RE: [ActiveDir] [OT] MOM Service not starting
Try the following 1. Go to Component Services - Computers - My Computer - COM+Applications 2. Right click Microsoft Operations Manager Data Access Server and select properties 3. Go to identity tab and retype the password there (if the account is valid) Regards Nazim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oluwaseyi Owoeye Sent: Monday, April 25, 2005 17:58 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] [OT] MOM Service not starting Hello guys, I know this is slightly out of topic but any help will be appreciated. I have just installed MOM 2005 on a windows 2003 machine, and it seems to be working fine. The servers I want to monitor are all Win2k3 machines. When I install agents on these servers the installation is seen to be sucusful but I notice that the MOM service on the servers don't start. Interestingly the MOM service on the MOM Server starts and we are able to report performance statics and get alerts daily on the MOM server. When I try to start the service manually the service does not start and the event viewer comes up with an error message saying that the following [The Microsoft Operations Manager service (MOMService.exe) was unable to run under the supplied credentials, or the password has expired. If this machine is a Domain Controller, verify that the action account is granted the ability to Log On Locally. Please use the SetActionAccount utility to set an action account which meets the guidelines documented in the Microsoft Operations Manager documentation]. I have used the setactionaccount utility to set the username and password for the action account but I still get the same error message, I have checked to ensure that the password has not expired and that the account has not expired too but I still get the same error. I have even given the account domain admin priviledges, but this still does not solve the problems. I would be grateful if someone can help with this. Best regards Seyi List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Machine account password age
If I recall correcty; 0 will set it to no minimum. -Ben-Ben M. Schorr, MCP, MVP, CNAOperations CoordinatorStockholm Consulting Group - HonoluluPhone: (808) 535-1500Mobile: (808) 351-5084http://www.scgab.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Manjeet SinghSent: Wednesday, April 27, 2005 11:52 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Machine account password age Hi, I want to set the minimum machine account password age for windows 2003 server. We can set the password age between 0-999 days. What is the meaning of 0 days? I mean after how much time it will change the machine account. Can some one tell me the logic if I set it to 0 days. Thanks, Manjeet
[ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS
Hi all I was wondering if what (if any) benefits/advantages are over using Microsoft (2003) DNS Vs. QIP in Active Directory? Any comments or thoughts welcome :) James _ Want to block unwanted pop-ups? Download the free MSN Toolbar now! http://toolbar.msn.co.uk/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Segregating and delegating _msdcs
Title: Message I'll try to elaborate but much of the reasoning behind this is political or sensitive in its nature :) [BTW: I'm happy with the feasibility of the change but am looking more for best practices and known issues etc] We currently have non-secure DDNS enabled in the a.test.com zone and wish to enable secure DDNS. Whilst investigating the ramifications of this change, we have decided to segregate out the _ zones so we can safely enable secure DDNS on those zones whilst investigations continue for the parent zone. Ultimately, both the _ zones as well as the parent zone itself will be managed by non-Windows DNS servers, but we will still require a split of _ zones since DDNS will only be permitted for those zones. Now I've "spilled the beans" are you able to offer a response or a technote / KB? :) Thanks, neil -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, GuidoSent: 27 April 2005 21:57To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Segregating and delegating _msdcs technically, this approach is quite feasable - however, it's usually done the other way around. Many companies dothisso that they can safely enable DDNS on the _MSDCS zones (as AD integrated zone) allowing automatic service record, DC Domain GUID registration etc., while putting the host records on a (static) Bind DNS. So it would be good to know your reason behind your request...? /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, NeilSent: Mittwoch, 27. April 2005 09:53To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Segregating and delegating _msdcs For various reasons we would like to split out _msdcs and the other _* domains within one specific DNS zone, into separate zones. These new zones will then, eventually, be hosted on non-Windows DNS servers, whilst the 'parent' zone will remain hosted on w2k DCs. Our current environment is w2k DCs [in a 4 domain forest] so app partitions are not an option just yet. Root domain is named test.com and 3 children exist, a.test.com, b.test.com and c.test.com. We wish to delegate the _ domains within a.test.com only to non-Windows DNS servers, with a.test.com remaining hosted on w2k DCs.. I have found fairly useful technotes etc and have started to flesh out a plan but wondered if anyone would be prepared to share any real world experiences of such an operation. i.e. how was the change performed? Any pitfalls or gotchas? Thanks in advance, neil ==This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.== == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ==
RE: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS
Those that spring to mind: W2k3 offers scavenging - QIP does not [but then you could argue, it is not needed by design] W2k3 offers secure DDNS - QIP can, but requires Kerberos integration [again, QIP may be designed such that this is moot] QIP is a full IP management solution and not just a DNS product. Both (QIP and w2k3 DNS) have their pros and cons - it really depends upon your requirements and whether you need/want a full IP management solution of just a DNS product. neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Green Sent: 28 April 2005 11:02 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS Hi all I was wondering if what (if any) benefits/advantages are over using Microsoft (2003) DNS Vs. QIP in Active Directory? Any comments or thoughts welcome :) James _ Want to block unwanted pop-ups? Download the free MSN Toolbar now! http://toolbar.msn.co.uk/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. == List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Issues
Title: Segregating and delegating _msdcs does it have a DNS server IP address assigned? #JORGE# From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za VueSent: woensdag 27 april 2005 14:43To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Issues Source: Userrnv EventID 1000: Windows cannot determined the user or account name. Return value (5). I have taken the server(W2K) off the domain(W2k), renamed it, cleaned the old name off the domain, renamed it back to the original name, added it to the domain and still getting this error. Thank you, Z.V ==This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.== This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
Re: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS
AD DNS is built-in / Active Directory integrated and Lucent is an external system - Use AD's DNS if possible; also if you lose communications with your Lucent QIP systems, people could have severe login problems... Chuck Gafford Unisys Architect 2
[ActiveDir] Event ID 36872
Dear Colleagues, I am having a problem with my proxy server. It is a Windows 2000 Server running Msproxy 2.0 Usera get access by authenticating with the AD on this machinee. It has started giving the error: No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this. Does anyone know how to correct this? Ms Knowledge base says you can ignore it but my users are failing to access ssl sites so I cannot igonre it. Please help. Regards, Lucia Washaya Tel: 5497 = The cobra will bite whether you call it Cobra or Dear Mr. Cobra. =
Re: [ActiveDir] Event ID 36872
Have you seen KB261196? -Original Message- From: Lucia Washaya [EMAIL PROTECTED] Date: Thu, 28 Apr 2005 12:10:55 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] Event ID 36872 Dear Colleagues, I am having a problem with my proxy server. It is a Windows 2000 Server running Msproxy 2.0 Usera get access by authenticating with the AD on this machinee. It has started giving the error: No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this. Does anyone know how to correct this? Ms Knowledge base says you can ignore it but my users are failing to access ssl sites so I cannot igonre it. Please help. Regards, Lucia Washaya Tel: 5497 = The cobra will bite whether you call it Cobra or Dear Mr. Cobra. = List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Event ID 36872
Is SSL Enabled by Default? Mike Eubank - PLEASE NOTE: The preceding information may be confidential or privileged. It only should be used or disseminated for the purpose of conducting business with Parker. If you are not an intended recipient, please notify the sender by replying to this message and then delete the information from your system. Thank you for your cooperation. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Solved - [ActiveDir] GPO errors on logon
Well, This is the weirdest thing I ever seen. I did another profile reset and it fixed it. I did it once already and the problem was still there. Yesterday I thought that I would retry that and guest what, it worked! Well thanks for all the help you guys provided! List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] More than 1 user having 'managed by' for a group?
Nope, that won't be a problem in this case. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, April 27, 2005 11:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] More than 1 user having 'managed by' for a group? Hi Joe Is there any reason why we need to grant the right to include the child objects? /I:T I've removed /I:T and it seems to work fine as well, thanks for the member attribute I think that does the things I wanted :D dsacls GROUP_DN /G domain\secprin:WP;member Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, April 28, 2005 6:03 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] More than 1 user having 'managed by' for a group? Ah try this... dsacls GROUP_DN /I:T /G domain\secprin:WP;member Howeverm make note that when dsacls outputs it though it will show Add/Remove self as member, not member. It has been a while since I did this and determined the command from looking at the existing ACL. I ad to go back to my notes, there are a couple of property sets that display weird in dsacls. The Add/Remove self as member and Validated Write to dnsHostName are two that I have previously hit and had issues with. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, April 27, 2005 1:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] More than 1 user having 'managed by' for a group? Hi Joe For some reason the below, doesn't give me access to update member list - am running in 2003 sp1 test domain. dsacls GROUP_DN /I:T /G domain\secprin:WS;Add/Remove self as member Is it different with sp1? Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, April 27, 2005 12:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] More than 1 user having 'managed by' for a group? Hey Freddy, I put this in the original post I responded in: dsacls GROUP_DN /I:T /G domain\secprin:WS;Add/Remove self as member -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, April 26, 2005 8:35 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] More than 1 user having 'managed by' for a group? Hi Joe Thanks for the quick one. Seems like when I was testing this - the permission that is needed is only Write Property The closest I got to is the below - however this will allow the user to write ALL PROPERTIES - this includes changing group name, description etc. While the standard gui method will not allow this.. any ideas what type of WP should I restrict this too.. dsacls GRPDN /G domain\user:WP Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, April 27, 2005 7:32 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] More than 1 user having 'managed by' for a group? The managedBy attribute doesn't bestow any rights upon the owner, it just is an attribute that links the user and group together for easy querying. Later versions of ADUC added functionality by letting you specify that ADUC should add an ACE for the principal specified for managedBy but that is two separate operations. That being said, that tab will not let you specify a group, it only looks at users and contacts and will only allow you to specify one. However all of that being said, you can easily add an ACE to the group for any other groups or users directly to the group itself, you want to add (and yes I know this makes no sense) the Add/Remove self as member permission. Sort of like dsacls GROUP_DN /I:T /G domain\secprin:WS;Add/Remove self as member Or through a script. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, April 26, 2005 7:16 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] More than 1 user having 'managed by' for a group? Hi all, Is it possible to get multiple accounts to be able to perform update of group membership (under the managed by) - both distribution list and security groups? Thanks in advance! Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows
RE: [ActiveDir] Event ID 36872
I think that it might be a problem with the server certificate.Applications that use Secure Socket Layer connections andthere is no valid certificate is found, thenthe event 36872 is logged.Try manually enrolling a certificate or generating a new one from the enterprise Certificate Authority. Chandra -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Lucia WashayaSent: Thursday, April 28, 2005 8:11 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Event ID 36872Dear Colleagues, I am having a problem with my proxy server. It is a Windows 2000 Server running Msproxy 2.0 Usera get access by authenticating with the AD on this machinee. It has started giving the error: No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.Does anyone know how to correct this? Ms Knowledge base says you can ignore it but my users are failing to access ssl sites so I cannot igonre it. Please help. Regards,Lucia WashayaTel: 5497=The cobra will bite whether you call it Cobra or Dear Mr. Cobra.=
[ActiveDir] FTP
Is there anyway to run the equivalent of a login script when someone logs into an ftp site? Or have some script somehow be triggered?(WMI?) Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS
AD DNS is built-in / Active Directory integrated and Lucent is an external system - Is this a pro or a con in your eyes? also if you lose communications with your Lucent QIP systems, people could have severe login problems... This is not really aDNS solution-specific issue. This is a Microsoft AD Domain issue. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Thursday, April 28, 2005 8:02 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS AD DNS is built-in / Active Directory integrated and Lucent is an external system - Use AD's DNS if possible; also if you lose communications with your Lucent QIP systems, people could have severe login problems... Chuck Gafford Unisys Architect 2
RE: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS
One of the large customers I worked with in the past used QIP and it worked tolerably well and I wouldn't have a problem working in an environment using it again. We did not have all zones set up for dynamic, it was only the underscore zones and the AD domains. Note though that only domain controller domain-type records went into the domain zones since a disjoint name space was used. All normal host records went into other non-Dynamic zones. That helped with the next item I will mention below. I did miss the scavenging for machines that did not properly deregister (crashed machines) or ran into an issue I will talk about in the next paragraph. I ended up writing up scripts utilizing nslookup/dig and nsupdate to regularly scan DNS and yank out old records and any non-Domain Controller records to clean things up, basically I implemented my own *special* scavenging. Mostly it wasn't an issue but after a while enough garbage built up that I started getting irked by how much garbage was there and some clients would occasionally notice slow functionality so I had to clean it up and once I did, I wrote a tool to do it the N+1 times after my 1 time. We had a funky issue that I think was more a result of the specific deployment where records could be revved back if the changes occurred at the wrong time. For instance if a record was removed at the wrong time, it could get slammed back into place when the zone was reloaded. This could also happen when registering a new record but this wasn't such a major issue as it would get registered again rather soon. I never got the details on what was happening, I just mentioned it and they were going to look into correcting it. It was that little of an issue, especially once I had my own scavenging script in place. The big win that the company liked about QIP was its management capabilities for a very decentrally managed (literally thousands of zones and zone admins) deployment of DNS but with centralized group of maybe 5-10 overlords. I didn't work with that aspect at all but can say that I did not mind not having to worry about DNS management (it ran on Solaris boxes by people that were only doing DNS) on a daily basis as I had enough other things to deal with. Occasionally there would be an issue we would have to chase down but we got along with the DNS group well so it wasn't a hardship. It was always nice to have serious heavy duty DHCP/DNS expertise on tap as needed versus working with someone who has DNS/DHCP as only *one* of the things they do. Obviously that isn't a benefit of QIP so much as a benefit of using some other group to manage DNS/DHCP and only DNS/DHCP. However the MS world doesn't tend to be handled that way, especially if you stick DNS on a DC to get the secure updates and integration that they are so proud of. The more services you jam on a DC that have to be actively managed the more likely your Domain Admins will become a jack of all trades and master of none [1] which is probably fine on a daily basis and save a company money for the normal mill stuff but will tend to really bite you in the ass when making changes to your environment or when something goes horribly wrong or you have security issues due to the lack of deep core understanding of technologies involved. I have been known to say that 90%-95% of the Windows Admins do great when everything runs well, they are perfect for clicking on the checkboxs, buttons, and dialogs and go on to be consultants who can easily tell others what checkboxs, buttons, and dialogs to look for to click on. When something breaks though, these folks tend to stand around waiting for the other 5%-10% to tell them what to click next. The odds are pretty good that that 5%-10% have managed environments[2] other than Windows and know the value of really understanding the environment plus they tend to be people who have some personal interest in the technology on their own. They would be running a domain full of computers whether or not that was what they did at their job or not. joe [1] SBS is a concern to me here. Obviously there are stellar examples where this isn't the case and the admins are pretty amazing but I have no problem saying they are the exception versus the rule. I, myself, would be a horrible SBS admin. [2] Or are developers, developers for some reason can become really good admins if they have the admin mentality and aren't stuck in the developer mentality. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Thursday, April 28, 2005 6:15 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS Those that spring to mind: W2k3 offers scavenging - QIP does not [but then you could argue, it is not needed by design] W2k3 offers secure DDNS - QIP can, but requires Kerberos integration [again, QIP may be designed such that this is moot] QIP is a full IP management solution and not
[ActiveDir] Way OT: save results of Windows Search?
