Re: [ActiveDir] Remote Installation Headaches

2004-08-24 Thread Roger Seielstad 
Just noticed that you've got conflicting lines in your config.

you have
 OEMPreinstall = no 

near the beginning and then
 OEMPreinstall = yes

near the end. That might be part of the driver issue.

Roger



On Tue, Aug 24, 2004 at 10:36:05AM -0400, Edwin wrote:
> I am attempting to use RIS and am getting problem after problem.
> 
>  
> 
> I posted a question about PXE and the NIC being used and was informed that I
> would have to download and use RIS specific drivers for the network card I
> am using.
> 
>  
> 
> http://downloadfinder.intel.com/scripts-df/Detail_Desc.asp?agr=N
>  407&DwnldID=6760> &ProductID=407&DwnldID=6760
> 
>  
> 
> This worked great!  It did what I needed.
> 
>  
> 
> Now, the install runs through with no problem but when it has completed, I
> see that the NIC is not being recognized nor the Audio card.  I don't really
> care for the Audio right now.
> 
>  
> 
> Also, I am updating the ristndrd.sif file to try and add the machine to the
> domain and have added the values as displayed below:
> 
>  
> 
> [Identification]
> 
> JoinDomain = mydomain
> 
> DomainAdmin = User
> 
> DomainAdminPassword = "password"
> 
>  
> 
> The computer is being added to the OU that I want (I assume when in Text
> Mode) but the machine doesn't appear to be a part of the domain once the new
> OS install is completed.  And if it was, I would still need to resolve the
> NIC problem.
> 
>  
> 
> I have created and modified the same above file to look for 3rd party
> drivers.  The driver files are located in the specified locations.  The
> updated section of the file is also below:
> 
>  
> 
> [Unattended]
> 
> OemPreinstall = no
> 
> NoWaitAfterTextMode = 0
> 
> FileSystem = LeaveAlone
> 
> ExtendOEMPartition = 0
> 
> ConfirmHardware = no
> 
> NtUpgrade = no
> 
> Win31Upgrade = no
> 
> TargetPath = \WINNT
> 
> OverwriteOemFilesOnUpgrade = no
> 
> OemSkipEula = yes
> 
> InstallFilesPath = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"
> 
> OemPreinstall = yes
> 
> OemPnpDriversPath = "Drivers\Audio;Drivers\NIC"
> 
>  
> 
> Why doesn't the machine become a part of the domain and how come the NIC
> isn't being installed?
> 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] GPO's, RIS and Software Deployment

2004-08-24 Thread Roger Seielstad 
On Wed, Aug 18, 2004 at 05:22:51PM -0400, Edwin wrote:
> Can anyone provide me with good documentation on RIS and software deployment
> through GPO?
> 
>  
> 
> We currently use MS ADS and I don't like it and I believe it to be the cause
> of problems.  Aside from that, I think that I can benefit more from RIS if
> my plan goes through well.  I am not interested in using RipRep since it act
> similar to MS ADS and documentation of the product is similar in its
> requirements to successfully use.

I'm assuming you're talking about Automated Deployment Services here and not Active 
Directory. ADS is only designed for pushing server (Specifically Windows 2003 Server) 
images to systems. For that, it works amazingly well, IF and only if you get the image 
right, and the correct drivers onboard first. In fact, in the next 2-3 weeks, I expect 
to build 220 boxes using it, and I doubt there will be any issues related to ADS.

However - judging by the list of software below, I highly doubt you're pushing server 
images - I'm guessing you're trying to do workstations. That's not what ADS is for, 
which might explain some of the issues - although in theory there's no reason you 
couldn't use it for that purpose.

> The main pieces of software that I would like to push out would be MSSQL
> 2000 (client tools only), MS Office 2000, Symantec AV Corporate Edition.

MSSQL tools should be doable, although you're probably going to have to roll your own 
installer for that. even if all it does is call the setup (which I think is a batch 
file, actually) with the appropriate options.

The Office 2000 Resource Kit has reference materials available online to do GPO 
deployments of Office. The biggest hangup is that when installed from a network, EVERY 
change or patch made to Office on a client machine will go looking for that original 
installation point. Office 2003 is much better at that, since it includes an option to 
keep the requisite files locally as well.

Symantec, as I understand it, has never committed to a GPO deployable client 
installation. Unfortunately, most vendors haven't. However, that information is also 
at least 6 months old, so there's a good possibility that its no longer accurate.

> I have read some documentation on this but would like to know if any of you
> have other good known sources.  My information comes from a book and the
> help files that are found within the DEPLOY.CAB file in the /support/tools/
> folder of the Win2K3 CD.

There's a good series of books with Mark Minasi's name all over them that cover quite 
a lot of RIS and IntelliMirror technologies. Although I have the 2000 versions here, I 
believe there are some 2003 editions floating around there.
http://www.wiredeuclid.com/modules.php?op=modload&name=books&file=index&req=view_subcat&sid=7&min=12&orderby=titleA&show=12

Roger
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Book Recommendations

2004-08-24 Thread Brian Desmond 
Might want to look at SBS for this, though with multiple servers it may or maynot be 
appropriate.
 
--Brian

-Original Message- 
From: Kevin Bachelder [mailto:[EMAIL PROTECTED] 
Sent: Tue 8/24/2004 3:03 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [ActiveDir] Book Recommendations



Hi all,

I am new to the list.  We have a small company with less than 50 PCs and
about 5 servers.  We currently have an NT 4.0 domain and will be rolling
out several new Windows 2003 servers and plan to migrate to an Active
Directory setup.  I am looking for recommendations on the best books and
other resources for our "small" AD implementation.

Thanks in advance for your help,

Kevin

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


<>

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Brian Desmond 
Yes they do. Every user who connects to SQL must have a CAL, regardless of whether or 
not they're connected:
 
You have five users:
 
Bill
Bob
Mary
Jane
Sue
 
You own three user cals and one sequel box:
 
Your five users connect in this order:
 
Mary 
Sue
Bob
Jane
Bill
 
 
The first three are given access and assigned a cal. The last two are denied access 
until you do one of the following:
 
revoke two of the first three's cals (now they can't get in)
Buy more user cals and assign them to the server
 
If you buy a processor license, every user in your wan can connect. You cannot have 
external users (random joe's on the net) access the server ntil you buy an external 
connector which is like a super cal for all anonymous users on the net.
 
This make sense?
 
--Brian

-Original Message- 
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: Tue 8/24/2004 1:12 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [ActiveDir] OT: SQL Licensing question



I looked over that link already.  If I buy 50 PER USER Cals for 200
users to use then only a max of 50 at any given time can connect to SQL.
When they disconnect from SQL, they don't hold onto the license do they?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith
Sent: Tuesday, August 24, 2004 1:58 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

NO.

SQL does not support concurrent use licensing. It is per-seat licensing
or per-processor licensing.

You should read the link that Jeff provided.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, August 24, 2004 1:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

So if I had a SQL Server, just one, and had 50 USER Cals with 200 users
but no more then 25 or 30 of the 200 users would be accessing the server
at any given time, then this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a
certain number of CALs to the server and that many users/devices can
connect to just that server at any given time. These CALs cannot be
assigned to any other SQL server while they are tied to the original SQL
server.

In Per-Seat licensing, you tie the CALs to specific users or devices
which can then access any SQL server. As many users/devices as have CALs
can access a given server concurrently.

The last option is to buy per-processor licenses, which allows an
unlimited number of users (who don't need CALs) to access the SQL
server.

You probably want to read the SQL Server 2000 Pricing and Licensing
White Paper here, and think about whether you want to by Device CALs or
User CALs: http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing
is for concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

Confidential
This e-mail and any files transmitted with it are the property of Belkin
Corporation and/or its affiliates, are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail is
addressed.  If you are not one of the named recipients or otherwise have
reason to believe that you have received this e-mail in error, please

RE: [ActiveDir] Moving a remote site

2004-08-24 Thread Brian Desmond 
Do nothing. Unless you've been farking around with the domain tombstone lifetime, you 
should start worrying in a couple months if you haven't reconnected by then.
 
 
--Brian

-Original Message- 
From: Jerry Fessenden [mailto:[EMAIL PROTECTED] 
Sent: Tue 8/24/2004 12:55 PM 
To: '[EMAIL PROTECTED]' 
Cc: 
Subject: [ActiveDir] Moving a remote site



Hello all,

We are gearing up for a move of one of our remote sites. This site contains 
one DC and one GC, and will be down for around two days. What is the "Best Practice" 
procedure to handle replication issues for a scheduled outage of 1-2 days?

 

Thanks in advance,

Jerry Fessenden

<>

Re: [ActiveDir] Book Recommendations

2004-08-24 Thread Robert Mezzone 
This goes without saying, but do this procedure in a test environment a
couple of times to figure out all the little quirks. Hopefully you will also
be able to migrate all your users without working any ot.

Robert


-Original Message-
From: [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Sent: Tue Aug 24 17:02:00 2004
Subject: RE: [ActiveDir] Book Recommendations

Robert,

When I was looking at one of the chapters there was an ad in the margin for 
a whole series of upcoming AD webcasts from Microsoft!  Perfect 
timing!  Thanks again.

http://www.microsoft.com/seminar/events/series/adaug.mspx


Kevin



At 04:45 PM 8/24/2004, you wrote:
>Hi Robert,
>
>Thanks for the recommendation.
>
>A lot of the info I found was for "in place" upgrades and like you we are 
>migrating to new machines so this looks like an excellent resource.
>
>Thank you again,
>
>Kevin
>
>
>At 04:17 PM 8/24/2004, you wrote:
>>I'm in a similiar environment. I used chapter 9 and 10 of the domain
>>migration cookbook. My Windows Server 2003 boxes were new hardware so I
was
>>able to do everything during business hours. Mark Minasi's book is also a
>>pretty good resource.
>>
>>http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbo
ok
>>/cookintr.mspx
>>
>>hth.
>>
>>Robert
>>
>>-Original Message-
>>From: [EMAIL PROTECTED]
>>To: [EMAIL PROTECTED]
>>Sent: 8/24/04 4:03 PM
>>Subject: [ActiveDir] Book Recommendations
>>
>>Hi all,
>>
>>I am new to the list.  We have a small company with less than 50 PCs and
>>
>>about 5 servers.  We currently have an NT 4.0 domain and will be rolling
>>
>>out several new Windows 2003 servers and plan to migrate to an Active
>>Directory setup.  I am looking for recommendations on the best books and
>>
>>other resources for our "small" AD implementation.
>>
>>Thanks in advance for your help,
>>
>>Kevin
>>
>>List info   : http://www.activedir.org/mail_list.htm
>>List FAQ: http://www.activedir.org/list_faq.htm
>>List archive:
>>http://www.mail-archive.com/activedir%40mail.activedir.org/
>>List info   : http://www.activedir.org/mail_list.htm
>>List FAQ: http://www.activedir.org/list_faq.htm
>>List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>List info   : http://www.activedir.org/mail_list.htm
>List FAQ: http://www.activedir.org/list_faq.htm
>List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Justice for Victims of Agent Orange

2004-08-24 Thread stefano tufillaro 
Thanks

From: MAI ANH TUAN <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: [ActiveDir] Justice for Victims of Agent Orange
Date: Tue, 24 Aug 2004 07:34:34 +0700
MIME-Version: 1.0
Received: from mail.activedir.org ([64.245.160.7]) by mc1-f42.hotmail.com 
with Microsoft SMTPSVC(5.0.2195.6713); Mon, 23 Aug 2004 18:04:49 -0700
Received: from mail.evn.com.vn [203.162.125.147] by mail.activedir.org with 
ESMTP  (SMTPD32-8.11) id AE7C116B0120; Mon, 23 Aug 2004 20:40:28 -0400
Received: from EVNSRV25.evn.com.vn ([10.0.0.52])by mail.evn.com.vn 
(mail.evn.com.vn [10.0.0.26])(MDaemon.PRO.v6.8.5.R)with ESMTP id 
65-md5002611.tmpfor <[EMAIL PROTECTED]>; Tue, 24 Aug 2004 
07:46:14 +0700
Received: by evnsrv25.evn.com.vn with Internet Mail Service (5.5.2657.72)id 
; Tue, 24 Aug 2004 07:43:43 +0700
X-Message-Info: EoYTbT2lH2NKMiJb6X4Z2uKI0A2IxdZa
Message-ID: 
<[EMAIL PROTECTED]>
X-Mailer: Internet Mail Service (5.5.2657.72)
X-Spam-Processed: mail.evn.com.vn, Tue, 24 Aug 2004 07:46:14 +0700(not 
processed: message from valid local sender)
X-MDRemoteIP: 10.0.0.52
X-Return-Path: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [EMAIL PROTECTED]
Precedence: bulk
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 24 Aug 2004 01:04:49.0936 (UTC) 
FILETIME=[5B042100:01C48976]

This mail do not contain technical issue, I write this message to appeal to
all member's generosity.
Please visit and sign your signature at: 
http://www.petitiononline.com/AOVN/




"AGENT ORANGE, THE CHEMICAL, has killed, is still killing, and causing 
great
suffering to over three million people in Vietnam.

PLEASE HELP THEM BY SIGNING THIS PETITION.
We welcome and support the Civil Action brought by the Vietnam Association
of Victims of Agent Orange/Dioxin, and three Vietnamese victims. The
documents have been submitted to a court in New York, on behalf of all
affected by the chemicals used by the American Forces in their War on
Vietnam.
This will be the first ever such action by Vietnamese victims of Agent
Orange in any court of law.
We call upon the U.S. President, Government and the Chemical Companies 
named
as defendants in the documents, to accept their responsibilities for the
damage caused by their actions and products, and to pay full compensation 
to
the vict"


Thank you.
___
M a i  A n h  T u a n
Networking and system service - Information technology center - Electricity
of Vietnam.
'  84-4-9741910 (ext 672)
*   [EMAIL PROTECTED]
- MCSA on Microsoft Windows Server 2003
- MCSE on Microsoft Windows 2000
- MCDBA on Microsoft SQL Server 2000

_
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
http://join.msn.com/?page=features/virus

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Book Recommendations

2004-08-24 Thread Kevin Bachelder 
Robert,
When I was looking at one of the chapters there was an ad in the margin for 
a whole series of upcoming AD webcasts from Microsoft!  Perfect 
timing!  Thanks again.

http://www.microsoft.com/seminar/events/series/adaug.mspx
Kevin

At 04:45 PM 8/24/2004, you wrote:
Hi Robert,
Thanks for the recommendation.
A lot of the info I found was for "in place" upgrades and like you we are 
migrating to new machines so this looks like an excellent resource.

Thank you again,
Kevin
At 04:17 PM 8/24/2004, you wrote:
I'm in a similiar environment. I used chapter 9 and 10 of the domain
migration cookbook. My Windows Server 2003 boxes were new hardware so I was
able to do everything during business hours. Mark Minasi's book is also a
pretty good resource.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook
/cookintr.mspx
hth.
Robert
-Original Message-
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: 8/24/04 4:03 PM
Subject: [ActiveDir] Book Recommendations
Hi all,
I am new to the list.  We have a small company with less than 50 PCs and
about 5 servers.  We currently have an NT 4.0 domain and will be rolling
out several new Windows 2003 servers and plan to migrate to an Active
Directory setup.  I am looking for recommendations on the best books and
other resources for our "small" AD implementation.
Thanks in advance for your help,
Kevin
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Book Recommendations

2004-08-24 Thread Kevin Bachelder 
Hi Robert,
Thanks for the recommendation.
A lot of the info I found was for "in place" upgrades and like you we are 
migrating to new machines so this looks like an excellent resource.

