RE: [ActiveDir] Active Directory Programming
Thanks again Joe and Darren I did a R&D of how the GPO’s are getting stored. I will share info with you. First I took the backup of a GPO then observed that GptTmpl.inf stores few information other than Administrative Template settings. Then reset the information in the GptTmpl.inf and imported settings to the same GPO. I found that changes was reflecting. Now my only issue is All the Administrative Template settings is stored in Registry.pol. Now I need to the overwrite the registry.pol with the few changes. So that Administrative template settings changes can be reflected. Do Any one know how to edit the registry.pol file. Regview is a tool available only to view the contents of the registry.pol Suggestions are welcome. Thanks Again Naren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Monday, September 20, 2004 7:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Programming To add onto what Joe said, check out the GPMC, which provides a set of COM/.Net interfaces for doing a few more tasks against Group Policy, including being able to manipulate gpLinks, set permissions on a GPO and ability to create/backup GPOs. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, September 20, 2004 6:25 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Programming You can't edit the specific GPO settings that are applied to users and computers through any of the interfaces currently. You can only manipulate things like GPO displayname, enabled/disable the user or computer pieces of a gpo, etc. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NARENDRA K V - SPAN Sent: Monday, September 20, 2004 7:52 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Programming I need to edit the Group Policy settings via API. In MSDN site it mentions that using IGroupPolicyObject we can achive it. If any one has already worked on those please help me out. Or even suggestions would be helpful. Thanks Again Naren DISCLAIMER This email message and any attachments is confidential and intended only for the use of an individual or entity named above and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or [EMAIL PROTECTED] and destroy the original message. Opinions, conclusions, and other information in this message that do not relate to the official business of SPAN, shall be understood to be neither given nor endorsed by SPAN Queries to: [EMAIL PROTECTED] DISCLAIMER This email message and any attachments is confidential and intended only for the use of an individual or entity named above and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or [EMAIL PROTECTED] and destroy the original message. Opinions, conclusions, and other information in this message that do not relate to the official business of SPAN, shall be understood to be neither given nor endorsed by SPAN Queries to: [EMAIL PROTECTED]
RE: [ActiveDir] DNS/prisoner.iana.org Error
This is telling you that your 192.168 subnet does not have a reverse zone. The 192.168/16 block belongs to IANA (it's essentially "reserved", along with other blocks). If your DNS server tries to reverse resolve anything in that range, and you don't have an authoritative zone, then it goes out and asks. The IANA servers will tell it to go to hell/blackhole/prison/somewhere. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Noah EigerSent: Mon 9/20/2004 1:00 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] DNS/prisoner.iana.org Error Hi – I have a single-DC domain that keeps getting the following error in the Event Log. Web searches are somewhat inconclusive about what this means. The DC runs DNS, which is AD Integrated and forwards to a public, non-NT DNS server. Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40961 Date: 9/20/2004 Time: 12:01:24 PM User: N/A Computer: SERVER1 Description: The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp Any ideas? -- nme List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO comparison across domains
In terms of out-of-the-box solutions, there really aren't any. The best you might be able to do is use GPMC to export the settings report for two GPOs to HTML or XML and then use Windiff to visually compare the differences. Its fairly ugly but that's what I know of for free. There are several 3rd party products for GP management that include compare features as part of their feature set. Email me off line if you'd like a list. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Baudino Sent: Monday, September 20, 2004 2:25 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] GPO comparison across domains All, Is there an easy way, via GPMC or other, to compare the settings of two GPO's from separate domains side by side and determine whether the settings are identical? Thanks, Mike *** PLEASE NOTE *** This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] GPO comparison across domains
All, Is there an easy way, via GPMC or other, to compare the settings of two GPO's from separate domains side by side and determine whether the settings are identical? Thanks, Mike *** PLEASE NOTE *** This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Little OT XP Firewall/SP2
