RE: [ActiveDir] easiest way to move Distribution Lists across dom ains. hoping for quick response ;)

2004-11-02 Thread Jorge de Almeida Pinto
When migrating objects between domains in the same forest, remember that you
always need to migrate the closed sets. E.g. let's say the following
situation exists: user-global group1-global group2. Ik you want to migrate
global group 2 to another domain and retain memberships you must also
migrate global group 1 AND the user!
Regards,
Jorge

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of CoCoKola
Sent: maandag 1 november 2004 05:41
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] easiest way to move Distribution Lists across
domains. hoping for quick response ;)

Group Membership Is Not Maintained for Nested Groups Group membership
within other groups is not maintained for interforest migrations 
We would need to retain nested groups if they exist, although I do not know
yet if these DL's contain nested groups, or if that is even possible.


On Sun, 31 Oct 2004 22:25:56 -0600, Brian Desmond
[EMAIL PROTECTED] wrote:
 ADMT should work too.
 
 Thanks.
  
 --Brian Desmond
 [EMAIL PROTECTED]
 Payton on the web! www.wpcp.org
  
 v - 773.534.0034 x135
 f - 773.534.8101
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:ActiveDir-
  [EMAIL PROTECTED] On Behalf Of CoCoKola
  Sent: Sunday, October 31, 2004 10:18 PM
  To: [EMAIL PROTECTED]
  Subject: [ActiveDir] easiest way to move Distribution Lists across
  domains. hoping for quick response ;)
 
  I hope this is on-topic  ;)
 
  Domain A is AD 2000 mixed mode, soon to be native mode (exchange 5.5
  box to be retired soon.)
  Domain B is AD 2000 Native mode.
  Domain A has an OU with 100's of distribution lists
  Users in Domain B are unable to update Distribution Lists after
  upgrading to XP  office 2003.  simple solution: move the DLs to
  Domain B which contains the user accounts that need to modify the DL.
  Side note: We've been working with Microsoft on this issue.. long
  story I'll omit.
 
 
  Now, the question:  What is the easiest way to move DLs from one
  domain to another?
 
  Possible options:
  Movetree.exe
  Create a VBscript to enumerate and re-create the object in domain B.
  I'm not sure the feasibility.
 
  Has anyone done this previously?   Pointers, Gotchas?
 
  Any assistance is appreciated in advance!
 
  Rob
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and any attachment is for authorised use by the intended recipient(s) 
only. It may contain proprietary material, confidential information and/or be subject 
to legal privilege. It should not be copied, disclosed to, retained or used by, any 
other party. If you are not an intended recipient then please promptly delete this 
e-mail and any attachment and all copies and inform the sender. Thank you.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] DHCP authorization problem

2004-11-02 Thread Robert Rutherford
If you had local connection (same subnet) connection to a DC and DNS
then I can't think of any reason why your problem would occur It's
also strange that the DHCP server was serving to its own subnet and not
to others.

I would just it put it down to a 'one off' and wouldn't be too
concerned. If you could do a switch bounce again and test it then fine.

Out of interest, what else runs on the DHCP server?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Sent: 02 November 2004 00:47
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DHCP authorization problem

1. Yes.
2. Yes.
3. Cisco 3640 and 2620s, with a 4006 core switch doing Layer 3 routing.
4. Cleanup on the configs, code updates, additional security; stuff like
that. We went over the configs this AM and everything looked fine, and
once I restarted DHCP, all the subnets got addresses just fine.
5. Yes. I check that one regularly. :-)

I don't even mind that the DHCP server unauthorized, but it would have
been nice if it could reauthorize, or at least show me something that
indicated it had unauthorized. When I looked in the MMC, it gave me an
option to unauthorize, so I assumed (I know) it was still authorized.
Made a stupid mistake, though; I didn't check the system log when I
realized we had a problem. Would have found it much faster.

Is the unauthorizing when DC comms go down behavior by design?

**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Robert Rutherford
 Sent: Monday, November 01, 2004 3:45 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] DHCP authorization problem
 
 A few question completely firing in different directions 
 but may lead to a cause :-
  
 1) I take it your routers are relaying DHCP, not agents?
 2) Is there a local DC in the same subnet as the DHCP server?
 3) What are the routers? I've seen different routers play 
 games with DHCP relays.
 4) What was the maintenance?
 5) Are all your DCs running clean on DCDIAGS ( I know I 
 always ask that question, but identifies obvious config 
 issues at times)
  
 Rob
 
 
 
 From: [EMAIL PROTECTED] on behalf of Charlie Kaiser
 Sent: Mon 01/11/2004 21:23
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] DHCP authorization problem
 
 
 
 I had an odd one over the weekend. We did some network 
 maintenance that
 included a core switch bounce. Down for about 5 minutes. We found out
 this morning that DHCP wasn't working on any subnets except 
 for the one
 that the DHCP server was on. We had made switch and router code and
 config changes, so we looked to that as a solution, but with 
 no success.
 I remembered something from a while back where I had a similar problem
 and restarted the DHCP service. This corrected the issue. Apparently,
 the DHCP server had lost authorization from AD when the core 
 switch went
 down. Event ID 1059; The DHCP service failed to see a 
 directory server
 for authorization. I would have expected it to reauthorize once
 connectivity was restored, however. But it didn't. I had to 
 restart the
 service manually.
 Is this normal? I would expect that DHCP authorization would 
 be able to
 recover from a short loss of connectivity.
 Any pointers to a way to prevent this from happening again?
 Thanks!
 
 **
 Charlie Kaiser
 MCSE, CCNA
 Systems Engineer
 Essex Credit / Brickwalk
 510 595 5083
 **
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 ==
 =
   Scanned for virus infection by Messagelabs
 ==
 =
 
 
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

===
  Scanned for virus infection by Messagelabs
===


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


[ActiveDir] User export/import

2004-11-02 Thread Bruyere, Michel
Hi, 
I would like to know what would be the best way to export and
reimport users and group from a DC to another. The source DC is the one
that is in our LAN and the second one is in a test lab. They both must
have the same accounts and groups but, they are not connected in any way
and the configuration differ from one to the other (ip range is not the
same).
IIRC I saw a VBS script that could export users and groups in a file
then allow the reimport process... but this is a long time ago, so I may
not recall correctly. 

So what you guys would do to achieve this goal?

BTW, I tried to backup the system state and restore it to the other DC,
but the DC froze after the reboot... I don't know if this could be
caused because of the configuration diff. 

Thanks! 


M.Bruyere

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] User export/import

2004-11-02 Thread iain.mccall
 
I believe LDIFDE will allow you to achieve this.

http://support.microsoft.com/kb/q237677/

Its available on the Windows 200x Server CD

Iain
-Original Message-
From: Bruyere, Michel [mailto:[EMAIL PROTECTED] 
Sent: 02 November 2004 13:15
To: [EMAIL PROTECTED]
Subject: [ActiveDir] User export/import

Hi, 
I would like to know what would be the best way to export and
reimport users and group from a DC to another. The source DC is the one
that is in our LAN and the second one is in a test lab. They both must
have the same accounts and groups but, they are not connected in any way
and the configuration differ from one to the other (ip range is not the
same).
IIRC I saw a VBS script that could export users and groups in a file
then allow the reimport process... but this is a long time ago, so I may
not recall correctly. 

So what you guys would do to achieve this goal?

BTW, I tried to backup the system state and restore it to the other DC,
but the DC froze after the reboot... I don't know if this could be
caused because of the configuration diff. 

Thanks! 


M.Bruyere

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/




*** 
This electronic message contains information from Hampshire Constabulary which may be 
legally privileged and confidential. Any opinions expressed may be those of the 
individual and not necessarily the Hampshire Constabulary.
The information is intended to be for the use of the individual(s) or entity named 
above. If you are not the intended recipient, be aware that any disclosure, copying, 
distribution or use of the contents of the information is prohibited. If you have 
received this electronic message in error, please notify us by telephone 
+44 (0) 845 045 45 45 or email to [EMAIL PROTECTED] immediately. Please then delete 
this email and destroy any copies of it. 
All communications, including telephone calls and electronic messages 
to and from the Hampshire Constabulary may be subject to monitoring.  Replies to this 
email may be seen by employees other than the intended recipient.  
*** 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] login scripts

2004-11-02 Thread James_Day
Have you been able to connect to the file shares using the UNC path names
from the XP workstations?  Can you run the scripts manually?  How many 2K3
domain controllers?  Any chance the scripts have not replicated to the
netlogon share of all of them yet?

Regards;

James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
(202) 354-1464 (direct)
(202) 371-1549 (fax)
[EMAIL PROTECTED]


   
  
  Mulnick, Al
  
  [EMAIL PROTECTED]To:   [EMAIL PROTECTED]   
   
  Sent by:   cc:   (bcc: James 
Day/Contractor/NPS)   
  [EMAIL PROTECTED]Subject:  RE: [ActiveDir] login scripts 

  tivedir.org  
  
   
  
   
  
  11/01/2004 04:42 PM EST  
  
  Please respond to
  
  ActiveDir
  
   
  




What did you find in the logging?  Have you enabled logging to see what's
happening at logon?

Al

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt
Sent: Monday, November 01, 2004 3:36 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] login scripts

We've recently upgraded from NT 4 to 2K3.  Our logon scripts have stoppped
running on clients.  Logon scripts are specified in ADUC in the profile tab
of each user.  When I logon to my XP machine the scripts do not run.  When
I
logon to a server through RDP, they do run.  I was thinking GPO, but only
the default domain policy is currently applied, and it is applied to both
the servers OU and the OU my PC is in.