Thank you again,
Kevin
At 04:17 PM 8/24/2004, you wrote:
I'm in a similiar environment. I used chapter 9 and 10 of the domain
migration cookbook. My Windows Server 2003 boxes were new hardware so I was
able to do everything during business hours. Mark Minasi's book is also a
pretty good resource.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook
/cookintr.mspx
hth.
Robert
-Original Message-
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: 8/24/04 4:03 PM
Subject: [ActiveDir] Book Recommendations
Hi all,
I am new to the list.  We have a small company with less than 50 PCs and
about 5 servers.  We currently have an NT 4.0 domain and will be rolling
out several new Windows 2003 servers and plan to migrate to an Active
Directory setup.  I am looking for recommendations on the best books and
other resources for our "small" AD implementation.
Thanks in advance for your help,
Kevin
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Book Recommendations

2004-08-24 Thread Kevin Bachelder 
Hey Tony,
Thanks very much.  I looked at Robbie Allen's Cookbook at the book store 
and it looked a bit deep or advanced for what I was looking for as a first 
AD book.  It was more of a specific steps rather than an overview or an 
implementation guide.

Any other ones you might recommend first?
Thanks again,
Kevin
At 04:15 PM 8/24/2004, you wrote:
Robbie Allen's Cookbook is a great starter.  Some of the options are listed
here:
http://www.activedir.org/books.htm
Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bachelder
Sent: Dienstag, 24. August 2004 22:04
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Book Recommendations
Hi all,
I am new to the list.  We have a small company with less than 50 PCs and
about 5 servers.  We currently have an NT 4.0 domain and will be rolling out
several new Windows 2003 servers and plan to migrate to an Active Directory
setup.  I am looking for recommendations on the best books and other
resources for our "small" AD implementation.
Thanks in advance for your help,
Kevin
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Book Recommendations

2004-08-24 Thread Robert Mezzone 
I'm in a similiar environment. I used chapter 9 and 10 of the domain
migration cookbook. My Windows Server 2003 boxes were new hardware so I was
able to do everything during business hours. Mark Minasi's book is also a
pretty good resource.

http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook
/cookintr.mspx

hth.

Robert 

-Original Message-
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: 8/24/04 4:03 PM
Subject: [ActiveDir] Book Recommendations

Hi all,

I am new to the list.  We have a small company with less than 50 PCs and

about 5 servers.  We currently have an NT 4.0 domain and will be rolling

out several new Windows 2003 servers and plan to migrate to an Active 
Directory setup.  I am looking for recommendations on the best books and

other resources for our "small" AD implementation.

Thanks in advance for your help,

Kevin

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Book Recommendations

2004-08-24 Thread Tony Murray 
Robbie Allen's Cookbook is a great starter.  Some of the options are listed
here:

http://www.activedir.org/books.htm

Tony 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bachelder
Sent: Dienstag, 24. August 2004 22:04
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Book Recommendations

Hi all,

I am new to the list.  We have a small company with less than 50 PCs and
about 5 servers.  We currently have an NT 4.0 domain and will be rolling out
several new Windows 2003 servers and plan to migrate to an Active Directory
setup.  I am looking for recommendations on the best books and other
resources for our "small" AD implementation.

Thanks in advance for your help,

Kevin

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Book Recommendations

2004-08-24 Thread Kevin Bachelder 
Hi all,
I am new to the list.  We have a small company with less than 50 PCs and 
about 5 servers.  We currently have an NT 4.0 domain and will be rolling 
out several new Windows 2003 servers and plan to migrate to an Active 
Directory setup.  I am looking for recommendations on the best books and 
other resources for our "small" AD implementation.

Thanks in advance for your help,
Kevin
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] File Replication Services

2004-08-24 Thread Filipe Joel de Almeida 
On the server1 the directory f:\users is shared as users, and in the
server2, the directory c:\users is shared as users...

The server where the error appears about f:\users, is the server that has
that directory

Filipe Joel de Almeida

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gayoso, Ray
Sent: terça-feira, 24 de Agosto de 2004 20:28
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services

Are they both using the same share name?


-Original Message-
From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 24, 2004 1:36 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services


did you previously mount that share as network drive F: ? 
shouldn't make a difference, but maybe the DFS admin tool "translated" the
UNC path when writing it in the DFS metadata...

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Filipe Joel de
Almeida
Sent: Tuesday, August 24, 2004 7:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services

Hi,

In te DFS admin tool, I entered both UNC paths \\server1\users and
\\server2\users, wich are the shares of the 2 directories I want to
replicate, so I don't understand why that error...

Yours,

Filipe Joel de Almeida
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: terça-feira, 24 de Agosto de 2004 17:47
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services

> The File Replication Service cannot replicate f:\users because it
overlaps 
> the replicating directory f:\users.

are you trying to use a LOCAL drive as a link target in DFS and then
replicate data from this to a local drive on some other server (via FRS)? 

you should always use UNC path's for your link-targets in DFS (independent
of your wish to use FRS to replicate multiple link-targets)

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Filipe Joel de
Almeida
Sent: Tuesday, August 24, 2004 1:50 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] File Replication Services

Hi all,

I'm trying to set up a Domain DFS root working between 2 Windows 2000
servers (Both Domain Controllers).

I proceeded as I usually do, but there is no way for this to replicate!

The event viewer is full of errors, such as this ones:

__

The File Replication Service is unable to add this computer to the following
replica set: 
"_ROOT$|USERS" 
 
This could be caused by a number of problems such as: 
  --  an invalid root path,
  --  a missing directory,
  --  a missing disk volume,
  --  a file system on the volume that does not support NTFS 5.0 
 
The information below may help to resolve the problem: 
Computer DNS name is "server.csmf.local" 
Replica set member name is "{99C9ADCD-D6F3-4468-9E7C-9764EA2BDE7F}" 
Replica set root path is "f:\users" 
Replica staging directory path is "e:\frs-staging" 
Replica working directory path is "c:\winnt\ntfrs\jet" 
Windows error status code is ERROR_BAD_COMMAND FRS error status code is
FrsErrorResourceInUse 
 
Other event log messages may also help determine the problem.  Correct the
problem and the service will attempt to restart replication automatically at
a later time.




Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller server.csmf.local
for FRS replica set configuration information. 
 
 The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|grupos,cn=_root,cn=df
s
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a invalid
value for the attribute frsComputerReference.

The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|users,cn=_root,cn=dfs
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a invalid
value for the attribute frsComputerReference.

 
_

The File Replication Service cannot replicate f:\users because it overlaps
the replicating directory f:\users.
-


I only have one DFS root with 2 dfs links (users and groups).

One thing that might be causing this problem is that I used to have a
W2k3 server with the same name as one of this 2 servers, and it completely
crashed, so I had to re-install it with W2k and used the same name... 

Anyone has any idea about how to make this work?

Filipe Joel de Almeida
Network Consultant
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ

RE: [ActiveDir] read mS-DS-ReplicatesNCReason with Perl?

2004-08-24 Thread Willem Kasdorp 
Brilliant! Obvious in hindsight. Thanks a lot. 

--
Regards, Willem


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Tuesday, August 24, 2004 9:20 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] read mS-DS-ReplicatesNCReason with Perl?

use strict;
use Win32::OLE;
use Data::Dumper;

my $strDcRDN   = "cn=nts0";
my $strSiteRDN = "cn=Jasper-North";
my $objRootDSE = Win32::OLE->GetObject("LDAP://RootDSE";);

my $strConfigurationNC = $objRootDSE->Get("configurationNamingContext");
my $strNtdsSettingsPath = "LDAP://cn=NTDS Settings, $strDcRDN,
cn=Servers, $strSiteRDN, cn=Sites, $strConfigurationNC";
my $objNtdsSettings = Win32::OLE->GetObject($strNtdsSettingsPath);

foreach my $objConnection (in $objNtdsSettings) {
print "Name: $objConnection->{Name}\n";
my $obj = $objConnection->GetEx("ms-DS-ReplicatesNCReason");
foreach my $objDNWithBin (@{$obj}) {
print $objDNWithBin->{DNString} , "\n";
}
}


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Willem Kasdorp
Sent: Tuesday, August 24, 2004 1:14 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] read mS-DS-ReplicatesNCReason with Perl?


Hi, 
 
I know that there are some Perl guru's on this list, one of who's name
starts with a 'j' and ends in 'oe'... so I thought I'd ask a tricky
question. 
 
I'm writing a Perl script to monitor my replication topology. One of the
things I need to accomplish is to read the attribute
mS-DS-ReplicatesNCReason from a connection object. This turns out to be
surprisingly hard... in Perl, that is. Browsing technet gives the
following trivial piece of VBS script that works just fine:
 
For Each objDNWithBin In objConnection.GetEx("ms-DS-ReplicatesNCReason")
Wscript.Echo objDNWithBin.DNString
Next
 
However, a similar syntax in Perl fails miserably:
$o_co->GetEx("mS-DS-ReplicatesNCReason")
 
It returns an object of type "DN Binary", and I cannot find a way to
tell Perl how to deal with it. Robbie Allen in his excellent cookbook
has a recipe involving the IadsTools dll. Is there no way around it? Is
Perl really inferior to VBS in this respect? Surely not ...
 
Thanks,
 
 
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] File Replication Services

2004-08-24 Thread Gayoso, Ray 
Are they both using the same share name?


-Original Message-
From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 24, 2004 1:36 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services


did you previously mount that share as network drive F: ? 
shouldn't make a difference, but maybe the DFS admin tool "translated" the UNC path 
when writing it in the DFS metadata...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Filipe Joel de Almeida
Sent: Tuesday, August 24, 2004 7:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services

Hi,

In te DFS admin tool, I entered both UNC paths \\server1\users and \\server2\users, 
wich are the shares of the 2 directories I want to replicate, so I don't understand 
why that error...

Yours,

Filipe Joel de Almeida
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: terça-feira, 24 de Agosto de 2004 17:47
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services

> The File Replication Service cannot replicate f:\users because it
overlaps 
> the replicating directory f:\users.

are you trying to use a LOCAL drive as a link target in DFS and then replicate data 
from this to a local drive on some other server (via FRS)? 

you should always use UNC path's for your link-targets in DFS (independent of your 
wish to use FRS to replicate multiple link-targets)

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Filipe Joel de Almeida
Sent: Tuesday, August 24, 2004 1:50 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] File Replication Services

Hi all,

I'm trying to set up a Domain DFS root working between 2 Windows 2000 servers (Both 
Domain Controllers).

I proceeded as I usually do, but there is no way for this to replicate!

The event viewer is full of errors, such as this ones:

__

The File Replication Service is unable to add this computer to the following replica 
set: 
"_ROOT$|USERS" 
 
This could be caused by a number of problems such as: 
  --  an invalid root path,
  --  a missing directory,
  --  a missing disk volume,
  --  a file system on the volume that does not support NTFS 5.0 
 
The information below may help to resolve the problem: 
Computer DNS name is "server.csmf.local" 
Replica set member name is "{99C9ADCD-D6F3-4468-9E7C-9764EA2BDE7F}" 
Replica set root path is "f:\users" 
Replica staging directory path is "e:\frs-staging" 
Replica working directory path is "c:\winnt\ntfrs\jet" 
Windows error status code is ERROR_BAD_COMMAND FRS error status code is 
FrsErrorResourceInUse 
 
Other event log messages may also help determine the problem.  Correct the problem and 
the service will attempt to restart replication automatically at a later time.




Following is the summary of warnings and errors encountered by File Replication 
Service while polling the Domain Controller server.csmf.local for FRS replica set 
configuration information. 
 
 The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|grupos,cn=_root,cn=df
s
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a invalid value for 
the attribute frsComputerReference.

The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|users,cn=_root,cn=dfs
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a invalid value for 
the attribute frsComputerReference.

 
_

The File Replication Service cannot replicate f:\users because it overlaps the 
replicating directory f:\users.
-


I only have one DFS root with 2 dfs links (users and groups).

One thing that might be causing this problem is that I used to have a
W2k3 server with the same name as one of this 2 servers, and it completely crashed, so 
I had to re-install it with W2k and used the same name... 

Anyone has any idea about how to make this work?

Filipe Joel de Almeida
Network Consultant
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/acti

RE: [ActiveDir] File Replication Services

2004-08-24 Thread Justin_Leney 

Return Receipt
   
Your  RE: [ActiveDir] File Replication Services
document   
:  
   
was   Justin Leney/US/DCI  
received   
by:
   
at:   08/24/2004 03:28:23 PM   
   




List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] File Replication Services

2004-08-24 Thread Filipe Joel de Almeida 
No the drive F:\users is the local drive of that server that is shared as
\\server1\users.

If on the admin tool appears \\server1\users, how can I check and correct
the metadata?

I already tried to delete and re-create the DFS a dozen times, but didn't
work...

Filipe Joel de Almeida
Network Consultant
[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: terça-feira, 24 de Agosto de 2004 19:36
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services

did you previously mount that share as network drive F: ? 
shouldn't make a difference, but maybe the DFS admin tool "translated" the
UNC path when writing it in the DFS metadata...

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Filipe Joel de
Almeida
Sent: Tuesday, August 24, 2004 7:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services

Hi,

In te DFS admin tool, I entered both UNC paths \\server1\users and
\\server2\users, wich are the shares of the 2 directories I want to
replicate, so I don't understand why that error...

Yours,

Filipe Joel de Almeida
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: terça-feira, 24 de Agosto de 2004 17:47
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services

> The File Replication Service cannot replicate f:\users because it
overlaps 
> the replicating directory f:\users.

are you trying to use a LOCAL drive as a link target in DFS and then
replicate data from this to a local drive on some other server (via FRS)? 

you should always use UNC path's for your link-targets in DFS (independent
of your wish to use FRS to replicate multiple link-targets)

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Filipe Joel de
Almeida
Sent: Tuesday, August 24, 2004 1:50 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] File Replication Services

Hi all,

I'm trying to set up a Domain DFS root working between 2 Windows 2000
servers (Both Domain Controllers).

I proceeded as I usually do, but there is no way for this to replicate!

The event viewer is full of errors, such as this ones:

__

The File Replication Service is unable to add this computer to the following
replica set: 
"_ROOT$|USERS" 
 
This could be caused by a number of problems such as: 
  --  an invalid root path,
  --  a missing directory,
  --  a missing disk volume,
  --  a file system on the volume that does not support NTFS 5.0 
 
The information below may help to resolve the problem: 
Computer DNS name is "server.csmf.local" 
Replica set member name is "{99C9ADCD-D6F3-4468-9E7C-9764EA2BDE7F}" 
Replica set root path is "f:\users" 
Replica staging directory path is "e:\frs-staging" 
Replica working directory path is "c:\winnt\ntfrs\jet" 
Windows error status code is ERROR_BAD_COMMAND FRS error status code is
FrsErrorResourceInUse 
 
Other event log messages may also help determine the problem.  Correct the
problem and the service will attempt to restart replication automatically at
a later time.




Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller server.csmf.local
for FRS replica set configuration information. 
 
 The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|grupos,cn=_root,cn=df
s
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a invalid
value for the attribute frsComputerReference.

The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|users,cn=_root,cn=dfs
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a invalid
value for the attribute frsComputerReference.

 
_

The File Replication Service cannot replicate f:\users because it overlaps
the replicating directory f:\users.
-


I only have one DFS root with 2 dfs links (users and groups).

One thing that might be causing this problem is that I used to have a
W2k3 server with the same name as one of this 2 servers, and it completely
crashed, so I had to re-install it with W2k and used the same name... 

Anyone has any idea about how to make this work?

Filipe Joel de Almeida
Network Consultant
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.ac

RE: [ActiveDir] read mS-DS-ReplicatesNCReason with Perl?

