RE: [ActiveDir] 2003AD - 2000AD Trust with LMHOST?
Thanks Rick! Yeah last week post was about the usefulness of netbios in trust, this time is really the other way - the usefulness of dns in trust :) Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Monday, August 29, 2005 12:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003AD - 2000AD Trust with LMHOST? Are you talking about external trusts? If so, then yes. You would follow the same procedures as you would for a win2x to Nt 4.0. You'll need to specify the #DOM, #PRE to get the 1B, 1C records loaded. As we discussed a few weeks ago, this is the rather archaic method to do it, but if you don't have access to the WINS or DNS - you don't have much other options left to choice. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, August 28, 2005 10:57 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003AD - 2000AD Trust with LMHOST? Havent been able to find much answers via googling unfortunately :-( I know 2000/2003 - NT4 trust creation can be done via LMHOST/WINS but can 2003 AD - 2000 AD trust creation be done via resolutions provided by LMHOSTs only? Reason being DNS is really out of my control (handled by another team), so conditional forwarding/stub zones are out of the way. Thanks lots! Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003AD - 2000AD Trust with LMHOST?
Are you talking about external trusts? If so, then yes. You would follow the same procedures as you would for a win2x to Nt 4.0. You'll need to specify the #DOM, #PRE to get the 1B, 1C records loaded. As we discussed a few weeks ago, this is the rather archaic method to do it, but if you don't have access to the WINS or DNS - you don't have much other options left to choice. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, August 28, 2005 10:57 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003AD - 2000AD Trust with LMHOST? Havent been able to find much answers via googling unfortunately :-( I know 2000/2003 - NT4 trust creation can be done via LMHOST/WINS but can 2003 AD - 2000 AD trust creation be done via resolutions provided by LMHOSTs only? Reason being DNS is really out of my control (handled by another team), so conditional forwarding/stub zones are out of the way. Thanks lots! Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Infrastucture Master and adprep /domainprep
Heavy German accent? I suspect that it was Andreas Luther (and looks nothing like Guido) And - it might have been DEC as Andreas was there for the Identity Management (read:MIIS) portion of the conference. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hunter, Laura E. Sent: Sunday, August 28, 2005 7:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Infrastucture Master and adprep /domainprep Oddly enough, this exact topic came up in a dinner conversation at Tech Ed this year.[1] Luther...oh heck somebody remind me of his last name...had apparently quizzed people with this one at a previous conference (DEC?), only to utimately reveal that the answer was "You know how people always ask you what the IM FSMO does? Well, now you can tell them that it's responsible for running /domainprep." [1] Please hold the jokes about having dinner conversations about Active Directory internals until the end, please. :-) > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray > > Sent: Sunday, August 28, 2005 7:36 PM > > To: ActiveDir@mail.activedir.org > > Subject: [ActiveDir] Infrastucture Master and adprep /domainprep > > > > Hi all > > > > Does anyone know why the documentation suggests that adprep > > /domainprep be run on the DC holding the IM FSMO role? I heard a > > rumour to the effect that it was only because that DC is > likely to be > > less busy than the other DCs, but I'd like to know for sure. > > > > Tony > > > > > > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] 2003AD - 2000AD Trust with LMHOST?
Havent been able to find much answers via googling unfortunately :-( I know 2000/2003 - NT4 trust creation can be done via LMHOST/WINS but can 2003 AD - 2000 AD trust creation be done via resolutions provided by LMHOSTs only? Reason being DNS is really out of my control (handled by another team), so conditional forwarding/stub zones are out of the way. Thanks lots! Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Infrastucture Master and adprep /domainprep
The end? Which end? Whose end? End of Inquiring minds want to know. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hunter, Laura E. Sent: Sunday, August 28, 2005 8:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Infrastucture Master and adprep /domainprep Oddly enough, this exact topic came up in a dinner conversation at Tech Ed this year.[1] Luther...oh heck somebody remind me of his last name...had apparently quizzed people with this one at a previous conference (DEC?), only to utimately reveal that the answer was "You know how people always ask you what the IM FSMO does? Well, now you can tell them that it's responsible for running /domainprep." [1] Please hold the jokes about having dinner conversations about Active Directory internals until the end, please. :-) > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray > > Sent: Sunday, August 28, 2005 7:36 PM > > To: ActiveDir@mail.activedir.org > > Subject: [ActiveDir] Infrastucture Master and adprep /domainprep > > > > Hi all > > > > Does anyone know why the documentation suggests that adprep > > /domainprep be run on the DC holding the IM FSMO role? I heard a > > rumour to the effect that it was only because that DC is > likely to be > > less busy than the other DCs, but I'd like to know for sure. > > > > Tony > > > > > > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Infrastucture Master and adprep /domainprep