I've looked at the following:

http://support.microsoft.com/default.aspx?scid=kb;en-us;329709 (this is not
the case, my netlogon shares point to the correct place)

and

http://support.microsoft.com/default.aspx?scid=kb;en-us;302104

I made the suggested changes, to no avail.

Anyone have any suggestions?

Thanks in Advance.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] locked out

2004-11-02 Thread James_Day
Hi Rodney

Lockoutstatus.exe is part of the 2003 resource kit (and I would assume the
2000 resource kit as well) although it can be downloaded separately from
Microsoft.  I did a search on google for lockoutstatus.exe to get it.

We saw pretty much the same thing about 3 months ago and it turned out to
be a new flavor of a popular internet worm that Symantec was unable to
detect.  There have since been several other variations.  In our case we
audit for logon failures, lockoutstatus gave us the DC to check, the audit
log showed several failures for a handful of accounts at a set time all
coming from one ip address and that ip had wintaskx and payload both
running - the viral infections.

Good luck tracking down the culprit.  If you do get it and you need a bulk
unlock script:


' Open the file system object - allows connections into the file system

Set fso = CreateObject(Scripting.FileSystemObject)
set fso2 = CreateObject(Scripting.FileSystemObject)

' Opens a file for reading


lock = 0

set myreadfyle = fso.opentextfile(c:\ntuserlist.txt)

' Sets up a loop.  This will read every line in the text file and perform
operations until the last line of the text file
set myfile2 = fso2.opentextfile(c:\lockedaccounts.txt,2)


While Not myreadfyle.AtEndOfStream




' Read the line, splitting it at the commas for reading.  The split command
looks for the value in brackets (,) and
' splits the line there.  It will become an array now.  the value
dnarray(0) will be column one from the csv.
' dnarray(1) is then column two.

strusername = myreadfyle.readline
strdomain = hq
  ' dnarray = split(fyleline,,,-1,1)

' This line echos the values to a message box on the screen.  Again, values
in the s are absolute, values
' outside the s are variables, and the  is used to append the different
value sets together into one line.

  ' wscript.echo The first value is   dnarray(0)   The second
value is   dnarray(1)

' ends the while statement - while end.  In VBS while end will fail, in
dotnet it works.




set objuser=getobject(WinNT:// strdomain  /  strUsername)

if objuser.IsAccountLocked= True then

myfile2.writeline   strusername

 objuser.isaccountlocked=false
 objuser.setinfo
lock = lock + 1
' wscript.echo strusername   unlocked

else

' wscript.echo strusername   not locked

end if

WEND
wscript.echo lock   accounts unlocked - see c:\lockedaccounts.txt for a
list of usernames

myreadfyle.close

You will need to pre-create the ntuserlist.txt file with a full list of
your users, and a blank file called lockedaccounts.txt on the root of drive
C for logging the locked accounts.

Regards;

James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
(202) 354-1464 (direct)
(202) 371-1549 (fax)
[EMAIL PROTECTED]


   
  
  Rodney Gardiner  
  
  [EMAIL PROTECTED]To:   [EMAIL PROTECTED]
  
  m.au  cc:   (bcc: James 
Day/Contractor/NPS)   
  Sent by:   Subject:  RE: [ActiveDir] locked 
out
  [EMAIL PROTECTED]

  tivedir.org  
  
   
  
   
  
  11/02/2004 09:16 AM  
  
  ZE11 
  
  Please respond to
  
  ActiveDir
  
   
  




Just curious as to where this lockedoutstatus.exe is kept?

Rodney

  _

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Randy White
Sent: Tuesday, 2 November 2004 7:31 AM
To: [EMAIL PROTECTED]
Subject: RE: 

RE: [ActiveDir] User export/import

2004-11-02 Thread Robert Rutherford
You can use ldifde for this purpose... see MS site for all the syntax
and examples. It's very simple to do and will get you users, OUs, etc.

Another way is to bring another DC into your production domain, DCPROMO
it, remove it from the domain and then seize all the FSMO roles using
NTDSUTIL. You will of course then need to clean the removed server
object from your domain via NTDSUTIL. This way you get all the domain
info easily.

Or as you say... do a backup and restore. The other DC should be the
same hardware or you will have all sorts of driver/compat' issues.

BR

Rob

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bruyere, Michel
Sent: 02 November 2004 13:15
To: [EMAIL PROTECTED]
Subject: [ActiveDir] User export/import

Hi, 
I would like to know what would be the best way to export and
reimport users and group from a DC to another. The source DC is the one
that is in our LAN and the second one is in a test lab. They both must
have the same accounts and groups but, they are not connected in any way
and the configuration differ from one to the other (ip range is not the
same).
IIRC I saw a VBS script that could export users and groups in a file
then allow the reimport process... but this is a long time ago, so I may
not recall correctly. 

So what you guys would do to achieve this goal?

BTW, I tried to backup the system state and restore it to the other DC,
but the DC froze after the reboot... I don't know if this could be
caused because of the configuration diff. 

Thanks! 


M.Bruyere

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

===
  Scanned for virus infection by Messagelabs
===


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] DHCP authorization problem

2004-11-02 Thread Charlie Kaiser
I'm going to test it again by yanking the ethernet cable after hours and
seeing if the same problem returns. I'm still not convinced there isn't
a core switch config or code issue. I have seen this happen before;
that's why I knew to bounce the service. We're going to keep looking at
it. 
The only other thing running on that box is WINS...

**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Robert Rutherford
 Sent: Tuesday, November 02, 2004 1:23 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] DHCP authorization problem
 
 If you had local connection (same subnet) connection to a DC and DNS
 then I can't think of any reason why your problem would occur It's
 also strange that the DHCP server was serving to its own 
 subnet and not
 to others.
 
 I would just it put it down to a 'one off' and wouldn't be too
 concerned. If you could do a switch bounce again and test it 
 then fine.
 
 Out of interest, what else runs on the DHCP server?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Charlie Kaiser
 Sent: 02 November 2004 00:47
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] DHCP authorization problem
 
 1. Yes.
 2. Yes.
 3. Cisco 3640 and 2620s, with a 4006 core switch doing Layer 
 3 routing.
 4. Cleanup on the configs, code updates, additional security; 
 stuff like
 that. We went over the configs this AM and everything looked fine, and
 once I restarted DHCP, all the subnets got addresses just fine.
 5. Yes. I check that one regularly. :-)
 
 I don't even mind that the DHCP server unauthorized, but it would have
 been nice if it could reauthorize, or at least show me something that
 indicated it had unauthorized. When I looked in the MMC, it gave me an
 option to unauthorize, so I assumed (I know) it was still authorized.
 Made a stupid mistake, though; I didn't check the system log when I
 realized we had a problem. Would have found it much faster.
 
 Is the unauthorizing when DC comms go down behavior by design?
 
 **
 Charlie Kaiser
 MCSE, CCNA
 Systems Engineer
 Essex Credit / Brickwalk
 510 595 5083
 **
  
 
  -Original Message-
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of 
  Robert Rutherford
  Sent: Monday, November 01, 2004 3:45 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] DHCP authorization problem
  
  A few question completely firing in different directions 
  but may lead to a cause :-
   
  1) I take it your routers are relaying DHCP, not agents?
  2) Is there a local DC in the same subnet as the DHCP server?
  3) What are the routers? I've seen different routers play 
  games with DHCP relays.
  4) What was the maintenance?
  5) Are all your DCs running clean on DCDIAGS ( I know I 
  always ask that question, but identifies obvious config 
  issues at times)
   
  Rob
  
  
  
  From: [EMAIL PROTECTED] on behalf of Charlie Kaiser
  Sent: Mon 01/11/2004 21:23
  To: [EMAIL PROTECTED]
  Subject: [ActiveDir] DHCP authorization problem
  
  
  
  I had an odd one over the weekend. We did some network 
  maintenance that
  included a core switch bounce. Down for about 5 minutes. We 
 found out
  this morning that DHCP wasn't working on any subnets except 
  for the one
  that the DHCP server was on. We had made switch and router code and
  config changes, so we looked to that as a solution, but with 
  no success.
  I remembered something from a while back where I had a 
 similar problem
  and restarted the DHCP service. This corrected the issue. 
 Apparently,
  the DHCP server had lost authorization from AD when the core 
  switch went
  down. Event ID 1059; The DHCP service failed to see a 
  directory server
  for authorization. I would have expected it to reauthorize once
  connectivity was restored, however. But it didn't. I had to 
  restart the
  service manually.
  Is this normal? I would expect that DHCP authorization would 
  be able to
  recover from a short loss of connectivity.
  Any pointers to a way to prevent this from happening again?
  Thanks!
  
  **
  Charlie Kaiser
  MCSE, CCNA
  Systems Engineer
  Essex Credit / Brickwalk
  510 595 5083
  **
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  
  ==
  =
Scanned for virus infection by Messagelabs
  ==
  =
  
  
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 

RE: [ActiveDir] Write Cache Enabled

2004-11-02 Thread Mulnick, Al
http://www.webopedia.com/TERM/d/disk_cache.html is a reference for what it
is.  

