Re: [ActiveDir] Last Logon to a computer
When you have enabled appropiate security auditing you will need to search for eventID 528. The following logparser command can be used as an alternative to Event Viewer. logparser Select TimeGenerated AS Date, SID From SECURITY WHERE EventID=528 ORDER BY Date DESC -resolveSIDs:on
RE: [ActiveDir] scripting sacls
Alain, Superb, setting the options in advance allowed me to get the SACLs correctly. Pity that it doesn't seem to be reflected in any other literature. Virtual pint on it's way or at least a purchase of your book! Thanks, Paul. From: "Alain Lissoir" [EMAIL PROTECTED]Subject: RE: [ActiveDir] scripting saclsDate: Thu, 5 May 2005 15:24:31 -0700Reply-To: ActiveDir@mail.activedir.orgThis is a multi-part message in MIME format.--=_NextPart_000_011A_01C55186.892AACB0Content-Type: text/plain; charset="us-ascii"Content-Transfer-Encoding: 7bitPaul, make sure you include the statement: objADObject.SetOption ADS_OPTION_SECURITY_MASK,ADS_SECURITY_INFO_OWNER Or _ ADS_SECURITY_INFO_GROUPOr _ ADS_SECURITY_INFO_DACL Or_ ADS_SECURITY_INFO_SACL Set objSD = objADObject.Get("ntSecurityDescriptor")
Re: [ActiveDir] DNS vs. Hosts File
So when does it query _kpasswd.et,etc? Thanks -- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] SID History Filtering
I'm working at a client with what I think is a unique set of circumstances. Instead of upgrading their existing NT 4.0 Domain to AD, they instead, created a new AD structure and left the NT 4.0 Domain in production. Almost all of the users are still logging into the 4.0 domain (4d) still, due to the fact that their resources are still in that domain. My role in all this is getting the servers in 4d moved to AD without causing disruption to those users. All of the 4d ID's were pulled into the AD structure. Someone mentioned to me that we could use SID History filtering, and in on fail swoop, move all the 4d servers over to AD, less the DC's and everything should still work with the users logging in to 4d. Is this the case?
RE: [ActiveDir] ADFind syntax
Charlie, there's a -nodn switch mc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Friday, May 06, 2005 10:37 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADFind syntax Hey Joe; I have a question for you (or anyone else who knows!) about ADFind. Let's say I'm searching for, for example, a list of users (samaccountname) in an OU. I run the query, and it comes back with the DN and the attribute value. Is there a way to make it not display the DN? I sometimes need to make lists that will export quickly to a doc for non-admins to read, and the DN throws them off. :-) I can export to a spreadsheet and trim it, but I thought perhaps there's a native way to do it... I figured out how to do this in dsquery; dsquery user ou=employees,dc=domain,dc=com -scope onelevel -limit 1000 | dsget user -display Can something like that be done with ADFind? Thanks... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADFind syntax
Hi Charlie, I think you'll find in version 1.26 there is a -nodn parameter. Regards, William King Global Directory Services REXAM PLC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: 06 May 2005 15:37 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADFind syntax Hey Joe; I have a question for you (or anyone else who knows!) about ADFind. Let's say I'm searching for, for example, a list of users (samaccountname) in an OU. I run the query, and it comes back with the DN and the attribute value. Is there a way to make it not display the DN? I sometimes need to make lists that will export quickly to a doc for non-admins to read, and the DN throws them off. :-) I can export to a spreadsheet and trim it, but I thought perhaps there's a native way to do it... I figured out how to do this in dsquery; dsquery user ou=employees,dc=domain,dc=com -scope onelevel -limit 1000 | dsget user -display Can something like that be done with ADFind? Thanks... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please do not distribute, copy or use this communication or the information. Instead, if you have received this communication in error, please notify the sender immediately and then destroy any copies of it. Due to the nature of the Internet, the sender is unable to ensure the integrity of this message and does not accept any liability or responsibility for any errors or omissions (whether as the result of this message having been intercepted or otherwise) in the contents of this message. Any views expressed in this communication are those of the individual sender, except where the sender specifically states them to be the views of the company. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADFind syntax
Take a peek at-nodnand-nolabelLike for instance, this command below will enumerate the users container of your default AD Domain.[Fri 05/06/2005 10:53:51.31]C:\WINDOWSadfind -default -rb cn=users -f objectcategory=person samaccountname -nodn -nolabel -sort samaccountnameAdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005Using server: 2k3dc01.joe.comDirectory: Windows Server 2003Base DN: cn=users,DC=joe,DC=com$DUPLICATE-849$H58000-PDEK6C738BLV$J58000-PM5VL80J7CCD$K58000-IUM54EF5VB7G$L58000-H1T8686D8OMB$T15000-SRL518C6RR12acltestuseradminidAdministratorADUserblankbobuserbobuserDENYCHILD1$collisiondeletemeGPOTestGuestjoebobjoedeletetestjoedoejoeschematestjoetestjoetestuser2joetestuser3jsmithkayuserkrbtgtkusernormalpermNormalUserridtest1ridtest2ridtest3someusersomeuseradmodSUPPORT_388945a0tuser39 Objects returned[Fri 05/06/2005 10:53:55.87]C:\WINDOWS-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charlie KaiserSent: Friday, May 06, 2005 10:37 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] ADFind syntaxHey Joe; I have a question for you (or anyone else who knows!) about ADFind.Let's say I'm searching for, for example, a list of users(samaccountname) in an OU. I run the query, and it comes back with the DN and the attribute value.Is there a way to make it not display the DN? I sometimes need to make lists that will export quickly to a doc for non-admins to read, and the DN throws them off. :-) I can export to a spreadsheet and trim it, but I thought perhaps there's a native way to do it...I figured out how to do this in dsquery; dsquery user ou=employees,dc=domain,dc=com -scope onelevel -limit 1000 | dsget user -displayCan something like that be done with ADFind?Thanks...**Charlie KaiserMCSE, CCNASystems EngineerEssex Credit / Brickwalk510 595 5083**List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADFind syntax
Ah. THAT'S why I couldn't get it to work. I was on 1.20. Many thanks... Works perfectly now, and, I might add, faster than DSQuery... :-) ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of King, William Sent: Friday, May 06, 2005 7:48 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADFind syntax Hi Charlie, I think you'll find in version 1.26 there is a -nodn parameter. Regards, William King Global Directory Services REXAM PLC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: 06 May 2005 15:37 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADFind syntax Hey Joe; I have a question for you (or anyone else who knows!) about ADFind. Let's say I'm searching for, for example, a list of users (samaccountname) in an OU. I run the query, and it comes back with the DN and the attribute value. Is there a way to make it not display the DN? I sometimes need to make lists that will export quickly to a doc for non-admins to read, and the DN throws them off. :-) I can export to a spreadsheet and trim it, but I thought perhaps there's a native way to do it... I figured out how to do this in dsquery; dsquery user ou=employees,dc=domain,dc=com -scope onelevel -limit 1000 | dsget user -display Can something like that be done with ADFind? Thanks... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please do not distribute, copy or use this communication or the information. Instead, if you have received this communication in error, please notify the sender immediately and then destroy any copies of it. Due to the nature of the Internet, the sender is unable to ensure the integrity of this message and does not accept any liability or responsibility for any errors or omissions (whether as the result of this message having been intercepted or otherwise) in the contents of this message. Any views expressed in this communication are those of the individual sender, except where the sender specifically states them to be the views of the company. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADFind syntax
Yeah; found those once I got to the newest version. :-) See what I get for not getting the latest and greatest? G Thanks! ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, May 06, 2005 7:56 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADFind syntax Take a peek at -nodn and -nolabel Like for instance, this command below will enumerate the users container of your default AD Domain. [Fri 05/06/2005 10:53:51.31] C:\WINDOWSadfind -default -rb cn=users -f objectcategory=person samaccountname -nodn -nolabel -sort samaccountname AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005 Using server: 2k3dc01.joe.com Directory: Windows Server 2003 Base DN: cn=users,DC=joe,DC=com $DUPLICATE-849 $H58000-PDEK6C738BLV $J58000-PM5VL80J7CCD $K58000-IUM54EF5VB7G $L58000-H1T8686D8OMB $T15000-SRL518C6RR12 acltestuser adminid Administrator ADUser blank bobuser bobuserDENY CHILD1$ collision deleteme GPOTest Guest joebob joedeletetest joedoe joeschematest joetest joetestuser2 joetestuser3 jsmith kayuser krbtgt kuser normalperm NormalUser ridtest1 ridtest2 ridtest3 someuser someuseradmod SUPPORT_388945a0 tuser 39 Objects returned [Fri 05/06/2005 10:53:55.87] C:\WINDOWS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Friday, May 06, 2005 10:37 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADFind syntax Hey Joe; I have a question for you (or anyone else who knows!) about ADFind. Let's say I'm searching for, for example, a list of users (samaccountname) in an OU. I run the query, and it comes back with the DN and the attribute value. Is there a way to make it not display the DN? I sometimes need to make lists that will export quickly to a doc for non-admins to read, and the DN throws them off. :-) I can export to a spreadsheet and trim it, but I thought perhaps there's a native way to do it... I figured out how to do this in dsquery; dsquery user ou=employees,dc=domain,dc=com -scope onelevel -limit 1000 | dsget user -display Can something like that be done with ADFind? Thanks... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Can Ms Exchange server send alert to Front end when his own state is unhealthy ?
What can we do about the fact that when MS Exchange Server detects that it is unhealthy it will notify the front-end of same and stop traffic? Thanks, manjeet
[ActiveDir] MAC Spoofing
As the entire Address Resolution Protocol [ARP] is based on matching IP addresses with MAC addresses for identification. So what are MAC Spoofing options or workaround ??
