail) Cc: ActiveDir (E-mail) Subject: [ActiveDir] moving domain admins I know moving the default exchange groups out of the users folder can screw things up as exchange expects to find them there, but will moving the domain admins from the users folder into another ou(no gpo applied) screw things up with exchange or any other services in ad? I only ask because some admin in another domain moved this group and now when i open exchange manager in their domain, i can't see the servers or any admin groups. i'm running exchange manager as their administrator account and thier domain admins have full exchange rights on their admin group. other than that exchange is functioning normally. thanks List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive:
RE: [ActiveDir] Migration Dilemma
I have used Quests migratory product in similar situations where the user base was populated, but all we wanted was symbolic linkage for groups, reacling and sidhistory, without disturbing what was there already, and nothing broke, including mail. Ive also done a non ADC migrations using the same tool with great success. If you have to script, then doing the group sync can be done, but the reacling on anything more than 2 machines is going to bite you badly, if youre scripting, a ACE append for every old sid and an ACE cleanup after co-existence is done. Even with sidHistory, at some stage you need to re-acl and drop the old ACEs. If you can afford to wipe out and try again, suggest using a third party tool like migrator, as Ive done green field migrations manually and with tools, and Id rather take the tool route any day, especially if I can choose to NOT use the ADC ;) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Morris, Adam Sent: 15 April 2004 03:41 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Migration Dilemma Hunter,The user accounts were all created by a script and an email was sent to the new account so it became a mailbox. Permissions were then assigned to the mailbox to allow the NT 4 domain account owner rights to the mailbox so they are still authenticating with the old domain controllers. There is an Exchange 5.5 and ADC in the mix but it is at another site so hopefully this wont cause any issues. Basically we just want to migrate the groups and group memberships over as well as all the old file permissions so we can decommission the old domain. Initially we had thought the ADMT was going to be able to help us by allowing us to tie the SID from the old account to the new account, but it looks like that is only an option if you dont already have the user accounts created. Thank you for the response!AdamFrom: Coleman, Hunter [EMAIL PROTECTED]Subject: RE: [ActiveDir] Migration DilemmaDate: Wed, 14 Apr 2004 09:50:16 -0600Reply-To: [EMAIL PROTECTED]What are the desired results?How were the user accounts and mailboxes created in the new domaininitially? Are the users authenticating against the mailboxes with their NT4 accounts, or with the AD accounts? Is there an Exch 5.5 organization andan ADC in the mix?Hunter -Original Message-From: Morris, Adam [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 14, 2004 9:41 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Migration DilemmaHello,We are in the process of planning our migration from NT 4 to Windows 2000AD. Last year we deployed a minimal AD site in order to roll-out Exchange2000 for our users. User accounts and mailboxes were created in the newdomain but no users were migrated. Some initial testing with the ADMTindicates that it will not produce the desired results. At this time I can see 2 possible plans of action and I'm looking for somebetter options. (Like maybe another way to migrate the SID's to the newaccounts in AD or a way to get ADMT to update the existing accounts insteadof replacing them).Plan 1: Back up all the user mailboxes, wipe the AD accounts, use ADMT tomove all the accounts/gropus, and then restore mailbox data.Plan 2: Spend the time to develop custom scripts that will add/create theappropriate groups and script as much of the migration as possible.Currently we have close to 150 groups for around 400 users and multiple fileservers so the thought of doing a manual migration process is prettypainful. If anybody has any suggestions or thoughts I'd much appreciate thefeedback.Thank you!Adam MorrisList info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -
RE: [ActiveDir] SUS 2.0 Beta
Did anyone else receive an Unknown Error when registering for WUS open beta (during Step 4) or was it just me? :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Thursday, April 15, 2004 9:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Glad Rod passed on the pointer to susserver.com. Some of the new name suggestions are hilarious mc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Migration Dilemma
From what I remember, there is an option in ADMT to merge accounts from a source domain if a similar account exists in the target domain. I think it's handled in the Naming Conflicts section of ADMT. I can't recall which attributes it uses to determine what constitutes a matching/conflicting account, but there may be something in the documentation. You can migrate the groups first, without the members, and then have the user account migrations update/correct the group memberships. This should also allow you to pull SIDHistory along. Alternatives would include a batch/script process to clone the groups and repopulate the members, and subinacl.exe from the resource kit to handle the file permissions. Or you could go with one of the migration tools that others have mentioned. Hunter From: Morris, Adam [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 7:41 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Migration Dilemma Hunter, The user accounts were all created by a script and an email was sent to the new account so it became a mailbox. Permissions were then assigned to the mailbox to allow the NT 4 domain account owner rights to the mailbox so they are still authenticating with the old domain controllers. There is an Exchange 5.5 and ADC in the mix but it is at another site so hopefully this won't cause any issues. Basically we just want to migrate the groups and group memberships over as well as all the old file permissions so we can decommission the old domain. Initially we had thought the ADMT was going to be able to help us by allowing us to tie the SID from the old account to the new account, but it looks like that is only an option if you don't already have the user accounts created. Thank you for the response! Adam From: Coleman, Hunter [EMAIL PROTECTED] http://by2fd.bay2.hotmail.msn.com/cgi-bin/compose?curmbox=F1a=2792 74ffddd7b484f36fca3cb67f2795mailto=1[EMAIL PROTECTED]msg=MSG1081999 696.15start=145797len=325208src=type=x Subject: RE: [ActiveDir] Migration Dilemma Date: Wed, 14 Apr 2004 09:50:16 -0600 Reply-To: [EMAIL PROTECTED] http://by2fd.bay2.hotmail.msn.com/cgi-bin/compose?curmbox=F1a=2792 74ffddd7b484f36fca3cb67f2795mailto=1[EMAIL PROTECTED]msg=MS G1081999696.15start=145797len=325208src=type=x What are the desired results? How were the user accounts and mailboxes created in the new domain initially? Are the users authenticating against the mailboxes with their NT 4 accounts, or with the AD accounts? Is there an Exch 5.5 organization and an ADC in the mix? Hunter -Original Message- From: Morris, Adam [mailto:[EMAIL PROTECTED] http://by2fd.bay2.hotmail.msn.com/cgi-bin/compose?mailto=1msg=MSG108199969 6.15start=145797len=325208src=type=xto=Adam%2eMorris%40experian%2ecomc c=bcc=subject=body=curmbox=F1a=279274ffddd7b484f36fca3cb67f2795 ] Sent: Wednesday, April 14, 2004 9:41 AM To: [EMAIL