RE: [ActiveDir] Audit Reporting Tools
MOM can do it with some easy rules, but the reporting I haven’t tackled yet. I do like the idea of getting paged with a domain admins ADD so I can go yell at the person within 2 minutes of their naughty deed. That aside, I put ACS in here. I then wrapped some SQL Reporting Services reports around it for things like group membership delta, local/ts logon to DCs, new accounts, enabled accounts, etc. I really enjoy being able to read these reports every morning in my inbox and then questioning and yelling at people as a way to start my day . I always get asked how I found out, which I have so far refused to tell since I installed this a month or two ago. Nobody even knows I kicked up the event logging actually, just did it one day and turned all this on. Keep in mind with ACS at least, you’re going to need to do some event pruning. I have in about two months collected 20 million “interesting” events from my 6 least busy DCs. I have a coupel DCs that during the school year log hundreds of audits a second. AS soon as I get my firewall rule I’m adding those to the collection, so you will need some storage space for SQL DB (my 20mil events is like 20gig or so). I don’t know how many millions I filter, but I calculated I would be collecting billions upon billions of events a month if I didn’t cut some of the annoying crap like computer account logons & pw changes, Kerb TGTs, etc. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Tuesday, July 26, 2005 11:57 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Audit Reporting Tools MOM can do this – as the events that you decide to capture are written to the database. And, with some SQL scripting or custom tools, I’m fairly certain that the info can be ripped out of the MOM DB. However, it really wasn’t designed to handle masses of raw audit logs. However (previously known as DADS…) Microsoft Audit Collection Server (due….. sometime) will provide most of what you’re looking for. Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 9:33 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Audit Reporting Tools I currently have AD set to audit the account administration successes so we can pinpoint who is putting users in specific groups. Although this tracks every modification to our accounts, I was wondering if anyone has knowledge of a software utility that will export the Security Log data to an SQL database so we can run queries, generate reports, and keep a history of what's been changed. I've heard that the Microsoft Operations Manager Console will do this but I have not found any documentation on the MS website to support that claim. Bonnie Pohlschneider Copeland Corporation 937-493-2333 PH 718-887-7441 FX
RE: [ActiveDir] Audit Reporting Tools
MOM can do this – as the events that you decide to capture are written to the database. And, with some SQL scripting or custom tools, I’m fairly certain that the info can be ripped out of the MOM DB. However, it really wasn’t designed to handle masses of raw audit logs. However (previously known as DADS…) Microsoft Audit Collection Server (due….. sometime) will provide most of what you’re looking for. Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 9:33 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Audit Reporting Tools I currently have AD set to audit the account administration successes so we can pinpoint who is putting users in specific groups. Although this tracks every modification to our accounts, I was wondering if anyone has knowledge of a software utility that will export the Security Log data to an SQL database so we can run queries, generate reports, and keep a history of what's been changed. I've heard that the Microsoft Operations Manager Console will do this but I have not found any documentation on the MS website to support that claim. Bonnie Pohlschneider Copeland Corporation 937-493-2333 PH 718-887-7441 FX
Re: [ActiveDir] turn off replication to a DC in same site
HA, thanks Mike. I knew I had seen that but couldn't remember where. Thanks we are using a VM DC for like a delayed replication DC. We have turned off or lowered all the stuff like LDAP etc. Steve - Original Message - From: "Brett Shirley" <[EMAIL PROTECTED]> To: Sent: Tuesday, July 26, 2005 9:46 PM Subject: Re: [ActiveDir] turn off replication to a DC in same site Well you have _two_ completely seperate replication systems to deal with, and I know nothing about FRS, but for Active Directory replication, this command will do it: repadmin /options +DISABLE_INBOUND_REPL To turn back on, change the "+" to a "-". It's listed in /advhelp screen. You can list a current DC's options like this: repadmin /options Fun (albeit dangerous) tip: Even thought repadmin.exe doesn't admit it in the help, secretly I made repadmin /options work with DC_LIST / DSA_LISTS, so you can have the equivalent of the big red emergency shutoff button for replication for your forest: repadmin /options * +DISABLE_INBOUND_REPL The /force flag when provided to "repadmin /replicate" WILL override the disabled flag I showed above. In general everyone should be in the habit of not providing the /force flag, it's like hitting the OK button as habit, stay out of the habit, otherwise it'll be too late. This posting is "AS IS", if you turn off replication in your whole forest, it's not my problem. Cheers, -BrettSh [msft] SDE ESE On Tue, 26 Jul 2005, Steve Schofield wrote: Hi, I have a single DC I would like to be able to turn on and off replication and only push changes at certain times. Is there command line utility to turn on and off replication or is it as easy as turning FRS service off. I can't separate this DC into a separate site to control replication times. Steve List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Audit Reporting Tools
I currently have AD set to audit the account administration successes so we can pinpoint who is putting users in specific groups. Although this tracks every modification to our accounts, I was wondering if anyone has knowledge of a software utility that will export the Security Log data to an SQL database so we can run queries, generate reports, and keep a history of what's been changed. I've heard that the Microsoft Operations Manager Console will do this but I have not found any documentation on the MS website to support that claim. Bonnie Pohlschneider Copeland Corporation 937-493-2333 PH 718-887-7441 FX
Re: [ActiveDir] turn off replication to a DC in same site
Well you have _two_ completely seperate replication systems to deal with, and I know nothing about FRS, but for Active Directory replication, this command will do it: repadmin /options +DISABLE_INBOUND_REPL To turn back on, change the "+" to a "-". It's listed in /advhelp screen. You can list a current DC's options like this: repadmin /options Fun (albeit dangerous) tip: Even thought repadmin.exe doesn't admit it in the help, secretly I made repadmin /options work with DC_LIST / DSA_LISTS, so you can have the equivalent of the big red emergency shutoff button for replication for your forest: repadmin /options * +DISABLE_INBOUND_REPL The /force flag when provided to "repadmin /replicate" WILL override the disabled flag I showed above. In general everyone should be in the habit of not providing the /force flag, it's like hitting the OK button as habit, stay out of the habit, otherwise it'll be too late. This posting is "AS IS", if you turn off replication in your whole forest, it's not my problem. Cheers, -BrettSh [msft] SDE ESE On Tue, 26 Jul 2005, Steve Schofield wrote: > Hi, > > I have a single DC I would like to be able to turn on and off replication > and only push changes at certain times. Is there command line utility to > turn on and off replication or is it as easy as turning FRS service off. I > can't separate this DC into a separate site to control replication times. > > Steve > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] turn off replication to a DC in same site
Hi, I have a single DC I would like to be able to turn on and off replication and only push changes at certain times. Is there command line utility to turn on and off replication or is it as easy as turning FRS service off. I can't separate this DC into a separate site to control replication times. Steve List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Logon script with Admin rights **Work Around**