Disk cache is a very dangerous thing when it comes to JET DB technology.
The reason is that if the disk device loses power, or corrupts before it can
commit to media, then you lose that bit of data likely corrupting the db.
If the db is not so far gone that it can't replicate, your problems get
worse.  You should see SAN implementations of DC's and the conversations it
generates ;)

On-disk caching is a way for vendors to squeeze a little more speed out of
the platters.  Consider two 15K scsi drives.  One provides 10us write commit
time (for example) while the other provides 2us write commit time.  The
difference?  Cache. If you can commit to cache vs. the platter, it's much
much faster as you buffer the writes until the platter is in an optimal
position to write to media. Great for applications that are random r/w types
with heavy or equal write signatures i.e. file and print applications or
presentation applications. 

JET db technology can be very disk IO intensive. That's because it's a
two-phase commit database technology; a good one too.  But as you scale the
database you tend to have more disk activity as more and more transactions
take place.  Microsoft has gotten quite good at figuring out what works and
what doesn't and one thing they've learned is when to use JET DB technology;
a typical JET db deployment is likely to be more read-intensive than it is
write intensive.  A good application for JET technology is something that
has at least a 2.5 or 3:1 read/write signature.  The more read-intensive,
the more likely that JET technology will be a good fit.  Sound like an
application you're familiar with?  LDAP is a read-intensive application by
design and great read response is required to scale it successfully.  Active
Directory would be an example of a LDAP database that needs great read
performance with some write performance.

Some implementations of LDAP have adapted other db technology, such as DB2,
Oracle, etc. to house their LDAP data stores.  Microsoft chose their JET
(JET Blue if I recall correctly, but don't quote me)engine.  

Since JET DB applications tend to be very read-intensive, the risk/reward of
disk cache is not in your favor.  Your better bet is to give the application
the amount of spindles required to gain the IOPS needed to satisfy the
performance needs of your application.  In the case of Active Directory,
separate the IO types to gain better performance (sequential IO on one set
of dedicated spindles being your biggest performance booster) etc. 

Don't be fooled by the use of battery backup technology.  It's not worth it
and it usually comes on the array controllers only not on the disk device
itself.  The array controller battery backup is intended to protect against
power failures when data is in the array cache, which of course is there to
provide better performance.  But the cache is considered flushed when the
controller receives a successful commit response from the disk device. The
disk device will send a positive response when you write to it's cache.
It's at that point that you tend to be vulnerable to problems (i.e.
corruption) for very little performance gain. 

Turn off the disk caching and you'll barely notice a difference if you've
laid out your disk appropriately for your implementation. But you'll greatly
reduce your risk.  Microsoft knows what they're doing when they suggest you
turn it off, trust me on that.

al   

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rodney Gardiner
Sent: Monday, November 01, 2004 6:46 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Write Cache Enabled

I keep getting an error on one of our DC's stating that Write Disk Cache is
enabled and if there is a system failure data corruption may occur.

I have informed that this should not be enabled on a DC.

I checked out Tech Net on the various errors I receive in the Event Viewer
and it states generally the error can be ignored and that there is a hotfix
that you must call Microsoft for to stop the error appearing.

http://support.microsoft.com/default.aspx?scid=kb;en-us;830051

I was also informed that taking off the option for Write Disk Cache would
have a big impact on the system performance. I understand it would have an
impact but did not think it would be as big as I am being told.

I was just after clarification as to whether it should be enabled on a DC or
not.

Any help would be appreciated.

It is an SCSI Controller with Adaptec System SCSI Disk Device. It is the
disk device that has Write Cache Enabled on it under its properties.

Rodney

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, 2 November 2004 10:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] locked out





Rodney,

this is a free download from ms under  account management tools. Search
under MS, you will find 

RE: [ActiveDir] DHCP authorization problem

2004-11-02 Thread Mulnick, Al
Charlie, is it possible that you were having problems at a lower level in
the stack?  

DHCP should check every 60 minutes by default IIRC.  If it loses
connectivity, it should check every 5 minutes (default) for the AD.  But I
don't recall a limit on the number of retries and it sounds like
authorization was fine since it was handing out addresses on it's local
subnet. 

Al 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Sent: Tuesday, November 02, 2004 9:08 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DHCP authorization problem

I'm going to test it again by yanking the ethernet cable after hours and
seeing if the same problem returns. I'm still not convinced there isn't a
core switch config or code issue. I have seen this happen before; that's why
I knew to bounce the service. We're going to keep looking at it. 
The only other thing running on that box is WINS...

**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
 

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Robert 
 Rutherford
 Sent: Tuesday, November 02, 2004 1:23 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] DHCP authorization problem
 
 If you had local connection (same subnet) connection to a DC and DNS 
 then I can't think of any reason why your problem would occur It's 
 also strange that the DHCP server was serving to its own subnet and 
 not to others.
 
 I would just it put it down to a 'one off' and wouldn't be too 
 concerned. If you could do a switch bounce again and test it then 
 fine.
 
 Out of interest, what else runs on the DHCP server?
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Charlie 
 Kaiser
 Sent: 02 November 2004 00:47
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] DHCP authorization problem
 
 1. Yes.
 2. Yes.
 3. Cisco 3640 and 2620s, with a 4006 core switch doing Layer
 3 routing.
 4. Cleanup on the configs, code updates, additional security; stuff 
 like that. We went over the configs this AM and everything looked 
 fine, and once I restarted DHCP, all the subnets got addresses just 
 fine.
 5. Yes. I check that one regularly. :-)
 
 I don't even mind that the DHCP server unauthorized, but it would have 
 been nice if it could reauthorize, or at least show me something that 
 indicated it had unauthorized. When I looked in the MMC, it gave me an 
 option to unauthorize, so I assumed (I know) it was still authorized.
 Made a stupid mistake, though; I didn't check the system log when I 
 realized we had a problem. Would have found it much faster.
 
 Is the unauthorizing when DC comms go down behavior by design?
 
 **
 Charlie Kaiser
 MCSE, CCNA
 Systems Engineer
 Essex Credit / Brickwalk
 510 595 5083
 **
  
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf Of Robert 
  Rutherford
  Sent: Monday, November 01, 2004 3:45 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] DHCP authorization problem
  
  A few question completely firing in different directions but may 
  lead to a cause :-
   
  1) I take it your routers are relaying DHCP, not agents?
  2) Is there a local DC in the same subnet as the DHCP server?
  3) What are the routers? I've seen different routers play games with 
  DHCP relays.
  4) What was the maintenance?
  5) Are all your DCs running clean on DCDIAGS ( I know I always ask 
  that question, but identifies obvious config issues at times)
   
  Rob
  
  
  
  From: [EMAIL PROTECTED] on behalf of Charlie Kaiser
  Sent: Mon 01/11/2004 21:23
  To: [EMAIL PROTECTED]
  Subject: [ActiveDir] DHCP authorization problem
  
  
  
  I had an odd one over the weekend. We did some network maintenance 
  that included a core switch bounce. Down for about 5 minutes. We
 found out
  this morning that DHCP wasn't working on any subnets except for the 
  one that the DHCP server was on. We had made switch and router code 
  and config changes, so we looked to that as a solution, but with no 
  success.
  I remembered something from a while back where I had a
 similar problem
  and restarted the DHCP service. This corrected the issue. 
 Apparently,
  the DHCP server had lost authorization from AD when the core switch 
  went down. Event ID 1059; The DHCP service failed to see a 
  directory server for authorization. I would have expected it to 
  reauthorize once connectivity was restored, however. But it didn't. 
  I had to restart the service manually.
  Is this normal? I would expect that DHCP authorization would be able 
  to recover from a short loss of connectivity.
  Any pointers to a way to prevent this from happening again?
  Thanks!
  
  **
  Charlie Kaiser
  MCSE, CCNA
  Systems Engineer
  Essex Credit / Brickwalk
  510 595 

RE: [ActiveDir] User export/import

2004-11-02 Thread Bruyere, Michel
Hi, 
Thanks for the information... that's exactly the type of tool I was looking 
for... I didn't know that MS had such a tool. 

Many thanks!

M.Bruyere
 -Message d'origine-
 De : [EMAIL PROTECTED] [mailto:ActiveDir-
 [EMAIL PROTECTED] De la part de
 [EMAIL PROTECTED]
 Envoyé : Tuesday, November 02, 2004 8:25 AM
 À : [EMAIL PROTECTED]
 Objet : RE: [ActiveDir] User export/import
 
 
 I believe LDIFDE will allow you to achieve this.
 
 http://support.microsoft.com/kb/q237677/
 
 Its available on the Windows 200x Server CD
 
 Iain


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


Re: [ActiveDir] login scripts

2004-11-02 Thread ASB
What does your script look like?

Have you considered running the logon scripts via GPO?

http://www.ultratech-llc.com/KB/?File=LogonScripts.TXT
http://www.ultratech-llc.com/KB/?File=GroupPol.TXT




- ASB
  Cheap, Fast, Secure -- Pick Any TWO.
  http://www.ultratech-llc.com/KB/


On Mon, 1 Nov 2004 14:35:41 -0600, Jordan Arendt
[EMAIL PROTECTED] wrote:
 We've recently upgraded from NT 4 to 2K3.  Our logon scripts have
 stoppped running on clients.  Logon scripts are specified in ADUC in
 the profile tab of each user.  When I logon to my XP machine the
 scripts do not run.  When I logon to a server through RDP, they do
 run.  I was thinking GPO, but only the default domain policy is
 currently applied, and it is applied to both the servers OU and the OU
 my PC is in.
 
