[ActiveDir] Server Image Pushing Using Ghost Cast Server and DHCP
Hi All, I have a question? Can i have an ghost image for my server and if in a situation of server crash i can rebuild it using ghost image. But this all is to be done remotely, so i dont have any physical access to the server. Can i have another server configured as dhcp so that i can run this image through PXE boot. and the some how i can run ghost cast server to push image to this machine. I am a little confused. But i am sure if it works than recovering a server will be less time consuming job for me. I have this as a backup option which i have to plan for our new site. -- DR List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Server Image Pushing Using Ghost Cast Server and DHCP
The type of server is going to be of great importance. If you are planning to do this with a Domain Controller - just don't. It's not worth the trouble, and is technically not a sound practice. If you are talking about a member server, are you thinking of imaging just the base build and then applying a restore over that for the data? As to some of the specifics you ask for Ghost I dunno. I don't use it, so I can't answer the questions about DHCP for Ghost, or a 'cast server'. Maybe others can help on some of the other specifics. However, I think there is more info needed on what TYPE of systems and types of images you want to capture, etc. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ravi Dogra Sent: Wednesday, June 08, 2005 7:13 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Image Pushing Using Ghost Cast Server and DHCP Hi All, I have a question? Can i have an ghost image for my server and if in a situation of server crash i can rebuild it using ghost image. But this all is to be done remotely, so i dont have any physical access to the server. Can i have another server configured as dhcp so that i can run this image through PXE boot. and the some how i can run ghost cast server to push image to this machine. I am a little confused. But i am sure if it works than recovering a server will be less time consuming job for me. I have this as a backup option which i have to plan for our new site. -- DR List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Alternate install Directory for W2K3 load
Title: RE: [ActiveDir] Alternate install Directory for W2K3 load A simple solution to this problem is to install to \windows and then create a junction point from \winnt to \windows for the legacy apps. Kim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bahta Nathaniel V Contr NASIC/SCNA Sent: 7. juni 2005 15:36 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Alternate install Directory for W2K3 load I have come to find that our Engineers are actually the ones pushing for the WINNT directory so the legacy apps will continue to function, at least the ones that don't call a variable. The SMS/Tivoli folks are intersted in moving forward with the WINDOWS directory. It looks like across the board they have decided on the WINNT directory. They have pushed out XP machines utilizing the WINNT directory as well so it is a general consensus for the Development/Engineering section of this facility. My question is. What could happen in the future? Will this actually pose a problem? Does it matter which directory is used as long as the %SYSTEMROOT% and %WINDIR% and %SYSTEMDRIVE% variables all function correctly? Would Microsoft actually abandon the usage of a variable in a future app or is there something that we are missing when it comes to the WINNT directory pitfalls? nate -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of joe Sent: Monday, June 06, 2005 10:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Alternate install Directory for W2K3 load When have you found it not to resolve. This env var is pretty important, it is laced all through the registry for Windows Services and applications. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Parris Sent: Monday, June 06, 2005 1:53 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Alternate install Directory for W2K3 load All, Has anyone experienced any issues by installing W2Kx into an alternative location? In this scenario if the other teams are using applications that utilise WINNT, are they potentially out of date and legacy and you are just putting of the inevitable or making it harder to move forward in the future? I understand the concept of the SYSTEMROOT variable, but that does not always resolve correctly. Regards Mark -Original Message- From: Jorge de Almeida Pinto [EMAIL PROTECTED] Date: Mon, 6 Jun 2005 19:13:06 To:ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Alternate install Directory for W2K3 load Hi, Not beautifull but I think it will work Try the following: * Insert the harddisk into another computer * Format the disk NTFS * Create the WINDOWS directory on the partition * Remove the harddisk from the computer * Insert the HD into the original computer * Start the setup * As the WINDOWS directory already exists, I think it will ask you to specify another directory (e.g. WINNT) Cheers #JORGE# -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bahta Nathaniel V Contr NASIC/SCNA Sent: Monday, June 06, 2005 14:37 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Alternate install Directory for W2K3 load Ok, but I am trying to do it from an install that I am doing interactively. Isnt there some kind of command line switch or something like that for WINNT.EXE? I looked through the switches again, but none of them say they are to change the install directory. Nate -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Peter Johnson Sent: Monday, June 06, 2005 6:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Alternate install Directory for W2K3 load I believe you can do this using an answer /transform file for the unattended install process. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bahta Nathaniel V Contr NASIC/SCNA Sent: 06 June 2005 12:06 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Alternate install Directory for W2K3 load Hey all, I am trying to create an image for Windows 2003 member servers for our domain and the SMS/Tivoli folks want to keep the default directory for the OS load at C:\WINNT. I have gone through the setup many times booting from the CD and walking through the menus, but there is no option for where I want to install the OS besides selecting the drive and partition. It defaults to C:\WINDOWS. I can specify which directory I want if I am upgrading from a previous OS in the GUI setup mode, but this is to be made for a fresh install, not an upgrade. Any ideas on how to load W2K3 into c:\winnt from the start? Thanks, Nate -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rick Kingslan Sent: Sunday, June 05, 2005 10:35 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Error
RE: [ActiveDir] Security permissions on user object
If you look at MS-KBQ817433 Delegated permissions are not available and inheritance is automatically disabled you will see it provides a VB script to Resets all accounts that have adminCount = 1 back to 0 and enables the inheritance flag. That article also tells you how to configure AD so that you designate which default MS admin groups are protected groups and thus managed by the adminsdholder object Cheers #JORGE# -Original Message- From: [EMAIL PROTECTED] To: Rimmerman, Russ; ActiveDir@mail.activedir.org Sent: 6/9/2005 5:52 AM Subject: RE: [ActiveDir] Security permissions on user object Oh Certainly...that would work quite well. Joe, how much should he charge for that ;-) Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center -Original Message- From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 08, 2005 10:52 PM To: Robert Williams (RRE); ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Can I just use ADSIEDIT and go to individual users and set the admincount to 0? Will that stick? If that works, I could write a winbatch that will prompt for a username, and set their admincount to 0 automatically. From: Robert Williams (RRE) [mailto:[EMAIL PROTECTED] Sent: Wed 6/8/2005 8:34 PM To: Rimmerman, Russ; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Well...I guess you can reset it for all of them and count on the AdminSDHolder thread to reset them to 1 in about an hour or so...other than that, the logic needed in a script to differentiate between users who are / are not currently in one of the 'protected groups' would be astounding. You shouldn't have a problem trusting the fact that it will happen to the accounts still in the protected groups since that's what got you there in the first place :-) Hopefully that was helpful...have a great night! Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 08, 2005 8:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object OK looks like ya'll are on the right track. I found the script in the KB article to reset all the admincounts to 0, but that sounds scary. Can't I selectively set admincounts to 0 on a user-by-user basis somehow? Or is it safe to reset all users' admincounts to 0? I see Administrator in there, so that vbscript in http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 scares me. From: [EMAIL PROTECTED] on behalf of Robert Williams (RRE) Sent: Wed 6/8/2005 6:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Also keep in mind that if you were ever a member of one of these 'protected groups' that your inheritance will not be turned on again, nor will the admincount attribute be reset to 0so you can change those back when you know the user isn't a member of one of the 'protected groups' (changing those values before ensuring this will result in the values being reset...as you are well aware by this point). AdminCount is just a 'book keeping' method to know that the ACL has been stamped by AdminSDHolder. I hope that helps. Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Wednesday, June 08, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object It ssounds like it's the adminSDHolder behavior that's getting you. Are the users members of any of the other protected groups? It varies across versions, IIRC 2003 added more groups. The articles below should help point in the right direction. http://support.microsoft.com/default.aspx?scid=kb;en-us;318180 http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, June 08, 2005 12:26 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Security permissions on user object We migrated all our users from an NT4 domain to our AD domain. Anyone who was in Domain Admins on our NT4 domain got migrated into Domain Admins on our AD domain. We took them out of Domain Admins on our AD domain, but their accounts are inheriting the permissions like a normal user inherits. Whenever someone who is NOT a domain admin tries to reset a password or modify any
RE: [ActiveDir] Server Image Pushing Using Ghost Cast Server and DHCP
Ghost starting with v7 I believe includes a second CD which has the widgets to make PXE booting work. Now given you have no remote access, how are you going to set the server's BIOS to pxe boot first? As far as reimaging, you can certainly deploy a sysprep'ed image and then restore your data. That's an excellent idea. If you're thinking about imaging your production servers as is for backups, that's a hairy sitation. If we're talking about domain controllers, no, no, and no. Others should work ok on a case by case basis, just might have to reset their secure channel after restore. Make sure you know the local password. I personally don't like the imaging for backup approach. I have a OS load image for each of the types of hardware/OS I have and I can rapidly deploy and then restore. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ravi Dogra Sent: Wednesday, June 08, 2005 7:13 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Server Image Pushing Using Ghost Cast Server and DHCP Hi All, I have a question? Can i have an ghost image for my server and if in a situation of server crash i can rebuild it using ghost image. But this all is to be done remotely, so i dont have any physical access to the server. Can i have another server configured as dhcp so that i can run this image through PXE boot. and the some how i can run ghost cast server to push image to this machine. I am a little confused. But i am sure if it works than recovering a server will be less time consuming job for me. I have this as a backup option which i have to plan for our new site. -- DR List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Educating Users about crossdomain moves
Wondering how other folks do this: Environment Im currently dealing with has two domains which basically work out to this as far as user distribution Domain A) Central Office Domain B) Remote Sites. Now, this is a 60K employee organization, and people seem to wander around a lot. I need to handle the move between remote sites and central office at the domain level. ADMTing the account is what Im aiming to do. Now my question is how do I educate the user about this impending logon change? Do I send them an email two days before and a reminder the day before I do it? Do I just say screw em and make em call helpdesk? There are roughly 2000 2500 people working at central office/qualified to be in this domain, the balance is at the remote sites. I have no idea what the actual volume of transfers is per week. My understanding is that its far more common to get fired and rehired than it is to actually transfer positions in this particular organization which amounts to a new account. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132
[ActiveDir] Time Synchronization IST and PST
Hi All, I have been told to configure Time Synchronization of machines with IST or PST on basis of user logon. and i dont have any clue from where to start. Help Required -- Ravi Dogra List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] DNS Error?