I would check your assumption that users won't be able to see the batch file just because it's running as part of a GPO Have you ever dug through a SYSVOL share? You can see a lot more than you would think. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Thursday, July 21, 2005 7:18 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Logon script with Admin rights **Work Around** Joe, you're absolutely correct. I'm going to look for a vbscript course as soon as possible. If anyone has any recommendation, lemme know. As for the admin rights script, I worked around it by first putting it in GPO, then used the 'runas' command along with a freeware program called 'sanur' which piped the password back into the runas command. And since this is being run through GPO, the batch file was not visible to the end user. The end result was this: runas /u:domain\admin \\SERVER1\SDLIB$\INSTALL.EXE | \\SERVER1\SDLIB$\sanur password -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, July 20, 2005 10:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Logon script with Admin rights This is the kind of thing why you hire in admins with scripting capabilities or encourage your admins to learn how to script or set up a tool group to write scripts for everyone. A long time ago in a galaxy far far away I worked at a very large company on NT4 stuff. We used SMS but found it to be so crappy (It was like SMS 1.2 or something like that) that it could barely properly deliver a menu pick so we sat down for a month and wrote a software delivery system for NT from perl. It wasn't completely original, the client integration group had done something similar with I think C for Win9x. We just took the idea and expanded it to NT. Basically the perl script would read a null share read only file share to find out what needed to be delivered to a specific machine and then went to another share with a copy of the software package to install and ran the install batch file (this could easily be keyed by AD/AM or AD attributes now now to keep the info together, didn't have that option with NT4). You could compile this and make it into a service or you could use srvany to make it run as a perl script directly as a service. The package was a simple batch file that had all the commands that needed to be run and it logged everything to another share on the server so it was all recorded. There was a simple web interface to queue up jobs, it simply listed what could be deployed and listed which machines to deploy too, you could also manually type in the machine. In the end I believe we could specify it by user as well if we wanted. The packages themselves were usually broken out of their native install packets and broken into reg updates and file updates, however we had several that were native installshield packages and we had made a few installshield packages as well. When the request went into the web system, it would record that it was queued and would warn the software inventory system so we could track it later that way too. It ran in whatever context the service ran in or it could be fired as a logon script as well to run as users. If you don't want to pay for something because it sucks or because it just doesn't do things in a way that suits your model, writing a simple scripted tool to do this stuff usually isn't rocket science. It is much easier to build a simple system for yourself than it is to build a generic system that would work for anyone. So people who look at say an SMS and say, we couldn't build something like that are right. You can't. But you could build something you can use that will be tailored to you and probably more to your liking. You just have to continue to support it. That support part scares people too. However I have written many scripts back in the 90's that are still used daily today. I just chatted with some friends about some scripts I wrote back in 2001 or so that were supposed to be short term scripts until a better solution came along and they have run so well, they became the solution. If you aren't a scripter, become one. It can really help. I recommend perl, it hasn't done me wrong. The difficult it makes easy, the impossible it simply makes difficult. Oh, another thing to look at is CPAU on www.joeware.net. It is like runas but will let you encode (and I mean encode, not encrypt) a JOB file with a userid and password so that you can run it in a logon script and get enhanced rights. Make sure you read up on the use of the -profile switch when using it that way. It was designed to give you network credentials by default, I always hated typing /NETONLY in runas when I wrote it and one of the big reasons I wrote it. I got pinged by Novell some time ago because they wanted to list this tool in their useful tools for admins section of some
RE: [ActiveDir] Redirecting PC's into the proper OU
There are two additional options for you: 1) If you are sysprepping your machines (or using an unattended answer file) XP supports a new parameter, MachineObjectOU, which you can put into the script. 2) *** I HAVE POSTED A CUSTOM TOOL *** that you can use… it’s raw but quite functional and easy to tweak to your needs: http://intelliem.editme.com/depjoindomain Enjoy Dan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Friday, July 22, 2005 11:59 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Redirecting PC's into the proper OU You can change the default location (with redircomp), but it's a default, not something that can be unique per computer. If you want to be able to create computer accounts in varying OU's then it's something you'll either have to script (such as with netdom /join /ou) or you could pre-create the accounts in the proper OU's. Or you can be stuck doing it manually. :) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of P West Sent: Friday, July 22, 2005 1:48 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Redirecting PC's into the proper OU I know you can redirect computer account to a specified OU, using redircomp. But what if you have multiple Ou's and want the pc to be added to the proper OU with some sort of logic. Does this not exist or is this something that would need to be scripted? Am I stuck doing this manually? Thanks P west
RE: [ActiveDir] OT: empty network neighborhood
Going back to one of my problems that was highlighted to me as an error, do you have computer descriptions set that are over 42 characters, as this will hide any server from the DMB. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: 26 July 2005 14:27 To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: empty network neighborhood
The pecking order is based on the newest version of OS, and SP1 trumps (wins) over the Gold RTM of the OS. So, in this example, Win98 wins over Win95, Windows XP wins over Win98, and Windows XP SP2 wins over all of the workstation OS's. BTW, SAMBA plays in this arena as well, but I don't recall off-hand where it falls in the precedence. Now, if you toss servers into the mix, Windows XP, by this rule, wins over Windows 2000 Server. However, it's considered best practice to have designated servers (when available) to take the Browse Master / Backup roles. This would entail disabling Windows XP from being able to initiate an election or winning the election, thereby ensuring that Windows 2000 Server will win the roles. Registry keys are available to 'lock in' servers (or workstations, for that matter) into the roles. Regardless, this is a reasonable quick blurb on some quick fixes and resolves for typical problems. http://www.tek-tips.com/faqs.cfm?fid=3728 Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Tuesday, July 26, 2005 3:43 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Don't the old client OS's (like Win95) automatically try to be Browse Master? Do you have any old computers hooked up to the LAN? Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 2:08 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood That's what I was worried about. For some reason, no other workstations are showing up as backup browsers. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 2:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood each subnet should have 1 master browser. usually there should be 1 backup browser for every 15 pc's on the subnet. I believe you get the browse list when going to net neighborhood or doing a net view froma backup browser which in turn got it from the master browser. the only reason that pc became a master browser, I think, is because it is the most up to date(sp'ed,hot fixed) os on that subnet so it keeps wining browser elections. Thats my thought. i'd wait till someone more knowldgeble comes around before listening to me. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 2:05 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, I have can see server when I do a net view now. Here's what I did. I used browstat tic on that subnet to stop the master browser. Then I did a browstat el to force an election. That same computer became the master browser again, with no backup servers, but atleast now it list the servers when I do the net view. One last question, should there be any workstations listed as backup servers other than the machine that is the master browser? Thank you again for everyone's help. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:57 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Interesting, The reg value was already set on the computer that reports as the master browser on that subnet and browstat sta only list the one computer, no other computers are running as backups. I tried to force an election with browstat, but it didn't seem to do anything. Maybe I should see if I can reboot the machine in question. Any more ideas? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood N
RE: [ActiveDir] OT: empty network neighborhood