 I've looked at the following:
 
 http://support.microsoft.com/default.aspx?scid=kb;en-us;329709 (this
 is not the case, my netlogon shares point to the correct place)
 
 and
 
 http://support.microsoft.com/default.aspx?scid=kb;en-us;302104
 
 I made the suggested changes, to no avail.
 
 Anyone have any suggestions?
 
 Thanks in Advance.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] locked out

2004-11-02 Thread Randy White
Windows 2003 Resource Kit

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rodney Gardiner
Sent: Monday, November 01, 2004 4:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] locked out

Just curious as to where this lockedoutstatus.exe is kept?
 
Rodney

  _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Randy White
Sent: Tuesday, 2 November 2004 7:31 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] locked out



This is probably caused by a virus.  Use lockedoutstatus.exe to find out
what where the lock outs are originating.  Then check the event log of
that
DC to find out the perpetrating computer.

 

  _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, November 01, 2004 2:29 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] locked out

 


All gurus,

Wonder if any of you have experienced this before.

Suddently over the weekend, all domain accounts ( i mean all ) are
locked
out except the domain admin accounts. What could have caused this
problem
?  The only  clue that I had is this is the week to change the  summer
time back but we had this done every year, had never had this issue
before. Could this be a worm of some sort of virus. Looking into our
security log it did not show me nything out of norm ( faild security ,
locked out has been turned on)

Any suggestions will be appreciated.


Regards,


Sandy

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


[ActiveDir] OT: helpdesk software

2004-11-02 Thread Jason Benway
I'm looking into helpdesk software.
I need integration into active directory, a web interface, and the biggest
issue.
I want to be able to use email to open and track the tickets. I want the
user to be able to send an email to an internal email address, the tech
replies to the email which gets sent back to the helpdesk app. The tech and
the user can continue to use email to correspond back and forth. Each time
the emails pass though the helpdesk software and the thread is tracked so it
can be viewed in the helpdesk app.

Anyone seen/use anything like this?

Thanks,jb
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] OT: helpdesk software

2004-11-02 Thread Rimmerman, Russ

How about Track-It!   

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Tuesday, November 02, 2004 9:19 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] OT: helpdesk software

I'm looking into helpdesk software.
I need integration into active directory, a web interface, and the biggest
issue.
I want to be able to use email to open and track the tickets. I want the
user to be able to send an email to an internal email address, the tech
replies to the email which gets sent back to the helpdesk app. The tech and
the user can continue to use email to correspond back and forth. Each time
the emails pass though the helpdesk software and the thread is tracked so it
can be viewed in the helpdesk app.

Anyone seen/use anything like this?

Thanks,jb
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.

This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] OT: helpdesk software

2004-11-02 Thread Robert Rutherford
Have a look at http://www.hornbill.com/

Should do everything you want.

Rob

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: 02 November 2004 15:19
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] OT: helpdesk software

I'm looking into helpdesk software.
I need integration into active directory, a web interface, and the
biggest
issue.
I want to be able to use email to open and track the tickets. I want the
user to be able to send an email to an internal email address, the tech
replies to the email which gets sent back to the helpdesk app. The tech
and
the user can continue to use email to correspond back and forth. Each
time
the emails pass though the helpdesk software and the thread is tracked
so it
can be viewed in the helpdesk app.

Anyone seen/use anything like this?

Thanks,jb
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

===
  Scanned for virus infection by Messagelabs
===


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] OT: helpdesk software

2004-11-02 Thread Sonia Tapia
 Try bigWebDesk www.bigwebdesk.com


Sonia Tapia


-Original Message-
From: Jason Benway [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 02, 2004 7:19 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] OT: helpdesk software

I'm looking into helpdesk software.
I need integration into active directory, a web interface, and the
biggest issue.
I want to be able to use email to open and track the tickets. I want the
user to be able to send an email to an internal email address, the tech
replies to the email which gets sent back to the helpdesk app. The tech
and the user can continue to use email to correspond back and forth.
Each time the emails pass though the helpdesk software and the thread is
tracked so it can be viewed in the helpdesk app.

Anyone seen/use anything like this?

Thanks,jb
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] OT: helpdesk software

2004-11-02 Thread Michael Wassell
Liberum is a nice, free alternative if open-source is an option,
although production on the project has slowed quite a bit over these
past few months the software is still very functional and does meet all
of the requirements that you mentioned.

http://www.liberum.org/  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Tuesday, November 02, 2004 10:19 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] OT: helpdesk software

I'm looking into helpdesk software.
I need integration into active directory, a web interface, and the
biggest issue.
I want to be able to use email to open and track the tickets. I want the
user to be able to send an email to an internal email address, the tech
replies to the email which gets sent back to the helpdesk app. The tech
and the user can continue to use email to correspond back and forth.
Each time the emails pass though the helpdesk software and the thread is
tracked so it can be viewed in the helpdesk app.

Anyone seen/use anything like this?

Thanks,jb
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] OT: helpdesk software

2004-11-02 Thread Perdue David J Contr InDyne/Enterprise IT
http://wm.quest.com/products/activerolesserver/

It used to be Enterprise Directory  Manager.  Nice stuff.



David J. Perdue
MCSE 2000, MCSE NT, MCSA, MCP+I 
Network Security Engineer, InDyne Inc 
Comm: (805) 606-4597DSN: 276-4597 
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Tuesday, November 02, 2004 7:19 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] OT: helpdesk software

I'm looking into helpdesk software.
I need integration into active directory, a web interface, and the biggest
issue.
I want to be able to use email to open and track the tickets. I want the
user to be able to send an email to an internal email address, the tech
replies to the email which gets sent back to the helpdesk app. The tech and
the user can continue to use email to correspond back and forth. Each time
the emails pass though the helpdesk software and the thread is tracked so it
can be viewed in the helpdesk app.

Anyone seen/use anything like this?

Thanks,jb
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] OT: helpdesk software

2004-11-02 Thread Salandra, Justin A.
What is the cost of that software package?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert
Rutherford
Sent: Tuesday, November 02, 2004 10:42 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: helpdesk software

Have a look at http://www.hornbill.com/

Should do everything you want.

Rob

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: 02 November 2004 15:19
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] OT: helpdesk software

I'm looking into helpdesk software.
I need integration into active directory, a web interface, and the
biggest
issue.
I want to be able to use email to open and track the tickets. I want the
user to be able to send an email to an internal email address, the tech
replies to the email which gets sent back to the helpdesk app. The tech
and
the user can continue to use email to correspond back and forth. Each
time
the emails pass though the helpdesk software and the thread is tracked
so it
can be viewed in the helpdesk app.

Anyone seen/use anything like this?

Thanks,jb
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

===
  Scanned for virus infection by Messagelabs
===


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


Re: [ActiveDir] OT: helpdesk software

2004-11-02 Thread Sean Johnson
We use RT ( http://www.bestpractical ). If you have some perl
experience, it's fairly easy to extensively customize. Authentication
can be done via active directory via ldap, with autocreation of user
accounts, etc. The system is easily email driven, so emails can
create,modify, and resolve tickets, etc.


On Tue, 2 Nov 2004 10:18:40 -0500, Jason Benway [EMAIL PROTECTED] wrote:
 I'm looking into helpdesk software.
 I need integration into active directory, a web interface, and the biggest
 issue.
 I want to be able to use email to open and track the tickets. I want the
 user to be able to send an email to an internal email address, the tech
 replies to the email which gets sent back to the helpdesk app. The tech and
 the user can continue to use email to correspond back and forth. Each time
 the emails pass though the helpdesk software and the thread is tracked so it
 can be viewed in the helpdesk app.
 
 Anyone seen/use anything like this?
 
 Thanks,jb
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


[ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Carerros, Charles
Hey group,

I'm trying to find an easy way to do a massive migration of Windows 95\98
workstation from an NT domain to a Windows 2003 AD domain, however the tools
that I'm finding don't seem to function, don't exists, or after installation
I can't seem to find a domain controller. 

Also, MS seems to have dropped the link to Q article 323466 which is
supposed to have an updated DS client.

If someone has already created some documentation on this process, it would
be extremely helpful.

Thanks,

Charlie
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Salandra, Justin A.
If you build your Windows 2003 domain with the same netbios domain name
they Win 9x won't care one way or another.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:39 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Windows 95\98 on Windows 2003 domain

Hey group,

I'm trying to find an easy way to do a massive migration of Windows
95\98
workstation from an NT domain to a Windows 2003 AD domain, however the
tools
that I'm finding don't seem to function, don't exists, or after
installation
I can't seem to find a domain controller. 

Also, MS seems to have dropped the link to Q article 323466 which is
supposed to have an updated DS client.

If someone has already created some documentation on this process, it
would
be extremely helpful.

Thanks,

Charlie
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] OT: helpdesk software

2004-11-02 Thread Robert Rutherford
I honestly can't remember give them a call (and then get plagued to
the end of your days).

Rob

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: 02 November 2004 16:07
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: helpdesk software

What is the cost of that software package?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert
Rutherford
Sent: Tuesday, November 02, 2004 10:42 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: helpdesk software

Have a look at http://www.hornbill.com/

Should do everything you want.

Rob

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: 02 November 2004 15:19
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] OT: helpdesk software

I'm looking into helpdesk software.
I need integration into active directory, a web interface, and the
biggest
issue.
I want to be able to use email to open and track the tickets. I want the
user to be able to send an email to an internal email address, the tech
replies to the email which gets sent back to the helpdesk app. The tech
and
the user can continue to use email to correspond back and forth. Each
time
the emails pass though the helpdesk software and the thread is tracked
so it
can be viewed in the helpdesk app.