Return Receipt Your [ActiveDir] DNS Error? document : was Lucia Washaya/UNAMSIL received by: at: 09/06/2005 09:54:39 GMT List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Security permissions on user object
But is it safe to reset all admincounts back to 0? Running the ldifde report to see what accounts are going to change, I ended up with 126, and noticed Administrator is in there, as well as service accounts. How will setting admincount back to 0 affect these important accounts? From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED] Sent: Thu 6/9/2005 2:41 AM To: 'Robert Williams (RRE) '; '[EMAIL PROTECTED] '; Rimmerman, Russ; 'ActiveDir@mail.activedir.org ' Subject: RE: [ActiveDir] Security permissions on user object If you look at MS-KBQ817433 Delegated permissions are not available and inheritance is automatically disabled you will see it provides a VB script to Resets all accounts that have adminCount = 1 back to 0 and enables the inheritance flag. That article also tells you how to configure AD so that you designate which default MS admin groups are protected groups and thus managed by the adminsdholder object Cheers #JORGE# -Original Message- From: [EMAIL PROTECTED] To: Rimmerman, Russ; ActiveDir@mail.activedir.org Sent: 6/9/2005 5:52 AM Subject: RE: [ActiveDir] Security permissions on user object Oh Certainly...that would work quite well. Joe, how much should he charge for that ;-) Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center -Original Message- From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 08, 2005 10:52 PM To: Robert Williams (RRE); ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Can I just use ADSIEDIT and go to individual users and set the admincount to 0? Will that stick? If that works, I could write a winbatch that will prompt for a username, and set their admincount to 0 automatically. From: Robert Williams (RRE) [mailto:[EMAIL PROTECTED] Sent: Wed 6/8/2005 8:34 PM To: Rimmerman, Russ; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Well...I guess you can reset it for all of them and count on the AdminSDHolder thread to reset them to 1 in about an hour or so...other than that, the logic needed in a script to differentiate between users who are / are not currently in one of the 'protected groups' would be astounding. You shouldn't have a problem trusting the fact that it will happen to the accounts still in the protected groups since that's what got you there in the first place :-) Hopefully that was helpful...have a great night! Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 08, 2005 8:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object OK looks like ya'll are on the right track. I found the script in the KB article to reset all the admincounts to 0, but that sounds scary. Can't I selectively set admincounts to 0 on a user-by-user basis somehow? Or is it safe to reset all users' admincounts to 0? I see Administrator in there, so that vbscript in http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 scares me. From: [EMAIL PROTECTED] on behalf of Robert Williams (RRE) Sent: Wed 6/8/2005 6:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Also keep in mind that if you were ever a member of one of these 'protected groups' that your inheritance will not be turned on again, nor will the admincount attribute be reset to 0so you can change those back when you know the user isn't a member of one of the 'protected groups' (changing those values before ensuring this will result in the values being reset...as you are well aware by this point). AdminCount is just a 'book keeping' method to know that the ACL has been stamped by AdminSDHolder. I hope that helps. Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Wednesday, June 08, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object It ssounds like it's the adminSDHolder behavior that's getting you. Are the users members of any of the other protected groups? It varies across versions, IIRC 2003 added more groups. The articles below should help point in the right direction. http://support.microsoft.com/default.aspx?scid=kb;en-us;318180 http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 From: [EMAIL PROTECTED]
RE: [ActiveDir] Security permissions on user object
---BeginMessage--- Yes, we migrated them from our NT4 domain to AD, and in our NT4 domain, these users were in Domain Admins. In AD, we removed them from Domain Admins. From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Wed 6/8/2005 10:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object In fact, yes it will, Russ. Looking back at the thread, I don't see any discussion about HOW these users came to have the admincount attribute set to 1. Do you have a root cause? The reason that I ask is because I've dealt with this before when someone (who I never caught) added a group to a Protected group. This effectively set the admincount attribute on about 200 techs, and it took a while to clean up and straighten out. If you don't know why it happened, you might be reliving this pretty soon. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, June 08, 2005 9:52 PM To: Robert Williams (RRE); ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Can I just use ADSIEDIT and go to individual users and set the admincount to 0? Will that stick? If that works, I could write a winbatch that will prompt for a username, and set their admincount to 0 automatically. From: Robert Williams (RRE) [mailto:[EMAIL PROTECTED] Sent: Wed 6/8/2005 8:34 PM To: Rimmerman, Russ; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Well...I guess you can reset it for all of them and count on the AdminSDHolder thread to reset them to 1 in about an hour or so...other than that, the logic needed in a script to differentiate between users who are / are not currently in one of the 'protected groups' would be astounding. You shouldn't have a problem trusting the fact that it will happen to the accounts still in the protected groups since that's what got you there in the first place :-) Hopefully that was helpful...have a great night! Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 08, 2005 8:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object OK looks like ya'll are on the right track. I found the script in the KB article to reset all the admincounts to 0, but that sounds scary. Can't I selectively set admincounts to 0 on a user-by-user basis somehow? Or is it safe to reset all users' admincounts to 0? I see Administrator in there, so that vbscript in http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 scares me. From: [EMAIL PROTECTED] on behalf of Robert Williams (RRE) Sent: Wed 6/8/2005 6:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Also keep in mind that if you were ever a member of one of these 'protected groups' that your inheritance will not be turned on again, nor will the admincount attribute be reset to 0so you can change those back when you know the user isn't a member of one of the 'protected groups' (changing those values before ensuring this will result in the values being reset...as you are well aware by this point). AdminCount is just a 'book keeping' method to know that the ACL has been stamped by AdminSDHolder. I hope that helps. Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Wednesday, June 08, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object It ssounds like it's the adminSDHolder behavior that's getting you. Are the users members of any of the other protected groups? It varies across versions, IIRC 2003 added more groups. The articles below should help point in the right direction. http://support.microsoft.com/default.aspx?scid=kb;en-us;318180 http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, June 08, 2005 12:26 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Security permissions on user object We migrated all our users from an NT4 domain to our AD domain. Anyone who was in Domain Admins on our NT4 domain got migrated into Domain Admins on our AD domain. We took them out of Domain Admins on our AD domain, but their accounts are inheriting the permissions like a normal user inherits. Whenever someone
RE: [ActiveDir] Time Synchronization IST and PST
Is this Pacific Standard Time etc? What's IST? If it's in an Active Directory environment you shouldn't have to do anything. As long as the time zone is correct in the OS, you can set this by GPO I believe, the machines will automatically sync with the nearest DC. You will need to synchronize the PDC emulator of your forest Root domain to an external NTP server. Search for the following article title in Technet or www.microsoft.com How Windows Time Service Works Any questions just shout. Regards Peter Johnson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ravi Dogra Sent: 08 June 2005 00:30 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Time Synchronization IST and PST Hi All, I have been told to configure Time Synchronization of machines with IST or PST on basis of user logon. and i dont have any clue from where to start. Help Required -- Ravi Dogra List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Exchange Mailbox Limits
Title: Exchange and disabling accounts Just out of curiosity, those of you who are Exchange Admins, what is the max size that your users can stop sending and receiving? How do you deal with users who are out of the office your whatever reason, so they don't lose emails because their over there limit? Thanks Tim
Re: [ActiveDir] Exchange Mailbox Limits
Title: Exchange and disabling accounts You can control the limit yourself by using System Policy that is applied to all users. You could also change the mailbox size limit on users properties using ADUC, Exchange General Tab, Storage Limit. You could remove the limit for users on vacation (if you like). Thanks,Marie - Original Message - From: Mischler Timothy J Contractor NASIC/SCNA To: ActiveDir@mail.activedir.org Sent: Thursday, June 09, 2005 7:55 AM Subject: [ActiveDir] Exchange Mailbox Limits Just out of curiosity, those of you who are Exchange Admins, what is the max size that your users can stop sending and receiving? How do you deal with users who are out of the office your whatever reason, so they don't lose emails because their over there limit? Thanks Tim
Re: [ActiveDir] Exchange Mailbox Limits
Tim, We use 65 MB for a warning and prohibit send at 75MB. We don't put any restrictions on receiving because of the reason you mentioned. We don't want anyone to not receive an important piece of mail. You support the Air Force so you may also want to create another store for VIP users (Generals/Colonels/Senior Gov't). They would have much higher limits because the last thing you want is a call from a General asking why he can't send mail. Thanks Mike On 6/9/05, Mischler Timothy J Contractor NASIC/SCNA [EMAIL PROTECTED] wrote: Just out of curiosity, those of you who are Exchange Admins, what is the max size that your users can stop sending and receiving? How do you deal with users who are out of the office your whatever reason, so they don't lose emails because their over there limit? Thanks Tim List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Mailbox Limits
Title: Exchange and disabling accounts Id be interested to hear what others have to say, too. We are stingy with our mailbox limits because the more we give our users the more they abuse it. We limit most regular users to 8MB with a warning at 7MB. When they reach 8MB they cant send. If a regular users mailbox gets to 15MB then we disable it. This forces the user to do something either call the Help Desk or clean out their mail. Directors and chiefs and commissioners and such are generally given much higher limits. We start at 25MB and then increase by 10MB if necessary. We do have a handful of users who have no limits whatsoever and their mailboxes are out of control. We are in the process of migrating to Exchange2003 and implementing mailbox manager. Robin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mischler Timothy J Contractor NASIC/SCNA Sent: Thursday, June 09, 2005 7:55 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Exchange Mailbox Limits Just out of curiosity, those of you who are Exchange Admins, what is the max size that your users can stop sending and receiving? How do you deal with users who are out of the office your whatever reason, so they don't lose emails because their over there limit? Thanks Tim
