RE: [ActiveDir] Active Directory Health Scripts?
The Windows Server 2003 Active Directory Branch Office Guide contains some Quality Assurance Health Check Scripts http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112displaylang=en Cheers, Jorge From: [EMAIL PROTECTED] on behalf of Matt Brown Sent: Fri 12/23/2005 1:32 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Active Directory Health Scripts? Hi, wondering if anybody has written any scripts using the free tools to monitor the health of Active Directory? I was thinking about writing a python script to run DCDiag and check the output for any failures and when found shoot me an email to let me know... maybe something with repadmin, etc. Thanks, -- Matt Brown [ SELECT * FROM IT WHERE EyeContact=True ] Information Technology System Specialist Eastern Washington University This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. winmail.dat
[ActiveDir] Display Specifier + Command Variables
Hi all, I am working on setting up FTP in AD Isolation mode. I have written a batch file that I run to enable a user on the FTP server, I would like to change this so that I can just right click on a user in AD Users Computers to do this, I have made the modification to the display specifier to call the batch file, however, it is not passing what I want, does anybody know if/what the variable is for the CN of the user, or would it be just as easy to script this with VB instead? If so, does anybody already have a script or a model that can be used for this? Thanks - Marc List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE : [ActiveDir] Display Specifier + Command Varia bles
Hello, Take a look at the Sakari Kouti's web site http://www.kouti.com/scripts.htm , in the Bonus Material section, you have an example (employeeid.vbs)on how to do this. As stated Jorge earlier, merry christmas to all of you ! :) Yann De: [EMAIL PROTECTED] de la part de Marc A. Mapplebeck Date: ven. 23/12/2005 15:59 À: ActiveDir@mail.activedir.org Objet : [ActiveDir] Display Specifier + Command Variables Hi all, I am working on setting up FTP in AD Isolation mode. I have written a batch file that I run to enable a user on the FTP server, I would like to change this so that I can just right click on a user in AD Users Computers to do this, I have made the modification to the display specifier to call the batch file, however, it is not passing what I want, does anybody know if/what the variable is for the CN of the user, or would it be just as easy to script this with VB instead? If so, does anybody already have a script or a model that can be used for this? Thanks - Marc List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat
Re: [ActiveDir] Display Specifier + Command Variables
Marc, can you post the code you're using? Cleaned up for internet consumption of course. Al On 12/23/05, Marc A. Mapplebeck [EMAIL PROTECTED] wrote: Hi all, I am working on setting up FTP in AD Isolation mode. I have writtena batch file that I run to enable a user on the FTP server, I would like to change this so that I can just right click on a user in AD Users Computersto do this, I have made the modification to the display specifier to callthe batch file, however, it is not passing what I want, does anybody know if/what the variable is for the CN of the user, or would it be just as easyto script this with VB instead? If so, does anybody already have a script ora model that can be used for this? Thanks - Marc List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Termservers and users desktops
I've found in the past that trying to use technology to compensate for layer-8 behavior almost always has anegative outcome. The problem, as I understand it, is that the user will try to create a file on a local desktop and then, when they use a different desktop (in this case Termserver) they have an expectation that they can later find it on the local desktop again. If that's what they're after, you want a hypnotist not a technologist. That would allow you to retrain them and maybe help them quit some other bad habits at the same time. Al On 12/22/05, Craig Gauss [EMAIL PROTECTED] wrote: I have thought about that. Not sure what I would set that at yet. I would love to be able to train the users on this, but the problem is the majority have enough problem understanding how to log on let alone start throwing profiles and things at them. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Blair, JamesSent: Thursday, December 22, 2005 4:08 PMTo: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Termservers and users desktops Craig, Have you looked at setting up roaming user profiles with disk space quotas? I find training staff in Terminal Server, Citrix etc. usage to beimperative and understated as it is hard for some people to get their head around the fact that the Desktop they are using is not actually on their machine physical. James From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Craig GaussSent: Friday, 23 December 2005 7:51 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Termservers and users desktops Sure. We are running Tarantella's secure global desktop to run applications off of the termserver. When the user is using one of the apps from their client computer they still have access to save files to their profiles desktop. I want to disable that. Not really sure of the easiest way of doing it. Mainly looking to do this for two reasons. 1) Keep profile sizes small 2) Keep users from losing files. Had one today that had saved an Outlook attachment to their desktop. Ended up being their desktop on the Terminal Server. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Al MulnickSent: Thursday, December 22, 2005 2:34 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Termservers and users desktops Can you expand that with an example? On 12/22/05, Craig Gauss [EMAIL PROTECTED] wrote: Windows Server 2003Does anyone know of a policy or anything that I could use to limit usersfrom being able to write to the desktop when they are using an application from a Termserver?List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Display Specifier + Command Variables
Sure, I was just using a batch file that called iisftp the context was "iisftp username" all Z drives are the homedir of the user stored on our hermes server in the share Z Drives, the purpose of this was to give users access to their homedir remotely. however, now that I want to use it from within AD Users Computers, I think I will have to rewrite it to set the variables using vbs. setftp.bat - IIsFtp /SetADProp %1 FTPDir %1IIsFtp /SetADProp %1 FTPRoot "\\hermes\Z Drives"- end I will probably end up using a .vbs that looks similar to this: setftp.vbs - Dim ouserFTPDir Dim ouserFTPDRootDim oUser1 Set oUserFTPDir = GetObject(ouser1(0)) Set oUserFTPRoot = "\\hermes\Z Drives" oUser1.SetInfo Set oUser1 = NothingSet ouserFTP = NothingWScript.Quit - end I'm actually teaching a class right now(yes, one of my students showed up for class the day before the holiday break starts, so I gave him a nice subnetting lab, I'm soo sadistic), so I do not have access to any of my reference/test servers, so this script will prolly crash on line 1. But, the general idea is there. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: December 23, 2005 11:23To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Display Specifier + Command Variables Marc, can you post the code you're using? Cleaned up for internet consumption of course. Al On 12/23/05, Marc A. Mapplebeck [EMAIL PROTECTED] wrote: Hi all, I am working on setting up FTP in AD Isolation mode. I have writtena batch file that I run to enable a user on the FTP server, I would like to change this so that I can just right click on a user in AD Users Computersto do this, I have made the modification to the display specifier to callthe batch file, however, it is not passing what I want, does anybody know if/what the variable is for the CN of the user, or would it be just as easyto script this with VB instead? If so, does anybody already have a script ora model that can be used for this? Thanks - MarcList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Adding drives to restrict drives policy
You are right about the system.adm file take a look at http://support.microsoft.com/kb/q231289/ Using Group Policy Objects to hide specified drives in My Computer for Windows 2000 You need to find out the Hexidecimal value for the drives you want to hide You can find the hex values here: http://www.sd61.bc.ca/windows2000/HideDrives.htm Hope this helps Mike On 12/23/05, Matt Johnson [EMAIL PROTECTED] wrote: I would like to restrict more drives than just A, B, C, D via grouppolicy. However, I don't want to restrict access to all of them. I know that I probably have to modify the system.adm file to add moredrives. I wish I knew where to go from there. Any help would begreatly appreciated.The drives by the way I want to restrict access to is A,B,C,D,L. Thanks in advance.--Matt Johnson[EMAIL PROTECTED]Subtle and insubstantial, the expert leaves no trace; divinelymysterious, he is inaudible. Thus he is the master of his enemy's fate. —Sun Tzu
RE: [ActiveDir] Adding drives to restrict drives policy