Anyone seen/use anything like this?

Thanks,jb
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

===
  Scanned for virus infection by Messagelabs
===


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

===
  Scanned for virus infection by Messagelabs
===


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Carerros, Charles
We are doing a migration from an NT domain into child domain of new AD
forest so we cannot keep the same netbios name.  We also have a slight
problem with our naming convention in that all of our DCs are going to have
nine character names.  

Thanks, chuck 

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 10:54 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


If you build your Windows 2003 domain with the same netbios domain name
they Win 9x won't care one way or another.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:39 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Windows 95\98 on Windows 2003 domain

Hey group,

I'm trying to find an easy way to do a massive migration of Windows
95\98
workstation from an NT domain to a Windows 2003 AD domain, however the
tools
that I'm finding don't seem to function, don't exists, or after
installation
I can't seem to find a domain controller. 

Also, MS seems to have dropped the link to Q article 323466 which is
supposed to have an updated DS client.

If someone has already created some documentation on this process, it
would
be extremely helpful.

Thanks,

Charlie
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] OT: helpdesk software

2004-11-02 Thread deji
I can also vouch for Liberum. I think the development has not moved much for
a long time because the tool does all the things it's supposed to do
beautifully. It meets all the criteria you mentioned in your request and it
does so for free.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Michael Wassell
Sent: Tue 11/2/2004 8:01 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: helpdesk software



Liberum is a nice, free alternative if open-source is an option,
although production on the project has slowed quite a bit over these
past few months the software is still very functional and does meet all
of the requirements that you mentioned.

http://www.liberum.org/ 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Tuesday, November 02, 2004 10:19 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] OT: helpdesk software

I'm looking into helpdesk software.
I need integration into active directory, a web interface, and the
biggest issue.
I want to be able to use email to open and track the tickets. I want the
user to be able to send an email to an internal email address, the tech
replies to the email which gets sent back to the helpdesk app. The tech
and the user can continue to use email to correspond back and forth.
Each time the emails pass though the helpdesk software and the thread is
tracked so it can be viewed in the helpdesk app.

Anyone seen/use anything like this?

Thanks,jb
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Salandra, Justin A.
You could potentially upgrade your NT Domain to a child domain of a AD
forest.  This would allow you to keep the netbios name at least for your
network.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:58 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

We are doing a migration from an NT domain into child domain of new AD
forest so we cannot keep the same netbios name.  We also have a slight
problem with our naming convention in that all of our DCs are going to
have
nine character names.  

Thanks, chuck 

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 10:54 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


If you build your Windows 2003 domain with the same netbios domain name
they Win 9x won't care one way or another.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:39 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Windows 95\98 on Windows 2003 domain

Hey group,

I'm trying to find an easy way to do a massive migration of Windows
95\98
workstation from an NT domain to a Windows 2003 AD domain, however the
tools
that I'm finding don't seem to function, don't exists, or after
installation
I can't seem to find a domain controller. 

Also, MS seems to have dropped the link to Q article 323466 which is
supposed to have an updated DS client.

If someone has already created some documentation on this process, it
would
be extremely helpful.

Thanks,

Charlie
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Carerros, Charles
Upgrading is not an option in this case.  Politically its not allowed and
technically its not that feasible either (there is an issue with the number
of Exchange 5.5 environments that are going to be migrated into the new
forest and how this is planned to be done).  

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 11:07 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


You could potentially upgrade your NT Domain to a child domain of a AD
forest.  This would allow you to keep the netbios name at least for your
network.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:58 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

We are doing a migration from an NT domain into child domain of new AD
forest so we cannot keep the same netbios name.  We also have a slight
problem with our naming convention in that all of our DCs are going to
have
nine character names.  

Thanks, chuck 

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 10:54 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


If you build your Windows 2003 domain with the same netbios domain name
they Win 9x won't care one way or another.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:39 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Windows 95\98 on Windows 2003 domain

Hey group,

I'm trying to find an easy way to do a massive migration of Windows
95\98
workstation from an NT domain to a Windows 2003 AD domain, however the
tools
that I'm finding don't seem to function, don't exists, or after
installation
I can't seem to find a domain controller. 

Also, MS seems to have dropped the link to Q article 323466 which is
supposed to have an updated DS client.

If someone has already created some documentation on this process, it
would
be extremely helpful.

Thanks,

Charlie
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Renouf, Phil
How many Win95/98 clients are you talking about? Another question is:
Why do you have Win95/98 clients at all?

Phil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 12:13 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

Upgrading is not an option in this case.  Politically its not allowed
and technically its not that feasible either (there is an issue with the
number of Exchange 5.5 environments that are going to be migrated into
the new forest and how this is planned to be done).  

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Carerros, Charles
We have them for the same reason that everyone else does, economics.  If
they still perform their function and can access the network resources why
spend the money to upgrade what isn't broken.  I have someone looking for
the number right now, but it was indicated that it might be as many as 300
but that is just a guess number, it could be more or less.  We won't know
for sure until I get the audit report out of SMS.  Oh, most of those are at
sites not located near me (central administrative group).  Which makes
things even more fun.

-Original Message-
From: Renouf, Phil [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 11:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


How many Win95/98 clients are you talking about? Another question is:
Why do you have Win95/98 clients at all?

Phil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 12:13 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

Upgrading is not an option in this case.  Politically its not allowed
and technically its not that feasible either (there is an issue with the
number of Exchange 5.5 environments that are going to be migrated into
the new forest and how this is planned to be done).  

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Salandra, Justin A.
Ok, it was worth a shot.  I have not heard of or seen any tool that will
help you with this.  The only thing I can think of it in your logon
script have it copy a script to the 9x machine, modify the registry to
RunOnce that script you just copied and have that script on next logon
change the domain member ship If that is at all possible.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 12:13 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

Upgrading is not an option in this case.  Politically its not allowed
and
technically its not that feasible either (there is an issue with the
number
of Exchange 5.5 environments that are going to be migrated into the new
forest and how this is planned to be done).  

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 11:07 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


You could potentially upgrade your NT Domain to a child domain of a AD
forest.  This would allow you to keep the netbios name at least for your
network.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:58 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

We are doing a migration from an NT domain into child domain of new AD
forest so we cannot keep the same netbios name.  We also have a slight
problem with our naming convention in that all of our DCs are going to
have
nine character names.  

Thanks, chuck 

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 10:54 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


If you build your Windows 2003 domain with the same netbios domain name
they Win 9x won't care one way or another.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:39 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Windows 95\98 on Windows 2003 domain

Hey group,

I'm trying to find an easy way to do a massive migration of Windows
95\98
workstation from an NT domain to a Windows 2003 AD domain, however the
tools
that I'm finding don't seem to function, don't exists, or after
installation
I can't seem to find a domain controller. 

Also, MS seems to have dropped the link to Q article 323466 which is
supposed to have an updated DS client.

If someone has already created some documentation on this process, it
would
be extremely helpful.

Thanks,

Charlie
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Carerros, Charles
I think there is more I have to do to get it work with AD though.  Don't
have I to make sure that the workstation is using NTLM2 authentication and
SMB signing?  (In which case I still might have to write off my Win95 boxes
because I don't believe that they support either of those.)

I really hope that I'm wrong, but then again if I'm right then they will all
be forced to upgrade.   I just need to make sure that I exhaust all
resources before I go and tell someone the bad news about the 95 boxes.  

But I think that the script option might be the best approach.

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 11:24 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


Ok, it was worth a shot.  I have not heard of or seen any tool that will
help you with this.  The only thing I can think of it in your logon
script have it copy a script to the 9x machine, modify the registry to
RunOnce that script you just copied and have that script on next logon
change the domain member ship If that is at all possible.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 12:13 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

Upgrading is not an option in this case.  Politically its not allowed
and
technically its not that feasible either (there is an issue with the
number
of Exchange 5.5 environments that are going to be migrated into the new
forest and how this is planned to be done).  

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 11:07 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


You could potentially upgrade your NT Domain to a child domain of a AD
forest.  This would allow you to keep the netbios name at least for your
network.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:58 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

We are doing a migration from an NT domain into child domain of new AD
forest so we cannot keep the same netbios name.  We also have a slight
problem with our naming convention in that all of our DCs are going to
have
nine character names.  

Thanks, chuck 

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 10:54 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


If you build your Windows 2003 domain with the same netbios domain name
they Win 9x won't care one way or another.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:39 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Windows 95\98 on Windows 2003 domain

Hey group,

I'm trying to find an easy way to do a massive migration of Windows
95\98
workstation from an NT domain to a Windows 2003 AD domain, however the
tools
that I'm finding don't seem to function, don't exists, or after
installation
I can't seem to find a domain controller. 

Also, MS seems to have dropped the link to Q article 323466 which is
supposed to have an updated DS client.

If someone has already created some documentation on this process, it
would
be extremely helpful.

Thanks,

Charlie
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Renouf, Phil
Understandable, if it's not broke why fix it. Although you do need to
live with the fact that it has less functionality within Active
Directory (even with the DS Client) and is no longer supported by
Microsoft. My rant ends here ;)

For 300 clients you might just want to send out a pre and post-migration
notice to all users (ie: have a piece of paper on their desk) that
indicates for any Windows 95/98 users to type in the new domain name in
the domain box. It's as easy as that to get a 95/98 box to log into a
different domain, so if it comes down to it I would say a well written
communication to the users should do the trick.