I am looking to my favorite advice group for an answer. 8-) I would like to save the results of a Windows Search. (The save function just saves the filter specifications.) I keep thinking I am missing something so basic here, but all of my other resources say - oh, yeah, that's easy and then shake their heads in disbelief when they come up empty handed. I am hoping you guys will show me the light. Thanks! Mike Thommes List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Event ID 36872
This has been replaced by KB36872 which is the one I consulted. Thanks Regards, Lucia Washaya Tel: 5497 = The cobra will bite whether you call it Cobra or Dear Mr. Cobra. = Mark Parris [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 04/28/2005 12:20 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject Re: [ActiveDir] Event ID 36872 Have you seen KB261196? -Original Message- From: Lucia Washaya [EMAIL PROTECTED] Date: Thu, 28 Apr 2005 12:10:55 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] Event ID 36872 Dear Colleagues, I am having a problem with my proxy server. It is a Windows 2000 Server running Msproxy 2.0 Usera get access by authenticating with the AD on this machinee. It has started giving the error: No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this. Does anyone know how to correct this? Ms Knowledge base says you can ignore it but my users are failing to access ssl sites so I cannot igonre it. Please help. Regards, Lucia Washaya Tel: 5497 = The cobra will bite whether you call it Cobra or Dear Mr. Cobra. = List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Event ID 36872
Yes it is enabled by default. The server used to work fine. The problem just developed yesterday afternoon. Regards, Lucia Washaya Tel: 5497 = The cobra will bite whether you call it Cobra or Dear Mr. Cobra. = [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 04/28/2005 12:27 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject Re: [ActiveDir] Event ID 36872 Is SSL Enabled by Default? Mike Eubank - PLEASE NOTE: The preceding information may be confidential or privileged. It only should be used or disseminated for the purpose of conducting business with Parker. If you are not an intended recipient, please notify the sender by replying to this message and then delete the information from your system. Thank you for your cooperation. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Cleanup nonexistent DC in AD.
Title: Segregating and delegating _msdcs Hi all. Can anyone give me a quick pointer/link to the steps requiredtoremove every and all ref to this DC which no longer exist and will no longer be. The DC was not demoted before removal. The Server just died soon after promoting it. Thanks! -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Jorge de Almeida PintoSent: Thursday, April 28, 2005 8:13 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Issues does it have a DNS server IP address assigned? #JORGE# From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za VueSent: woensdag 27 april 2005 14:43To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Issues Source: Userrnv EventID 1000: Windows cannot determined the user or account name. Return value (5). I have taken the server(W2K) off the domain(W2k), renamed it, cleaned the old name off the domain, renamed it back to the original name, added it to the domain and still getting this error. Thank you, Z.V ==This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.==This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
[ActiveDir] Cleanup nonexistent DC in AD.
Return Receipt Your [ActiveDir] Cleanup nonexistent DC in AD. document : was Michael Eubank/COR/PARKER received by: at: 04/28/2005 10:43:12 - PLEASE NOTE: The preceding information may be confidential or privileged. It only should be used or disseminated for the purpose of conducting business with Parker. If you are not an intended recipient, please notify the sender by replying to this message and then delete the information from your system. Thank you for your cooperation. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS
I believe there's a support and a cost issue you may want to consider as well. As for functionality, either can do the job. Some of the downsides of QIP that I recall from working with it (years back) was a different critical path for software updates. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Thursday, April 28, 2005 6:15 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS Those that spring to mind: W2k3 offers scavenging - QIP does not [but then you could argue, it is not needed by design] W2k3 offers secure DDNS - QIP can, but requires Kerberos integration [again, QIP may be designed such that this is moot] QIP is a full IP management solution and not just a DNS product. Both (QIP and w2k3 DNS) have their pros and cons - it really depends upon your requirements and whether you need/want a full IP management solution of just a DNS product. neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Green Sent: 28 April 2005 11:02 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Windows Server 2003 DNS Vs. LUCENT QIP DNS Hi all I was wondering if what (if any) benefits/advantages are over using Microsoft (2003) DNS Vs. QIP in Active Directory? Any comments or thoughts welcome :) James _ Want to block unwanted pop-ups? Download the free MSN Toolbar now! http://toolbar.msn.co.uk/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. == List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Cleanup nonexistent DC in AD.
Return Receipt Your [ActiveDir] Cleanup nonexistent DC in AD. document : was Dawn E Salvan/IT/TWP received by: at: 04/28/2005 10:47:15 AM List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Cleanup nonexistent DC in AD.
Check this out.. http://support.microsoft.com/default.aspx?scid=kb;en-us;230306 HTH Santhosh Santhosh Sivarajan MCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+ Houston, TX On 4/28/05, Nigel Glasgow [EMAIL PROTECTED] wrote: Hi all. Can anyone give me a quick pointer/link to the steps required to remove every and all ref to this DC which no longer exist and will no longer be. The DC was not demoted before removal. The Server just died soon after promoting it. Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jorge de Almeida Pinto Sent: Thursday, April 28, 2005 8:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Issues does it have a DNS server IP address assigned? #JORGE# From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: woensdag 27 april 2005 14:43 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Issues Source: Userrnv EventID 1000: Windows cannot determined the user or account name. Return value (5). I have taken the server(W2K) off the domain(W2k), renamed it, cleaned the old name off the domain, renamed it back to the original name, added it to the domain and still getting this error. Thank you, Z.V == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. == This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cleanup nonexistent DC in AD.
Title: Segregating and delegating _msdcs Hi, It is the same procedure as if the demotion was unsuccessful. See How to remove data in Active Directory after an unsuccessful domain controller demotion http://support.microsoft.com/?id=216498 Cheers, #JORGE# From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nigel GlasgowSent: donderdag 28 april 2005 15:30To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Cleanup nonexistent DC in AD. Hi all. Can anyone give me a quick pointer/link to the steps requiredtoremove every and all ref to this DC which no longer exist and will no longer be. The DC was not demoted before removal. The Server just died soon after promoting it. Thanks! -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Jorge de Almeida PintoSent: Thursday, April 28, 2005 8:13 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Issues does it have a DNS server IP address assigned? #JORGE# From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za VueSent: woensdag 27 april 2005 14:43To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Issues Source: Userrnv EventID 1000: Windows cannot determined the user or account name. Return value (5). I have taken the server(W2K) off the domain(W2k), renamed it, cleaned the old name off the domain, renamed it back to the original name, added it to the domain and still getting this error. Thank you, Z.V ==This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.==This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
[ActiveDir] Cleanup nonexistent DC in AD.
Return Receipt Your [ActiveDir] Cleanup nonexistent DC in AD. document : was Lucia Washaya/UNAMSIL received by: at: 28/04/2005 14:57:08 GMT List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Cleanup nonexistent DC in AD.
Nigel, Try these articles http://support.microsoft.com/kb/216498 How to remove data in Active Directory after an unsuccessful domain controller demotion http://www.petri.co.il/delete_failed_dcs_from_ad.htm Great article from Daniel. Hope those help. Thanks Mike On 4/28/05, Nigel Glasgow [EMAIL PROTECTED] wrote: Hi all. Can anyone give me a quick pointer/link to the steps required to remove every and all ref to this DC which no longer exist and will no longer be. The DC was not demoted before removal. The Server just died soon after promoting it. Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jorge de Almeida Pinto Sent: Thursday, April 28, 2005 8:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Issues does it have a DNS server IP address assigned? #JORGE# From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: woensdag 27 april 2005 14:43 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Issues Source: Userrnv EventID 1000: Windows cannot determined the user or account name. Return value (5). I have taken the server(W2K) off the domain(W2k), renamed it, cleaned the old name off the domain, renamed it back to the original name, added it to the domain and still getting this error. Thank you, Z.V == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. == This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cleanup nonexistent DC in AD.
Title: Segregating and delegating _msdcs No DNS, IP assigned though. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Nigel GlasgowSent: Thursday, April 28, 2005 10:30 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Cleanup nonexistent DC in AD. Hi all. Can anyone give me a quick pointer/link to the steps requiredtoremove every and all ref to this DC which no longer exist and will no longer be. The DC was not demoted before removal. The Server just died soon after promoting it. Thanks! -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Jorge de Almeida PintoSent: Thursday, April 28, 2005 8:13 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Issues does it have a DNS server IP address assigned? #JORGE# From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za VueSent: woensdag 27 april 2005 14:43To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Issues Source: Userrnv EventID 1000: Windows cannot determined the user or account name. Return value (5). I have taken the server(W2K) off the domain(W2k), renamed it, cleaned the old name off the domain, renamed it back to the original name, added it to the domain and still getting this error. Thank you, Z.V ==This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.==This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
Re: [ActiveDir] Event ID 36872
Which article has replaced it? I think you have CP the event ID Mark -Original Message- From: Lucia Washaya [EMAIL PROTECTED] Date: Thu, 28 Apr 2005 14:15:31 To:ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Event ID 36872 This has been replaced by KB36872 which is the one I consulted. Thanks Regards, Lucia Washaya Tel: 5497 = The cobra will bite whether you call it Cobra or Dear Mr. Cobra. = Mark Parris [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 04/28/2005 12:20 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject Re: [ActiveDir] Event ID 36872 Have you seen KB261196? -Original Message- From: Lucia Washaya [EMAIL PROTECTED] Date: Thu, 28 Apr 2005 12:10:55 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] Event ID 36872 Dear Colleagues, I am having a problem with my proxy server. It is a Windows 2000 Server running Msproxy 2.0 Usera get access by authenticating with the AD on this machinee. It has started giving the error: No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this. Does anyone know how to correct this? Ms Knowledge base says you can ignore it but my users are failing to access ssl sites so I cannot igonre it. Please help. Regards, Lucia Washaya Tel: 5497 = The cobra will bite whether you call it Cobra or Dear Mr. Cobra. = List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cleanup nonexistent DC in AD.