Don't the old client OS's (like Win95) automatically try to be Browse Master? Do you have any old computers hooked up to the LAN? Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 2:08 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood That's what I was worried about. For some reason, no other workstations are showing up as backup browsers. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 2:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood each subnet should have 1 master browser. usually there should be 1 backup browser for every 15 pc's on the subnet. I believe you get the browse list when going to net neighborhood or doing a net view froma backup browser which in turn got it from the master browser. the only reason that pc became a master browser, I think, is because it is the most up to date(sp'ed,hot fixed) os on that subnet so it keeps wining browser elections. Thats my thought. i'd wait till someone more knowldgeble comes around before listening to me. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 2:05 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, I have can see server when I do a net view now. Here's what I did. I used browstat tic on that subnet to stop the master browser. Then I did a browstat el to force an election. That same computer became the master browser again, with no backup servers, but atleast now it list the servers when I do the net view. One last question, should there be any workstations listed as backup servers other than the machine that is the master browser? Thank you again for everyone's help. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:57 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Interesting, The reg value was already set on the computer that reports as the master browser on that subnet and browstat sta only list the one computer, no other computers are running as backups. I tried to force an election with browstat, but it didn't seem to do anything. Maybe I should see if I can reboot the machine in question. Any more ideas? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Hav
RE: [ActiveDir] OT: empty network neighborhood
Yep - it should. (Key word here is SHOULD) However, the election process, if you look at all of the workstations on that subnet, is messy at best. And it seems that there are always two or three workstations that want to constantly fight over the roles and cause continual elections. The Browser process has not been, well - reliable for a long time. Think LAN Manager and single, non-routed networks. It works pretty well in that environment. Anything else - it's not exactly a confident means for users to find anything. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 2:08 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood There are no servers on this subnet and we do not allow broadcast across our routers. If that machine goes offline, shouldn't that just force an election? jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Tuesday, July 26, 2005 2:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Jason, Is the machine listed as the M-B a workstation or a server? Are there any servers on this subnet? What I'm getting at is workstations get shut off - servers typically don't. In the past I've disabled workstations from becoming master browsers to avoid just the problem you're seeing. However, if everything on this subnet (and I'm guessing you have B-Cast disabled across layer 3 devices) is a workstation, then that's probably not a good idea. ;-) Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:05 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, I have can see server when I do a net view now. Here's what I did. I used browstat tic on that subnet to stop the master browser. Then I did a browstat el to force an election. That same computer became the master browser again, with no backup servers, but atleast now it list the servers when I do the net view. One last question, should there be any workstations listed as backup servers other than the machine that is the master browser? Thank you again for everyone's help. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:57 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Interesting, The reg value was already set on the computer that reports as the master browser on that subnet and browstat sta only list the one computer, no other computers are running as backups. I tried to force an election with browstat, but it didn't seem to do anything. Maybe I should see if I can reboot the machine in question. Any more ideas? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network n
Re: [ActiveDir] generating signatures and remote desktop
Signatures like: Bob Smith Manager of Accounting Or signatures like digital certificates to sign/encrypt email with? Phil On 7/21/05, Peter Jakobsson <[EMAIL PROTECTED]> wrote: > hi all! > > 2 questions for you > > 1. is there a way to generate and distribute signatures for outlook 2003? > > 2. how do i enable remote desktop at my clients, i can´t seem to find that > specific gpo? > > regards jake > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] generating signatures and remote desktop
This may not be authoritative… I’m not at my system right now, but… 1) Computer Configuration / Admin Templates / Windows Components / Terminal Services / Allow users to connect remotely using Terminal Services a. My recollection is that this will enable RD on clients… 90% sure… 2) My recollection is that this is one of the many “core” features of MS Office that isn’t as easy as it should be, 10 years into the product suite. Check the O2K3 Resource Kit on MS’s web site. It’s possible that you can use an Office Profile Settings (OPS) file to distribute the signature, or an .oft. But I’m not sure… From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Jakobsson Sent: Thursday, July 21, 2005 6:50 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] generating signatures and remote desktop hi all! 2 questions for you 1. is there a way to generate and distribute signatures for outlook 2003? 2. how do i enable remote desktop at my clients, i can´t seem to find that specific gpo? regards jake
RE: [ActiveDir] OT: empty network neighborhood
make sure you really don't allow broadcasts across routers. cisco routers DO allow netbios broadcasts(tcp 137-39) across subnets if you have the ip-helper enabled for dhcp clients across subnets. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 3:08 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood There are no servers on this subnet and we do not allow broadcast across our routers. If that machine goes offline, shouldn't that just force an election? jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Tuesday, July 26, 2005 2:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Jason, Is the machine listed as the M-B a workstation or a server? Are there any servers on this subnet? What I'm getting at is workstations get shut off - servers typically don't. In the past I've disabled workstations from becoming master browsers to avoid just the problem you're seeing. However, if everything on this subnet (and I'm guessing you have B-Cast disabled across layer 3 devices) is a workstation, then that's probably not a good idea. ;-) Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:05 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, I have can see server when I do a net view now. Here's what I did. I used browstat tic on that subnet to stop the master browser. Then I did a browstat el to force an election. That same computer became the master browser again, with no backup servers, but atleast now it list the servers when I do the net view. One last question, should there be any workstations listed as backup servers other than the machine that is the master browser? Thank you again for everyone's help. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:57 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Interesting, The reg value was already set on the computer that reports as the master browser on that subnet and browstat sta only list the one computer, no other computers are running as backups. I tried to force an election with browstat, but it didn't seem to do anything. Maybe I should see if I can reboot the machine in question. Any more ideas? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PR
RE: [ActiveDir] OT: empty network neighborhood
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:57 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Interesting, The reg value was already set on the computer that reports as the master browser on that subnet and browstat sta only list the one computer, no other computers are running as backups. I tried to force an election with browstat, but it didn't seem to do anything. Maybe I should see if I can reboot the machine in question. Any more ideas? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: empty network neighborhood
That's what I was worried about. For some reason, no other workstations are showing up as backup browsers. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 2:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood each subnet should have 1 master browser. usually there should be 1 backup browser for every 15 pc's on the subnet. I believe you get the browse list when going to net neighborhood or doing a net view froma backup browser which in turn got it from the master browser. the only reason that pc became a master browser, I think, is because it is the most up to date(sp'ed,hot fixed) os on that subnet so it keeps wining browser elections. Thats my thought. i'd wait till someone more knowldgeble comes around before listening to me. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 2:05 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, I have can see server when I do a net view now. Here's what I did. I used browstat tic on that subnet to stop the master browser. Then I did a browstat el to force an election. That same computer became the master browser again, with no backup servers, but atleast now it list the servers when I do the net view. One last question, should there be any workstations listed as backup servers other than the machine that is the master browser? Thank you again for everyone's help. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:57 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Interesting, The reg value was already set on the computer that reports as the master browser on that subnet and browstat sta only list the one computer, no other computers are running as backups. I tried to force an election with browstat, but it didn't seem to do anything. Maybe I should see if I can reboot the machine in question. Any more ideas? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/Li