If you are using SMS you could create a script that would update the
registry to change the Domain that is listed in the Domain box and push
that out on the night of migration.

Phil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 12:22 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

We have them for the same reason that everyone else does, economics.  If
they still perform their function and can access the network resources
why spend the money to upgrade what isn't broken.  I have someone
looking for the number right now, but it was indicated that it might be
as many as 300 but that is just a guess number, it could be more or
less.  We won't know for sure until I get the audit report out of SMS.
Oh, most of those are at sites not located near me (central
administrative group).  Which makes things even more fun.

-Original Message-
From: Renouf, Phil [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 11:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


How many Win95/98 clients are you talking about? Another question is:
Why do you have Win95/98 clients at all?

Phil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 12:13 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

Upgrading is not an option in this case.  Politically its not allowed
and technically its not that feasible either (there is an issue with the
number of Exchange 5.5 environments that are going to be migrated into
the new forest and how this is planned to be done).  

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


[ActiveDir] Exchange 2K3 Private Information Store Disappeared

2004-11-02 Thread Monte Barnett \(Tech\)

  Okay, here's the scenario: Exchange Server 2003 (upgraded in June from
2K w/current SPs) has, over the past two weeks, begun allowing users to
open other users mailboxes. Up until now, it was secure in that people
had to assign delegates, but now it's pretty much wide open.
Additionally, the Private Information Store shows *none* of the user
logons or mailboxes. Two user mailboxes won't open (Cannot be found /
Does not exist errors opening with Outlook). But .. all other users
can open their mailboxes, send  receive mail, use the global address
book, and do pretty much anything they normally do with e-mail. From
Active Directory Users  Computers, we cannot add email accounts, nor
can we make changes to existing users' Mailbox Rights from the Exchange
Advanced tab within User Properties. Clicking the Mailbox Right button
returns There is no such object on the server.  Facility: Win32  ID no:
c0072030   Microsoft Active Directory - Exchange Extension. 

  As it stands, we're thinking there's little time left before this
self-destructs. Things came to a halt yesterday afternoon, and after
several hours of getting no answers from Microsoft, our Network Admin
found that the Exchange Connector in AD Sites  Services wasn't working,
deleted  re-created it, then restarted the three Global Catalog
Servers, which got mail back up and limping along. 

  Any ideas?

   
Monte Barnett
Network Specialist
Burlington-Edison School District
491 N. Burlington Blvd
Burlington, WA  98233
(360) 757-3344 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] GPO SYSVOL permissions

2004-11-02 Thread Nathan Casey
Does anyone have info on the this hotfix?
Thanks

 [EMAIL PROTECTED] 11/1/2004 12:31:44 PM 
This happens if someone connected to your GPO's and they
were running XP
SP2.  There is a hotfix for this.

-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of
Nathan Casey
Sent: Monday, November 01, 2004 2:20 PM
To: [EMAIL PROTECTED] 
Subject: [ActiveDir] GPO SYSVOL permissions

Today for the first time I am receiving the following GPMC
message when I click either Default Domain Policy or
Default
Domain Controllers Policy:  
The permissions for this GPO in the SYSVOL folder are
inconsistent with those in Active Directory. It is
recommended that these permissions be consistent. To
change
the permissions in SYSVOL to those in Active Directory,
click OK

The DC's are all Windows 2003. Any ideas why I am now
getting this message? Nothing in the domain has changed
anytime recently. Should I click OK as the message
suggests?

The message also includes a link to the following article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;828760



Thanks
Nathan

List info   : http://www.activedir.org/mail_list.htm 
List FAQ: http://www.activedir.org/list_faq.htm 
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm 
List FAQ: http://www.activedir.org/list_faq.htm 
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Salandra, Justin A.
Why would they need NTLM2 authentication and SMB Signing?  Is this
something that Windows 2003 requires?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 12:34 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

I think there is more I have to do to get it work with AD though.  Don't
have I to make sure that the workstation is using NTLM2 authentication
and
SMB signing?  (In which case I still might have to write off my Win95
boxes
because I don't believe that they support either of those.)

I really hope that I'm wrong, but then again if I'm right then they will
all
be forced to upgrade.   I just need to make sure that I exhaust all
resources before I go and tell someone the bad news about the 95 boxes.


But I think that the script option might be the best approach.

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 11:24 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


Ok, it was worth a shot.  I have not heard of or seen any tool that will
help you with this.  The only thing I can think of it in your logon
script have it copy a script to the 9x machine, modify the registry to
RunOnce that script you just copied and have that script on next logon
change the domain member ship If that is at all possible.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 12:13 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

Upgrading is not an option in this case.  Politically its not allowed
and
technically its not that feasible either (there is an issue with the
number
of Exchange 5.5 environments that are going to be migrated into the new
forest and how this is planned to be done).  

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 11:07 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


You could potentially upgrade your NT Domain to a child domain of a AD
forest.  This would allow you to keep the netbios name at least for your
network.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:58 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

We are doing a migration from an NT domain into child domain of new AD
forest so we cannot keep the same netbios name.  We also have a slight
problem with our naming convention in that all of our DCs are going to
have
nine character names.  

Thanks, chuck 

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 10:54 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


If you build your Windows 2003 domain with the same netbios domain name
they Win 9x won't care one way or another.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:39 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Windows 95\98 on Windows 2003 domain

Hey group,

I'm trying to find an easy way to do a massive migration of Windows
95\98
workstation from an NT domain to a Windows 2003 AD domain, however the
tools
that I'm finding don't seem to function, don't exists, or after
installation
I can't seem to find a domain controller. 

Also, MS seems to have dropped the link to Q article 323466 which is
supposed to have an updated DS client.

If someone has already created some documentation on this process, it
would
be extremely helpful.

Thanks,

Charlie
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : 

RE: [ActiveDir] Exchange 2K3 Private Information Store Disappeared

2004-11-02 Thread Salandra, Justin A.
Do you have AV scanning the info stores at the file level?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Monte Barnett
(Tech)
Sent: Tuesday, November 02, 2004 12:39 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Exchange 2K3 Private Information Store Disappeared


  Okay, here's the scenario: Exchange Server 2003 (upgraded in June from
2K w/current SPs) has, over the past two weeks, begun allowing users to
open other users mailboxes. Up until now, it was secure in that people
had to assign delegates, but now it's pretty much wide open.
Additionally, the Private Information Store shows *none* of the user
logons or mailboxes. Two user mailboxes won't open (Cannot be found /
Does not exist errors opening with Outlook). But .. all other users
can open their mailboxes, send  receive mail, use the global address
book, and do pretty much anything they normally do with e-mail. From
Active Directory Users  Computers, we cannot add email accounts, nor
can we make changes to existing users' Mailbox Rights from the Exchange
Advanced tab within User Properties. Clicking the Mailbox Right button
returns There is no such object on the server.  Facility: Win32  ID no:
c0072030   Microsoft Active Directory - Exchange Extension. 

  As it stands, we're thinking there's little time left before this
self-destructs. Things came to a halt yesterday afternoon, and after
several hours of getting no answers from Microsoft, our Network Admin
found that the Exchange Connector in AD Sites  Services wasn't working,
deleted  re-created it, then restarted the three Global Catalog
Servers, which got mail back up and limping along. 

  Any ideas?

   
Monte Barnett
Network Specialist
Burlington-Edison School District
491 N. Burlington Blvd
Burlington, WA  98233
(360) 757-3344 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Exchange 2K3 Private Information Store Disappeare d

2004-11-02 Thread Mulnick, Al
Sounds like some administrative issues are possible such as changes to
rights, GPO's, etc.

However, to start to rule things out, how about gathering dcdiag and netdiag
reports for the GC's and the Exchange servers?  To run dcdiag from a member
server, you specify the DC you want it to collect. 

Also, what kind of topology are you using?  W2k3 FFL?  Mixed?  Who has
administrative access to change rights? 

I see three separate (possibly related, but separate issues anyway) issues:
1) wide-open rights are available to all users
2) missing mailboxes
3) unable to create new users

To unravel all of that, it's necessary to know if this is native mode
domains, native mode Exchange, Forest functional level, topology of the
deployment (AD and Exchange) and which servers hold the AD and Exchange
roles.

Installed software on the DC's and Exchange servers would be a helpful item
to know as well.



Al 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Monte Barnett
(Tech)
Sent: Tuesday, November 02, 2004 12:39 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Exchange 2K3 Private Information Store Disappeared


  Okay, here's the scenario: Exchange Server 2003 (upgraded in June from 2K
w/current SPs) has, over the past two weeks, begun allowing users to open
other users mailboxes. Up until now, it was secure in that people had to
assign delegates, but now it's pretty much wide open.
Additionally, the Private Information Store shows *none* of the user logons
or mailboxes. Two user mailboxes won't open (Cannot be found / Does not
exist errors opening with Outlook). But .. all other users can open
their mailboxes, send  receive mail, use the global address book, and do
pretty much anything they normally do with e-mail. From Active Directory
Users  Computers, we cannot add email accounts, nor can we make changes to
existing users' Mailbox Rights from the Exchange Advanced tab within User
Properties. Clicking the Mailbox Right button returns There is no such
object on the server.  Facility: Win32  ID no:
c0072030   Microsoft Active Directory - Exchange Extension. 