Return Receipt Your RE: [ActiveDir] Cleanup nonexistent DC in AD. document : was Michael Eubank/COR/PARKER received by: at: 04/28/2005 11:12:48 - PLEASE NOTE: The preceding information may be confidential or privileged. It only should be used or disseminated for the purpose of conducting business with Parker. If you are not an intended recipient, please notify the sender by replying to this message and then delete the information from your system. Thank you for your cooperation. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cleanup nonexistent DC in AD.
Return Receipt Your RE: [ActiveDir] Cleanup nonexistent DC in AD. document : was Ricardo Konno/SCI received by: at: 28/04/2005 12:16:03 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Group Policy Not working
Hello, My environment is windows 2000 Ad. I have a GPO that runs a logon script that attaches printers by ou. It's working for most, but not a few individuals. No errors in the event log. They are in the correct ou. They are logging into the domain. Any other areas Ishould check? I'm lost. Many Thanks -Christine Christine N. AllenSystems EngineerBMC HealthNet PlanOne Design Center PlaceBoston, MA 02210 617-748-6034617-293-4407
RE: [ActiveDir] Issues
Title: Segregating and delegating _msdcs somebody hijacked a thread what do you mean with "No DNS, IP assigned though."? A) DNS services not installed, but the server has been assigned an IP address from a DNS server B) The server has NOT been assigned an IP address from a DNS server, but the server is configured with its own IP address #JORGE# From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nigel GlasgowSent: donderdag 28 april 2005 15:53To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Cleanup nonexistent DC in AD. No DNS, IP assigned though. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Nigel GlasgowSent: Thursday, April 28, 2005 10:30 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Cleanup nonexistent DC in AD. Hi all. Can anyone give me a quick pointer/link to the steps requiredtoremove every and all ref to this DC which no longer exist and will no longer be. The DC was not demoted before removal. The Server just died soon after promoting it. Thanks! -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Jorge de Almeida PintoSent: Thursday, April 28, 2005 8:13 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Issues does it have a DNS server IP address assigned? #JORGE# From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za VueSent: woensdag 27 april 2005 14:43To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Issues Source: Userrnv EventID 1000: Windows cannot determined the user or account name. Return value (5). I have taken the server(W2K) off the domain(W2k), renamed it, cleaned the old name off the domain, renamed it back to the original name, added it to the domain and still getting this error. Thank you, Z.V ==This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.==This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
[ActiveDir] Group Policy Not working
Hello, My environment is windows 2000 Ad. I have a GPO that runs a logon script that attaches printers by ou. It's working for most, but not a few individuals. No errors in the event log. They are in the correct ou. They are logging into the domain. Any other areas Ishould check? I'm lost. Many Thanks -Christine Christine N. AllenSystems EngineerBMC HealthNet PlanOne Design Center PlaceBoston, MA 02210 617-748-6034617-293-4407
Re: [ActiveDir] Event ID 36872
I said it wrongly. Event ID 36872 is handled in article KB261196. The explanation I included is actually from this article. Sorry for the confusion Regards, Lucia Washaya Tel: 5497 = The cobra will bite whether you call it Cobra or Dear Mr. Cobra. = Mark Parris [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 04/28/2005 03:11 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject Re: [ActiveDir] Event ID 36872 Which article has replaced it? I think you have CP the event ID Mark -Original Message- From: Lucia Washaya [EMAIL PROTECTED] Date: Thu, 28 Apr 2005 14:15:31 To:ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Event ID 36872 This has been replaced by KB36872 which is the one I consulted. Thanks Regards, Lucia Washaya Tel: 5497 = The cobra will bite whether you call it Cobra or Dear Mr. Cobra. = Mark Parris [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 04/28/2005 12:20 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject Re: [ActiveDir] Event ID 36872 Have you seen KB261196? -Original Message- From: Lucia Washaya [EMAIL PROTECTED] Date: Thu, 28 Apr 2005 12:10:55 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] Event ID 36872 Dear Colleagues, I am having a problem with my proxy server. It is a Windows 2000 Server running Msproxy 2.0 Usera get access by authenticating with the AD on this machinee. It has started giving the error: No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this. Does anyone know how to correct this? Ms Knowledge base says you can ignore it but my users are failing to access ssl sites so I cannot igonre it. Please help. Regards, Lucia Washaya Tel: 5497 = The cobra will bite whether you call it Cobra or Dear Mr. Cobra. = List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cleanup nonexistent DC in AD.
Thanks for the pointer Mike. Will follow through. Have a great day. N.G -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of mike kline Sent: Thursday, April 28, 2005 12:02 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Cleanup nonexistent DC in AD. Nigel, Try these articles http://support.microsoft.com/kb/216498 How to remove data in Active Directory after an unsuccessful domain controller demotion http://www.petri.co.il/delete_failed_dcs_from_ad.htm Great article from Daniel. Hope those help. Thanks Mike On 4/28/05, Nigel Glasgow [EMAIL PROTECTED] wrote: Hi all. Can anyone give me a quick pointer/link to the steps required to remove every and all ref to this DC which no longer exist and will no longer be. The DC was not demoted before removal. The Server just died soon after promoting it. Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jorge de Almeida Pinto Sent: Thursday, April 28, 2005 8:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Issues does it have a DNS server IP address assigned? #JORGE# From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: woensdag 27 april 2005 14:43 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Issues Source: Userrnv EventID 1000: Windows cannot determined the user or account name. Return value (5). I have taken the server(W2K) off the domain(W2k), renamed it, cleaned the old name off the domain, renamed it back to the original name, added it to the domain and still getting this error. Thank you, Z.V == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. == This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Group Policy Not working
What does GPresult return? De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Christine Allen Envoyé: Thursday, April 28, 2005 11:35 AM À: 'ActiveDir@mail.activedir.org' Objet: [ActiveDir] Group Policy Not working Hello, My environment is windows 2000 Ad. I have a GPO that runs a logon script that attaches printers by ou. It's working for most, but not a few individuals. No errors in the event log. They are in the correct ou. They are logging into the domain. Any other areas Ishould check? I'm lost. Many Thanks -Christine Christine N. Allen Systems Engineer BMC HealthNet Plan One Design Center Place Boston, MA 02210 617-748-6034 617-293-4407
Re: [ActiveDir] Group Policy Not working
The first thing you should check is to see if the GP is being applied. You can do this on w2K by running gpresult on the hosts where it's not working. You should also check they do not have script blocking software installed. Regards Peter Jessop
[ActiveDir] Script
Anyone have a good script for updating Critical Updates? I can create a batch file that execute all the updates when a user logs in, but I want it to run only once and not every time someone logs in. I have Shavlik Pro, but the damn thing is slow and resource hog. Thank you, Z.V
RE: [ActiveDir] Cleanup nonexistent DC in AD.
Return Receipt Your RE: [ActiveDir] Cleanup nonexistent DC in AD. document : was Michael Eubank/COR/PARKER received by: at: 04/28/2005 11:48:53 - PLEASE NOTE: The preceding information may be confidential or privileged. It only should be used or disseminated for the purpose of conducting business with Parker. If you are not an intended recipient, please notify the sender by replying to this message and then delete the information from your system. Thank you for your cooperation. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Group Policy Not working
It's below. the policy is named autoprint and it shows up. Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp. C:\Documents and Settings\arhyppoliteGPRESULT /USERMicrosoft (R) Windows (R) 2000 Operating System Group Policy Result toolCopyright (C) Microsoft Corp. 1981-1999 Created on Thursday, April 28, 2005 at 11:58:54 AM Operating System Information: Operating System Type: ProfessionalOperating System Version: 5.0.2195.Service Pack 4Terminal Server Mode: Not supported ### User Group Policy results for: CN=Armide Hyppolite,OU=Claims,DC=healthnet,DC=org Domain Name: HEALTHNET Domain Type: Windows 2000 Site Name: Default-First-Site-Name Roaming profile: (None) Local profile: C:\Documents and Settings\arhyppolite The user is a member of the following security groups: HEALTHNET\Domain Users \Everyone BUILTIN\Power Users BUILTIN\Users NT AUTHORITY\INTERACTIVE NT AUTHORITY\Authenticated Users \LOCAL HEALTHNET\Claims HEALTHNET\Claims Adjudication HEALTHNET\Facets Load Balancing HEALTHNET\BMCHP everyone ### Last time Group Policy was applied: Thursday, April 28, 2005 at 11:23:37 AMGroup Policy was applied from: bostondc2.healthnet.org === The user received "Registry" settings from these GPOs: bmchppolicy ===The user received "Scripts" settings from these GPOs: autoprint ### Computer Group Policy results for: CN=AHYPPOLITE,OU=Desktop Computers,DC=healthnet,DC=org Domain Name: HEALTHNET Domain Type: Windows 2000 Site Name: Default-First-Site-Name The computer is a member of the following security groups: BUILTIN\Administrators \Everyone BUILTIN\Users NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users HEALTHNET\AHYPPOLITE$ HEALTHNET\Domain Computers ### Last time Group Policy was applied: Thursday, April 28, 2005 at 11:40:54 AMGroup Policy was applied from: bostondc2.healthnet.org === The computer received "Registry" settings from these GPOs: Local Group Policy bmchppolicy Default Domain Policy Updates ===The computer received "Scripts" settings from these GPOs: bmchppolicy ===The computer received "Security" settings from these GPOs: Local Group Policy Default Domain Policy Updates ===The computer received "EFS recovery" settings from these GPOs: Local Group Policy Default Domain Policy C:\Documents and Settings\arhyppoliteGPRESULT /USER -Original Message-From: Bruyere, Michel [mailto:[EMAIL PROTECTED]Sent: Thursday, April 28, 2005 11:44 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Group Policy Not working What does GPresult return? De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Christine AllenEnvoyé: Thursday, April 28, 2005 11:35 AMÀ: 'ActiveDir@mail.activedir.org'Objet: [ActiveDir] Group Policy Not working Hello, My environment is windows 2000 Ad. I have a GPO that runs a logon script that attaches printers by ou. It's working for most, but not a few individuals. No errors in the event log. They are in the correct ou. They are logging into the domain. Any other areas Ishould check? I'm lost. Many Thanks -Christine Christine N. AllenSystems EngineerBMC HealthNet PlanOne Design Center PlaceBoston, MA 02210 617-748-6034617-293-4407
RE: [ActiveDir] Cleanup nonexistent DC in AD.
Return Receipt Your RE: [ActiveDir] Cleanup nonexistent DC in AD. document : was Dawn E Salvan/IT/TWP received by: at: 04/28/2005 12:06:15 PM List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Group Policy Not working
Does the script not run or does it run but not properly? Are there any clues in the event log? Can you run the script manually from the workstation? Are they receiving the GP over a WAN?
RE: [ActiveDir] Cleanup nonexistent DC in AD.
Return Receipt Your RE: [ActiveDir] Cleanup nonexistent DC in AD. document : was Lucia Washaya/UNAMSIL received by: at: 28/04/2005 15:52:50 GMT List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] IE Settings not applying under Terminal Services
In merge mode right? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, April 28, 2005 12:16 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] IE Settings not applying under Terminal Services If you mean the user settings, you'll need to use a loopback policy. John Salandra, Justin A. [EMAIL PROTECTED] To et.org ActiveDir@mail.activedir.org, Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] cc ail.activedir.org Subject [ActiveDir] IE Settings not 04/28/2005 11:03 applying under Terminal Services AM Please respond to [EMAIL PROTECTED] tivedir.org Is it normal for IE settings to not apply under a Terminal Server? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] IE Settings not applying under Terminal Services
Hey Justin.. I use merge when they get user settings from other policies, like login scripts, normal user settings...etc. If you want them to get these settings only when on a terminal server, you can use replace. Then these will be the only settings they get. John Salandra, Justin A. [EMAIL PROTECTED] To et.org ActiveDir@mail.activedir.org Sent by: cc [EMAIL PROTECTED] ail.activedir.org Subject RE: [ActiveDir] IE Settings not applying under Terminal Services 04/28/2005 11:42 AM Please respond to [EMAIL PROTECTED] tivedir.org In merge mode right? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, April 28, 2005 12:16 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] IE Settings not applying under Terminal Services If you mean the user settings, you'll need to use a loopback policy. John Salandra, Justin A. [EMAIL PROTECTED] To et.org ActiveDir@mail.activedir.org, Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] cc ail.activedir.org Subject [ActiveDir] IE Settings not 04/28/2005 11:03 applying under Terminal Services AM Please respond to [EMAIL PROTECTED] tivedir.org Is it normal for IE settings to not apply under a Terminal Server? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Group Policy Not working
The script runs in the background and I do not see it run. I copied the VBS script to the local computer and when I try to run it, it opens the script to view the language it does not run. Nothing in event view, which I find weird. When I run the gpresult /user, I do see the gpo listed in there. What locally could be preventing the script from running? Thanks for your help! -Original Message-From: Peter Jessop [mailto:[EMAIL PROTECTED]Sent: Thursday, April 28, 2005 12:20 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Group Policy Not workingDoes the script not run or does it run but not properly?Are there any clues in the event log?Can you run the script manually from the workstation?Are they receiving the GP over a WAN?