Is there any settings known for Group policies or the firewall that would keep the sms client from loading upon joining the domain and a user account logging in for the first time. If I login to that machine with and admin account the sms client loads correctly. But if I log in with a standard domain user account it doesn't load. It works fine on my workstation 2000 machines. Just doesn't work on the XP sp2 client. Any Ideas List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Move group across domains
Thanks all! I guess I was too stuck thinking that the Exchange objects would have to be re-ACL'ed and I didn't even think about SID history. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Monday, September 20, 2004 2:29 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Move group across domains ADMT 2.0 would be a good bet. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Montag, 20. September 2004 21:07 To: [EMAIL PROTECTED] Subject: [ActiveDir] Move group across domains I need to move several groups from one domain to another inside a forest (2000 level now, soon to be 2003). These groups are used as security principals for Exchange 2000 mailboxes. Are there any tools available to do this? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS/prisoner.iana.org Error
Hi Noah, I posted the solution to this eventid back about 2 weeks ago to this newsgroup. If you can't find it, email me offline and I'll send it to you. Mike Thommes. -Original Message- From: [EMAIL PROTECTED] on behalf of Noah Eiger Sent: Mon 9/20/2004 3:00 PM To: [EMAIL PROTECTED] Cc: Subject: [ActiveDir] DNS/prisoner.iana.org Error Hi - I have a single-DC domain that keeps getting the following error in the Event Log. Web searches are somewhat inconclusive about what this means. The DC runs DNS, which is AD Integrated and forwards to a public, non-NT DNS server. Event Type: Warning Event Source:LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40961 Date:9/20/2004 Time:12:01:24 PM User:N/A Computer: SERVER1 Description: The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp Any ideas? -- nme List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] DNS/prisoner.iana.org Error
Hi - I have a single-DC domain that keeps getting the following error in the Event Log. Web searches are somewhat inconclusive about what this means. The DC runs DNS, which is AD Integrated and forwards to a public, non-NT DNS server. Event Type: Warning Event Source:LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40961 Date:9/20/2004 Time:12:01:24 PM User:N/A Computer: SERVER1 Description: The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp Any ideas? -- nme <>
RE: [ActiveDir] Interface
I wasn't thinking of the ADSI SDK but rather the Active Directory SDK. What you seem to be after is the datatypes of the attributes you want to push to the Oracle tables. Although you can look them up individually via ADSIEDIT and see the datatypes, you can also find them documented in the Active Directory SDK (OK, it's called the platform SDK). http://www.microsoft.com/msdownload/platformsdk/sdkupdate/ For all I know it's also doc'd in the ADSI SDK. My personal preference would be to use ADSIEDIT to find them since you also seem to have Exchange deployed in that environment which modifies some of the attributes and classes. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/e2k3/e2k3/e 2k3_ldf_all_ad_schema_intro.asp Whichever works better though. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chin, Jonathan W Sent: Monday, September 20, 2004 1:38 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interface We've looked at ADSI, but are not sure which (of the many) descriptions has the information we need. How do we get SDK for ADSI? If it from MS, our sys admin can get it because he has a MS account to download it. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 9:45 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interface Looks easy. Have you had a look at the SDK for the value data type? Or for that matter, with such few attributes, have you looked at ADSIEDIT ? -Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chin, Jonathan W Sent: Monday, September 20, 2004 12:15 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interface Here's the mapping, I need to complete the attributes/data type column. Frequency is nightly, environment is Sun Solaris 2.8, Oracle 9i. Thanks. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 8:47 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interface Was it me, I'd start with the requirements. What needs to be populated? What's the frequency? What is the development environment. For information on what's available, I'd use the Active Directory Schema reference in the Active Directory SDK. For a hands on look, I'd probably have a look at the attributes and their values via ADSIEDIT or LDP. -ajm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chin, Jonathan W Sent: Monday, September 20, 2004 11:24 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Interface > I need to develop an interface that will feed data from AD to an > Oracle table. How do I find the properties, data types, attributes for the AD data, to map correctly to the Oracle table? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Move group across domains