2004-08-24 Thread Ken Cornetet 
use strict;
use Win32::OLE;
use Data::Dumper;

my $strDcRDN   = "cn=nts0";
my $strSiteRDN = "cn=Jasper-North";
my $objRootDSE = Win32::OLE->GetObject("LDAP://RootDSE";);

my $strConfigurationNC = $objRootDSE->Get("configurationNamingContext");
my $strNtdsSettingsPath = "LDAP://cn=NTDS Settings, $strDcRDN,
cn=Servers, $strSiteRDN, cn=Sites, $strConfigurationNC";
my $objNtdsSettings = Win32::OLE->GetObject($strNtdsSettingsPath);

foreach my $objConnection (in $objNtdsSettings) {
print "Name: $objConnection->{Name}\n";
my $obj = $objConnection->GetEx("ms-DS-ReplicatesNCReason");
foreach my $objDNWithBin (@{$obj}) {
print $objDNWithBin->{DNString} , "\n";
}
}


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Willem Kasdorp
Sent: Tuesday, August 24, 2004 1:14 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] read mS-DS-ReplicatesNCReason with Perl?


Hi, 
 
I know that there are some Perl guru's on this list, one of who's name
starts with a 'j' and ends in 'oe'... so I thought I'd ask a tricky
question. 
 
I'm writing a Perl script to monitor my replication topology. One of the
things I need to accomplish is to read the attribute
mS-DS-ReplicatesNCReason from a connection object. This turns out to be
surprisingly hard... in Perl, that is. Browsing technet gives the
following trivial piece of VBS script that works just fine:
 
For Each objDNWithBin In objConnection.GetEx("ms-DS-ReplicatesNCReason")
Wscript.Echo objDNWithBin.DNString
Next
 
However, a similar syntax in Perl fails miserably:
$o_co->GetEx("mS-DS-ReplicatesNCReason")
 
It returns an object of type "DN Binary", and I cannot find a way to
tell Perl how to deal with it. Robbie Allen in his excellent cookbook
has a recipe involving the IadsTools dll. Is there no way around it? Is
Perl really inferior to VBS in this respect? Surely not ...
 
Thanks,
 
 
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] admt2.0 permissioning

2004-08-24 Thread Willem Kasdorp 
True. Case in point: a large migration that is partially granted to an
external party. With this delegation we do not have to give them DA
permissions.

--
Regards, Willem

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Tuesday, August 24, 2004 8:33 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] admt2.0 permissioning

good point - but realize that it's somewhat of a risky business to grant
lower level admins the permissions to migrate-sid-history.  Although I
agree with 2003 you at least have this option.

/Guido 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Willem Kasdorp
Sent: Tuesday, August 24, 2004 7:55 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] admt2.0 permissioning

> for SID-History to work, the account used to migrate must be a member
of the domain admins group on the TARGET domain

Addition: on W2003 you have the extended right "Migrate-Sid-History"
which you can use to delegate the SidHistory permissions to a lower
level Admin.
I've done this with limited success. It works fine from the ADMT GUI,
but fails miserably from the commandline. Strange but true. Hopefully
fixed with ADMT 3.0.

--
Regards, Willem


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Tuesday, August 24, 2004 6:56 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] admt2.0 permissioning

actually, it all depends on how you run ADMT. 
Often you'd want to split the requirements between user/group migration
and computer migration.


The rules for migrating users and groups are:
1. for the PES (Password export server) to work, the account used to
migrate the users must be a member of the LOCAL ADMIN group in the
SOURCE domain 2. for SID-History to work, the account used to migrate
must be a member of the domain admins group on the TARGET domain

Both can only be fulfilled by adding a TARGET domain admin account to
the local administrator group in the SOURCE domain, since you can't add
a user from a different domain to the global domain admin group in your
TARGET domain. 


Then, to migrate the computers, you need local admin rights on the
clients in the SOURCE domain and appropriate permissions on the OU in
the TARGET domain - this can be achieved in various ways, e.g. by using
a SOURCE domain admin and then only granting permissions to add computer
objects to the respective OU in the target domain.  Or by first adding a
group from your target domain to the local admins of your clients and
then work with a TARGET domain user for the computer migration as well.


/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 12:42 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] admt2.0 permissioning

dear all, know this is real "old hat' by now but just wanted to confirm
issue of permissioning for an ADMT migration of a small NT 4.0 account
domain to a Windows 2000 domain. 

a quoted requirement is that 'sourcedomain/domain admins' is added to
'targetdomain/administrators" and vice-versa. 

is this a definite requirement for migration of just a 'catch all' that
grants everything ??

i dont understand why the 'sourcedomain/domain admins' need to have
admin privilege in the target domain  - THIS IS THE BIGGEST ISSUE 

- the issue here surely here is the context in which the ADMT is being
run - i do see why this needs Administrative rights on the desktops
being migrated and an elevated level of privilege on the target domain
to be able to create the necessary objects et al 

TIA 

GT 





List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Jeff Salisbury 
My bad. Michael is correct. From the SQL Server 2000 Licensing FAQ 
(http://www.microsoft.com/sql/howtobuy/faq.asp):
Q.  Do you still offer per-server (concurrency) CALs? 
A.  No. SQL Server 2000 is only available by means of a Server plus device CAL, Server 
plus user CAL, or a Processor license.

I could swear it still asks you during installation if you want to go with per-server 
or per-seat licensing, but my memory is obviously not working too good and I am 
probably thinking of the server operating system installation options. I just ran a 
test install to see what the real story is. The licensing options presented are in 
fact either Per-Seat or Per-Processor. Under Per-Seat, it says "Each device that 
accesses Microsoft SQL Server 2000 requires a separate CAL", and at the bottom of the 
screen you are asked to specify how many devices will connect. 

Sorry for the misinformation!

Jeff


-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 24, 2004 11:20 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

I think that per-server licensing mode is gone. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 2:14 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

That would allow up to 50 users to connect at any given time assuming
that:
  - You assign those 50 user CALs to the server
  - You selected the per-Server license mode during the installation and specified 50 
connections

If you get a second server, you would need to purchase more CALs or remove some from 
the original server.

Jeff

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

So if I had a SQL Server, just one, and had 50 USER Cals with 200 users but no more 
then 25 or 30 of the 200 users would be accessing the server at any given time, then 
this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a certain 
number of CALs to the server and that many users/devices can connect to just that 
server at any given time. These CALs cannot be assigned to any other SQL server while 
they are tied to the original SQL server.

In Per-Seat licensing, you tie the CALs to specific users or devices which can then 
access any SQL server. As many users/devices as have CALs can access a given server 
concurrently.

The last option is to buy per-processor licenses, which allows an unlimited number of 
users (who don't need CALs) to access the SQL server.

You probably want to read the SQL Server 2000 Pricing and Licensing White Paper here, 
and think about whether you want to by Device CALs or User CALs: 
http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing is for 
concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]



Confidential
This e-mail and any files transmitted with it are the property
of Belkin Corporation and/or its affiliates, are confidential,
and are intended solely for the use of the individual or
entity to whom this e-mail is addressed.  If you are not one
of the named recipients or otherwise have reason to believe
that you have received this e-mail in error, please notify the
sender and delete this message immediately from your computer.
Any other use, retention, dissemination, forwarding, printing
or copying of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] File Replication Services

2004-08-24 Thread Grillenmeier, Guido 
did you previously mount that share as network drive F: ? 
shouldn't make a difference, but maybe the DFS admin tool "translated" the UNC path 
when writing it in the DFS metadata...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Filipe Joel de Almeida
Sent: Tuesday, August 24, 2004 7:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services

Hi,

In te DFS admin tool, I entered both UNC paths \\server1\users and \\server2\users, 
wich are the shares of the 2 directories I want to replicate, so I don't understand 
why that error...

Yours,

Filipe Joel de Almeida
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: terça-feira, 24 de Agosto de 2004 17:47
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services

> The File Replication Service cannot replicate f:\users because it
overlaps 
> the replicating directory f:\users.

are you trying to use a LOCAL drive as a link target in DFS and then replicate data 
from this to a local drive on some other server (via FRS)? 

you should always use UNC path's for your link-targets in DFS (independent of your 
wish to use FRS to replicate multiple link-targets)

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Filipe Joel de Almeida
Sent: Tuesday, August 24, 2004 1:50 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] File Replication Services

Hi all,

I'm trying to set up a Domain DFS root working between 2 Windows 2000 servers (Both 
Domain Controllers).

I proceeded as I usually do, but there is no way for this to replicate!

The event viewer is full of errors, such as this ones:

__

The File Replication Service is unable to add this computer to the following replica 
set: 
"_ROOT$|USERS" 
 
This could be caused by a number of problems such as: 
  --  an invalid root path,
  --  a missing directory,
  --  a missing disk volume,
  --  a file system on the volume that does not support NTFS 5.0 
 
The information below may help to resolve the problem: 
Computer DNS name is "server.csmf.local" 
Replica set member name is "{99C9ADCD-D6F3-4468-9E7C-9764EA2BDE7F}" 
Replica set root path is "f:\users" 
Replica staging directory path is "e:\frs-staging" 
Replica working directory path is "c:\winnt\ntfrs\jet" 
Windows error status code is ERROR_BAD_COMMAND FRS error status code is 
FrsErrorResourceInUse 
 
Other event log messages may also help determine the problem.  Correct the problem and 
the service will attempt to restart replication automatically at a later time.




Following is the summary of warnings and errors encountered by File Replication 
Service while polling the Domain Controller server.csmf.local for FRS replica set 
configuration information. 
 
 The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|grupos,cn=_root,cn=df
s
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a invalid value for 
the attribute frsComputerReference.

The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|users,cn=_root,cn=dfs
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a invalid value for 
the attribute frsComputerReference.

 
_

The File Replication Service cannot replicate f:\users because it overlaps the 
replicating directory f:\users.
-


I only have one DFS root with 2 dfs links (users and groups).

One thing that might be causing this problem is that I used to have a
W2k3 server with the same name as one of this 2 servers, and it completely crashed, so 
I had to re-install it with W2k and used the same name... 

Anyone has any idea about how to make this work?

Filipe Joel de Almeida
Network Consultant
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Michael B. Smith 
Take a look at
http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp, as well as
http://www.microsoft.com/sql/howtobuy/faq.asp

Per server is gone. It's per processor or per seat (user or device). 

I'm not talking about the installation options (they may not have been
updated since SQL 2000) was released -- but the licensing options.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, August 24, 2004 2:31 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

Last time I installed SQL 2000 there was only an option for per seat or
per server.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith
Sent: Tuesday, August 24, 2004 2:20 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

I think that per-server licensing mode is gone. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 2:14 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

That would allow up to 50 users to connect at any given time assuming
that:
  - You assign those 50 user CALs to the server
  - You selected the per-Server license mode during the installation and
specified 50 connections

If you get a second server, you would need to purchase more CALs or
remove some from the original server.

Jeff

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

So if I had a SQL Server, just one, and had 50 USER Cals with 200 users
but no more then 25 or 30 of the 200 users would be accessing the server
at any given time, then this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a
certain number of CALs to the server and that many users/devices can
connect to just that server at any given time. These CALs cannot be
assigned to any other SQL server while they are tied to the original SQL
server.

In Per-Seat licensing, you tie the CALs to specific users or devices
which can then access any SQL server. As many users/devices as have CALs
can access a given server concurrently.

The last option is to buy per-processor licenses, which allows an
unlimited number of users (who don't need CALs) to access the SQL
server.

You probably want to read the SQL Server 2000 Pricing and Licensing
White Paper here, and think about whether you want to by Device CALs or
User CALs: http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing
is for concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


Confidential
This e-mail and any files transmitted with it are the property of Belkin
Corporation and/or its affiliates, are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail is
addressed.  If you are not one of the named recipients or otherwise have
reason to believe that you have received this e-mail in error, please
notify the sender and delete this message immediately from your
computer.
Any other use, retention, dissemination, forwarding, printing or copying
of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Michael B. Smith 
That's enterprise edition. :-)

Standard edition is $5,000.

According to http://www.microsoft.com/sql/howtobuy/faq.asp

The cutover point for enterprise edition is 80 CALs, for standard
edition it is 24 CALs. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, August 24, 2004 2:28 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

Not really.  I had someone get a quote of SQL 2000 at a per processor
and it was $20K.  A server license and 200 CALS would be cheaper.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith
Sent: Tuesday, August 24, 2004 2:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

Yes, they do.

Any user that might ever access the SQL server needs a CAL (unless you
have a per-processor license).

If you have 200 users, you need 200 CALs. A per-processor license would
be cheaper. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, August 24, 2004 2:12 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

I looked over that link already.  If I buy 50 PER USER Cals for 200
users to use then only a max of 50 at any given time can connect to SQL.
When they disconnect from SQL, they don't hold onto the license do they?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith
Sent: Tuesday, August 24, 2004 1:58 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

NO.

SQL does not support concurrent use licensing. It is per-seat licensing
or per-processor licensing.

You should read the link that Jeff provided. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, August 24, 2004 1:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

So if I had a SQL Server, just one, and had 50 USER Cals with 200 users
but no more then 25 or 30 of the 200 users would be accessing the server
at any given time, then this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a
certain number of CALs to the server and that many users/devices can
connect to just that server at any given time. These CALs cannot be
assigned to any other SQL server while they are tied to the original SQL
server.

In Per-Seat licensing, you tie the CALs to specific users or devices
which can then access any SQL server. As many users/devices as have CALs
can access a given server concurrently.

The last option is to buy per-processor licenses, which allows an
unlimited number of users (who don't need CALs) to access the SQL
server.

You probably want to read the SQL Server 2000 Pricing and Licensing
White Paper here, and think about whether you want to by Device CALs or
User CALs: http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing
is for concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

Confidential
This e-mail and any files transmitted with it are the property of Belkin
Corporation and/or its affiliates, are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail is
addressed.  If you are not one of the named recipients or otherwise have
reason to believe that you have received this e-mail in error, please
notify the sender and delete this message immediately from your
computer.
Any other use, retention, dissemination, forwarding, printing or copying
of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mai

RE: [ActiveDir] admt2.0 permissioning

2004-08-24 Thread Grillenmeier, Guido 
good point - but realize that it's somewhat of a risky business to grant
lower level admins the permissions to migrate-sid-history.  Although I
agree with 2003 you at least have this option.

/Guido 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Willem Kasdorp
Sent: Tuesday, August 24, 2004 7:55 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] admt2.0 permissioning

> for SID-History to work, the account used to migrate must be a member
of the domain admins group on the TARGET domain

Addition: on W2003 you have the extended right "Migrate-Sid-History"
which you can use to delegate the SidHistory permissions to a lower
level Admin.
I've done this with limited success. It works fine from the ADMT GUI,
but fails miserably from the commandline. Strange but true. Hopefully
fixed with ADMT 3.0.

--
Regards, Willem


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Tuesday, August 24, 2004 6:56 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] admt2.0 permissioning

actually, it all depends on how you run ADMT. 
Often you'd want to split the requirements between user/group migration
and computer migration.


The rules for migrating users and groups are:
1. for the PES (Password export server) to work, the account used to
migrate the users must be a member of the LOCAL ADMIN group in the
SOURCE domain 2. for SID-History to work, the account used to migrate
must be a member of the domain admins group on the TARGET domain

Both can only be fulfilled by adding a TARGET domain admin account to
the local administrator group in the SOURCE domain, since you can't add
a user from a different domain to the global domain admin group in your
TARGET domain. 


Then, to migrate the computers, you need local admin rights on the
clients in the SOURCE domain and appropriate permissions on the OU in
the TARGET domain - this can be achieved in various ways, e.g. by using
a SOURCE domain admin and then only granting permissions to add computer
objects to the respective OU in the target domain.  Or by first adding a
group from your target domain to the local admins of your clients and
then work with a TARGET domain user for the computer migration as well.