RE: [ActiveDir] OT: empty network neighborhood
There are no servers on this subnet and we do not allow broadcast across our routers. If that machine goes offline, shouldn't that just force an election? jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Tuesday, July 26, 2005 2:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Jason, Is the machine listed as the M-B a workstation or a server? Are there any servers on this subnet? What I'm getting at is workstations get shut off - servers typically don't. In the past I've disabled workstations from becoming master browsers to avoid just the problem you're seeing. However, if everything on this subnet (and I'm guessing you have B-Cast disabled across layer 3 devices) is a workstation, then that's probably not a good idea. ;-) Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:05 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, I have can see server when I do a net view now. Here's what I did. I used browstat tic on that subnet to stop the master browser. Then I did a browstat el to force an election. That same computer became the master browser again, with no backup servers, but atleast now it list the servers when I do the net view. One last question, should there be any workstations listed as backup servers other than the machine that is the master browser? Thank you again for everyone's help. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:57 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Interesting, The reg value was already set on the computer that reports as the master browser on that subnet and browstat sta only list the one computer, no other computers are running as backups. I tried to force an election with browstat, but it didn't seem to do anything. Maybe I should see if I can reboot the machine in question. Any more ideas? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://ww
RE: [ActiveDir] exchange/dhcp/multihoming question(OT)
Title: [ActiveDir] exchange/dhcp/multihoming question(OT) no. i screwed up. both nic's are on the same network with the same default gateway -Original Message-From: Al Mulnick [mailto:[EMAIL PROTECTED]On Behalf Of Al MulnickSent: Tuesday, July 26, 2005 2:10 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] exchange/dhcp/multihoming question(OT) Default settings to use any available nic most likely. Also, one of the nics shouldn't be on the same network nor should it have a default gateway defined. Is that how you had it setup? From: [EMAIL PROTECTED] on behalf of Kern, TomSent: Tue 7/26/2005 12:10 PMTo: ActiveDir (E-mail)Subject: [ActiveDir] exchange/dhcp/multihoming question(OT) I set up an exchange 2k3 server. it had 2 nics. one had a static addy, the other was dhcp(it got all the dns info from dhcp as well). the dhcp lease was set for 3 daysIn this setup, mail was stuck in the queues for hours. sometimes days, but eventually delivered.the moment i disabled the dhcp nic, mail started flowing normally.any idea why 2 nics(or dhcp) would cause this?i never saw any MS kb's about mlti homed exchange being a bad idea OR dhcp.thanksList info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: empty network neighborhood
each subnet should have 1 master browser. usually there should be 1 backup browser for every 15 pc's on the subnet. I believe you get the browse list when going to net neighborhood or doing a net view froma backup browser which in turn got it from the master browser. the only reason that pc became a master browser, I think, is because it is the most up to date(sp'ed,hot fixed) os on that subnet so it keeps wining browser elections. Thats my thought. i'd wait till someone more knowldgeble comes around before listening to me. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 2:05 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, I have can see server when I do a net view now. Here's what I did. I used browstat tic on that subnet to stop the master browser. Then I did a browstat el to force an election. That same computer became the master browser again, with no backup servers, but atleast now it list the servers when I do the net view. One last question, should there be any workstations listed as backup servers other than the machine that is the master browser? Thank you again for everyone's help. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:57 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Interesting, The reg value was already set on the computer that reports as the master browser on that subnet and browstat sta only list the one computer, no other computers are running as backups. I tried to force an election with browstat, but it didn't seem to do anything. Maybe I should see if I can reboot the machine in question. Any more ideas? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.act
RE: [ActiveDir] OT: empty network neighborhood
Jason, Is the machine listed as the M-B a workstation or a server? Are there any servers on this subnet? What I'm getting at is workstations get shut off - servers typically don't. In the past I've disabled workstations from becoming master browsers to avoid just the problem you're seeing. However, if everything on this subnet (and I'm guessing you have B-Cast disabled across layer 3 devices) is a workstation, then that's probably not a good idea. ;-) Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:05 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, I have can see server when I do a net view now. Here's what I did. I used browstat tic on that subnet to stop the master browser. Then I did a browstat el to force an election. That same computer became the master browser again, with no backup servers, but atleast now it list the servers when I do the net view. One last question, should there be any workstations listed as backup servers other than the machine that is the master browser? Thank you again for everyone's help. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:57 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Interesting, The reg value was already set on the computer that reports as the master browser on that subnet and browstat sta only list the one computer, no other computers are running as backups. I tried to force an election with browstat, but it didn't seem to do anything. Maybe I should see if I can reboot the machine in question. Any more ideas? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive:
RE: [ActiveDir] exchange/dhcp/multihoming question(OT)
Default settings to use any available nic most likely. Also, one of the nics shouldn't be on the same network nor should it have a default gateway defined. Is that how you had it setup? From: [EMAIL PROTECTED] on behalf of Kern, Tom Sent: Tue 7/26/2005 12:10 PM To: ActiveDir (E-mail) Subject: [ActiveDir] exchange/dhcp/multihoming question(OT) I set up an exchange 2k3 server. it had 2 nics. one had a static addy, the other was dhcp(it got all the dns info from dhcp as well). the dhcp lease was set for 3 days In this setup, mail was stuck in the queues for hours. sometimes days, but eventually delivered. the moment i disabled the dhcp nic, mail started flowing normally. any idea why 2 nics(or dhcp) would cause this? i never saw any MS kb's about mlti homed exchange being a bad idea OR dhcp. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ <>
RE: [ActiveDir] OT: Windows 2003 Cluster
Almost sounds like a cluster is not providing the benefits you were after. Not sure I can be of any help with the next piece. That is odd, but you might have a look at the TS servers and see if they're logging anything else. Same with the cluster to see if anything in the security logs. Might be to do with the hotfix? Al From: [EMAIL PROTECTED] on behalf of Bahta Nathaniel V Contr NASIC/SCNA Sent: Tue 7/26/2005 1:48 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Windows 2003 Cluster Well AL, so far I have figured out that the cluster account requires a 15 character or greater password without SP1 or the hotfix for it. So I changed the account password and restarted the services and both nodes are online. The only problem now is that I only see half the printers on the new node, and our shares are inaccessible from the cluster. I get a error when trying to log on as a regular user, not a admin, that states : YOU DO NOT HAVE PERMISSION TO ACCESS YOUR CENTRAL PROFILE LOCATED AT \\SERVERNAME\SHARE$\USERNAME. CONTACT YOUR NETWORK ADMINISTRATOR. It is a Userenv Source with an Event ID of 1000. So now everybody wants to know why they cant get their profiles and I am scrambling for an answer. Its not permissions, or share permissions, I have opened them wide open and I cant understand it because it only happens to regular users and only users of the Terminal Server enviroment. Today is a crazy day Nate From: Al Mulnick [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, July 25, 2005 2:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Windows 2003 Cluster I'm interested to hear how it works out. When I mentioned the HBA, I was thinking more along the lines of ensuring that there are no issues with the physical hba. When an HBA goes, symptoms are often strange and not expected. Same for the ports and switches between the hba and the SAN. Al From: [EMAIL