ADMT 2.0 would be a good bet. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Montag, 20. September 2004 21:07 To: [EMAIL PROTECTED] Subject: [ActiveDir] Move group across domains I need to move several groups from one domain to another inside a forest (2000 level now, soon to be 2003). These groups are used as security principals for Exchange 2000 mailboxes. Are there any tools available to do this? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Move group across domains
the preferred way to do this is with ADMT (the free migration tool from MS). alternatively, you can use the movetree command. realize, you may have to change group-scopes to limit the impact during the move => usually best to convert any group to universal, prior to moving it to a differnt domain. This process will leverage SID-History, so you shouldn't need to re-acl anything, unless you want to do some "cleanup" of old SIDs on your resources. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Monday, September 20, 2004 9:07 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Move group across domains I need to move several groups from one domain to another inside a forest (2000 level now, soon to be 2003). These groups are used as security principals for Exchange 2000 mailboxes. Are there any tools available to do this? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Move group across domains
Movetree (part of the support tools, OS version specific) and/or ADMT v2 (which works on everything currently available, I do believe). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Monday, September 20, 2004 3:07 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Move group across domains I need to move several groups from one domain to another inside a forest (2000 level now, soon to be 2003). These groups are used as security principals for Exchange 2000 mailboxes. Are there any tools available to do this? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Move group across domains
I need to move several groups from one domain to another inside a forest (2000 level now, soon to be 2003). These groups are used as security principals for Exchange 2000 mailboxes. Are there any tools available to do this? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Interface
We've looked at ADSI, but are not sure which (of the many) descriptions has the information we need. How do we get SDK for ADSI? If it from MS, our sys admin can get it because he has a MS account to download it. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 9:45 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interface Looks easy. Have you had a look at the SDK for the value data type? Or for that matter, with such few attributes, have you looked at ADSIEDIT ? -Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chin, Jonathan W Sent: Monday, September 20, 2004 12:15 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interface Here's the mapping, I need to complete the attributes/data type column. Frequency is nightly, environment is Sun Solaris 2.8, Oracle 9i. Thanks. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 8:47 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interface Was it me, I'd start with the requirements. What needs to be populated? What's the frequency? What is the development environment. For information on what's available, I'd use the Active Directory Schema reference in the Active Directory SDK. For a hands on look, I'd probably have a look at the attributes and their values via ADSIEDIT or LDP. -ajm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chin, Jonathan W Sent: Monday, September 20, 2004 11:24 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Interface > I need to develop an interface that will feed data from AD to an > Oracle table. How do I find the properties, data types, attributes for the AD data, to map correctly to the Oracle table? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] program to crate reports...
http://wm.quest.com/products/reporter/ I haven't had a chance to look at this product per se, but their other products are pretty good. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruyere, Michel Sent: Monday, September 20, 2004 9:03 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] program to crate reports... Hi, I'M actually searching for a program that could create reports based on the structure of our AD. There are some nested groups and I would like to get the global view of my AD using some kind of reports. The preferred output would be to have something like arborescence, where I could see the groups and the users memberships. Anyone know a good tool to create such report? I'm looking for already made scripts/softwares that are cheap, if possible. Thanks! M. Bruyere Network/systems administrator CompTIA A+, Network+ The quickest way to find something is to start looking for something else. :-) List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Corrupt profiles after w2k3 upgrade?