[ActiveDir] OT: End Process permission
Anyone know how I can grant a non-admin the permission to end a running process? Im not finding anything in Group Policy unless Im overlooking it. Thanks! Mark This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated.
RE: [ActiveDir] Script
Check out ScriptLogic if youre looking for a fast solution. But like ASBs tag line says, FAST, CHEAP, SECURE, pick any Two. By the way, a lot of what ScriptLogic does is built into KiXtart, so if youre interested in investing the time in the scripts, you can achieve mostly the same thing From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: Thursday, April 28, 2005 11:44 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Script Anyone have a good script for updating Critical Updates? I can create a batch file that execute all the updates when a user logs in, but I want it to run only once and not every time someone logs in. I have Shavlik Pro, but the damn thing is slow and resource hog. Thank you, Z.V This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated.
Re: [ActiveDir] OT: End Process permission
This is tougher that you wuold think it is..at least this has been my experience. Where I am contracting now they use Quest products and there is a way to do it through exposing an attribute in their interface. Natively I don't know off hand...sorry but am looking into it now for you Michael Eubank - PLEASE NOTE: The preceding information may be confidential or privileged. It only should be used or disseminated for the purpose of conducting business with Parker. If you are not an intended recipient, please notify the sender by replying to this message and then delete the information from your system. Thank you for your cooperation. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Group Policy Not working
Can you share what the script is doing? Also, it might be worthwhile to put some debugging into it to see where it fails and with what messages. If you're not familiar with debugging in VBScript, then add the following statement to the beginning of your script: On Error Resume Next and then after each major operation that "does something" that isn't just variable assignment (e.g. after sets or gets) put the following if then: If err 0 then Wscript.echo err.message End if And then see where it bails and with what message. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christine AllenSent: Thursday, April 28, 2005 9:49 AMTo: 'ActiveDir@mail.activedir.org'Subject: RE: [ActiveDir] Group Policy Not working The script runs in the background and I do not see it run. I copied the VBS script to the local computer and when I try to run it, it opens the script to view the language it does not run. Nothing in event view, which I find weird. When I run the gpresult /user, I do see the gpo listed in there. What locally could be preventing the script from running? Thanks for your help! -Original Message-From: Peter Jessop [mailto:[EMAIL PROTECTED]Sent: Thursday, April 28, 2005 12:20 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Group Policy Not workingDoes the script not run or does it run but not properly?Are there any clues in the event log?Can you run the script manually from the workstation?Are they receiving the GP over a WAN?
Re: [ActiveDir] Group Policy Not working
Microsoft antispyware? Norton antivirus?
Re: [ActiveDir] Script
SUS?
RE: [ActiveDir] Group Policy Not working
A couple thoughts for you: - It looks like the .vbs extension is associated with notepad or another editor on the computer you tested, which is why it opened for viewing or editing. Your logon script should be setup to call the Windows Scripting Host explicitly with the path to the script file. For example "cscript.exe c:\scripts\map-printer.vbs". - I vaguely remember having problems a few years ago when I started creating logon scripts when trying to map drivesor printers (can't recall which). These were all fixed by installing the latest version of the Windows Scripting Host. You can download WSH 5.6 here: http://msdn.microsoft.com/library/default.asp?url="">. - In your script you might want to create a text log file that records the results of each action. If the log file isn't present, you will know the script didn't even run. If it is present, it should have the information you need to do further debugging. Jeff From: Christine Allen [mailto:[EMAIL PROTECTED] Sent: Thursday, April 28, 2005 9:49 AMTo: 'ActiveDir@mail.activedir.org'Subject: RE: [ActiveDir] Group Policy Not working The script runs in the background and I do not see it run. I copied the VBS script to the local computer and when I try to run it, it opens the script to view the language it does not run. Nothing in event view, which I find weird. When I run the gpresult /user, I do see the gpo listed in there. What locally could be preventing the script from running? Thanks for your help! -Original Message-From: Peter Jessop [mailto:[EMAIL PROTECTED]Sent: Thursday, April 28, 2005 12:20 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Group Policy Not workingDoes the script not run or does it run but not properly?Are there any clues in the event log?Can you run the script manually from the workstation?Are they receiving the GP over a WAN? ConfidentialThis e-mail and any files transmitted with it are the propertyof Belkin Corporation and/or its affiliates, are confidential,and are intended solely for the use of the individual orentity to whom this e-mail is addressed. If you are not oneof the named recipients or otherwise have reason to believethat you have received this e-mail in error, please notify thesender and delete this message immediately from your computer.Any other use, retention, dissemination, forwarding, printingor copying of this e-mail is strictly prohibited.
RE: [ActiveDir] How much of the DIT is cached in RAM ?
This has been a great thread. I've really enjoyed reading it. This question is going to illustrate my extreme ignorance; however, the answer is worth it. What is Squeaky Lobster? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, April 27, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? From ESE's advanced perf counters exist, that tell you on a non-per-search basis: - Database Pages Transferred/sec - Database Page Latches/sec IIRC, the first is rate of pages being transferred from disk, and the 2nd is the rate at wich you are making a read of something on a page in the cache (that will include the read right after a page is transferred, BTW). It doesn't give you the per query stats you were discussing, but it does give you an idea of how much disk the DC is requiring ... If you were to isolate a DC from load, except your query, it could give a _rough_ idea for a paticular query, but remember latches aren't unique references, so if a single query internally has to read a page several times, that will be several latch counts. ... Cheers, -BrettSh On Wed, 27 Apr 2005, joe wrote: I waffled on posting that at all. I am not sure I can properly illustrate why I think it would be good for educational info. Maybe just to see from the outside the deltas in speeds of the same query when things are in cache versus not, etc. Overall it is just another stat to help understand how your directory is performing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Wednesday, April 27, 2005 2:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Correcting myself inline (full of that today aren't I?). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, April 26, 2005 10:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? I think it would be kind of interesting if the STATS control could tell you what % of the result set came from cache or something like that Actually, that's not really what you want. If I may, let me change your ask in to what I think you really would like What you really want is the % of pages touched to service the query that were in the cache. It doesn't matter if those pages are returned or not, it only matters that you needed the pages to effective service the search. As that's what defines the amt of time it takes to service it. [Efleis] - I shouldn't say this, it isn't quite true. What I meant was, this defines the amt of time that we would spend on I/O, should those pages not be in memory. Other things might necessitate more time spent on the search. That said, assuming you got what you really want, I'm not totally sold of the value. What will you learn? 1) More db cache - inefficient searches are faster 2) Better search filter optimization - better index selection - faster searches with less cache needed and less I/O needed Searches that hit infrequently used indexes will have a lower % of pages in memory, but still be faster than inefficient ones that hit many pages in memory. And the avg IT admin will wonder why. :) Inefficient searches are still inefficient, and are still going to require a large db cache to service them in any sort of timely manner. How much cache? As much as you have dataset that need be traversed for the inefficient search in question. Whatever that dataset might be. Sell me on the learning opportunity here? Sorry, I'm just not seeing it. I like the idea on paper, and would be more than happy to file the bug. I'm just not seeing what you think you can do better with this data point than you can today. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, April 26, 2005 9:11 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Thanks ~Eric. I think it would be kind of interesting if the STATS control could tell you what % of the result set came from cache or something like that. How feasible would something like that be? Possibly the results of that would only be for educational reasons but I, at least, would find that info interesting. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, April 26, 2005 8:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? You beat me to the reply, thanks Brett. A better way to think of this Joe is that a subset of the DIT is in RAM, as much as we can fit, assuming 1) we don't run out of
RE: [ActiveDir] [gptalk] IE Settings not applying under Terminal Services
I put on loopback processing and I am not getting one setting applied, all other do. I have a custom ADM template that works on regular workstations that modifies the Temporary Internet Files and sets it to Every time you visit the page. This one value is not getting applied. -Original Message- From: Matt Clark [mailto:[EMAIL PROTECTED] Sent: Thursday, April 28, 2005 12:13 PM To: Salandra, Justin A.; [EMAIL PROTECTED] Subject: Re: [gptalk] IE Settings not applying under Terminal Services http://support.microsoft.com/default.aspx?scid=kb;en-us;260370 Short answer: You might need to use loopback policy processing. Matt Clark Unit Head, Desktop Services IT Department UCSD Libraries [EMAIL PROTECTED] 04/28/05 09:03AM Is it normal for IE settings to not apply under a Terminal Server? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] How much of the DIT is cached in RAM ?