[ActiveDir] Odd exchange error
Hey all I have an issue with Microsoft Exchange Server 2000 Enterprise running on a Win2K AD box. In the event viewer I keep getting this error message: Error 0x7da occurred while rendering message 0001-76cb for download for user [EMAIL PROTECTED] This error is repeating every few seconds when the user has his email client (Outlook Express 6) opened and this goes on since a few ago. It is always the 0001-76cb message. Can I delete that message somehow? How? What does the number 0001-76cb mean and how can I access the specific message? Thank you very much for your answer. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video NOTICE OF CONFIDENTIALITY This document and its attachments are intended for the named addressee(s) only. They contain information which may be Confidential, privileged and/or exempt from disclosure. Unless you are the named addressee (or authorized to receive this document and/or its attachment(s) or its contents on behalf of the addressee,) you may not read, copy, use, or disclose the document and/or its attachment(s) or its contents. The unauthorized use, copying or disclosure of this document and/or its attachment(s) or its contents is strictly prohibited and may be unlawful. Alpha Video and Audio inc. disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message. Messages and attachments are not scanned for all known viruses. If you have received this document and/or its attachment(s) by mistake, please notify the sender by telephone immediately at 952-896-9898 or by e-mail at [EMAIL PROTECTED] and destroy immediately all physical and/or electronic copies of the document and its attachment(s). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Odd exchange error
On 5/6/05, John Parker [EMAIL PROTECTED] wrote: Hey all I have an issue with Microsoft Exchange Server 2000 Enterprise running on a Win2K AD box. In the event viewer I keep getting this error message: Error 0x7da occurred while rendering message 0001-76cb for download for user [EMAIL PROTECTED] This error is repeating every few seconds when the user has his email client (Outlook Express 6) opened and this goes on since a few ago. It is always the 0001-76cb message. Can I delete that message somehow? How? What does the number 0001-76cb mean and how can I access the specific message? Send us your event ID #, and then look it up at eventid.net ...D List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Can Ms Exchange server send alert to Front end when his own state is unhealthy ?
Fix it. Seriously - I'm not sure what your question is. -Original Message- From: Manjeet Singh[EMAIL PROTECTED] Sent: 5/6/05 11:22:46 AM To: ActiveDir@mail.activedir.orgActiveDir@mail.activedir.org Subject: [ActiveDir] Can Ms Exchange server send alert to Front end when his own state is unhealthy ? What can we do about the fact that when MS Exchange Server detects that it is unhealthy it will notify the front-end of same and stop traffic? Thanks, manjeet List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS vs. Hosts File
The courses of action that I would reccomend: 1. Escort him out and have all of the locks changed. 2. Hand him a legal pad and a pen. Tell him it's his new Tablet PC with Handwriting Recognition Software. Good luck, Dan. Dave //SIGNED// David J. Perdue From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Thursday, May 05, 2005 13:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DNS vs. Hosts File Recently, one of my colleagues and I got into a discussion about DNS vs. hosts files in AD. He has configured the hosts file on all of our domain controllers (Windows 2000 AD in native mode) to point to other DCs. One of our DCs was moved to another site and the hosts file on a DC was not changed to point to the moved DC on its new subnet this obviously resulted in NTFRS errors. Anyway, after this I got into a discussion with my boss about the need of the hosts file in AD. It is my position that the hosts file is no longer necessary and should not really be used in AD and is only included for backward-compatibility, testing and for certain special instances. It is his position that DNS is untrustworthy and that the hosts file should be configured as a backup in case DNS goes down. My response to this was twofold 1. the hosts file is queried before DNS so it is not really a backup, it is a primary method of name-resolution, plus, it does not support SRV records; 2. DNS is the foundation of AD and if it goes down, AD will not work correctly anyway. Plus, that is the reason for secondary DNS servers, of which we have several. Could anyone point to any documentation that discusses the role of the hosts file in AD and also include your own opinions and comments. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Odd exchange error
Interesting. There was a post in an mcse forum abd pub groups that was almost verbatim but by a different person named Matjaz with the same message number http://www.mcse.ms/archive76-2005-3-1501769.html Error 0x7da occurred while rendering message 0001-76cb for download for user [EMAIL PROTECTED] This error is repeating every minute when the user has his email client (Outlook Express 6) opened and this goes on since 14 days ago. It is always the 0001-76cb message. Can I delete that message somehow? How? What does the number 0001-76cb mean and how can I access the specific message? Thank you very much for your answer. Possibly touch base with that person and see if you can find similarities... Alternatively check out http://techrepublic.com.com/5100-6345-5108373.html If your clients use POP3 to retrieve mail from an Exchange 2000 or Exchange 2003 server, you may receive an error message that's similar to the following: Event ID: 1023 Event Source: POP3SVC Event Type: Error Event Category: Content Engine Description: Error 0x7d6 occurred while rendering message 0001-007d063a for download for user [EMAIL PROTECTED] A configuration problem on the client's computer is the cause of this error message. Outlook clients configured with both the Internet E-mail and Microsoft Exchange Server services in their profile generate such errors. The client computer pulls mail down using POP3. If the Exchange service attempts to access a message that the user has already deleted via POP3, the server generates the 1023 error message. While this error isn't harmful, 1023 events can fill the application log quickly, making troubleshooting other problems more difficult. To get rid of 1023 errors, configure the Outlook client to use only one service in the profile. If a user needs both services, configure a separate profile for each service. Once the client uses only one service per profile, the annoying 1023 error messages will go away. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: Friday, May 06, 2005 11:25 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Odd exchange error Hey all I have an issue with Microsoft Exchange Server 2000 Enterprise running on a Win2K AD box. In the event viewer I keep getting this error message: Error 0x7da occurred while rendering message 0001-76cb for download for user [EMAIL PROTECTED] This error is repeating every few seconds when the user has his email client (Outlook Express 6) opened and this goes on since a few ago. It is always the 0001-76cb message. Can I delete that message somehow? How? What does the number 0001-76cb mean and how can I access the specific message? Thank you very much for your answer. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video NOTICE OF CONFIDENTIALITY This document and its attachments are intended for the named addressee(s) only. They contain information which may be Confidential, privileged and/or exempt from disclosure. Unless you are the named addressee (or authorized to receive this document and/or its attachment(s) or its contents on behalf of the addressee,) you may not read, copy, use, or disclose the document and/or its attachment(s) or its contents. The unauthorized use, copying or disclosure of this document and/or its attachment(s) or its contents is strictly prohibited and may be unlawful. Alpha Video and Audio inc. disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message. Messages and attachments are not scanned for all known viruses. If you have received this document and/or its attachment(s) by mistake, please notify the sender by telephone immediately at 952-896-9898 or by e-mail at [EMAIL PROTECTED] and destroy immediately all physical and/or electronic copies of the document and its attachment(s). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] MAC Spoofing
Options? As in what tools can you use to do it? http://www.klcconsulting.net/smac Options? As in why do it? Plenty. When I was growing up we used it to share connections, although the ISP thought we were stealing bandwidth and that it was illegal. Whatever! It's been known to also be a favorite MIM attack. It's been known to be used heavily in getting around Proxies. It's also been known to have caused plenty of troubles for innocent by-standers who have been joe-jobbed by unscrupulous admins in retaliation or for amusements. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Manjeet Singh Sent: Fri 5/6/2005 8:09 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MAC Spoofing As the entire Address Resolution Protocol [ARP] is based on matching IP addresses with MAC addresses for identification. So what are MAC Spoofing options or workaround ?? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Query-based Distribution Lists
Everyone, I have created three Query-based distribution lists and they are not showing up in the GAL. How can I get them so that they do? I am using Outlook XP and I am running Exchange 2003 on a Windows 2003 box inside of a Windows 2000 domain. Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, May 06, 2005 11:35 AM To: [EMAIL PROTECTED] Subject: RE: [Exchange2000] Query-based Distribution Lists It may also help to mention that I am running Exchange 2003 on a Windows 2003 box inside of a Windows 2000 domain. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy David Sent: Thursday, May 05, 2005 9:34 PM To: [EMAIL PROTECTED] Subject: RE: [Exchange2000] Query-based Distribution Lists Using Outlook in cache mode? Rebuild the OAB on the Exchange Server and download it to Outlook. Tools/Send and Receive/Download Address Book -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Thursday, May 05, 2005 3:03 PM To: [EMAIL PROTECTED] Subject: [Exchange2000] Query-based Distribution Lists Everyone, I have created three Query-based distribution lists and they are not showing up in the GAL. How can I get them so that they do? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] Post message: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] Exchange 2000 FAQ: http://www.exchange-mail.org/faq.html Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/Exchange2000/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service http://docs.yahoo.com/info/terms/ . Post message: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] Exchange 2000 FAQ: http://www.exchange-mail.org/faq.html Yahoo! Groups Links Post message: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] Exchange 2000 FAQ: http://www.exchange-mail.org/faq.html Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/Exchange2000/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SID History Filtering
I have bad news for you, do not put your self in such a situation. You should always do such a migration off hours. My suggestion to you is to use Microsoft's Active Directory Migration Tool 2.0 http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6cDisplayLang=en NetIQ and Quest also have a tool with enhanced features. Regards, Jose Medeiros -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of packmanSent: Friday, May 06, 2005 7:05 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] SID History FilteringI'm working at a client with what I think is a unique set of circumstances.Instead of upgrading their existing NT 4.0 Domain to AD, they instead, created a new AD structure and left the NT 4.0 Domain in production. Almost all of the users are still logging into the 4.0 domain (4d) still, due to the fact that their resources are still in that domain. My role in all this is getting the servers in 4d moved to AD without causing disruption to those users. All of the 4d ID's were pulled into the AD structure. Someone mentioned to me that we could use SID History filtering, and in on fail swoop, move all the 4d servers over to AD, less the DC's and everything should still work with the users logging in to 4d. Is this the case?