Title: Message Thanks all for your replies. My concern isn't so much with the Event 1000s, or with the folks that this has already happened to as much as it is preventing this, possibly by using "uphclean.exe", or understanding why all of a sudden folks are having this happen. Anyone have any thoughts on what may cause this to happen to multiple users, seemingly out of the blue? Thanks, Alex. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.Sent: Thursday, September 16, 2004 11:40 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Corrupt profiles after w2k3 upgrade? Hi Alex, I'd like to suggest that the Microsoft tool "uphclean.exe" might help here. Mike Thommes -Original Message-From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] Sent: Thursday, September 16, 2004 12:46 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Corrupt profiles after w2k3 upgrade? Alex- Typically the new profiles are created when you have a user with the same username but different SID logging into a machine. This can happen if you truly have two different user accounts with the same user name logging into the machine, or because the user account was recreated at some point (hence getting a new SID). The error you're seeing is very common on Windows--some handles get held up as the profile is unloaded, causing it to not actually be completely unloaded. Its not clear whether this is related to your problem. Don't know if that helps. Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex FontanaSent: Thursday, September 16, 2004 10:32 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Corrupt profiles after w2k3 upgrade? Hello all, we've had a few calls this week (more this week than last) about folks' profiles being corrupt, i.e: they are having a new profile created when they log on. User bob now has bob.domain or in some instances even bob.domain.00, etc. I've looked at a few machines and notice no noticeable change, the user still has Full Control access on the old profile folder, so it doesn't appear to be a permissions issue. The only change is that we upgraded our first domain controller to WIndows 2003, however the schema has been extended for about 3 weeks now. This is the only questionable event I've found on the machines that have experienced this issue. Event ID: 1000 Source: USERENV Data: Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator. Anyone have any clue as to what may be causing these "new profiles" to be created all of a sudden? FYI: these are mainly Windows 2000 Laptops running SP3 or SP4. -Alex.
RE: [ActiveDir] Interface
Looks easy. Have you had a look at the SDK for the value data type? Or for that matter, with such few attributes, have you looked at ADSIEDIT ? -Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chin, Jonathan W Sent: Monday, September 20, 2004 12:15 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interface Here's the mapping, I need to complete the attributes/data type column. Frequency is nightly, environment is Sun Solaris 2.8, Oracle 9i. Thanks. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 8:47 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interface Was it me, I'd start with the requirements. What needs to be populated? What's the frequency? What is the development environment. For information on what's available, I'd use the Active Directory Schema reference in the Active Directory SDK. For a hands on look, I'd probably have a look at the attributes and their values via ADSIEDIT or LDP. -ajm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chin, Jonathan W Sent: Monday, September 20, 2004 11:24 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Interface > I need to develop an interface that will feed data from AD to an > Oracle table. How do I find the properties, data types, attributes for the AD data, to map correctly to the Oracle table? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] program to crate reports...
http://tinyurl.com/an6z maybe? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, September 20, 2004 12:18 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] program to crate reports... Something like what Ecora does? www.ecora.com I don't recall them being inexpensive, but is that the functionality? Check the archives as well as I believe somebody else posted a good reporting tool a few months back. Just can't recall the name. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruyere, Michel Sent: Monday, September 20, 2004 12:03 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] program to crate reports... Hi, I'M actually searching for a program that could create reports based on the structure of our AD. There are some nested groups and I would like to get the global view of my AD using some kind of reports. The preferred output would be to have something like arborescence, where I could see the groups and the users memberships. Anyone know a good tool to create such report? I'm looking for already made scripts/softwares that are cheap, if possible. Thanks! M. Bruyere Network/systems administrator CompTIA A+, Network+ The quickest way to find something is to start looking for something else. :-) List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] program to crate reports...
Something like what Ecora does? www.ecora.com I don't recall them being inexpensive, but is that the functionality? Check the archives as well as I believe somebody else posted a good reporting tool a few months back. Just can't recall the name. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruyere, Michel Sent: Monday, September 20, 2004 12:03 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] program to crate reports... Hi, I'M actually searching for a program that could create reports based on the structure of our AD. There are some nested groups and I would like to get the global view of my AD using some kind of reports. The preferred output would be to have something like arborescence, where I could see the groups and the users memberships. Anyone know a good tool to create such report? I'm looking for already made scripts/softwares that are cheap, if possible. Thanks! M. Bruyere Network/systems administrator CompTIA A+, Network+ The quickest way to find something is to start looking for something else. :-) List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Interface
Here's the mapping, I need to complete the attributes/data type column. Frequency is nightly, environment is Sun Solaris 2.8, Oracle 9i. Thanks. -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 8:47 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interface Was it me, I'd start with the requirements. What needs to be populated? What's the frequency? What is the development environment. For information on what's available, I'd use the Active Directory Schema reference in the Active Directory SDK. For a hands on look, I'd probably have a look at the attributes and their values via ADSIEDIT or LDP. -ajm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chin, Jonathan W Sent: Monday, September 20, 2004 11:24 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Interface > I need to develop an interface that will feed data from AD to an Oracle table. How do I find the properties, data types, attributes for the AD data, to map correctly to the Oracle table? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ AD I_F attributes.doc Description: AD I_F attributes.doc
[ActiveDir] program to crate reports...