http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fwebcast s%2Fen%2Ftranscripts%2Fwct050603.asp Not sure where it's referenced for Active Directory. Maybe somebody has a reference for that handy? al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Thursday, April 28, 2005 1:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? This has been a great thread. I've really enjoyed reading it. This question is going to illustrate my extreme ignorance; however, the answer is worth it. What is Squeaky Lobster? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, April 27, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? From ESE's advanced perf counters exist, that tell you on a non-per-search basis: - Database Pages Transferred/sec - Database Page Latches/sec IIRC, the first is rate of pages being transferred from disk, and the 2nd is the rate at wich you are making a read of something on a page in the cache (that will include the read right after a page is transferred, BTW). It doesn't give you the per query stats you were discussing, but it does give you an idea of how much disk the DC is requiring ... If you were to isolate a DC from load, except your query, it could give a _rough_ idea for a paticular query, but remember latches aren't unique references, so if a single query internally has to read a page several times, that will be several latch counts. ... Cheers, -BrettSh On Wed, 27 Apr 2005, joe wrote: I waffled on posting that at all. I am not sure I can properly illustrate why I think it would be good for educational info. Maybe just to see from the outside the deltas in speeds of the same query when things are in cache versus not, etc. Overall it is just another stat to help understand how your directory is performing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Wednesday, April 27, 2005 2:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Correcting myself inline (full of that today aren't I?). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, April 26, 2005 10:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? I think it would be kind of interesting if the STATS control could tell you what % of the result set came from cache or something like that Actually, that's not really what you want. If I may, let me change your ask in to what I think you really would like What you really want is the % of pages touched to service the query that were in the cache. It doesn't matter if those pages are returned or not, it only matters that you needed the pages to effective service the search. As that's what defines the amt of time it takes to service it. [Efleis] - I shouldn't say this, it isn't quite true. What I meant was, this defines the amt of time that we would spend on I/O, should those pages not be in memory. Other things might necessitate more time spent on the search. That said, assuming you got what you really want, I'm not totally sold of the value. What will you learn? 1) More db cache - inefficient searches are faster 2) Better search filter optimization - better index selection - faster searches with less cache needed and less I/O needed Searches that hit infrequently used indexes will have a lower % of pages in memory, but still be faster than inefficient ones that hit many pages in memory. And the avg IT admin will wonder why. :) Inefficient searches are still inefficient, and are still going to require a large db cache to service them in any sort of timely manner. How much cache? As much as you have dataset that need be traversed for the inefficient search in question. Whatever that dataset might be. Sell me on the learning opportunity here? Sorry, I'm just not seeing it. I like the idea on paper, and would be more than happy to file the bug. I'm just not seeing what you think you can do better with this data point than you can today. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, April 26, 2005 9:11 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Thanks ~Eric. I think it would be kind of interesting if the STATS control could tell you what % of the result set came from cache or something like that. How feasible would something like that be? Possibly the results of that would only be for educational reasons but I, at least, would find
[ActiveDir] Script question
Quick question. We just about finished a Win NT to AD 2003 migration and I'm starting to look at the clean up portion (we did not do an in place upgraded but used ADMT to conduct the migration). I was wondering if anyone has a few scripts they might be willing to share or know of a place to download some. I'm looking for: One to give me a list of users by OU that have logon scripts tied to their user account (and allows me to delete them) One to review security on server shares to ensure that all of the old network accounts are removed I think that is about it right now. I could write them, but I get lazy sometimes. Thanks, Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Script question
http://www.rallenhome.com/books/adcookbook/code.html Scroll to bottom of page - PLEASE NOTE: The preceding information may be confidential or privileged. It only should be used or disseminated for the purpose of conducting business with Parker. If you are not an intended recipient, please notify the sender by replying to this message and then delete the information from your system. Thank you for your cooperation. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Script question
That is perfect. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, April 28, 2005 2:51 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Script question http://www.rallenhome.com/books/adcookbook/code.html Scroll to bottom of page - PLEASE NOTE: The preceding information may be confidential or privileged. It only should be used or disseminated for the purpose of conducting business with Parker. If you are not an intended recipient, please notify the sender by replying to this message and then delete the information from your system. Thank you for your cooperation. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Script question
Here's the first script, but I don't have the 2nd. http://www.microsoft.com/technet/scriptcenter/scripts/ad/users/list/uslsvb16.mspx Carerros, Charles wrote: Quick question. We just about finished a Win NT to AD 2003 migration and I'm starting to look at the clean up portion (we did not do an in place upgraded but used ADMT to conduct the migration). I was wondering if anyone has a few scripts they might be willing to share or know of a place to download some. I'm looking for: One to give me a list of users by OU that have logon scripts tied to their user account (and allows me to delete them) One to review security on server shares to ensure that all of the old network accounts are removed I think that is about it right now. I could write them, but I get lazy sometimes. Thanks, Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Paul Wilkinson 865-974-0649 2422 Dunford Hall OIT Lab Services University of TN, Knoxville List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Silly question(way OT)
This is a hardware question that has nothing to do with AD. be warned. Many apologies in advance. i'm not really a hardware guy. Still, I can't believe I don't know this, but if anyone can help me, that would be great. If i have a hardware raid 5 array and swap out the raid controller with a new one, what happens to the data on the disks? Is everything lost or can the new controller just do raid 5 for the existing data? also, as a final question, can I add a extra drive to extend the current raid partition? meaning, if a have a 70gig hardware raid array(not counting the parity data), can i just add another 35gig drive to make Windows see a 105gig paratition now or do I have to create an extended paration? thanks. I know this is way OT. sorry List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Silly question(way OT)
Hi Tom The RAID information is stored on the card and on the drives. There is usually a command to load config from drives with the RAID management software. Most RAID cards I have seen have the option to add another drive to the array, and extend the array. None of them have the option to contract an array. This is also in the RAID management program. With DELL, IBM, and Compaq you can boot directly into this off the RAID Server CD. Extending the logical drive partition will depend on the drive configuration - a dynamic drive should let you extend it or create a volume set - I have done it but do not remember the steps involved. It was intuitive in the disk management applet in Computer Management tho. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |-+-- | | Kern, Tom| | | [EMAIL PROTECTED]| | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 04/28/2005 04:53 PM AST| | | Please respond to | | | ActiveDir | |-+-- --| | | | To: ActiveDir (E-mail) ActiveDir@mail.activedir.org | | cc: (bcc: James Day/Contractor/NPS) | | Subject: [ActiveDir] Silly question(way OT) | --| This is a hardware question that has nothing to do with AD. be warned. Many apologies in advance. i'm not really a hardware guy. Still, I can't believe I don't know this, but if anyone can help me, that would be great. If i have a hardware raid 5 array and swap out the raid controller with a new one, what happens to the data on the disks? Is everything lost or can the new controller just do raid 5 for the existing data? also, as a final question, can I add a extra drive to extend the current raid partition? meaning, if a have a 70gig hardware raid array(not counting the parity data), can i just add another 35gig drive to make Windows see a 105gig paratition now or do I have to create an extended paration? thanks. I know this is way OT. sorry List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Full Client Login Test on AD
Title: Full Client Login Test on AD There are many load testing systems out there (e.g. Load Runner (www.mercury.com), AdventNet Qengine) for Web based apps and custom Application code for .NET. My question is there any way to test for multiple login behaviour in active directory? For example I need to run 1000s of concurrent users for a test against a DC which would mimic the following (generalized): A Machine Boots Up - Queries DNS for SRV Records (AD Integrated DNS) - Determines Site Information - Checks Time Services SNTP - Authenticates a Machine Account which gains a Kerberos Token, session and SID/RIDs from Group Membership(s) - Checks for Slow Link Detection from GPO via ICMP - Binds to sysvol - a DC now keeps track of this CIFS or SMB Share State - Checks Machine GPO Settings using standard LSDOU (minus the L in this case) - Checks for any published MSI Jobs User Logs In - Authenticates a User Account which gains a Kerberos Token, session and SID/RID Package from Group Membership - Checks User GPO Settings using LSDOU (minus the L in this case) - Checks for MSI Jobs - Process Login Script - regardless of size and spawning mechanisms it would still need to run the first bind and connection from the DC Rest of the life of the session - Kerberos rechecked every half life or four hours - SNTP rechecked at timed intervals - GPOs applied every 30-90 minutes in random fashion I know that I have not even touched E2k3 or other AD based application which may also want to communicate via LDAP Process calls etc. but for now, it is out of scope. AFAIK - simulators cannot come close to this type of check, only one liners such as Kerberos tickets, or HTTP requests - all based on non stateful connections and even then it would be in a sequential format, user1, then user2, then user3 and so forth not user1.2.3 at the same exact time. The only way I know how to do this would be to have 1000s of physical (or virtual) machines login to hit the DC at once to come close to the full sequence above. Any suggestions? Many thanks Jon Visit our website at http://www.ubs.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
Re: [ActiveDir] Script question
The second you can do with shareEnum from www.sysinternals.com
[ActiveDir] ACTIVE DIRECTORY AND WEBSITE CONFLICTS
Folks, I have a question, our active directory domain was setup as xyz.com also our Website hosted by web hosting company called xyz.com. Now internal users, when they open their IE, can not visit xyz.com, but outside of our company it works fine. I believe I need to define in DNS. Could you please help. Thank you RObert
Re: [ActiveDir] ACTIVE DIRECTORY AND WEBSITE CONFLICTS
Create a new Alias entry with www and point it to the internal or external web site address. Santhosh Santhosh Sivarajan MCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+ Houston, TX On 4/28/05, Robert Oytun [EMAIL PROTECTED] wrote: Folks, I have a question, our active directory domain was setup as xyz.com also our Website hosted by web hosting company called xyz.com. Now internal users, when they open their IE, can not visit xyz.com, but outside of our company it works fine. I believe I need to define in DNS. Could you please help. Thank you RObert List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] ACTIVE DIRECTORY AND WEBSITE CONFLICTS
Create a new Alias entry with www and point it to the internal or external web site IP address. Santhosh On 4/28/05, Santhosh Sivarajan [EMAIL PROTECTED] wrote: Create a new Alias entry with www and point it to the internal or external web site address. Santhosh Santhosh Sivarajan MCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+ Houston, TX On 4/28/05, Robert Oytun [EMAIL PROTECTED] wrote: Folks, I have a question, our active directory domain was setup as xyz.com also our Website hosted by web hosting company called xyz.com. Now internal users, when they open their IE, can not visit xyz.com, but outside of our company it works fine. I believe I need to define in DNS. Could you please help. Thank you RObert List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Silly question(way OT)
For most raid cards, say HP/Compaq ones, if disk 0 1 2 3 are part of raid 5 - just recreate the raid config in the new raid card (of course without reinitializing) Some cards will bootup with NVRAM mismatch (config in ram doesn't match those in drive) and then you can choose which one to load from - in this case the drives. For extending the raid5 - sure most raid card nowadays allows you to extend the raid card - say you have 36x3 - and you add in another 36gig. Windows will not extend those that you have already allocated - so in diskmgmt.msc you will see an unassigned freespace. Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Friday, April 29, 2005 4:54 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Silly question(way OT) This is a hardware question that has nothing to do with AD. be warned. Many apologies in advance. i'm not really a hardware guy. Still, I can't believe I don't know this, but if anyone can help me, that would be great. If i have a hardware raid 5 array and swap out the raid controller with a new one, what happens to the data on the disks? Is everything lost or can the new controller just do raid 5 for the existing data? also, as a final question, can I add a extra drive to extend the current raid partition? meaning, if a have a 70gig hardware raid array(not counting the parity data), can i just add another 35gig drive to make Windows see a 105gig paratition now or do I have to create an extended paration? thanks. I know this is way OT. sorry List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] How much of the DIT is cached in RAM ?
Thanks Al, I went to the page you suggested; however, I did not see any information that explains how to turn Squeaky Lobster on. Is it a reg setting? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Thursday, April 28, 2005 11:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fwebcast s%2Fen%2Ftranscripts%2Fwct050603.asp Not sure where it's referenced for Active Directory. Maybe somebody has a reference for that handy? al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Thursday, April 28, 2005 1:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? This has been a great thread. I've really enjoyed reading it. This question is going to illustrate my extreme ignorance; however, the answer is worth it. What is Squeaky Lobster? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, April 27, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? From ESE's advanced perf counters exist, that tell you on a non-per-search basis: - Database Pages Transferred/sec - Database Page Latches/sec IIRC, the first is rate of pages being transferred from disk, and the 2nd is the rate at wich you are making a read of something on a page in the cache (that will include the read right after a page is transferred, BTW). It doesn't give you the per query stats you were discussing, but it does give you an idea of how much disk the DC is requiring ... If you were to isolate a DC from load, except your query, it could give a _rough_ idea for a paticular query, but remember latches aren't unique references, so if a single query internally has to read a page several times, that will be several latch counts. ... Cheers, -BrettSh On Wed, 27 Apr 2005, joe wrote: I waffled on posting that at all. I am not sure I can properly illustrate why I think it would be good for educational info. Maybe just to see from the outside the deltas in speeds of the same query when things are in cache versus not, etc. Overall it is just another stat to help understand how your directory is performing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Wednesday, April 27, 2005 2:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Correcting myself inline (full of that today aren't I?). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, April 26, 2005 10:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? I think it would be kind of interesting if the STATS control could tell you what % of the result set came from cache or something like that Actually, that's not really what you want. If I may, let me change your ask in to what I think you really would like What you really want is the % of pages touched to service the query that were in the cache. It doesn't matter if those pages are returned or not, it only matters that you needed the pages to effective service the search. As that's what defines the amt of time it takes to service it. [Efleis] - I shouldn't say this, it isn't quite true. What I meant was, this defines the amt of time that we would spend on I/O, should those pages not be in memory. Other things might necessitate more time spent on the search. That said, assuming you got what you really want, I'm not totally sold of the value. What will you learn? 1) More db cache - inefficient searches are faster 2) Better search filter optimization - better index selection - faster searches with less cache needed and less I/O needed Searches that hit infrequently used indexes will have a lower % of pages in memory, but still be faster than inefficient ones that hit many pages in memory. And the avg IT admin will wonder why. :) Inefficient searches are still inefficient, and are still going to require a large db cache to service them in any sort of timely manner. How much cache? As much as you have dataset that need be traversed for the inefficient search in question. Whatever that dataset might be. Sell me on the learning opportunity here? Sorry, I'm just not seeing it. I like the idea on paper, and would be more than happy to file the bug. I'm just not seeing what you think you can do better with this data point than you can today. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, April 26, 2005 9:11 PM To:
Re: [ActiveDir] Silly question(way OT)
Title: Re: [ActiveDir] Silly question(way OT) At least for HP Servers running WINK3, you have to first add the new drives to the array and then extend the volume at the hardware level. This can all be done while the server is running. Reboot then run a utility (I believe from the admin tool pack, I forget the exact name , can check if interested) to extend the volume in windows Reboot and your volume is extended. I've done this numerous times. -Original Message- From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org ActiveDir@mail.activedir.org Sent: Thu Apr 28 18:36:18 2005 Subject: RE: [ActiveDir] Silly question(way OT) For most raid cards, say HP/Compaq ones, if disk 0 1 2 3 are part of raid 5 - just recreate the raid config in the new raid card (of course without reinitializing) Some cards will bootup with NVRAM mismatch (config in ram doesn't match those in drive) and then you can choose which one to load from - in this case the drives. For extending the raid5 - sure most raid card nowadays allows you to extend the raid card - say you have 36x3 - and you add in another 36gig. Windows will not extend those that you have already allocated - so in diskmgmt.msc you will see an unassigned freespace. Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kern, Tom Sent: Friday, April 29, 2005 4:54 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Silly question(way OT) This is a hardware question that has nothing to do with AD. be warned. Many apologies in advance. i'm not really a hardware guy. Still, I can't believe I don't know this, but if anyone can help me, that would be great. If i have a hardware raid 5 array and swap out the raid controller with a new one, what happens to the data on the disks? Is everything lost or can the new controller just do raid 5 for the existing data? also, as a final question, can I add a extra drive to extend the current raid partition? meaning, if a have a 70gig hardware raid array(not counting the parity data), can i just add another 35gig drive to make Windows see a 105gig paratition now or do I have to create an extended paration? thanks. I know this is way OT. sorry List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Silly question(way OT)
Thanks I'm running Win2k with basic disks on an Compaq Proliant DL 380. Do I need to convert to dynamic disks? Thanks again for all your help -- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] How much of the DIT is cached in RAM ?