PROTECTED] http://by2fd.bay2.hotmail.msn.com/cgi-bin/compose?curmbox=F1a=2792 74ffddd7b484f36fca3cb67f2795mailto=1[EMAIL PROTECTED]msg=MS G1081999696.15start=145797len=325208src=type=x Subject: [ActiveDir] Migration Dilemma Hello, We are in the process of planning our migration from NT 4 to Windows 2000 AD. Last year we deployed a minimal AD site in order to roll-out Exchange 2000 for our users. User accounts and mailboxes were created in the new domain but no users were migrated. Some initial testing with the ADMT indicates that it will not produce the desired results. At this time I can see 2 possible plans of action and I'm looking for some better options. (Like maybe another way to migrate the SID's to the new accounts in AD or a way to get ADMT to update the existing accounts instead of replacing them). Plan 1: Back up all the user mailboxes, wipe the AD accounts, use ADMT to move all the accounts/gropus, and then restore mailbox data. Plan 2: Spend the time to develop custom scripts that will add/create the appropriate groups and script as much of the migration as possible. Currently we have close to 150 groups for around 400 users and multiple file servers so the thought of doing a manual migration process is pretty painful. If anybody has any suggestions or thoughts I'd much appreciate the feedback. Thank you! Adam Morris List info : http://www.activedir.org/mail_list.htm http://65.54.246.250:80/cgi-bin/linkrd?_lang=ENlah=50d951d50001d17749db514 dbe7692c3lat=1082033900hm___action=http%3a%2f%2fwww%2eactivedir%2eorg%2fma il_list%2ehtm List FAQ: http://www.activedir.org/list_faq.htm http://65.54.246.250:80/cgi-bin/linkrd?_lang=ENlah=17ae489968d26ddb4d5ef63 233be7a47lat=1082033900hm___action=http%3a%2f%2fwww%2eactivedir%2eorg%2fli st_faq%2ehtm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ http://65.54.246.250:80/cgi-bin/linkrd?_lang=ENlah=383f9d0d11011b84cd837ce 7632b83e8lat=1082033900hm___action=http%3a%2f%2fwww%2email%2darchive%2ecom
RE: [ActiveDir] SUS 2.0 Beta
Yea I did too and I was never able to register. I'm kind of disappointed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Wassell Sent: Thursday, April 15, 2004 7:24 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Did anyone else receive an Unknown Error when registering for WUS open beta (during Step 4) or was it just me? :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Thursday, April 15, 2004 9:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Glad Rod passed on the pointer to susserver.com. Some of the new name suggestions are hilarious mc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS 2.0 Beta
I did notice that after I cranked down my browser security and revisited I received an Already Confirmed notification, so maybe the form has an error I guess we'll see -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Hummert Sent: Thursday, April 15, 2004 11:12 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Yea I did too and I was never able to register. I'm kind of disappointed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Wassell Sent: Thursday, April 15, 2004 7:24 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Did anyone else receive an Unknown Error when registering for WUS open beta (during Step 4) or was it just me? :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Thursday, April 15, 2004 9:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Glad Rod passed on the pointer to susserver.com. Some of the new name suggestions are hilarious mc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] moving domain admins
ok, they can't see any objects under the exchange org in the configuration partition. they're are no replication errors. my child domain can see everything fine. we are in mixed mode with sp3 and sp4 dc's and gc's. their domain's config is pretty much the same as ours in terms of mixed mode and sp3/4 dc/gc's. any thoughts? thanks -Original Message- From: Kern, Tom Sent: Thursday, April 15, 2004 10:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins child domains are at sp3 and sp4. exchange2k sp3 child domains were not prepped -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins What version is the child domain at (sp level of Windows DC?) and were the child domains domain prepp'd? Were both child domains treated the same? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins they moved it to another ou that has no group policy applied to it. i moved it back, still the same. i don't think it has anything to do with moving the group anymore. we are a multi domain win2k forest. the root domain is in win2k native mode, every other domain is mixed. we are in exchange2k native mode, though i think ther is a exchange2003 server in the root domain now. thats all that has been changed this specfic domain is the only one with an issue. hope that helps a little -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:03 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Well, let's backup. Where and why did they move the domain admins group? Can you move it back and see if your issue gets resolved? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins I see nothing strange in ldp and no replication errors in event log or rep monitor. I think its a permissions issue but i have nowhere to begin looking and as far as i know nothing has been changed. They don't really have an IT dept(we admin them) so no one would even know how to change something anyway. I can see the server and admin group using enterprise manager from my domain just not theirs(where the server is located). However when i try to access the directory tab of the server, i get information about directory services could not be entirely obtained. make sure exchange management service is running. exchange management service IS running. very strange indeed. any other thoughts, tips? thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:38 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins If you open it up in LDP, what do you see (authenticated of course)? Is it possible that there's a replication issue? Have you checked the logs of the domains to see what's logged when you attempt to connect? Just where did they move the domain administrators from/to? Just from cn=users to something else? Al -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins another labyrinthine cross post(sorry)- Also, i fire up adsi edit from their domain and i can only get to the organization in the config partition. when on go to the security tab, there are no entries. how can they just lose permissions to certain parts of the config paritition? the only change made was the root domain of the forest installed exchange 2003, but i doubt that had anything to do with. i'm very puzzled. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 1:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins Heck of a cross post, isn't it? Moving the domain administrators group is not something that should cause this type of issue. What else was done during those changes? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 12:45 PM To: Admin Issues (E-mail) Cc: ActiveDir (E-mail) Subject: [ActiveDir] moving domain admins I know moving the default exchange groups out of the users folder can screw things up as exchange expects to find them there, but will moving the domain admins from the users folder into another ou(no gpo applied) screw things up with exchange or any other services in ad? I only ask because some admin in another domain moved this group and now when i open exchange manager in their domain, i can't see the servers or any admin groups. i'm running exchange manager as their administrator account and thier domain admins have full exchange rights on their admin group.