Re: [ActiveDir] Time Synchronization IST and PST
If your have AD, all the clients take the server time, by default. To sync your server with IST, see NTP. thx djd --- Ravi Dogra [EMAIL PROTECTED] wrote: Hi All, I have been told to configure Time Synchronization of machines with IST or PST on basis of user logon. and i dont have any clue from where to start. Help Required -- Ravi Dogra List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Mailbox Limits
Our regular users are set to stop sending and receiving at 100MB, while our VIP users have a larger limit. I would like to set it to only stop sending at 100MB but I'm afraid their mailboxes would grow out of control. Most users work out of their PST file but if their not here to open Outlook it's not going into their PST. Thanks for all the input, I was just curious to how others were setup. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mike kline Sent: Thursday, June 09, 2005 8:20 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Exchange Mailbox Limits Tim, We use 65 MB for a warning and prohibit send at 75MB. We don't put any restrictions on receiving because of the reason you mentioned. We don't want anyone to not receive an important piece of mail. You support the Air Force so you may also want to create another store for VIP users (Generals/Colonels/Senior Gov't). They would have much higher limits because the last thing you want is a call from a General asking why he can't send mail. Thanks Mike On 6/9/05, Mischler Timothy J Contractor NASIC/SCNA [EMAIL PROTECTED] wrote: Just out of curiosity, those of you who are Exchange Admins, what is the max size that your users can stop sending and receiving? How do you deal with users who are out of the office your whatever reason, so they don't lose emails because their over there limit? Thanks Tim List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Security permissions on user object
OK this is odd, I changed admincount to 0 and an hour later it was changed back to 1. How frustrating. What gives? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Wednesday, June 08, 2005 10:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object In fact, yes it will, Russ. Looking back at the thread, I don't see any discussion about HOW these users came to have the admincount attribute set to 1. Do you have a root cause? The reason that I ask is because I've dealt with this before when someone (who I never caught) added a group to a Protected group. This effectively set the admincount attribute on about 200 techs, and it took a while to clean up and straighten out. If you don't know why it happened, you might be reliving this pretty soon. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, June 08, 2005 9:52 PM To: Robert Williams (RRE); ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Can I just use ADSIEDIT and go to individual users and set the admincount to 0? Will that stick? If that works, I could write a winbatch that will prompt for a username, and set their admincount to 0 automatically. From: Robert Williams (RRE) [mailto:[EMAIL PROTECTED] Sent: Wed 6/8/2005 8:34 PM To: Rimmerman, Russ; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Well...I guess you can reset it for all of them and count on the AdminSDHolder thread to reset them to 1 in about an hour or so...other than that, the logic needed in a script to differentiate between users who are / are not currently in one of the 'protected groups' would be astounding. You shouldn't have a problem trusting the fact that it will happen to the accounts still in the protected groups since that's what got you there in the first place :-) Hopefully that was helpful...have a great night! Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 08, 2005 8:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object OK looks like ya'll are on the right track. I found the script in the KB article to reset all the admincounts to 0, but that sounds scary. Can't I selectively set admincounts to 0 on a user-by-user basis somehow? Or is it safe to reset all users' admincounts to 0? I see Administrator in there, so that vbscript in http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 scares me. From: [EMAIL PROTECTED] on behalf of Robert Williams (RRE) Sent: Wed 6/8/2005 6:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Also keep in mind that if you were ever a member of one of these 'protected groups' that your inheritance will not be turned on again, nor will the admincount attribute be reset to 0so you can change those back when you know the user isn't a member of one of the 'protected groups' (changing those values before ensuring this will result in the values being reset...as you are well aware by this point). AdminCount is just a 'book keeping' method to know that the ACL has been stamped by AdminSDHolder. I hope that helps. Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Wednesday, June 08, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object It ssounds like it's the adminSDHolder behavior that's getting you. Are the users members of any of the other protected groups? It varies across versions, IIRC 2003 added more groups. The articles below should help point in the right direction. http://support.microsoft.com/default.aspx?scid=kb;en-us;318180 http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, June 08, 2005 12:26 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Security permissions on user object We migrated all our users from an NT4 domain to our AD domain. Anyone who was in Domain Admins on our NT4 domain got migrated into Domain Admins on our AD domain. We took them out of Domain Admins on our AD domain, but their accounts are inheriting the permissions like a normal user inherits. Whenever someone who is NOT a domain admin
RE: [ActiveDir] Security permissions on user object
I think the krbtgt account will also be listed. To get all objects (users and groups) with admincount =1 run: adfind -s subtree -b baseDN -f ((|(objectclass=group)(objectclass=user))(admincount=1)) -dsq GROUPSUSERS_WITH_ADMINCOUNT.TXT For users: adfind -s subtree -b baseDN -f ((objectclass=user)(admincount=1)) -dsq USERS_WITH_ADMINCOUNT.TXT For groups: adfind -s subtree -b baseDN -f ((objectclass=groups)(admincount=1)) -dsq GROUPS_WITH_ADMINCOUNT.TXT Use the command line your prefer... Filter out accounts that MUST have the admincount property (e.g. administrator, krbtgt, default protected groups, etc.) Create a batch using excel. Import the TXT file into excel with the accounts you want to change the admincoutn property. admod -b baseDN of object admincount::0 If the objects you changed are direct members of protected groups the admincount property will be reset to 1. If you use group nesting the object is a member of a non-protected group and that group is a member of a protected group the same will happenj - the admincount property will be reset to 1. I prefer to only change those accounts that you want changed and not to change everything and wait until the PDC FSMO resets all accounts that you did not want to change #JORGE# -Original Message- From: Rimmerman, Russ To: Jorge de Almeida Pinto; Robert Williams (RRE) ; ActiveDir@mail.activedir.org Sent: 6/9/2005 12:53 PM Subject: RE: [ActiveDir] Security permissions on user object But is it safe to reset all admincounts back to 0? Running the ldifde report to see what accounts are going to change, I ended up with 126, and noticed Administrator is in there, as well as service accounts. How will setting admincount back to 0 affect these important accounts? From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED] Sent: Thu 6/9/2005 2:41 AM To: 'Robert Williams (RRE) '; '[EMAIL PROTECTED] '; Rimmerman, Russ; 'ActiveDir@mail.activedir.org ' Subject: RE: [ActiveDir] Security permissions on user object If you look at MS-KBQ817433 Delegated permissions are not available and inheritance is automatically disabled you will see it provides a VB script to Resets all accounts that have adminCount = 1 back to 0 and enables the inheritance flag. That article also tells you how to configure AD so that you designate which default MS admin groups are protected groups and thus managed by the adminsdholder object Cheers #JORGE# -Original Message- From: [EMAIL PROTECTED] To: Rimmerman, Russ; ActiveDir@mail.activedir.org Sent: 6/9/2005 5:52 AM Subject: RE: [ActiveDir] Security permissions on user object Oh Certainly...that would work quite well. Joe, how much should he charge for that ;-) Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center -Original Message- From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 08, 2005 10:52 PM To: Robert Williams (RRE); ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Can I just use ADSIEDIT and go to individual users and set the admincount to 0? Will that stick? If that works, I could write a winbatch that will prompt for a username, and set their admincount to 0 automatically. From: Robert Williams (RRE) [mailto:[EMAIL PROTECTED] Sent: Wed 6/8/2005 8:34 PM To: Rimmerman, Russ; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Well...I guess you can reset it for all of them and count on the AdminSDHolder thread to reset them to 1 in about an hour or so...other than that, the logic needed in a script to differentiate between users who are / are not currently in one of the 'protected groups' would be astounding. You shouldn't have a problem trusting the fact that it will happen to the accounts still in the protected groups since that's what got you there in the first place :-) Hopefully that was helpful...have a great night! Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 08, 2005 8:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object OK looks like ya'll are on the right track. I found the script in the KB article to reset all the admincounts to 0, but that sounds scary. Can't I selectively set admincounts to 0 on a user-by-user basis somehow? Or is it safe to reset all users' admincounts to 0? I see Administrator in there, so that vbscript in http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 scares me. From: [EMAIL PROTECTED] on behalf of Robert Williams (RRE) Sent: Wed 6/8/2005 6:36 PM To:
[ActiveDir] Scheduled Importing
Title: Scheduled Importing Is there any good user friendly software out there that can import/create new users from a tab file on a nightly basis. Tabs would include First Name, Last Name, Password, Email address. Also if you have any software you recommend for daily AD maintenance please advise me where to look. Thanks -- Jacob Stabl Network Engineer Plain Local School District http://www.plainlocal.org Office: 330.492.3500 Cell : 330.704.1278 IP Phone: 4466
[ActiveDir] WSUS
If you already have SUS installed on a server, should you uninstall it before you install WSUS or leave it and just install over it? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Scheduled Importing