PROTECTED] on behalf of Bahta Nathaniel V Contr NASIC/SCNA Sent: Mon 7/25/2005 1:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Windows 2003 Cluster Yes, I pulled up the config gui and read the config and compared the functioning node's config with the failing nodes config and they are identical. The HBA sees all assigned LUNS as well. I dont think it is a storage issue. I have been on the phone with Microsoft and they said it may be a security issue and for me to reset the cluster account passwords and recycle the services on both nodes, however I cannot do that until there is downtime allowable so probably will have to try that tonight or something. I dont understand their idea of it being a password issue though, because they had me log in as the cluster service account, but they said the DC's may have a different password in AD than the cluster nodes have in SCM. They said it doesnt make sense either but for me to try it. Nate From: Al Mulnick [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, July 25, 2005 12:08 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Windows 2003 Cluster Have you also verified that the HBA is functioning correctly? From: [EMAIL PROTECTED] on behalf of Bahta Nathaniel V Contr NASIC/SCNA Sent: Mon 7/25/2005 11:21 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Windows 2003 Cluster It had WMI access denied errors that entailed ripping apart the repository of the WMI database and since WMI was not starting the cluster could not read the WMI information and did not see the other node properly. I used the resetquorum switch which failed with a 1067 could not start service error at the command line. Our Microsoft Premier support call entailed doing everything I already did, and then they started researching (Google), so I told them I would keep troubleshooting, and for them to call me back when they think of something as well. I have confirmed that the WWN on the SAN is the WWN on the HBA that is in the failing node, and the configuration is in tact for that node. Nathaniel From: Al Mulnick [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, July 25, 2005 11:01 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Windows 2003 Cluster It's this that gives me the heartache: " The SAN still has the configuration data for the WWN of the node " In my experience, whenever troubleshooting always assume nothing is correct and troubleshoot accordingly. Those errors indicate that it cannot talk to the disk properly. It's possible that's because the other node owns it, however it is also possible that a configuration change has been made at some point. It pays to be suspicious of the configurat
RE: [ActiveDir] OT: empty network neighborhood
Ok, I have can see server when I do a net view now. Here's what I did. I used browstat tic on that subnet to stop the master browser. Then I did a browstat el to force an election. That same computer became the master browser again, with no backup servers, but atleast now it list the servers when I do the net view. One last question, should there be any workstations listed as backup servers other than the machine that is the master browser? Thank you again for everyone's help. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 1:57 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Interesting, The reg value was already set on the computer that reports as the master browser on that subnet and browstat sta only list the one computer, no other computers are running as backups. I tried to force an election with browstat, but it didn't seem to do anything. Maybe I should see if I can reboot the machine in question. Any more ideas? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: new job
Title: RE: [ActiveDir] OT: new job MS Engineers made a tool for Visio that queries the AD and creates a domain map, site map, and server map for AD. If you contact PSS they should be able to send a copy to you. Not sure what version they are on now. Todd From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 9:57 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: new job exuse my ignorance, but what is the "AD Mapper Tool" and where can I get it? Is this a part of Visio? Thanks and sorry for being so unaware. -Original Message- From: Myrick, Todd (NIH/CC/DNA) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 7:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: new job One thing we do is a Public Folder system. Each Server gets a PF, and an email address assigned to the server. I create a subfolder for alerts. The idea is when I make changes to the server, I will send an email to the team and cc the server PF in the message. If we are doing system wide maintenance, I cc the DL that has all the servers. I also setup alerts for each server to an alert PF. Basic stuff goes there, like memory, CPU, DISK and network IO issues. The idea is that we can track these issues and review back if necessary. I want to but haven’t done yet setting up a folder for security alerts on servers. On the domain, we track the account lockout events. I would like to eventually implement the security products for AD to tack changes. Architecture and Account Management procedures…. I use Visio diagrams, and the AD Mapper tool and any ITIL templates I can find. Todd From: Al Mulnick [mailto:[EMAIL PROTECTED] Sent: Monday, July 25, 2005 5:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: new job Great advice as usual. It's a usually thought of as a living document. Considering you have nothing today, it's best to start the ball rolling (so to speak) and get the basics in there. Just like a political office, it's up to the next person to decide what to do with it. In this case, they can also decide on additional content and formatting as needed. My un-asked for $0.04 :) From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Mon 7/25/2005 4:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: new job Processes and procedures are normally pretty formalized and are determined by committee (by those that are going to have to use and manage those who are going to use) the documents. I would say that if you poll 100 companies, you are going to get 100 different formalized documents. Given that you have nothing, and time is getting shorter by the day, decide on a format that you like, and produce. You've provided the info - let those that come behind you 'formalize' it in the format that they want. (I suspect it won't be changed, and you will be setting the standard...) Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kern, Tom Sent: Monday, July 25, 2005 3:40 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: new job Aside from notes and drafts and config dumps, is there any formal way people keep and maintain changes and documentation? Or is this all done "on the fly" kinda thing usually? Thanks -- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: empty network neighborhood
Interesting, The reg value was already set on the computer that reports as the master browser on that subnet and browstat sta only list the one computer, no other computers are running as backups. I tried to force an election with browstat, but it didn't seem to do anything. Maybe I should see if I can reboot the machine in question. Any more ideas? Thanks,jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Windows 2003 Cluster
Title: RE: [ActiveDir] OT: Windows 2003 Cluster Well AL, so far I have figured out that the cluster account requires a 15 character or greater password without SP1 or the hotfix for it. So I changed the account password and restarted the services and both nodes are online. The only problem now is that I only see half the printers on the new node, and our shares are inaccessible from the cluster. I get a error when trying to log on as a regular user, not a admin, that states : YOU DO NOT HAVE PERMISSION TO ACCESS YOUR CENTRAL PROFILE LOCATED AT \\SERVERNAME\SHARE$\USERNAME. CONTACT YOUR NETWORK ADMINISTRATOR. It is a Userenv Source with an Event ID of 1000. So now everybody wants to know why they cant get their profiles and I am scrambling for an answer. Its not permissions, or share permissions, I have opened them wide open and I cant understand it because it only happens to regular users and only users of the Terminal Server enviroment. Today is a crazy day Nate From: Al Mulnick [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Monday, July 25, 2005 2:40 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Windows 2003 Cluster I'm interested to hear how it works out. When I mentioned the HBA, I was thinking more along the lines of ensuring that there are no issues with the physical hba. When an HBA goes, symptoms are often strange and not expected. Same for the ports and switches between the hba and the SAN. Al From: [EMAIL PROTECTED] on behalf of Bahta Nathaniel V Contr NASIC/SCNASent: Mon 7/25/2005 1:10 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Windows 2003 Cluster Yes, I pulled up the config gui and read the config and compared the functioning node's config with the failing nodes config and they are identical. The HBA sees all assigned LUNS as well. I dont think it is a storage issue. I have been on the phone with Microsoft and they said it may be a security issue and for me to reset the cluster account passwords and recycle the services on both nodes, however I cannot do that until there is downtime allowable so probably will have to try that tonight or something. I dont understand their idea of it being a password issue though, because they had me log in as the cluster