[ActiveDir] "deleted server #xx" entrance in replmon status report
Hi, While I had my authentication problem I ran the status report in 'replmon' and the output was so far OK as my active DC are OK. but at the end of the report I got a list with entrances like: Partner Name: **DELETED SERVER #3 Partner GUID: 01DEFD24-B7E9-4CCF-B870-B8494547A014 USN: 2379932 in all the directory partitions (i.e. Directory Partition: CN=Configuration,DC=xx,DC=xx,DC=xx,DC=xx). Does anybody know where these entrance coming from? And can I get rid of them? If I display the attributes of the Meta-Data of our domain I get a lot of attributes like the following: The data below is for the object: DC=xx,DC=xx,DC=xx,DC=xx Attribute: auditingPolicy Local USN: 11963 Originating Server: **DELETED SERVER #20 USN on Orig Server: 1154 Version Number: 1 Last Written (Time): 6/24/2001 9:47:55 PM I really would like to know if this is causing problems in AD as sometimes I experience very wiered problems like user does not have permission he should have. Thanks for you help. Katrin Wilhelm (MCSA)CVGT Employment & Training SpecialistsAustraliaE-mail: [EMAIL PROTECTED] Confidentiality: The contents contain privileged and/or confidential information intended for the named recipient of this email. CVGT does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email is prohibited. If you receive this email in error, please reply to us immediately and delete the document.Viruses: It is the recipient/client's duties to virus scan and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect or error. Any loss/damage incurred by using this material is not the sender's responsibility. CVGTs entire liability will be limited to resupplying the material.Please contact us at www.cvgt.com.au for further information regarding this disclaimer.
[ActiveDir] Some User accounts dont have sAMAccountName
I have bugzilla Server running for my developers that authenticates against Active Directory. The LDAP search base for authentication is pointed to dc=company,dc=com and it pulls back the sAMAccountName record every user in company except for about 6 users. I’ve compared accounts that pull back the info I need to the ones that don’t and I’ve found no differences.. Thoughts? Thanks Mike
Re: [ActiveDir] AD related? not really...
Yes it encrypts the password ! I didn't see the password I entered into registry key mentioned in KB. -- KamleshOn 12/2/05, Mitch Reid <[EMAIL PROTECTED]> wrote: It claims it does although I have not verified it. I suppose you could check the registry referenced in: http://support.microsoft.com/?kbid=315231 On 12/1/05, AD <[EMAIL PROTECTED]> wrote: Thanks Mitch, Very interesting. The source code is different then the actual executable. I sending an email to the developer. Hopefully he will reply. You wouldn't know if it encrypts the password would you? Yves From: Mitch ReidSent: Thu 01/12/2005 10:57 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] AD related? not really... Sysinternals has a free utility that will automate the process: http://www.sysinternals.com/Utilities/Autologon.html On 12/1/05, AD <[EMAIL PROTECTED]> wrote: We have workstation that are not added to the domain and are configured to autologin. The username and password are duplicated on our domain which allows the local account to use network resources. We would like to join the workstation to the domain (to many advantages to explain why) and eliminate the local account and modify the autologin to use a domain username and password. This causes a problem as the username and password is stored in the registry as plain text. As anyone ever had to deal with this scenario? I have found the following articles (below) that describe that the Autologon password can either be plain text in the registry (Winlogon key) OR encrypted into a Local Security Authority (LSA) secret. Does anyone know to use these functions to encrypt the username and password in the registry? http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx (Autologon section) http://msdn.microsoft.com/library/default.asp?url=""> -- ~~~"Fortune and Love befriend the bold"~~~
RE: [ActiveDir] FSMO role transfer [going further OT...]
Lots of great stuff posted here, including a salary schedule that, for us folks in non-profits, would be enough for me to retire right now! What happens here, especially lately, is the person who was hired so I can offload stuff like printers, FAX servers, etc., so I can concentrate on our several email servers, gets laid off, so I get to do all that stuff again. Then, the fellow who was our AD/Windows Server guru quits of his own accord, and presto, I'm the new AD/Windows Server guy. Of course, I get a whopping zero percent pay increase to go with all this increased workload. I asked management to double it, and they did. Somehow, the figure did not increase. But, at least I'm becoming more and more valuable to the company. Unless we outsource everything or go bankrupt, that is. --Larry
Re: [ActiveDir] SBS Transition Pack installation experience?