  As it stands, we're thinking there's little time left before this
self-destructs. Things came to a halt yesterday afternoon, and after several
hours of getting no answers from Microsoft, our Network Admin found that the
Exchange Connector in AD Sites  Services wasn't working, deleted 
re-created it, then restarted the three Global Catalog Servers, which got
mail back up and limping along. 

  Any ideas?

   
Monte Barnett
Network Specialist
Burlington-Edison School District
491 N. Burlington Blvd
Burlington, WA  98233
(360) 757-3344 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

2004-11-02 Thread Renouf, Phil
Windows 2003 requires clients to support SMB signing and (quoting)
signing of secure channel network traffic.

To enable that on downlevel clients (Win9x or WinNT) you need to install
the DS Client, although the recommended approach is to upgrade the OS.

Phil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, November 02, 2004 12:45 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

Why would they need NTLM2 authentication and SMB Signing?  Is this
something that Windows 2003 requires?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 12:34 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

I think there is more I have to do to get it work with AD though.  Don't
have I to make sure that the workstation is using NTLM2 authentication
and SMB signing?  (In which case I still might have to write off my
Win95 boxes because I don't believe that they support either of those.)

I really hope that I'm wrong, but then again if I'm right then they will
all
be forced to upgrade.   I just need to make sure that I exhaust all
resources before I go and tell someone the bad news about the 95 boxes.


But I think that the script option might be the best approach.

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 11:24 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


Ok, it was worth a shot.  I have not heard of or seen any tool that will
help you with this.  The only thing I can think of it in your logon
script have it copy a script to the 9x machine, modify the registry to
RunOnce that script you just copied and have that script on next logon
change the domain member ship If that is at all possible.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 12:13 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

Upgrading is not an option in this case.  Politically its not allowed
and technically its not that feasible either (there is an issue with the
number of Exchange 5.5 environments that are going to be migrated into
the new forest and how this is planned to be done).  

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 11:07 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


You could potentially upgrade your NT Domain to a child domain of a AD
forest.  This would allow you to keep the netbios name at least for your
network.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:58 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain

We are doing a migration from an NT domain into child domain of new AD
forest so we cannot keep the same netbios name.  We also have a slight
problem with our naming convention in that all of our DCs are going to
have nine character names.  

Thanks, chuck 

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 10:54 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 95\98 on Windows 2003 domain


If you build your Windows 2003 domain with the same netbios domain name
they Win 9x won't care one way or another.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
Charles
Sent: Tuesday, November 02, 2004 11:39 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Windows 95\98 on Windows 2003 domain

Hey group,

I'm trying to find an easy way to do a massive migration of Windows
95\98
workstation from an NT domain to a Windows 2003 AD domain, however the
tools that I'm finding don't seem to function, don't exists, or after
installation I can't seem to find a domain controller. 

Also, MS seems to have dropped the link to Q article 323466 which is
supposed to have an updated DS client.

If someone has already created some documentation on this process, it
would be extremely helpful.

Thanks,

Charlie
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: 

[ActiveDir] Excel plugin for directory access

2004-11-02 Thread joe



I haven't look at 
this but saw an email on it today... It is a Active Directory plugin for Excel 
2003. This is not in any way related to joeware nor ADFind and I do not 
otherwise endorse or recommend, however I know some folks were looking for this 
capability so I thought I would let you know I ran into it so thought they may 
want to check it out. 


http://bink.nu/?ArticleID=2782


FYI, I am looking at 
the CSV options. I want to make sure that they are consistent across adfind, 
admod, and the up and coming adadd [1]


 
joe




[1]Yeah that 
is a stupid name I know but I have to stick with the convention or possibly wrap 
into admod which I may do just because of how bad that name 
is...


[ActiveDir] Rename local and global groups

2004-11-02 Thread Thomas Wohlgemuth
Hello
I´am looking for a possibility to rename local and global groups into a AD.
Can anybody help me?
THX
Thomas
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Excel plugin for directory access

2004-11-02 Thread rallen



I vote for putting add functionality in admod and not breaking it 
out as a separate tool. (you didn'tput AD deletions into a separate 
tool)

Robbie Allen
http://www.rallenhome.com/

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of 
  joeSent: Tuesday, November 02, 2004 1:51 PMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Excel plugin for 
  directory access
  
  I haven't look at 
  this but saw an email on it today... It is a Active Directory plugin for Excel 
  2003. This is not in any way related to joeware nor ADFind and I do not 
  otherwise endorse or recommend, however I know some folks were looking for 
  this capability so I thought I would let you know I ran into it so thought 
  they may want to check it out. 
  
  
  http://bink.nu/?ArticleID=2782
  
  
  FYI, I am looking 
  at the CSV options. I want to make sure that they are consistent across 
  adfind, admod, and the up and coming adadd [1]
  
  
   
  joe
  
  
  
  
  [1]Yeah that 
  is a stupid name I know but I have to stick with the convention or possibly 
  wrap into admod which I may do just because of how bad that name 
  is...


RE: [ActiveDir] Rename local and global groups

2004-11-02 Thread Renouf, Phil
What is it exactly that you are looking for? You can rename groups through Active 
Directory Users  Computers.

Phil 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Wohlgemuth
Sent: Tuesday, November 02, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Rename local and global groups

Hello
I´am looking for a possibility to rename local and global groups into a AD.
Can anybody help me?

THX
Thomas

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


Re: [ActiveDir] Rename local and global groups

2004-11-02 Thread Thomas Wohlgemuth
Hello
I would create a little script for renaming a great amount of groups from 
time to time (changes in the structure of our company).

Thomas
- Original Message - 
From: Renouf, Phil [EMAIL PROTECTED]
To: unsure; [EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 8:05 PM
Subject: RE: [ActiveDir] Rename local and global groups

What is it exactly that you are looking for? You can rename groups through 
Active Directory Users  Computers.

Phil
-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Thomas Wohlgemuth
Sent: Tuesday, November 02, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Rename local and global groups

Hello
I´am looking for a possibility to rename local and global groups into a AD.
Can anybody help me?
THX
Thomas
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Rename local and global groups

2004-11-02 Thread Renouf, Phil
You could create a script based on dsmove to change the names of groups:

dsmove DN of group -newname New group name



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Wohlgemuth
Sent: Tuesday, November 02, 2004 2:11 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Rename local and global groups

Hello

I would create a little script for renaming a great amount of groups from time to time 
(changes in the structure of our company).

Thomas

- Original Message -
From: Renouf, Phil [EMAIL PROTECTED]
To: unsure; [EMAIL PROTECTED]
Sent: Tuesday, November 02, 2004 8:05 PM
Subject: RE: [ActiveDir] Rename local and global groups


What is it exactly that you are looking for? You can rename groups through 
Active Directory Users  Computers.

Phil

-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Thomas Wohlgemuth
Sent: Tuesday, November 02, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Rename local and global groups

Hello
I´am looking for a possibility to rename local and global groups into a AD.
Can anybody help me?

THX
Thomas

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Excel plugin for directory access

2004-11-02 Thread Michael B. Smith



admod -add

:-)


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Tuesday, November 02, 2004 1:51 PMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] Excel plugin for 
directory access

I haven't look at 
this but saw an email on it today... It is a Active Directory plugin for Excel 
2003. This is not in any way related to joeware nor ADFind and I do not 
otherwise endorse or recommend, however I know some folks were looking for this 
capability so I thought I would let you know I ran into it so thought they may 
want to check it out. 


http://bink.nu/?ArticleID=2782


FYI, I am looking at 
the CSV options. I want to make sure that they are consistent across adfind, 
admod, and the up and coming adadd [1]


 
joe




[1]Yeah that 
is a stupid name I know but I have to stick with the convention or possibly wrap 
into admod which I may do just because of how bad that name 
is...


RE: [ActiveDir] Excel plugin for directory access

2004-11-02 Thread Myrick, Todd (NIH/CIT)








I got the tool,



Pretty slick, takes some getting used to,
and I havent done any live modifications yet, but could be quite useful
for bulk updates, etc.



Todd











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 02, 2004
2:02 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Excel
plugin for directory access





I vote for putting add functionality in
admod and not breaking it out as a separate tool. (you didn'tput AD
deletions into a separate tool)



Robbie Allen

http://www.rallenhome.com/











From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of joe
Sent: Tuesday, November 02, 2004
1:51 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Excel plugin
for directory access



I haven't look at this but saw an email on it today... It is
a Active Directory plugin for Excel 2003. This is not in any way related to
joeware nor ADFind and I do not otherwise endorse or recommend, however I know
some folks were looking for this capability so I thought I would let you know I
ran into it so thought they may want to check it out. 

















http://bink.nu/?ArticleID=2782

















FYI, I am looking at the CSV options. I want to make sure
that they are consistent across adfind, admod, and the up and coming adadd [1]

















 joe





























[1]Yeah that is a stupid name I know but I have to
stick with the convention or possibly wrap into admod which I may do just
because of how bad that name is...