service account, but they said the DC's may have a different password in AD than the cluster nodes have in SCM. They said it doesnt make sense either but for me to try it. Nate From: Al Mulnick [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Monday, July 25, 2005 12:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Windows 2003 Cluster Have you also verified that the HBA is functioning correctly? From: [EMAIL PROTECTED] on behalf of Bahta Nathaniel V Contr NASIC/SCNASent: Mon 7/25/2005 11:21 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Windows 2003 Cluster It had WMI access denied errors that entailed ripping apart the repository of the WMI database and since WMI was not starting the cluster could not read the WMI information and did not see the other node properly. I used the resetquorum switch which failed with a 1067 could not start service error at the command line. Our Microsoft Premier support call entailed doing everything I already did, and then they started researching (Google), so I told them I would keep troubleshooting, and for them to call me back when they think of something as well. I have confirmed that the WWN on the SAN is the WWN on the HBA that is in the failing node, and the configuration is in tact for that node. Nathaniel From: Al Mulnick [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Monday, July 25, 2005 11:01 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Windows 2003 Cluster It's this that gives me the heartache: " The SAN still has the configuration data for the WWN of the node " In my experience, whenever troubleshooting always assume nothing is correct and troubleshoot accordingly. Those errors indicate that it cannot talk to the disk properly. It's possible that's because the other node owns it, however it is also possible that a configuration change has been made at some point. It pays to be suspicious of the configuration even if you think it has already been done a long time ago. It is not a static configuration and it's worth it to ensure that it is configured properly. After all, the other node failed for a reason right? I also assume that you used the -resetquorum etc switches (syntax) right? That looks suspiciously like a disk access error though. Something about not being able to read the disk which may also indicate a failure at a different level (HBA for example?) Out of curiousity, what was the failure that the node was exhibiting prior to rebuild? Al From: [EMAIL PROTECTED] on behalf of Bahta Nathaniel V Contr NASIC/SCNASent: Mo
RE: [ActiveDir] RILOE AD Integration
Title: Message Yup, we've done it. Before 1.8 it does require a schema mod. What you get are two different "custom" objects for the iLO cards that look pretty much like a quick-and-dirty mod of a standard user object. (Emphasis on dirty: they look like user objects to a couple of our reporting scripts.) Raymond's comment below cover what I know of the 1.8 version. Al Maurer Service Manager, Naming and Authentication Services IT | Information Technology Agilent Technologies (719) 590-2639; Telnet 590-2639 http://activedirectory.it.agilent.com -- A good plan today is better than a perfect plan tomorrow. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Rascher, RaymondSent: Thursday, July 21, 2005 3:37 PMTo: 'ActiveDir@mail.activedir.org'Subject: RE: [ActiveDir] RILOE AD Integration I understand that the schema less ILO's are limited in functionality opposed to the ILO w/schema extensions. Ex. Specify a group used for administration and live with it unless you want to touch each ILO and add an additional group vs. Schema ILO it would allow additional groups to be added and removed through AD and you would not need to touch the ILO's once they are joined to the domain. If you are going to use the ILO schema extensions to integrate ILO's you will also need to have certificates installed on your DC's for them to communicate properly over SSL Ray From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, BradSent: Wednesday, July 20, 2005 9:09 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] RILOE AD Integration My understanding is none whatsoever. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, NeilSent: Monday, July 18, 2005 5:11 PMTo: 'ActiveDir@mail.activedir.org'Subject: RE: [ActiveDir] RILOE AD Integration Does this mean 'no additional schema mods (above and beyond previous versions)' or ' no schema mods at all, even if you have yet to deploy any previous ILO schema mods' ? The latter would certainly be of interest. neil -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, BradSent: 15 July 2005 14:54To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] RILOE AD Integration And now for the actual link http://h18013.www1.hp.com/products/servers/management/iloadv/index.html From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis OuelletSent: Wednesday, July 06, 2005 1:05 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] RILOE AD Integration Hi, I used the ADUC with our iLO setup (~50 servers) a while ago and it was flawless. The schema extensions have not caused any issues at all with any upgrades we had to do (Exchange 2003 forestprep) I highly recommend them. Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian DesmondSent: July 5, 2005 8:27 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] RILOE AD Integration Anybody done the schema extensions to support HPQ iLO/RiLOE II integration with AD. I'm thinking about it. We're pushing out 50 380s with RiLOE II boards in the next four weeks to all over kingdom come. If you have, how's it work from the ilo standpoint? ADUC extensions work ok? --brian This message has been scanned for viruses by MailControl This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. ==Please access the attached hyperlink for an important electronic communications disclaimer: http://www.csfb.com/legal_terms/disclaimer_external_email.shtml==
RE: [ActiveDir] OT Allow users to edit Excel Spreadsheet at the same time
Just go in the tools menu and you'll have an option that say "share the spreadsheet" or something like that. Sorry if I don't have the exact wording, my excel is in French so I have to "translate" it. Hope this help. > -Message d'origine- > De : [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] De la part de Salandra, Justin A. > Envoyé : Tuesday, July 26, 2005 1:12 PM > À : ActiveDir@mail.activedir.org > Objet : [ActiveDir] OT Allow users to edit Excel Spreadsheet at the same > time > > I have a user that insists that her spreadsheet used to allow up to > three people to access it and edit it at the same time. Is this > possible and if it is how in the world do you configure it? > > Justin A. Salandra > MCSE Windows 2000 & 2003 > Network and Technology Services Manager > Catholic Healthcare System > 212.752.7300 - office > 917.455.0110 - cell > [EMAIL PROTECTED] > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT Allow users to edit Excel Spreadsheet at the same time
I figured it out, it was sharing the workbook under the TOOLS | SHARE WORKBOOK option. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Tuesday, July 26, 2005 1:12 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT Allow users to edit Excel Spreadsheet at the same time I have a user that insists that her spreadsheet used to allow up to three people to access it and edit it at the same time. Is this possible and if it is how in the world do you configure it? Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] OT Allow users to edit Excel Spreadsheet at the same time
I have a user that insists that her spreadsheet used to allow up to three people to access it and edit it at the same time. Is this possible and if it is how in the world do you configure it? Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: empty network neighborhood
Emphatically - PLEASE do not do this. One - it's not the cause of the problem. Two - you may as well not have the firewall active at this point. Those ports are the most common attack vectors. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hanumara, Rao Sent: Tuesday, July 26, 2005 9:20 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood I think it is the internal Firewall of XP with SP2. You may not have this problem with Windows 2000 workstations. You need to open Netbios ports in exception. Rao/.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 9:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] exchange/dhcp/multihoming question(OT)
I set up an exchange 2k3 server. it had 2 nics. one had a static addy, the other was dhcp(it got all the dns info from dhcp as well). the dhcp lease was set for 3 days In this setup, mail was stuck in the queues for hours. sometimes days, but eventually delivered. the moment i disabled the dhcp nic, mail started flowing normally. any idea why 2 nics(or dhcp) would cause this? i never saw any MS kb's about mlti homed exchange being a bad idea OR dhcp. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: empty network neighborhood
Here is a good article on troubleshooting the browser service: 188305 Troubleshooting the Microsoft Computer Browser Service http://support.microsoft.com/?id=188305 Thanks, -Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 26, 2005 9:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] OT: new job