And the documentation is on this side too is a bit sparse. In our SBS MVP ranks we've had one MVP go through it... below are his comments when we asked him to go over the experience... as most folks post in the SBS newsgroup and say "we're applying this" and we never hear back from them...they get sucked into this blackhole never to post again OK, here's what I found. Installed the Transition pack on SBS SP1 Premium (running SQL but not ISA). It churned for a while and rebooted twice. Note that you are warned all over the place that you'll have to reinstall all service packs after installing the transition pack. Towards the end of the install, I get a message box "Setup cannot continue because the version of Windows on your computer is newer than the version on the CD. Warning: If you decide to delete the newer version of Windows that is currently installed on your computer, the files and settings cannot be recovered. To exit, click Cancel. For more information, click Details. Clicking Details got me nowhere, so I clicked Cancel. I thought I was in trouble, and was ready to call PSS. I rebooted after clicking cancel, and much to my surprise, I get prompted that the transition pack was installed successfully. So now the box is in the "I think the transition pack is applied" state. I moved FSMO roles to another box without a problem (something you're only supposed to be able to do post transition pack). I moved Exchange and SQL each to their own box. I am also now running 2 DHCP servers in the environment, and the old SBS box seems to be stable. I'm not sure what else I can do to confirm that the transition pack is OK, but everything seems to be stable at this point. -- To add to that. yes the transition pack was applied successfuly...the way you check is attempt to disable license logging serivce and sbscore services. If those two services will shut off and stay off, you don't have a SBS box anymore. In this "no longer a SBS box" state, Remote Web Workplace and all the SBS wizards still work, there are just no guarantees that future patches/service packs will break things. I imagine if all you wanted to do was sucking life out of it...you could have FSMO transferred the AD to a "normal" Windows 2003 box and sucked that over too. [you know the seize ntdsutil thingy] [EMAIL PROTECTED] wrote: Hi, Anyone have experience/recommendations for applying the SBS Transition pack? We just got the software and the admin who received it says the documentation is “sparse”. (Feel free to jump in, Susan J) The situation is that a recent acquisition is running SBS and we need to build a trust to their domain so that we can suck the life out of it…I mean, so that we can transition users and resources to the corporate domain. Thanks in advance, AL Al Maurer Service Manager, Naming and Authentication Services IT | Information Technology Agilent Technologies (719) 590-2639; Telnet 590-2639 http://activedirectory.it.agilent.com -- "Cry 'Havoc!' and let slip the dogs of war" - Anthony, in Julius Caesar III i. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer
The basic beta shell is available. Go to Microsoft.com/downloads and search on "monad" for the various downloads available, and pick the one appropriate for your system. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: Friday, December 02, 2005 9:23 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer I was about to mention that we missed that - I think we were looking at the roll-ups and chocolate fountains and I had no clue what it was :) So since I missed the presentation... is there a place where one can see MONAD now? i.e. is it just coming with E12, or is it to be in Vista? Or is it in Vista now? (I would check but my copy is not on the Net and needs to be activated and after 45 minutes on 3 different phone numbers at MS yesterday I got yet a 4th for MSDN tech support. I think I will reload and save myself some time!!) --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- "I love the smell of red herrings in the morning" - anonymous -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, December 01, 2005 8:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer I missed the whole MONAD (WHOA for short) presentation this year. I was outside yapping with Dean and Laura and Sean Deuby and Rich Milburn and a few others. The previous year they had showed how they were going to treat AD like a file system and allow you to CD through it and ditto for exchange and mailboxes and the registry and just about anything else that could be considered hierarchical but it sounds like a lot of that got pulled. I am really hoping the Exchange team a good job with the Exchange MONAD stuff. The WMI implementations[1] pretty much suck and it isn't even WMI's fault. I have fears though, again based on the chatter on EHLO. They seem to think that the MONAD way is the fat way in that if I want to find out the last logon time (or some other singular piece of info) on a mailbox I have to pull back all of the mailbox's info. This is great for a one mailbox thing, but if I need that piece of data for 200,000 mailboxes that is just a ton of wasted network bandwidth and time. The only way that makes sense is if you are writing the MONAD pieces to support GUI which displays that info and always needs all of it to give you an ESM like display that we have now. [1] I found yet another crappy thing in the Exchange WMI implementation this last year that I am still talking to MS about but have now been escalated to a manager who can probably tell me with more force that it is by design. If he does, I will simply publish the issue so everyone will be aware of it and do that for now on as I am tired of being told by the Exchange group that it is by design and then years later they end up fixing it because enough people have started to complain. I would rather get everyone on board up front early complaining if that is the only thing that is going to make Exch Dev listen. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Thursday, December 01, 2005 8:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer I gotta tell ya -- I just started vbscript-ing a few years ago (with great help from joe and Alain here) -- C# with .NET 2.0 just rocks (whether fat or not -- need to use those 64 bits for SOMETHING). Visual C# 2005 makes it a breeze...I'm looking forward to the managed classes for Exchange &etc. using monad as an iterative/RAD development environment. Interop is a PITA. With the C# 3.0 language enhancements, it can look an AWFUL lot like a monad script...(remember the "easy glide path" that Jeff Snover talked about at the Summit?) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, December 01, 2005 8:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer I concur. "Whoa" is a good description. If you are a programmer or mondo scripter, Monad will rock. I pity the poor batch file folks though. I mean, does anyone think that writing something that looks like a cross between korn shell, perl and .Net is intuitive? What it does provide, for those that take the time and have the skill set, is a much richer environment for creating command-line tools that those who don't want to learn how to write scripts can use with much greater effect. I predict class warfare between the script and script-no
RE: [ActiveDir] FSMO role transfer
Pita? Yes please, with some nice lamb and garlic sauce and... oh wait, now I get it hehe ;-) Rich -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, December 01, 2005 4:07 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FSMO role transfer PITA Rich... ;o) I will see if I can dig up the CMD file I used to use. It is just a couple of commands sent into NTDSUTIL. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: Thursday, December 01, 2005 9:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FSMO role transfer >...Why not one click?... If you script it all up, you can add a "one-click button" to a custom msc. Use input boxes for server names instead of passing them as parameters or hard-coding. Or better yet, put it into an hta and launch that from a button. I was curious to see, with all these posts, no one ponied up with a real script to help out all these folks who are 1) not scripters and 2) amazed that moving the roles could be that easy. (I would post one but I have not actually scripted this... it's not currently my job :) Rich --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- "I love the smell of red herrings in the morning" - anonymous -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Wednesday, November 30, 2005 3:47 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FSMO role transfer It can be. It's easily scripted. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Wednesday, November 30, 2005 4:39 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] FSMO role transfer That's my point. If this is .according to some of the threads on this, it is normal, regular, and part of a risk management process to just move these roles around, yes? Why not one click? Cace, Andrew wrote: > It is available in the AD snap-ins. In AD Domains & Trusts, you can > transfer the Domain Naming master by right-clicking the name of the snap-in > in tree-view and choosing Operations Master. In ADUC, right-click the name > of the domain and choose Operations Master to transfer the RID, PDC, and > Infrastructure masters. In the Schema Management snapin, you can transfer > the Schema master by right-clicking Active Directory Schema and choosing > Operations Master. > > Next question...Why isn't there a single place to click all of these? > > -Andrew > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA > aka Ebitz - SBS Rocks [MVP] > Sent: Wednesday, November 30, 2005 3:09 PM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] FSMO role transfer > > > > If the task is that trivial > If the benefit is so great > Why isn't it part of the AD snap ins as a one button task? > > instead> > > David Adner wrote: > >> I'm not debating the effort it takes to make the change. I'm saying I >> don't see the point in devoting whatever amount of effort it takes for >> something that's going to provide benefit only, IMO, an extremely rare >> case. And if that case happened, the corrective action is also a >> trivial process. And again, I'm not saying I don't see your point; I just >> > don't agree with it. > >> >> >>> -Original