/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 12:42 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] admt2.0 permissioning

dear all, know this is real "old hat' by now but just wanted to confirm
issue of permissioning for an ADMT migration of a small NT 4.0 account
domain to a Windows 2000 domain. 

a quoted requirement is that 'sourcedomain/domain admins' is added to
'targetdomain/administrators" and vice-versa. 

is this a definite requirement for migration of just a 'catch all' that
grants everything ??

i dont understand why the 'sourcedomain/domain admins' need to have
admin privilege in the target domain  - THIS IS THE BIGGEST ISSUE 

- the issue here surely here is the context in which the ADMT is being
run - i do see why this needs Administrative rights on the desktops
being migrated and an elevated level of privilege on the target domain
to be able to create the necessary objects et al 

TIA 

GT 





List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Salandra, Justin A. 
Last time I installed SQL 2000 there was only an option for per seat or
per server.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith
Sent: Tuesday, August 24, 2004 2:20 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

I think that per-server licensing mode is gone. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 2:14 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

That would allow up to 50 users to connect at any given time assuming
that:
  - You assign those 50 user CALs to the server
  - You selected the per-Server license mode during the installation and
specified 50 connections

If you get a second server, you would need to purchase more CALs or
remove some from the original server.

Jeff

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

So if I had a SQL Server, just one, and had 50 USER Cals with 200 users
but no more then 25 or 30 of the 200 users would be accessing the server
at any given time, then this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a
certain number of CALs to the server and that many users/devices can
connect to just that server at any given time. These CALs cannot be
assigned to any other SQL server while they are tied to the original SQL
server.

In Per-Seat licensing, you tie the CALs to specific users or devices
which can then access any SQL server. As many users/devices as have CALs
can access a given server concurrently.

The last option is to buy per-processor licenses, which allows an
unlimited number of users (who don't need CALs) to access the SQL
server.

You probably want to read the SQL Server 2000 Pricing and Licensing
White Paper here, and think about whether you want to by Device CALs or
User CALs: http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing
is for concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


Confidential
This e-mail and any files transmitted with it are the property of Belkin
Corporation and/or its affiliates, are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail is
addressed.  If you are not one of the named recipients or otherwise have
reason to believe that you have received this e-mail in error, please
notify the sender and delete this message immediately from your
computer.
Any other use, retention, dissemination, forwarding, printing or copying
of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Salandra, Justin A. 
Not really.  I had someone get a quote of SQL 2000 at a per processor
and it was $20K.  A server license and 200 CALS would be cheaper.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith
Sent: Tuesday, August 24, 2004 2:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

Yes, they do.

Any user that might ever access the SQL server needs a CAL (unless you
have a per-processor license).

If you have 200 users, you need 200 CALs. A per-processor license would
be cheaper. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, August 24, 2004 2:12 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

I looked over that link already.  If I buy 50 PER USER Cals for 200
users to use then only a max of 50 at any given time can connect to SQL.
When they disconnect from SQL, they don't hold onto the license do they?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith
Sent: Tuesday, August 24, 2004 1:58 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

NO.

SQL does not support concurrent use licensing. It is per-seat licensing
or per-processor licensing.

You should read the link that Jeff provided. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, August 24, 2004 1:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

So if I had a SQL Server, just one, and had 50 USER Cals with 200 users
but no more then 25 or 30 of the 200 users would be accessing the server
at any given time, then this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a
certain number of CALs to the server and that many users/devices can
connect to just that server at any given time. These CALs cannot be
assigned to any other SQL server while they are tied to the original SQL
server.

In Per-Seat licensing, you tie the CALs to specific users or devices
which can then access any SQL server. As many users/devices as have CALs
can access a given server concurrently.

The last option is to buy per-processor licenses, which allows an
unlimited number of users (who don't need CALs) to access the SQL
server.

You probably want to read the SQL Server 2000 Pricing and Licensing
White Paper here, and think about whether you want to by Device CALs or
User CALs: http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing
is for concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

Confidential
This e-mail and any files transmitted with it are the property of Belkin
Corporation and/or its affiliates, are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail is
addressed.  If you are not one of the named recipients or otherwise have
reason to believe that you have received this e-mail in error, please
notify the sender and delete this message immediately from your
computer.
Any other use, retention, dissemination, forwarding, printing or copying
of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
h

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Michael B. Smith 
I think that per-server licensing mode is gone. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 2:14 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

That would allow up to 50 users to connect at any given time assuming
that:
  - You assign those 50 user CALs to the server
  - You selected the per-Server license mode during the installation and
specified 50 connections

If you get a second server, you would need to purchase more CALs or
remove some from the original server.

Jeff

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

So if I had a SQL Server, just one, and had 50 USER Cals with 200 users
but no more then 25 or 30 of the 200 users would be accessing the server
at any given time, then this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a
certain number of CALs to the server and that many users/devices can
connect to just that server at any given time. These CALs cannot be
assigned to any other SQL server while they are tied to the original SQL
server.

In Per-Seat licensing, you tie the CALs to specific users or devices
which can then access any SQL server. As many users/devices as have CALs
can access a given server concurrently.

The last option is to buy per-processor licenses, which allows an
unlimited number of users (who don't need CALs) to access the SQL
server.

You probably want to read the SQL Server 2000 Pricing and Licensing
White Paper here, and think about whether you want to by Device CALs or
User CALs: http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing
is for concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


Confidential
This e-mail and any files transmitted with it are the property of Belkin
Corporation and/or its affiliates, are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail is
addressed.  If you are not one of the named recipients or otherwise have
reason to believe that you have received this e-mail in error, please
notify the sender and delete this message immediately from your
computer.
Any other use, retention, dissemination, forwarding, printing or copying
of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Michael B. Smith 
Yes, they do.

Any user that might ever access the SQL server needs a CAL (unless you
have a per-processor license).

If you have 200 users, you need 200 CALs. A per-processor license would
be cheaper. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, August 24, 2004 2:12 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

I looked over that link already.  If I buy 50 PER USER Cals for 200
users to use then only a max of 50 at any given time can connect to SQL.
When they disconnect from SQL, they don't hold onto the license do they?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith
Sent: Tuesday, August 24, 2004 1:58 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

NO.

SQL does not support concurrent use licensing. It is per-seat licensing
or per-processor licensing.

You should read the link that Jeff provided. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, August 24, 2004 1:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

So if I had a SQL Server, just one, and had 50 USER Cals with 200 users
but no more then 25 or 30 of the 200 users would be accessing the server
at any given time, then this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a
certain number of CALs to the server and that many users/devices can
connect to just that server at any given time. These CALs cannot be
assigned to any other SQL server while they are tied to the original SQL
server.

In Per-Seat licensing, you tie the CALs to specific users or devices
which can then access any SQL server. As many users/devices as have CALs
can access a given server concurrently.

The last option is to buy per-processor licenses, which allows an
unlimited number of users (who don't need CALs) to access the SQL
server.

You probably want to read the SQL Server 2000 Pricing and Licensing
White Paper here, and think about whether you want to by Device CALs or
User CALs: http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing
is for concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

Confidential
This e-mail and any files transmitted with it are the property of Belkin
Corporation and/or its affiliates, are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail is
addressed.  If you are not one of the named recipients or otherwise have
reason to believe that you have received this e-mail in error, please
notify the sender and delete this message immediately from your
computer.
Any other use, retention, dissemination, forwarding, printing or copying
of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] read mS-DS-ReplicatesNCReason with Perl?

2004-08-24 Thread Willem Kasdorp 








Hi, 

 

I know that there are some Perl guru’s on this list,
one of who’s name starts with a ‘j’ and ends in ‘oe’…
so I thought I’d ask a tricky question. 

 

I’m writing a Perl script to monitor my replication
topology. One of the things I need to accomplish is to read the attribute mS-DS-ReplicatesNCReason from a
connection object. This turns out to be surprisingly hard… in Perl, that
is. Browsing technet gives the following trivial piece of VBS script that works
just fine:

 

For Each objDNWithBin In objConnection.GetEx("ms-DS-ReplicatesNCReason")

Wscript.Echo
objDNWithBin.DNString

Next

 

However, a similar syntax in Perl fails miserably: $o_co->GetEx("mS-DS-ReplicatesNCReason")

 

It returns an object of type “DN Binary”, and I
cannot find a way to tell Perl how to deal with it. Robbie Allen in his
excellent cookbook has a recipe involving the IadsTools dll. Is there no way
around it? Is Perl really inferior to VBS in this respect? Surely not …

 

Thanks,

 

 

 

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Jeff Salisbury 
That would allow up to 50 users to connect at any given time assuming that:
  - You assign those 50 user CALs to the server
  - You selected the per-Server license mode during the installation and specified 50 
connections

If you get a second server, you would need to purchase more CALs or remove some from 
the original server.

Jeff

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 24, 2004 10:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

So if I had a SQL Server, just one, and had 50 USER Cals with 200 users but no more 
then 25 or 30 of the 200 users would be accessing the server at any given time, then 
this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a certain 
number of CALs to the server and that many users/devices can connect to just that 
server at any given time. These CALs cannot be assigned to any other SQL server while 
they are tied to the original SQL server.

In Per-Seat licensing, you tie the CALs to specific users or devices which can then 
access any SQL server. As many users/devices as have CALs can access a given server 
concurrently.

The last option is to buy per-processor licenses, which allows an unlimited number of 
users (who don't need CALs) to access the SQL server.

You probably want to read the SQL Server 2000 Pricing and Licensing White Paper here, 
and think about whether you want to by Device CALs or User CALs: 
http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing is for 
concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


Confidential
This e-mail and any files transmitted with it are the property
of Belkin Corporation and/or its affiliates, are confidential,
and are intended solely for the use of the individual or
entity to whom this e-mail is addressed.  If you are not one
of the named recipients or otherwise have reason to believe
that you have received this e-mail in error, please notify the
sender and delete this message immediately from your computer.
Any other use, retention, dissemination, forwarding, printing
or copying of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Salandra, Justin A. 
I looked over that link already.  If I buy 50 PER USER Cals for 200
users to use then only a max of 50 at any given time can connect to SQL.
When they disconnect from SQL, they don't hold onto the license do they?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
Smith
Sent: Tuesday, August 24, 2004 1:58 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

NO.

SQL does not support concurrent use licensing. It is per-seat licensing
or per-processor licensing.

You should read the link that Jeff provided. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, August 24, 2004 1:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

So if I had a SQL Server, just one, and had 50 USER Cals with 200 users
but no more then 25 or 30 of the 200 users would be accessing the server
at any given time, then this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a
certain number of CALs to the server and that many users/devices can
connect to just that server at any given time. These CALs cannot be
assigned to any other SQL server while they are tied to the original SQL
server.

In Per-Seat licensing, you tie the CALs to specific users or devices
which can then access any SQL server. As many users/devices as have CALs
can access a given server concurrently.

The last option is to buy per-processor licenses, which allows an
unlimited number of users (who don't need CALs) to access the SQL
server.

You probably want to read the SQL Server 2000 Pricing and Licensing
White Paper here, and think about whether you want to by Device CALs or
User CALs: http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing
is for concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

Confidential
This e-mail and any files transmitted with it are the property of Belkin
Corporation and/or its affiliates, are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail is
addressed.  If you are not one of the named recipients or otherwise have
reason to believe that you have received this e-mail in error, please
notify the sender and delete this message immediately from your
computer.
Any other use, retention, dissemination, forwarding, printing or copying
of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Michael B. Smith 
NO.

SQL does not support concurrent use licensing. It is per-seat licensing
or per-processor licensing.

You should read the link that Jeff provided. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, August 24, 2004 1:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: SQL Licensing question

So if I had a SQL Server, just one, and had 50 USER Cals with 200 users
but no more then 25 or 30 of the 200 users would be accessing the server
at any given time, then this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a
certain number of CALs to the server and that many users/devices can
connect to just that server at any given time. These CALs cannot be
assigned to any other SQL server while they are tied to the original SQL
server.

In Per-Seat licensing, you tie the CALs to specific users or devices
which can then access any SQL server. As many users/devices as have CALs
can access a given server concurrently.

The last option is to buy per-processor licenses, which allows an
unlimited number of users (who don't need CALs) to access the SQL
server.

You probably want to read the SQL Server 2000 Pricing and Licensing
White Paper here, and think about whether you want to by Device CALs or
User CALs: http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing
is for concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

Confidential
This e-mail and any files transmitted with it are the property of Belkin
Corporation and/or its affiliates, are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail is
addressed.  If you are not one of the named recipients or otherwise have
reason to believe that you have received this e-mail in error, please
notify the sender and delete this message immediately from your
computer.
Any other use, retention, dissemination, forwarding, printing or copying
of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Moving a remote site

2004-08-24 Thread Jerry Fessenden 








Hello all,

We are gearing up for a move of one of our remote sites.
This site contains one DC and one GC, and will be down for around two days.
What is the "Best Practice" procedure to handle replication issues
for a scheduled outage of 1-2 days?

 

Thanks in advance,

Jerry Fessenden

RE: [ActiveDir] admt2.0 permissioning

2004-08-24 Thread Willem Kasdorp 
> for SID-History to work, the account used to migrate must be a member
of the domain admins group on the TARGET domain

Addition: on W2003 you have the extended right "Migrate-Sid-History" which
you can use to delegate the SidHistory permissions to a lower level Admin.
I've done this with limited success. It works fine from the ADMT GUI, but
fails miserably from the commandline. Strange but true. Hopefully fixed with
ADMT 3.0.

--
Regards, Willem


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Tuesday, August 24, 2004 6:56 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] admt2.0 permissioning

actually, it all depends on how you run ADMT. 
Often you'd want to split the requirements between user/group migration
and computer migration.


The rules for migrating users and groups are:
1. for the PES (Password export server) to work, the account used to
migrate the users must be a member of the LOCAL ADMIN group in the
SOURCE domain 
2. for SID-History to work, the account used to migrate must be a member
of the domain admins group on the TARGET domain

Both can only be fulfilled by adding a TARGET domain admin account to
the local administrator group in the SOURCE domain, since you can't add
a user from a different domain to the global domain admin group in your
TARGET domain. 


Then, to migrate the computers, you need local admin rights on the
clients in the SOURCE domain and appropriate permissions on the OU in
the TARGET domain - this can be achieved in various ways, e.g. by using
a SOURCE domain admin and then only granting permissions to add computer
objects to the respective OU in the target domain.  Or by first adding a
group from your target domain to the local admins of your clients and
then work with a TARGET domain user for the computer migration as well.


/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 12:42 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] admt2.0 permissioning

dear all, know this is real "old hat' by now but just wanted to confirm
issue of permissioning for an ADMT migration of a small NT 4.0 account
domain to a Windows 2000 domain. 

a quoted requirement is that 'sourcedomain/domain admins' is added to
'targetdomain/administrators" and vice-versa. 

is this a definite requirement for migration of just a 'catch all' that
grants everything ??

i dont understand why the 'sourcedomain/domain admins' need to have
admin privilege in the target domain  - THIS IS THE BIGGEST ISSUE 

- the issue here surely here is the context in which the ADMT is being
run - i do see why this needs Administrative rights on the desktops
being migrated and an elevated level of privilege on the target domain
to be able to create the necessary objects et al 

TIA 

GT 





List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Salandra, Justin A. 
So if I had a SQL Server, just one, and had 50 USER Cals with 200 users
but no more then 25 or 30 of the 200 users would be accessing the server
at any given time, then this would okay?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury
Sent: Tuesday, August 24, 2004 1:43 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: SQL Licensing question

Just the opposite is true! Per-Server licensing would be where you tie a
certain number of CALs to the server and that many users/devices can
connect to just that server at any given time. These CALs cannot be
assigned to any other SQL server while they are tied to the original SQL
server.