Title: Scheduled Importing Hi Jacob, Please consider SimpleSync from CPS Systems. You can use SimpleSync to read in a tab file, or read from any ODBC data source, and Provision Maintain AD. Operational in over 230 major companies and government organizations worldwide, including Northrop Grumman, NEA, and others. Will be glad to provide a web based demo using Glance, at your convenience. Cost, always a question :), would run under $10K, regardless of the size of the directory. Thanks, Jerry Jerry Welch CPS Systems US/Canada: 888-666-0277 International: +1 703 827 0919 (-4 GMT) IP Phone (Skype): Jerry_Welch ( www.skype.net ) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob StablSent: Thursday, June 09, 2005 10:55 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Scheduled Importing Is there any good user friendly software out there that can import/create new users from a tab file on a nightly basis. Tabs would include First Name, Last Name, Password, Email address. Also if you have any software you recommend for daily AD maintenance please advise me where to look. Thanks -- Jacob Stabl Network Engineer Plain Local School District http://www.plainlocal.org Office: 330.492.3500 Cell : 330.704.1278 IP Phone: 4466
RE: [ActiveDir] WSUS
There is an upgrade doc that worked fine for me. http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/W SUS/WSUStoSUSTC/c86e95dc-381f-47a2-b761-1fe0f13ad3f4.mspx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Thursday, June 09, 2005 10:01 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] WSUS If you already have SUS installed on a server, should you uninstall it before you install WSUS or leave it and just install over it? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Server Image Pushing Using Ghost Cast Server and DHCP
Ghost starting with v7 I believe includes a second CD which has the widgets to make PXE booting work. Now given you have no remote access, how are you going to set the server's BIOS to pxe boot first? My thinking is that you'd have the server always set to boot from PXE but you'd configure the DHCP server to not give an IP address to the server's MAC address (or you'd just turn off the boot services on the DHCP machine) If you can do that, then it's fairly straightforward although all your other comments apply. What I'm not sure is how you repair the DHCP/ghost server when that goes wrong - and sod's law says that that will be the only server ever to fail :-) Steve List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Discussion on exchange
Hello everybody :-) I am looking for a discussion list with the same higt expertise and knowledge as activedir :) ... Maybe exchangedir ? :-) Thanks for input. Regards, Yann List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] WSUS
Thanks this helped alot -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher Sent: Thursday, June 09, 2005 11:15 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WSUS There is an upgrade doc that worked fine for me. http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/W SUS/WSUStoSUSTC/c86e95dc-381f-47a2-b761-1fe0f13ad3f4.mspx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Thursday, June 09, 2005 10:01 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] WSUS If you already have SUS installed on a server, should you uninstall it before you install WSUS or leave it and just install over it? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Discussion on exchange
Well, as far as I know, joe isn't on any of the Exchange lists. But you can find high-quality discussion (as well as too much noise, unfortunately) on these: NameSponsor Posting Address Archive ExchangeListMSExchange.org [EMAIL PROTECTED] http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange DiscussionsSimpler-Webbexchange@intm-dl.sparklist.com http://intm-dl.sparklist.com/read/?forum=exchange Exchange Administration Sunbelt Software exchangelist@lyris.sunbelt-software.com http://lyris.sunbelt-software.com/read/?forum=exchangelist Exchange 2000 Yahoo [EMAIL PROTECTED] http://groups.yahoo.com Exchange 2003 Yahoo [EMAIL PROTECTED] http://groups.yahoo.com The Simpler-Webb list is probably the oldest. The Sunbelt list is probably the most active. You'll find a fair number of Exchange MVPs on them all (and several are here too). Thanks, M -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: Thursday, June 09, 2005 11:28 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Discussion on exchange Hello everybody :-) I am looking for a discussion list with the same higt expertise and knowledge as activedir :) ... Maybe exchangedir ? :-) Thanks for input. Regards, Yann List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Discussion on exchange
http://www.webelists.com/cgi/lyris.pl?join=exchangelist We occassionally field Exchange questions here, but the list above is dedicated solely to Exchange. A very good list, but not as gentle as Activedir. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of TIROA YANN Sent: Thu 6/9/2005 8:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Discussion on exchange Hello everybody :-) I am looking for a discussion list with the same higt expertise and knowledge as activedir :) ... Maybe exchangedir ? :-) Thanks for input. Regards, Yann List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] LDAP max msg size
Hi, I'm looking for the value of the LDAP max msg size within AD. If I remember correctly it is 10MB. Is that correct? I also thought it is configurable through NTDSUTIL - LDAP POLICIES. So my questions: * What is the default size * How to you configure it I knew the answers myself but I can't remember them. Cheers #JORGE# This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Renaming user and group object CNs
Thanks, this looks like the way to go, My big concerns are potential impacts on Exchange and the change in the name attribute for users and Distribution Groups in terms of permissions. Also, I would do this with VB.NET in Visual Studio, and therefore I assume the System.DirectoryServices DirectoryEntry.MoveTo Method in .NET is the equivalent to IADsContainer::MoveHere -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: June 8, 2005 5:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Renaming user and group object CNs The preferred method would be to use the movehere method. There are some gotchas when dealing with different languages. As for the gotchas of changing this, the biggest that jumps out occurs if you're using apps that rely on RDN or CN. Otherwise, it's a breeze. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/ad si/iadscontainer_movehere.asp Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Wednesday, June 08, 2005 3:34 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Renaming user and group object CNs You can script this using a tool like dsmod if you can come up with a list of the CNsthat you want to change to. There are other scripting options too, and if you want to change the CN to something like Lastname, Firstname you could even use ADModify. Phil On 6/8/05, Frost, David: #CIO-BPI [EMAIL PROTECTED] wrote: I have been researching the implication of modifying object CNs for users and groups in order to provide a) a more consistent cn format for objects in our directory, b) remove special characters such as /, #, and : that make dealing with objects via scripting difficult. Courtesy of the Active Directory Connector for Exchange, our AD user and Group Objects have CN attributes that are copies of the Exchange 5.5 directory Display Name attribute. Our initial testing did not seem to indicate that this would be a problem, but very shortly after we started to migrate users in production we noticed some issues and modified the ADC to stop this behaviour. Problem was that all the distribution groups had already been migrated along with 200-300 user objects (hence the cn= ex5.5 display name). Now that migration of users and groups from NT4 and Ex5.5 is complete (and has been for a number of months) the full impact (annoyance) of having these / , :, and # in the CN is is becoming visible. Command line tools such as dsquery etc, LDIFDE, CSVDE etc hiccup and generally add a number of flaming hoops to jump through to the point that I would like to rename the CNs on these objects (users and Universal distribution groups). Is this possible to do on a large scale (200-300 users and 2700 + groups)? If so how, what are the gotchas etc Thanks in advance. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP max msg size
Is this W2k3? If I'm not mistaken this value was removed in Windows Server 2003. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Thursday, June 09, 2005 8:38 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] LDAP max msg size Hi, I'm looking for the value of the LDAP max msg size within AD. If I remember correctly it is 10MB. Is that correct? I also thought it is configurable through NTDSUTIL - LDAP POLICIES. So my questions: * What is the default size * How to you configure it I knew the answers myself but I can't remember them. Cheers #JORGE# This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Discussion on exchange
Michael,Dèjì thank U for your input ;-) Hope these exchange discussions will meet my needs ;) it is rare to find a list as good as activdir ;( Regards, Yann -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de [EMAIL PROTECTED] Envoyé : jeudi 9 juin 2005 17:36 À : ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Discussion on exchange http://www.webelists.com/cgi/lyris.pl?join=exchangelist We occassionally field Exchange questions here, but the list above is dedicated solely to Exchange. A very good list, but not as gentle as Activedir. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of TIROA YANN Sent: Thu 6/9/2005 8:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Discussion on exchange Hello everybody :-) I am looking for a discussion list with the same higt expertise and knowledge as activedir :) ... Maybe exchangedir ? :-) Thanks for input. Regards, Yann List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Mailbox Limits
This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Robin Smith Sent: Thu 6/9/2005 5:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits I'd be interested to hear what others have to say, too. We are stingy with our mailbox limits because the more we give our users the more they abuse it. We limit most 'regular' users to 8MB with a warning at 7MB. When they reach 8MB they can't send. If a regular user's mailbox gets to 15MB then we disable it. This forces the user to do something - either call the Help Desk or clean out their mail. Directors and chiefs and commissioners and such are generally given much higher limits. We start at 25MB and then increase by 10MB if necessary. We do have a handful of users who have no limits whatsoever and their mailboxes are out of control. We are in the process of migrating to Exchange2003 and implementing mailbox manager. Robin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mischler Timothy J Contractor NASIC/SCNA Sent: Thursday, June 09, 2005 7:55 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Exchange Mailbox Limits Just out of curiosity, those of you who are Exchange Admins, what is the max size that your users can stop sending and receiving? How do you deal with users who are out of the office your whatever reason, so they don't lose emails because their over there limit? Thanks Tim List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] WSUS
There's a Whitepaper that covers this. Title is Step by Step to Migrating from Software Update Services to Windows Server Updates Services. Regards Peter Johnson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: 09 June 2005 17:01 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] WSUS If you already have SUS installed on a server, should you uninstall it before you install WSUS or leave it and just install over it? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP max msg size