RE: [ActiveDir] moving domain admins
Are both child domains at SP34 mixed? Any hotfixes? I do know that e2k3 does work with permissions on the first install. But if you have perms in the one child domain and not the other, that doesn't sound like the issue directly. Sounds more like an Active Directory issue or some change that was made that nobody told you about/realized was made. Can you double check the permissions on the ORG and AG's? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 10:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins child domains are at sp3 and sp4. exchange2k sp3 child domains were not prepped -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins What version is the child domain at (sp level of Windows DC?) and were the child domains domain prepp'd? Were both child domains treated the same? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins they moved it to another ou that has no group policy applied to it. i moved it back, still the same. i don't think it has anything to do with moving the group anymore. we are a multi domain win2k forest. the root domain is in win2k native mode, every other domain is mixed. we are in exchange2k native mode, though i think ther is a exchange2003 server in the root domain now. thats all that has been changed this specfic domain is the only one with an issue. hope that helps a little -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:03 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Well, let's backup. Where and why did they move the domain admins group? Can you move it back and see if your issue gets resolved? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins I see nothing strange in ldp and no replication errors in event log or rep monitor. I think its a permissions issue but i have nowhere to begin looking and as far as i know nothing has been changed. They don't really have an IT dept(we admin them) so no one would even know how to change something anyway. I can see the server and admin group using enterprise manager from my domain just not theirs(where the server is located). However when i try to access the directory tab of the server, i get information about directory services could not be entirely obtained. make sure exchange management service is running. exchange management service IS running. very strange indeed. any other thoughts, tips? thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:38 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins If you open it up in LDP, what do you see (authenticated of course)? Is it possible that there's a replication issue? Have you checked the logs of the domains to see what's logged when you attempt to connect? Just where did they move the domain administrators from/to? Just from cn=users to something else? Al -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins another labyrinthine cross post(sorry)- Also, i fire up adsi edit from their domain and i can only get to the organization in the config partition. when on go to the security tab, there are no entries. how can they just lose permissions to certain parts of the config paritition? the only change made was the root domain of the forest installed exchange 2003, but i doubt that had anything to do with. i'm very puzzled. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 1:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins Heck of a cross post, isn't it? Moving the domain administrators group is not something that should cause this type of issue. What else was done during those changes? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 12:45 PM To: Admin Issues (E-mail) Cc: ActiveDir (E-mail) Subject: [ActiveDir] moving domain admins I know moving the default exchange groups out of the users folder can screw things up as exchange expects to find them there, but will moving the domain admins from the users folder into another ou(no gpo applied) screw things up with exchange or any other services in ad? I only ask because some admin in another domain moved this group and now when i open exchange manager in their domain, i can't see the servers or any admin groups. i'm running exchange manager
RE: [ActiveDir] moving domain admins
yes they are mixed with the latest hotfixes. they have all rights on their AG except send as and recieve as. on the org, they are not listed, except of course their exchange domain servers group. same as us, and we see everything. further info- the root domain in the forest is in win2k native mode. they are running one exchange2003 server on a win2k box. thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Are both child domains at SP34 mixed? Any hotfixes? I do know that e2k3 does work with permissions on the first install. But if you have perms in the one child domain and not the other, that doesn't sound like the issue directly. Sounds more like an Active Directory issue or some change that was made that nobody told you about/realized was made. Can you double check the permissions on the ORG and AG's? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 10:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins child domains are at sp3 and sp4. exchange2k sp3 child domains were not prepped -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins What version is the child domain at (sp level of Windows DC?) and were the child domains domain prepp'd? Were both child domains treated the same? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins they moved it to another ou that has no group policy applied to it. i moved it back, still the same. i don't think it has anything to do with moving the group anymore. we are a multi domain win2k forest. the root domain is in win2k native mode, every other domain is mixed. we are in exchange2k native mode, though i think ther is a exchange2003 server in the root domain now. thats all that has been changed this specfic domain is the only one with an issue. hope that helps a little -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:03 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Well, let's backup. Where and why did they move the domain admins group? Can you move it back and see if your issue gets resolved? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins I see nothing strange in ldp and no replication errors in event log or rep monitor. I think its a permissions issue but i have nowhere to begin looking and as far as i know nothing has been changed. They don't really have an IT dept(we admin them) so no one would even know how to change something anyway. I can see the server and admin group using enterprise manager from my domain just not theirs(where the server is located). However when i try to access the directory tab of the server, i get information about directory services could not be entirely obtained. make sure exchange management service is running. exchange management service IS running. very strange indeed. any other thoughts, tips? thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:38 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins If you open it up in LDP, what do you see (authenticated of course)? Is it possible that there's a replication issue? Have you checked the logs of the domains to see what's logged when you attempt to connect? Just where did they move the domain administrators from/to? Just from cn=users to something else? Al -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins another labyrinthine cross post(sorry)- Also, i fire up adsi edit from their domain and i can only get to the organization in the config partition. when on go to the security tab, there are no entries. how can they just lose permissions to certain parts of the config paritition? the only change made was the root domain of the forest installed exchange 2003, but i doubt that had anything to do with. i'm very puzzled. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 1:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins Heck of a cross post, isn't it? Moving the domain administrators group is not something that should cause this type of issue. What else was done during those changes? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 12:45 PM To: Admin