Hi, I'M actually searching for a program that could create reports based on the structure of our AD. There are some nested groups and I would like to get the global view of my AD using some kind of reports. The preferred output would be to have something like arborescence, where I could see the groups and the users memberships. Anyone know a good tool to create such report? I'm looking for already made scripts/softwares that are cheap, if possible. Thanks! M. Bruyere Network/systems administrator CompTIA A+, Network+ The quickest way to find something is to start looking for something else. :-) List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Interface
Was it me, I'd start with the requirements. What needs to be populated? What's the frequency? What is the development environment. For information on what's available, I'd use the Active Directory Schema reference in the Active Directory SDK. For a hands on look, I'd probably have a look at the attributes and their values via ADSIEDIT or LDP. -ajm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chin, Jonathan W Sent: Monday, September 20, 2004 11:24 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Interface > I need to develop an interface that will feed data from AD to an Oracle table. How do I find the properties, data types, attributes for the AD data, to map correctly to the Oracle table? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Interface
Return Receipt Your [ActiveDir] Interface document : was Ryan McDonald/bankersbank received by: at: 09/20/2004 11:26:58 AM CONFIDENTIALITY NOTICE: This e-mail message, including any attachment, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Interface
> I need to develop an interface that will feed data from AD to an Oracle table. How > do I find the properties, data types, attributes for the AD data, to map correctly > to the Oracle table? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Programming
Return Receipt Your RE: [ActiveDir] Active Directory Programming document : was Ryan McDonald/bankersbank received by: at: 09/20/2004 11:19:56 AM CONFIDENTIALITY NOTICE: This e-mail message, including any attachment, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Programming
Joe's right (surprise!)--there is definitely no interface today for programmatically changing settings within a GPO. If you look at the methods on IGroupPolicyObject, none of them refer to being able to get inside the GPO--they simply provide a way to do the things that you can already do in GPMC or against AD directly (in the case of modifying GP Options). That said, don't be surprised if, in the near future, you do see someone come out with a way of programmatically modifying GP settings. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, September 20, 2004 7:46 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Programming I haven't personally seen a method that could do it and when I queried BJ (PM for GPMC) back at the Windows Server 2003 RDP conference about it he indicated that that functionality still wasn't available in the soon to be released (at the time) GPMC though they were thinking about it for an unnamed future version of GPMC. I would love to hear if someone has figured out how to do this through some poorly documented interface though. Here are the GPMC interfaces Darren eludes to http://msdn.microsoft.com/library/default.asp?url=""> All of that being said, you could look at modifying the GPOs via manipulation of the backend text files. You would also want to update version info in the text files and AD objects as well. I think the issue with the fact that the API doesn't exist is that GPOs are pretty flexible, every time new functionality was added to them through a template or whatever, you would have to issue a new updated COM interface or else the interface would be so generic as to be nearly on the same level as updating the text files directly. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NARENDRA K V - SPANSent: Monday, September 20, 2004 10:30 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Programming Thanks Joe and Darren So Is it confirmed that I will not be able to set Programmatically the GPO settings like “Maximum Password Age” of /Computer Configuration/Windows Settings/Security settings/Account Policies/Password Policy But This link says that “The IGroupPolicyObject interface provides methods to create and modify a GPO directly, without using the Group Policy Object Editor.” http://msdn.microsoft.com/library/default.asp?url=""> As I found few discussions on Microsoft Support Site http://groups.google.co.in/groups?q=BrowseForGPO&hl=en&lr=&ie=UTF-8&selm=%23pC42CkpCHA.2308%40TK2MSFTNGP10&rnum=1 I feel there is should be some way. Any Suggestions Please let me know. Thanks Again Naren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Monday, September 20, 2004 7:07 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Programming To add onto what Joe said, check out the GPMC, which provides a set of COM/.Net interfaces for doing a few more tasks against Group Policy, including being able to manipulate gpLinks, set permissions on a GPO and ability to create/backup GPOs. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, September 20, 2004 6:25 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Programming You can't edit the specific GPO settings that are applied to users and computers through any of the interfaces currently. You can only manipulate things like GPO displayname, enabled/disable the user or computer pieces of a gpo, etc. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NARENDRA K V - SPANSent: Monday, September 20, 2004 7:52 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Active Directory Programming I need to edit the Group Policy settings via API. In MSDN site it mentions that using IGroupPolicyObject we can achive it. If any one has already worked on those please help me out. Or even suggestions would be helpful. Thanks Again Naren DISCLAIMER This email message and any attachments is confidential and intended only for the use of an individual or entity named above and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or [EMAIL PROTECTED] and destroy the original message. Opinions, conclusions, and other information in this message that do not relate to the official business of SPAN, shall be understood to be neither given nor endorsed by SPAN Queries to: [EMAIL PROTECTED] DISCLAIMER ---
Re: [ActiveDir] ADMT v2 PES question
You guys are right, it wasn't password complexity. I just switched complex passwords back on to see if I could reproduce. No dice, passwords still copy over fine when migrating an account. I'm positive that is the only thing I changed. I'm scratching my head here. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Programming
I haven't personally seen a method that could do it and when I queried BJ (PM for GPMC) back at the Windows Server 2003 RDP conference about it he indicated that that functionality still wasn't available in the soon to be released (at the time) GPMC though they were thinking about it for an unnamed future version of GPMC. I would love to hear if someone has figured out how to do this through some poorly documented interface though. Here are the GPMC interfaces Darren eludes to http://msdn.microsoft.com/library/default.asp?url=""> All of that being said, you could look at modifying the GPOs via manipulation of the backend text files. You would also want to update version info in the text files and AD objects as well. I think the issue with the fact that the API doesn't exist is that GPOs are pretty flexible, every time new functionality was added to them through a template or whatever, you would have to issue a new updated COM interface or else the interface would be so generic as to be nearly on the same level as updating the text files directly. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NARENDRA K V - SPANSent: Monday, September 20, 2004 10:30 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Programming Thanks Joe and Darren So Is it confirmed that I will not be able to set Programmatically the GPO settings like “Maximum Password Age” of /Computer Configuration/Windows Settings/Security settings/Account Policies/Password Policy But This link says that “The IGroupPolicyObject interface provides methods to create and modify a GPO directly, without using the Group Policy Object Editor.” http://msdn.microsoft.com/library/default.asp?url=""> As I found few discussions on Microsoft Support Site http://groups.google.co.in/groups?q=BrowseForGPO&hl=en&lr=&ie=UTF-8&selm=%23pC42CkpCHA.2308%40TK2MSFTNGP10&rnum=1 I feel there is should be some way. Any Suggestions Please let me know. Thanks Again Naren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Monday, September 20, 2004 7:07 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Programming To add onto what Joe said, check out the GPMC, which provides a set of COM/.Net interfaces for doing a few more tasks against Group Policy, including being able to manipulate gpLinks, set permissions on a GPO and ability to create/backup GPOs. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, September 20, 2004 6:25 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Programming You can't edit the specific GPO settings that are applied to users and computers through any of the interfaces currently. You can only manipulate things like GPO displayname, enabled/disable the user or computer pieces of a gpo, etc. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NARENDRA K V - SPANSent: Monday, September 20, 2004 7:52 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Active Directory Programming I need to edit the Group Policy settings via API. In MSDN site it mentions that using IGroupPolicyObject we can achive it. If any one has already worked on those please help me out. Or even suggestions would be helpful. Thanks Again Naren DISCLAIMER This email message and any attachments is confidential and intended only for the use of an individual or entity named above and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or [EMAIL PROTECTED] and destroy the original message. Opinions, conclusions, and other information in this message that do not relate to the official business of SPAN, shall be understood to be neither given nor endorsed by SPAN Queries to: [EMAIL PROTECTED] DISCLAIMER This email message and any attachments is confidential and intended only for the use of an individual or entity named above and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or [EMAIL PROTECTED] and destroy the original message. Opinions, conclusions, and other information in this message that do not relate to the of