Message- >>> From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] On Behalf Of Bahta >>> Nathaniel V Contractor NASIC/SCNA >>> Sent: Wednesday, November 30, 2005 12:32 PM >>> To: ActiveDir@mail.activedir.org >>> Subject: RE: [ActiveDir] FSMO role transfer >>> >>> That process is trivial in itself. It does not take much to transfer >>> the roles before you conduct maintenance on a server. Why not do it? >>> It will save you cleaning up metadata after you seize a role of a >>> failed operations master. Sounds like a stitch in nine saves time >>> concept to me. I do not intend on taking every proactive measure >>> either, but when it comes to the small and quickly implemented >>> measures that could save plenty of time, I try to utilize all of them >>> available. >>> >>> Is that agreeable? >>> >>> Nathaniel Vincent Bahta >>> >>> -Original Message- >>> From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] On Behalf Of David Adner >>> Sent: Wednesday, November 30, 2005 1:24 PM >>> To: ActiveDir@mail.activedir.org >>> Subject: RE: [ActiveDir] FSMO role transfer >>> >>> Any proper maintenance plan has a backout plan and a recovery plan, >>> so I am preparing for the possibili
RE: [ActiveDir] Getting computer name from a username
Might not be applicable, but most of the management tools such as Altiris Deployment solution, SMS, Landesk etc. offer a find by last logged on option as well. It will bring up all computers that were last logged into by userx. Bob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Posted At: Thursday, December 01, 2005 4:05 PM Posted To: ActiveDirectory Conversation: [ActiveDir] Getting computer name from a username Subject: RE: [ActiveDir] Getting computer name from a username Not from AD. AD doesn't store that info. If you have logging enabled you could get it from AD event logs. Alternatively if you have WINS you may be able to look at the WINS DB and find the userid 03 record and then find another 03 record or 20 record or 00 record for the machine with the same IP address. Lots of assumptions there though... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shane De Jager Sent: Thursday, December 01, 2005 4:50 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Getting computer name from a username Hi, Is there a way you can tell which computer a user has logged onto just from his username? -- Shane De Jager Technical Developer INTERGAGE High-performance, updateable Web sites Switchboard +44 (0)845 456 1022 == www.intergage.co.uk [EMAIL PROTECTED] Are you aware of our referral scheme? Learn how you could profit personally from passing us leads. Click here to pass a referral: www.intergage.co.uk/referrals List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exporting Mailbox rights
You can look at http://www.lissware.net, volume 2, Sample 4.02 to 4.13 - WMIManageSD.Wsf (and associated sub-functions in the Functions folder). Syntax to use in red below (the script supports Filesystem, Share, ADObject with Extended Rights, Exchange Mailbox, Registry Key, WMI namespace). Microsoft (R) Windows Script Host Version 5.6Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Usage: WMIManageSD.Wsf [/FileSystem:value] [/Share:value] [/ADObject:value] [/E2KMailbox:value] [/E2KStore[+|-]] [/RegistryKey:value] [/WMINameSpace:value] [/ViewSD[+|-]] [/Owner:value] [/Group:value] [/SDControls:value] [/AddAce[+|-]] [/DelAce[+|-]] [/Trustee:value] [/ACEMask:value] [/ACEType:value] [/ACEFlags:value] [/ObjectType:value] [/InheritedObjectType:value] [/SACL[+|-]] [/Decipher[+|-]] [/ADSI[+|-]] [/SIDResolutionDC[+|-]] [/Machine:value] [/User:value] [/Password:value] Options: FileSystem : Get the security descriptor of the specified file or directory path.Share : Get the security descriptor of the specified share name.ADObject : Get the security descriptor of the specified distinguished name AD object.E2KMailbox : Get the security descriptor of the Exchange 2000 mailbox specified by AD user distinguished name.E2KStore : Specify if the security descriptor must come from the Exchange 2000 store.RegistryKey : Get the security descriptor of the specified registry key.WMINameSpace : Get the security descriptor of the specified WMI Name space.ViewSD : Decipher the security descriptor.Owner : Set the security descriptor owner.Group : Set the security descriptor group.SDControls : Set the security descriptor control flags.AddAce : Add a new ACE to the ACL.DelAce : Remove an existing ACE from the ACL.Trustee : Specify the ACE mask (granted user, group or machine account).ACEMask : Specify the ACE mask (granted rights).ACEType : Specify the ACE type (allow or deny the ACE mask).ACEFlags : Specify the ACE flags (ACE mask inheritance).ObjectType : Specify which object type, property set, or property an ACE refers to.InheritedObjectType : Specify the GUID of an object that will inherit the ACE.SACL : Manage the System ACL (auditing) (default=Discretionary ACL).Decipher : Decipher the security descriptor.ADSI : Retrieve the security descriptor with ADSI.SIDResolutionDC : Domain Controller to use for SID resolution.Machine : Determine the WMI system to connect to. (default=LocalHost)User : Determine the UserID to perform the remote