In Per-Seat licensing, you tie the CALs to specific users or devices
which can then access any SQL server. As many users/devices as have CALs
can access a given server concurrently.

The last option is to buy per-processor licenses, which allows an
unlimited number of users (who don't need CALs) to access the SQL
server.

You probably want to read the SQL Server 2000 Pricing and Licensing
White Paper here, and think about whether you want to by Device CALs or
User CALs: http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing
is for concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

Confidential
This e-mail and any files transmitted with it are the property
of Belkin Corporation and/or its affiliates, are confidential,
and are intended solely for the use of the individual or
entity to whom this e-mail is addressed.  If you are not one
of the named recipients or otherwise have reason to believe
that you have received this e-mail in error, please notify the
sender and delete this message immediately from your computer.
Any other use, retention, dissemination, forwarding, printing
or copying of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] By design or configurable ?

2004-08-24 Thread Guy Teverovsky 
I know... should be renewed after 10 hours if I remember correctly.
It is a remote site I'll be visiting next week and will give a good look
at the logs when it happens.
When I actually think of it, logging in with cached creds does not use
Kerberos provider, so the user should not have any tickets.

Any idea if sidHistory is also obtained from the ticket's PAC the same
way as SIDs of security groups the user is member of ?

+Guy
 

On Tue, 2004-08-24 at 00:03, Mulnick, Al wrote:
> Kerb tickets have a lifetime, but not sure that's your issue necessarily.
> How's your name resolution working?  Anything in the event logs when this
> occurs?  Especially the security logs on the clients/dc's/resources being
> accessed?
> 
> 
> Al 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky
> Sent: Monday, August 23, 2004 4:48 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] By design or configurable ?
> 
> 
> I was too lazy to tell the long story that made me speculate about TGTs, so
> I'll try to explain the reason for asking:
> 
> We have 2 W2K3 forests with Kerberos transitive trust.
> 
> Forest corp.com has 3 child domains respectively:
> emea.company.com
> amer.company.com
> ap.company.com
> 
> Second forest (ad.devision.company.com) has no children.
> We have users migrating from NT domains to one of the corp AD child domains
> (emea\amer\ap).
> 
> After the migration, when users logon to XP computers in
> ad.division.company.com domain with EMEA\username cached credentials and
> than reconnect to the network, sometimes (after they work for a while) they
> get a popup in system tray saying something like "XP needs your
> credentials". 
> 
> Usually this would be caused by changing the user password from another
> machine or account lockout replicated from another DC, but in our case this
> is the only machine the user logs on to and there are no account lockouts.
> When the same user logs on with UPN ([EMAIL PROTECTED]), we have not
> yet seen this to repeat itself.
> So I was wondering whether UPN logons enable caching of TGTs and
> sAMAccountName logons are different in some way from UPN logons.
> 
> Hope I managed to be clear enough ;)
> 
> Cheers,
> Guy
> 
> 
> > I don't know if the kerberos ticket is cached or not.  (I suspect 
> > not.) When a machine reconnects to the network and you attempt to 
> > access a network resource, the resource will ask for you ticket.  If 
> > you don't have one, or if it is out of date, the client will request a 
> > new kerberos ticket and then be authenticated to the resource.
> > 
> > Denny
> >  
> > 
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of Guy 
> > > Teverovsky
> > > Sent: Friday, August 20, 2004 8:48 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: [ActiveDir] By design or configurable ?
> > > 
> > > 
> > > In my environment, when W2K3 DC boots with security logs full, the 
> > > replication from that DC stops till the security log is cleared and 
> > > the box is rebooted.
> > > The interesting thing is that after the security logs become full 
> > > (while the box is online) the replication continues to work till the 
> > > box is rebooted with full log.
> > > 
> > > So the question is whether this can be prevented (we do have a 
> > > routine which takes care of security logs archiving, but it failed 
> > > on one of the DCs and I would like to prevent the replication from 
> > > breaking again).
> > > 
> > > And another OT question:
> > > When logging on to XP with cached credentials, is the Kerberos 
> > > ticket cached too ? And if yes, what happens when the ticket expires 
> > > and the box is reconnected to the network: will it seamlessly try to 
> > > renew the ticked ?
> > > 
> > > Thanks,
> > > Guy
> > > 
> > > --
> > > Smith & Wesson - the original point and click interface
> > > 
> > > List info   : http://www.activedir.org/mail_list.htm
> > > List FAQ: http://www.activedir.org/list_faq.htm
> > > List archive: 
> > > http://www.mail-archive.com/activedir%40mail.activedir.org/
> > > 
> > List info   : http://www.activedir.org/mail_list.htm
> > List FAQ: http://www.activedir.org/list_faq.htm
> > List archive: 
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
> --
> Smith & Wesson - the original point and click interface
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
-- 
Smith & Wesson - the original point and click interface

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.a

RE: [ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Jeff Salisbury 
Just the opposite is true! Per-Server licensing would be where you tie a certain 
number of CALs to the server and that many users/devices can connect to just that 
server at any given time. These CALs cannot be assigned to any other SQL server while 
they are tied to the original SQL server.

In Per-Seat licensing, you tie the CALs to specific users or devices which can then 
access any SQL server. As many users/devices as have CALs can access a given server 
concurrently.

The last option is to buy per-processor licenses, which allows an unlimited number of 
users (who don't need CALs) to access the SQL server.

You probably want to read the SQL Server 2000 Pricing and Licensing White Paper here, 
and think about whether you want to by Device CALs or User CALs: 
http://www.microsoft.com/sql/howtobuy/sqlserverlicensing.asp.

Jeff

Jeff Salisbury
Network Infrastructure and Security Manager

Belkin Corporation
Information Services
310 604-2061
310 604-2022 fax
www.belkin.com


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 24, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: SQL Licensing question

I just have a quick licensing question for SQL, SQL's per seat licensing is for 
concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Confidential
This e-mail and any files transmitted with it are the property
of Belkin Corporation and/or its affiliates, are confidential,
and are intended solely for the use of the individual or
entity to whom this e-mail is addressed.  If you are not one
of the named recipients or otherwise have reason to believe
that you have received this e-mail in error, please notify the
sender and delete this message immediately from your computer.
Any other use, retention, dissemination, forwarding, printing
or copying of this e-mail is strictly prohibited.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] File Replication Services

2004-08-24 Thread Filipe Joel de Almeida 
Hi,

In te DFS admin tool, I entered both UNC paths \\server1\users and
\\server2\users, wich are the shares of the 2 directories I want to
replicate, so I don't understand why that error...

Yours,

Filipe Joel de Almeida
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: terça-feira, 24 de Agosto de 2004 17:47
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] File Replication Services

> The File Replication Service cannot replicate f:\users because it
overlaps 
> the replicating directory f:\users.

are you trying to use a LOCAL drive as a link target in DFS and then
replicate data from this to a local drive on some other server (via
FRS)? 

you should always use UNC path's for your link-targets in DFS
(independent of your wish to use FRS to replicate multiple link-targets)

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Filipe Joel de
Almeida
Sent: Tuesday, August 24, 2004 1:50 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] File Replication Services

Hi all,

I'm trying to set up a Domain DFS root working between 2 Windows 2000
servers (Both Domain Controllers).

I proceeded as I usually do, but there is no way for this to replicate!

The event viewer is full of errors, such as this ones:

__

The File Replication Service is unable to add this computer to the
following replica set: 
"_ROOT$|USERS" 
 
This could be caused by a number of problems such as: 
  --  an invalid root path,
  --  a missing directory,
  --  a missing disk volume,
  --  a file system on the volume that does not support NTFS 5.0 
 
The information below may help to resolve the problem: 
Computer DNS name is "server.csmf.local" 
Replica set member name is "{99C9ADCD-D6F3-4468-9E7C-9764EA2BDE7F}" 
Replica set root path is "f:\users" 
Replica staging directory path is "e:\frs-staging" 
Replica working directory path is "c:\winnt\ntfrs\jet" 
Windows error status code is ERROR_BAD_COMMAND FRS error status code is
FrsErrorResourceInUse 
 
Other event log messages may also help determine the problem.  Correct
the problem and the service will attempt to restart replication
automatically at a later time.




Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller
server.csmf.local for FRS replica set configuration information. 
 
 The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|grupos,cn=_root,cn=df
s
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a
invalid value for the attribute frsComputerReference.

The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|users,cn=_root,cn=dfs
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a
invalid value for the attribute frsComputerReference.

 
_

The File Replication Service cannot replicate f:\users because it
overlaps the replicating directory f:\users.
-


I only have one DFS root with 2 dfs links (users and groups).

One thing that might be causing this problem is that I used to have a
W2k3 server with the same name as one of this 2 servers, and it
completely crashed, so I had to re-install it with W2k and used the same
name... 

Anyone has any idea about how to make this work?

Filipe Joel de Almeida
Network Consultant
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] OT: SQL Licensing question

2004-08-24 Thread Salandra, Justin A. 
I just have a quick licensing question for SQL, SQL's per seat licensing
is for concurrent connection right?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] By design or configurable ?

2004-08-24 Thread Guy Teverovsky 




Thanks !

This is exactly what I needed.

And if anyone is interested, here is an ADM I wrote to deploy the settings (works the same on W2K3):
(might wrap)

### Cut here 

#if version >= 3

CLASS MACHINE

CATEGORY !!System
    CATEGORY !!EventViewer
	#if version >= 4
	EXPLAIN !!EventViewer_Help
	#endif

    POLICY !!AutobackupSecLog
		#if version >= 4
		SUPPORTED !!SUPPORTED_Win2k
		#endif

   		EXPLAIN !!AutobackupSecLogHelp
   		KEYNAME "SYSTEM\CurrentControlSet\Services\EventLog\Security"
	    	VALUENAME "AutoBackupLogFiles"
	    	VALUEON 	NUMERIC   1
	    	VALUEOFF	NUMERIC   0
    END POLICY
    
    POLICY !!AutobackupAppLog
	    	#if version >= 4
		SUPPORTED !!SUPPORTED_Win2k
		#endif

   		EXPLAIN !!AutobackupAppLogHelp
   		KEYNAME "SYSTEM\CurrentControlSet\Services\EventLog\Application"
	    	VALUENAME "AutoBackupLogFiles"
	    	VALUEON 	NUMERIC   1
	    	VALUEOFF	NUMERIC   0
    END POLICY
    
    POLICY !!AutobackupSysLog
	    	#if version >= 4
		SUPPORTED !!SUPPORTED_Win2k
		#endif

   		EXPLAIN !!AutobackupSysLogHelp
   		KEYNAME "SYSTEM\CurrentControlSet\Services\EventLog\System"
	    	VALUENAME "AutoBackupLogFiles"
	    	VALUEON 	NUMERIC   1
	    	VALUEOFF	NUMERIC   0
    END POLICY

    END CATEGORY ; Event Viewer

END CATEGORY ;; System

#endif


[strings]
System="System"
EventViewer="Event Viewer"
EventViewer_Help="Event Viewer specific settings"
AutobackupSecLog="Automatically clear a full security event log and back up the log file"
AutobackupSecLogHelp="Using this entry causes the Event Log service to automatically clear a full event log and to back up the log file. On computers with the "CrashOnAuditFail" policy turned on, the computer continues to log events (instead of hanging because of an audit failure) if the current log file can be backed up automatically. By default, event logs are stored in the %SystemRoot%\System32\Config folder. If you enable this setting, a full log file is automatically backed up in the %SystemRoot%\System32\Config folder, the log file is cleared, and event logging resumes."
AutobackupAppLog="Automatically clear a full application event log and back up the log file"
AutobackupAppLogHelp="Using this entry causes the Event Log service to automatically clear a full event log and to back up the log file. On computers with the "CrashOnAuditFail" policy turned on, the computer continues to log events (instead of hanging because of an audit failure) if the current log file can be backed up automatically. By default, event logs are stored in the %SystemRoot%\System32\Config folder. If you enable this setting, a full log file is automatically backed up in the %SystemRoot%\System32\Config folder, the log file is cleared, and event logging resumes."
AutobackupSysLog="Automatically clear a full system event log and back up the log file"
AutobackupSysLogHelp="Using this entry causes the Event Log service to automatically clear a full event log and to back up the log file. On computers with the "CrashOnAuditFail" policy turned on, the computer continues to log events (instead of hanging because of an audit failure) if the current log file can be backed up automatically. By default, event logs are stored in the %SystemRoot%\System32\Config folder. If you enable this setting, a full log file is automatically backed up in the %SystemRoot%\System32\Config folder, the log file is cleared, and event logging resumes."
SUPPORTED_Win2k="At least Microsoft Windows 2000"


### Cut here 

Guy

On Tue, 2004-08-24 at 11:48, Ulf B. Simon-Weidner wrote:

Hi Guy,

took me a while to find the Article again, here it is:

312571 The Event Log Stops Logging Events Before Reaching the Maximum Log
Size
http://support.microsoft.com/?ln=en&id=312571

It describes how you are able to configure a feature to automatically dump
the eventlog into a file if it reaches it's maximum length.

You do have to take care what to do with those dumps and delete them from
the machine, but this helps to keep the filespace used by dumps somewhat
dynamic but not to big.

I've included this in some of the backup jobs at customers to move the
dumpfiles away daily, so no worries if the events logged at a specific day
would be more than the memory allowed for the log, and no events are lost. 

HTH

Gruesse - Sincerely,
 
Ulf B. Simon-Weidner

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Guy Teverovsky
> Sent: Saturday, August 21, 2004 2:48 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] By design or configurable ?
> 
> 
> In my environment, when W2K3 DC boots with security logs full, the
> replication from that DC stops till the security log is cleared and the
> box is rebooted.
> The interesting thing is that after the security logs become full (while
> the box is online) the replication continues to work till the box is
> rebooted with full log.
> 
> So

RE: [ActiveDir] Joining Computers to a Domain

2004-08-24 Thread Edwin 








Rich Milburn:

Thank you very much.  That seems to
have done it. I thought I have read that article before but obviously
not.  I followed the instructions and now the machine is a part of the
domain.  You were right.  Once the NIC was recognized, everything else
fell into place.

 

Guido:

What I did was added was add a regular
user to the domain.  I then created an OU named “Standby
Workstations OU”  Within the advanced properties of the Remote Installation
Server, I specified where it is that I want the new machines to be added
(Standby Workstations OU). Then the user that I added was given only “Create
Computer Objects” to the OU and nothing more.

 

The users login information was then put
in the *.sif file.  This in combination with Rich’s last response
did what I wanted which was added the machine to the specific OU with a user
that did not have administrative privileges.

 

The Remote Install folder share contained “Authenticated
Users” with Read access.  I removed that user group and left only
Administrators and SYSTEM with full access.  The reason why I did that is because
one, the share is not hidden from users on the network so anyone can browse to
the share and open and read the *.sif file that could contain information that
I may not want them to see.  For example, above mentioned user
information.  But if they did for some reason get access to read the file,
they wouldn’t be able to do much with it since it has minimal
permissions.

 

If I can, I have one more question that I
think would make my wish list complete.

 

In the *.sif file, under the
[Identification] group, I can specify MachineObjectOU and give it an LDAP value
of where I want the new installed machine to be.  I am already doing this
via the advance properties of the Remote Install Server.

 

Is there a way that I can add the machine
automatically to a specific group within the answer file?  Is there
another method.

 

Thank you all for your replies.  This
list rocks!