Hey, I had to do some checking for that squeaky Lobster also. I *think* this is what you're looking for but I haven't had the time to test it yet. http://www.windowsitpro.com/Windows/Article/ArticleID/21879/21879.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Thursday, April 28, 2005 10:31 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? This has been a great thread. I've really enjoyed reading it. This question is going to illustrate my extreme ignorance; however, the answer is worth it. What is Squeaky Lobster? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, April 27, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? From ESE's advanced perf counters exist, that tell you on a non-per-search basis: - Database Pages Transferred/sec - Database Page Latches/sec IIRC, the first is rate of pages being transferred from disk, and the 2nd is the rate at wich you are making a read of something on a page in the cache (that will include the read right after a page is transferred, BTW). It doesn't give you the per query stats you were discussing, but it does give you an idea of how much disk the DC is requiring ... If you were to isolate a DC from load, except your query, it could give a _rough_ idea for a paticular query, but remember latches aren't unique references, so if a single query internally has to read a page several times, that will be several latch counts. ... Cheers, -BrettSh On Wed, 27 Apr 2005, joe wrote: I waffled on posting that at all. I am not sure I can properly illustrate why I think it would be good for educational info. Maybe just to see from the outside the deltas in speeds of the same query when things are in cache versus not, etc. Overall it is just another stat to help understand how your directory is performing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Wednesday, April 27, 2005 2:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Correcting myself inline (full of that today aren't I?). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, April 26, 2005 10:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? I think it would be kind of interesting if the STATS control could tell you what % of the result set came from cache or something like that Actually, that's not really what you want. If I may, let me change your ask in to what I think you really would like What you really want is the % of pages touched to service the query that were in the cache. It doesn't matter if those pages are returned or not, it only matters that you needed the pages to effective service the search. As that's what defines the amt of time it takes to service it. [Efleis] - I shouldn't say this, it isn't quite true. What I meant was, this defines the amt of time that we would spend on I/O, should those pages not be in memory. Other things might necessitate more time spent on the search. That said, assuming you got what you really want, I'm not totally sold of the value. What will you learn? 1) More db cache - inefficient searches are faster 2) Better search filter optimization - better index selection - faster searches with less cache needed and less I/O needed Searches that hit infrequently used indexes will have a lower % of pages in memory, but still be faster than inefficient ones that hit many pages in memory. And the avg IT admin will wonder why. :) Inefficient searches are still inefficient, and are still going to require a large db cache to service them in any sort of timely manner. How much cache? As much as you have dataset that need be traversed for the inefficient search in question. Whatever that dataset might be. Sell me on the learning opportunity here? Sorry, I'm just not seeing it. I like the idea on paper, and would be more than happy to file the bug. I'm just not seeing what you think you can do better with this data point than you can today. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, April 26, 2005 9:11 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Thanks ~Eric. I think it would be kind of interesting if the STATS control could tell you what % of the result set came from cache or something like that. How feasible would something like that be? Possibly the results of that would only be for educational reasons but I, at least, would
RE: [ActiveDir] Full Client Login Test on AD
Title: Full Client Login Test on AD There is a utility called loadhardness which has various plugins this may assist you with some of your issues. But could you capture this information in MOM 2005 and utilise some clever scripting to simulate logons? Loadsim 2003 could be utilised for Exchange. Mark Parris From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 28 April 2005 22:16 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Full Client Login Test on AD There are many load testing systems out there (e.g. Load Runner (www.mercury.com), AdventNet Qengine) for Web based apps and custom Application code for .NET. My question is there any way to test for multiple login behaviour in active directory? For example I need to run 1000s of concurrent users for a test against a DC which would mimic the following (generalized): A Machine Boots Up - Queries DNS for SRV Records (AD Integrated DNS) - Determines Site Information - Checks Time Services SNTP - Authenticates a Machine Account which gains a Kerberos Token, session and SID/RIDs from Group Membership(s) - Checks for Slow Link Detection from GPO via ICMP - Binds to sysvol - a DC now keeps track of this CIFS or SMB Share State - Checks Machine GPO Settings using standard LSDOU (minus the L in this case) - Checks for any published MSI Jobs User Logs In - Authenticates a User Account which gains a Kerberos Token, session and SID/RID Package from Group Membership - Checks User GPO Settings using LSDOU (minus the L in this case) - Checks for MSI Jobs - Process Login Script - regardless of size and spawning mechanisms it would still need to run the first bind and connection from the DC Rest of the life of the session - Kerberos rechecked every half life or four hours - SNTP rechecked at timed intervals - GPOs applied every 30-90 minutes in random fashion I know that I have not even touched E2k3 or other AD based application which may also want to communicate via LDAP Process calls etc. but for now, it is out of scope. AFAIK - simulators cannot come close to this type of check, only one liners such as Kerberos tickets, or HTTP requests - all based on non stateful connections and even then it would be in a sequential format, user1, then user2, then user3 and so forth not user1.2.3 at the same exact time. The only way I know how to do this would be to have 1000s of physical (or virtual) machines login to hit the DC at once to come close to the full sequence above. Any suggestions? Many thanks Jon
RE: [ActiveDir] How much of the DIT is cached in RAM ?
Try - http://www.realcooltoys.com/squeakylobster.html Squeaky Lobster is a magic reg key to enable special Squeaky Lobster ESE counters. It first came to being, I believe, with Exchange 5.5 where I heard two different stories, the first being that the dev guy who put it in had a kid who had a squeaky lobster toy (or he had it) and the other is that it was thought up after lunch. I would tend to go with the first explanation myself... Anyway, it was carried through and is available on AD, or at least it was on 2K AD which is the last time I used it a couple of years ago. There used to be a KB out there that talked about what it made available but I don't see it anywhere which sucks because if I need it again I will have to go dig through 8 GB of PSTs and notepad docs. :o) I want to say that I think I heard they changed (or were changing) the name of this reg entry to something like show advanced counters or something like that but I don't think I can point at any references for that. As far as I know, this key wasn't supposed to be hidden or secret, though it appears it might have gone underground. I don't think I will post any more on it and let ~Eric or Brett put out in the public whatever they think should be available. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Thursday, April 28, 2005 1:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? This has been a great thread. I've really enjoyed reading it. This question is going to illustrate my extreme ignorance; however, the answer is worth it. What is Squeaky Lobster? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, April 27, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? From ESE's advanced perf counters exist, that tell you on a non-per-search basis: - Database Pages Transferred/sec - Database Page Latches/sec IIRC, the first is rate of pages being transferred from disk, and the 2nd is the rate at wich you are making a read of something on a page in the cache (that will include the read right after a page is transferred, BTW). It doesn't give you the per query stats you were discussing, but it does give you an idea of how much disk the DC is requiring ... If you were to isolate a DC from load, except your query, it could give a _rough_ idea for a paticular query, but remember latches aren't unique references, so if a single query internally has to read a page several times, that will be several latch counts. ... Cheers, -BrettSh On Wed, 27 Apr 2005, joe wrote: I waffled on posting that at all. I am not sure I can properly illustrate why I think it would be good for educational info. Maybe just to see from the outside the deltas in speeds of the same query when things are in cache versus not, etc. Overall it is just another stat to help understand how your directory is performing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Wednesday, April 27, 2005 2:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Correcting myself inline (full of that today aren't I?). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, April 26, 2005 10:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? I think it would be kind of interesting if the STATS control could tell you what % of the result set came from cache or something like that Actually, that's not really what you want. If I may, let me change your ask in to what I think you really would like What you really want is the % of pages touched to service the query that were in the cache. It doesn't matter if those pages are returned or not, it only matters that you needed the pages to effective service the search. As that's what defines the amt of time it takes to service it. [Efleis] - I shouldn't say this, it isn't quite true. What I meant was, this defines the amt of time that we would spend on I/O, should those pages not be in memory. Other things might necessitate more time spent on the search. That said, assuming you got what you really want, I'm not totally sold of the value. What will you learn? 1) More db cache - inefficient searches are faster 2) Better search filter optimization - better index selection - faster searches with less cache needed and less I/O needed Searches that hit infrequently used indexes will have a lower % of pages in memory, but still be faster than inefficient ones that hit many pages in memory. And the avg IT admin will wonder why. :) Inefficient searches are still
RE: [ActiveDir] How much of the DIT is cached in RAM ?
One of the Exchange Product Managers said today that she is preparing a blog on Squeaky Lobster, including a picture of the original Squeaky. I also asked about the KB and was told, simply, that it isn't currently publicly available. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, April 28, 2005 7:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Try - http://www.realcooltoys.com/squeakylobster.html Squeaky Lobster is a magic reg key to enable special Squeaky Lobster ESE counters. It first came to being, I believe, with Exchange 5.5 where I heard two different stories, the first being that the dev guy who put it in had a kid who had a squeaky lobster toy (or he had it) and the other is that it was thought up after lunch. I would tend to go with the first explanation myself... Anyway, it was carried through and is available on AD, or at least it was on 2K AD which is the last time I used it a couple of years ago. There used to be a KB out there that talked about what it made available but I don't see it anywhere which sucks because if I need it again I will have to go dig through 8 GB of PSTs and notepad docs. :o) I want to say that I think I heard they changed (or were changing) the name of this reg entry to something like show advanced counters or something like that but I don't think I can point at any references for that. As far as I know, this key wasn't supposed to be hidden or secret, though it appears it might have gone underground. I don't think I will post any more on it and let ~Eric or Brett put out in the public whatever they think should be available. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Thursday, April 28, 2005 1:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? This has been a great thread. I've really enjoyed reading it. This question is going to illustrate my extreme ignorance; however, the answer is worth it. What is Squeaky Lobster? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, April 27, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? From ESE's advanced perf counters exist, that tell you on a non-per-search basis: - Database Pages Transferred/sec - Database Page Latches/sec IIRC, the first is rate of pages being transferred from disk, and the 2nd is the rate at wich you are making a read of something on a page in the cache (that will include the read right after a page is transferred, BTW). It doesn't give you the per query stats you were discussing, but it does give you an idea of how much disk the DC is requiring ... If you were to isolate a DC from load, except your query, it could give a _rough_ idea for a paticular query, but remember latches aren't unique references, so if a single query internally has to read a page several times, that will be several latch counts. ... Cheers, -BrettSh On Wed, 27 Apr 2005, joe wrote: I waffled on posting that at all. I am not sure I can properly illustrate why I think it would be good for educational info. Maybe just to see from the outside the deltas in speeds of the same query when things are in cache versus not, etc. Overall it is just another stat to help understand how your directory is performing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Wednesday, April 27, 2005 2:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Correcting myself inline (full of that today aren't I?). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, April 26, 2005 10:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? I think it would be kind of interesting if the STATS control could tell you what % of the result set came from cache or something like that Actually, that's not really what you want. If I may, let me change your ask in to what I think you really would like What you really want is the % of pages touched to service the query that were in the cache. It doesn't matter if those pages are returned or not, it only matters that you needed the pages to effective service the search. As that's what defines the amt of time it takes to service it. [Efleis] - I shouldn't say this, it isn't quite true. What I meant was, this defines the amt of time that we would spend on I/O, should those pages not be in memory. Other things might necessitate more time spent on the search. That said, assuming you got what you really want, I'm not totally sold
RE: [ActiveDir] Silly question(way OT)
Title: RE: [ActiveDir] Silly question(way OT) I use only basic disks and have expanded volumes without any problems. http://h21.www2.hp.com/bc/docs/support/SupportManual/c00257511/c00257511.pdf http://support.microsoft.com/default.aspx?scid=kb;en-us;325590 Make sure your rompaq, raid controller firmware and drivers are up-to-date before doing this. hth Robert -Original Message- From: [EMAIL PROTECTED] on behalf of Kern, Tom Sent: Thu 4/28/2005 7:06 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Silly question(way OT) Thanks I'm running Win2k with basic disks on an Compaq Proliant DL 380. Do I need to convert to dynamic disks? Thanks again for all your help -- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] How much of the DIT is cached in RAM ?