[ActiveDir] Cannot publish printer(s)
Having trouble publishing printers. When I go to the Wizard at the root the process asks me for the pre-2000 UNC which is normal but cannot continue the operation from either print server saying that I need to go to the printer folder, which for all accounts does not exist. Have I missed something terribly basic? Niether machine is directly attached to a PC but using JetDirect instead. Both print normally by choosing either printer. Both have list in directory activated. Heres the players: HP LaserJet 4700 with internal JetDirect card HP LaserJet3030 with a JetDirect 500x Brent Eads Employee Technology Solutions, Inc.
Re: [ActiveDir] SID History Filtering
After the migration of a user (using ADMT or any third party migration tool), you can still access the resources in NT 4.0 using SID History (not SID Filtering!). You have to Re-ACL (Security Translation) the resources using the migrated account before removing the SID History. Then you can move all resource servers to new AD Domain. Regarding the SID Filtering, in windows 2000 SP4 and Windows 2003, SID Filtering is enabled by default. It is a best practice to enable SID Filtering because of the security reasons. But during the migration, especially if you are using SID History, you have to disable SID Filtering. But make sure to enable after the complete migration. HTH Santhosh Santhosh Sivarajan MCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+ Houston, TX On 5/6/05, Medeiros, Jose [EMAIL PROTECTED] wrote: I have bad news for you, do not put your self in such a situation. You should always do such a migration off hours. My suggestion to you is to use Microsoft's Active Directory Migration Tool 2.0 http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6cDisplayLang=en NetIQ and Quest also have a tool with enhanced features. Regards, Jose Medeiros -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of packman Sent: Friday, May 06, 2005 7:05 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SID History Filtering I'm working at a client with what I think is a unique set of circumstances. Instead of upgrading their existing NT 4.0 Domain to AD, they instead, created a new AD structure and left the NT 4.0 Domain in production. Almost all of the users are still logging into the 4.0 domain (4d) still, due to the fact that their resources are still in that domain. My role in all this is getting the servers in 4d moved to AD without causing disruption to those users. All of the 4d ID's were pulled into the AD structure. Someone mentioned to me that we could use SID History filtering, and in on fail swoop, move all the 4d servers over to AD, less the DC's and everything should still work with the users logging in to 4d. Is this the case? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP client(OT)
Have you tried removing the Nic restarting XP and re-adding so it rebinds to the TCP/IP stack? Jose - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 9:59 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DHCP client(OT) I have a windows xp box that can't start the dhcp client service. I get an event id 1004 -The DHCP client is shutting down. The following error occured: The system cannot find the file specified. I went thru the steps in this MS kb- http://support.microsoft.com/default.aspx?scid=kb;en-us;822123 Also, i ran netsh int ip reset reset.log to reset the tcp/ip stack. Still no go. When i run ipconfig, i get An internal error occured: The system cannot find the file specified Even if I give the box a static address, i still get the same error. The dhcp client services is stuck in starting in services.msc. Anything else I can do to troubleshoot further? Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP client(OT)
Its a laptop. The nic is on board. I disabled and renabled it. Should i uninstall the drivers? I havn't tried that yet... Medeiros, Jose wrote: Have you tried removing the Nic restarting XP and re-adding so it rebinds to the TCP/IP stack? Jose - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 9:59 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DHCP client(OT) I have a windows xp box that can't start the dhcp client service. I get an event id 1004 -The DHCP client is shutting down. The following error occured: The system cannot find the file specified. I went thru the steps in this MS kb- http://support.microsoft.com/default.aspx?scid=kb;en-us;822123 Also, i ran netsh int ip reset reset.log to reset the tcp/ip stack. Still no go. When i run ipconfig, i get An internal error occured: The system cannot find the file specified Even if I give the box a static address, i still get the same error. The dhcp client services is stuck in starting in services.msc. Anything else I can do to troubleshoot further? Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP client(OT)
Yes.. I would try that first, and make sure that you have the lateset driver from your vendors web site. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 10:20 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP client(OT) Its a laptop. The nic is on board. I disabled and renabled it. Should i uninstall the drivers? I havn't tried that yet... Medeiros, Jose wrote: Have you tried removing the Nic restarting XP and re-adding so it rebinds to the TCP/IP stack? Jose - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 9:59 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DHCP client(OT) I have a windows xp box that can't start the dhcp client service. I get an event id 1004 -The DHCP client is shutting down. The following error occured: The system cannot find the file specified. I went thru the steps in this MS kb- http://support.microsoft.com/default.aspx?scid=kb;en-us;822123 Also, i ran netsh int ip reset reset.log to reset the tcp/ip stack. Still no go. When i run ipconfig, i get An internal error occured: The system cannot find the file specified Even if I give the box a static address, i still get the same error. The dhcp client services is stuck in starting in services.msc. Anything else I can do to troubleshoot further? Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] SID History Filtering
The problem is, we have no intention of migrating the users, as we used MSDSS to pull the users into the new AD structure from Novell...sorry I failed to mention that previously. -ArtOn 5/6/05, Santhosh Sivarajan [EMAIL PROTECTED] wrote: After the migration of a user (using ADMT or any third party migrationtool), you can still access the resources in NT 4.0 using SID History(not SID Filtering!).You have to Re-ACL (Security Translation) theresources using the migrated account before removing the SID History. Then you can move all resource servers to new AD Domain.Regarding the SID Filtering, in windows 2000 SP4 and Windows 2003, SIDFiltering is enabled by default.It is a best practice to enable SIDFiltering because of the security reasons.But during the migration, especially if you are using SID History, you have to disable SIDFiltering.But make sure to enable after the complete migration.HTHSanthoshSanthosh SivarajanMCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+ Houston, TXOn 5/6/05, Medeiros, Jose [EMAIL PROTECTED] wrote: I have bad news for you, do not put your self in such a situation. You should always do such a migration off hours. My suggestion to you is to use Microsoft's Active Directory Migration Tool 2.0 http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6cDisplayLang=en NetIQ and Quest also have a tool with enhanced features. Regards, Jose Medeiros -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]]On Behalf Of packman Sent: Friday, May 06, 2005 7:05 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SID History Filtering I'm working at a client with what I think is a unique set of circumstances. Instead of upgrading their existing NT 4.0 Domain to AD, they instead, created a new AD structure and left the NT 4.0 Domain in production.Almost all of the users are still logging into the 4.0 domain (4d) still, due to the fact that their resources are still in that domain.My role in all this is getting the servers in 4d moved to AD without causing disruption to those users.All of the 4d ID's were pulled into the AD structure.Someone mentioned to me that we could use SID History filtering, and in on fail swoop, move all the 4d servers over to AD, less the DC's and everything should still work with the users logging in to 4d.Is this the case?List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP client(OT)
Sorry, I screwed up I did reinstall the drivers(twice) and installed another nic pc card and got the same error. thanks Medeiros, Jose wrote: Yes.. I would try that first, and make sure that you have the lateset driver from your vendors web site. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 10:20 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP client(OT) Its a laptop. The nic is on board. I disabled and renabled it. Should i uninstall the drivers? I havn't tried that yet... Medeiros, Jose wrote: Have you tried removing the Nic restarting XP and re-adding so it rebinds to the TCP/IP stack? Jose - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 9:59 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DHCP client(OT) I have a windows xp box that can't start the dhcp client service. I get an event id 1004 -The DHCP client is shutting down. The following error occured: The system cannot find the file specified. I went thru the steps in this MS kb- http://support.microsoft.com/default.aspx?scid=kb;en-us;822123 Also, i ran netsh int ip reset reset.log to reset the tcp/ip stack. Still no go. When i run ipconfig, i get An internal error occured: The system cannot find the file specified Even if I give the box a static address, i still get the same error. The dhcp client services is stuck in starting in services.msc. Anything else I can do to troubleshoot further? Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SID History Filtering
I thought you indicated the users were on NT4? If so, I might have a tool I haven't publicly published that can populate SID Histories but will require a trust. I will have to dig around, it was something I started playing with and then dropped it because something else came up. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of packmanSent: Friday, May 06, 2005 1:27 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] SID History Filtering The problem is, we have no intention of migrating the users, as we used MSDSS to pull the users into the new AD structure from Novell...sorry I failed to mention that previously.-Art On 5/6/05, Santhosh Sivarajan [EMAIL PROTECTED] wrote: After the migration of a user (using ADMT or any third party migrationtool), you can still access the resources in NT 4.0 using SID History(not SID Filtering!).You have to Re-ACL (Security Translation) theresources using the migrated account before removing the SID History. Then you can move all resource servers to new AD Domain.Regarding the SID Filtering, in windows 2000 SP4 and Windows 2003, SIDFiltering is enabled by default.It is a best practice to enable SIDFiltering because of the security reasons.But during the migration, especially if you are using SID History, you have to disable SIDFiltering.But make sure to enable after the complete migration.HTHSanthoshSanthosh SivarajanMCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+ Houston, TXOn 5/6/05, Medeiros, Jose [EMAIL PROTECTED] wrote: I have bad news for you, do not put your self in such a situation. You should always do such a migration off hours. My suggestion to you is to use Microsoft's Active Directory Migration Tool 2.0 http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6cDisplayLang=en NetIQ and Quest also have a tool with enhanced features. Regards, Jose Medeiros -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]]On Behalf Of packman Sent: Friday, May 06, 2005 7:05 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SID History Filtering I'm working at a client with what I think is a unique set of circumstances. Instead of upgrading their existing NT 4.0 Domain to AD, they instead, created a new AD structure and left the NT 4.0 Domain in production.Almost all of the users are still logging into the 4.0 domain (4d) still, due to the fact that their resources are still in that domain.My role in all this is getting the servers in 4d moved to AD without causing disruption to those users.All of the 4d ID's were pulled into the AD structure.Someone mentioned to me that we could use SID History filtering, and in on fail swoop, move all the 4d servers over to AD, less the DC's and everything should still work with the users logging in to 4d.Is this the case?List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] SID History Filtering