RE: [ActiveDir] User export/import

2004-11-02 Thread Rodney Gardiner
This article may be of assistance too.

http://support.microsoft.com/default.aspx?scid=kb;en-us;276440Product=win20
00

Rodney 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, 3 November 2004 12:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] User export/import

 
I believe LDIFDE will allow you to achieve this.

http://support.microsoft.com/kb/q237677/

Its available on the Windows 200x Server CD

Iain
-Original Message-
From: Bruyere, Michel [mailto:[EMAIL PROTECTED]
Sent: 02 November 2004 13:15
To: [EMAIL PROTECTED]
Subject: [ActiveDir] User export/import

Hi, 
I would like to know what would be the best way to export and
reimport users and group from a DC to another. The source DC is the one that
is in our LAN and the second one is in a test lab. They both must have the
same accounts and groups but, they are not connected in any way and the
configuration differ from one to the other (ip range is not the same).
IIRC I saw a VBS script that could export users and groups in a file then
allow the reimport process... but this is a long time ago, so I may not
recall correctly. 

So what you guys would do to achieve this goal?

BTW, I tried to backup the system state and restore it to the other DC, but
the DC froze after the reboot... I don't know if this could be caused
because of the configuration diff. 

Thanks! 


M.Bruyere

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/





***
This electronic message contains information from Hampshire Constabulary
which may be legally privileged and confidential. Any opinions expressed may
be those of the individual and not necessarily the Hampshire Constabulary.
The information is intended to be for the use of the individual(s) or entity
named above. If you are not the intended recipient, be aware that any
disclosure, copying, distribution or use of the contents of the information
is prohibited. If you have received this electronic message in error, please
notify us by telephone 
+44 (0) 845 045 45 45 or email to [EMAIL PROTECTED]
immediately. Please then delete this email and destroy any copies of it. 
All communications, including telephone calls and electronic messages to and
from the Hampshire Constabulary may be subject to monitoring.  Replies to
this email may be seen by employees other than the intended recipient.  

*** 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] locked out

2004-11-02 Thread Rodney Gardiner
James,

Thanks for that. I do not have this problem though - I was taking onto the
end of a previous post to find out where to get the tool that was spoken of.

Thanks for the script too. Also note that on www.joeware.net web site there
is a tool been created to help with bulk unlock etc.

Rodney

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, 2 November 2004 11:39 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] locked out

Hi Rodney

Lockoutstatus.exe is part of the 2003 resource kit (and I would assume the
2000 resource kit as well) although it can be downloaded separately from
Microsoft.  I did a search on google for lockoutstatus.exe to get it.

We saw pretty much the same thing about 3 months ago and it turned out to be
a new flavor of a popular internet worm that Symantec was unable to detect.
There have since been several other variations.  In our case we audit for
logon failures, lockoutstatus gave us the DC to check, the audit log showed
several failures for a handful of accounts at a set time all coming from one
ip address and that ip had wintaskx and payload both running - the viral
infections.

Good luck tracking down the culprit.  If you do get it and you need a bulk
unlock script:


' Open the file system object - allows connections into the file system

Set fso = CreateObject(Scripting.FileSystemObject)
set fso2 = CreateObject(Scripting.FileSystemObject)

' Opens a file for reading


lock = 0

set myreadfyle = fso.opentextfile(c:\ntuserlist.txt)

' Sets up a loop.  This will read every line in the text file and perform
operations until the last line of the text file set myfile2 =
fso2.opentextfile(c:\lockedaccounts.txt,2)


While Not myreadfyle.AtEndOfStream




' Read the line, splitting it at the commas for reading.  The split command
looks for the value in brackets (,) and ' splits the line there.  It will
become an array now.  the value
dnarray(0) will be column one from the csv.
' dnarray(1) is then column two.

strusername = myreadfyle.readline
strdomain = hq
  ' dnarray = split(fyleline,,,-1,1)

' This line echos the values to a message box on the screen.  Again, values
in the s are absolute, values ' outside the s are variables, and the  is
used to append the different value sets together into one line.

  ' wscript.echo The first value is   dnarray(0)   The second value
is   dnarray(1)

' ends the while statement - while end.  In VBS while end will fail, in
dotnet it works.




set objuser=getobject(WinNT:// strdomain  /  strUsername)

if objuser.IsAccountLocked= True then

myfile2.writeline   strusername

 objuser.isaccountlocked=false
 objuser.setinfo
lock = lock + 1
' wscript.echo strusername   unlocked

else

' wscript.echo strusername   not locked

end if

WEND
wscript.echo lock   accounts unlocked - see c:\lockedaccounts.txt for a
list of usernames

myreadfyle.close

You will need to pre-create the ntuserlist.txt file with a full list of your
users, and a blank file called lockedaccounts.txt on the root of drive C for
logging the locked accounts.

Regards;

James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
(202) 354-1464 (direct)
(202) 371-1549 (fax)
[EMAIL PROTECTED]


 

  Rodney Gardiner

  [EMAIL PROTECTED]To:
[EMAIL PROTECTED]

  m.au  cc:   (bcc: James
Day/Contractor/NPS)   
  Sent by:   Subject:  RE:
[ActiveDir] locked out
  [EMAIL PROTECTED]

  tivedir.org

 

 

  11/02/2004 09:16 AM

  ZE11

  Please respond to

  ActiveDir

 





Just curious as to where this lockedoutstatus.exe is kept?

Rodney

  _

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Randy White
Sent: Tuesday, 2 November 2004 7:31 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] locked out



This is probably caused by a virus.  Use lockedoutstatus.exe to find out
what where the lock outs are originating.  Then check the event log of that
DC to find out the perpetrating computer.



  _

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, November 01, 2004 2:29 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] locked out




All gurus,

Wonder if any of you have experienced this before.

Suddently over the weekend, all domain accounts ( i mean all ) are locked
out except the domain admin accounts. What could have caused this problem ?
The only  clue that I had is this is the week to change the  summer time
back but we had this done every year, had never had this issue before. Could
this be a worm of some sort of 

RE: [ActiveDir] Write Cache Enabled

2004-11-02 Thread Rodney Gardiner
Al,

Thank you very much for your comprehensive response. I am currently in the
process of trying to Disable Write Cache. I have managed to do it via the
Adaptec Software but for some reason windows still states that it is
enabled.

I go into System manager - Devices - Hard Disks - Properties. In the
properties I select Disk Properties and there is a tick next to Write Cache
Enabled. I remove the tick and save and then go back in and the tick is
still there.

Any ideas?

If you need more info I will supply what ever is needed.

Rodney

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, 3 November 2004 1:12 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Write Cache Enabled

http://www.webopedia.com/TERM/d/disk_cache.html is a reference for what it
is.  

Disk cache is a very dangerous thing when it comes to JET DB technology.
The reason is that if the disk device loses power, or corrupts before it can
commit to media, then you lose that bit of data likely corrupting the db.
If the db is not so far gone that it can't replicate, your problems get
worse.  You should see SAN implementations of DC's and the conversations it
generates ;)

On-disk caching is a way for vendors to squeeze a little more speed out of
the platters.  Consider two 15K scsi drives.  One provides 10us write commit
time (for example) while the other provides 2us write commit time.  The
difference?  Cache. If you can commit to cache vs. the platter, it's much
much faster as you buffer the writes until the platter is in an optimal
position to write to media. Great for applications that are random r/w types
with heavy or equal write signatures i.e. file and print applications or
presentation applications. 

JET db technology can be very disk IO intensive. That's because it's a
two-phase commit database technology; a good one too.  But as you scale the
database you tend to have more disk activity as more and more transactions
take place.  Microsoft has gotten quite good at figuring out what works and
what doesn't and one thing they've learned is when to use JET DB technology;
a typical JET db deployment is likely to be more read-intensive than it is
write intensive.  A good application for JET technology is something that
has at least a 2.5 or 3:1 read/write signature.  The more read-intensive,
the more likely that JET technology will be a good fit.  Sound like an
application you're familiar with?  LDAP is a read-intensive application by
design and great read response is required to scale it successfully.  Active
Directory would be an example of a LDAP database that needs great read
performance with some write performance.

Some implementations of LDAP have adapted other db technology, such as DB2,
Oracle, etc. to house their LDAP data stores.  Microsoft chose their JET
(JET Blue if I recall correctly, but don't quote me)engine.  

Since JET DB applications tend to be very read-intensive, the risk/reward of
disk cache is not in your favor.  Your better bet is to give the application
the amount of spindles required to gain the IOPS needed to satisfy the
performance needs of your application.  In the case of Active Directory,
separate the IO types to gain better performance (sequential IO on one set
of dedicated spindles being your biggest performance booster) etc. 

Don't be fooled by the use of battery backup technology.  It's not worth it
and it usually comes on the array controllers only not on the disk device
itself.  The array controller battery backup is intended to protect against
power failures when data is in the array cache, which of course is there to
provide better performance.  But the cache is considered flushed when the
controller receives a successful commit response from the disk device. The
disk device will send a positive response when you write to it's cache.
It's at that point that you tend to be vulnerable to problems (i.e.
corruption) for very little performance gain. 

Turn off the disk caching and you'll barely notice a difference if you've
laid out your disk appropriately for your implementation. But you'll greatly
reduce your risk.  Microsoft knows what they're doing when they suggest you
turn it off, trust me on that.

al   

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rodney Gardiner
Sent: Monday, November 01, 2004 6:46 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Write Cache Enabled

I keep getting an error on one of our DC's stating that Write Disk Cache is
enabled and if there is a system failure data corruption may occur.

I have informed that this should not be enabled on a DC.

I checked out Tech Net on the various errors I receive in the Event Viewer
and it states generally the error can be ignored and that there is a hotfix
that you must call Microsoft for to stop the error appearing.

http://support.microsoft.com/default.aspx?scid=kb;en-us;830051

I was also informed that taking off the