RE: [ActiveDir] scripting admin
I think that would be very interesting. It might enable me to understand Perl a little better and learn how to use it. "Robbie Allen (rallen)" [EMAIL PROTECTED] wrote: On a related note, I'm working on a VBScript to Perl code converter.Input some VBScript code and output the (roughly) equivalent Perl code.I just started a couple of weeks ago, but should have something in amonth or so if anyone is interested.Robbie Allenhttp://www.rallenhome.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, April 14, 2004 2:38 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] scripting admin I'll second this. I've only run into one thing where I couldn't get Perl to work (deep, dark, ugly MAPI stuff...) Other than that, it's almost trivial to look at VBScript and convert it to perl. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, April 13, 2004 11:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] scripting admin I say Perl... The activestate dist is great. I am not aware of anything off the top of my head you can do in vbscript that you can't do in perl. You may want to learn enough vbscript to convert vbscripts others have written to perl. Overall for really simple things vbscript may be easier at first glance, but as the complexity rises vbscript shows its issues and perl starts to shine. Grab Robbie Allen's AD Cookbook which has some perl in it, also his Managing Enterprise Active Directory Services has quite a bit of perl in it. Most everything I tend to post here in terms of scripts and do in general is perl. joe- http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware)-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, April 13, 2004 10:32 PM To: ActiveDir (E-mail) Subject: [ActiveDir] scripting admin sorry for what is more of a personal advice question- i'm a perl guy and i was wondering if for proper windows scripting, should i learn VBscript or can i get away with most admining with perl and activestate. i run a couple of linux and unix servers, so perl makes sense, but would it behove me to learn VBscript or even VB to effectively script my win2k ad enviorment or can i get away with perl and its integer conversion et al and be a good admin mastering only one lang? thanks in advance List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Importing IPSEC Policies into an OU
What I have is an exported .ipsec file (that was created on a local workstation). It contains the tested and fully functional IPSEC policy that I was advised to implement so my plan was to export the policy from the local machine and then import it into the GPO. I am the GPO administrator and I can change the IPSEC stuff, I'm just not able to import the .ipsec file in the security area. I was just trying to figure out if you were able to conduct that type of import on a GPO or if that only works on local workstations (which doesn't make sense) or the guy who set up my permissions may have just made a mistake when he granted me the admin rights to the GPO. I guess I can ask the admin to recheck my privileges on the GPO to ensure that he has me set with the IPSEC part, but that doesn't seem that plausible of an option considering he said that he granted my privileges using the delegate administration feature. Is there a big difference between using the .ipsec file instead of the .inf file? Thanks, chuck Darren Mar-Elia wrote: Charles- When you say you're importing IPSEC, I assume this means you have an .inf file that you've created that you importing into an OU-linked GPO? The ability to make changes to a GPO are governed by the permissions on the GPO object itself, which is not stored in the OU but rather under the System\Policies container in your domain (and also in SYSVOL). If you view the permissions on the GPO object itself, you should be able to see if you have modify rights on that GPO. If you don't, you'll need to get the owner of that GPO to grant you those rights explicitly for that GPO. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Carerros Sent: Thursday, April 15, 2004 6:49 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Importing IPSEC Policies into an OU Hey all, This might seem kinda odd and maybe I'm just doing something wrong. But I tried to import an IPSEC policy (that basically just does port blocking) into and AD but I keep getting rejected due to permissions (apparently). Now I don't have Domain Admin rights to the domain, however I have been delegated complete authority to the OU that I'm working in. Does anyone know if there are additional issues dealing with the importing of IPSec policies at OU levels that I might be missing? Thanks, Chuck -- Charles D. Carerros Systems Administrator Information Technology Office College of Letters and Science University of Wisconsin -- Milwaukee [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Charles D. Carerros Systems Administrator Information Technology Office College of Letters and Science University of Wisconsin -- Milwaukee [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Office2003 Rollout
I have to roll out Office 2003 onto around 350 desktops. Any great in site into the best approach here. I have been looking at some third party applications in particularly Altiris, but I was wondering if it could be done through Group Policy / Software deployment. All desktops are W2K. Gary Smith List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Office2003 Rollout
The short answer would be yes. I would suggest doing it as a Published Application with an .MST answer file, as opposed to an Assigned application because my first concern would be extended log on periods during which users would think they're computers were hung/not responding and doing something vulgar ;-) That's just one of the hurdles though. I'm sure there will be others. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GARY SMITH Sent: Thursday, April 15, 2004 12:16 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Office2003 Rollout I have to roll out Office 2003 onto around 350 desktops. Any great in site into the best approach here. I have been looking at some third party applications in particularly Altiris, but I was wondering if it could be done through Group Policy / Software deployment. All desktops are W2K. Gary Smith List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Office2003 Rollout
Google is your friend: http://www.google.com/search?hl=enie=UTF-8oe=UTF-8safe=offq=deploy+office+2003+group+policyspell=1 or if that wraps horribly: http://tinyurl.com/ypgs3 good luck, john At 12:38 PM 4/15/2004, Michael Wassell wrote: The short answer would be yes. I would suggest doing it as a Published Application with an .MST answer file, as opposed to an Assigned application because my first concern would be extended log on periods during which users would think they're computers were hung/not responding and doing something vulgar ;-) That's just one of the hurdles though. I'm sure there will be others. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GARY SMITH Sent: Thursday, April 15, 2004 12:16 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Office2003 Rollout I have to roll out Office 2003 onto around 350 desktops. Any great in site into the best approach here. I have been looking at some third party applications in particularly Altiris, but I was wondering if it could be done through Group Policy / Software deployment. All desktops are W2K. Gary Smith List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Office2003 Rollout