If memory serves You must edit the HideDrives value. This is how you calculate the HideDrives value: The registry key that this policy effects uses a decimal number which corresponds to a 26 bit binary string, with each bit representing a drive letter: 11 ZYXWVUTSRQPONMLKJIHGFEDCBA The above configuration corresponds to 67108863 and will hide all drives. If you only want to hide the drives: A, C, D, E, F, H and T you would do this: 0010001001 ZYXWVUTSRQPONMLKJIHGFEDCBA This would be 524477 in decimal number and hide the drives A, C, D, E, F, H and T. This is the value that you type in as the NoDrives Value in the policy template. If you want to edit the system.adm template, remember that you have to edit the .adm file on multiple places: POLICY !!NoDrives POLICY !!NoViewOnDrive ...and don't forget to edit the corresponding value in the [strings] section. Regards, /Jimmy Jimmy Andersson, Principal Advisor - Q Advice AB Microsoft MVP - Directory Services Security --- www.qadvice.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mike kline Sent: Friday, December 23, 2005 4:46 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Adding drives to restrict drives policy You are right about the system.adm file take a look at http://support.microsoft.com/kb/q231289/ http://support.microsoft.com/kb/q231289/ Using Group Policy Objects to hide specified drives in My Computer for Windows 2000 You need to find out the Hexidecimal value for the drives you want to hide You can find the hex values here: http://www.sd61.bc.ca/windows2000/HideDrives.htm Hope this helps Mike On 12/23/05, Matt Johnson [EMAIL PROTECTED] wrote: I would like to restrict more drives than just A, B, C, D via group policy. However, I don't want to restrict access to all of them. I know that I probably have to modify the system.adm file to add more drives. I wish I knew where to go from there. Any help would be greatly appreciated. The drives by the way I want to restrict access to is A,B,C,D,L. Thanks in advance. -- Matt Johnson [EMAIL PROTECTED] Subtle and insubstantial, the expert leaves no trace; divinely mysterious, he is inaudible. Thus he is the master of his enemy's fate. -Sun Tzu List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Display Specifier + Command Variables
I'm still not clear on whether you want to do this for the homedrive attribute or if you are trying to do something else. Might just be a little dense (that sometimes happens around this time of year). You want to add a _vbscript_ to your ADUC so you can right click and enable some function that currently is not available, vs. using a script to enable it in bulk. Is that correct? I believe you want something similar to this, right? http://www.2000trainers.com/article.aspx?articleID=317page=2 On 12/23/05, Marc A. Mapplebeck [EMAIL PROTECTED] wrote: Sure, I was just using a batch file that called iisftp the context was iisftp username all Z drives are the homedir of the user stored on our hermes server in the share Z Drives, the purpose of this was to give users access to their homedir remotely. however, now that I want to use it from within AD Users Computers, I think I will have to rewrite it to set the variables using vbs. setftp.bat - IIsFtp /SetADProp %1 FTPDir %1IIsFtp /SetADProp %1 FTPRoot \\hermes\Z Drives- end I will probably end up using a .vbs that looks similar to this: setftp.vbs - Dim ouserFTPDir Dim ouserFTPDRootDim oUser1 Set oUserFTPDir = GetObject(ouser1(0)) Set oUserFTPRoot = \\hermes\Z Drives oUser1.SetInfo Set oUser1 = NothingSet ouserFTP = NothingWScript.Quit - end I'm actually teaching a class right now(yes, one of my students showed up for class the day before the holiday break starts, so I gave him a nice subnetting lab, I'm soo sadistic), so I do not have access to any of my reference/test servers, so this script will prolly crash on line 1. But, the general idea is there. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Al MulnickSent: December 23, 2005 11:23To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Display Specifier + Command Variables Marc, can you post the code you're using? Cleaned up for internet consumption of course. Al On 12/23/05, Marc A. Mapplebeck [EMAIL PROTECTED] wrote: Hi all, I am working on setting up FTP in AD Isolation mode. I have writtena batch file that I run to enable a user on the FTP server, I would like to change this so that I can just right click on a user in AD Users Computersto do this, I have made the modification to the display specifier to callthe batch file, however, it is not passing what I want, does anybody know if/what the variable is for the CN of the user, or would it be just as easyto script this with VB instead? If so, does anybody already have a script ora model that can be used for this? Thanks - Marc List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Email Address Lookup thru LDAP for external copier.