We have the 4d, which is managed by NDS4NT (Account Mgmt). What was done at the beginning of this project was they took MSDSS and sucked out all the NDS/NT info into AD and then turned MSDSS off when it started to corrupt AD (this is what I was told). Now we are maintaining 3 logins/user, one NT4, one NDS and one AD. In reality, 95% of the users are still 4d and NDS. Most of the resources for these folks are still in the 4d domain, so we are slowly moving the servers over to AD (which has a 2-way trust with 4d), and as we do this, we are applying permissions using DL groups(including users from th 4d domain) to the resources.On 5/6/05, joe [EMAIL PROTECTED] wrote: I thought you indicated the users were on NT4? If so, I might have a tool I haven't publicly published that can populate SID Histories but will require a trust. I will have to dig around, it was something I started playing with and then dropped it because something else came up. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of packmanSent: Friday, May 06, 2005 1:27 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] SID History Filtering The problem is, we have no intention of migrating the users, as we used MSDSS to pull the users into the new AD structure from Novell...sorry I failed to mention that previously.-Art On 5/6/05, Santhosh Sivarajan [EMAIL PROTECTED] wrote: After the migration of a user (using ADMT or any third party migrationtool), you can still access the resources in NT 4.0 using SID History(not SID Filtering!).You have to Re-ACL (Security Translation) theresources using the migrated account before removing the SID History. Then you can move all resource servers to new AD Domain.Regarding the SID Filtering, in windows 2000 SP4 and Windows 2003, SIDFiltering is enabled by default.It is a best practice to enable SIDFiltering because of the security reasons.But during the migration, especially if you are using SID History, you have to disable SIDFiltering.But make sure to enable after the complete migration.HTHSanthoshSanthosh SivarajanMCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+ Houston, TXOn 5/6/05, Medeiros, Jose [EMAIL PROTECTED] wrote: I have bad news for you, do not put your self in such a situation. You should always do such a migration off hours. My suggestion to you is to use Microsoft's Active Directory Migration Tool 2.0 http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6cDisplayLang=en NetIQ and Quest also have a tool with enhanced features. Regards, Jose Medeiros -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]]On Behalf Of packman Sent: Friday, May 06, 2005 7:05 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SID History Filtering I'm working at a client with what I think is a unique set of circumstances. Instead of upgrading their existing NT 4.0 Domain to AD, they instead, created a new AD structure and left the NT 4.0 Domain in production.Almost all of the users are still logging into the 4.0 domain (4d) still, due to the fact that their resources are still in that domain.My role in all this is getting the servers in 4d moved to AD without causing disruption to those users.All of the 4d ID's were pulled into the AD structure.Someone mentioned to me that we could use SID History filtering, and in on fail swoop, move all the 4d servers over to AD, less the DC's and everything should still work with the users logging in to 4d.Is this the case?List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP client(OT)
Try this: Every experienced network guru knows that quite often the problem with a faulty network connectio is due to the TCP/IP stack being corrupted or not properly bound. Starting with WinXP Microsoft has disabled the ability to uninstall TCP/IP. So what are you to do if you suspect that all that is needed is a clean install of the TCP/IP stack? Luckily it is fairly easy to rebuild the stack to the prsitine conditions that it was in on a clean install using the NetShell utiltiy. Here is how: Go to your command prompt and type the following: netsh int ip reset [ log_file_name ] A log file name must be specified in order to succesfully execute the netsh command. This file will log all the actions taken by netsh. Sample: netsh int ip reset resetlog.txt netsh int ip reset c:\resetlog.txt The only difference between these two is that the first will create the log in the current directory while the second specifies where tho log is to be created. After creating the log you can use notepad or any other text editor to see exactly what changes were made. I got this from this website: http://www.mikeshardware.com/howtos/tips_xp/#anchor12531 Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Friday, May 06, 2005 1:34 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP client(OT) Sorry, I screwed up I did reinstall the drivers(twice) and installed another nic pc card and got the same error. thanks Medeiros, Jose wrote: Yes.. I would try that first, and make sure that you have the lateset driver from your vendors web site. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 10:20 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP client(OT) Its a laptop. The nic is on board. I disabled and renabled it. Should i uninstall the drivers? I havn't tried that yet... Medeiros, Jose wrote: Have you tried removing the Nic restarting XP and re-adding so it rebinds to the TCP/IP stack? Jose - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 9:59 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DHCP client(OT) I have a windows xp box that can't start the dhcp client service. I get an event id 1004 -The DHCP client is shutting down. The following error occured: The system cannot find the file specified. I went thru the steps in this MS kb- http://support.microsoft.com/default.aspx?scid=kb;en-us;822123 Also, i ran netsh int ip reset reset.log to reset the tcp/ip stack. Still no go. When i run ipconfig, i get An internal error occured: The system cannot find the file specified Even if I give the box a static address, i still get the same error. The dhcp client services is stuck in starting in services.msc. Anything else I can do to troubleshoot further? Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SID History Filtering
I read the post from the other guys and I understand you also have a Novell environment and it is not that simple if you're migrating from Novell and NT4 to AD. For this you also need two migration tools. Before I say something I have the following questions for you: * What is the purpose of the Novell environment? What is it used for? (software distribution, file and print services, etc.) * What is the purpose of the NT4 environment? What is it used for? (software distribution, file and print services, applications like SQL, etc.) * What resources are in which environment? * Is the login name in novell the same as the login name in NT4? I have done such migrations and your plan depends on how your current environment is used. Most of the times Novell is used for file and print services and software distribution (zenworks) and NT4 is used for application services like SQL and others #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 5/6/2005 4:05 PM Subject: [ActiveDir] SID History Filtering I'm working at a client with what I think is a unique set of circumstances. Instead of upgrading their existing NT 4.0 Domain to AD, they instead, created a new AD structure and left the NT 4.0 Domain in production. Almost all of the users are still logging into the 4.0 domain (4d) still, due to the fact that their resources are still in that domain. My role in all this is getting the servers in 4d moved to AD without causing disruption to those users. All of the 4d ID's were pulled into the AD structure. Someone mentioned to me that we could use SID History filtering, and in on fail swoop, move all the 4d servers over to AD, less the DC's and everything should still work with the users logging in to 4d. Is this the case? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADFind syntax
use the option -nodn #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 5/6/2005 4:37 PM Subject: [ActiveDir] ADFind syntax Hey Joe; I have a question for you (or anyone else who knows!) about ADFind. Let's say I'm searching for, for example, a list of users (samaccountname) in an OU. I run the query, and it comes back with the DN and the attribute value. Is there a way to make it not display the DN? I sometimes need to make lists that will export quickly to a doc for non-admins to read, and the DN throws them off. :-) I can export to a spreadsheet and trim it, but I thought perhaps there's a native way to do it... I figured out how to do this in dsquery; dsquery user ou=employees,dc=domain,dc=com -scope onelevel -limit 1000 | dsget user -display Can something like that be done with ADFind? Thanks... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADFind syntax
who knows it better than its creator??? ;-)) #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 5/6/2005 4:56 PM Subject: RE: [ActiveDir] ADFind syntax Take a peek at -nodn and -nolabel Like for instance, this command below will enumerate the users container of your default AD Domain. [Fri 05/06/2005 10:53:51.31] C:\WINDOWSadfind -default -rb cn=users -f objectcategory=person samaccountname -nodn -nolabel -sort samaccountname AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005 Using server: 2k3dc01.joe.com Directory: Windows Server 2003 Base DN: cn=users,DC=joe,DC=com $DUPLICATE-849 $H58000-PDEK6C738BLV $J58000-PM5VL80J7CCD $K58000-IUM54EF5VB7G $L58000-H1T8686D8OMB $T15000-SRL518C6RR12 acltestuser adminid Administrator ADUser blank bobuser bobuserDENY CHILD1$ collision deleteme GPOTest Guest joebob joedeletetest joedoe joeschematest joetest joetestuser2 joetestuser3 jsmith kayuser krbtgt kuser normalperm NormalUser ridtest1 ridtest2 ridtest3 someuser someuseradmod SUPPORT_388945a0 tuser 39 Objects returned [Fri 05/06/2005 10:53:55.87] C:\WINDOWS -Original Message- From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] On Behalf Of Charlie Kaiser Sent: Friday, May 06, 2005 10:37 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADFind syntax Hey Joe; I have a question for you (or anyone else who knows!) about ADFind. Let's say I'm searching for, for example, a list of users (samaccountname) in an OU. I run the query, and it comes back with the DN and the attribute value. Is there a way to make it not display the DN? I sometimes need to make lists that will export quickly to a doc for non-admins to read, and the DN throws them off. :-) I can export to a spreadsheet and trim it, but I thought perhaps there's a native way to do it... I figured out how to do this in dsquery; dsquery user ou=employees,dc=domain,dc=com -scope onelevel -limit 1000 | dsget user -display Can something like that be done with ADFind? Thanks... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/List.aspx http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP client(OT)