Altiris deployment solution is a really handy product, but unfortunately you can't create a snapshot image of office and deploy it. You pretty much have to run the setup with an answer file over the network. I guess I would just use group policy to do it, or I wonder if there is a way to make a wmi script that would run it...like schedule it to run after hours, or manually start it. - Robbie Robbie Foust, IT Analyst Systems and Core Services Duke University GARY SMITH wrote: I have to roll out Office 2003 onto around 350 desktops. Any great in site into the best approach here. I have been looking at some third party applications in particularly Altiris, but I was wondering if it could be done through Group Policy / Software deployment. All desktops are W2K. Gary Smith List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Office2003 Rollout
Return Receipt Your RE: [ActiveDir] Office2003 Rollout document : was Ryan McDonald/bankersbank received by: at: 04/15/2004 02:44:21 PM List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Windows NTP Settings in GPO
Has anyone bothered to configure the Windows NTP settings in the Computer Configurations of your GPO's? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Office2003 Rollout
They have WordPerfect but are making the change to Office, not sure what version. At 02:42 PM 4/15/2004, you wrote: I'm curious what office package did you have before? Was it standardized across the 350 desktops? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:16 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Office2003 Rollout I have to roll out Office 2003 onto around 350 desktops. Any great in site into the best approach here. I have been looking at some third party applications in particularly Altiris, but I was wondering if it could be done through Group Policy / Software deployment. All desktops are W2K. Gary Smith List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Gary Smith Strategic Concepts Group 6543 Mississauga Road Mississauga,L5N 1A6 Phone(905)814-8848 ext.3303 Fax(905)814-8841 [EMAIL PROTECTED] www.strategicconceptsgroup.com A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty. LEEDS UNITED, LUFC List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Windows NTP Settings in GPO
No reason to do it - by default the Windows Time Service handles that kind of setup - syncing all DC's off the PDCe, and all clients off their DCs... -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 2:57 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Windows NTP Settings in GPO Has anyone bothered to configure the Windows NTP settings in the Computer Configurations of your GPO's? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] moving domain admins
So to summarize, you can't see details in their AG and they can't see details in your AG? That about right? Sounds like you need to redelegate the permissions to the AG, but I'm guessing. It's tough to get a read on the situation over time :) Seems odd though. -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:39 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins yes they are mixed with the latest hotfixes. they have all rights on their AG except send as and recieve as. on the org, they are not listed, except of course their exchange domain servers group. same as us, and we see everything. further info- the root domain in the forest is in win2k native mode. they are running one exchange2003 server on a win2k box. thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Are both child domains at SP34 mixed? Any hotfixes? I do know that e2k3 does work with permissions on the first install. But if you have perms in the one child domain and not the other, that doesn't sound like the issue directly. Sounds more like an Active Directory issue or some change that was made that nobody told you about/realized was made. Can you double check the permissions on the ORG and AG's? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 10:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins child domains are at sp3 and sp4. exchange2k sp3 child domains were not prepped -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins What version is the child domain at (sp level of Windows DC?) and were the child domains domain prepp'd? Were both child domains treated the same? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins they moved it to another ou that has no group policy applied to it. i moved it back, still the same. i don't think it has anything to do with moving the group anymore. we are a multi domain win2k forest. the root domain is in win2k native mode, every other domain is mixed. we are in exchange2k native mode, though i think ther is a exchange2003 server in the root domain now. thats all that has been changed this specfic domain is the only one with an issue. hope that helps a little -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:03 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Well, let's backup. Where and why did they move the domain admins group? Can you move it back and see if your issue gets resolved? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins I see nothing strange in ldp and no replication errors in event log or rep monitor. I think its a permissions issue but i have nowhere to begin looking and as far as i know nothing has been changed. They don't really have an IT dept(we admin them) so no one would even know how to change something anyway. I can see the server and admin group using enterprise manager from my domain just not theirs(where the server is located). However when i try to access the directory tab of the server, i get information about directory services could not be entirely obtained. make sure exchange management service is running. exchange management service IS running. very strange indeed. any other thoughts, tips? thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:38 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins If you open it up in LDP, what do you see (authenticated of course)? Is it possible that there's a replication issue? Have you checked the logs of the domains to see what's logged when you attempt to connect? Just where did they move the domain administrators from/to? Just from cn=users to something else? Al -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins another labyrinthine cross post(sorry)- Also, i fire up adsi edit from their domain and i can only get to the organization in the config partition. when on go to the security tab, there are no entries. how can they just lose permissions to certain parts of the config paritition? the only change made was the root domain of the forest installed exchange 2003, but i doubt that had anything to do with. i'm very puzzled. -Original Message-
RE: [ActiveDir] Importing IPSEC Policies into an OU