The dev who put it in, is what I like to call my boss ... he has no child, I can guarantee it had nothing to do with that ... Email me directly the Exch product manager's name, and I'll try to light a fire under them ... if they don't product something, I'll produce something on my blog (when it is up) and send it around ... Cheers, BrettSh On Thu, 28 Apr 2005, Michael B. Smith wrote: One of the Exchange Product Managers said today that she is preparing a blog on Squeaky Lobster, including a picture of the original Squeaky. I also asked about the KB and was told, simply, that it isn't currently publicly available. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, April 28, 2005 7:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Try - http://www.realcooltoys.com/squeakylobster.html Squeaky Lobster is a magic reg key to enable special Squeaky Lobster ESE counters. It first came to being, I believe, with Exchange 5.5 where I heard two different stories, the first being that the dev guy who put it in had a kid who had a squeaky lobster toy (or he had it) and the other is that it was thought up after lunch. I would tend to go with the first explanation myself... Anyway, it was carried through and is available on AD, or at least it was on 2K AD which is the last time I used it a couple of years ago. There used to be a KB out there that talked about what it made available but I don't see it anywhere which sucks because if I need it again I will have to go dig through 8 GB of PSTs and notepad docs. :o) I want to say that I think I heard they changed (or were changing) the name of this reg entry to something like show advanced counters or something like that but I don't think I can point at any references for that. As far as I know, this key wasn't supposed to be hidden or secret, though it appears it might have gone underground. I don't think I will post any more on it and let ~Eric or Brett put out in the public whatever they think should be available. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Thursday, April 28, 2005 1:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? This has been a great thread. I've really enjoyed reading it. This question is going to illustrate my extreme ignorance; however, the answer is worth it. What is Squeaky Lobster? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, April 27, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? From ESE's advanced perf counters exist, that tell you on a non-per-search basis: - Database Pages Transferred/sec - Database Page Latches/sec IIRC, the first is rate of pages being transferred from disk, and the 2nd is the rate at wich you are making a read of something on a page in the cache (that will include the read right after a page is transferred, BTW). It doesn't give you the per query stats you were discussing, but it does give you an idea of how much disk the DC is requiring ... If you were to isolate a DC from load, except your query, it could give a _rough_ idea for a paticular query, but remember latches aren't unique references, so if a single query internally has to read a page several times, that will be several latch counts. ... Cheers, -BrettSh On Wed, 27 Apr 2005, joe wrote: I waffled on posting that at all. I am not sure I can properly illustrate why I think it would be good for educational info. Maybe just to see from the outside the deltas in speeds of the same query when things are in cache versus not, etc. Overall it is just another stat to help understand how your directory is performing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Wednesday, April 27, 2005 2:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Correcting myself inline (full of that today aren't I?). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, April 26, 2005 10:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? I think it would be kind of interesting if the STATS control could tell you what % of the result set came from cache or something like that Actually, that's not really what you want. If I may, let me change your ask in to what I think you really would like What you really want is the % of pages touched to service the query that were
RE: [ActiveDir] How much of the DIT is cached in RAM ?
Hey Brett... I've seen your blog, how about you tell ~Eric the story and he can blog it. :o) evilgrin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, April 28, 2005 8:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? The dev who put it in, is what I like to call my boss ... he has no child, I can guarantee it had nothing to do with that ... Email me directly the Exch product manager's name, and I'll try to light a fire under them ... if they don't product something, I'll produce something on my blog (when it is up) and send it around ... Cheers, BrettSh On Thu, 28 Apr 2005, Michael B. Smith wrote: One of the Exchange Product Managers said today that she is preparing a blog on Squeaky Lobster, including a picture of the original Squeaky. I also asked about the KB and was told, simply, that it isn't currently publicly available. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, April 28, 2005 7:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Try - http://www.realcooltoys.com/squeakylobster.html Squeaky Lobster is a magic reg key to enable special Squeaky Lobster ESE counters. It first came to being, I believe, with Exchange 5.5 where I heard two different stories, the first being that the dev guy who put it in had a kid who had a squeaky lobster toy (or he had it) and the other is that it was thought up after lunch. I would tend to go with the first explanation myself... Anyway, it was carried through and is available on AD, or at least it was on 2K AD which is the last time I used it a couple of years ago. There used to be a KB out there that talked about what it made available but I don't see it anywhere which sucks because if I need it again I will have to go dig through 8 GB of PSTs and notepad docs. :o) I want to say that I think I heard they changed (or were changing) the name of this reg entry to something like show advanced counters or something like that but I don't think I can point at any references for that. As far as I know, this key wasn't supposed to be hidden or secret, though it appears it might have gone underground. I don't think I will post any more on it and let ~Eric or Brett put out in the public whatever they think should be available. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Thursday, April 28, 2005 1:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? This has been a great thread. I've really enjoyed reading it. This question is going to illustrate my extreme ignorance; however, the answer is worth it. What is Squeaky Lobster? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, April 27, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? From ESE's advanced perf counters exist, that tell you on a non-per-search basis: - Database Pages Transferred/sec - Database Page Latches/sec IIRC, the first is rate of pages being transferred from disk, and the 2nd is the rate at wich you are making a read of something on a page in the cache (that will include the read right after a page is transferred, BTW). It doesn't give you the per query stats you were discussing, but it does give you an idea of how much disk the DC is requiring ... If you were to isolate a DC from load, except your query, it could give a _rough_ idea for a paticular query, but remember latches aren't unique references, so if a single query internally has to read a page several times, that will be several latch counts. ... Cheers, -BrettSh On Wed, 27 Apr 2005, joe wrote: I waffled on posting that at all. I am not sure I can properly illustrate why I think it would be good for educational info. Maybe just to see from the outside the deltas in speeds of the same query when things are in cache versus not, etc. Overall it is just another stat to help understand how your directory is performing. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Wednesday, April 27, 2005 2:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Correcting myself inline (full of that today aren't I?). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, April 26, 2005 10:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in
RE: [ActiveDir] How much of the DIT is cached in RAM ?
Ignoring Joe's cruel comment about my categorically challenged blog ... lets get back to something useful ... So this link gets you started enabling Windows ESE perf counters ... http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/docume$ BUT ... Enabling Advanced Perf Counters: During step 3, also add this registry value in that same ...\Services\ESENT\Performance regkey: Squeaky Lobster = REG_DWORD 0001 Now, technically this reg value also works, and is the professional equivalent of the above value: Show Advanced Counters = REG_DWORD 0001 But Eric and I try to promote Squeaky Lobster usage whenever possible to ensure that ESE will honor the reg value forever. Then you can get started on the looking at all the fascinating database perf counters ... oooh, I just saw one of our DC's pop to 405k latches / second, that's cool. Setting up adv perf counters is I think similar for Exchange, but for a slight different registry key. BTW, does anyone know why does that web page say copy esentprf.dll to a seperate directory? I've never done that, seems to work fine. Huh. Cheers, BrettSh [msft] posting as is, don't blame me if you hose your DCs. ;) On Thu, 28 Apr 2005, joe wrote: Hey Brett... I've seen your blog, how about you tell ~Eric the story and he can blog it. :o) evilgrin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, April 28, 2005 8:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? The dev who put it in, is what I like to call my boss ... he has no child, I can guarantee it had nothing to do with that ... Email me directly the Exch product manager's name, and I'll try to light a fire under them ... if they don't product something, I'll produce something on my blog (when it is up) and send it around ... Cheers, BrettSh On Thu, 28 Apr 2005, Michael B. Smith wrote: One of the Exchange Product Managers said today that she is preparing a blog on Squeaky Lobster, including a picture of the original Squeaky. I also asked about the KB and was told, simply, that it isn't currently publicly available. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, April 28, 2005 7:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Try - http://www.realcooltoys.com/squeakylobster.html Squeaky Lobster is a magic reg key to enable special Squeaky Lobster ESE counters. It first came to being, I believe, with Exchange 5.5 where I heard two different stories, the first being that the dev guy who put it in had a kid who had a squeaky lobster toy (or he had it) and the other is that it was thought up after lunch. I would tend to go with the first explanation myself... Anyway, it was carried through and is available on AD, or at least it was on 2K AD which is the last time I used it a couple of years ago. There used to be a KB out there that talked about what it made available but I don't see it anywhere which sucks because if I need it again I will have to go dig through 8 GB of PSTs and notepad docs. :o) I want to say that I think I heard they changed (or were changing) the name of this reg entry to something like show advanced counters or something like that but I don't think I can point at any references for that. As far as I know, this key wasn't supposed to be hidden or secret, though it appears it might have gone underground. I don't think I will post any more on it and let ~Eric or Brett put out in the public whatever they think should be available. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Thursday, April 28, 2005 1:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? This has been a great thread. I've really enjoyed reading it. This question is going to illustrate my extreme ignorance; however, the answer is worth it. What is Squeaky Lobster? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, April 27, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? From ESE's advanced perf counters exist, that tell you on a non-per-search basis: - Database Pages Transferred/sec - Database Page Latches/sec IIRC, the first is rate of pages being transferred from disk, and the 2nd is the rate at wich you are making a read of something on a page in the cache (that will include the read right after a page is transferred, BTW). It
RE: [ActiveDir] How much of the DIT is cached in RAM ?
Heh. Since YOU said that, for Exchange: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESE\Performance] Squeaky Lobster=dword:0001 (Given that the name of the feature was Squeaky Lobster and that it was message-store related -- the deduction was fairly obvious.) Now - a description of those values - many of which have VERY interesting names, would rock. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, April 28, 2005 9:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Ignoring Joe's cruel comment about my categorically challenged blog ... lets get back to something useful ... So this link gets you started enabling Windows ESE perf counters ... http://www.microsoft.com/resources/documentation/Windows/2000/server/res kit/en-us/Default.asp?url=/resources/docume$ BUT ... Enabling Advanced Perf Counters: During step 3, also add this registry value in that same ...\Services\ESENT\Performance regkey: Squeaky Lobster = REG_DWORD 0001 Now, technically this reg value also works, and is the professional equivalent of the above value: Show Advanced Counters = REG_DWORD 0001 But Eric and I try to promote Squeaky Lobster usage whenever possible to ensure that ESE will honor the reg value forever. Then you can get started on the looking at all the fascinating database perf counters ... oooh, I just saw one of our DC's pop to 405k latches / second, that's cool. Setting up adv perf counters is I think similar for Exchange, but for a slight different registry key. BTW, does anyone know why does that web page say copy esentprf.dll to a seperate directory? I've never done that, seems to work fine. Huh. Cheers, BrettSh [msft] posting as is, don't blame me if you hose your DCs. ;) On Thu, 28 Apr 2005, joe wrote: Hey Brett... I've seen your blog, how about you tell ~Eric the story and he can blog it. :o) evilgrin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, April 28, 2005 8:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? The dev who put it in, is what I like to call my boss ... he has no child, I can guarantee it had nothing to do with that ... Email me directly the Exch product manager's name, and I'll try to light a fire under them ... if they don't product something, I'll produce something on my blog (when it is up) and send it around ... Cheers, BrettSh On Thu, 28 Apr 2005, Michael B. Smith wrote: One of the Exchange Product Managers said today that she is preparing a blog on Squeaky Lobster, including a picture of the original Squeaky. I also asked about the KB and was told, simply, that it isn't currently publicly available. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, April 28, 2005 7:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Try - http://www.realcooltoys.com/squeakylobster.html Squeaky Lobster is a magic reg key to enable special Squeaky Lobster ESE counters. It first came to being, I believe, with Exchange 5.5 where I heard two different stories, the first being that the dev guy who put it in had a kid who had a squeaky lobster toy (or he had it) and the other is that it was thought up after lunch. I would tend to go with the first explanation myself... Anyway, it was carried through and is available on AD, or at least it was on 2K AD which is the last time I used it a couple of years ago. There used to be a KB out there that talked about what it made available but I don't see it anywhere which sucks because if I need it again I will have to go dig through 8 GB of PSTs and notepad docs. :o) I want to say that I think I heard they changed (or were changing) the name of this reg entry to something like show advanced counters or something like that but I don't think I can point at any references for that. As far as I know, this key wasn't supposed to be hidden or secret, though it appears it might have gone underground. I don't think I will post any more on it and let ~Eric or Brett put out in the public whatever they think should be available. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Thursday, April 28, 2005 1:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? This has been a great thread. I've really enjoyed reading it. This question is going to illustrate my extreme ignorance; however, the answer is worth it. What is Squeaky Lobster? -Original Message- From:
RE: [ActiveDir] How much of the DIT is cached in RAM ?