We have a couple Sharp copiers that we want to setup so that they can query the name and email addresses from the GAL. This is so that when users want to send a scanned image to another user, the person just need to type in the first character of the recipient first and last name, instead of the whole email address. My question is, I have created a user in the Active Directory that will be used just for this, since Active Directory won't allow anonymous LDAP query, but what kind of permissions should I give to this user in order to do this, because I'm still out of luck making this work. The other thing is what is the correct search base to do this, does CN=domain,CN=name,CN=com should do it? Thank You List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Email Address Lookup thru LDAP for external copier.
Depends on the security of your AD but a normal user should be able to query a user and return an email address. Unless you have a single domain forest I would recommend hitting the GC (port 3268) in which case the base could be a the forest root domain or a null base (if you have multiple trees in the forest). If a single domain, DC=domain,DC=com would be the format for domain.com. How are you specifying the credentials? DN, UPN, or NT style? What is the actual query? joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Irwan Hadi Sent: Friday, December 23, 2005 12:07 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Email Address Lookup thru LDAP for external copier. We have a couple Sharp copiers that we want to setup so that they can query the name and email addresses from the GAL. This is so that when users want to send a scanned image to another user, the person just need to type in the first character of the recipient first and last name, instead of the whole email address. My question is, I have created a user in the Active Directory that will be used just for this, since Active Directory won't allow anonymous LDAP query, but what kind of permissions should I give to this user in order to do this, because I'm still out of luck making this work. The other thing is what is the correct search base to do this, does CN=domain,CN=name,CN=com should do it? Thank You List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Adding drives to restrict drives policy
Also, I would recommend that you not edit the system.adm file directly to make this change. This is because the next time MS updates system.adm, your changes will be overwritten. So, best bet is to copy and paste the hide drives policy into a separate ADM and edit it from there. Darren From: [EMAIL PROTECTED] on behalf of Jimmy Andersson Sent: Fri 12/23/2005 7:59 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Adding drives to restrict drives policy If memory serves You must edit the HideDrives value. This is how you calculate the HideDrives value: The registry key that this policy effects uses a decimal number which corresponds to a 26 bit binary string, with each bit representing a drive letter: 11 ZYXWVUTSRQPONMLKJIHGFEDCBA The above configuration corresponds to 67108863 and will hide all drives. If you only want to hide the drives: A, C, D, E, F, H and T you would do this: 0010001001 ZYXWVUTSRQPONMLKJIHGFEDCBA This would be 524477 in decimal number and hide the drives A, C, D, E, F, H and T. This is the value that you type in as the NoDrives Value in the policy template. If you want to edit the system.adm template, remember that you have to edit the .adm file on multiple places: POLICY !!NoDrives POLICY !!NoViewOnDrive ...and don't forget to edit the corresponding value in the [strings] section. Regards, /Jimmy Jimmy Andersson, Principal Advisor - Q Advice AB Microsoft MVP - Directory Services Security --- www.qadvice.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mike kline Sent: Friday, December 23, 2005 4:46 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Adding drives to restrict drives policy You are right about the system.adm file take a look at http://support.microsoft.com/kb/q231289/ http://support.microsoft.com/kb/q231289/ Using Group Policy Objects to hide specified drives in My Computer for Windows 2000 You need to find out the Hexidecimal value for the drives you want to hide You can find the hex values here: http://www.sd61.bc.ca/windows2000/HideDrives.htm Hope this helps Mike On 12/23/05, Matt Johnson [EMAIL PROTECTED] wrote: I would like to restrict more drives than just A, B, C, D via group policy. However, I don't want to restrict access to all of them. I know that I probably have to modify the system.adm file to add more drives. I wish I knew where to go from there. Any help would be greatly appreciated. The drives by the way I want to restrict access to is A,B,C,D,L. Thanks in advance. -- Matt Johnson [EMAIL PROTECTED] Subtle and insubstantial, the expert leaves no trace; divinely mysterious, he is inaudible. Thus he is the master of his enemy's fate. -Sun Tzu List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat
RE: [ActiveDir] Display Specifier + Command Variables
I need to propogate the FTPRoot and FTPDir fields in the user objects, they are not available through ADUC, only by using iisftp or a vbs. I am using FTP via IIS in AD Isolation Mode. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: December 23, 2005 12:17To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Display Specifier + Command Variables I'm still not clear on whether you want to do this for the homedrive attribute or if you are trying to do something else. Might just be a little dense (that sometimes happens around this time of year). You want to add a _vbscript_ to your ADUC so you can right click and enable some function that currently is not available, vs. using a script to enable it in bulk. Is that correct? I believe you want something similar to this, right? http://www.2000trainers.com/article.aspx?articleID=317page=2 On 12/23/05, Marc A. Mapplebeck [EMAIL PROTECTED] wrote: Sure, I was just using a batch file that called iisftp the context was "iisftp username" all Z drives are the homedir of the user stored on our hermes server in the share Z Drives, the purpose of this was to give users access to their homedir remotely. however, now that I want to use it from within AD Users Computers, I think I will have to rewrite it to set the variables using vbs. setftp.bat - IIsFtp /SetADProp %1 FTPDir %1IIsFtp /SetADProp %1 FTPRoot "\\hermes\Z Drives"- end I will probably end up using a .vbs that looks similar to this: setftp.vbs - Dim ouserFTPDir Dim ouserFTPDRootDim oUser1 Set oUserFTPDir = GetObject(ouser1(0)) Set oUserFTPRoot = "\\hermes\Z Drives" oUser1.SetInfo Set oUser1 = NothingSet ouserFTP = NothingWScript.Quit - end I'm actually teaching a class right now(yes, one of my students showed up for class the day before the holiday break starts, so I gave him a nice subnetting lab, I'm soo sadistic), so I do not have access to any of my reference/test servers, so this script will prolly crash on line 1. But, the general idea is there. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Al MulnickSent: December 23, 2005 11:23To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Display Specifier + Command Variables Marc, can you post the code you're using? Cleaned up for internet consumption of course. Al On 12/23/05, Marc A. Mapplebeck [EMAIL PROTECTED] wrote: Hi all, I am working on setting up FTP in AD Isolation mode. I have writtena batch file that I run to enable a user on the FTP server, I would like to change this so that I can just right click on a user in AD Users Computersto do this, I have made the modification to the display specifier to callthe batch file, however, it is not passing what I want, does anybody know if/what the variable is for the CN of the user, or would it be just as easyto script this with VB instead? If so, does anybody already have a script ora model that can be used for this? Thanks - MarcList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Maurice McNeill is out of the office.
I will be out of the office starting 12/23/2005 and will not return until 01/03/2006. I will respond to your message when I return. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] xexch50
Why don't you post this to an Exchange 2003 forum such as Exchange-2003 in Yahoo Groups? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Quatro Info Sent: Thursday, December 22, 2005 10:31 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] xexch50 Hi all, Installed a new SBS 2k3 box and get following messages in eventviewer: ID 7010 This is an SMTP protocol log for virtual server ID 1, connection #278. The client at 193.173.22.154 sent a xexch50 command, and the SMTP server responded with 504 Need to authenticate first . The full command sent was xexch50 2204 2. This will probably cause the connection to fail. ID 7004 This is an SMTP protocol error log for virtual server ID 1, connection #292. The remote host 193.173.22.154, responded to the SMTP command xexch50 with 504 Need to authenticate first . The full command sent was XEXCH50 2376 2 . This will probably cause the connection to fail. Only get this message from a few ip addressesthey are not member of the exchange organization but just other companies servers who try to send mail Mail flow isnt working well from those senders as wellsome mail arrive some dont Integrated windows auth is turned on at the virtual smtp connector as well. Is this a configuration problem on my exchange server or theirs? All help appreciated. Grtz Jorre List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE : [ActiveDir] Display Specifier + Command Varia bles