Chuck- Sorry, its been a while since I've touched IPSec. So IPSec is not supported through .inf security templates--you're using the right approach. I confirmed that it is possible to import an IPSec policy created on a local workstation GPO into a domain-based GPO. I did it and it worked just fine. Of course, I was logged on as Administrator on the domain. You should have your administrator who set up your permissions confirm that you have sufficient permissions on that GPO. I have found that the clearest tool to use for this kind of delegation is GPMC. It presents delegation through the Delegation tab on the GPO and provides a clear set of rights for the different levels of GPO access. If you try to do this using the Delegation of Control Wizard, its not nearly as clear, nor is it geared towards delegating GPO rights, since when you permission a GPO, you have to permission both the part of it held in AD and the part held in SYSVOL. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Carerros Sent: Thursday, April 15, 2004 9:21 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Importing IPSEC Policies into an OU What I have is an exported .ipsec file (that was created on a local workstation). It contains the tested and fully functional IPSEC policy that I was advised to implement so my plan was to export the policy from the local machine and then import it into the GPO. I am the GPO administrator and I can change the IPSEC stuff, I'm just not able to import the .ipsec file in the security area. I was just trying to figure out if you were able to conduct that type of import on a GPO or if that only works on local workstations (which doesn't make sense) or the guy who set up my permissions may have just made a mistake when he granted me the admin rights to the GPO. I guess I can ask the admin to recheck my privileges on the GPO to ensure that he has me set with the IPSEC part, but that doesn't seem that plausible of an option considering he said that he granted my privileges using the delegate administration feature. Is there a big difference between using the .ipsec file instead of the .inf file? Thanks, chuck Darren Mar-Elia wrote: Charles- When you say you're importing IPSEC, I assume this means you have an .inf file that you've created that you importing into an OU-linked GPO? The ability to make changes to a GPO are governed by the permissions on the GPO object itself, which is not stored in the OU but rather under the System\Policies container in your domain (and also in SYSVOL). If you view the permissions on the GPO object itself, you should be able to see if you have modify rights on that GPO. If you don't, you'll need to get the owner of that GPO to grant you those rights explicitly for that GPO. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Carerros Sent: Thursday, April 15, 2004 6:49 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Importing IPSEC Policies into an OU Hey all, This might seem kinda odd and maybe I'm just doing something wrong. But I tried to import an IPSEC policy (that basically just does port blocking) into and AD but I keep getting rejected due to permissions (apparently). Now I don't have Domain Admin rights to the domain, however I have been delegated complete authority to the OU that I'm working in. Does anyone know if there are additional issues dealing with the importing of IPSec policies at OU levels that I might be missing? Thanks, Chuck -- Charles D. Carerros Systems Administrator Information Technology Office College of Letters and Science University of Wisconsin -- Milwaukee [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Charles D. Carerros Systems Administrator Information Technology Office College of Letters and Science University of Wisconsin -- Milwaukee [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] moving domain admins
Correct. Why is it when in look into the AG from exchangeMan in my domain, I see that their domainAdmins have full exchange rights? Yet, they can't see any AG or even the Org in exchangeMan? And in adsiedit, they can only see the ORG in the config container. Seems very strange. Someone had to have done something and it would have to be someone with enterpriseAdmin rights which no one has in that domain. Are you sure a misconfigured exchange 2003 server could not do this? What could? thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins So to summarize, you can't see details in their AG and they can't see details in your AG? That about right? Sounds like you need to redelegate the permissions to the AG, but I'm guessing. It's tough to get a read on the situation over time :) Seems odd though. -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:39 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins yes they are mixed with the latest hotfixes. they have all rights on their AG except send as and recieve as. on the org, they are not listed, except of course their exchange domain servers group. same as us, and we see everything. further info- the root domain in the forest is in win2k native mode. they are running one exchange2003 server on a win2k box. thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Are both child domains at SP34 mixed? Any hotfixes? I do know that e2k3 does work with permissions on the first install. But if you have perms in the one child domain and not the other, that doesn't sound like the issue directly. Sounds more like an Active Directory issue or some change that was made that nobody told you about/realized was made. Can you double check the permissions on the ORG and AG's? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 10:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins child domains are at sp3 and sp4. exchange2k sp3 child domains were not prepped -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins What version is the child domain at (sp level of Windows DC?) and were the child domains domain prepp'd? Were both child domains treated the same? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins they moved it to another ou that has no group policy applied to it. i moved it back, still the same. i don't think it has anything to do with moving the group anymore. we are a multi domain win2k forest. the root domain is in win2k native mode, every other domain is mixed. we are in exchange2k native mode, though i think ther is a exchange2003 server in the root domain now. thats all that has been changed this specfic domain is the only one with an issue. hope that helps a little -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:03 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Well, let's backup. Where and why did they move the domain admins group? Can you move it back and see if your issue gets resolved? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins I see nothing strange in ldp and no replication errors in event log or rep monitor. I think its a permissions issue but i have nowhere to begin looking and as far as i know nothing has been changed. They don't really have an IT dept(we admin them) so no one would even know how to change something anyway. I can see the server and admin group using enterprise manager from my domain just not theirs(where the server is located). However when i try to access the directory tab of the server, i get information about directory services could not be entirely obtained. make sure exchange management service is running. exchange management service IS running. very strange indeed. any other thoughts, tips? thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:38 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] moving domain admins If you open it up in LDP, what do you see (authenticated of course)? Is it possible that there's a replication issue? Have you checked the logs of the domains to see what's logged when you attempt to connect? Just where did they move the domain administrators from/to?