ADMap; it is a tool that will give you a Visio output of some of your AD evironment (Sites, Domains, Trusts etc.). It is a great tool to help you document your AD environment. If you can't find it via Google, drop me a note and I'll get it to you. Phil On 7/26/05, Kern, Tom <[EMAIL PROTECTED]> wrote: > exuse my ignorance, but what is the "AD Mapper Tool" and where can I get it? > Is this a part of Visio? > > Thanks and sorry for being so unaware. > -Original Message- > From: Myrick, Todd (NIH/CC/DNA) [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 26, 2005 7:51 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] OT: new job > > > > > One thing we do is a Public Folder system. Each Server gets a PF, and an > email address assigned to the server. I create a subfolder for alerts. The > idea is when I make changes to the server, I will send an email to the team > and cc the server PF in the message. If we are doing system wide > maintenance, I cc the DL that has all the servers. I also setup alerts for > each server to an alert PF. Basic stuff goes there, like memory, CPU, DISK > and network IO issues. The idea is that we can track these issues and > review back if necessary. I want to but haven't done yet setting up a > folder for security alerts on servers. On the domain, we track the account > lockout events. I would like to eventually implement the security products > for AD to tack changes. > > > > Architecture and Account Management procedures…. I use Visio diagrams, and > the AD Mapper tool and any ITIL templates I can find. > > > > Todd > > > > > > From: Al Mulnick [mailto:[EMAIL PROTECTED] > Sent: Monday, July 25, 2005 5:38 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] OT: new job > > > > > Great advice as usual. It's a usually thought of as a living document. > Considering you have nothing today, it's best to start the ball rolling (so > to speak) and get the basics in there. Just like a political office, it's > up to the next person to decide what to do with it. In this case, they can > also decide on additional content and formatting as needed. > > > > > > My un-asked for $0.04 :) > > > > > > > > > > > > > From: [EMAIL PROTECTED] on behalf of Rick > Kingslan > Sent: Mon 7/25/2005 4:56 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] OT: new job > > > Processes and procedures are normally pretty formalized and are determined > by committee (by those that are going to have to use and manage those who > are going to use) the documents. > > I would say that if you poll 100 companies, you are going to get 100 > different formalized documents. > > Given that you have nothing, and time is getting shorter by the day, decide > on a format that you like, and produce. You've provided the info - let > those that come behind you 'formalize' it in the format that they want. > > (I suspect it won't be changed, and you will be setting the standard...) > > Rick > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Kern, Tom > Sent: Monday, July 25, 2005 3:40 PM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] OT: new job > > Aside from notes and drafts and config dumps, is there any formal way people > keep and maintain changes and documentation? > > Or is this all done "on the fly" kinda thing usually? > > > Thanks > -- > Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: empty network neighborhood
Go to that pc and open regedit and change the value of this key to "false"- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters this will stop that machine from trying tp participate in browser elections and become a master browser for your subnet. Also, before doing this, i would run browstat from the support tools on that machine to see if you get any more info or errors. -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:33 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] OT: empty network neighborhood Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: empty network neighborhood
Ok, browmon showed me which computer on that segment is the master browser. But I'm not sure what the next step would be. Thank you jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Tuesday, July 26, 2005 9:58 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: empty network neighborhood
Thank you, but we are not using the firewall internally on our network. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hanumara, Rao Sent: Tuesday, July 26, 2005 10:20 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: empty network neighborhood I think it is the internal Firewall of XP with SP2. You may not have this problem with Windows 2000 workstations. You need to open Netbios ports in exception. Rao/.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 9:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: empty network neighborhood
I think it is the internal Firewall of XP with SP2. You may not have this problem with Windows 2000 workstations. You need to open Netbios ports in exception. Rao/.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, July 26, 2005 9:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: empty network neighborhood
Network neighborhood relies on the browser service. From your description it sounds like you likely have a problem with the master browser for that segment. That being said tracking down these failures can be time consuming and difficult. I would suggest using browmon from the resource kit and trying to find out who the master browser is to start. Here is a description of how the browser service builds its lists: http://support.microsoft.com/default.aspx?scid=kb;en-us;188001 Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Tue 7/26/2005 8:27 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] OT: empty network neighborhood Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: new job
Title: RE: [ActiveDir] OT: new job exuse my ignorance, but what is the "AD Mapper Tool" and where can I get it? Is this a part of Visio? Thanks and sorry for being so unaware. -Original Message-From: Myrick, Todd (NIH/CC/DNA) [mailto:[EMAIL PROTECTED]Sent: Tuesday, July 26, 2005 7:51 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: new job One thing we do is a Public Folder system. Each Server gets a PF, and an email address assigned to the server. I create a subfolder for alerts. The idea is when I make changes to the server, I will send an email to the team and cc the server PF in the message. If we are doing system wide maintenance, I cc the DL that has all the servers. I also setup alerts for each server to an alert PF. Basic stuff goes there, like memory, CPU, DISK and network IO issues. The idea is that we can track these issues and review back if necessary. I want to but haven’t done yet setting up a folder for security alerts on servers. On the domain, we track the account lockout events. I would like to eventually implement the security products for AD to tack changes. Architecture and Account Management procedures…. I use Visio diagrams, and the AD Mapper tool and any ITIL templates I can find. Todd From: Al Mulnick [mailto:[EMAIL PROTECTED] Sent: Monday, July 25, 2005 5:38 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: new job Great advice as usual. It's a usually thought of as a living document. Considering you have nothing today, it's best to start the ball rolling (so to speak) and get the basics in there. Just like a political office, it's up to the next person to decide what to do with it. In this case, they can also decide on additional content and formatting as needed. My un-asked for $0.04 :) From: [EMAIL PROTECTED] on behalf of Rick KingslanSent: Mon 7/25/2005 4:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: new job Processes and procedures are normally pretty formalized and are determinedby committee (by those that are going to have to use and manage those whoare going to use) the documents.I would say that if you poll 100 companies, you are going to get 100different formalized documents.Given that you have nothing, and time is getting shorter by the day, decideon a format that you like, and produce. You've provided the info - letthose that come behind you 'formalize' it in the format that they want.(I suspect it won't be changed, and you will be setting the standard...)Rick-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Kern, TomSent: Monday, July 25, 2005 3:40 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: new jobAside from notes and drafts and config dumps, is there any formal way peoplekeep and maintain changes and documentation?Or is this all done "on the fly" kinda thing usually?Thanks--Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net)List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] OT: empty network neighborhood
Starting about a week ago, one of our subnets stopped being able to view any of the servers though network neighborhood. All of the servers are in a different subnet than the subnet with the problem. We only have one WINS server and the computer with problems are pointing to that server. The workstations can ping the servers by name and a start > run > \\servername works. These are all windows XP SP1 and SP2. Thanks,jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Disaster Recovery Training