I don't know if it could help you but for the same pupose as you, I found 2 attributes: * msIIS-FTPDir - Relative user directory on an FTP Root share = Schema definition. * msIIS-FTPRoot -- Virtual FTP Root where user home directory resides. = Schema definition. I populated these 2 attributes to all my students so then can access their homedir via ftp. For example, msIIS-FTPDir will be the samaccoutname msIIS-FTPRoot will be \\yourserver\share\ [1] I configured my ftp server in Isolated Mode Using Active Directory, so each students have to go to ftp://myserver.domain.fr authenticated themselves with an AD box, and are directly logged into their home directory: IIS AD make automatically the concatenation with the 2 attributes in this way msIIS-FTPRoot msIIS-FTPDir. [1] for redondancy and fault tolerance, i use a rootDFS instead of the server : msIIS-FTPRoot = \\myDFSRoot\share\ Optionnaly, u could integrate hte 2 attributes in the admincontext of ADUC so u can easily see them by right cliking on a user. I am in AD2k3. Hope it helps. Yann De: [EMAIL PROTECTED] de la part de Marc A. Mapplebeck Date: ven. 23/12/2005 20:36 À: ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Display Specifier + Command Variables I need to propogate the FTPRoot and FTPDir fields in the user objects, they are not available through ADUC, only by using iisftp or a vbs. I am using FTP via IIS in AD Isolation Mode. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: December 23, 2005 12:17 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Display Specifier + Command Variables I'm still not clear on whether you want to do this for the homedrive attribute or if you are trying to do something else. Might just be a little dense (that sometimes happens around this time of year). You want to add a vbscript to your ADUC so you can right click and enable some function that currently is not available, vs. using a script to enable it in bulk. Is that correct? I believe you want something similar to this, right? http://www.2000trainers.com/article.aspx?articleID=317page=2 On 12/23/05, Marc A. Mapplebeck [EMAIL PROTECTED] wrote: Sure, I was just using a batch file that called iisftp the context was iisftp username all Z drives are the homedir of the user stored on our hermes server in the share Z Drives, the purpose of this was to give users access to their homedir remotely. however, now that I want to use it from within AD Users Computers, I think I will have to rewrite it to set the variables using vbs. setftp.bat - IIsFtp /SetADProp %1 FTPDir %1 IIsFtp /SetADProp %1 FTPRoot \\hermes\Z Drives - end I will probably end up using a .vbs that looks similar to this: setftp.vbs - Dim ouserFTPDir Dim ouserFTPDRoot Dim oUser1 Set oUserFTPDir = GetObject(ouser1(0)) Set oUserFTPRoot = \\hermes\Z Drives oUser1.SetInfo Set oUser1 = Nothing Set ouserFTP = Nothing WScript.Quit - end I'm actually teaching a class right now(yes, one of my students showed up for class the day before the holiday break starts, so I gave him a nice subnetting lab, I'm soo sadistic), so I do not have access to any of my reference/test servers, so this script will prolly crash on line 1. But, the general idea is there. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] On Behalf Of Al Mulnick Sent: December 23, 2005 11:23 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Display Specifier + Command Variables Marc, can you post the code you're using? Cleaned up for internet consumption of course. Al On 12/23/05, Marc A. Mapplebeck [EMAIL PROTECTED] wrote: Hi all, I am working on setting up FTP in AD Isolation mode. I have written a batch file that I run to enable a user on the FTP server, I would like to change this so that I can just right click on a user in AD Users Computers to do this, I have made the modification to the display specifier to call the batch file, however, it is not passing what I want, does anybody know if/what the variable is for the CN of the user, or would it be just as easy to script this with VB instead? If so, does anybody already have a script or a model that can be used for this? Thanks - Marc List info : http://www.activedir.org/List.aspx
Re: [ActiveDir] Display Specifier + Command Variables