 

Edwin

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Tuesday, August 24, 2004
12:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Joining
Computers to a Domain



 

Hey Kevin - good to "read you"
;-)

 

just want to add, that you, Edwin, need
to differentiate where you want your non-admin user to place the computer
account.  The method given by Kevin is only applicable to add computers to
the default computers container in the domain. Unless you're running 2003 and
made some changes, this is not an OU, so you can't configure GPOs here...

 

Often you'll want to do the opposite:
disallow non-admin users to add computers to the default computers container
(e.g. by configuring the ms-DC-MachineAccountQuota to 0 or changing the
permissions for the Add workstations to domain user right), then grant
permissions to join clients to a specific OU - for the latter the
non-admin user needs to have create computer object permissions on the OU (and
since he's the owner after creating the account, he can also delete it...)

 

Realize though, that by default the
System-Properties UI of the clients will only join the computer to the default
computer container (which will fail if you've restricted this approach), unless
the non-admin users either first creates the computer account in the
appropriate OU, or you make him use NETDOM with the /OU option to join a client
to the correct OU at the time of the domain-join.

 

/Guido

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Sullivan
Sent: Tuesday, August 24, 2004
3:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Joining
Computers to a Domain

Edwin,

 

You can do this a couple of different
ways. First off, by default there is an attribute on the domain level called
ms-DC-MachineAccountQuota and the value is 10. This allows users to join 10
computers to the domain without additional permissions. You can change this
value if you need to.

 

If you want to give specific users the
ability to create machine accounts you can use Group Policy and give the Add
workstations to domain right to the users in question. (Computer
Configuration\Windows Settings\Security Settings\Local Policies\User Rights
Assignment\Add workstations to domain…)

 

This should do it. Also remember if the
systems are pre-created in AD you will not need to go through this.

 

Kevin

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin
Sent: Tuesday, August 24, 2004
8:01 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Joining
Computers to a Domain



 

I believe that I have read something like this before but
now that I need it, I cant find the answer.

 

I would like to be able to have a non-admin user with
permissions of nothing more than being able to add a computer to a
domain.  Is this possible?

 

Thank you for your responses.

 

Edwin

RE: [ActiveDir] Remote Installation Headaches

2004-08-24 Thread Noah Eiger 








You may also need to put the drivers in
the Flat CD image as well. I am not sure what hardware you are using but the
Dell Optiplex GX270 with its non-native gigabit cards caused me hell a while
back. This was useful:

 

http://forums.us.dell.com/supportforums/board/message?board.id=oplex_network&message.id=3927&c=us&l=en&s=dhs&cs=19

 

nme

 









From: Rich Milburn
[mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 24, 2004
7:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Remote
Installation Headaches



 

Edwin, there are two different things you
have to do:

1)  you have to get the drivers for the PXE boot, which you did, and 

2)  you have to add the drivers to the OS source.  I see you have
tried to do this, but sounds like it’s still not finding them.  It
can be tricky getting them in the right place.  You can put them in a
folder and reference to C:\drivers\NIC but I’ll have see if I can find
where I have #2 documented, unless someone else gets to it first.

 

The reason your computer is not joining
the domain is the NIC drivers, if the drivers installed it would join the
domain.  It can’t reach the domain to verify your account and
password and create the account, so it silently fails and does workgroup. 
Fix the NIC and this will fix itself.

 



Rich Milburn

MCSE, Microsoft MVP -
Directory Services

Sr Network Analyst, Field
Platform Development

Applebee's International,
Inc.

4551 W. 107th St

Overland Park, KS 66207

913-967-2819











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin
Sent: Tuesday, August 24, 2004
9:36 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Remote
Installation Headaches



 

I am attempting to use RIS and am getting problem after
problem.

 

I posted a question about PXE and the NIC being used and was
informed that I would have to download and use RIS specific drivers for the
network card I am using.

 

http://downloadfinder.intel.com/scripts-df/Detail_Desc.asp?agr=N&ProductID=407&DwnldID=6760

 

This worked great!  It did what I
needed.

 

Now, the install runs through with no
problem but when it has completed, I see that the NIC is not being recognized
nor the Audio card.  I don’t really care for the Audio right now.

 

Also, I am updating the ristndrd.sif file
to try and add the machine to the domain and have added the values as displayed
below:

 

[Identification]

JoinDomain = mydomain

DomainAdmin = User

DomainAdminPassword = "password"

 

The computer is being added to the OU that
I want (I assume when in Text Mode) but the machine doesn’t appear to be
a part of the domain once the new OS install is completed.  And if it was,
I would still need to resolve the NIC problem.

 

I have created and modified the same above
file to look for 3rd party drivers.  The driver files are
located in the specified locations.  The updated section of the file is
also below:

 

[Unattended]

OemPreinstall = no

NoWaitAfterTextMode = 0

FileSystem = LeaveAlone

ExtendOEMPartition = 0

ConfirmHardware = no

NtUpgrade = no

Win31Upgrade = no

TargetPath = \WINNT

OverwriteOemFilesOnUpgrade = no

OemSkipEula = yes

InstallFilesPath =
"\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"

OemPreinstall = yes

OemPnpDriversPath =
"Drivers\Audio;Drivers\NIC"

 

Why doesn’t the machine become a
part of the domain and how come the NIC isn’t being installed?









---APPLEBEE'S
INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- 
PRIVILEGED / CONFIDENTIAL
INFORMATION may be contained in this message or any attachments. This
information is strictly confidential and may be subject to attorney-client
privilege. This message is intended only for the use of the named addressee. If
you are not the intended recipient of this message, unauthorized forwarding,
printing, copying, distribution, or using such information is strictly
prohibited and may be unlawful. If you have received this in error, you should
kindly notify the sender by reply e-mail and immediately destroy this message.
Unauthorized interception of this e-mail is a violation of federal criminal
law. Applebee's International, Inc. reserves the right to monitor and review
the content of all messages sent to and from this e-mail address. Messages sent
to or from this e-mail address may be stored on the Applebee's International,
Inc. e-mail system.

RE: [ActiveDir] admt2.0 permissioning

2004-08-24 Thread Grillenmeier, Guido 
actually, it all depends on how you run ADMT. 
Often you'd want to split the requirements between user/group migration
and computer migration.


The rules for migrating users and groups are:
1. for the PES (Password export server) to work, the account used to
migrate the users must be a member of the LOCAL ADMIN group in the
SOURCE domain 
2. for SID-History to work, the account used to migrate must be a member
of the domain admins group on the TARGET domain

Both can only be fulfilled by adding a TARGET domain admin account to
the local administrator group in the SOURCE domain, since you can't add
a user from a different domain to the global domain admin group in your
TARGET domain. 


Then, to migrate the computers, you need local admin rights on the
clients in the SOURCE domain and appropriate permissions on the OU in
the TARGET domain - this can be achieved in various ways, e.g. by using
a SOURCE domain admin and then only granting permissions to add computer
objects to the respective OU in the target domain.  Or by first adding a
group from your target domain to the local admins of your clients and
then work with a TARGET domain user for the computer migration as well.


/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 12:42 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] admt2.0 permissioning

dear all, know this is real "old hat' by now but just wanted to confirm
issue of permissioning for an ADMT migration of a small NT 4.0 account
domain to a Windows 2000 domain. 

a quoted requirement is that 'sourcedomain/domain admins' is added to
'targetdomain/administrators" and vice-versa. 

is this a definite requirement for migration of just a 'catch all' that
grants everything ??

i dont understand why the 'sourcedomain/domain admins' need to have
admin privilege in the target domain  - THIS IS THE BIGGEST ISSUE 

- the issue here surely here is the context in which the ADMT is being
run - i do see why this needs Administrative rights on the desktops
being migrated and an elevated level of privilege on the target domain
to be able to create the necessary objects et al 

TIA 

GT 





List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] File Replication Services

2004-08-24 Thread Grillenmeier, Guido 
> The File Replication Service cannot replicate f:\users because it
overlaps 
> the replicating directory f:\users.

are you trying to use a LOCAL drive as a link target in DFS and then
replicate data from this to a local drive on some other server (via
FRS)? 

you should always use UNC path's for your link-targets in DFS
(independent of your wish to use FRS to replicate multiple link-targets)

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Filipe Joel de
Almeida
Sent: Tuesday, August 24, 2004 1:50 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] File Replication Services

Hi all,

I'm trying to set up a Domain DFS root working between 2 Windows 2000
servers (Both Domain Controllers).

I proceeded as I usually do, but there is no way for this to replicate!

The event viewer is full of errors, such as this ones:

__

The File Replication Service is unable to add this computer to the
following replica set: 
"_ROOT$|USERS" 
 
This could be caused by a number of problems such as: 
  --  an invalid root path,
  --  a missing directory,
  --  a missing disk volume,
  --  a file system on the volume that does not support NTFS 5.0 
 
The information below may help to resolve the problem: 
Computer DNS name is "server.csmf.local" 
Replica set member name is "{99C9ADCD-D6F3-4468-9E7C-9764EA2BDE7F}" 
Replica set root path is "f:\users" 
Replica staging directory path is "e:\frs-staging" 
Replica working directory path is "c:\winnt\ntfrs\jet" 
Windows error status code is ERROR_BAD_COMMAND FRS error status code is
FrsErrorResourceInUse 
 
Other event log messages may also help determine the problem.  Correct
the problem and the service will attempt to restart replication
automatically at a later time.




Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller
server.csmf.local for FRS replica set configuration information. 
 
 The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|grupos,cn=_root,cn=df
s
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a
invalid value for the attribute frsComputerReference.

The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|users,cn=_root,cn=dfs
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a
invalid value for the attribute frsComputerReference.

 
_

The File Replication Service cannot replicate f:\users because it
overlaps the replicating directory f:\users.
-


I only have one DFS root with 2 dfs links (users and groups).

One thing that might be causing this problem is that I used to have a
W2k3 server with the same name as one of this 2 servers, and it
completely crashed, so I had to re-install it with W2k and used the same
name... 

Anyone has any idea about how to make this work?

Filipe Joel de Almeida
Network Consultant
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Joining Computers to a Domain

2004-08-24 Thread Grillenmeier, Guido 



Hey Kevin - good to "read you" ;-)
 
just want to add, that you, Edwin, need to differentiate 
where you want your non-admin user to place the computer account.  The 
method given by Kevin is only applicable to add computers to the default 
computers container in the domain. Unless you're running 2003 and made some 
changes, this is not an OU, so you can't configure GPOs 
here...
 
Often you'll want to do the opposite: disallow non-admin 
users to add computers to the default computers container (e.g. by configuring 
the ms-DC-MachineAccountQuota to 0 or changing the permissions for the Add 
workstations to domain user right), then grant permissions to join clients to a 
specific OU - for the latter the non-admin user needs to have create 
computer object permissions on the OU (and since he's the owner after creating 
the account, he can also delete it...)
 
Realize though, that by default the System-Properties UI of 
the clients will only join the computer to the default computer container (which 
will fail if you've restricted this approach), unless the non-admin users either 
first creates the computer account in the appropriate OU, or you make him use 
NETDOM with the /OU option to join a client to the correct OU at the time of the 
domain-join.
 
/Guido


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin 
SullivanSent: Tuesday, August 24, 2004 3:24 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Joining 
Computers to a Domain


Edwin,
 
You can do this a 
couple of different ways. First off, by default there is an attribute on the 
domain level called ms-DC-MachineAccountQuota and the value is 10. This allows 
users to join 10 computers to the domain without additional permissions. You can 
change this value if you need to.
 
If you want to give 
specific users the ability to create machine accounts you can use Group Policy 
and give the Add workstations to domain right to the users in question. 
(Computer Configuration\Windows Settings\Security Settings\Local Policies\User 
Rights Assignment\Add workstations to domain…)
 
This should do it. Also 
remember if the systems are pre-created in AD you will not need to go through 
this.
 
Kevin
 
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of EdwinSent: Tuesday, August 24, 2004 8:01 
AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] Joining Computers to a 
Domain
 
I believe that I have read something 
like this before but now that I need it, I cant find the 
answer.
 
I would like to be able to have a 
non-admin user with permissions of nothing more than being able to add a 
computer to a domain.  Is this possible?
 
Thank you for your 
responses.
 
Edwin

RE: [ActiveDir] Replication Problems

2004-08-24 Thread Ken Cornetet 
Title: Message



I've 
seen that once before. In my case it was a DNS problem. Our child domain DCs are 
DNS secondaries for our root domain. One child DC's DNS was not pulling the 
parent zone.
 
Look 
for event log errors saying that a certain DC was not resolvable in 
DNS.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Raymond JetteSent: Tuesday, August 24, 2004 
  10:41 AMTo: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Replication Problems
  I am getting the 
  following error in Active Directory Replication Monitor:
   
  
  Failure Code 8452Failure 
  Reason  The naming context is 
  in the process of being removed or is not replicated from the specified 
  server.
   
  
  Has anyone seen this.
  Thanks for the help,
   
  Raymond 
  Jette
  Network 
  Administrator
  Mestek 
  Technologies, Inc
  Phone (413) 
  564-5691
  Cell (413) 
  883-2884
  [EMAIL PROTECTED]
   

Re: [ActiveDir] site link costs and AD replication

2004-08-24 Thread James_Day 
Jorge

We have seen the KCC on my DC in the Subsite will choose the best link at
that time, and will continue to use that site until the KCC runs again.
All traffic will replicate with the available DC in the Hubsite - whether
the server chooses hubsite1 or hubsite2.  In our case we are doing this,
and we see the links change only when the server in the site of choice is
down, and then change back later on.  In our case, hubsite1 has a more
powerful server then hubsite2 and thus tends to end up with all of the
replication traffic from each of the subsites (9 in total) after a bit of
time.

Regards;

James R. Day
National Park Service - AD Core Team
(202) 354-1464
Fax (202) 371-1549
[EMAIL PROTECTED]


   
  
  Jorge de Almeida Pinto   
  
  <[EMAIL PROTECTED]To:   [EMAIL PROTECTED]
  
  icacmg.com>cc:   (bcc: James 
Day/Contractor/NPS)   
  Sent by:   Subject:  [ActiveDir] site 
link costs and AD replication
  [EMAIL PROTECTED]

  dir.org  
  
   
  
   
  
  08/24/2004 05:57 PM ZE2  
  
  Please respond to ActiveDir  
  
   
  




Hi,


I'm bit curious about the following: what happens is a SUBSITE has a site
link with HUBSITE1 and the same SUBSITE has also a site link with HUBSITE2.
Both site links have the same schedules/interval/cost


Is the replication load "equally" devided between the site links (two
situations possible: half of the traffic goes through path 1 and the other
half through path 2, or this time path 1 is used, next time path 2 is used,
etc), or randomly chosen between the available site links, or always the
same site link is used


Regards,


Jorge



This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] site link costs and AD replication

2004-08-24 Thread Jorge de Almeida Pinto 
Title: site link costs and AD replication





Hi,

I'm bit curious about the following: what happens is a SUBSITE has a site link with HUBSITE1 and the same SUBSITE has also a site link with HUBSITE2. Both site links have the same schedules/interval/cost

Is the replication load "equally" devided between the site links (two situations possible: half of the traffic goes through path 1 and the other half through path 2, or this time path 1 is used, next time path 2 is used, etc), or randomly chosen between the available site links, or always the same site link is used

Regards,

Jorge



This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

[ActiveDir] Replication Problems

2004-08-24 Thread Raymond Jette 



I am getting the 
following error in Active Directory Replication Monitor:
 

Failure Code 8452Failure 
Reason  The naming context is in 
the process of being removed or is not replicated from the specified 
server.
 

Has anyone seen this.
Thanks for the help,
 
Raymond 
Jette
Network 
Administrator
Mestek Technologies, 
Inc
Phone (413) 
564-5691
Cell (413) 
883-2884
[EMAIL PROTECTED]
 

RE: [ActiveDir] Remote Installation Headaches

2004-08-24 Thread Rich Milburn 








http://support.microsoft.com/default.aspx?scid=kb;en-us;314479

 

here’s a good article, it might fill
in what you’re missing – it discusses the $OEM$ path.