connection. (default=none)Password : Determine the password to perform the remote connection. (default=none)Examples: >>Viewing Security descriptors ... >>Files and Folders --- WMIManageSD.Wsf /FileSystem:C:\MyDirectory /Decipher+ WMIManageSD.Wsf /FileSystem:C:\MyDirectory /Decipher+ /ADSI+ WMIManageSD.Wsf /FileSystem:C:\MyDirectory\MyFile.Txt /Decipher+ WMIManageSD.Wsf /FileSystem:C:\MyDirectory\MyFile.Txt /Decipher+ /ADSI+ >>Share --- WMIManageSD.Wsf /Share:MyDirectory /Decipher+ >>AD object --- WMIManageSD.Wsf /ADObject:"user;CN=MyUser,CN=Users,DC=LissWare,DC=Net" /Decipher+ WMIManageSD.Wsf /ADObject:"CN=MyUser,CN=Users,DC=LissWare,DC=Net" /Decipher+ /ADSI+ >>Exchange 2000 mailbox --- WMIManageSD.Wsf /E2KMailbox:"CN=MyUser,CN=Users,DC=LissWare,DC=Net" /Decipher+ WMIManageSD.Wsf /E2KMailbox:"CN=MyUser,CN=Users,DC=LissWare,DC=Net" /Decipher+ /ADSI+ WMIManageSD.Wsf /E2KMailbox:"CN=MyUser,CN=Users,DC=LissWare,DC=Net" /Decipher+ /E2KStore+ >>Registry WMIManageSD.Wsf /RegistryKey:HKLM\SOFTWARE\Microsoft /Decipher+ /ADSI+ >>WMI namespace --- WMIManageSD.Wsf /WMINameSpace:Root\CIMv2 /Decipher+ >>Adding ACE in Security descriptors ... >>Files (Rights) -- WMIManageSD.Wsf /FileSystem:C:\MyDirectory\MyFile.Txt /Trustee:LissWareNET\MyUser /ACEType:ACCESS_ALLOWED_ACE_TYPE /ACEMask:FILE_GENERIC_READ /ACEFlags:NONE /AddAce+ WMIManageSD.Wsf /FileSystem:C:\MyDirectory\MyFile.Txt /Trustee:BUILTIN\Administrators /ACEType:ACCESS_A
RE: [ActiveDir] Getting computer name from a username
Sounds interesting... I'd like to take a look at it TIA! Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike O'Sullivan Sent: Friday, December 02, 2005 8:22 AM To: [EMAIL PROTECTED]; ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Getting computer name from a username Since we dont use the webpage in the user account properties, we have a startup script that puts the username into the webpage properties. Wherever the user has logged in from, it will enter the computer name in the webpage box. It changes with each login. Let me know if you/anyone else is interested Mike O'Sullivan IT Expert College of Veterinary Medicine 352.392.4700x4343 >>> [EMAIL PROTECTED] 12/1/2005 4:49:39 AM >>> Hi, Is there a way you can tell which computer a user has logged onto just from his username? -- Shane De Jager Technical Developer INTERGAGE High-performance, updateable Web sites Switchboard +44 (0)845 456 1022 == www.intergage.co.uk [EMAIL PROTECTED] Are you aware of our referral scheme? Learn how you could profit personally from passing us leads. Click here to pass a referral: www.intergage.co.uk/referrals List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer
I was about to mention that we missed that - I think we were looking at the roll-ups and chocolate fountains and I had no clue what it was :) So since I missed the presentation... is there a place where one can see MONAD now? i.e. is it just coming with E12, or is it to be in Vista? Or is it in Vista now? (I would check but my copy is not on the Net and needs to be activated and after 45 minutes on 3 different phone numbers at MS yesterday I got yet a 4th for MSDN tech support. I think I will reload and save myself some time!!) --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- "I love the smell of red herrings in the morning" - anonymous -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, December 01, 2005 8:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer I missed the whole MONAD (WHOA for short) presentation this year. I was outside yapping with Dean and Laura and Sean Deuby and Rich Milburn and a few others. The previous year they had showed how they were going to treat AD like a file system and allow you to CD through it and ditto for exchange and mailboxes and the registry and just about anything else that could be considered hierarchical but it sounds like a lot of that got pulled. I am really hoping the Exchange team a good job with the Exchange MONAD stuff. The WMI implementations[1] pretty much suck and it isn't even WMI's fault. I have fears though, again based on the chatter on EHLO. They seem to think that the MONAD way is the fat way in that if I want to find out the last logon time (or some other singular piece of info) on a mailbox I have to pull back all of the mailbox's info. This is great for a one mailbox thing, but if I need that piece of data for 200,000 mailboxes that is just a ton of wasted network bandwidth and time. The only way that makes sense is if you are writing the MONAD pieces to support GUI which displays that info and always needs all of it to give you an ESM like display that we have now. [1] I found yet another crappy thing in the Exchange WMI implementation this last year that I am still talking to MS about but have now been escalated to a manager who can probably tell me with more force that it is by design. If he does, I will simply publish the issue so everyone will be aware of it and do that for now on as I am tired of being told by the Exchange group that it is by design and then years later they end up fixing it because enough people have started to complain. I would rather get everyone on board up front early complaining if that is the only thing that is going to make Exch Dev listen. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Thursday, December 01, 2005 8:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer I gotta tell ya -- I just started vbscript-ing a few years ago (with great help from joe and Alain here) -- C# with .NET 2.0 just rocks (whether fat or not -- need to use those 64 bits for SOMETHING). Visual C# 2005 makes it a breeze...I'm looking forward to the managed classes for Exchange &etc. using monad as an iterative/RAD development environment. Interop is a PITA. With the C# 3.0 language enhancements, it can look an AWFUL lot like a monad script...(remember the "easy glide path" that Jeff Snover talked about at the Summit?) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, December 01, 2005 8:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer I concur. "Whoa" is a good description. If you are a programmer or mondo scripter, Monad will rock. I pity the poor batch file folks though. I mean, does anyone think that writing something that looks like a cross between korn shell, perl and .Net is intuitive? What it does provide, for those that take the time and have the skill set, is a much richer environment for creating command-line tools that those who don't want to learn how to write scripts can use with much greater effect. I predict class warfare between the script and script-nots :-). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Thursday, December 01, 2005 5:14 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer ... so in the demo I saw the guy was calculating the number of days between then and 12/31/2005. As I was watching him do all thes
[ActiveDir] SBS Transition Pack installation experience?
Hi, Anyone have experience/recommendations for applying the SBS Transition pack? We just got the software and the admin who received it says the documentation is “sparse”. (Feel free to jump in, Susan J) The situation is that a recent acquisition is running SBS and we need to build a trust to their domain so that we can suck the life out of it…I mean, so that we can transition users and resources to the corporate domain. Thanks in advance, AL Al Maurer Service Manager, Naming and Authentication Services IT | Information Technology Agilent Technologies (719) 590-2639; Telnet 590-2639 http://activedirectory.it.agilent.com -- "Cry 'Havoc!' and let slip the dogs of war" - Anthony, in Julius Caesar III i.
RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer
In re:[1] - I found an issue with OWA that I complained about in Exchange 2003 RTM, filed a DCR on - got refused - and then found it was fixed in sp2 - because of a change that an MS competitor had made to their software. BAH. I don't know how they've implemented it, but I discussed the fat reply issue in Monad with Snover and he claims it is a non-issue. While it "appears" that text is being returned, that's just because Monad is smart enough to understand its output medium and that what gets returned from most queries is actually a reference to an object. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, December 01, 2005 9:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer I missed the whole MONAD (WHOA for short) presentation this year. I was outside yapping with Dean and Laura and Sean Deuby and Rich Milburn and a few others. The previous year they had showed how they were going to treat AD like a file system and allow you to CD through it and ditto for exchange and mailboxes and the registry and just about anything else that could be considered hierarchical but it sounds like a lot of that got pulled. I am really hoping the Exchange team a good job with the Exchange MONAD stuff. The WMI implementations[1] pretty much suck and it isn't even WMI's fault. I have fears though, again based on the chatter on EHLO. They seem to think that the MONAD way is the fat way in that if I want to find out the last logon time (or some other singular piece of info) on a mailbox I have to pull back all of the mailbox's info. This is great for a one mailbox thing, but if I need that piece of data for 200,000 mailboxes that is just a ton of wasted network bandwidth and time. The only way that makes sense is if you are writing the MONAD pieces to support GUI which displays that info and always needs all of it to give you an ESM like display that we have now. [1] I found yet another crappy thing in the Exchange WMI implementation this last year that I am still talking to MS about but have now been escalated to a manager who can probably tell me with more force that it is by design. If he does, I will simply publish the issue so everyone will be aware of it and do that for now on as I am tired of being told by the Exchange group that it is by design and then years later they end up fixing it because enough people have started to complain. I would rather get everyone on board up front early complaining if that is the only thing that is going to make Exch Dev listen. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Thursday, December 01, 2005 8:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer I gotta tell ya -- I just started vbscript-ing a few years ago (with great help from joe and Alain here) -- C# with .NET 2.0 just rocks (whether fat or not -- need to use those 64 bits for SOMETHING). Visual C# 2005 makes it a breeze...I'm looking forward to the managed classes for Exchange &etc. using monad as an iterative/RAD development environment. Interop is a PITA. With the C# 3.0 language enhancements, it can look an AWFUL lot like a monad script...(remember the "easy glide path" that Jeff Snover talked about at the Summit?) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, December 01, 2005 8:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer I concur. "Whoa" is a good description. If you are a programmer or mondo scripter, Monad will rock. I pity the poor batch file folks though. I mean, does anyone think that writing something that looks like a cross between korn shell, perl and .Net is intuitive? What it does provide, for those that take the time and have the skill set, is a much richer environment for creating command-line tools that those who don't want to learn how to write scripts can use with much greater effect. I predict class warfare between the script and script-nots :-). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Thursday, December 01, 2005 5:14 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Scripting/WMI/MONAD - was FSMO role transfer ... so in the demo I saw the guy was calculating the number of days between then and 12/31/2005. As I was watching him do all these command lines... I'm thinkin' in my beancounter side of my brain... you know.. my cell phone has a calculator and I could have figured that number out in half that time :-) What I'm looking forward to it for is that Exchange will have it and all the lovely people that write wizards and tools and scripts and buttons can use the power of it. But yeah... it
Re: [ActiveDir] Getting computer name from a username
Since we dont use the webpage in the user account properties, we have a startup script that puts the username into the webpage properties. Wherever the user has logged in from, it will enter the computer name in the webpage box. It changes with each login. Let me know if you/anyone else is interested Mike O'Sullivan IT Expert College of Veterinary Medicine 352.392.4700x4343 >>> [EMAIL PROTECTED] 12/1/2005 4:49:39 AM >>> Hi, Is there a way you can tell which computer a user has logged onto just from his username? -- Shane De Jager Technical Developer INTERGAGE High-performance, updateable Web sites Switchboard +44 (0)845 456 1022 == www.intergage.co.uk [EMAIL PROTECTED] Are you aware of our referral scheme? Learn how you could profit personally from passing us leads. Click here to pass a referral: www.intergage.co.uk/referrals List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Exporting Mailbox rights
Hi everyone, Thankyou everyone for your responses to my other post, everything went smoothly. I am looking for a way to export Exchange 2003 Mailbox Permission access to a .csv or .txt for all mailboxes in active directory Does anyone know of a script or tool which will give me the same information as the Exchange Advanced Tab > Mailbox Rights for all users and groups. I want to view the mailboxes to see who has access to what. Kind Regards, Amy ;-) How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos
RE: re[2]: [ActiveDir] Getting computer name from a username
This is a bit of an old way of doing things, but if the client machines are running the messenger service and they're registering with WINS, it'll register the userid into the WINS database with the IP address of the machine they've logged onto. If not, I'd do the scripting thing - but send it to a database Travis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Freddy HARTONO Sent: 01 December 2005 14:17 To: ActiveDir@mail.activedir.org Subject: RE: re[2]: [ActiveDir] Getting computer name from a username Importance: Low Hi Shane Ah you are looking the other way round, sorry not aware of anything is stored in the ad on this info. You could though on a stupid workaround method, create a simple batch file - attach it to all users via gpo logonscript - things like below @echo off Echo [%date% %time%]: [EMAIL PROTECTED] logged on >> \\yourdomain.com\netlogon\pclist.txt Run it in a week and you have that list of users..again this isnt something fun to be done.. Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shane De Jager Sent: Thursday, December 01, 2005 12:08 PM To: ActiveDir@mail.activedir.org Subject: re[2]: [ActiveDir] Getting computer name from a username > nt\currentversion\winlogon" /v defaultusername < Thats not exactly what I was looking for. I have no idea what the computer name the user has logged onto. Can you get this from his username? -- Shane De Jager Technical Developer INTERGAGE High-performance, updateable Web sites Switchboard +44 (0)845 456 1022 == www.intergage.co.uk [EMAIL PROTECTED] Are you aware of our referral scheme? Learn how you could profit personally from passing us leads. Click here to pass a referral: www.intergage.co.uk/referrals List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message has been scanned for viruses by MailControl - (see http://bluepages.wsatkins.co.uk/?4318150) This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/