Thanks guys. Brett, don't worry I won't blame you for hosing my DC. It'll be worth it anyway :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, April 28, 2005 6:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Ignoring Joe's cruel comment about my categorically challenged blog ... lets get back to something useful ... So this link gets you started enabling Windows ESE perf counters ... http://www.microsoft.com/resources/documentation/Windows/2000/server/res kit/en-us/Default.asp?url=/resources/docume$ BUT ... Enabling Advanced Perf Counters: During step 3, also add this registry value in that same ...\Services\ESENT\Performance regkey: Squeaky Lobster = REG_DWORD 0001 Now, technically this reg value also works, and is the professional equivalent of the above value: Show Advanced Counters = REG_DWORD 0001 But Eric and I try to promote Squeaky Lobster usage whenever possible to ensure that ESE will honor the reg value forever. Then you can get started on the looking at all the fascinating database perf counters ... oooh, I just saw one of our DC's pop to 405k latches / second, that's cool. Setting up adv perf counters is I think similar for Exchange, but for a slight different registry key. BTW, does anyone know why does that web page say copy esentprf.dll to a seperate directory? I've never done that, seems to work fine. Huh. Cheers, BrettSh [msft] posting as is, don't blame me if you hose your DCs. ;) On Thu, 28 Apr 2005, joe wrote: Hey Brett... I've seen your blog, how about you tell ~Eric the story and he can blog it. :o) evilgrin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, April 28, 2005 8:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? The dev who put it in, is what I like to call my boss ... he has no child, I can guarantee it had nothing to do with that ... Email me directly the Exch product manager's name, and I'll try to light a fire under them ... if they don't product something, I'll produce something on my blog (when it is up) and send it around ... Cheers, BrettSh On Thu, 28 Apr 2005, Michael B. Smith wrote: One of the Exchange Product Managers said today that she is preparing a blog on Squeaky Lobster, including a picture of the original Squeaky. I also asked about the KB and was told, simply, that it isn't currently publicly available. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, April 28, 2005 7:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Try - http://www.realcooltoys.com/squeakylobster.html Squeaky Lobster is a magic reg key to enable special Squeaky Lobster ESE counters. It first came to being, I believe, with Exchange 5.5 where I heard two different stories, the first being that the dev guy who put it in had a kid who had a squeaky lobster toy (or he had it) and the other is that it was thought up after lunch. I would tend to go with the first explanation myself... Anyway, it was carried through and is available on AD, or at least it was on 2K AD which is the last time I used it a couple of years ago. There used to be a KB out there that talked about what it made available but I don't see it anywhere which sucks because if I need it again I will have to go dig through 8 GB of PSTs and notepad docs. :o) I want to say that I think I heard they changed (or were changing) the name of this reg entry to something like show advanced counters or something like that but I don't think I can point at any references for that. As far as I know, this key wasn't supposed to be hidden or secret, though it appears it might have gone underground. I don't think I will post any more on it and let ~Eric or Brett put out in the public whatever they think should be available. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Thursday, April 28, 2005 1:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? This has been a great thread. I've really enjoyed reading it. This question is going to illustrate my extreme ignorance; however, the answer is worth it. What is Squeaky Lobster? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, April 27, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? From ESE's advanced perf counters exist, that
RE: [ActiveDir] How much of the DIT is cached in RAM ?
That would take too long ... I'll tell you want, YOU can ask about any two of them, that have a similar name prefix (i.e. start w/ the same word) ... and I'll try to answer today or tomorrow ... Cheers, -BrettSh [msft] On Thu, 28 Apr 2005, Michael B. Smith wrote: Heh. Since YOU said that, for Exchange: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESE\Performance] Squeaky Lobster=dword:0001 (Given that the name of the feature was Squeaky Lobster and that it was message-store related -- the deduction was fairly obvious.) Now - a description of those values - many of which have VERY interesting names, would rock. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, April 28, 2005 9:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Ignoring Joe's cruel comment about my categorically challenged blog ... lets get back to something useful ... So this link gets you started enabling Windows ESE perf counters ... http://www.microsoft.com/resources/documentation/Windows/2000/server/res kit/en-us/Default.asp?url=/resources/docume$ BUT ... Enabling Advanced Perf Counters: During step 3, also add this registry value in that same ...\Services\ESENT\Performance regkey: Squeaky Lobster = REG_DWORD 0001 Now, technically this reg value also works, and is the professional equivalent of the above value: Show Advanced Counters = REG_DWORD 0001 But Eric and I try to promote Squeaky Lobster usage whenever possible to ensure that ESE will honor the reg value forever. Then you can get started on the looking at all the fascinating database perf counters ... oooh, I just saw one of our DC's pop to 405k latches / second, that's cool. Setting up adv perf counters is I think similar for Exchange, but for a slight different registry key. BTW, does anyone know why does that web page say copy esentprf.dll to a seperate directory? I've never done that, seems to work fine. Huh. Cheers, BrettSh [msft] posting as is, don't blame me if you hose your DCs. ;) On Thu, 28 Apr 2005, joe wrote: Hey Brett... I've seen your blog, how about you tell ~Eric the story and he can blog it. :o) evilgrin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, April 28, 2005 8:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? The dev who put it in, is what I like to call my boss ... he has no child, I can guarantee it had nothing to do with that ... Email me directly the Exch product manager's name, and I'll try to light a fire under them ... if they don't product something, I'll produce something on my blog (when it is up) and send it around ... Cheers, BrettSh On Thu, 28 Apr 2005, Michael B. Smith wrote: One of the Exchange Product Managers said today that she is preparing a blog on Squeaky Lobster, including a picture of the original Squeaky. I also asked about the KB and was told, simply, that it isn't currently publicly available. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, April 28, 2005 7:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Try - http://www.realcooltoys.com/squeakylobster.html Squeaky Lobster is a magic reg key to enable special Squeaky Lobster ESE counters. It first came to being, I believe, with Exchange 5.5 where I heard two different stories, the first being that the dev guy who put it in had a kid who had a squeaky lobster toy (or he had it) and the other is that it was thought up after lunch. I would tend to go with the first explanation myself... Anyway, it was carried through and is available on AD, or at least it was on 2K AD which is the last time I used it a couple of years ago. There used to be a KB out there that talked about what it made available but I don't see it anywhere which sucks because if I need it again I will have to go dig through 8 GB of PSTs and notepad docs. :o) I want to say that I think I heard they changed (or were changing) the name of this reg entry to something like show advanced counters or something like that but I don't think I can point at any references for that. As far as I know, this key wasn't supposed to be hidden or secret, though it appears it might have gone underground. I don't think I will post any more on it and let ~Eric or Brett put out in the public whatever they think should be available. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
RE: [ActiveDir] How much of the DIT is cached in RAM ?
:o) Hey I am watching for your blog to take off, I think it will be quite an interesting read... Once there is something to read other than categories. ;o) I am especially interested in the corporate base jumping category. I've think I have done that a few times but I always seem to forget to use a parachute... Or as Dean had someone email me today asking... Been fired lately?. That is totally undeserved, I have only been fired twice in the last 10 years, the other time I quit. :), Seriously, good to see this info out in a place that will exist for a long time. Thanks for posting it for everyone. I have also wondered about that file copy. Never made sense to me, it is almost like they were thinking the file would get eaten in the system32 folder or something. Plus they don't have you copy all of the esentprf.* files, just the dll... I can't say I have ever done that copy. So now, about the story behind the naming of the key? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, April 28, 2005 9:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Ignoring Joe's cruel comment about my categorically challenged blog ... lets get back to something useful ... So this link gets you started enabling Windows ESE perf counters ... http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/ en-us/Default.asp?url=/resources/docume$ BUT ... Enabling Advanced Perf Counters: During step 3, also add this registry value in that same ...\Services\ESENT\Performance regkey: Squeaky Lobster = REG_DWORD 0001 Now, technically this reg value also works, and is the professional equivalent of the above value: Show Advanced Counters = REG_DWORD 0001 But Eric and I try to promote Squeaky Lobster usage whenever possible to ensure that ESE will honor the reg value forever. Then you can get started on the looking at all the fascinating database perf counters ... oooh, I just saw one of our DC's pop to 405k latches / second, that's cool. Setting up adv perf counters is I think similar for Exchange, but for a slight different registry key. BTW, does anyone know why does that web page say copy esentprf.dll to a seperate directory? I've never done that, seems to work fine. Huh. Cheers, BrettSh [msft] posting as is, don't blame me if you hose your DCs. ;) On Thu, 28 Apr 2005, joe wrote: Hey Brett... I've seen your blog, how about you tell ~Eric the story and he can blog it. :o) evilgrin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, April 28, 2005 8:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? The dev who put it in, is what I like to call my boss ... he has no child, I can guarantee it had nothing to do with that ... Email me directly the Exch product manager's name, and I'll try to light a fire under them ... if they don't product something, I'll produce something on my blog (when it is up) and send it around ... Cheers, BrettSh On Thu, 28 Apr 2005, Michael B. Smith wrote: One of the Exchange Product Managers said today that she is preparing a blog on Squeaky Lobster, including a picture of the original Squeaky. I also asked about the KB and was told, simply, that it isn't currently publicly available. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, April 28, 2005 7:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How much of the DIT is cached in RAM ? Try - http://www.realcooltoys.com/squeakylobster.html Squeaky Lobster is a magic reg key to enable special Squeaky Lobster ESE counters. It first came to being, I believe, with Exchange 5.5 where I heard two different stories, the first being that the dev guy who put it in had a kid who had a squeaky lobster toy (or he had it) and the other is that it was thought up after lunch. I would tend to go with the first explanation myself... Anyway, it was carried through and is available on AD, or at least it was on 2K AD which is the last time I used it a couple of years ago. There used to be a KB out there that talked about what it made available but I don't see it anywhere which sucks because if I need it again I will have to go dig through 8 GB of PSTs and notepad docs. :o) I want to say that I think I heard they changed (or were changing) the name of this reg entry to something like show advanced counters or something like that but I don't think I can point at any references for that. As far as I know, this key wasn't supposed to be hidden or secret, though it appears it might have gone underground. I don't think I will post any more on it and let ~Eric or Brett put
[ActiveDir] [OT] ESE API Documention....
This sort of shocked me when I saw it... http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ese/ese/por tal.asp JET Blue AKA ESE API documentation in case you are a c/c++ coder and want to use it yourself I just keep clicking through the functions thinking... Wow, I can't believe after all of these years they published this info. Quite cool. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: End Process permission
Do mean any process? Or one running under his user account? the last one should be possible even if the person is not an admin. The first one I dont know. Katrin Wilhelm (MCSA) CVGT Employment Training Specialists Australia E-mail: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Friday, 29 April 2005 2:51 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: End Process permission Anyone know how I can grant a non-admin the permission to end a running process? Im not finding anything in Group Policy unless Im overlooking it. Thanks! Mark This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Confidentiality: The contents contain privileged and/or confidential information intended for the named recipient of this email. CVGT does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email is prohibited. If you receive this email in error, please reply to us immediately and delete the document.Viruses: It is the recipient/client's duties to virus scan and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect or error. Any loss/damage incurred by using this material is not the sender's responsibility. CVGTs entire liability will be limited to resupplying the material.Please contact us at www.cvgt.com.au for further information regarding this disclaimer.