If the batch file you provided is what you are using then it might not work... As ADUC will give DN of the object as command line argument to the script and iisftp.vbs requires username (samaccountname) of the user to work. so, VBS will be better in this case... ' *** Start Code Dim oUser1 Set oUser1 = getobject(wscript.arguments(0))oUser1.FTPDir = oUser1.samaccountnameoUser1.FTPRoot = \\hermes\Z Drives oUser1.SetInfo Set oUser1 = NothingSet ouserFTP = Nothing ' *** End Code -- Kamlesh On 12/24/05, Marc A. Mapplebeck [EMAIL PROTECTED] wrote: I need to propogate the FTPRoot and FTPDir fields in the user objects, they are not available through ADUC, only by using iisftp or a vbs. I am using FTP via IIS in AD Isolation Mode. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Al MulnickSent: December 23, 2005 12:17 To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Display Specifier + Command Variables I'm still not clear on whether you want to do this for the homedrive attribute or if you are trying to do something else. Might just be a little dense (that sometimes happens around this time of year). You want to add a _vbscript_ to your ADUC so you can right click and enable some function that currently is not available, vs. using a script to enable it in bulk. Is that correct? I believe you want something similar to this, right? http://www.2000trainers.com/article.aspx?articleID=317page=2 On 12/23/05, Marc A. Mapplebeck [EMAIL PROTECTED] wrote: Sure, I was just using a batch file that called iisftp the context was iisftp username all Z drives are the homedir of the user stored on our hermes server in the share Z Drives, the purpose of this was to give users access to their homedir remotely. however, now that I want to use it from within AD Users Computers, I think I will have to rewrite it to set the variables using vbs. setftp.bat - IIsFtp /SetADProp %1 FTPDir %1IIsFtp /SetADProp %1 FTPRoot \\hermes\Z Drives- end I will probably end up using a .vbs that looks similar to this: setftp.vbs - Dim ouserFTPDir Dim ouserFTPDRootDim oUser1 Set oUserFTPDir = GetObject(ouser1(0)) Set oUserFTPRoot = \\hermes\Z Drives oUser1.SetInfo Set oUser1 = NothingSet ouserFTP = NothingWScript.Quit - end I'm actually teaching a class right now(yes, one of my students showed up for class the day before the holiday break starts, so I gave him a nice subnetting lab, I'm soo sadistic), so I do not have access to any of my reference/test servers, so this script will prolly crash on line 1. But, the general idea is there. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Al MulnickSent: December 23, 2005 11:23To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Display Specifier + Command Variables Marc, can you post the code you're using? Cleaned up for internet consumption of course. Al On 12/23/05, Marc A. Mapplebeck [EMAIL PROTECTED] wrote: Hi all, I am working on setting up FTP in AD Isolation mode. I have writtena batch file that I run to enable a user on the FTP server, I would like to change this so that I can just right click on a user in AD Users Computersto do this, I have made the modification to the display specifier to callthe batch file, however, it is not passing what I want, does anybody know if/what the variable is for the CN of the user, or would it be just as easyto script this with VB instead? If so, does anybody already have a script ora model that can be used for this? Thanks - Marc List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- ~Be the change you want to see in the World ~
[ActiveDir] FW: LDIFDE command or equivalent
Hi, Can someone help me out a bit with this one... I would like to use the LDEFIDE command to export from our LAN and import it in our test lab. I'm able to export users and OUs, but can't seem to find out how to export groups (and all the memberships). If someone has an idea how to do that or another free tool that I can use for that, it would be great! List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] FW: LDIFDE command or equivalent
Ouf... I meant LDIFDE... Hi, Can someone help me out a bit with this one... I would like to use the LDEFIDE command to export from our LAN and import it in our test lab. I'm able to export users and OUs, but can't seem to find out how to export groups (and all the memberships). If someone has an idea how to do that or another free tool that I can use for that, it would be great! List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] FW: LDIFDE command or equivalent
There was a tool mentioned by YANN previously you might want to look at The email is below. I haven't looked at it but possibly it can help you out. Doing this with LDIFDE can be a trying and painful. Basically you will need to create all of the users and groups, then chase back through and populate the membership so you don't have any chicken and egg issues. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: Tuesday, October 04, 2005 11:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Duplicate your AD domain with this new (free) tool Hi Activedir List :) A new free tool is now available here http://www.yside.com/projects/tools.htm which name is XSync v0.2 It duplicates your real AD Domain in a test lab with no SID issues. Thanks a lot to Chris Wall ([EMAIL PROTECTED]) who made the information available on the ExhcangeList with the same thread Duplicate your AD domain with this new (free) tool. Cheers, Yann -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruyere, Michel Sent: Friday, December 23, 2005 8:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FW: LDIFDE command or equivalent Ouf... I meant LDIFDE... Hi, Can someone help me out a bit with this one... I would like to use the LDEFIDE command to export from our LAN and import it in our test lab. I'm able to export users and OUs, but can't seem to find out how to export groups (and all the memberships). If someone has an idea how to do that or another free tool that I can use for that, it would be great! List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] IIS6 Coldfusion MX 7