oops.. yes I'm talking about W2K3. But if someone can answer that for W2K to please do so. #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 6/9/2005 5:47 PM Subject: RE: [ActiveDir] LDAP max msg size Is this W2k3? If I'm not mistaken this value was removed in Windows Server 2003. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Thursday, June 09, 2005 8:38 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] LDAP max msg size Hi, I'm looking for the value of the LDAP max msg size within AD. If I remember correctly it is 10MB. Is that correct? I also thought it is configurable through NTDSUTIL - LDAP POLICIES. So my questions: * What is the default size * How to you configure it I knew the answers myself but I can't remember them. Cheers #JORGE# This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] WSUS
Peter, I tried to open the Step by Step guide on Tuesday and was getting a 404 error on the page (other pages off the WSUS site were working fine). Maybe they've fixed it by now, but do you have a link to the page that worked for you? Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Thursday, June 09, 2005 12:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WSUS There's a Whitepaper that covers this. Title is Step by Step to Migrating from Software Update Services to Windows Server Updates Services. Regards Peter Johnson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: 09 June 2005 17:01 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] WSUS If you already have SUS installed on a server, should you uninstall it before you install WSUS or leave it and just install over it? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Mailbox Limits
Dèjì, I'd tend to agree with you there... 25Mb is nothing when you can go out and get a free email account with a gig a space from many providers. I do believe I'd be drawn and quartered if I recommended a 25mb, or even a 250 mb limit here... That being said, every organization is different. If they have a business justification for such a small mailbox size that's up to them... Hopefully when being so restrictive, they're properly controlling the usage of PST's (for various reasons) and controlling business use of external email accounts (in part to control garbage, and in part to comply with any retention regulations as applicable). Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 11:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Robin Smith Sent: Thu 6/9/2005 5:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits I'd be interested to hear what others have to say, too. We are stingy with our mailbox limits because the more we give our users the more they abuse it. We limit most 'regular' users to 8MB with a warning at 7MB. When they reach 8MB they can't send. If a regular user's mailbox gets to 15MB then we disable it. This forces the user to do something - either call the Help Desk or clean out their mail. Directors and chiefs and commissioners and such are generally given much higher limits. We start at 25MB and then increase by 10MB if necessary. We do have a handful of users who have no limits whatsoever and their mailboxes are out of control. We are in the process of migrating to Exchange2003 and implementing mailbox manager. Robin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mischler Timothy J Contractor NASIC/SCNA Sent: Thursday, June 09, 2005 7:55 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Exchange Mailbox Limits Just out of curiosity, those of you who are Exchange Admins, what is the max size that your users can stop sending and receiving? How do you deal with users who are out of the office your whatever reason, so they don't lose emails because their over there limit? Thanks Tim List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] WSUS
Hi Joe My boss gave me the physical print out so I'll need to check if he's got an electronic copy of it. Regards Peter The link is active but it takes you into the TechNet Library which makes it rather difficult to print the entire thing!!! RRRH! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: 09 June 2005 18:21 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WSUS Peter, I tried to open the Step by Step guide on Tuesday and was getting a 404 error on the page (other pages off the WSUS site were working fine). Maybe they've fixed it by now, but do you have a link to the page that worked for you? Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Thursday, June 09, 2005 12:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WSUS There's a Whitepaper that covers this. Title is Step by Step to Migrating from Software Update Services to Windows Server Updates Services. Regards Peter Johnson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: 09 June 2005 17:01 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] WSUS If you already have SUS installed on a server, should you uninstall it before you install WSUS or leave it and just install over it? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] WSUS
Forget previous statement!!! Here's a working link http://www.microsoft.com/downloads/details.aspx?FamilyId=4169C932-63B5-4 629-91D3-C8901C2AFA07displaylang=en Regards from Johannesburg, South Africa. Peter Johnson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: 09 June 2005 18:21 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WSUS Peter, I tried to open the Step by Step guide on Tuesday and was getting a 404 error on the page (other pages off the WSUS site were working fine). Maybe they've fixed it by now, but do you have a link to the page that worked for you? Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Thursday, June 09, 2005 12:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WSUS There's a Whitepaper that covers this. Title is Step by Step to Migrating from Software Update Services to Windows Server Updates Services. Regards Peter Johnson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: 09 June 2005 17:01 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] WSUS If you already have SUS installed on a server, should you uninstall it before you install WSUS or leave it and just install over it? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] WSUS
Here's the source link to the previous page which gives you the whole batch of tech docs. Cheers Peter http://www.microsoft.com/windowsserversystem/updateservices/techinfo/def ault.mspx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: 09 June 2005 18:49 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WSUS Hi Joe My boss gave me the physical print out so I'll need to check if he's got an electronic copy of it. Regards Peter The link is active but it takes you into the TechNet Library which makes it rather difficult to print the entire thing!!! RRRH! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: 09 June 2005 18:21 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WSUS Peter, I tried to open the Step by Step guide on Tuesday and was getting a 404 error on the page (other pages off the WSUS site were working fine). Maybe they've fixed it by now, but do you have a link to the page that worked for you? Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Thursday, June 09, 2005 12:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] WSUS There's a Whitepaper that covers this. Title is Step by Step to Migrating from Software Update Services to Windows Server Updates Services. Regards Peter Johnson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: 09 June 2005 17:01 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] WSUS If you already have SUS installed on a server, should you uninstall it before you install WSUS or leave it and just install over it? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP max msg size
Is this helpful? http://support.microsoft.com/default.aspx?scid=kb;en-us;315071sd=tech Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Jorge de Almeida Pinto Sent: Thu 6/9/2005 9:17 AM To: 'Isenhour, Joseph '; '[EMAIL PROTECTED] '; 'ActiveDir@mail.activedir.org ' Subject: RE: [ActiveDir] LDAP max msg size oops.. yes I'm talking about W2K3. But if someone can answer that for W2K to please do so. #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 6/9/2005 5:47 PM Subject: RE: [ActiveDir] LDAP max msg size Is this W2k3? If I'm not mistaken this value was removed in Windows Server 2003. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Thursday, June 09, 2005 8:38 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] LDAP max msg size Hi, I'm looking for the value of the LDAP max msg size within AD. If I remember correctly it is 10MB. Is that correct? I also thought it is configurable through NTDSUTIL - LDAP POLICIES. So my questions: * What is the default size * How to you configure it I knew the answers myself but I can't remember them. Cheers #JORGE# This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Mailbox Limits
Yes it is... I have one user with a 13Gb mailbox. (Yes, that's gigabytes.) Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burkes, Jeremy [Contractor] Sent: Thursday, June 09, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits In my current position they were in the process of migrating from Exchange 5.5 to 2000 and had to turn off the limitation policy for the migration (I cannot remember why). I have users with 800 - 1000 MB mailboxes. My information stores are growing somewhat out of control. We are turning back on our email deletion policy and are going to enforce 500MB limitations for most users and probably 750MB for our commanders. It is amazing what users will do when given the space. Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 12:28 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Dèjì, I'd tend to agree with you there... 25Mb is nothing when you can go out and get a free email account with a gig a space from many providers. I do believe I'd be drawn and quartered if I recommended a 25mb, or even a 250 mb limit here... That being said, every organization is different. If they have a business justification for such a small mailbox size that's up to them... Hopefully when being so restrictive, they're properly controlling the usage of PST's (for various reasons) and controlling business use of external email accounts (in part to control garbage, and in part to comply with any retention regulations as applicable). Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 11:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Robin Smith Sent: Thu 6/9/2005 5:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits I'd be interested to hear what others have to say, too. We are stingy with our mailbox limits because the more we give our users the more they abuse it. We limit most 'regular' users to 8MB with a warning at 7MB. When they reach 8MB they can't send. If a regular user's mailbox gets to 15MB then we disable it. This forces the user to do something - either call the Help Desk or clean out their mail. Directors and chiefs and commissioners and such are generally given much higher limits. We start at 25MB and then increase by 10MB if necessary. We do have a handful of users who have no limits whatsoever and their mailboxes are out of control. We are in the process of migrating to Exchange2003 and implementing mailbox manager. Robin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mischler Timothy J Contractor NASIC/SCNA Sent: Thursday, June 09, 2005 7:55 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Exchange Mailbox Limits Just out of curiosity, those of you who are Exchange Admins, what is the max size that your users can stop sending and receiving? How do you deal with users who are out of the office your whatever reason, so they don't lose emails because their over there limit? Thanks Tim List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive:
RE: [ActiveDir] Way OT: FTP not working for certain files...