RE: [ActiveDir] Importing IPSEC Policies into an OU
All Active Directory based IPSec policies are stored as ipsecPolicy objects in CN=IP Security,CN=System,DC=domain. If you decide to assign one of these policies to the GPO, a link is created and stored within the GPO as the ipsecOwnersReference attribute of the ipsecPolicy object in CN=IPSEC,CN=Windows,CN=Microsoft,CN=Machine,CN={GUID for GPO},CN=Policies,CN=System,DC=domain. If your admin has delegated you the permissions to modify the GPO, you can actually modify the IPSec policy assignment. However, in order to create/import IPSec policies, you must have necessary permissions to the IP Security container. By default, only the Domain Admins group has the required permissions. Designing a Managed Environment book of the Windows Server 2003 Deployment Kit says: IPSec permissions cannot be delegated by using standard delegation tools, but instead require the use of the Active Directory Service Interfaces (ADSI) Edit tool. I don't fully follow this and don't have test environment available right now. I'd think that you can use the ACL editor of the Active Directory Users and Computers for assigning the permission. The delegation of control wizard does not have IPSec as a standard task. Neither can you use GPMC for performing this type of delegation. See kb article 329194 for the default permissions. I don't know how to use .inf files for importing/exporting the actual IPSec policies... After the permissions have been set, you should be able to import the desired policy. HTH Mika -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Carerros Sent: 15. huhtikuuta 2004 19:21 To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Importing IPSEC Policies into an OU What I have is an exported .ipsec file (that was created on a local workstation). It contains the tested and fully functional IPSEC policy that I was advised to implement so my plan was to export the policy from the local machine and then import it into the GPO. I am the GPO administrator and I can change the IPSEC stuff, I'm just not able to import the .ipsec file in the security area. I was just trying to figure out if you were able to conduct that type of import on a GPO or if that only works on local workstations (which doesn't make sense) or the guy who set up my permissions may have just made a mistake when he granted me the admin rights to the GPO. I guess I can ask the admin to recheck my privileges on the GPO to ensure that he has me set with the IPSEC part, but that doesn't seem that plausible of an option considering he said that he granted my privileges using the delegate administration feature. Is there a big difference between using the .ipsec file instead of the .inf file? Thanks, chuck Darren Mar-Elia wrote: Charles- When you say you're importing IPSEC, I assume this means you have an .inf file that you've created that you importing into an OU-linked GPO? The ability to make changes to a GPO are governed by the permissions on the GPO object itself, which is not stored in the OU but rather under the System\Policies container in your domain (and also in SYSVOL). If you view the permissions on the GPO object itself, you should be able to see if you have modify rights on that GPO. If you don't, you'll need to get the owner of that GPO to grant you those rights explicitly for that GPO. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Carerros Sent: Thursday, April 15, 2004 6:49 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Importing IPSEC Policies into an OU Hey all, This might seem kinda odd and maybe I'm just doing something wrong. But I tried to import an IPSEC policy (that basically just does port blocking) into and AD but I keep getting rejected due to permissions (apparently). Now I don't have Domain Admin rights to the domain, however I have been delegated complete authority to the OU that I'm working in. Does anyone know if there are additional issues dealing with the importing of IPSec policies at OU levels that I might be missing? Thanks, Chuck -- Charles D. Carerros Systems Administrator Information Technology Office College of Letters and Science University of Wisconsin -- Milwaukee [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Charles D. Carerros Systems Administrator Information Technology Office College of Letters and Science University of Wisconsin -- Milwaukee [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive:
RE: [ActiveDir] moving domain admins
Would you expect them to see the details without rights at the Exchange level? I wouldn't. I'd expect that they can see that there is another AG, but not have rights to do anything with it by default. Domain admins has nothing to do with Exchange rights per se. Even in the config container, they shouldn't have too many rights unless you've granted them. -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:53 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Correct. Why is it when in look into the AG from exchangeMan in my domain, I see that their domainAdmins have full exchange rights? Yet, they can't see any AG or even the Org in exchangeMan? And in adsiedit, they can only see the ORG in the config container. Seems very strange. Someone had to have done something and it would have to be someone with enterpriseAdmin rights which no one has in that domain. Are you sure a misconfigured exchange 2003 server could not do this? What could? thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins So to summarize, you can't see details in their AG and they can't see details in your AG? That about right? Sounds like you need to redelegate the permissions to the AG, but I'm guessing. It's tough to get a read on the situation over time :) Seems odd though. -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:39 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins yes they are mixed with the latest hotfixes. they have all rights on their AG except send as and recieve as. on the org, they are not listed, except of course their exchange domain servers group. same as us, and we see everything. further info- the root domain in the forest is in win2k native mode. they are running one exchange2003 server on a win2k box. thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Are both child domains at SP34 mixed? Any hotfixes? I do know that e2k3 does work with permissions on the first install. But if you have perms in the one child domain and not the other, that doesn't sound like the issue directly. Sounds more like an Active Directory issue or some change that was made that nobody told you about/realized was made. Can you double check the permissions on the ORG and AG's? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 10:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins child domains are at sp3 and sp4. exchange2k sp3 child domains were not prepped -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins What version is the child domain at (sp level of Windows DC?) and were the child domains domain prepp'd? Were both child domains treated the same? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins they moved it to another ou that has no group policy applied to it. i moved it back, still the same. i don't think it has anything to do with moving the group anymore. we are a multi domain win2k forest. the root domain is in win2k native mode, every other domain is mixed. we are in exchange2k native mode, though i think ther is a exchange2003 server in the root domain now. thats all that has been changed this specfic domain is the only one with an issue. hope that helps a little -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:03 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Well, let's backup. Where and why did they move the domain admins group? Can you move it back and see if your issue gets resolved? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins I see nothing strange in ldp and no replication errors in event log or rep monitor. I think its a permissions issue but i have nowhere to begin looking and as far as i know nothing has been changed. They don't really have an IT dept(we admin them) so no one would even know how to change something anyway. I can see the server and admin group using enterprise manager from my domain just not theirs(where the server is located). However when i try to access the directory tab of the server, i get information about directory services could not be entirely obtained. make sure exchange management service is running.