You as an independant consultant can become a MS Partner and see if that would entitle you to be able to attend some of those courses. I don't think they are cheap though so they might not fit the bill for what you're looking for in that regard. https://partner.microsoft.com/global/3104 Phil On 7/25/05, Mark Parris <[EMAIL PROTECTED]> wrote: > I work independently, and where I used to work at a large bank, I am now > consulting for multiple organisations, so I have neither access to a premier > support contract or any Microsoft partner resources. > > So I have to scavenge courses where I can; I am always looking for the best > deals that money can buy. > > Mark > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf > Sent: 25 July 2005 20:38 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Disaster Recovery Training > > The MS courses you mention are often available to Partners as well > (not just customers with premier contracts) so you might want to check > into that if you are working for an MS Partner. > > That NetPro webinar looks good though, I'd definitely attend that. > > Phil > > On 7/25/05, Mark Parris <[EMAIL PROTECTED]> wrote: > > John and Sally are two of the best communicators in the business, I am > looking forward to pre-conference presentation at Novembers IT Forum. > > > > I wonder if this year we will confirm if Sally has legs as in all the > presentations, I have ever been to all I see is her head and torso behind > her demo boxes. > > > > As for the DR, I will explore this option. > > > > Many thanks, > > > > Mark > > > > > > -Original Message- > > From: "Grillenmeier, Guido" <[EMAIL PROTECTED]> > > Date: Mon, 25 Jul 2005 17:00:28 > > To: > > Subject: RE: [ActiveDir] Disaster Recovery Training > > > > thanks for the advertising Jorge - and I didn't even promise you any > > goodies :-) > > > > Mark, you might also want to have a look at John Craddock and Sally > > Storey's offering for a 1 day 400-level AD Disaster Recovery seminar: > > http://www.kimberry.co.uk/dotnetlectures/addr.aspx > > > > John and Sally are well known from various MS events (TechEd, ITforum > > etc) and offer these courses to everyone. While I'm sure they're not > > cheap, they're definitely worth the money - edjucational and > > entertaining at the same time. > > > > /Guido > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, > > Jorge de > > Sent: Montag, 25. Juli 2005 15:34 > > To: ActiveDir@mail.activedir.org; ActiveDir.org > > Subject: RE: [ActiveDir] Disaster Recovery Training > > > > also take a look at: > > Active Directory Disaster Recovery > > http://www.netpro.com/events/adrecovery/index.cfm > > NetPro and HP invite you to join Active Directory experts Gil > > Kirkpatrick, CTO at NetPro, and Guido Grillenmeier, Senior Consultant of > > Enterprise Microsoft Services at Hewlett Packard, as they discuss > > real-life disaster scenarios and share tips and techniques to help > > ensure that your business stays profitable in the midst of directory > > disruptions. > > Learn first-hand how to recognize and prevent possible disaster > > scenarios before they even occur. Discover new tools and techniques that > > help recover deleted objects while keeping your users online. Master > > such difficult tasks as group membership, security descriptor. and > > password recovery. And learn how to prevent disasters through proactive > > directory health management. Plus, Gil and Guido will be taking live > > questions from audience members to help you solve your own personal > > directory issues. > > > > Cheers > > #JORGE# > > > > > > > > From: [EMAIL PROTECTED] on behalf of Mark Parris > > Sent: Mon 7/25/2005 2:34 PM > > To: ActiveDir.org > > Subject: [ActiveDir] Disaster Recovery Training > > > > > > > > All, > > > > Does anyone know of a training provider that provides dedicated Active > > Directory\Exchange Disaster Recovery Training, I know Microsoft do, but > > these are closed courses for corporate customers who have a premier > > support contract. > > > > Regards > > > > Mark > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ: http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > This e-mail and any attachment is for authorised use by the intended > > recipient(s) only. It may contain proprietary material, confidential > > information and/or be subject to legal privilege. It should not be > > copied, disclosed to, retained or used by, any other party. If you are > > not an intended recipient then please promptly delete this e-mail and > > any attachment and all copies and inform the sender. Thank you. > > List info : http://www.activedir.org/List.aspx > > List FAQ: http://www.activedir.org/ListFAQ.aspx > >
RE: [ActiveDir] OT: new job
Title: RE: [ActiveDir] OT: new job One thing we do is a Public Folder system. Each Server gets a PF, and an email address assigned to the server. I create a subfolder for alerts. The idea is when I make changes to the server, I will send an email to the team and cc the server PF in the message. If we are doing system wide maintenance, I cc the DL that has all the servers. I also setup alerts for each server to an alert PF. Basic stuff goes there, like memory, CPU, DISK and network IO issues. The idea is that we can track these issues and review back if necessary. I want to but haven’t done yet setting up a folder for security alerts on servers. On the domain, we track the account lockout events. I would like to eventually implement the security products for AD to tack changes. Architecture and Account Management procedures…. I use Visio diagrams, and the AD Mapper tool and any ITIL templates I can find. Todd From: Al Mulnick [mailto:[EMAIL PROTECTED] Sent: Monday, July 25, 2005 5:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: new job Great advice as usual. It's a usually thought of as a living document. Considering you have nothing today, it's best to start the ball rolling (so to speak) and get the basics in there. Just like a political office, it's up to the next person to decide what to do with it. In this case, they can also decide on additional content and formatting as needed. My un-asked for $0.04 :) From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Mon 7/25/2005 4:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: new job Processes and procedures are normally pretty formalized and are determined by committee (by those that are going to have to use and manage those who are going to use) the documents. I would say that if you poll 100 companies, you are going to get 100 different formalized documents. Given that you have nothing, and time is getting shorter by the day, decide on a format that you like, and produce. You've provided the info - let those that come behind you 'formalize' it in the format that they want. (I suspect it won't be changed, and you will be setting the standard...) Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kern, Tom Sent: Monday, July 25, 2005 3:40 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: new job Aside from notes and drafts and config dumps, is there any formal way people keep and maintain changes and documentation? Or is this all done "on the fly" kinda thing usually? Thanks -- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Disaster Recovery Training
Just been to their expanding directory boundaries seminar and can confirm that she does indeed have legs :) :) :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: 25 July 2005 20:40 To: ActiveDir.org Subject: Re: [ActiveDir] Disaster Recovery Training John and Sally are two of the best communicators in the business, I am looking forward to pre-conference presentation at Novembers IT Forum. I wonder if this year we will confirm if Sally has legs as in all the presentations, I have ever been to all I see is her head and torso behind her demo boxes. As for the DR, I will explore this option. Many thanks, Mark -Original Message- From: "Grillenmeier, Guido" <[EMAIL PROTECTED]> Date: Mon, 25 Jul 2005 17:00:28 To: Subject: RE: [ActiveDir] Disaster Recovery Training thanks for the advertising Jorge - and I didn't even promise you any goodies :-) Mark, you might also want to have a look at John Craddock and Sally Storey's offering for a 1 day 400-level AD Disaster Recovery seminar: http://www.kimberry.co.uk/dotnetlectures/addr.aspx John and Sally are well known from various MS events (TechEd, ITforum etc) and offer these courses to everyone. While I'm sure they're not cheap, they're definitely worth the money - edjucational and entertaining at the same time. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Montag, 25. Juli 2005 15:34 To: ActiveDir@mail.activedir.org; ActiveDir.org Subject: RE: [ActiveDir] Disaster Recovery Training also take a look at: Active Directory Disaster Recovery http://www.netpro.com/events/adrecovery/index.cfm NetPro and HP invite you to join Active Directory experts Gil Kirkpatrick, CTO at NetPro, and Guido Grillenmeier, Senior Consultant of Enterprise Microsoft Services at Hewlett Packard, as they discuss real-life disaster scenarios and share tips and techniques to help ensure that your business stays profitable in the midst of directory disruptions. Learn first-hand how to recognize and prevent possible disaster scenarios before they even occur. Discover new tools and techniques that help recover deleted objects while keeping your users online. Master such difficult tasks as group membership, security descriptor. and password recovery. And learn how to prevent disasters through proactive directory health management. Plus, Gil and Guido will be taking live questions from audience members to help you solve your own personal directory issues. Cheers #JORGE# From: [EMAIL PROTECTED] on behalf of Mark Parris Sent: Mon 7/25/2005 2:34 PM To: ActiveDir.org Subject: [ActiveDir] Disaster Recovery Training All, Does anyone know of a training provider that provides dedicated Active Directory\Exchange Disaster Recovery Training, I know Microsoft do, but these are closed courses for corporate customers who have a premier support contract. Regards Mark List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/