Just a quick update - problem has been solved. Turns out it was a weird issue the DSL router firmware. Updated firmware and all works like a champ. So if anyone out there uses D-Link routers at home and experiences a similar situation...give D-Link a shout and see if you need a firmware update! Many thanks to all who wrote in with suggestions for resolution! Regards, Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser Sent: Wednesday, June 01, 2005 3:26 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Way OT: FTP not working for certain files... What is the Web Server/FTP Server? And what clients have been successful? I would look into permissions due to the fact that you are unable to copy the said files to a USB drive. On 6/1/05 10:40 AM, Lou Vega [EMAIL PROTECTED] wrote: I thought it might be that too. The web server is a non-Windows one. I also attempted to take the existing files and copy them to a USB thumb drive which was FAT versus NTFS and the same files still did not copy. The file perms on the web server are set apparently correct since when I take them on a different computer they upload fine. All virus/malware scans come up negative. I've run McAfee, Symantec and AVG all with the latest definitions and engines. Microsoft Spyware reports nothing, nor does any other spyware/malware program I've run (many at this point). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Jessop Sent: Wednesday, June 01, 2005 1:18 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Way OT: FTP not working for certain files... I think that you have to check the NTFS permissions on the current website files Regards Peter List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP max msg size
I hate to say it, but no #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 6/9/2005 7:25 PM Subject: RE: [ActiveDir] LDAP max msg size Is this helpful? http://support.microsoft.com/default.aspx?scid=kb;en-us;315071sd=tech Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Jorge de Almeida Pinto Sent: Thu 6/9/2005 9:17 AM To: 'Isenhour, Joseph '; '[EMAIL PROTECTED] '; 'ActiveDir@mail.activedir.org ' Subject: RE: [ActiveDir] LDAP max msg size oops.. yes I'm talking about W2K3. But if someone can answer that for W2K to please do so. #JORGE# -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 6/9/2005 5:47 PM Subject: RE: [ActiveDir] LDAP max msg size Is this W2k3? If I'm not mistaken this value was removed in Windows Server 2003. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Thursday, June 09, 2005 8:38 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] LDAP max msg size Hi, I'm looking for the value of the LDAP max msg size within AD. If I remember correctly it is 10MB. Is that correct? I also thought it is configurable through NTDSUTIL - LDAP POLICIES. So my questions: * What is the default size * How to you configure it I knew the answers myself but I can't remember them. Cheers #JORGE# This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Mailbox Limits
Hi Joe, What version of Exchange are you using is it 2003? One of my user group members just mentioned that he was limited to 2GB, however he had enforced prohibit send and receive and tried setting the limit to 2.5GB when he receive the error I have attached. Sincerely, Jose Medeiros Former Vice President and Postmaster NTEA MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Yes it is... I have one user with a 13Gb mailbox. (Yes, that's gigabytes.) Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burkes, Jeremy [Contractor] Sent: Thursday, June 09, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits In my current position they were in the process of migrating from Exchange 5.5 to 2000 and had to turn off the limitation policy for the migration (I cannot remember why). I have users with 800 - 1000 MB mailboxes. My information stores are growing somewhat out of control. We are turning back on our email deletion policy and are going to enforce 500MB limitations for most users and probably 750MB for our commanders. It is amazing what users will do when given the space. Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 12:28 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Dèjì, I'd tend to agree with you there... 25Mb is nothing when you can go out and get a free email account with a gig a space from many providers. I do believe I'd be drawn and quartered if I recommended a 25mb, or even a 250 mb limit here... That being said, every organization is different. If they have a business justification for such a small mailbox size that's up to them... Hopefully when being so restrictive, they're properly controlling the usage of PST's (for various reasons) and controlling business use of external email accounts (in part to control garbage, and in part to comply with any retention regulations as applicable). Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 11:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Robin Smith Sent: Thu 6/9/2005 5:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits I'd be interested to hear what others have to say, too. We are stingy with our mailbox limits because the more we give our users the more they abuse it. We limit most 'regular' users to 8MB with a warning at 7MB. When they reach 8MB they can't send. If a regular user's mailbox gets to 15MB then we disable it. This forces the user to do something - either call the Help Desk or clean out their mail. Directors and chiefs and commissioners and such are generally given much higher limits. We start at 25MB and then increase by 10MB if necessary. We do have a handful of users who have no limits whatsoever and their mailboxes are out of control. We are in the process of migrating to Exchange2003 and implementing mailbox manager. Robin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mischler Timothy J Contractor NASIC/SCNA Sent: Thursday, June 09, 2005 7:55 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Exchange Mailbox Limits Just out of curiosity, those of you who are Exchange Admins, what is the max
RE: [ActiveDir] Exchange Mailbox Limits
Yes, I'm using Exchange 2003. I guess if you are going to set limits, the biggest limit you can set is 1kb less than 2Gb (2Gb = 2097152 Kb). Maybe MS figures that anyone who's going to set a limit over two gigs really shouldn't bother setting limits? If you don't set limits then, well, I haven't seen a hard number on the ceiling yet as to how big a mailbox can get.. Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, June 09, 2005 1:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Hi Joe, What version of Exchange are you using is it 2003? One of my user group members just mentioned that he was limited to 2GB, however he had enforced prohibit send and receive and tried setting the limit to 2.5GB when he receive the error I have attached. Sincerely, Jose Medeiros Former Vice President and Postmaster NTEA MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Yes it is... I have one user with a 13Gb mailbox. (Yes, that's gigabytes.) Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burkes, Jeremy [Contractor] Sent: Thursday, June 09, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits In my current position they were in the process of migrating from Exchange 5.5 to 2000 and had to turn off the limitation policy for the migration (I cannot remember why). I have users with 800 - 1000 MB mailboxes. My information stores are growing somewhat out of control. We are turning back on our email deletion policy and are going to enforce 500MB limitations for most users and probably 750MB for our commanders. It is amazing what users will do when given the space. Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 12:28 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Dèjì, I'd tend to agree with you there... 25Mb is nothing when you can go out and get a free email account with a gig a space from many providers. I do believe I'd be drawn and quartered if I recommended a 25mb, or even a 250 mb limit here... That being said, every organization is different. If they have a business justification for such a small mailbox size that's up to them... Hopefully when being so restrictive, they're properly controlling the usage of PST's (for various reasons) and controlling business use of external email accounts (in part to control garbage, and in part to comply with any retention regulations as applicable). Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 11:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Robin Smith Sent: Thu 6/9/2005 5:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits I'd be interested to hear what others have to say, too. We are stingy with our mailbox limits because the more we give our users the more they abuse it. We limit most 'regular' users to 8MB with a warning at 7MB. When they reach 8MB they can't send.