I guess you didn't read my email I tried that already. thanks Burkes, Jeremy wrote: Try this: Every experienced network guru knows that quite often the problem with a faulty network connectio is due to the TCP/IP stack being corrupted or not properly bound. Starting with WinXP Microsoft has disabled the ability to uninstall TCP/IP. So what are you to do if you suspect that all that is needed is a clean install of the TCP/IP stack? Luckily it is fairly easy to rebuild the stack to the prsitine conditions that it was in on a clean install using the NetShell utiltiy. Here is how: Go to your command prompt and type the following: netsh int ip reset [ log_file_name ] A log file name must be specified in order to succesfully execute the netsh command. This file will log all the actions taken by netsh. Sample: netsh int ip reset resetlog.txt netsh int ip reset c:\resetlog.txt The only difference between these two is that the first will create the log in the current directory while the second specifies where tho log is to be created. After creating the log you can use notepad or any other text editor to see exactly what changes were made. I got this from this website: http://www.mikeshardware.com/howtos/tips_xp/#anchor12531 Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Friday, May 06, 2005 1:34 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP client(OT) Sorry, I screwed up I did reinstall the drivers(twice) and installed another nic pc card and got the same error. thanks Medeiros, Jose wrote: Yes.. I would try that first, and make sure that you have the lateset driver from your vendors web site. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 10:20 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP client(OT) Its a laptop. The nic is on board. I disabled and renabled it. Should i uninstall the drivers? I havn't tried that yet... Medeiros, Jose wrote: Have you tried removing the Nic restarting XP and re-adding so it rebinds to the TCP/IP stack? Jose - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 9:59 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DHCP client(OT) I have a windows xp box that can't start the dhcp client service. I get an event id 1004 -The DHCP client is shutting down. The following error occured: The system cannot find the file specified. I went thru the steps in this MS kb- http://support.microsoft.com/default.aspx?scid=kb;en-us;822123 Also, i ran netsh int ip reset reset.log to reset the tcp/ip stack. Still no go. When i run ipconfig, i get An internal error occured: The system cannot find the file specified Even if I give the box a static address, i still get the same error. The dhcp client services is stuck in starting in services.msc. Anything else I can do to troubleshoot further? Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SID History Filtering
If I am understanding you correctly ( You have left out a lot of details ) then it sounds like you have users with duplicate accounts ( one on a NT4 domain and one in a 2003 AD domain ) and if so I am sure that you are using the same passwords so that they can do pass through authentication, however you will have issue's with a users local profile (The accounts have different SIDS )if you do not migrate to the 2003 AD using ADMT and plan on decommissioning the NT4 domain. The other alternative is to move the desktops manually by joining the new domain and migrating the local profile to the new profile created when the login to the 2003 active directory domain. Good Luck! Jose Medeiros - -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of packmanSent: Friday, May 06, 2005 10:27 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] SID History FilteringThe problem is, we have no intention of migrating the users, as we used MSDSS to pull the users into the new AD structure from Novell...sorry I failed to mention that previously.-Art On 5/6/05, Santhosh Sivarajan [EMAIL PROTECTED] wrote: After the migration of a user (using ADMT or any third party migrationtool), you can still access the resources in NT 4.0 using SID History(not SID Filtering!).You have to Re-ACL (Security Translation) theresources using the migrated account before removing the SID History. Then you can move all resource servers to new AD Domain.Regarding the SID Filtering, in windows 2000 SP4 and Windows 2003, SIDFiltering is enabled by default.It is a best practice to enable SIDFiltering because of the security reasons.But during the migration, especially if you are using SID History, you have to disable SIDFiltering.But make sure to enable after the complete migration.HTHSanthoshSanthosh SivarajanMCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+ Houston, TXOn 5/6/05, Medeiros, Jose [EMAIL PROTECTED] wrote: I have bad news for you, do not put your self in such a situation. You should always do such a migration off hours. My suggestion to you is to use Microsoft's Active Directory Migration Tool 2.0 http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6cDisplayLang=en NetIQ and Quest also have a tool with enhanced features. Regards, Jose Medeiros -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]]On Behalf Of packman Sent: Friday, May 06, 2005 7:05 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SID History Filtering I'm working at a client with what I think is a unique set of circumstances. Instead of upgrading their existing NT 4.0 Domain to AD, they instead, created a new AD structure and left the NT 4.0 Domain in production.Almost all of the users are still logging into the 4.0 domain (4d) still, due to the fact that their resources are still in that domain.My role in all this is getting the servers in 4d moved to AD without causing disruption to those users.All of the 4d ID's were pulled into the AD structure.Someone mentioned to me that we could use SID History filtering, and in on fail swoop, move all the 4d servers over to AD, less the DC's and everything should still work with the users logging in to 4d.Is this the case?List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SID History Filtering
forgot one How are the resources secured in both environments? groups and/or users? #JORGE# -Original Message- From: [EMAIL PROTECTED] To: 'packman '; '[EMAIL PROTECTED] '; 'ActiveDir@mail.activedir.org ' Sent: 5/6/2005 7:55 PM Subject: RE: [ActiveDir] SID History Filtering I read the post from the other guys and I understand you also have a Novell environment and it is not that simple if you're migrating from Novell and NT4 to AD. For this you also need two migration tools. Before I say something I have the following questions for you: * What is the purpose of the Novell environment? What is it used for? (software distribution, file and print services, etc.) * What is the purpose of the NT4 environment? What is it used for? (software distribution, file and print services, applications like SQL, etc.) * What resources are in which environment? * Is the login name in novell the same as the login name in NT4? I have done such migrations and your plan depends on how your current environment is used. Most of the times Novell is used for file and print services and software distribution (zenworks) and NT4 is used for application services like SQL and others #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 5/6/2005 4:05 PM Subject: [ActiveDir] SID History Filtering I'm working at a client with what I think is a unique set of circumstances. Instead of upgrading their existing NT 4.0 Domain to AD, they instead, created a new AD structure and left the NT 4.0 Domain in production. Almost all of the users are still logging into the 4.0 domain (4d) still, due to the fact that their resources are still in that domain. My role in all this is getting the servers in 4d moved to AD without causing disruption to those users. All of the 4d ID's were pulled into the AD structure. Someone mentioned to me that we could use SID History filtering, and in on fail swoop, move all the 4d servers over to AD, less the DC's and everything should still work with the users logging in to 4d. Is this the case? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Query-based Distribution Lists
Are you running Outlook 2003 in cached mode? Dennis On 5/6/05, Salandra, Justin A. [EMAIL PROTECTED] wrote: Everyone, I have created three Query-based distribution lists and they are not showing up in the GAL. How can I get them so that they do? I am using Outlook XP and I am running Exchange 2003 on a Windows 2003 box inside of a Windows 2000 domain. Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, May 06, 2005 11:35 AM To: [EMAIL PROTECTED] Subject: RE: [Exchange2000] Query-based Distribution Lists It may also help to mention that I am running Exchange 2003 on a Windows 2003 box inside of a Windows 2000 domain. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy David Sent: Thursday, May 05, 2005 9:34 PM To: [EMAIL PROTECTED] Subject: RE: [Exchange2000] Query-based Distribution Lists Using Outlook in cache mode? Rebuild the OAB on the Exchange Server and download it to Outlook. Tools/Send and Receive/Download Address Book -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Thursday, May 05, 2005 3:03 PM To: [EMAIL PROTECTED] Subject: [Exchange2000] Query-based Distribution Lists Everyone, I have created three Query-based distribution lists and they are not showing up in the GAL. How can I get them so that they do? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] Post message: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] Exchange 2000 FAQ: http://www.exchange-mail.org/faq.html Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/Exchange2000/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service http://docs.yahoo.com/info/terms/ . Post message: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] Exchange 2000 FAQ: http://www.exchange-mail.org/faq.html Yahoo! Groups Links Post message: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] Exchange 2000 FAQ: http://www.exchange-mail.org/faq.html Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/Exchange2000/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Windows Server 2003 R2 Public Beta now Available
http://blogs.technet.com/windowsserver/archive/2005/05/06/404591.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP client(OT)
not sure if it will work, but the first thing that comes to my mind is to reinstall the TCP/IP stack see for more info http://www.petri.co.il/reinstall_tcp_ip_on_windows_xp.htm http://support.microsoft.com/?kbid=299357 #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir (E-mail) Sent: 5/6/2005 6:58 PM Subject: [ActiveDir] DHCP client(OT) I have a windows xp box that can't start the dhcp client service. I get an event id 1004 -The DHCP client is shutting down. The following error occured: The system cannot find the file specified. I went thru the steps in this MS kb- http://support.microsoft.com/default.aspx?scid=kb;en-us;822123 Also, i ran netsh int ip reset reset.log to reset the tcp/ip stack. Still no go. When i run ipconfig, i get An internal error occured: The system cannot find the file specified Even if I give the box a static address, i still get the same error. The dhcp client services is stuck in starting in services.msc. Anything else I can do to troubleshoot further? Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP client(OT)