RE: [ActiveDir] Active Directory Programming
Return Receipt Your RE: [ActiveDir] Active Directory Programming document : was Justin Leney/US/DCI received by: at: 09/20/2004 10:42:49 AM List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Programming
Thanks Joe and Darren So Is it confirmed that I will not be able to set Programmatically the GPO settings like “Maximum Password Age” of /Computer Configuration/Windows Settings/Security settings/Account Policies/Password Policy But This link says that “The IGroupPolicyObject interface provides methods to create and modify a GPO directly, without using the Group Policy Object Editor.” http://msdn.microsoft.com/library/default.asp?url=""> As I found few discussions on Microsoft Support Site http://groups.google.co.in/groups?q=BrowseForGPO&hl=en&lr=&ie=UTF-8&selm=%23pC42CkpCHA.2308%40TK2MSFTNGP10&rnum=1 I feel there is should be some way. Any Suggestions Please let me know. Thanks Again Naren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Monday, September 20, 2004 7:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Programming To add onto what Joe said, check out the GPMC, which provides a set of COM/.Net interfaces for doing a few more tasks against Group Policy, including being able to manipulate gpLinks, set permissions on a GPO and ability to create/backup GPOs. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, September 20, 2004 6:25 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Programming You can't edit the specific GPO settings that are applied to users and computers through any of the interfaces currently. You can only manipulate things like GPO displayname, enabled/disable the user or computer pieces of a gpo, etc. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NARENDRA K V - SPAN Sent: Monday, September 20, 2004 7:52 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Programming I need to edit the Group Policy settings via API. In MSDN site it mentions that using IGroupPolicyObject we can achive it. If any one has already worked on those please help me out. Or even suggestions would be helpful. Thanks Again Naren DISCLAIMER This email message and any attachments is confidential and intended only for the use of an individual or entity named above and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or [EMAIL PROTECTED] and destroy the original message. Opinions, conclusions, and other information in this message that do not relate to the official business of SPAN, shall be understood to be neither given nor endorsed by SPAN Queries to: [EMAIL PROTECTED] DISCLAIMER This email message and any attachments is confidential and intended only for the use of an individual or entity named above and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or [EMAIL PROTECTED] and destroy the original message. Opinions, conclusions, and other information in this message that do not relate to the official business of SPAN, shall be understood to be neither given nor endorsed by SPAN Queries to: [EMAIL PROTECTED]
RE: [ActiveDir] Active Directory Programming
To add onto what Joe said, check out the GPMC, which provides a set of COM/.Net interfaces for doing a few more tasks against Group Policy, including being able to manipulate gpLinks, set permissions on a GPO and ability to create/backup GPOs. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, September 20, 2004 6:25 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Programming You can't edit the specific GPO settings that are applied to users and computers through any of the interfaces currently. You can only manipulate things like GPO displayname, enabled/disable the user or computer pieces of a gpo, etc. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NARENDRA K V - SPANSent: Monday, September 20, 2004 7:52 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Active Directory Programming I need to edit the Group Policy settings via API. In MSDN site it mentions that using IGroupPolicyObject we can achive it. If any one has already worked on those please help me out. Or even suggestions would be helpful. Thanks Again Naren DISCLAIMER This email message and any attachments is confidential and intended only for the use of an individual or entity named above and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or [EMAIL PROTECTED] and destroy the original message. Opinions, conclusions, and other information in this message that do not relate to the official business of SPAN, shall be understood to be neither given nor endorsed by SPAN Queries to: [EMAIL PROTECTED]