Sorry if this is not AD related, but I am having a hard time trying to get ColdFusion MX 7 running on a W23K Srv Web Edt. IIS6 is running fine. The CFMX7 ODBC services won't install. -Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] IIS6 Coldfusion MX 7
Error messages? Log files? Events? Za Vue wrote: Sorry if this is not AD related, but I am having a hard time trying to get ColdFusion MX 7 running on a W23K Srv Web Edt. IIS6 is running fine. The CFMX7 ODBC services won't install. -Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] IIS6 Coldfusion MX 7
After over 20 times of removing and reinstalling, I think I got it working again. Will do some testing. Thanks for those that replied. -Za Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Error messages? Log files? Events? Za Vue wrote: Sorry if this is not AD related, but I am having a hard time trying to get ColdFusion MX 7 running on a W23K Srv Web Edt. IIS6 is running fine. The CFMX7 ODBC services won't install. -Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Email Address Lookup thru LDAP for external copier.
Thanks Joe, it works. The problem why it didn't work before was the way the credentials defined. I need to define it as DOMAIN\username, and for authentication I need to use BASIC (plain), and no NTLM or Kerberos. The only problem now is just if someone try to lookup email address that starts with 's', s/he will see everybody whose email starts with 's' and also [EMAIL PROTECTED] If someone try to lookup email address that starts with 'i', then s/he will also see the [EMAIL PROTECTED] email. I will try to research this further. Thanks On 12/23/05, joe [EMAIL PROTECTED] wrote: Depends on the security of your AD but a normal user should be able to query a user and return an email address. Unless you have a single domain forest I would recommend hitting the GC (port 3268) in which case the base could be a the forest root domain or a null base (if you have multiple trees in the forest). If a single domain, DC=domain,DC=com would be the format for domain.com. How are you specifying the credentials? DN, UPN, or NT style? What is the actual query? joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Irwan Hadi Sent: Friday, December 23, 2005 12:07 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Email Address Lookup thru LDAP for external copier. We have a couple Sharp copiers that we want to setup so that they can query the name and email addresses from the GAL. This is so that when users want to send a scanned image to another user, the person just need to type in the first character of the recipient first and last name, instead of the whole email address. My question is, I have created a user in the Active Directory that will be used just for this, since Active Directory won't allow anonymous LDAP query, but what kind of permissions should I give to this user in order to do this, because I'm still out of luck making this work. The other thing is what is the correct search base to do this, does CN=domain,CN=name,CN=com should do it? Thank You List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Health Scripts?
Also, the AD management pack for MOM is in this category. Further, they documented everything that the ADMP does so that you could roll your own, or port it to another mgmt platform if you so choose. ~Eric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Friday, December 23, 2005 1:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Active Directory Health Scripts? The Windows Server 2003 Active Directory Branch Office Guide contains some Quality Assurance Health Check Scripts http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112displaylang=en Cheers, Jorge From: [EMAIL PROTECTED] on behalf of Matt Brown Sent: Fri 12/23/2005 1:32 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Active Directory Health Scripts? Hi, wondering if anybody has written any scripts using the free tools to monitor the health of Active Directory? I was thinking about writing a python script to run DCDiag and check the output for any failures and when found shoot me an email to let me know... maybe something with repadmin, etc. Thanks, -- Matt Brown [ SELECT * FROM IT WHERE EyeContact=True ] Information Technology System Specialist Eastern Washington University