RE: [ActiveDir] Exchange Mailbox Limits
The amount of data alone from this LIST would fill 8 megs a day :-) Generally I have come across with 50 to 100 MB limits with a 90 MB soft warning. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 11:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Robin Smith Sent: Thu 6/9/2005 5:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits I'd be interested to hear what others have to say, too. We are stingy with our mailbox limits because the more we give our users the more they abuse it. We limit most 'regular' users to 8MB with a warning at 7MB. When they reach 8MB they can't send. If a regular user's mailbox gets to 15MB then we disable it. This forces the user to do something - either call the Help Desk or clean out their mail. Directors and chiefs and commissioners and such are generally given much higher limits. We start at 25MB and then increase by 10MB if necessary. We do have a handful of users who have no limits whatsoever and their mailboxes are out of control. We are in the process of migrating to Exchange2003 and implementing mailbox manager. Robin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mischler Timothy J Contractor NASIC/SCNA Sent: Thursday, June 09, 2005 7:55 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Exchange Mailbox Limits Just out of curiosity, those of you who are Exchange Admins, what is the max size that your users can stop sending and receiving? How do you deal with users who are out of the office your whatever reason, so they don't lose emails because their over there limit? Thanks Tim List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Visit our website at http://www.ubs.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Mailbox Limits
Hi Joe, Thanks for the feedback, it sounds logical. I was also under that same assumption, however the largest mailbox I have had to support so far has only been 2.4gb's and was unsure. Jose :-) -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 11:41 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Yes, I'm using Exchange 2003. I guess if you are going to set limits, the biggest limit you can set is 1kb less than 2Gb (2Gb = 2097152 Kb). Maybe MS figures that anyone who's going to set a limit over two gigs really shouldn't bother setting limits? If you don't set limits then, well, I haven't seen a hard number on the ceiling yet as to how big a mailbox can get.. Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, June 09, 2005 1:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Hi Joe, What version of Exchange are you using is it 2003? One of my user group members just mentioned that he was limited to 2GB, however he had enforced prohibit send and receive and tried setting the limit to 2.5GB when he receive the error I have attached. Sincerely, Jose Medeiros Former Vice President and Postmaster NTEA MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Yes it is... I have one user with a 13Gb mailbox. (Yes, that's gigabytes.) Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burkes, Jeremy [Contractor] Sent: Thursday, June 09, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits In my current position they were in the process of migrating from Exchange 5.5 to 2000 and had to turn off the limitation policy for the migration (I cannot remember why). I have users with 800 - 1000 MB mailboxes. My information stores are growing somewhat out of control. We are turning back on our email deletion policy and are going to enforce 500MB limitations for most users and probably 750MB for our commanders. It is amazing what users will do when given the space. Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 12:28 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Dèjì, I'd tend to agree with you there... 25Mb is nothing when you can go out and get a free email account with a gig a space from many providers. I do believe I'd be drawn and quartered if I recommended a 25mb, or even a 250 mb limit here... That being said, every organization is different. If they have a business justification for such a small mailbox size that's up to them... Hopefully when being so restrictive, they're properly controlling the usage of PST's (for various reasons) and controlling business use of external email accounts (in part to control garbage, and in part to comply with any retention regulations as applicable). Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 11:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were
RE: [ActiveDir] Security permissions on user object
What group(s) is that principal currently a member of? I suspect it's still a member of a protected group. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Thursday, June 09, 2005 8:46 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object OK this is odd, I changed admincount to 0 and an hour later it was changed back to 1. How frustrating. What gives? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Wednesday, June 08, 2005 10:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object In fact, yes it will, Russ. Looking back at the thread, I don't see any discussion about HOW these users came to have the admincount attribute set to 1. Do you have a root cause? The reason that I ask is because I've dealt with this before when someone (who I never caught) added a group to a Protected group. This effectively set the admincount attribute on about 200 techs, and it took a while to clean up and straighten out. If you don't know why it happened, you might be reliving this pretty soon. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, June 08, 2005 9:52 PM To: Robert Williams (RRE); ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Can I just use ADSIEDIT and go to individual users and set the admincount to 0? Will that stick? If that works, I could write a winbatch that will prompt for a username, and set their admincount to 0 automatically. From: Robert Williams (RRE) [mailto:[EMAIL PROTECTED] Sent: Wed 6/8/2005 8:34 PM To: Rimmerman, Russ; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Well...I guess you can reset it for all of them and count on the AdminSDHolder thread to reset them to 1 in about an hour or so...other than that, the logic needed in a script to differentiate between users who are / are not currently in one of the 'protected groups' would be astounding. You shouldn't have a problem trusting the fact that it will happen to the accounts still in the protected groups since that's what got you there in the first place :-) Hopefully that was helpful...have a great night! Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 08, 2005 8:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object OK looks like ya'll are on the right track. I found the script in the KB article to reset all the admincounts to 0, but that sounds scary. Can't I selectively set admincounts to 0 on a user-by-user basis somehow? Or is it safe to reset all users' admincounts to 0? I see Administrator in there, so that vbscript in http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 scares me. From: [EMAIL PROTECTED] on behalf of Robert Williams (RRE) Sent: Wed 6/8/2005 6:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object Also keep in mind that if you were ever a member of one of these 'protected groups' that your inheritance will not be turned on again, nor will the admincount attribute be reset to 0so you can change those back when you know the user isn't a member of one of the 'protected groups' (changing those values before ensuring this will result in the values being reset...as you are well aware by this point). AdminCount is just a 'book keeping' method to know that the ACL has been stamped by AdminSDHolder. I hope that helps. Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Wednesday, June 08, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security permissions on user object It ssounds like it's the adminSDHolder behavior that's getting you. Are the users members of any of the other protected groups? It varies across versions, IIRC 2003 added more groups. The articles below should help point in the right direction. http://support.microsoft.com/default.aspx?scid=kb;en-us;318180 http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, June 08, 2005 12:26 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Security permissions on
RE: [ActiveDir] LDAP max msg size
It is indeed 10MB, it is stored in the lDAPAdminLimits attribute of the object CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,root dn. Though you can set up additional/separate policies as well. Look or a string called MaxReceiveBuffer. Default setting should be 10485760 which is 10240KB which is 10MB. Be VERY careful modifying this value, there are several KBs out there describing issues resulting from dorking with it. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Thursday, June 09, 2005 11:38 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] LDAP max msg size Hi, I'm looking for the value of the LDAP max msg size within AD. If I remember correctly it is 10MB. Is that correct? I also thought it is configurable through NTDSUTIL - LDAP POLICIES. So my questions: * What is the default size * How to you configure it I knew the answers myself but I can't remember them. Cheers #JORGE# This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Mailbox Limits
LOL, a major customer you and I have both worked with currently has mailbox limits of 20MB for most of their 200k or so mailboxes and as a whole, it works fine. I think execs get 50-80MB. I had heard a few people complain that some HTML messages are several MB so it doesn't take but an hour or so for 20MB to get filled up. The response from the folks doing the mailbox quota support was... Stop using HTML for messages. Unless you knew someone who could yell at someone, chances are slim you will get an increase from 20MB. Once Exchange quotas got stored in my AD my quota mysteriously went to 80MB, we could never figure out what the misfire was in the system... I told them I would look into it and get back to them. Seriously though, if you think about it, 20MB for 200K users is a lot of space, no matter how cheap the disk and you have to consider deleted items retention and backup space to go back say 30,60,90 or even more days on top of all of that. You can go quite a ways with 20MB of plain text messages. You don't really often needs graphics and pretty fonts to communicate with folks. I can see companies making judgements along those lines. Especially as more and more reports come out about how email and instant messaging is probably starting to hurt productivity more than help. I have heard of a couple of companies backing away from the email world and seeing tremendous productivity gains and better customer service. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 11:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Robin Smith Sent: Thu 6/9/2005 5:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits I'd be interested to hear what others have to say, too. We are stingy with our mailbox limits because the more we give our users the more they abuse it. We limit most 'regular' users to 8MB with a warning at 7MB. When they reach 8MB they can't send. If a regular user's mailbox gets to 15MB then we disable it. This forces the user to do something - either call the Help Desk or clean out their mail. Directors and chiefs and commissioners and such are generally given much higher limits. We start at 25MB and then increase by 10MB if necessary. We do have a handful of users who have no limits whatsoever and their mailboxes are out of control. We are in the process of migrating to Exchange2003 and implementing mailbox manager. Robin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mischler Timothy J Contractor NASIC/SCNA Sent: Thursday, June 09, 2005 7:55 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Exchange Mailbox Limits Just out of curiosity, those of you who are Exchange Admins, what is the max size that your users can stop sending and receiving? How do you deal with users who are out of the office your whatever reason, so they don't lose emails because their over there limit? Thanks Tim List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Mailbox Limits