Try http://www.cexx.org/lspfix.htm HTH Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Kern, Tom Sent: Fri 5/6/2005 10:59 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP client(OT) I guess you didn't read my email I tried that already. thanks Burkes, Jeremy wrote: Try this: Every experienced network guru knows that quite often the problem with a faulty network connectio is due to the TCP/IP stack being corrupted or not properly bound. Starting with WinXP Microsoft has disabled the ability to uninstall TCP/IP. So what are you to do if you suspect that all that is needed is a clean install of the TCP/IP stack? Luckily it is fairly easy to rebuild the stack to the prsitine conditions that it was in on a clean install using the NetShell utiltiy. Here is how: Go to your command prompt and type the following: netsh int ip reset [ log_file_name ] A log file name must be specified in order to succesfully execute the netsh command. This file will log all the actions taken by netsh. Sample: netsh int ip reset resetlog.txt netsh int ip reset c:\resetlog.txt The only difference between these two is that the first will create the log in the current directory while the second specifies where tho log is to be created. After creating the log you can use notepad or any other text editor to see exactly what changes were made. I got this from this website: http://www.mikeshardware.com/howtos/tips_xp/#anchor12531 Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Friday, May 06, 2005 1:34 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP client(OT) Sorry, I screwed up I did reinstall the drivers(twice) and installed another nic pc card and got the same error. thanks Medeiros, Jose wrote: Yes.. I would try that first, and make sure that you have the lateset driver from your vendors web site. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 10:20 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP client(OT) Its a laptop. The nic is on board. I disabled and renabled it. Should i uninstall the drivers? I havn't tried that yet... Medeiros, Jose wrote: Have you tried removing the Nic restarting XP and re-adding so it rebinds to the TCP/IP stack? Jose - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom Sent: Friday, May 06, 2005 9:59 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DHCP client(OT) I have a windows xp box that can't start the dhcp client service. I get an event id 1004 -The DHCP client is shutting down. The following error occured: The system cannot find the file specified. I went thru the steps in this MS kb- http://support.microsoft.com/default.aspx?scid=kb;en-us;822123 Also, i ran netsh int ip reset reset.log to reset the tcp/ip stack. Still no go. When i run ipconfig, i get An internal error occured: The system cannot find the file specified Even if I give the box a static address, i still get the same error. The dhcp client services is stuck in starting in services.msc. Anything else I can do to troubleshoot further? Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ:
RE: [ActiveDir] DHCP client(OT)
Deji's link has the download that fixed problems like this that I have had. It was actually the winsoxfix.exe Option^Explicit Software Solutions if I remember correctly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burkes, Jeremy [Contractor] Sent: Friday, May 06, 2005 2:46 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP client(OT) You better duck, he already tried this, even before I suggested it. Glad I wasn't the only one who missed it. :) Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Friday, May 06, 2005 2:20 PM To: 'Kern, Tom '; '[EMAIL PROTECTED] '; 'ActiveDir (E-mail) ' Subject: RE: [ActiveDir] DHCP client(OT) not sure if it will work, but the first thing that comes to my mind is to reinstall the TCP/IP stack see for more info http://www.petri.co.il/reinstall_tcp_ip_on_windows_xp.htm http://support.microsoft.com/?kbid=299357 #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir (E-mail) Sent: 5/6/2005 6:58 PM Subject: [ActiveDir] DHCP client(OT) I have a windows xp box that can't start the dhcp client service. I get an event id 1004 -The DHCP client is shutting down. The following error occured: The system cannot find the file specified. I went thru the steps in this MS kb- http://support.microsoft.com/default.aspx?scid=kb;en-us;822123 Also, i ran netsh int ip reset reset.log to reset the tcp/ip stack. Still no go. When i run ipconfig, i get An internal error occured: The system cannot find the file specified Even if I give the box a static address, i still get the same error. The dhcp client services is stuck in starting in services.msc. Anything else I can do to troubleshoot further? Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] OT: e-mail archiving systems
My company is currently review some archiving apps and I was wondering if anyone has any news to share (good or bad on them) excusing my spelling if I get them wrong. KVS (from Veritas) Convault Legato Mail Extender\File Extender Thanks, Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADFind syntax
I wouldn't bet money on that one... More than once someone has mentioned an option adfind has that I was like... I put that in there? Cool. I rock. A good portion of that tool was written in late night coding sessions when I got pissed off that there wasn't an easier way to get some piece of info or some piece of info decoded. ;o) -Original Message- From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED] Sent: Friday, May 06, 2005 1:58 PM To: 'joe '; '[EMAIL PROTECTED] '; 'ActiveDir@mail.activedir.org ' Subject: RE: [ActiveDir] ADFind syntax who knows it better than its creator??? ;-)) #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 5/6/2005 4:56 PM Subject: RE: [ActiveDir] ADFind syntax Take a peek at -nodn and -nolabel Like for instance, this command below will enumerate the users container of your default AD Domain. [Fri 05/06/2005 10:53:51.31] C:\WINDOWSadfind -default -rb cn=users -f objectcategory=person samaccountname -nodn -nolabel -sort samaccountname AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005 Using server: 2k3dc01.joe.com Directory: Windows Server 2003 Base DN: cn=users,DC=joe,DC=com $DUPLICATE-849 $H58000-PDEK6C738BLV $J58000-PM5VL80J7CCD $K58000-IUM54EF5VB7G $L58000-H1T8686D8OMB $T15000-SRL518C6RR12 acltestuser adminid Administrator ADUser blank bobuser bobuserDENY CHILD1$ collision deleteme GPOTest Guest joebob joedeletetest joedoe joeschematest joetest joetestuser2 joetestuser3 jsmith kayuser krbtgt kuser normalperm NormalUser ridtest1 ridtest2 ridtest3 someuser someuseradmod SUPPORT_388945a0 tuser 39 Objects returned [Fri 05/06/2005 10:53:55.87] C:\WINDOWS -Original Message- From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] On Behalf Of Charlie Kaiser Sent: Friday, May 06, 2005 10:37 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADFind syntax Hey Joe; I have a question for you (or anyone else who knows!) about ADFind. Let's say I'm searching for, for example, a list of users (samaccountname) in an OU. I run the query, and it comes back with the DN and the attribute value. Is there a way to make it not display the DN? I sometimes need to make lists that will export quickly to a doc for non-admins to read, and the DN throws them off. :-) I can export to a spreadsheet and trim it, but I thought perhaps there's a native way to do it... I figured out how to do this in dsquery; dsquery user ou=employees,dc=domain,dc=com -scope onelevel -limit 1000 | dsget user -display Can something like that be done with ADFind? Thanks... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/List.aspx http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] MAC Spoofing
Joe-jobbed? WTF! I never heard of that and go look for it and it is a spamming thing... Well that sucks. A popular past time at Computer conventions in stupid locations that make you pay for wireless is to sniff the network and pull a MAC address of someone who has paid. It can cause iffy or slow connections but tends to work. Of course your network card has to support it. I have been finding that external pcmcia cards tend to support it, internal cards tend to not support it. I don't think I have seen a desktop card in some time that hasn't supported it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 06, 2005 12:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] MAC Spoofing Options? As in what tools can you use to do it? http://www.klcconsulting.net/smac Options? As in why do it? Plenty. When I was growing up we used it to share connections, although the ISP thought we were stealing bandwidth and that it was illegal. Whatever! It's been known to also be a favorite MIM attack. It's been known to be used heavily in getting around Proxies. It's also been known to have caused plenty of troubles for innocent by-standers who have been joe-jobbed by unscrupulous admins in retaliation or for amusements. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Manjeet Singh Sent: Fri 5/6/2005 8:09 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MAC Spoofing As the entire Address Resolution Protocol [ARP] is based on matching IP addresses with MAC addresses for identification. So what are MAC Spoofing options or workaround ?? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP client(OT)
Figured it out. under system properties in computer name, there was just a . when i changed the name, all was good. Of course, my question now is, why would the name be . could it be a screw up during set up? In msinfo32, the copm name was the default name given by vendors. something like compaqlong serial#. it was 14 char. thanks for all your help!! Burkes, Jeremy wrote: You better duck, he already tried this, even before I suggested it. Glad I wasn't the only one who missed it. :) Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Friday, May 06, 2005 2:20 PM To: 'Kern, Tom '; '[EMAIL PROTECTED] '; 'ActiveDir (E-mail) ' Subject: RE: [ActiveDir] DHCP client(OT) not sure if it will work, but the first thing that comes to my mind is to reinstall the TCP/IP stack see for more info http://www.petri.co.il/reinstall_tcp_ip_on_windows_xp.htm http://support.microsoft.com/?kbid=299357 #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir (E-mail) Sent: 5/6/2005 6:58 PM Subject: [ActiveDir] DHCP client(OT) I have a windows xp box that can't start the dhcp client service. I get an event id 1004 -The DHCP client is shutting down. The following error occured: The system cannot find the file specified. I went thru the steps in this MS kb- http://support.microsoft.com/default.aspx?scid=kb;en-us;822123 Also, i ran netsh int ip reset reset.log to reset the tcp/ip stack. Still no go. When i run ipconfig, i get An internal error occured: The system cannot find the file specified Even if I give the box a static address, i still get the same error. The dhcp client services is stuck in starting in services.msc. Anything else I can do to troubleshoot further? Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] best practice? (aka: USN rollback discussion and why it's a bad idea to image DC's for recovery purposes)