Oddly enough, this exact topic came up in a dinner conversation at Tech Ed this year.[1] Luther...oh heck somebody remind me of his last name...had apparently quizzed people with this one at a previous conference (DEC?), only to utimately reveal that the answer was "You know how people always ask you what the IM FSMO does? Well, now you can tell them that it's responsible for running /domainprep." [1] Please hold the jokes about having dinner conversations about Active Directory internals until the end, please. :-) > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray > > Sent: Sunday, August 28, 2005 7:36 PM > > To: ActiveDir@mail.activedir.org > > Subject: [ActiveDir] Infrastucture Master and adprep /domainprep > > > > Hi all > > > > Does anyone know why the documentation suggests that adprep > > /domainprep be run on the DC holding the IM FSMO role? I heard a > > rumour to the effect that it was only because that DC is > likely to be > > less busy than the other DCs, but I'd like to know for sure. > > > > Tony > > > > > > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SUS & Active Directory
Return Receipt Your document: RE: [ActiveDir] SUS & Active Directory was received by: Brad W Johnson/CORP/GSK at: 08/28/2005 07:39:54 PM
[ActiveDir] Infrastucture Master and adprep /domainprep
Hi all Does anyone know why the documentation suggests that adprep /domainprep be run on the DC holding the IM FSMO role? I heard a rumour to the effect that it was only because that DC is likely to be less busy than the other DCs, but I'd like to know for sure. Tony
RE: FW: [Fwd: RE: [ActiveDir] Password policy change]
Yep - I've been through this just of late. If the Change at next logon is set, IIS doesn't have that level of function to allow this to take palce through the current functions. Rick -- Posting is provided "AS IS", and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Saturday, August 27, 2005 5:04 PM To: ActiveDir@mail.activedir.org Subject: Re: FW: [Fwd: RE: [ActiveDir] Password policy change] Yes that enables the password change functionality through OWA, but I don't believe that will help this particular situation. When you set the User Must Change Password at Next Logon bit then logon to OWA I don't think OWA will dump you to a password change screen. That Password Change screen is only something you can access once in OWA as far as I know. To address the question about password expiry and OWA users, when you log in with OWA it will tell you that your password is getting close to expiring so it gives you a heads up that you need to change your password soon, whether that is through the IIS Password change tool or some other password change facility. Phil On 8/27/05, joe <[EMAIL PROTECTED]> wrote: > >From a "shy" lurker MVP > > It appears it is something you can enable. It isn't strictly part of OWA but > the old IIS Password change tool. I recall there being issues with that tool > and that is why they stopped enabling it by default but can't recall what > they were this late at night or this early in the morning whatever it may > be. ;o) > > Thanks for the assist Mom. :) > > > > -Original Message- > Sent: Saturday, August 27, 2005 2:24 AM > To: [EMAIL PROTECTED] > Subject: [Fwd: RE: [ActiveDir] Password policy change] > > http://www.petri.co.il/enable_password_changing_through_owa_in_exchange_2003 > .htm > > > Original Message > Subject:RE: [ActiveDir] Password policy change > Date: Sat, 27 Aug 2005 02:16:14 -0400 > From: joe <[EMAIL PROTECTED]> > Reply-To: ActiveDir@mail.activedir.org > To: > > > > Yep, OWA is Outlook Web Access. If you haven't seen it, it is gorgeous in > Exchange 2003. It looks almost exactly like Outlook. Unfortunately, if your > password is expired (forced or otherwise) you aren't getting into OWA. I > also don't believe it has a password change function if you just want to go > and change it, but that could be something that could be enabled. > Alternatively you set up another web page to do it. > > As for the OPs original issue. It all comes down to implementation. You told > the system to not allow people to change the password if the password age > was less than one day and then were confused when it did exactly that. The > reason for it is that there is one attribute for password age, pwdLastSet, > and it doesn't distinguish between a helpdesk set operation or a normal > password change, they are both password changes and you only want one day > between every change. The proper way to handle that case is to force the > user's to change their password on next logon (which sets the pwdLastSet to > 0), but as you know, that will kill OWA users. So you either need another > process to follow for OWA only users, install some third party or custom > inhouse tool, or drop the minimum password aging. > > joe > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of SysPro Support > Sent: Saturday, August 27, 2005 12:09 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Password policy change > > Your right Aaron, I didn't know what it meant.! > > I am not an outlook sort of person (we use Notes...), but the inferred > statement surprises me. It suggests that if the "must change password" is > set, you can't logon to Outlook Web Access. > > This would suggest that forcing users to change password after (say) 28 days > is also a no-no. > > And, it would also suggest that Outlook Web Access won't let you change your > password. If it did, it would surely allow you to logon, then require you to > change the password before you do anything.. > > This all seems unlikely, given Microsoft's recommended use of forcing > password changes on a regular basis and forcing users to change a password > when a new user is created. > > If it is all true, maybe you have to provide some way that the users can go > to a Citrix portal and change their password there, then go back and use > Outlook Web Access. > > Alan Cuthbertson > > > Policy Management Software:- > http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml > ADM Template Editor:- > http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml > Policy Log Reporter(Free) > http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml > > > > > - Original Message - > From: "Aaron Visser" <[EMAIL PROTECTED]> > To: > Sent: Saturday, August 27, 2005 8:59 AM