 



Rich Milburn

MCSE, Microsoft MVP -
Directory Services

Sr Network Analyst, Field
Platform Development

Applebee's International,
Inc.

4551 W. 107th St

Overland Park, KS 66207

913-967-2819











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin
Sent: Tuesday, August 24, 2004
9:36 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Remote
Installation Headaches



 

I am attempting to use RIS and am getting problem after
problem.

 

I posted a question about PXE and the NIC being used and was
informed that I would have to download and use RIS specific drivers for the
network card I am using.

 

http://downloadfinder.intel.com/scripts-df/Detail_Desc.asp?agr=N&ProductID=407&DwnldID=6760

 

This worked great!  It did what I
needed.

 

Now, the install runs through with no
problem but when it has completed, I see that the NIC is not being recognized
nor the Audio card.  I don’t really care for the Audio right now.

 

Also, I am updating the ristndrd.sif file
to try and add the machine to the domain and have added the values as displayed
below:

 

[Identification]

JoinDomain = mydomain

DomainAdmin = User

DomainAdminPassword = "password"

 

The computer is being added to the OU that
I want (I assume when in Text Mode) but the machine doesn’t appear to be
a part of the domain once the new OS install is completed.  And if it was,
I would still need to resolve the NIC problem.

 

I have created and modified the same above
file to look for 3rd party drivers.  The driver files are
located in the specified locations.  The updated section of the file is
also below:

 

[Unattended]

OemPreinstall = no

NoWaitAfterTextMode = 0

FileSystem = LeaveAlone

ExtendOEMPartition = 0

ConfirmHardware = no

NtUpgrade = no

Win31Upgrade = no

TargetPath = \WINNT

OverwriteOemFilesOnUpgrade = no

OemSkipEula = yes

InstallFilesPath =
"\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"

OemPreinstall = yes

OemPnpDriversPath = "Drivers\Audio;Drivers\NIC"

 

Why doesn’t the machine become a
part of the domain and how come the NIC isn’t being installed?





---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- 
PRIVILEGED / 
CONFIDENTIAL INFORMATION may be contained in this message or any attachments. 
This information is strictly confidential and may be subject to attorney-client 
privilege. This message is intended only for the use of the named addressee. If 
you are not the intended recipient of this message, unauthorized forwarding, 
printing, copying, distribution, or using such information is strictly 
prohibited and may be unlawful. If you have received this in error, you should 
kindly notify the sender by reply e-mail and immediately destroy this message. 
Unauthorized interception of this e-mail is a violation of federal criminal law. 
Applebee's International, Inc. reserves the right to monitor and review the 
content of all messages sent to and from this e-mail address. Messages sent to 
or from this e-mail address may be stored on the Applebee's International, Inc. 
e-mail system.

RE: [ActiveDir] Remote Installation Headaches

2004-08-24 Thread Rich Milburn 








Edwin, there are two different things you
have to do:

1) 
you have to get the
drivers for the PXE boot, which you did, and 

2) 
you have to add the
drivers to the OS source.  I see you have tried to do this, but sounds like it’s
still not finding them.  It can be tricky getting them in the right place.  You
can put them in a folder and reference to C:\drivers\NIC but I’ll have
see if I can find where I have #2 documented, unless someone else gets to it
first.

 

The reason your computer is not joining
the domain is the NIC drivers, if the drivers installed it would join the
domain.  It can’t reach the domain to verify your account and password
and create the account, so it silently fails and does workgroup.  Fix the NIC
and this will fix itself.

 



Rich Milburn

MCSE, Microsoft MVP -
Directory Services

Sr Network Analyst, Field
Platform Development

Applebee's International,
Inc.

4551 W. 107th St

Overland Park, KS 66207

913-967-2819











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin
Sent: Tuesday, August 24, 2004
9:36 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Remote
Installation Headaches



 

I am attempting to use RIS and am getting problem after
problem.

 

I posted a question about PXE and the NIC being used and was
informed that I would have to download and use RIS specific drivers for the
network card I am using.

 

http://downloadfinder.intel.com/scripts-df/Detail_Desc.asp?agr=N&ProductID=407&DwnldID=6760

 

This worked great!  It did what I
needed.

 

Now, the install runs through with no
problem but when it has completed, I see that the NIC is not being recognized
nor the Audio card.  I don’t really care for the Audio right now.

 

Also, I am updating the ristndrd.sif file
to try and add the machine to the domain and have added the values as displayed
below:

 

[Identification]

JoinDomain = mydomain

DomainAdmin = User

DomainAdminPassword = "password"

 

The computer is being added to the OU that
I want (I assume when in Text Mode) but the machine doesn’t appear to be
a part of the domain once the new OS install is completed.  And if it was,
I would still need to resolve the NIC problem.

 

I have created and modified the same above
file to look for 3rd party drivers.  The driver files are
located in the specified locations.  The updated section of the file is
also below:

 

[Unattended]

OemPreinstall = no

NoWaitAfterTextMode = 0

FileSystem = LeaveAlone

ExtendOEMPartition = 0

ConfirmHardware = no

NtUpgrade = no

Win31Upgrade = no

TargetPath = \WINNT

OverwriteOemFilesOnUpgrade = no

OemSkipEula = yes

InstallFilesPath =
"\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"

OemPreinstall = yes

OemPnpDriversPath =
"Drivers\Audio;Drivers\NIC"

 

Why doesn’t the machine become a
part of the domain and how come the NIC isn’t being installed?





---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- 
PRIVILEGED / 
CONFIDENTIAL INFORMATION may be contained in this message or any attachments. 
This information is strictly confidential and may be subject to attorney-client 
privilege. This message is intended only for the use of the named addressee. If 
you are not the intended recipient of this message, unauthorized forwarding, 
printing, copying, distribution, or using such information is strictly 
prohibited and may be unlawful. If you have received this in error, you should 
kindly notify the sender by reply e-mail and immediately destroy this message. 
Unauthorized interception of this e-mail is a violation of federal criminal law. 
Applebee's International, Inc. reserves the right to monitor and review the 
content of all messages sent to and from this e-mail address. Messages sent to 
or from this e-mail address may be stored on the Applebee's International, Inc. 
e-mail system.

[ActiveDir] Remote Installation Headaches

2004-08-24 Thread Edwin 








I am attempting to use RIS and am getting problem after
problem.

 

I posted a question about PXE and the NIC being used and was
informed that I would have to download and use RIS specific drivers for the
network card I am using.

 

http://downloadfinder.intel.com/scripts-df/Detail_Desc.asp?agr=N&ProductID=407&DwnldID=6760

 

This worked great!  It did what I
needed.

 

Now, the install runs through with no
problem but when it has completed, I see that the NIC is not being recognized
nor the Audio card.  I don’t really care for the Audio right now.

 

Also, I am updating the ristndrd.sif file
to try and add the machine to the domain and have added the values as displayed
below:

 

[Identification]

JoinDomain = mydomain

DomainAdmin = User

DomainAdminPassword = "password"

 

The computer is being added to the OU that
I want (I assume when in Text Mode) but the machine doesn’t appear to be
a part of the domain once the new OS install is completed.  And if it was,
I would still need to resolve the NIC problem.

 

I have created and modified the same above
file to look for 3rd party drivers.  The driver files are
located in the specified locations.  The updated section of the file is
also below:

 

[Unattended]

OemPreinstall = no

NoWaitAfterTextMode = 0

FileSystem = LeaveAlone

ExtendOEMPartition = 0

ConfirmHardware = no

NtUpgrade = no

Win31Upgrade = no

TargetPath = \WINNT

OverwriteOemFilesOnUpgrade = no

OemSkipEula = yes

InstallFilesPath = "\\%SERVERNAME%\RemInst\%INSTALLPATH%\%MACHINETYPE%"

OemPreinstall = yes

OemPnpDriversPath =
"Drivers\Audio;Drivers\NIC"

 

Why doesn’t the machine become a
part of the domain and how come the NIC isn’t being installed?

[ActiveDir] Service Pack 2 And AD

2004-08-24 Thread Philadelphia, Lynden - Revios Toronto 








Does anyone know where I can get the adm to configure
the XP clients in active Directory?






This message is intended for the use of the individual or entity to which it is 
addressed and may contain information that is privileged, confidential and exempt from 
disclosure under applicable law.  If the reader of this message in not the intended 
recipient or the employer or agent responsible for delivering the message to the 
recipient, you are hereby notified that dissemination, distribution or copying of this 
communication is strictly prohibited.  If you have received this communication in 
error, please notify us immediately by email or telephone, and delete this message and 
all of its attachments.

RE: [ActiveDir] Service Pack 2

2004-08-24 Thread Robert Rutherford 
Title: Message








It plays havoc with a number of main
stream applications so I’d tread carefully: - http://www.desktoppipeline.com/29116549

 

It depends how big your user base is I
guess… If you only have 20 or so users and a few apps then check them out
in a lab and then run with it if you feel safe. If you are larger, i.e. 200+
users then it may be better to document all your apps and contact the vendors
for confirmation that they work with SP2. I’d also build a lab up for my
own peace of mind and then deploy to a pilot group for a duration before going
live with it.

 

Personally, I have it installed on my laptop
and will just watch the news, etc to see what happens for the next 8 weeks at
least! I have been burned on MS service packs before so a bit shy of service
packs on there initial release.

 

Rob

 









From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Adams, Kenneth W (Ken)
Sent: 24 August 2004 14:07
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Service
Pack 2



 



Installing or not installing Windows XP
Service Pack 2 is a matter of personal choice at this time.  Set up a test
machine that you don't care about formatting if needed, install Windows XP with
SP2, and test your applications, including wireless connectivity.





 





You need to make up your own
opinion.  The company I work for has chosen not to install SP2 until we
have more time to learn how to configure the firewall in our environment. 
We will install it, just not until we've tested the majority of the services
and applications we use.



Ken
Adams 

-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia, Lynden - Revios Toronto
Sent: Tuesday, August 24, 2004
8:59 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Service Pack
2

Is there a reason one shouldn't install service pack
2?  I hear it messes up wireless network. Any truth to this?


===
Scanned for virus infection by Messagelabs
===

RE: [ActiveDir] Service Pack 2

2004-08-24 Thread Adams, Kenneth W \(Ken\) 
Title: Message



Installing or not installing Windows XP Service Pack 2 is a matter of 
personal choice at this time.  Set up a test machine that you don't care 
about formatting if needed, install Windows XP with SP2, and test your 
applications, including wireless connectivity.
 
You 
need to make up your own opinion.  The company I work for has chosen not to 
install SP2 until we have more time to learn how to configure the firewall in 
our environment.  We will install it, just not until we've tested the 
majority of the services and applications we use.
Ken Adams 

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Philadelphia, Lynden - Revios TorontoSent: 
Tuesday, August 24, 2004 8:59 AMTo: 
'[EMAIL PROTECTED]'Subject: [ActiveDir] Service Pack 
2

Is there a reason one shouldn't install service pack 
2?  I hear it messes up wireless network. Any truth to 
this?

[ActiveDir] Service Pack 2

2004-08-24 Thread Philadelphia, Lynden - Revios Toronto 








Is there a reason one shouldn't install service pack
2?  I hear it messes up wireless network. Any truth to this?






This message is intended for the use of the individual or entity to which it is 
addressed and may contain information that is privileged, confidential and exempt from 
disclosure under applicable law.  If the reader of this message in not the intended 
recipient or the employer or agent responsible for delivering the message to the 
recipient, you are hereby notified that dissemination, distribution or copying of this 
communication is strictly prohibited.  If you have received this communication in 
error, please notify us immediately by email or telephone, and delete this message and 
all of its attachments.

RE: [ActiveDir] Joining Computers to a Domain

2004-08-24 Thread Marcus.Oh 








Yep… they need to have create object
rights for computer objects on whatever OU you want the machines placed.

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin
Sent: Tuesday, August 24, 2004
8:01 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Joining
Computers to a Domain



 

I believe that I have read something like this before but
now that I need it, I cant find the answer.

 

I would like to be able to have a non-admin user with permissions
of nothing more than being able to add a computer to a domain.  Is this
possible?

 

Thank you for your responses.

 

Edwin

RE: [ActiveDir] Joining Computers to a Domain

2004-08-24 Thread Adams, Kenneth W \(Ken\) 
Title: Message



Yes, 
you can set permissions on individual accounts to permit only adding computers 
to the domain.  The way I've done it is to set the permissions on the OU 
that will contain the computers.  Open that OU's properties, go to the 
Security tab, add the user's ID, then set the permissions for the user's ID to 
add computers.
 
I 
highly recommend creating a group that contains the user IDs of all such people, 
then add the group to the OU's permissions and set the group's permissions to 
add computers.  The use of the group allows easier admin to add or remove 
people from the ability to add computers.
Ken Adams 

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of EdwinSent: Tuesday, August 24, 2004 8:01 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
Joining Computers to a Domain

I believe that I have read something 
like this before but now that I need it, I cant find the 
answer.
 
I would like to be able to have a 
non-admin user with permissions of nothing more than being able to add a 
computer to a domain.  Is this possible?
 
Thank you for your 
responses.
 
Edwin

RE: [ActiveDir] [LIST-OWNER] Justice.....

2004-08-24 Thread Craig Cerino 
My bad

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, August 24, 2004 7:54 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] [LIST-OWNER] Justice.


Ok, thanks guys.  I had already unsubbed the offending email address shortly after his 
post.

Please can we close this thread now.

-- Original Message --
From: "George Arezina" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Tue, 24 Aug 2004 13:38:45 +0200

I SECOND THAT!!! 
KEEP POLITICAL ISSUES OUT OF THE FORUM.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Craig Cerino
Sent: Tuesday, August 24, 2004 13:19
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Justice for Victims of Agent Orange

You are cordially invited to kiss my arse for using this forum as a
political soundboard. Duma-Nhieu


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of MAI ANH TUAN
Sent: Monday, August 23, 2004 8:35 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Justice for Victims of Agent Orange

This mail do not contain technical issue, I write this message to appeal to
all member's generosity.
Please visit and sign your signature at: http://www.petitiononline.com/AOVN/


"AGENT ORANGE, THE CHEMICAL, has killed, is still killing, and causing great
suffering to over three million people in Vietnam. 

PLEASE HELP THEM BY SIGNING THIS PETITION. 

We welcome and support the Civil Action brought by the Vietnam Association
of Victims of Agent Orange/Dioxin, and three Vietnamese victims. The
documents have been submitted to a court in New York, on behalf of all
affected by the chemicals used by the American Forces in their War on
Vietnam. 

This will be the first ever such action by Vietnamese victims of Agent
Orange in any court of law. 

We call upon the U.S. President, Government and the Chemical Companies named
as defendants in the documents, to accept their responsibilities for the
damage caused by their actions and products, and to pay full compensation to
the vict"

Thank you.
___
M a i  A n h  T u a n
Networking and system service - Information technology center - Electricity
of Vietnam.
?  84-4-9741910 (ext 672)
  [EMAIL PROTECTED] 
- MCSA on Microsoft Windows Server 2003
- MCSE on Microsoft Windows 2000
- MCDBA on Microsoft SQL Server 2000


.+-w m 
 ib?b +_  ?E   0 +v* ?+- f.+-j!  i  j) j! rib??b 4- 


Informacija sa Opportunity International Serbia putem e-maila je bez garancije. 
Zakljucivanje pravnih poslova putem ovog medija nije dozvoljeno. Ovaj e-mail moze 
sadrzati poverljive i/ili povlascene informacije. Ukoliko ste ovaj e-mail primili 
greskom, ovim putem vas obavestavamo da je svako otkrivanje, kopiranje, distribucija 
ili preduzimanje bilo kakvih aktivnosti u vezi njegovog sadrzaja strogo zabranjeno i 
moze biti nezakonito. Ukoliko ste e-mail primili greskom, molimo Vas da nas odmah 
obavestite tako sto cete odgovoriti na ovaj email, a zatim ga izbrisite iz vaseg 
sistema.



The exchange of messages with Opportunity International Serbia via e-mail is not 
binding. Declarations regarding legal transactions must not be exchanged via this 
medium. The information contained in this e-mail message is confidential and intended 
exclusively for the addressee. Persons receiving this e-mail message who are not the 
named addressee (or his/her co-workers, or persons authorized to take delivery) must 
not use, forward or reproduce its contents. If you have received this e-mail message 
by mistake, please contact us immediately and delete this email message beyond 
retrieval.




List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 





Sent via the WebMail system at mail.activedir.org


 
   

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Joining Computers to a Domain

2004-08-24 Thread Edwin 








I believe that I have read something like this before but
now that I need it, I cant find the answer.

 

I would like to be able to have a non-admin user with
permissions of nothing more than being able to add a computer to a domain.  Is
this possible?

 

Thank you for your responses.

 

Edwin

Re: [ActiveDir] AD Restore

2004-08-24 Thread Tony Murray 
Christine

Most of the issues are covered in this KB:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q263532

Tony
-- Original Message --
From: Christine Easton <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Tue, 24 Aug 2004 07:37:28 -0400

Dear Guru's

I'm a newbie trying to build a AD lab environment (to test forest prep,
domain prep)by doing a restore of my 2000 AD.  Are there any issues
restoring the system state to different hardware?  Any gottcha's?  Thanks
for any help!
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] [LIST-OWNER] Justice.....

2004-08-24 Thread Tony Murray 

Ok, thanks guys.  I had already unsubbed the offending email address shortly after his 
post.

Please can we close this thread now.

-- Original Message --
From: "George Arezina" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Tue, 24 Aug 2004 13:38:45 +0200

I SECOND THAT!!!
KEEP POLITICAL ISSUES OUT OF THE FORUM.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Craig Cerino
Sent: Tuesday, August 24, 2004 13:19
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Justice for Victims of Agent Orange

You are cordially invited to kiss my arse for using this forum as a
political soundboard. Duma-Nhieu


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of MAI ANH TUAN
Sent: Monday, August 23, 2004 8:35 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Justice for Victims of Agent Orange

This mail do not contain technical issue, I write this message to appeal to
all member's generosity.
Please visit and sign your signature at: http://www.petitiononline.com/AOVN/


"AGENT ORANGE, THE CHEMICAL, has killed, is still killing, and causing great
suffering to over three million people in Vietnam.

PLEASE HELP THEM BY SIGNING THIS PETITION.

We welcome and support the Civil Action brought by the Vietnam Association
of Victims of Agent Orange/Dioxin, and three Vietnamese victims. The
documents have been submitted to a court in New York, on behalf of all
affected by the chemicals used by the American Forces in their War on
Vietnam.

This will be the first ever such action by Vietnamese victims of Agent
Orange in any court of law.

We call upon the U.S. President, Government and the Chemical Companies named
as defendants in the documents, to accept their responsibilities for the
damage caused by their actions and products, and to pay full compensation to
the vict"

Thank you.
___
M a i  A n h  T u a n
Networking and system service - Information technology center - Electricity
of Vietnam.
?  84-4-9741910 (ext 672)
  [EMAIL PROTECTED]
- MCSA on Microsoft Windows Server 2003
- MCSE on Microsoft Windows 2000
- MCDBA on Microsoft SQL Server 2000


.+-w m
 ib?b +_  ?E   0 +v* ?+- f.+-j!  i  j) j! rib??b 4-


Informacija sa Opportunity International Serbia putem e-maila je bez garancije. 
Zakljucivanje pravnih poslova putem ovog medija nije dozvoljeno. Ovaj e-mail moze 
sadrzati poverljive i/ili povlascene informacije. Ukoliko ste ovaj e-mail primili 
greskom, ovim putem vas obavestavamo da je svako otkrivanje, kopiranje, distribucija 
ili preduzimanje bilo kakvih aktivnosti u vezi njegovog sadrzaja strogo zabranjeno i 
moze biti nezakonito. Ukoliko ste e-mail primili greskom, molimo Vas da nas odmah 
obavestite tako sto cete odgovoriti na ovaj email, a zatim ga izbrisite iz vaseg 
sistema.



The exchange of messages with Opportunity International Serbia via e-mail is not 
binding. Declarations regarding legal transactions must not be exchanged via this 
medium. The information contained in this e-mail message is confidential and intended 
exclusively for the addressee. Persons receiving this e-mail message who are not the 
named addressee (or his/her co-workers, or persons authorized to take delivery) must 
not use, forward or reproduce its contents. If you have received this e-mail message 
by mistake, please contact us immediately and delete this email message beyond 
retrieval.




List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/







Sent via the WebMail system at mail.activedir.org





List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] File Replication Services

2004-08-24 Thread Filipe Joel de Almeida 
Hi all,

I'm trying to set up a Domain DFS root working between 2 Windows 2000
servers (Both Domain Controllers).

I proceeded as I usually do, but there is no way for this to replicate!

The event viewer is full of errors, such as this ones:

__

The File Replication Service is unable to add this computer to the following
replica set: 
"_ROOT$|USERS" 
 
This could be caused by a number of problems such as: 
  --  an invalid root path,
  --  a missing directory,
  --  a missing disk volume,
  --  a file system on the volume that does not support NTFS 5.0 
 
The information below may help to resolve the problem: 
Computer DNS name is "server.csmf.local" 
Replica set member name is "{99C9ADCD-D6F3-4468-9E7C-9764EA2BDE7F}" 
Replica set root path is "f:\users" 
Replica staging directory path is "e:\frs-staging" 
Replica working directory path is "c:\winnt\ntfrs\jet" 
Windows error status code is ERROR_BAD_COMMAND FRS error status code is
FrsErrorResourceInUse 
 
Other event log messages may also help determine the problem.  Correct the
problem and the service will attempt to restart replication automatically at
a later time.




Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller server.csmf.local
for FRS replica set configuration information. 
 
 The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|grupos,cn=_root,cn=dfs
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a invalid
value for the attribute frsComputerReference.

The nTFRSMember object
cn={4f36c0a7-23da-4535-89ae-148f1538c4df},cn=_root|users,cn=_root,cn=dfs
volumes,cn=file replication service,cn=system,dc=csmf,dc=local has a invalid
value for the attribute frsComputerReference.

 
_

The File Replication Service cannot replicate f:\users because it overlaps
the replicating directory f:\users.
-


I only have one DFS root with 2 dfs links (users and groups).

One thing that might be causing this problem is that I used to have a W2k3
server with the same name as one of this 2 servers, and it completely
crashed, so I had to re-install it with W2k and used the same name... 

Anyone has any idea about how to make this work?

Filipe Joel de Almeida
Network Consultant
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Justice for Victims of Agent Orange

2004-08-24 Thread George Arezina 
I SECOND THAT!!! 
KEEP POLITICAL ISSUES OUT OF THE FORUM.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Craig Cerino
Sent: Tuesday, August 24, 2004 13:19
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Justice for Victims of Agent Orange

You are cordially invited to kiss my arse for using this forum as a
political soundboard. Duma-Nhieu


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of MAI ANH TUAN
Sent: Monday, August 23, 2004 8:35 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Justice for Victims of Agent Orange

This mail do not contain technical issue, I write this message to appeal to
all member's generosity.
Please visit and sign your signature at: http://www.petitiononline.com/AOVN/


"AGENT ORANGE, THE CHEMICAL, has killed, is still killing, and causing great
suffering to over three million people in Vietnam. 

PLEASE HELP THEM BY SIGNING THIS PETITION. 

We welcome and support the Civil Action brought by the Vietnam Association
of Victims of Agent Orange/Dioxin, and three Vietnamese victims. The
documents have been submitted to a court in New York, on behalf of all
affected by the chemicals used by the American Forces in their War on
Vietnam. 

This will be the first ever such action by Vietnamese victims of Agent
Orange in any court of law. 

We call upon the U.S. President, Government and the Chemical Companies named
as defendants in the documents, to accept their responsibilities for the
damage caused by their actions and products, and to pay full compensation to
the vict"

Thank you.
___
M a i  A n h  T u a n
Networking and system service - Information technology center - Electricity
of Vietnam.
?  84-4-9741910 (ext 672)
  [EMAIL PROTECTED] 
- MCSA on Microsoft Windows Server 2003
- MCSE on Microsoft Windows 2000
- MCDBA on Microsoft SQL Server 2000


.+-w m 
 ib?b +_  ?E   0 +v* ?+- f.+-j!  i  j) j! rib??b 4- 


Informacija sa Opportunity International Serbia putem e-maila je bez garancije. 
Zakljucivanje pravnih poslova putem ovog medija nije dozvoljeno. Ovaj e-mail moze 
sadrzati poverljive i/ili povlascene informacije. Ukoliko ste ovaj e-mail primili 
greskom, ovim putem vas obavestavamo da je svako otkrivanje, kopiranje, distribucija 
ili preduzimanje bilo kakvih aktivnosti u vezi njegovog sadrzaja strogo zabranjeno i 
moze biti nezakonito. Ukoliko ste e-mail primili greskom, molimo Vas da nas odmah 
obavestite tako sto cete odgovoriti na ovaj email, a zatim ga izbrisite iz vaseg 
sistema.



The exchange of messages with Opportunity International Serbia via e-mail is not 
binding. Declarations regarding legal transactions must not be exchanged via this 
medium. The information contained in this e-mail message is confidential and intended 
exclusively for the addressee. Persons receiving this e-mail message who are not the 
named addressee (or his/her co-workers, or persons authorized to take delivery) must 
not use, forward or reproduce its contents. If you have received this e-mail message 
by mistake, please contact us immediately and delete this email message beyond 
retrieval.




List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] AD Restore

2004-08-24 Thread Christine Easton 
Dear Guru's

I'm a newbie trying to build a AD lab environment (to test forest prep,
domain prep)by doing a restore of my 2000 AD.  Are there any issues
restoring the system state to different hardware?  Any gottcha's?  Thanks
for any help!
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Justice for Victims of Agent Orange

2004-08-24 Thread Craig Cerino 
You are cordially invited to kiss my arse for using this forum as a political 
soundboard. Duma-Nhieu


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MAI ANH TUAN
Sent: Monday, August 23, 2004 8:35 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Justice for Victims of Agent Orange

This mail do not contain technical issue, I write this message to appeal to all 
member's generosity.
Please visit and sign your signature at: http://www.petitiononline.com/AOVN/


"AGENT ORANGE, THE CHEMICAL, has killed, is still killing, and causing great suffering 
to over three million people in Vietnam. 

PLEASE HELP THEM BY SIGNING THIS PETITION. 

We welcome and support the Civil Action brought by the Vietnam Association of Victims 
of Agent Orange/Dioxin, and three Vietnamese victims. The documents have been 
submitted to a court in New York, on behalf of all affected by the chemicals used by 
the American Forces in their War on Vietnam. 

This will be the first ever such action by Vietnamese victims of Agent Orange in any 
court of law. 

We call upon the U.S. President, Government and the Chemical Companies named as 
defendants in the documents, to accept their responsibilities for the damage caused by 
their actions and products, and to pay full compensation to the vict"

Thank you.
___
M a i A n h T u a n
Networking and system service - Information technology center - Electricity of Vietnam.
ï 84-4-9741910 (ext 672)
 [EMAIL PROTECTED] 
- MCSA on Microsoft Windows Server 2003
- MCSE on Microsoft Windows 2000
- MCDBA on Microsoft SQL Server 2000


.+-Šwè†Ûiÿü0Á-Š÷+ƒùšŠYb²Øm˜¸¬´P†Ûiÿü0Á-Š÷+ƒùb²×Úf.+-j·!Š÷¡¶Úÿ
0™¨¥j·!Š÷œ¢oÚrØyØãIšŠVœ¶+Þv*è®

RE: [ActiveDir] RID master problem or...?

2004-08-24 Thread Esteban Sonofthesun 
Hello,
 
I solved the problem by adding another DC on the network. And replicate with the master...
 
Thanks...
EstebanRobert Rutherford <[EMAIL PROTECTED]> wrote:









Dcdiag even :O)
 




From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert RutherfordSent: 23 August 2004 12:09To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] RID master problem or...?
 
Let’s take this a step at a time…
 
1) Save off the event logs, clear them and then bounce the box… lets start from a clean base if possible. Re-run the dcpromo.
 
BR
 
Rob
 




From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Esteban SonofthesunSent: 23 August 2004 11:52To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] RID master problem or...?
 




Hi Robert,

 

I'm openning ADUC from server. 

 

1) I checked RID Master is available. (it is the RID master, there is no other DC on this domain)

2) i attached the dcdiag file.

 

Thanks for your interest.
__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ===Scanned for virus infection by Messagelabs===
===Email security provided by Modrus using MessageLabs Email Securitywww.modrus.com==Scanned for virus infection by Messagelabs===
		Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!

[ActiveDir] admt2.0 permissioning

2004-08-24 Thread gturner 
dear all, know this is real "old hat' by now but just wanted to confirm issue of 
permissioning for an ADMT migration of a small NT 4.0 account domain to a Windows 2000 
domain. 

a quoted requirement is that 'sourcedomain/domain admins' is added to 
'targetdomain/administrators" and vice-versa. 

is this a definite requirement for migration of just a 'catch all' that grants 
everything ??

i dont understand why the 'sourcedomain/domain admins' need to have admin privilege in 
the target domain  - THIS IS THE BIGGEST ISSUE 

- the issue here surely here is the context in which the ADMT is being run - i do see 
why this needs Administrative rights on the desktops being migrated and an elevated 
level of privilege on the target domain to be able to create the necessary objects et 
al 

TIA 

GT 





List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] By design or configurable ?

2004-08-24 Thread Ulf B. Simon-Weidner 
Hi Guy,

took me a while to find the Article again, here it is:

312571 The Event Log Stops Logging Events Before Reaching the Maximum Log
Size
http://support.microsoft.com/?ln=en&id=312571

It describes how you are able to configure a feature to automatically dump
the eventlog into a file if it reaches it's maximum length.

You do have to take care what to do with those dumps and delete them from
the machine, but this helps to keep the filespace used by dumps somewhat
dynamic but not to big.

I've included this in some of the backup jobs at customers to move the
dumpfiles away daily, so no worries if the events logged at a specific day
would be more than the memory allowed for the log, and no events are lost. 

HTH

Gruesse - Sincerely,
 
Ulf B. Simon-Weidner

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Guy Teverovsky
> Sent: Saturday, August 21, 2004 2:48 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] By design or configurable ?
> 
> 
> In my environment, when W2K3 DC boots with security logs full, the
> replication from that DC stops till the security log is cleared and the
> box is rebooted.
> The interesting thing is that after the security logs become full (while
> the box is online) the replication continues to work till the box is
> rebooted with full log.
> 
> So the question is whether this can be prevented (we do have a routine
> which takes care of security logs archiving, but it failed on one of the
> DCs and I would like to prevent the replication from breaking again).
> 
> And another OT question:
> When logging on to XP with cached credentials, is the Kerberos ticket
> cached too ? And if yes, what happens when the ticket expires and the
> box is reconnected to the network: will it seamlessly try to renew the
> ticked ?
> 
> Thanks,
> Guy
> 
> --
> Smith & Wesson - the original point and click interface
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/