Since no one referenced them during this thread... For a bit more detail on the subject, check these out. How to detect and recover from a USN rollback in Windows Server 2003 http://support.microsoft.com/?kbid=875495 How to detect and recover from a USN rollback in Windows 2000 Server http://support.microsoft.com/?kbid=885875 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, May 05, 2005 13:19 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] best practice? I don't really have serious time to answer this right now ... so for now, you're going to have to trust me, it's not just a little bad you can recover from it with X, it is _really_ bad to do an image based restore, and hard to restore normality afterwards ... I'll prop a portion of a slide deck later on, where I show to the backup vendors how the inconsistency is introduced ... but I don't know if it will make sense w/o my delivery. It is also a bit simplified. joe is close below, some comments inline, in joe's mail, as it's the closest so far to understanding why this is bad ... BTW, clean and dirty AD DB have _nothing_ to do with this. clean/dirty is an ESE / JET Blue level concept, this is an entirely AD Logical issue. Nothing prevents an ESE database from being imaged. The AD has a design decision that prevents image based restores. I don't play XBox or any computer games really. I know that sounds weird, that a computer geek would not play video games, but I met a girl at a party the other day who is a huge FPS player, so I think the world somehow balances out in that respect. How could that compare to the relaxing sense of accomplishment of working out paticularly cunning methods of compressing replication metadata ... I mean really? Same goes for hair maintanence tasks. On Thu, 5 May 2005, joe wrote: I am actually waiting for Brett or ~Eric to respond to your post as well. I am positive they could give you a bulleted list of things that you as well as the rest of us are completely unaware of that will go pear shaped both because they have seen things like that or just know it from familiarity with the code paths involved. AD will not do a complete reload of the DB on its own, that was an NT4 thing that occurred if the change log rolled. All gone now. Do some searching on DSA IDs/GUIDs and Invocation IDs/GUIDS. A DSA ID is the GUID for the DC itself[1], it doesn't change for the life of the DC from my understanding. The invocation GUID[2] changes on restores, again to flag, hey new DB, [BrettSh] It's not a new DB so much, as a new logical stream of changes to the distributed system ... ... you don't know what my state is, so it can be brought into a consistent state. [BrettSh] Don't like the term consistent state here. I also don't like how we're talking about the DB ... I know all the AD repl docs, talked about it as a new database GUID, but that was poor taste ... there is a subtle but key difference between [local] database consistency, and distributed system consistency. It's the later we're worried about. +The later requires multiple nodes / DCs to have followed all the rules.+ Most of the rules are coded into the way AD behaves, when possible. Thou shalt not image restore, is unfortunately not coded, and hard to be defensible against ... well, without sacraficing availability ... but lets not get into that trade-off right now. You should find hits on invocation id with topics of replication consistency, usn polling, AD restores, etc as it is key to all of them though it has been awhile since I went searching for that stuff. Something I have read on a couple of occasions but can't say I agree with is that allegedly the DSA ID and invocation id are identical unless a restore has occurred. I don't think I have EVER seen them identical so I don't know where that info came from. I am noting it simply because I recall seeing documentation to that effect in the past. [BrettSh] They should've been the same until the first restore ... there is a bug somewhere, that no one bothered to iron out. BTW, we also change the InvocationID when we _re_-host an Application Directory Partition ... I'll leave the discussion of why to your imagination. Oh and since IFM is like throwing AD Restore and dcpromo into a blender for 30 seconds, IFM based dcpromo sort of changes the InvocationID. You'll notice the invocationID of the DC you took the original backup from in the retired DSA signature of the newly dcpromo'd DC. Really try to find detailed info on how replication works. High USN is just the tip of the iceberg, there is a lot of underlying details but I understand where the misconceptions can come in, a lot of the
RE: [ActiveDir] MAC Spoofing
It's not always SPAM, dood :) See http://en.wikipedia.org/wiki/Joe_job Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of joe Sent: Fri 5/6/2005 12:20 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] MAC Spoofing Joe-jobbed? WTF! I never heard of that and go look for it and it is a spamming thing... Well that sucks. A popular past time at Computer conventions in stupid locations that make you pay for wireless is to sniff the network and pull a MAC address of someone who has paid. It can cause iffy or slow connections but tends to work. Of course your network card has to support it. I have been finding that external pcmcia cards tend to support it, internal cards tend to not support it. I don't think I have seen a desktop card in some time that hasn't supported it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 06, 2005 12:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] MAC Spoofing Options? As in what tools can you use to do it? http://www.klcconsulting.net/smac Options? As in why do it? Plenty. When I was growing up we used it to share connections, although the ISP thought we were stealing bandwidth and that it was illegal. Whatever! It's been known to also be a favorite MIM attack. It's been known to be used heavily in getting around Proxies. It's also been known to have caused plenty of troubles for innocent by-standers who have been joe-jobbed by unscrupulous admins in retaliation or for amusements. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Manjeet Singh Sent: Fri 5/6/2005 8:09 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MAC Spoofing As the entire Address Resolution Protocol [ARP] is based on matching IP addresses with MAC addresses for identification. So what are MAC Spoofing options or workaround ?? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] OT: e-mail archiving systems
I work for KVS/VERITAS and pretty much know everything about the product you ever want to know :) I moved to the other end of the world for this product 2 years ago so it better be good ;) Martin Tuip MVP Exchange - Original Message - From: Carerros, Charles [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, May 06, 2005 12:03 PM Subject: [ActiveDir] OT: e-mail archiving systems My company is currently review some archiving apps and I was wondering if anyone has any news to share (good or bad on them) excusing my spelling if I get them wrong. KVS (from Veritas) Convault Legato Mail Extender\File Extender Thanks, Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SID History Filtering
FYI: For NDS reporting you can use the following tool (it is free) http://www.geocities.com/wstools/f_nds.html (DSREPORT) For more info on NDS migrations read the article written by quest (Essential Guide to an NDS to AD Migration - http://wm.quest.com/reg/marketing/landing/migratingndsad/) Concerning the accounts with the same name (smithj, smithj1, etc.) Do these belong to different persons or to one and the same person? Does every user in the NDS also exist in the NT4 domain with the same login name? #JORGE# -Original Message- From: packman To: Jorge de Almeida Pinto Sent: 5/6/2005 8:08 PM Subject: Re: [ActiveDir] SID History Filtering Before I say something I have the following questions for you: * What is the purpose of the Novell environment? What is it used for? File and Print, Applications (old DOS based), Software Dist * What is the purpose of the NT4 environment? What is it used for? Application Servers (various c/s apps), SQL Servers * What resources are in which environment? I'm not sure what you're asking here. * Is the login name in novell the same as the login name in NT4? It is supposed to be, and I believe 99% of them are. However, when they ran MSDSS, there are instances where they brought over 5 users named smithj and MSDSS then named them to smithj, smithj1, etc. so there are some discrepencies... =( On 5/6/05, Jorge de Almeida Pinto [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I read the post from the other guys and I understand you also have a Novell environment and it is not that simple if you're migrating from Novell and NT4 to AD. For this you also need two migration tools. Before I say something I have the following questions for you: * What is the purpose of the Novell environment? What is it used for? (software distribution, file and print services, etc.) * What is the purpose of the NT4 environment? What is it used for? (software distribution, file and print services, applications like SQL, etc.) * What resources are in which environment? * Is the login name in novell the same as the login name in NT4? I have done such migrations and your plan depends on how your current environment is used. Most of the times Novell is used for file and print services and software distribution (zenworks) and NT4 is used for application services like SQL and others #JORGE# -Original Message- From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org Sent: 5/6/2005 4:05 PM Subject: [ActiveDir] SID History Filtering I'm working at a client with what I think is a unique set of circumstances. Instead of upgrading their existing NT 4.0 Domain to AD, they instead, created a new AD structure and left the NT 4.0 Domain in production. Almost all of the users are still logging into the 4.0 domain (4d) still, due to the fact that their resources are still in that domain. My role in all this is getting the servers in 4d moved to AD without causing disruption to those users. All of the 4d ID's were pulled into the AD structure. Someone mentioned to me that we could use SID History filtering, and in on fail swoop, move all the 4d servers over to AD, less the DC's and everything should still work with the users logging in to 4d. Is this the case? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Query-based Distribution Lists
Additionally has the QBG been stamped by the RUS? If so, is showInAddressBook populated? joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dennis Depp Sent: Friday, May 06, 2005 2:08 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Query-based Distribution Lists Are you running Outlook 2003 in cached mode? Dennis On 5/6/05, Salandra, Justin A. [EMAIL PROTECTED] wrote: Everyone, I have created three Query-based distribution lists and they are not showing up in the GAL. How can I get them so that they do? I am using Outlook XP and I am running Exchange 2003 on a Windows 2003 box inside of a Windows 2000 domain. Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, May 06, 2005 11:35 AM To: [EMAIL PROTECTED] Subject: RE: [Exchange2000] Query-based Distribution Lists It may also help to mention that I am running Exchange 2003 on a Windows 2003 box inside of a Windows 2000 domain. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy David Sent: Thursday, May 05, 2005 9:34 PM To: [EMAIL PROTECTED] Subject: RE: [Exchange2000] Query-based Distribution Lists Using Outlook in cache mode? Rebuild the OAB on the Exchange Server and download it to Outlook. Tools/Send and Receive/Download Address Book -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Thursday, May 05, 2005 3:03 PM To: [EMAIL PROTECTED] Subject: [Exchange2000] Query-based Distribution Lists Everyone, I have created three Query-based distribution lists and they are not showing up in the GAL. How can I get them so that they do? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] Post message: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] Exchange 2000 FAQ: http://www.exchange-mail.org/faq.html Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/Exchange2000/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service http://docs.yahoo.com/info/terms/ . Post message: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] Exchange 2000 FAQ: http://www.exchange-mail.org/faq.html Yahoo! Groups Links Post message: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] Exchange 2000 FAQ: http://www.exchange-mail.org/faq.html Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/Exchange2000/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cannot publish printer(s)
I am maybe not understanding your post completely... Are the printers shared from the server or are people connecting directly to them? I am trying to understand your printer folder (the folder which shows installed printers) doesn't exist comment. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Friday, May 06, 2005 12:49 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Cannot publish printer(s) Having trouble publishing printers. When I go to the Wizard at the root the process asks me for the pre-2000 UNC which is normal but cannot continue the operation from either print server saying that I need to go to the printer folder, which for all accounts does not exist. Have I missed something terribly basic? Niether machine is directly attached to a PC but using JetDirect instead. Both print normally by choosing either printer. Both have "list in directory" activated. Heres the players: HP LaserJet 4700 with internal JetDirect card HP LaserJet3030 with a JetDirect 500x Brent EadsEmployee Technology Solutions, Inc.
[ActiveDir] Windows xp pptp vpn
I think i'm forgetting something obvious here. where can i set it in XP, so that when a user logs on to his/her pc, they will log into the domain over a vpn? Right now, they can't login until they log in locally and then start the vpn client that comes with XP. How can this be made more transparent so that they will login to the domain via the vpn connection? This is a remote office using a adsl connection. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SID History Filtering
Assuming: * NDS login names are the same as the NT4 domain login names * Workstations (W2K/WXP) will be migrated from the NT4 domain to the AD domain. (migrating W9x will be a bit different)(if W9x/WNT then you'll also need the DSCLIENT) * No duplicate user accounts exist in the NDS * No duplicate groups in the NDS exist * Passwords of user accounts in the NDS are the same of users in NT4 * Company file data is on novell file servers * Homedirectories are on novell file servers * Profiles are on novell file servers * AD design is ready implemented and finished * Novell NDS is primary environment and NT4 domain is secondary env. * Trusts are in place between NT4 and AD (sidfiltering is not an issue on NT4 if it has not been configured In a similar migration like yours I used Quest NDS Mirator and Quest Domain Migration Wizard. Both worked great. I suppose it is alsi possible to do the same with MS SFN and ADMT, although more difficult I'm not sure if this will work for your environment but think about it and see if it will work VERY High-level migration steps using MS SFN, ADMT and SUBINACL (test this in a test environment): * Clean up your NT4 domain (accounts, groups) * Clean up your NDS (accounts, groups) * Remove special characters from groups names that Windows does not support and shorten group names if needed (Windows has a maximum of 64 chars) * If you have duplicate accounts belonging to different people try to make them unique by renaming them. It is however not needed to rename with it will make your lief easier in the end * If you have duplicate accounts belonging to one person try to consolidate them. It is however not needed to rename with it will make your lief easier in the end ACCOUNT MIGRATION * Migrate groups from Novell to AD * Migrate accounts from Novell to AD * Migrate groups memberships from Novell to AD * Migrate service accounts to AD * Migrate groups (global and local) from NT4 to AD (including sidhistory) * Migrate user accounts from NT4 to AD (including passwords and sidhistory) * Migrate group memberships from NT4 to AD RESOURCE MIGRATION * Migrate clients from NT4 to AD and re-acl (replacing) the clients and translate profiles * Create an AD logonscript (using GPOs or through NETLOGON share) * Migrate company file data from Novell to AD (establish drive mappings on the AD side and disable on novell side) (translate security!) * Migrate homedirectories from Novell to AD (establish drive mappings on the AD side and disable on novell side)(translate security!) (populate the homedirectory location info on the AD user objects) * Migrate servers/resources from NT4 to AD (re-acl file system, group membership, etc.) * Remove the Novell client from the clients * Migrate profiles from novell to AD (translate security!) (populate the profile location info on the AD user objects) * Clean up sidhistory from the AD user accounts and groups * Decommission Novell environment * Remove trust * Decommission NT4 domain Remember also that there are differences between the novell file system and the NTFS file system! Trustee rights in Novell are explicitely TOP-DOWN but are also implicitely BOTTOM-UP (during security translation you may need to introduce the NTFS permission List Folder Contents to some group or to Authenticated Users). NTFS does not support the latter as in Novell. In Novell users will only see (with their eyes) files and folders they have rights to. In W2K3 SP0!!! and earlier this will change. They will see everything. If you have W2K3 SP1 however you can implement Access Based Enumeration to acchieve the same (see only when you have permissions configured) Hope this will help you! As you can see this is a complex migration and it's too difficult to describe migration steps in a nutshell. It is also possible some important step is missing that I forgot about. As always try this first in a test environment to see if it meets your needs! Cheers, #JORGE# -Original Message- From: [EMAIL PROTECTED] To: 'packman '; 'ActiveDir@mail.activedir.org' Sent: 5/6/2005 9:53 PM Subject: RE: [ActiveDir] SID History Filtering FYI: For NDS reporting you can use the following tool (it is free) http://www.geocities.com/wstools/f_nds.html (DSREPORT) For more info on NDS migrations read the article written by quest (Essential Guide to an NDS to AD Migration - http://wm.quest.com/reg/marketing/landing/migratingndsad/) Concerning the accounts with the same name (smithj, smithj1, etc.) Do these belong to different persons or to one and the same person? Does every user in the NDS also exist in the NT4 domain with the same login name? #JORGE# -Original Message- From: packman To: Jorge de Almeida Pinto Sent: 5/6/2005 8:08 PM Subject: Re: [ActiveDir] SID History Filtering Before I say something I have the following questions for you: * What is the purpose of the Novell environment? What is it used for? File and Print, Applications (old DOS based), Software Dist * What is the
RE: [ActiveDir] Windows xp pptp vpn
At the WXP logon screen check the option to logon using a dial-up connection and select the connection to use #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir (E-mail) Sent: 5/6/2005 10:41 PM Subject: [ActiveDir] Windows xp pptp vpn I think i'm forgetting something obvious here. where can i set it in XP, so that when a user logs on to his/her pc, they will log into the domain over a vpn? Right now, they can't login until they log in locally and then start the vpn client that comes with XP. How can this be made more transparent so that they will login to the domain via the vpn connection? This is a remote office using a adsl connection. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cannot publish printer(s)
Joe; I have one printer attached as a resource off one server and one attached to a PC as a print resource. Now, everything prints fine with one caveate - niether is listed in AD. Normally, not a real problem but the second printer is also a fax/scanner and needs to have connectivity throughout the network. The JetDirect cards seem to be supplicanting themselves in lieu of what I would normally assume to be a print server. As I checked the driver information both have the list in directory checked. The odd part is when I do try to add them manually, AD always tells me to use the printer folder, of which I can not find - anywhere. Sorry, a bit of a n00b when it comes to AD but really good with cisco and networking - lol. Brent Eads Employee Technology Solutions, Inc.
[ActiveDir] LDAPS question
Title: LDAPS question We currently provide LDAPS to our customers. Right now the certificates that we load on our DC uses the DC name and the clients connect using that name. We'd like to set up a DNS alias like: ldap.company.net. I tried generating a cert named ldap.company.net and loaded it on a DC; however, the clients were unable to connect. Does anyone know if MS has a restriction that will not allow a cert to be loaded for LDAPS if the name on the cert is not the same as the DC? Thanks
RE: [ActiveDir] Winlogon 100% CPU and Fast user Switching as a Fix?
Next time, taking a dump of winlogon at 100% (actually a couple a few seconds apart) would be interesting. With that we can see what it is chewing on, and perhaps get root cause. ~Eric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Clark Sent: Thursday, May 05, 2005 3:48 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Winlogon 100% CPU and Fast user Switching as a Fix? Gentlemen, Arandom other problem gave me a clue looking into it further it turns out that offline files was the problem, reinitialising the offline cache has put the box back onto its feet. For anyone who needs to do this it can be done with control and shift held down while clicking the delete files on the offllinefiles tab of Folder options, it requires a reboot, I have no idea of the cause of the corruption but this does seem to resolve the problem. thanks anyhoo. Gary From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: 04 May 2005 19:10 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Winlogon 100% CPU and Fast user Switching as a Fix? Dell GX-270s have a defected capacitor and is dying all over the world. Replace the system board. -Z.V. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Clark Sent: Wednesday, May 04, 2005 12:46 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Winlogon 100% CPU and Fast user Switching as a Fix? Hello all, Having spent two days poking this problem I am throwing myself on the groups mercy. Windows XP SP1 computer joined to domain much like its 300 brothers and sisters decides one day that winlogon.exe should take 50% or rather 100 % of one of the Dell GX270 hyper threading virtual processors, constant high cpu utilization makes the fans ramp up and turns a nice box into a loud evil box. With winlogon using all the processor the box shows symptoms of having broken WINS no Netbios name resolution, can not find file shares etc which also creates event id of 1030 and 1058 as the group policy objects can not be found. Example Windows cannot access the file gpt.ini for GPO CN={-0**2-4B**-B3F6-7B*8B878},CN=Policies,CN=System,DC=**,DC=***,DC=**,DC=**. The file must be present at the location \\ad.***.**.**\SysVol\ad..**.**\Policies\{***-***-***-***-}\gpt.ini. (The network path was not found. ). Group Policy processing aborted While in this confused state the box will also not shutdown clean and has to be POPO'd The obvious malware lines of investigation have proved fruitless ad-aware did find some bits but this has not resolved the problem. The winlogon has been verified as being in the right location and has not been switched with another version. The fact that the box is a Dell Gx270 with a Gigabit card also made me think that MS Article 840669 with the group policy not starting due to the race condition might have helped but again zip. Virus protection is installed and maintained and returns no nasties. The Intel 1000 gigabit card has had its drivers updated and still nadda. I even disabled the built in card and installed a 3com 10 Mb NIC and that exhibited the same trouble. The curious thing and what is driving me absolutely nuts is that if the Computer is removed from the domain and returned to a workgroup the problem persists until you change the way users logon and use the welcome with the fast user switching, it has to be both using the welcome screen and fast user switching, this puts the box back on its feet. Winlogon behaves and the network drives can once again be accessed. We have seen this twice before on separate computersbut have not paid it too much attention. rebuilds of the Computershave fixed theproblem, as this is something which keeps raising its ugly head I think I need to try and get a good handle on it, the fact that there are so many other unaffected boxes makes me think that it is a software conflict on the client. What I don't get is why it can be turned on and off with the fast user switching? If I did'nt need the box to be in AD I would leave it as is fast user switching enabled and slip into a dark cave and put this down to gremlins but thats not an option, and I am very nervous that more boxes could start playing up too... ~cheers Gary
Re: [ActiveDir] OT: e-mail archiving systems
Whoops. - Original Message - From: Missy Koslosky [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, May 06, 2005 11:03 PM Subject: Re: [ActiveDir] OT: e-mail archiving systems Hey Deji, Read your post with interest. Don't know if you've heard or not, but I joined Quest Software as a product manager in their Exchange Solutions group earlier this year. Archive Manager, our archiving product, is my responsibility. This naturally means I'm always interested in competitive information, and on what people want to see that they're not seeing - what you love and hate. If you'd ever like to spill your guts (and I shan't quote you), I'd love to hear what you have to say. Hope all is well and that we'll get to see each other at the Summit -- or maybe even TechEd -- are you going to either? both? Best, Missy - Original Message - From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, May 06, 2005 2:40 PM Subject: RE: [ActiveDir] OT: e-mail archiving systems I can only speak to KVS, and I can not say what I think of them in such a decorous forum. If you do get to speak with them in the course of your evaluation (you are going to do a thorough eval, right?), be sure to ask them what happens if you run out of room on a vault and you want your users to clean out their items to make more room. Remember to ask what happens when you are doing hardware refresh and you need your users to move stuff from their offline vault on their old computers to their offline vault on their new computer. Remember to ask them about the unique behavior of the online vault when you need to replace the vault itself or when you want to add additional vaults and split your users across multiple vaults. I'm out of here. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Carerros, Charles Sent: Fri 5/6/2005 12:03 PM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: e-mail archiving systems My company is currently review some archiving apps and I was wondering if anyone has any news to share (good or bad on them) excusing my spelling if I get them wrong. KVS (from Veritas) Convault Legato Mail Extender\File Extender Thanks, Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/