And then I have this problem. We have CO All (2500 mailboxes) and CPS ALL (60K mailboxes). Today the dumbasses with access to these DLs sent: 1x5K - CPS ALL 1x15K - CO ALL 1x270K - CO ALL (two fricken attachments) 1x9K - CO ALL Now times all that out assuming SIS works perfectly by oh I think 260ish mailstores. Our quotas for teachers (like 50K of them): 60/70/80 and central office employees - 250/400/450. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 09, 2005 11:30 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits LOL, a major customer you and I have both worked with currently has mailbox limits of 20MB for most of their 200k or so mailboxes and as a whole, it works fine. I think execs get 50-80MB. I had heard a few people complain that some HTML messages are several MB so it doesn't take but an hour or so for 20MB to get filled up. The response from the folks doing the mailbox quota support was... Stop using HTML for messages. Unless you knew someone who could yell at someone, chances are slim you will get an increase from 20MB. Once Exchange quotas got stored in my AD my quota mysteriously went to 80MB, we could never figure out what the misfire was in the system... I told them I would look into it and get back to them. Seriously though, if you think about it, 20MB for 200K users is a lot of space, no matter how cheap the disk and you have to consider deleted items retention and backup space to go back say 30,60,90 or even more days on top of all of that. You can go quite a ways with 20MB of plain text messages. You don't really often needs graphics and pretty fonts to communicate with folks. I can see companies making judgements along those lines. Especially as more and more reports come out about how email and instant messaging is probably starting to hurt productivity more than help. I have heard of a couple of companies backing away from the email world and seeing tremendous productivity gains and better customer service. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 11:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Robin Smith Sent: Thu 6/9/2005 5:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits I'd be interested to hear what others have to say, too. We are stingy with our mailbox limits because the more we give our users the more they abuse it. We limit most 'regular' users to 8MB with a warning at 7MB. When they reach 8MB they can't send. If a regular user's mailbox gets to 15MB then we disable it. This forces the user to do something - either call the Help Desk or clean out their mail. Directors and chiefs and commissioners and such are generally given much higher limits. We start at 25MB and then increase by 10MB if necessary. We do have a handful of users who have no limits whatsoever and their mailboxes are out of control. We are in the process of migrating to Exchange2003 and implementing mailbox manager. Robin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mischler Timothy J Contractor NASIC/SCNA Sent: Thursday, June 09, 2005 7:55 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Exchange Mailbox Limits Just out of curiosity, those of you who are Exchange Admins, what is the max size that your users can stop sending and receiving? How do you deal with users who are out of the office your whatever reason, so they don't lose emails because their over there limit? Thanks Tim List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive:
RE: [ActiveDir] Exchange Mailbox Limits
Outlook .pst files have a problem with corruption at 2GB. Mailbox size - how big is the store? :0) We had one lady who saved every report, every e-mail, I mean EVERYTHING, since the day she started. Her e-mail box on the Exchange server was (might still be - not my problem anymore) approx. 30GB. THAT was impressive! Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, June 09, 2005 10:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Really? I read somewhere that there is a 1.5 gig limit on mailbox size and after that it can be corrupted with support from MS. Has anyone heard this? David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, June 09, 2005 12:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Hi Joe, What version of Exchange are you using is it 2003? One of my user group members just mentioned that he was limited to 2GB, however he had enforced prohibit send and receive and tried setting the limit to 2.5GB when he receive the error I have attached. Sincerely, Jose Medeiros Former Vice President and Postmaster NTEA MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Yes it is... I have one user with a 13Gb mailbox. (Yes, that's gigabytes.) Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burkes, Jeremy [Contractor] Sent: Thursday, June 09, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits In my current position they were in the process of migrating from Exchange 5.5 to 2000 and had to turn off the limitation policy for the migration (I cannot remember why). I have users with 800 - 1000 MB mailboxes. My information stores are growing somewhat out of control. We are turning back on our email deletion policy and are going to enforce 500MB limitations for most users and probably 750MB for our commanders. It is amazing what users will do when given the space. Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 12:28 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Dèjì, I'd tend to agree with you there... 25Mb is nothing when you can go out and get a free email account with a gig a space from many providers. I do believe I'd be drawn and quartered if I recommended a 25mb, or even a 250 mb limit here... That being said, every organization is different. If they have a business justification for such a small mailbox size that's up to them... Hopefully when being so restrictive, they're properly controlling the usage of PST's (for various reasons) and controlling business use of external email accounts (in part to control garbage, and in part to comply with any retention regulations as applicable). Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 11:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Robin Smith Sent: Thu 6/9/2005 5:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits I'd be interested to hear what others have to say, too. We are stingy with our mailbox limits because the more we give our
RE: [ActiveDir] Exchange Mailbox Limits
ROTLMAO! I share your pain, Brian. Yeah Gotta love those 'Send to ALL' DLs - and the obvious misuse of same. Black bronco in the north parking lot, second level - your lights are on Ummm, which city/site? I only have 50 of them. And, I'm guessing the sender knows where he/she is. So, why send to the ENTIRE COMPANY? I could almost understand using the ALL DL for that site. And (I'm really kinda heartless, so excuse this, please) people who leave their lights on need to be reminded that it's their problem - so who cares? OK - apparently I'm cranky at 1AM :oD Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Thursday, June 09, 2005 11:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits And then I have this problem. We have CO All (2500 mailboxes) and CPS ALL (60K mailboxes). Today the dumbasses with access to these DLs sent: 1x5K - CPS ALL 1x15K - CO ALL 1x270K - CO ALL (two fricken attachments) 1x9K - CO ALL Now times all that out assuming SIS works perfectly by oh I think 260ish mailstores. Our quotas for teachers (like 50K of them): 60/70/80 and central office employees - 250/400/450. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 09, 2005 11:30 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits LOL, a major customer you and I have both worked with currently has mailbox limits of 20MB for most of their 200k or so mailboxes and as a whole, it works fine. I think execs get 50-80MB. I had heard a few people complain that some HTML messages are several MB so it doesn't take but an hour or so for 20MB to get filled up. The response from the folks doing the mailbox quota support was... Stop using HTML for messages. Unless you knew someone who could yell at someone, chances are slim you will get an increase from 20MB. Once Exchange quotas got stored in my AD my quota mysteriously went to 80MB, we could never figure out what the misfire was in the system... I told them I would look into it and get back to them. Seriously though, if you think about it, 20MB for 200K users is a lot of space, no matter how cheap the disk and you have to consider deleted items retention and backup space to go back say 30,60,90 or even more days on top of all of that. You can go quite a ways with 20MB of plain text messages. You don't really often needs graphics and pretty fonts to communicate with folks. I can see companies making judgements along those lines. Especially as more and more reports come out about how email and instant messaging is probably starting to hurt productivity more than help. I have heard of a couple of companies backing away from the email world and seeing tremendous productivity gains and better customer service. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 11:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Robin Smith Sent: Thu 6/9/2005 5:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits I'd be interested to hear what others have to say, too. We are stingy with our mailbox limits because the more we give our users the more they abuse it. We limit most 'regular' users to 8MB with a warning at 7MB. When they reach 8MB they can't send. If a regular user's mailbox gets to 15MB then we disable it. This forces the user to do something - either call the Help Desk or clean out their mail. Directors and chiefs and commissioners and such are generally given much higher limits. We start at 25MB and then increase by 10MB if necessary. We do have a handful of users who have no limits whatsoever and their mailboxes are out of control. We are in the process of migrating to Exchange2003 and implementing mailbox manager. Robin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mischler Timothy J Contractor NASIC/SCNA Sent: Thursday, June 09, 2005 7:55 AM To:
RE: [ActiveDir] Educating Users about crossdomain moves
Yeah my OWA users mostly login with their UPNs, but workstation users the domain is usually just selected. Switching to UPNs requires education of wtf a UPN is and that your email address works the ctrl alt del screen too. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 09, 2005 11:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Educating Users about crossdomain moves Switch to UPN logons if the clients support it. Then move them as you want to, just make sure the UPN doesn't change. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Thursday, June 09, 2005 4:49 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Educating Users about crossdomain moves Wondering how other folks do this: Environment Im currently dealing with has two domains which basically work out to this as far as user distribution Domain A) Central Office Domain B) Remote Sites. Now, this is a 60K employee organization, and people seem to wander around a lot. I need to handle the move between remote sites and central office at the domain level. ADMTing the account is what Im aiming to do. Now my question is how do I educate the user about this impending logon change? Do I send them an email two days before and a reminder the day before I do it? Do I just say screw em and make em call helpdesk? There are roughly 2000 2500 people working at central office/qualified to be in this domain, the balance is at the remote sites. I have no idea what the actual volume of transfers is per week. My understanding is that its far more common to get fired and rehired than it is to actually transfer positions in this particular organization which amounts to a new account. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132