RE: [ActiveDir] Active Directory Programming
You can't edit the specific GPO settings that are applied to users and computers through any of the interfaces currently. You can only manipulate things like GPO displayname, enabled/disable the user or computer pieces of a gpo, etc. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NARENDRA K V - SPANSent: Monday, September 20, 2004 7:52 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Active Directory Programming I need to edit the Group Policy settings via API. In MSDN site it mentions that using IGroupPolicyObject we can achive it. If any one has already worked on those please help me out. Or even suggestions would be helpful. Thanks Again Naren DISCLAIMER This email message and any attachments is confidential and intended only for the use of an individual or entity named above and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or [EMAIL PROTECTED] and destroy the original message. Opinions, conclusions, and other information in this message that do not relate to the official business of SPAN, shall be understood to be neither given nor endorsed by SPAN Queries to: [EMAIL PROTECTED]
[ActiveDir] Windows Firewall/SP2/Group Policy
Hello all While testing Application of new SP2 group policy features to some XP SP2 test machines i noticed a strange behaviour. I set "windows firewall: protect all network connections" to -Disabled- to both domain and standard profile. On the test machine, however, the windows firewall could still be enabled/disabled. RSoP showed that the policy was correctly applied. Several reboots and gpupdate didn't help. Only after logging as an administrator, and stopping/starting the windows firewall service the policy seemed to be applied (all buttons grayed out). Anyone else expecienced this? Thanks Alex List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Active Directory Programming
I need to edit the Group Policy settings via API. In MSDN site it mentions that using IGroupPolicyObject we can achive it. If any one has already worked on those please help me out. Or even suggestions would be helpful. Thanks Again Naren DISCLAIMER This email message and any attachments is confidential and intended only for the use of an individual or entity named above and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or [EMAIL PROTECTED] and destroy the original message. Opinions, conclusions, and other information in this message that do not relate to the official business of SPAN, shall be understood to be neither given nor endorsed by SPAN Queries to: [EMAIL PROTECTED]
RE: [ActiveDir] Time service
Yusuf, here is a good document that should answer all your questions. http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/operate/wintime.mspx Carlos Magalhaes . From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yusuf Mayet - BCX - Microsoft CompetencySent: Monday, September 20, 2004 11:54 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Time service Can you guys share some light on the following? I would like to know what the difference between using the “W32tm” and “net time” command is. I am getting conflicting answers from the servers when I run the two commands.\ When I use the w32tm command to set the server to use the ‘Domhier” method the server still points to another server and not the PDC Emulator There is another problem I am having and that is when I use the “w32tm” command to sync the PDC Emulator to an external time source. This used to work up until a day ago where it stopped spoke to the firewall guys and their response is that they can see the PDC Emulator trying to connect on Port 445 instead of Port 123. My stand to them is “This is impossible” but they are adamant that they have done nothing on their side. Your guys thoughts, comments? Thanks in advance yusuf
[ActiveDir] Time service
Can you guys share some light on the following? I would like to know what the difference between using the “W32tm” and “net time” command is. I am getting conflicting answers from the servers when I run the two commands.\ When I use the w32tm command to set the server to use the ‘Domhier” method the server still points to another server and not the PDC Emulator There is another problem I am having and that is when I use the “w32tm” command to sync the PDC Emulator to an external time source. This used to work up until a day ago where it stopped spoke to the firewall guys and their response is that they can see the PDC Emulator trying to connect on Port 445 instead of Port 123. My stand to them is “This is impossible” but they are adamant that they have done nothing on their side. Your guys thoughts, comments? Thanks in advance yusuf