RE: [ActiveDir] moving domain admins
no. they cannot see any AG or the ORG in exchangeMan. In asdiedit, they can only see the org. what i'm saying is, if from my domain i can see they have full exchange admin rights on their AG, why can't they see it? where should i look? what are they missing and most importantly, why would it change sudddenly? -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thu 4/15/2004 5:24 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] moving domain admins Would you expect them to see the details without rights at the Exchange level? I wouldn't. I'd expect that they can see that there is another AG, but not have rights to do anything with it by default. Domain admins has nothing to do with Exchange rights per se. Even in the config container, they shouldn't have too many rights unless you've granted them. -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:53 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Correct. Why is it when in look into the AG from exchangeMan in my domain, I see that their domainAdmins have full exchange rights? Yet, they can't see any AG or even the Org in exchangeMan? And in adsiedit, they can only see the ORG in the config container. Seems very strange. Someone had to have done something and it would have to be someone with enterpriseAdmin rights which no one has in that domain. Are you sure a misconfigured exchange 2003 server could not do this? What could? thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins So to summarize, you can't see details in their AG and they can't see details in your AG? That about right? Sounds like you need to redelegate the permissions to the AG, but I'm guessing. It's tough to get a read on the situation over time :) Seems odd though. -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:39 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins yes they are mixed with the latest hotfixes. they have all rights on their AG except send as and recieve as. on the org, they are not listed, except of course their exchange domain servers group. same as us, and we see everything. further info- the root domain in the forest is in win2k native mode. they are running one exchange2003 server on a win2k box. thanks -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins Are both child domains at SP34 mixed? Any hotfixes? I do know that e2k3 does work with permissions on the first install. But if you have perms in the one child domain and not the other, that doesn't sound like the issue directly. Sounds more like an Active Directory issue or some change that was made that nobody told you about/realized was made. Can you double check the permissions on the ORG and AG's? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 10:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins child domains are at sp3 and sp4. exchange2k sp3 child domains were not prepped -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins What version is the child domain at (sp level of Windows DC?) and were the child domains domain prepp'd? Were both child domains treated the same? -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 9:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] moving domain admins they moved it to another ou that has no group policy applied to it. i moved it back, still the same. i don't think it has anything to do with moving the group anymore.
RE: [ActiveDir] SUS 2.0 Beta
To add to Roger's response, I believe that there will be a wider release as it gets closer to complete. You could look at it as a Public Preview - much like the recent Windows XP SP2 RC1. We'll let you know when / if that happens. Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia, Lynden - Revios Toronto Sent: Wednesday, April 14, 2004 12:10 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] SUS 2.0 Beta How will we be notified when it is ready for public use Lynden -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 12:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta I believe its currently considered a closed beta, by invitation only. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Robbie Foust [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 12:24 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] SUS 2.0 Beta Looks like you can sign up for the open evaluation version here: http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx But I haven't been able to locate the beta version yet. Haven't found a Guest ID yet either. - Robbie Robbie Foust, IT Analyst Systems and Core Services Duke University England, Christopher M wrote: Greetings, I guess SUS 2.0 Beta has been released: _http://www.nwc.com/showitem.jhtml?articleID=18400592_ Does anyone have a Guest ID to get in on the Beta? Or is there just a download somewhere? Thanks all, Chris Christopher England Systems Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS 2.0 Beta
Believe me - the message has been heard LOUD and CLEAR at Microsoft. I'll be VERY surprised if this gets released as WUS Wussie, woos, whatever it is. Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Wednesday, April 14, 2004 3:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta And I was hoping that they would rename SUS2.0/WUS to Microsoft Product Update Services... - Aric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Wednesday, April 14, 2004 1:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta At the MVP summit, even the WUS product team was appologizing for the name. I was kinda hoping they're rename MIIS to the Windows Identity Integration Server. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 2:44 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Yes, painfully, that is true. MS Marketing strikes again. I can just see the advertising: Trust your network to a WUS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Hummert Sent: Wednesday, April 14, 2004 11:09 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Waitisn't the next version called WUS now or am I mistaken? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, April 14, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Does anyone know what the upgrade process is going to be from SUS to SUS 2.0? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Wednesday, April 14, 2004 1:41 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta Same way all other products are announced. My information has it that you've got a few months still before it goes public. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Philadelphia, Lynden - Revios Toronto [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 1:10 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] SUS 2.0 Beta How will we be notified when it is ready for public use Lynden -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 12:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS 2.0 Beta I believe its currently considered a closed beta, by invitation only. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Robbie Foust [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 12:24 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] SUS 2.0 Beta Looks like you can sign up for the open evaluation version here: http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx But I haven't been able to locate the beta version yet. Haven't found a Guest ID yet either. - Robbie Robbie Foust, IT Analyst Systems and Core Services Duke University England, Christopher M wrote: Greetings, I guess SUS 2.0 Beta has been released: _http://www.nwc.com/showitem.jhtml?articleID=18400592_ Does anyone have a Guest ID to get in on the Beta? Or is there just a download somewhere? Thanks all, Chris Christopher England Systems Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm