RE: AD2000 to 2003R2 (thread hijacking - was RE: [ActiveDir] R2 and W2K3 SP1)

[Joe Pochedley]

Jorge,

I never mind someone knowledgeable answering the question!  I haven't
had much time to look at what's new in R2 yet, and therefore wanted to
check...  Glad I asked.

I've actually been thinking of finally upgrading our AD controllers to
2003, but was holding off for R2...  I've waited this long, might as
well do it all in one fell swoop.  (Not like I won't be doing more
reading on the new tools in R2 before I run some tests and actually do
the upgrade, but at least this is one question I won't be stumbling to
find an answer for!)

Thanks again.

JoeP

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Friday, February 17, 2006 4:47 PM
To: ActiveDir@mail.activedir.org
Subject: RE: AD2000 to 2003R2 (thread hijacking - was RE: [ActiveDir] R2
and W2K3 SP1)

Hope you don't mind me answering this...

The same rules apply when going from w2k to w2k3r2 compared to w2k->w2k3

Make sure you run ADPREP from DISK 2!!! Using that ADPREP version
upgrades the schema directly to version 31 (R2)

If you run the ADPREP version from DISK1 you will get schema version 30,
which is just W2K3 without R2

See:
http://blogs.dirteam.com/blogs/jorge/archive/2005/11/20/110.aspx

Jorge

>>>-Original Message-
>>>From: [EMAIL PROTECTED] 
>>>[mailto:[EMAIL PROTECTED] On Behalf Of Joe 
>>>Pochedley
>>>Sent: Friday, February 17, 2006 22:19
>>>To: ActiveDir@mail.activedir.org
>>>Subject: AD2000 to 2003R2 (thread hijacking - was RE: 
>>>[ActiveDir] R2 and W2K3 SP1)
>>>
>>>Joe, 
>>>
>>>
>>>Got my order of your book from Amazon the other day (and yes 
>>>I ordered from the link on your web page).  It's sitting on 
>>>my dining room table just waiting to be read.  Hopefully 
>>>I'll have some time to start reading this weekend...
>>>
>>>
>>>Now, to the real question (which may actually be answered in 
>>>the book, but I digress).  Are there any caveats in moving 
>>>direct from an AD 2000 domain to a AD2003/R2 schema with the 
>>>new updates directly?  Or does there need to be a stepped 
>>>approach?  (Yes, it does sound like a silly question, but 
>>>always better safe than sorry.) 
>>>
>>>
>>>Joe Pochedley
>>>A computer terminal is not some clunky old television with a 
>>>typewriter in front of it. It is an interface where the mind 
>>>and body can connect with the universe and move bits of it 
>>>about. -Douglas Adams 
>>>
>>>-Original Message-
>>>From: [EMAIL PROTECTED]
>>>[mailto:[EMAIL PROTECTED] On Behalf Of joe
>>>Sent: Friday, February 17, 2006 12:49 PM
>>>To: ActiveDir@mail.activedir.org
>>>Subject: RE: [ActiveDir] R2 and W2K3 SP1
>>>
>>>A couple of reasons
>>>
>>>1. As people keep buying the product they will buy the SP1 
>>>version of it which has significant updates for security, 
>>>etc. Best to get the old stuff out of the channels.
>>>
>>>2. Gets several feature packs out there with the media so people 
>>> a. Know about it at all, lots of folks don't know about 
>>>the RTW stuff
>>> b. Feel that it is fully supported (this was an issue 
>>>with acceptance of ADAM)
>>>
>>>Even if you don't want any of the feature packs, you want R2 
>>>or at least ADAM SP1 for the AD Tool updates. This and more 
>>>is discussed in the book in the signature below[1]. ;o)
>>>
>>>Don't upgrade to R2 because you think it is a new OS. 
>>>Upgrade if you need the feature packs (or tools as mentioned 
>>>above). I do recommend slapping the schema in when you can, 
>>>at some point, you will most likely need to apply it so this 
>>>gives you good head start for getting it in there if you 
>>>don't need it right away.
>>>
>>>
>>>   joe 
>>>
>>>[1] BTW, anyone who has had a chance to go through the book 
>>>I wouldn't mind hearing reviews (or better reading them on 
>>>Amazon) and/or thoughts on it. I am getting very positive 
>>>feedback so far on the updates and folks are really enjoying 
>>>it. Worst comment is that ADAM deserves more room and I 
>>>completely agree, ADAM is a book unto itself that I am 
>>>making up notes on now for including a whole section on 
>>>Microsoft dorking with the name. If you know an MS Marketing 
>>>person, please kick them in the knee for me. Tell them they 
>>>can respond to me at my email address. ADAM was a great 
>>>name, you could say, this is a case for ADAM madam! Oh no, 
>>>now you have to say something stupid like we need MSADLDS or 
>>>ADLDS or even LDS. At least they could have something fun 
>>>and called it Lightweight Service Directory. ADLDS and LDS 
>>>are not fun. ADAM is fun.
>>>Microsoft, stop being a stick in the mud you boobs.
>>>Ah, back to work. Maybe post more over the weekend but 
>>>probably not, too busy.
>>>
>>>
>>>--
>>>O'Reilly Active Directory Third Edition - 
>>>http://www.joeware.net/win/ad3e.htm 
>>> 
>>>
>>>-Original Message-
>>>From: [EMAIL PROTECTED]
>>>[mailto:[EMAIL PROTECTED] On Behalf Of 
>>>Salandra, Justin A.
>>>Sent: Friday, February 17, 2006 2:26 PM
>>>To: ActiveDir@ma

RE: [ActiveDir] R2 and W2K3 SP1

[Alexander Suhovey]

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Bahta, Nathaniel V Contractor NASIC/SCNA
> Sent: Friday, February 17, 2006 11:04 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] R2 and W2K3 SP1

[..]
> Microsoft does not declare the differences 
> between windows 2003 sp1 and windows 2003 r2 disk 

>From R2 FAQ (http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx):
Q. Why does Windows Server 2003 R2 require two CDs for installation?  
A. Windows Server 2003 with SP1-a requirement for Windows Server 2003 R2-is
on CD 1. CD 2 includes the Windows Server 2003 R2 features.
 
> 1.  It seems that R2 is no more than a couple feature disks, 
> no kernel changes from R2 to SP1. 

Indeed. But no less either. Same kernel does not mean that it is just an
extra CD with some junk.

--Al


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] HP Insight Manger Question

[Medeiros, Jose]

J.. No, I wouldn’t expect you to know this, but I am sure that
HP also uses SIM in its data centers. I just thought I would ask.

 

Jose J

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Friday, February 17, 2006
1:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] HP
Insight Manger Question 



 

Hello Jose - "and since we have several HP employees on this list" - so I guess you're also assuming I know everything about
printers ;-)

 

I have no clue if Insight Manager has
this function, but I'll try to find out.

 

/Guido

 

P.S.: if I get the answer, you'll owe me
a question on Intel procs :-)

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Donnerstag, 16. Februar 2006
23:42
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] HP Insight
Manger Question 

Greetings, 

 

I realize that this is off topic, however I need to put
together a report using Insight Manager and since we have several HP employees
on this list, I was wondering if Insight Manger has the capability of just
giving me a report listing only the CPU temperature of each system that I am
managing rather then a full report?  

 

Sincerely,

Jose
Medeiros
Intel Corporation
MCP+I, MCSE, NT4 MCT
408-765-0437 Direct
408-449-6621 Cell

 

RE: [ActiveDir] HP Insight Manger Question

[Medeiros, Jose]

Hi Alexander, 

Thank you for taking the time to reply, I ran a sample report and your
right I did not see an option for CPU temp using HP SIM. However I do
know that the Proliant server MIB collects this information, as I was
able to view this up until version 4.9 of Compaq Insight Manager
(Win32).

Sincerely, 

Jose Medeiros



 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alexander
Suhovey
Sent: Friday, February 17, 2006 11:10 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] HP Insight Manger Question 

Well, I'm not an HP employee but... 
AFAIK sensors data such as temperature or fan speeds are not collected
by
Data Collect jobs so they are not in SIM database. You can check that by
querying CIM_Sensors table in your Insight_ SQL database. Additional
information on this topic can also be found on HP ITRC forum. Try this
search:
http://www5.itrc.hp.com/service/james/search.do?todo=search&searchtext=i
nsig
ht+manager+temperature&from=forums&origin=0&wpa=forums1.itrc.hp.com%3A80
&sea
rchcategory=ALL&hpl=1&searchcriteria=allwords&rn=25&source=7000&presort=
rank
&chkServStor=on&esc=support.itrc.hp.com&admit=552267591+1140186464652+28
3534
75

As far as reporting is concerned, can't say about previous versions but
in
SIM 5.0 reports are quite customizable. You can have for example a
report on
sensors for several servers. You will not have actual temps or rpms in
this
report though, just a status.

--Al


> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Medeiros, Jose
> Sent: Friday, February 17, 2006 1:42 AM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] HP Insight Manger Question 
> 
> Greetings, 
> 
>  
> 
> I realize that this is off topic, however I need to put 
> together a report using Insight Manager and since we have 
> several HP employees on this list, I was wondering if Insight 
> Manger has the capability of just giving me a report listing 
> only the CPU temperature of each system that I am managing 
> rather then a full report?  
> 
>  
> 
> Sincerely,
> 
> Jose Medeiros
> Intel Corporation
> MCP+I, MCSE, NT4 MCT
> 408-765-0437 Direct
> 408-449-6621 Cell
> 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: AD2000 to 2003R2 (thread hijacking - was RE: [ActiveDir] R2 and W2K3 SP1)

[Almeida Pinto, Jorge de]

Hope you don't mind me answering this...

The same rules apply when going from w2k to w2k3r2 compared to w2k->w2k3

Make sure you run ADPREP from DISK 2!!! Using that ADPREP version
upgrades the schema directly to version 31 (R2)

If you run the ADPREP version from DISK1 you will get schema version 30,
which is just W2K3 without R2

See:
http://blogs.dirteam.com/blogs/jorge/archive/2005/11/20/110.aspx

Jorge

>>>-Original Message-
>>>From: [EMAIL PROTECTED] 
>>>[mailto:[EMAIL PROTECTED] On Behalf Of Joe 
>>>Pochedley
>>>Sent: Friday, February 17, 2006 22:19
>>>To: ActiveDir@mail.activedir.org
>>>Subject: AD2000 to 2003R2 (thread hijacking - was RE: 
>>>[ActiveDir] R2 and W2K3 SP1)
>>>
>>>Joe, 
>>>
>>>
>>>Got my order of your book from Amazon the other day (and yes 
>>>I ordered from the link on your web page).  It's sitting on 
>>>my dining room table just waiting to be read.  Hopefully 
>>>I'll have some time to start reading this weekend...
>>>
>>>
>>>Now, to the real question (which may actually be answered in 
>>>the book, but I digress).  Are there any caveats in moving 
>>>direct from an AD 2000 domain to a AD2003/R2 schema with the 
>>>new updates directly?  Or does there need to be a stepped 
>>>approach?  (Yes, it does sound like a silly question, but 
>>>always better safe than sorry.) 
>>>
>>>
>>>Joe Pochedley
>>>A computer terminal is not some clunky old television with a 
>>>typewriter in front of it. It is an interface where the mind 
>>>and body can connect with the universe and move bits of it 
>>>about. -Douglas Adams 
>>>
>>>-Original Message-
>>>From: [EMAIL PROTECTED]
>>>[mailto:[EMAIL PROTECTED] On Behalf Of joe
>>>Sent: Friday, February 17, 2006 12:49 PM
>>>To: ActiveDir@mail.activedir.org
>>>Subject: RE: [ActiveDir] R2 and W2K3 SP1
>>>
>>>A couple of reasons
>>>
>>>1. As people keep buying the product they will buy the SP1 
>>>version of it which has significant updates for security, 
>>>etc. Best to get the old stuff out of the channels.
>>>
>>>2. Gets several feature packs out there with the media so people 
>>> a. Know about it at all, lots of folks don't know about 
>>>the RTW stuff
>>> b. Feel that it is fully supported (this was an issue 
>>>with acceptance of ADAM)
>>>
>>>Even if you don't want any of the feature packs, you want R2 
>>>or at least ADAM SP1 for the AD Tool updates. This and more 
>>>is discussed in the book in the signature below[1]. ;o)
>>>
>>>Don't upgrade to R2 because you think it is a new OS. 
>>>Upgrade if you need the feature packs (or tools as mentioned 
>>>above). I do recommend slapping the schema in when you can, 
>>>at some point, you will most likely need to apply it so this 
>>>gives you good head start for getting it in there if you 
>>>don't need it right away.
>>>
>>>
>>>   joe 
>>>
>>>[1] BTW, anyone who has had a chance to go through the book 
>>>I wouldn't mind hearing reviews (or better reading them on 
>>>Amazon) and/or thoughts on it. I am getting very positive 
>>>feedback so far on the updates and folks are really enjoying 
>>>it. Worst comment is that ADAM deserves more room and I 
>>>completely agree, ADAM is a book unto itself that I am 
>>>making up notes on now for including a whole section on 
>>>Microsoft dorking with the name. If you know an MS Marketing 
>>>person, please kick them in the knee for me. Tell them they 
>>>can respond to me at my email address. ADAM was a great 
>>>name, you could say, this is a case for ADAM madam! Oh no, 
>>>now you have to say something stupid like we need MSADLDS or 
>>>ADLDS or even LDS. At least they could have something fun 
>>>and called it Lightweight Service Directory. ADLDS and LDS 
>>>are not fun. ADAM is fun.
>>>Microsoft, stop being a stick in the mud you boobs.
>>>Ah, back to work. Maybe post more over the weekend but 
>>>probably not, too busy.
>>>
>>>
>>>--
>>>O'Reilly Active Directory Third Edition - 
>>>http://www.joeware.net/win/ad3e.htm 
>>> 
>>>
>>>-Original Message-
>>>From: [EMAIL PROTECTED]
>>>[mailto:[EMAIL PROTECTED] On Behalf Of 
>>>Salandra, Justin A.
>>>Sent: Friday, February 17, 2006 2:26 PM
>>>To: ActiveDir@mail.activedir.org
>>>Subject: RE: [ActiveDir] R2 and W2K3 SP1
>>>
>>>So Windows 2003 R2 is nothing more then Windows 2003 SP1???  
>>>Then why release R2 at all?
>>>
>>>Justin A. Salandra
>>>MCSE Windows 2000 & 2003
>>>Network and Technology Services Manager
>>>Catholic Healthcare System
>>>646.505.3681 - office
>>>917.455.0110 - cell
>>>[EMAIL PROTECTED]
>>>
>>>
>>>-Original Message-
>>>From: [EMAIL PROTECTED]
>>>[mailto:[EMAIL PROTECTED] On Behalf Of 
>>>[EMAIL PROTECTED]
>>>Sent: Friday, February 17, 2006 10:45 AM
>>>To: ActiveDir@mail.activedir.org
>>>Subject: RE: [ActiveDir] R2 and W2K3 SP1
>>>
>>>R2 CD1 == w2k3 SP1.
>>>R2 CD2 == addon components.
>>>
>>>Does that help?
>>>neil
>>>
>>>
>>>-Original Message-
>>>From: [EMAIL PROTECTED]
>>>[mailto:[EMAIL PROTECTED] On Behalf Of 
>>>Bahta, Nathaniel V Contractor N

RE: [ActiveDir] HP Insight Manger Question

[Almeida Pinto, Jorge de]

really, don't you? ;-)

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, 
  GuidoSent: Friday, February 17, 2006 22:19To: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] HP Insight 
  Manger Question 
  
  Hello Jose - "and since we have 
  several HP employees on this list" - so I guess you're also assuming 
  I know everything about printers ;-)
   
  I have no clue if Insight Manager has this function, but 
  I'll try to find out.
   
  /Guido
   
  P.S.: if I get the answer, you'll owe me a question on 
  Intel procs :-)
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, 
  JoseSent: Donnerstag, 16. Februar 2006 23:42To: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] HP Insight Manger 
  Question 
  
  
  Greetings, 
  
   
  I realize that this is off 
  topic, however I need to put together a report using Insight Manager and since 
  we have several HP employees on this list, I was wondering if Insight Manger 
  has the capability of just giving me a report listing only the CPU temperature 
  of each system that I am managing rather then a full report? 
   
   
  Sincerely,
  Jose 
  MedeirosIntel CorporationMCP+I, MCSE, NT4 MCT408-765-0437 
  Direct408-449-6621 Cell
   
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

RE: [ActiveDir] Group Membership

[Harding, Devon]

Perfect!

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf
Sent: Friday, February 17, 2006
3:27 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Group
Membership



 



The dstools or adfind:





 





dsquery user ou=MyOU,dc=domain,dc=com -samid Username
| dsget user -memberof





 





You might want to make sure that you run the commands
against a GC.





 





Phil

 





On 2/17/06, Harding, Devon
<[EMAIL PROTECTED]>
wrote: 



What's the quickest way to export a users' group
membership?

 

Devon Harding

Windows Systems Engineer

Southern Wine & Spirits
- BSG

954-602-2469

 









 


__
This message and any attachments are
solely for the intended
recipient and may contain confidential
or privileged information.
If you are not the intended recipient,
any disclosure, copying, use 
or distribution of the information
included in the message and any
attachments is prohibited. If you have
received this communication
in error, please notify us by reply
e-mail and immediately and
permanently delete this message and any
attachments. Thank You. 



 

AD2000 to 2003R2 (thread hijacking - was RE: [ActiveDir] R2 and W2K3 SP1)

[Joe Pochedley]

Joe, 

  
Got my order of your book from Amazon the other day (and yes I ordered
from the link on your web page).  It's sitting on my dining room table
just waiting to be read.  Hopefully I'll have some time to start reading
this weekend...


Now, to the real question (which may actually be answered in the book,
but I digress).  Are there any caveats in moving direct from an AD 2000
domain to a AD2003/R2 schema with the new updates directly?  Or does
there need to be a stepped approach?  (Yes, it does sound like a silly
question, but always better safe than sorry.) 


Joe Pochedley
A computer terminal is not some clunky old television
with a typewriter in front of it. It is an interface 
where the mind and body can connect with the universe
and move bits of it about. -Douglas Adams 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, February 17, 2006 12:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

A couple of reasons

1. As people keep buying the product they will buy the SP1 version of it
which has significant updates for security, etc. Best to get the old
stuff out of the channels.

2. Gets several feature packs out there with the media so people 
a. Know about it at all, lots of folks don't know about the RTW
stuff
b. Feel that it is fully supported (this was an issue with
acceptance of ADAM)

Even if you don't want any of the feature packs, you want R2 or at least
ADAM SP1 for the AD Tool updates. This and more is discussed in the book
in the signature below[1]. ;o)

Don't upgrade to R2 because you think it is a new OS. Upgrade if you
need the feature packs (or tools as mentioned above). I do recommend
slapping the schema in when you can, at some point, you will most likely
need to apply it so this gives you good head start for getting it in
there if you don't need it right away.


   joe 

[1] BTW, anyone who has had a chance to go through the book I wouldn't
mind hearing reviews (or better reading them on Amazon) and/or thoughts
on it. I am getting very positive feedback so far on the updates and
folks are really enjoying it. Worst comment is that ADAM deserves more
room and I completely agree, ADAM is a book unto itself that I am making
up notes on now for including a whole section on Microsoft dorking with
the name. If you know an MS Marketing person, please kick them in the
knee for me. Tell them they can respond to me at my email address. ADAM
was a great name, you could say, this is a case for ADAM madam! Oh no,
now you have to say something stupid like we need MSADLDS or ADLDS or
even LDS. At least they could have something fun and called it
Lightweight Service Directory. ADLDS and LDS are not fun. ADAM is fun.
Microsoft, stop being a stick in the mud you boobs.
Ah, back to work. Maybe post more over the weekend but probably not, too
busy.


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Friday, February 17, 2006 2:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

So Windows 2003 R2 is nothing more then Windows 2003 SP1???  Then why
release R2 at all?

Justin A. Salandra
MCSE Windows 2000 & 2003
Network and Technology Services Manager
Catholic Healthcare System
646.505.3681 - office
917.455.0110 - cell
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, February 17, 2006 10:45 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

R2 CD1 == w2k3 SP1.
R2 CD2 == addon components.

Does that help?
neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V Contractor NASIC/SCNA
Sent: 17 February 2006 15:34
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] R2 and W2K3 SP1

Hey list,

Do you guys/gals know whether it is true that R2 disk 1 is the same as
Windows 2003 SP1?  I loaded the first disk and it loads exactly and
looks exactly like Windows 2003 SP1, except when the license agreement
screen comes up, it lists the OS as 2003 R2.  In the R2 FAQ page on the
Microsoft site, it says that you do not need to upgrade your 2003
servers to R2, you need to only upgrade them to SP1
http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx.  Is there not
a distinct difference in the Kernel of R2 and the Kernel of 2003 SP1?
If not, then for the 2003 servers that I already have online, they need
only
SP1 to be up to standards.  R2 Disk 2 seems like the NT4 Option Pack,
not another OS release or kernel, but another set of features on a
separate disk.  Correct me if I am wrong.


Nathaniel Bahta
GD-NS
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir

RE: [ActiveDir] HP Insight Manger Question

[Grillenmeier, Guido]

Hello Jose - "and since we have several 
HP employees on this list" - so I guess you're also assuming 
I know everything about printers ;-)
 
I have no clue if Insight Manager has this function, but 
I'll try to find out.
 
/Guido
 
P.S.: if I get the answer, you'll owe me a question on 
Intel procs :-)


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, 
JoseSent: Donnerstag, 16. Februar 2006 23:42To: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] HP Insight Manger 
Question 


Greetings, 

 
I realize that this is off topic, 
however I need to put together a report using Insight Manager and since we have 
several HP employees on this list, I was wondering if Insight Manger has the 
capability of just giving me a report listing only the CPU temperature of each 
system that I am managing rather then a full report? 
 
 
Sincerely,
Jose 
MedeirosIntel CorporationMCP+I, MCSE, NT4 MCT408-765-0437 
Direct408-449-6621 Cell
 

RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

[Grillenmeier, Guido]

that is interesting in deed - then your case is similar to Aric's
afterall. I was thrown off by the ADPREP error message stating "...for
objects defined in Windows 2000 schema..." - but this way Aric might
have simply been one of the first to encounter the issue as at the time
it wasn't a known issue :-)

keep us posted - esp. if you get a link to more information or anything
appropriate to share.

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Freitag, 17. Februar 2006 20:18
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Our MS TAM has indicated this is a known bug!  I will keep the group
posted as I learn more details.

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Friday, February 17, 2006 10:52 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

As an update to this thread, we transferred the Schema Master role back
to other DC that has the SFU tools installed originally thinking this
might get the R2 schema update to work.  Wrong!  It fails with the same
error.  I can only imagine we do not have that unique an environment in
our testbed and expect others to have the same experience.  Luckily, we
never put SFU 3.5 on our production systems.  

We are going to open up a trouble ticket with Microsoft regarding this
issue.  I would like to hear of others' experiences (success or failure)
when trying to install R2 in an environment where SFU 3.5 had been
installed.  Thanks!

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Thursday, February 16, 2006 9:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Guido,
   Thanks for the response!  This server is Windows 2003/SP1 with all
but the current month's patches.  It is the current FSMO role holder.  I
did some checking this morning and find the SFU 3.5 tools on another DC
that could have been the FSMO role holder at the time the SFU schema
changes were made.  I don't see why that would make any difference, do
you?

-mike

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Thursday, February 16, 2006 3:00 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Mike - I see you're upgrading from Win2000 AD. Are your sure that you've
previously installed SFU 3.5 or was it maybe SFU 2.0 ?

The reason I'm asking is that there's a known schema incompatibility
with SFU 2.0:
check out http://support.microsoft.com/?id=293783 "Cannot Upgrade
Windows 2000 Server to Windows Server 2003 with Windows Services for
UNIX 2.0 Installed"

CAUSE
The upgrade may not work because the attributeSchema 'uid' that is used
by Windows 2000 Server for the NIS schema is not compatible with the one
that is used by Windows Server 2003. 

As such your error is likely independent from the changes in the R2
schema - it's actually an incompatibility in the Win2003 base schema
(not that this really matters for you; I just want to clarify that the
error should be unrelated to R2). As such it's different from Aric's
case, who was performing an upgrade from a Win2003 schema to Win2003
R2...


/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Donnerstag, 16. Februar 2006 02:53
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Aric,
No, there were a lot more errors - all seem to be related to SFU
attributes.  I only copied a small portion to my posting to save
bandwidth.  Painful = time = headaches  8-(  I was expecting this
upgrade to be a "walk in the park".

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: Wednesday, February 15, 2006 7:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Are these the only two errors you received?

I encountered similar errors during beta testing when I implemented R2
in an existing forest - but a lot more than just 2. :)  I created a
secondary forest and validated that it did not recur.  Note that I also
had SFU installed in the original forest and the new secondary forest.

I was able to clean up the schema in the existing forest exhibiting the
errors but it was a fairly painful process of what seemed to be a goose
chase.  The tasks included disabling objects attributes in the schema
and renaming them amongst other things.

Fortunately I have not heard of this happening in production...yet.

So can these errors be ignored?  If I remember correctly ADPrep is
actually failing and therefore NO you cannot ignore these err

RE: [ActiveDir] R2 and W2K3 SP1

[Coleman, Hunter]

You're just upset that ADAM has gone Mormon :-) 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, February 17, 2006 12:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

A couple of reasons

1. As people keep buying the product they will buy the SP1 version of it
which has significant updates for security, etc. Best to get the old
stuff out of the channels.

2. Gets several feature packs out there with the media so people 
a. Know about it at all, lots of folks don't know about the RTW
stuff
b. Feel that it is fully supported (this was an issue with
acceptance of ADAM)

Even if you don't want any of the feature packs, you want R2 or at least
ADAM SP1 for the AD Tool updates. This and more is discussed in the book
in the signature below[1]. ;o)

Don't upgrade to R2 because you think it is a new OS. Upgrade if you
need the feature packs (or tools as mentioned above). I do recommend
slapping the schema in when you can, at some point, you will most likely
need to apply it so this gives you good head start for getting it in
there if you don't need it right away.


   joe 

[1] BTW, anyone who has had a chance to go through the book I wouldn't
mind hearing reviews (or better reading them on Amazon) and/or thoughts
on it. I am getting very positive feedback so far on the updates and
folks are really enjoying it. Worst comment is that ADAM deserves more
room and I completely agree, ADAM is a book unto itself that I am making
up notes on now for including a whole section on Microsoft dorking with
the name. If you know an MS Marketing person, please kick them in the
knee for me. Tell them they can respond to me at my email address. ADAM
was a great name, you could say, this is a case for ADAM madam! Oh no,
now you have to say something stupid like we need MSADLDS or ADLDS or
even LDS. At least they could have something fun and called it
Lightweight Service Directory. ADLDS and LDS are not fun. ADAM is fun.
Microsoft, stop being a stick in the mud you boobs.
Ah, back to work. Maybe post more over the weekend but probably not, too
busy.


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Friday, February 17, 2006 2:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

So Windows 2003 R2 is nothing more then Windows 2003 SP1???  Then why
release R2 at all?

Justin A. Salandra
MCSE Windows 2000 & 2003
Network and Technology Services Manager
Catholic Healthcare System
646.505.3681 - office
917.455.0110 - cell
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, February 17, 2006 10:45 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

R2 CD1 == w2k3 SP1.
R2 CD2 == addon components.

Does that help?
neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V Contractor NASIC/SCNA
Sent: 17 February 2006 15:34
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] R2 and W2K3 SP1

Hey list,

Do you guys/gals know whether it is true that R2 disk 1 is the same as
Windows 2003 SP1?  I loaded the first disk and it loads exactly and
looks exactly like Windows 2003 SP1, except when the license agreement
screen comes up, it lists the OS as 2003 R2.  In the R2 FAQ page on the
Microsoft site, it says that you do not need to upgrade your 2003
servers to R2, you need to only upgrade them to SP1
http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx.  Is there not
a distinct difference in the Kernel of R2 and the Kernel of 2003 SP1?
If not, then for the 2003 servers that I already have online, they need
only
SP1 to be up to standards.  R2 Disk 2 seems like the NT4 Option Pack,
not another OS release or kernel, but another set of features on a
separate disk.  Correct me if I am wrong.


Nathaniel Bahta
GD-NS
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete
your copy from your system. You must not copy, distribute or take any
further action in reliance on it. Email is not a secure method of
communication and Nomura International plc ('NIplc') will not, to the
extent permitted by law, accept responsibility or liability for (a) the
accuracy or completeness of, or (b) the presence of any virus, worm or
similar malicious or disabling code in, this message or any
attachment(s) to it. If verification of this email is sought then please
request a hard copy. Un

Re: [ActiveDir] issue with R2 upgrade; SFU confusion?

[Kevin Gent]

Services for Unix ?

- Original Message - 
From: "Salandra, Justin A." <[EMAIL PROTECTED]>

To: 
Sent: Friday, February 17, 2006 2:24 PM
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?


What is the SFU Tools?

Justin A. Salandra
MCSE Windows 2000 & 2003
Network and Technology Services Manager
Catholic Healthcare System
646.505.3681 - office
917.455.0110 - cell
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Friday, February 17, 2006 2:18 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Our MS TAM has indicated this is a known bug!  I will keep the group
posted as I learn more details.

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Friday, February 17, 2006 10:52 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

As an update to this thread, we transferred the Schema Master role back
to other DC that has the SFU tools installed originally thinking this
might get the R2 schema update to work.  Wrong!  It fails with the same
error.  I can only imagine we do not have that unique an environment in
our testbed and expect others to have the same experience.  Luckily, we
never put SFU 3.5 on our production systems.  


We are going to open up a trouble ticket with Microsoft regarding this
issue.  I would like to hear of others' experiences (success or failure)
when trying to install R2 in an environment where SFU 3.5 had been
installed.  Thanks!

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Thursday, February 16, 2006 9:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Guido,
  Thanks for the response!  This server is Windows 2003/SP1 with all
but the current month's patches.  It is the current FSMO role holder.  I
did some checking this morning and find the SFU 3.5 tools on another DC
that could have been the FSMO role holder at the time the SFU schema
changes were made.  I don't see why that would make any difference, do
you?

-mike

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Thursday, February 16, 2006 3:00 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Mike - I see you're upgrading from Win2000 AD. Are your sure that you've
previously installed SFU 3.5 or was it maybe SFU 2.0 ?

The reason I'm asking is that there's a known schema incompatibility
with SFU 2.0:
check out http://support.microsoft.com/?id=293783 "Cannot Upgrade
Windows 2000 Server to Windows Server 2003 with Windows Services for
UNIX 2.0 Installed"

CAUSE
The upgrade may not work because the attributeSchema 'uid' that is used
by Windows 2000 Server for the NIS schema is not compatible with the one
that is used by Windows Server 2003. 


As such your error is likely independent from the changes in the R2
schema - it's actually an incompatibility in the Win2003 base schema
(not that this really matters for you; I just want to clarify that the
error should be unrelated to R2). As such it's different from Aric's
case, who was performing an upgrade from a Win2003 schema to Win2003
R2...


/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Donnerstag, 16. Februar 2006 02:53
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Aric,
   No, there were a lot more errors - all seem to be related to SFU
attributes.  I only copied a small portion to my posting to save
bandwidth.  Painful = time = headaches  8-(  I was expecting this
upgrade to be a "walk in the park".

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: Wednesday, February 15, 2006 7:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Are these the only two errors you received?

I encountered similar errors during beta testing when I implemented R2
in an existing forest - but a lot more than just 2. :)  I created a
secondary forest and validated that it did not recur.  Note that I also
had SFU installed in the original forest and the new secondary forest.

I was able to clean up the schema in the existing forest exhibiting the
errors but it was a fairly painful process of what seemed to be a goose
chase.  The tasks included disabling objects attributes in the schema
and renaming them amongst other things.

Fortunately I have not heard of this happening in production...yet.

So can these errors be ignored?  If I remember correctly ADPrep is
actually failing and therefore NO you cannot ignore these err

Re: [ActiveDir] Group Membership

[mike kline]

You can use the dsget command
 
dsget user UserDN - memberof
 
You can get more info on the command here
 
http://technet2.microsoft.com/WindowsServer/en/Library/96a4a5ee-ee72-44d5-845f-71b2de33d4411033.mspx
 
On 2/17/06, Harding, Devon <[EMAIL PROTECTED]> wrote:


What's the quickest way to export a users' group membership?
 
Devon
 Harding
Windows Systems Engineer
Southern Wine & Spirits - BSG
954-602-2469
 




__This message and any attachments are solely for the intendedrecipient and may contain confidential or privileged information.If you are not the intended recipient, any disclosure, copying, use
or distribution of the information included in the message and anyattachments is prohibited. If you have received this communicationin error, please notify us by reply e-mail and immediately andpermanently delete this message and any attachments. Thank You.

Re: [ActiveDir] Group Membership

[Phil Renouf]

The dstools or adfind:
 
dsquery user ou=MyOU,dc=domain,dc=com -samid Username | dsget user -memberof
 
You might want to make sure that you run the commands against a GC.
 
Phil 
On 2/17/06, Harding, Devon <[EMAIL PROTECTED]> wrote:


What's the quickest way to export a users' group membership?
 
Devon
 Harding
Windows Systems Engineer
Southern Wine & Spirits - BSG
954-602-2469
 




__This message and any attachments are solely for the intendedrecipient and may contain confidential or privileged information.If you are not the intended recipient, any disclosure, copying, use
or distribution of the information included in the message and anyattachments is prohibited. If you have received this communicationin error, please notify us by reply e-mail and immediately andpermanently delete this message and any attachments. Thank You.

RE: [ActiveDir] Group Membership

[Brian Desmond]

Like one 
user?
 
adfind -f 
"(&(objectCategory=person)(objectClass=user)(samAccountName=Bob))" -default 
member
 
Thanks,Brian Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 
 

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Harding, 
  DevonSent: Friday, February 17, 2006 2:52 PMTo: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] Group 
  Membership
  
  
  What’s the quickest way to export 
  a users’ group membership?
   
  Devon 
  Harding
  Windows Systems 
  Engineer
  Southern Wine & 
  Spirits - BSG
  954-602-2469
   
  
  

  
  __This message and any 
  attachments are solely for the intendedrecipient and may contain 
  confidential or privileged information.If you are not the intended 
  recipient, any disclosure, copying, useor distribution of the information 
  included in the message and anyattachments is prohibited. If you have 
  received this communicationin error, please notify us by reply e-mail and 
  immediately andpermanently delete this message and any attachments. Thank 
  You.

RE: [ActiveDir] Group Membership

[Almeida Pinto, Jorge de]

how about querying for the memberof 
attribute
 
if I remember correctly Joe has a tool called 
memberof.exe
 
jorge

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Harding, 
  DevonSent: Friday, February 17, 2006 20:52To: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] Group 
  Membership
  
  
  What’s the quickest way to export 
  a users’ group membership?
   
  Devon 
  Harding
  Windows Systems 
  Engineer
  Southern Wine & 
  Spirits - BSG
  954-602-2469
   
  
  

  
  __This message and any 
  attachments are solely for the intendedrecipient and may contain 
  confidential or privileged information.If you are not the intended 
  recipient, any disclosure, copying, useor distribution of the information 
  included in the message and anyattachments is prohibited. If you have 
  received this communicationin error, please notify us by reply e-mail and 
  immediately andpermanently delete this message and any attachments. Thank 
  You.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

RE: [ActiveDir] R2 and W2K3 SP1

[Bahta, Nathaniel V Contractor NASIC/SCNA]

Yeah there is plenty of info Al, but there are no definite answers.  There are 
plenty of assumptions to make, but in no way does Microsoft say that R2 is the 
same as SP1, they say it is based on SP1, except the additional components CD's 
that are included with it.  I mean, I know they are somehow different because 
if you start the R2 setup from R2 disk 1 (windows 2003 sp1), and then upon your 
first login it starts to load R2 disk 2.  Microsoft does not declare the 
differences between windows 2003 sp1 and windows 2003 r2 disk 1.  It seems that 
R2 is no more than a couple feature disks, no kernel changes from R2 to SP1.   

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alexander Suhovey
Sent: Friday, February 17, 2006 2:47 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

All the answers are there on official R2 web site. microsoft.com is full of 
info on what's, why's, where's about R2.
http://www.microsoft.com/windowsserver2003/default.mspx

F.e.:
http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx
http://technet2.microsoft.com/WindowsServer/en/Library/f9d70026-ae8b-4969-87
55-1ea1edc4e38e1033.mspx

--Al

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, 
> Justin A.
> Sent: Friday, February 17, 2006 10:26 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] R2 and W2K3 SP1
> 
> So Windows 2003 R2 is nothing more then Windows 2003 SP1???  
> Then why release R2 at all?
> 
> Justin A. Salandra
> MCSE Windows 2000 & 2003
> Network and Technology Services Manager Catholic Healthcare System
> 646.505.3681 - office
> 917.455.0110 - cell
> [EMAIL PROTECTED]
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> [EMAIL PROTECTED]
> Sent: Friday, February 17, 2006 10:45 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] R2 and W2K3 SP1
> 
> R2 CD1 == w2k3 SP1.
> R2 CD2 == addon components.
> 
> Does that help?
> neil
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, 
> Nathaniel V Contractor NASIC/SCNA
> Sent: 17 February 2006 15:34
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] R2 and W2K3 SP1
> 
> Hey list,
> 
> Do you guys/gals know whether it is true that R2 disk 1 is the same as 
> Windows 2003 SP1?  I loaded the first disk and it loads exactly and 
> looks exactly like Windows 2003 SP1, except when the license agreement 
> screen comes up, it lists the OS as 2003 R2.  In the R2 FAQ page on 
> the Microsoft site, it says that you do not need to upgrade your 2003 
> servers to R2, you need to only upgrade them to SP1 
> http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx.  Is there 
> not a distinct difference in the Kernel of R2 and the Kernel of 2003 
> SP1?
> If not, then for the 2003 servers that I already have online, they 
> need only SP1 to be up to standards.  R2 Disk 2 seems like the NT4 
> Option Pack, not another OS release or kernel, but another set of 
> features on a separate disk.  Correct me if I am wrong.
> 
> 
> Nathaniel Bahta
> GD-NS
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> 
> 
> PLEASE READ: The information contained in this email is confidential 
> and intended for the named recipient(s) only. If you are not an 
> intended recipient of this email please notify the sender immediately 
> and delete your copy from your system.
> You must not copy, distribute or take any further action in reliance 
> on it. Email is not a secure method of communication and Nomura 
> International plc ('NIplc') will not, to the extent permitted by law, 
> accept responsibility or liability for (a) the accuracy or 
> completeness of, or (b) the presence of any virus, worm or similar 
> malicious or disabling code in, this message or any attachment(s) to 
> it. If verification of this email is sought then please request a hard 
> copy. Unless otherwise stated this email: (1) is not, and should not 
> be treated or relied upon as, investment research; (2) contains views 
> or opinions that are solely those of the author and do not necessarily 
> represent those of NIplc; (3) is intended for informational purposes 
> only and is not a recommendation, solicitation or offer to buy or sell 
> securities or related financial instruments.  NIplc does not provide 
> investment services to private customers.  Authorised and regulated by 
> the Financial Services Authority.  Registered in England no.
> 1550505 VAT No. 447 2492 35.  Registered Office: 1 St 
> Martin's-le-Grand, London, EC1A 4NP.  A member of the Nomura group of 
> companies.
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/

Re: [ActiveDir] R2 and W2K3 SP1

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

No it's an additional feature pack that goes on top of SP1...and lets' 
face itit's for Software assurance folks...they had to do something 
to keep us SA folks happy.


Here's what you get in the R2 era that we wanted on our SBS boxes and 
don't get.


DFS improvments (major major one here in my book)

Disk folder restrictions... you don't want your MP3s stuck in that 
folder?  No prob.  Block 'em.


http://www.microsoft.com/windowsserver2003/default.mspx
http://www.microsoft.com/windowsserver2003/evaluation/features/comparefeatures.mspx

Guys at least you get these bits on your servers.

R2 isn't just Windows 2003.  But it's a smorgy pack of options to put on 
top of SP1.


Salandra, Justin A. wrote:


So Windows 2003 R2 is nothing more then Windows 2003 SP1???  Then why
release R2 at all?

Justin A. Salandra
MCSE Windows 2000 & 2003
Network and Technology Services Manager
Catholic Healthcare System
646.505.3681 - office
917.455.0110 - cell
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, February 17, 2006 10:45 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

R2 CD1 == w2k3 SP1.
R2 CD2 == addon components.

Does that help?
neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V Contractor NASIC/SCNA
Sent: 17 February 2006 15:34
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] R2 and W2K3 SP1

Hey list,

Do you guys/gals know whether it is true that R2 disk 1 is the same as
Windows 2003 SP1?  I loaded the first disk and it loads exactly and
looks exactly like Windows 2003 SP1, except when the license agreement
screen comes up, it lists the OS as 2003 R2.  In the R2 FAQ page on the
Microsoft site, it says that you do not need to upgrade your 2003
servers to R2, you need to only upgrade them to SP1
http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx.  Is there not
a distinct difference in the Kernel of R2 and the Kernel of 2003 SP1?
If not, then for the 2003 servers that I already have online, they need
only SP1 to be up to standards.  R2 Disk 2 seems like the NT4 Option
Pack, not another OS release or kernel, but another set of features on a
separate disk.  Correct me if I am wrong.


Nathaniel Bahta
GD-NS
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete
your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication
and
Nomura International plc ('NIplc') will not, to the extent permitted by
law,
accept responsibility or liability for (a) the accuracy or completeness
of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of
this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely
those of
the author and do not necessarily represent those of NIplc; (3) is
intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial instruments.  NIplc
does not provide investment services to private customers.  Authorised
and
regulated by the Financial Services Authority.  Registered in England
no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St
Martin's-le-Grand,
London, EC1A 4NP.  A member of the Nomura group of companies.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 



--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] R2 and W2K3 SP1

[Brian Desmond]

To keep those who bought SA on their 2003 purchase happy. 

Thanks,
Brian Desmond
[EMAIL PROTECTED]
 
c - 312.731.3132
 
 
 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Salandra, Justin A.
> Sent: Friday, February 17, 2006 2:26 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] R2 and W2K3 SP1
> 
> So Windows 2003 R2 is nothing more then Windows 2003 SP1???  
> Then why release R2 at all?
> 
> Justin A. Salandra
> MCSE Windows 2000 & 2003
> Network and Technology Services Manager
> Catholic Healthcare System
> 646.505.3681 - office
> 917.455.0110 - cell
> [EMAIL PROTECTED]
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> [EMAIL PROTECTED]
> Sent: Friday, February 17, 2006 10:45 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] R2 and W2K3 SP1
> 
> R2 CD1 == w2k3 SP1.
> R2 CD2 == addon components.
> 
> Does that help?
> neil
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Bahta, Nathaniel V Contractor NASIC/SCNA
> Sent: 17 February 2006 15:34
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] R2 and W2K3 SP1
> 
> Hey list,
> 
> Do you guys/gals know whether it is true that R2 disk 1 is 
> the same as Windows 2003 SP1?  I loaded the first disk and it 
> loads exactly and looks exactly like Windows 2003 SP1, except 
> when the license agreement screen comes up, it lists the OS 
> as 2003 R2.  In the R2 FAQ page on the Microsoft site, it 
> says that you do not need to upgrade your 2003 servers to R2, 
> you need to only upgrade them to SP1 
> http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx.  Is 
> there not a distinct difference in the Kernel of R2 and the 
> Kernel of 2003 SP1?
> If not, then for the 2003 servers that I already have online, 
> they need only SP1 to be up to standards.  R2 Disk 2 seems 
> like the NT4 Option Pack, not another OS release or kernel, 
> but another set of features on a separate disk.  Correct me 
> if I am wrong.
> 
> 
> Nathaniel Bahta
> GD-NS
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> 
> 
> PLEASE READ: The information contained in this email is 
> confidential and intended for the named recipient(s) only. If 
> you are not an intended recipient of this email please notify 
> the sender immediately and delete your copy from your system. 
> You must not copy, distribute or take any further action in 
> reliance on it. Email is not a secure method of communication 
> and Nomura International plc ('NIplc') will not, to the 
> extent permitted by law, accept responsibility or liability 
> for (a) the accuracy or completeness of, or (b) the presence 
> of any virus, worm or similar malicious or disabling code in, 
> this message or any attachment(s) to it. If verification of 
> this email is sought then please request a hard copy. Unless 
> otherwise stated this email: (1) is not, and should not be 
> treated or relied upon as, investment research; (2) contains 
> views or opinions that are solely those of the author and do 
> not necessarily represent those of NIplc; (3) is intended for 
> informational purposes only and is not a recommendation, 
> solicitation or offer to buy or sell securities or related 
> financial instruments.  NIplc does not provide investment 
> services to private customers.  Authorised and regulated by 
> the Financial Services Authority.  Registered in England no. 
> 1550505 VAT No. 447 2492 35.  Registered Office: 1 St 
> Martin's-le-Grand, London, EC1A 4NP.  A member of the Nomura 
> group of companies.
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Group Membership

[Harding, Devon]

What’s the quickest way to export a users’ group
membership?

 

Devon Harding

Windows Systems Engineer

Southern Wine & Spirits
- BSG

954-602-2469

 










__
This message and any attachments are solely for the intended
recipient and may contain confidential or privileged information.
If you are not the intended recipient, any disclosure, copying, use
or distribution of the information included in the message and any
attachments is prohibited.  If you have received this communication
in error, please notify us by reply e-mail and immediately and
permanently delete this message and any attachments.  Thank You.

RE: [ActiveDir] R2 and W2K3 SP1

[joe]

A couple of reasons

1. As people keep buying the product they will buy the SP1 version of it
which has significant updates for security, etc. Best to get the old stuff
out of the channels.

2. Gets several feature packs out there with the media so people 
a. Know about it at all, lots of folks don't know about the RTW
stuff
b. Feel that it is fully supported (this was an issue with
acceptance of ADAM)

Even if you don't want any of the feature packs, you want R2 or at least
ADAM SP1 for the AD Tool updates. This and more is discussed in the book in
the signature below[1]. ;o)

Don't upgrade to R2 because you think it is a new OS. Upgrade if you need
the feature packs (or tools as mentioned above). I do recommend slapping the
schema in when you can, at some point, you will most likely need to apply it
so this gives you good head start for getting it in there if you don't need
it right away.


   joe 

[1] BTW, anyone who has had a chance to go through the book I wouldn't mind
hearing reviews (or better reading them on Amazon) and/or thoughts on it. I
am getting very positive feedback so far on the updates and folks are really
enjoying it. Worst comment is that ADAM deserves more room and I completely
agree, ADAM is a book unto itself that I am making up notes on now for
including a whole section on Microsoft dorking with the name. If you know an
MS Marketing person, please kick them in the knee for me. Tell them they can
respond to me at my email address. ADAM was a great name, you could say,
this is a case for ADAM madam! Oh no, now you have to say something stupid
like we need MSADLDS or ADLDS or even LDS. At least they could have
something fun and called it Lightweight Service Directory. ADLDS and LDS are
not fun. ADAM is fun. Microsoft, stop being a stick in the mud you boobs.
Ah, back to work. Maybe post more over the weekend but probably not, too
busy.


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Friday, February 17, 2006 2:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

So Windows 2003 R2 is nothing more then Windows 2003 SP1???  Then why
release R2 at all?

Justin A. Salandra
MCSE Windows 2000 & 2003
Network and Technology Services Manager
Catholic Healthcare System
646.505.3681 - office
917.455.0110 - cell
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, February 17, 2006 10:45 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

R2 CD1 == w2k3 SP1.
R2 CD2 == addon components.

Does that help?
neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V
Contractor NASIC/SCNA
Sent: 17 February 2006 15:34
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] R2 and W2K3 SP1

Hey list,

Do you guys/gals know whether it is true that R2 disk 1 is the same as
Windows 2003 SP1?  I loaded the first disk and it loads exactly and looks
exactly like Windows 2003 SP1, except when the license agreement screen
comes up, it lists the OS as 2003 R2.  In the R2 FAQ page on the Microsoft
site, it says that you do not need to upgrade your 2003 servers to R2, you
need to only upgrade them to SP1
http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx.  Is there not a
distinct difference in the Kernel of R2 and the Kernel of 2003 SP1?
If not, then for the 2003 servers that I already have online, they need only
SP1 to be up to standards.  R2 Disk 2 seems like the NT4 Option Pack, not
another OS release or kernel, but another set of features on a separate
disk.  Correct me if I am wrong.


Nathaniel Bahta
GD-NS
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informationa

RE: [ActiveDir] R2 and W2K3 SP1

[Alexander Suhovey]

All the answers are there on official R2 web site. microsoft.com is full of
info on what's, why's, where's about R2.
http://www.microsoft.com/windowsserver2003/default.mspx

F.e.:
http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx  
http://technet2.microsoft.com/WindowsServer/en/Library/f9d70026-ae8b-4969-87
55-1ea1edc4e38e1033.mspx

--Al

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Salandra, Justin A.
> Sent: Friday, February 17, 2006 10:26 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] R2 and W2K3 SP1
> 
> So Windows 2003 R2 is nothing more then Windows 2003 SP1???  
> Then why release R2 at all?
> 
> Justin A. Salandra
> MCSE Windows 2000 & 2003
> Network and Technology Services Manager
> Catholic Healthcare System
> 646.505.3681 - office
> 917.455.0110 - cell
> [EMAIL PROTECTED]
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> [EMAIL PROTECTED]
> Sent: Friday, February 17, 2006 10:45 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] R2 and W2K3 SP1
> 
> R2 CD1 == w2k3 SP1.
> R2 CD2 == addon components.
> 
> Does that help?
> neil
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Bahta, Nathaniel V Contractor NASIC/SCNA
> Sent: 17 February 2006 15:34
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] R2 and W2K3 SP1
> 
> Hey list,
> 
> Do you guys/gals know whether it is true that R2 disk 1 is 
> the same as Windows 2003 SP1?  I loaded the first disk and it 
> loads exactly and looks exactly like Windows 2003 SP1, except 
> when the license agreement screen comes up, it lists the OS 
> as 2003 R2.  In the R2 FAQ page on the Microsoft site, it 
> says that you do not need to upgrade your 2003 servers to R2, 
> you need to only upgrade them to SP1 
> http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx.  Is 
> there not a distinct difference in the Kernel of R2 and the 
> Kernel of 2003 SP1?
> If not, then for the 2003 servers that I already have online, 
> they need only SP1 to be up to standards.  R2 Disk 2 seems 
> like the NT4 Option Pack, not another OS release or kernel, 
> but another set of features on a separate disk.  Correct me 
> if I am wrong.
> 
> 
> Nathaniel Bahta
> GD-NS
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> 
> 
> PLEASE READ: The information contained in this email is 
> confidential and intended for the named recipient(s) only. If 
> you are not an intended recipient of this email please notify 
> the sender immediately and delete your copy from your system. 
> You must not copy, distribute or take any further action in 
> reliance on it. Email is not a secure method of communication 
> and Nomura International plc ('NIplc') will not, to the 
> extent permitted by law, accept responsibility or liability 
> for (a) the accuracy or completeness of, or (b) the presence 
> of any virus, worm or similar malicious or disabling code in, 
> this message or any attachment(s) to it. If verification of 
> this email is sought then please request a hard copy. Unless 
> otherwise stated this email: (1) is not, and should not be 
> treated or relied upon as, investment research; (2) contains 
> views or opinions that are solely those of the author and do 
> not necessarily represent those of NIplc; (3) is intended for 
> informational purposes only and is not a recommendation, 
> solicitation or offer to buy or sell securities or related 
> financial instruments.  NIplc does not provide investment 
> services to private customers.  Authorised and regulated by 
> the Financial Services Authority.  Registered in England no. 
> 1550505 VAT No. 447 2492 35.  Registered Office: 1 St 
> Martin's-le-Grand, London, EC1A 4NP.  A member of the Nomura 
> group of companies.
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Computer Policies based on User Logon?

[Umer Y]

Alan, I did look in the user configuration, and most of the settings
are available there as well.

Thanks for the help. :)

On 2/16/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Joni,
>
> As you said, when the machine boots it gets the machine policy applied, and
> you want to back it out when the User logs on, which is pretty much a tall
> idea! I have never heard of such a function and to be honest would think it
> to be "impossible", unless of course the machine could predict who was going
> to logon... :-).
>
> The closest I could think of doing it would be to fudge it. That is
> (somehow) stop the machine policy applying at Machine boot up, then getting
> the user to run the Machine policy via GPUPDATE target:machine when they
> logon. Of course you then only have the option of not running the machine
> policy when the Admin user logs on, which is different to "undoing the
> policy settings that the previous user applied to the machine"
>
> Can I ask why you would want to do this? You mention the case of  "disable
> adding tasks to task scheduler". I don't specifically know this policy, but
> where is it and I would have guessed Microsoft would have given you an
> equivalent User based policy to achieve what you want. One way that you may
> be able to achieve what you want (just in this case) would be for the admin
> to run a script at logon to delete the machine registry key that was created
> by the machine policy. Of course it will come back when the machine policy
> runs again.
>
> Alan Cuthbertson
>
>
>  Policy Management Software:-
> http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
> ADM Template Editor:-
> http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
> Policy Log Reporter(Free)
> http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
>
>
>
> - Original Message -
> From: "Umer Y." <[EMAIL PROTECTED]>
> To: 
> Sent: Saturday, February 11, 2006 1:55 PM
> Subject: RE: [ActiveDir] Computer Policies based on User Logon?
>
>
> > If it was user policies, then it wouldn't be a problem. But these are
> > settings in computer configuration which applies before the user logs on,
> > but instead I need them to apply based on the user who logs on.
> >
> > Hope that simplifies my question.
> >
> >
> >
> > ... you don't know what you've got 'till it's gone..
> >
> > - Joni Mitchell
> >
> >
> > From: <[EMAIL PROTECTED]>
> > Reply-To: ActiveDir@mail.activedir.org
> > To: 
> > Subject: RE: [ActiveDir] Computer Policies based on User Logon?
> > Date: Fri, 10 Feb 2006 18:27:57 -0800
> >
> > define your policies in the "User Configuration" and deny this user access
> > to
> > the policies.
> >
> >
> > Sincerely,
> >
> > Dèjì Akómöláfé, MCSE+M MCSA+M MCT
> > Microsoft MVP - Directory Services
> > www.readymaids.com - we know IT
> > www.akomolafe.com
> > Do you now realize that Today is the Tomorrow you were worried about
> > Yesterday?  -anon
> >
> > 
> >
> > From: [EMAIL PROTECTED] on behalf of Umer Y.
> > Sent: Fri 2/10/2006 6:21 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: RE: [ActiveDir] Computer Policies based on User Logon?
> >
> >
> >
> > Thanks for responding Nuo. Loopback policy will merge/replace the logging
> > on
> > user's "User Configuration" with its "User Configuration".
> >
> > That is the opposite of what I am trying to achieve here. Is there way to
> > apply the logging on user's "Computer Configuration" over machines
> > "Computer
> > Configuration" perhaps?
> >
> >
> >
> >
> > ... you don't know what you've got 'till it's gone..
> >
> > - Joni Mitchell
> >
> >
> > From: "Nuo Yan" <[EMAIL PROTECTED]>
> > Reply-To: ActiveDir@mail.activedir.org
> > To: 
> > Subject: RE: [ActiveDir] Computer Policies based on User Logon?
> > Date: Fri, 10 Feb 2006 17:18:54 -0800
> >
> > You may want to change the policy processing preferences so that you need
> > the "User Group Policy loopback processing mode" policy configured.
> >
> > You can find this policy under Computer Configuration\Administrative
> > Templates\System\Group Policy folder.
> >
> > There will be two options: Replace and Merge.
> >
> > Replace - The user settings in the computer's GPOs replace the user
> > settings
> > applied to the user.
> >
> > Merge - combine the user settings in computer's GPOs and User's GPOs. If
> > conflict, user settings in computer's GPOs take preference.
> >
> > Hope this helps.
> >
> > You should also consider changing the design of your Group Policy
> > infrastructure. You may want to take advantage of the flexibility of User
> > Configurations and Computer Configurations. You may design your GPOs to
> > fit
> > your requirements.
> >
> > Nuo Yan - MS MVP
> > University of Washington
> > http://msmvps.com/nuoyan
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Umer Y.
> > Sent: Friday, February 10, 2006 4:25 PM
> > To: ActiveDir@mail.activedir.o

RE: [ActiveDir] R2 and W2K3 SP1

[Derek Harris]

To give all of us who paid for Software Assurance a warm fuzzy.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Friday, February 17, 2006 12:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

So Windows 2003 R2 is nothing more then Windows 2003 SP1???  Then why
release R2 at all?

Justin A. Salandra
MCSE Windows 2000 & 2003
Network and Technology Services Manager
Catholic Healthcare System
646.505.3681 - office
917.455.0110 - cell
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, February 17, 2006 10:45 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

R2 CD1 == w2k3 SP1.
R2 CD2 == addon components.

Does that help?
neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V Contractor NASIC/SCNA
Sent: 17 February 2006 15:34
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] R2 and W2K3 SP1

Hey list,

Do you guys/gals know whether it is true that R2 disk 1 is the same as
Windows 2003 SP1?  I loaded the first disk and it loads exactly and
looks exactly like Windows 2003 SP1, except when the license agreement
screen comes up, it lists the OS as 2003 R2.  In the R2 FAQ page on the
Microsoft site, it says that you do not need to upgrade your 2003
servers to R2, you need to only upgrade them to SP1
http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx.  Is there not
a distinct difference in the Kernel of R2 and the Kernel of 2003 SP1?
If not, then for the 2003 servers that I already have online, they need
only SP1 to be up to standards.  R2 Disk 2 seems like the NT4 Option
Pack, not another OS release or kernel, but another set of features on a
separate disk.  Correct me if I am wrong.


Nathaniel Bahta
GD-NS
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete
your copy from your system. You must not copy, distribute or take any
further action in reliance on it. Email is not a secure method of
communication and Nomura International plc ('NIplc') will not, to the
extent permitted by law, accept responsibility or liability for (a) the
accuracy or completeness of, or (b) the presence of any virus, worm or
similar malicious or disabling code in, this message or any
attachment(s) to it. If verification of this email is sought then please
request a hard copy. Unless otherwise stated this email: (1) is not, and
should not be treated or relied upon as, investment research; (2)
contains views or opinions that are solely those of the author and do
not necessarily represent those of NIplc; (3) is intended for
informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments.  NIplc
does not provide investment services to private customers.  Authorised
and regulated by the Financial Services Authority.  Registered in
England no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St
Martin's-le-Grand, London, EC1A 4NP.  A member of the Nomura group of
companies.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

[Derek Harris]

Services for UNIX 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Friday, February 17, 2006 12:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

What is the SFU Tools?

Justin A. Salandra
MCSE Windows 2000 & 2003
Network and Technology Services Manager
Catholic Healthcare System
646.505.3681 - office
917.455.0110 - cell
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Friday, February 17, 2006 2:18 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Our MS TAM has indicated this is a known bug!  I will keep the group
posted as I learn more details.

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Friday, February 17, 2006 10:52 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

As an update to this thread, we transferred the Schema Master role back
to other DC that has the SFU tools installed originally thinking this
might get the R2 schema update to work.  Wrong!  It fails with the same
error.  I can only imagine we do not have that unique an environment in
our testbed and expect others to have the same experience.  Luckily, we
never put SFU 3.5 on our production systems.  

We are going to open up a trouble ticket with Microsoft regarding this
issue.  I would like to hear of others' experiences (success or failure)
when trying to install R2 in an environment where SFU 3.5 had been
installed.  Thanks!

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Thursday, February 16, 2006 9:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Guido,
   Thanks for the response!  This server is Windows 2003/SP1 with all
but the current month's patches.  It is the current FSMO role holder.  I
did some checking this morning and find the SFU 3.5 tools on another DC
that could have been the FSMO role holder at the time the SFU schema
changes were made.  I don't see why that would make any difference, do
you?

-mike

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Thursday, February 16, 2006 3:00 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Mike - I see you're upgrading from Win2000 AD. Are your sure that you've
previously installed SFU 3.5 or was it maybe SFU 2.0 ?

The reason I'm asking is that there's a known schema incompatibility
with SFU 2.0:
check out http://support.microsoft.com/?id=293783 "Cannot Upgrade
Windows 2000 Server to Windows Server 2003 with Windows Services for
UNIX 2.0 Installed"

CAUSE
The upgrade may not work because the attributeSchema 'uid' that is used
by Windows 2000 Server for the NIS schema is not compatible with the one
that is used by Windows Server 2003. 

As such your error is likely independent from the changes in the R2
schema - it's actually an incompatibility in the Win2003 base schema
(not that this really matters for you; I just want to clarify that the
error should be unrelated to R2). As such it's different from Aric's
case, who was performing an upgrade from a Win2003 schema to Win2003
R2...


/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Donnerstag, 16. Februar 2006 02:53
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Aric,
No, there were a lot more errors - all seem to be related to SFU
attributes.  I only copied a small portion to my posting to save
bandwidth.  Painful = time = headaches  8-(  I was expecting this
upgrade to be a "walk in the park".

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: Wednesday, February 15, 2006 7:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Are these the only two errors you received?

I encountered similar errors during beta testing when I implemented R2
in an existing forest - but a lot more than just 2. :)  I created a
secondary forest and validated that it did not recur.  Note that I also
had SFU installed in the original forest and the new secondary forest.

I was able to clean up the schema in the existing forest exhibiting the
errors but it was a fairly painful process of what seemed to be a goose
chase.  The tasks included disabling objects attributes in the schema
and renaming them amongst other things.

Fortunately I have not heard of this happening in production...yet.

So can these errors be ignored?  If I remember correctly ADPrep is
actu

RE: [ActiveDir] R2 and W2K3 SP1

[Salandra, Justin A.]

So Windows 2003 R2 is nothing more then Windows 2003 SP1???  Then why
release R2 at all?

Justin A. Salandra
MCSE Windows 2000 & 2003
Network and Technology Services Manager
Catholic Healthcare System
646.505.3681 - office
917.455.0110 - cell
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, February 17, 2006 10:45 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 and W2K3 SP1

R2 CD1 == w2k3 SP1.
R2 CD2 == addon components.

Does that help?
neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V Contractor NASIC/SCNA
Sent: 17 February 2006 15:34
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] R2 and W2K3 SP1

Hey list,

Do you guys/gals know whether it is true that R2 disk 1 is the same as
Windows 2003 SP1?  I loaded the first disk and it loads exactly and
looks exactly like Windows 2003 SP1, except when the license agreement
screen comes up, it lists the OS as 2003 R2.  In the R2 FAQ page on the
Microsoft site, it says that you do not need to upgrade your 2003
servers to R2, you need to only upgrade them to SP1
http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx.  Is there not
a distinct difference in the Kernel of R2 and the Kernel of 2003 SP1?
If not, then for the 2003 servers that I already have online, they need
only SP1 to be up to standards.  R2 Disk 2 seems like the NT4 Option
Pack, not another OS release or kernel, but another set of features on a
separate disk.  Correct me if I am wrong.


Nathaniel Bahta
GD-NS
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete
your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication
and
Nomura International plc ('NIplc') will not, to the extent permitted by
law,
accept responsibility or liability for (a) the accuracy or completeness
of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of
this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely
those of
the author and do not necessarily represent those of NIplc; (3) is
intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial instruments.  NIplc
does not provide investment services to private customers.  Authorised
and
regulated by the Financial Services Authority.  Registered in England
no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St
Martin's-le-Grand,
London, EC1A 4NP.  A member of the Nomura group of companies.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

[Salandra, Justin A.]

What is the SFU Tools?

Justin A. Salandra
MCSE Windows 2000 & 2003
Network and Technology Services Manager
Catholic Healthcare System
646.505.3681 - office
917.455.0110 - cell
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Friday, February 17, 2006 2:18 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Our MS TAM has indicated this is a known bug!  I will keep the group
posted as I learn more details.

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Friday, February 17, 2006 10:52 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

As an update to this thread, we transferred the Schema Master role back
to other DC that has the SFU tools installed originally thinking this
might get the R2 schema update to work.  Wrong!  It fails with the same
error.  I can only imagine we do not have that unique an environment in
our testbed and expect others to have the same experience.  Luckily, we
never put SFU 3.5 on our production systems.  

We are going to open up a trouble ticket with Microsoft regarding this
issue.  I would like to hear of others' experiences (success or failure)
when trying to install R2 in an environment where SFU 3.5 had been
installed.  Thanks!

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Thursday, February 16, 2006 9:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Guido,
   Thanks for the response!  This server is Windows 2003/SP1 with all
but the current month's patches.  It is the current FSMO role holder.  I
did some checking this morning and find the SFU 3.5 tools on another DC
that could have been the FSMO role holder at the time the SFU schema
changes were made.  I don't see why that would make any difference, do
you?

-mike

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Thursday, February 16, 2006 3:00 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Mike - I see you're upgrading from Win2000 AD. Are your sure that you've
previously installed SFU 3.5 or was it maybe SFU 2.0 ?

The reason I'm asking is that there's a known schema incompatibility
with SFU 2.0:
check out http://support.microsoft.com/?id=293783 "Cannot Upgrade
Windows 2000 Server to Windows Server 2003 with Windows Services for
UNIX 2.0 Installed"

CAUSE
The upgrade may not work because the attributeSchema 'uid' that is used
by Windows 2000 Server for the NIS schema is not compatible with the one
that is used by Windows Server 2003. 

As such your error is likely independent from the changes in the R2
schema - it's actually an incompatibility in the Win2003 base schema
(not that this really matters for you; I just want to clarify that the
error should be unrelated to R2). As such it's different from Aric's
case, who was performing an upgrade from a Win2003 schema to Win2003
R2...


/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Donnerstag, 16. Februar 2006 02:53
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Aric,
No, there were a lot more errors - all seem to be related to SFU
attributes.  I only copied a small portion to my posting to save
bandwidth.  Painful = time = headaches  8-(  I was expecting this
upgrade to be a "walk in the park".

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: Wednesday, February 15, 2006 7:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Are these the only two errors you received?

I encountered similar errors during beta testing when I implemented R2
in an existing forest - but a lot more than just 2. :)  I created a
secondary forest and validated that it did not recur.  Note that I also
had SFU installed in the original forest and the new secondary forest.

I was able to clean up the schema in the existing forest exhibiting the
errors but it was a fairly painful process of what seemed to be a goose
chase.  The tasks included disabling objects attributes in the schema
and renaming them amongst other things.

Fortunately I have not heard of this happening in production...yet.

So can these errors be ignored?  If I remember correctly ADPrep is
actually failing and therefore NO you cannot ignore these errors since
ADPREP will nto occur until they are resolved.

Regards,

Aric

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Wednesday, February 1

RE: [ActiveDir] Hash-based Software Restriction Policy

[Alexander Suhovey]

> How large of an application base are you using 
> certificate-based policies with?
Well, for a reasons aready mentioned by Darren and Susan, I don't use SRP.
My point was just to point out what I think could be a barrier for
hash-based SRP as a global workstation lockdown mechanism. 

--Al

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Clay, Justin (ITS)
> Sent: Tuesday, February 14, 2006 10:42 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Hash-based Software Restriction Policy
> 
> 
> Alexander,
> 
> I have to agree that in all honestly I'll probably not be 
> able to use the HASH policy in the way that I'd like. You're 
> right that it'll likely just be too much administrative 
> overhead to hash new executables constantly - every month at 
> least just for MS patches.
> 
> Given your input and the more time I've thought about it, 
> certificate policies seem like a better fit. My only concern 
> would be some of the strange 3rd-party applications we have 
> (like the catalog software at the Public Libraries) which are 
> supported by very small vendors that might not spend the time 
> or money to sign their packages.
> 
> How large of an application base are you using 
> certificate-based policies with? Is it a basic install with 
> just Windows and Office? How do you get the certificates?
> 
> Thanks for your input!
> 
> -Justin
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Alexander Suhovey
> Sent: Tuesday, February 14, 2006 1:02 PM
> To: Alexander Suhovey
> Subject: RE: [ActiveDir] Hash-based Software Restriction Policy
> 
> 
> I wonder if this approach would work in modern hostile 
> environment where patches just keep coming. Don't you think 
> that locking down
> workstation(s)
> in this way will put a great deal of additional work to the 
> change management process? In case you don't have one you'll 
> really need it.
> You
> see, with every change (patches and updates for OS and 
> software) of binary base on your clients first you will need 
> to find out changed binaries, add new hashes (including those 
> of setup files)  to GPO, then wait for policy to propagate, 
> and only after that you can start making actual changes. And 
> this is all in addition to your usual QA process for changes. 
> Sounds like quite a lot of work to me.
> I'd use Certificate policies instead. MS as well as major sw 
> vendors usually sign executables. By using certificate 
> policies you achieve at least same level of security as with 
> hashes and  guess what - you don't need to maintain a huge 
> and ever growing list of hashes, just a few software signing 
> certificates you trust. As for executables that are not 
> signed, you can always use your own certificate trusted by 
> your clients.
> 
> Don't get me wrong, I'm not trying to say that hash-based 
> software restriction policy is evil, its beautiful. I'm just 
> curious if it is worthy and workable in real corp. 
> environments. Anyone?
> 
> --Al
> 
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] > 
> > [mailto:[EMAIL PROTECTED] On Behalf Of > Clay, 
> > Justin (ITS)
> > Sent: Monday, February 13, 2006 10:27 PM
> > To: activedir@mail.activedir.org
> > Subject: [ActiveDir] Hash-based Software Restriction Policy
> > > Hey All,
> > >  > > I was curious if any of you have set up hash-based 
> software > restriction policies. I'd like to set up a policy 
> to only > allow the executables that I've hashed to run, and 
> I'm hoping > that someone has a list of all of the base 
> executables I'll > need to hash just for WinXP to boot and 
> log in successfully. > Hopefully someone else has already 
> done the work, so that I > don't have to use trial and error 
> to figure out all the exe's > I need to hash.
> > >  > > Thanks,
> > >  > > Justin Clay
> > ITS Enterprise Services
> > Metropolitan Government of Nashville and Davidson County > Howard 
> > School Building
> > Phone: (615) 880-2573
> > >  > > > > ITS ENTERPRISE SERVICES EMAIL NOTICE The information 
> > > contained in this email and any attachments > is 
> confidential and may be subject to copyright or other > 
> intellectual property protection. If you are not the intended 
> > recipient, you are not authorized to use or disclose this > 
> information, and we request that you notify us by reply mail 
> > or telephone and delete the original message from your mail system.
> >  >
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> 
> 
> ITS ENTERPRISE SERVICES EMAIL NOTICE
> 
> The information contained in this email and any attachments 
> is confidential and may be subject to copyright or other 
> intellectual property protection. If you are not the intended 
> recipient, you are not authorized to use or disclose this 
> i

RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

[Thommes, Michael M.]

Our MS TAM has indicated this is a known bug!  I will keep the group
posted as I learn more details.

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Friday, February 17, 2006 10:52 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

As an update to this thread, we transferred the Schema Master role back
to other DC that has the SFU tools installed originally thinking this
might get the R2 schema update to work.  Wrong!  It fails with the same
error.  I can only imagine we do not have that unique an environment in
our testbed and expect others to have the same experience.  Luckily, we
never put SFU 3.5 on our production systems.  

We are going to open up a trouble ticket with Microsoft regarding this
issue.  I would like to hear of others' experiences (success or failure)
when trying to install R2 in an environment where SFU 3.5 had been
installed.  Thanks!

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Thursday, February 16, 2006 9:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Guido,
   Thanks for the response!  This server is Windows 2003/SP1 with all
but the current month's patches.  It is the current FSMO role holder.  I
did some checking this morning and find the SFU 3.5 tools on another DC
that could have been the FSMO role holder at the time the SFU schema
changes were made.  I don't see why that would make any difference, do
you?

-mike

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Thursday, February 16, 2006 3:00 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Mike - I see you're upgrading from Win2000 AD. Are your sure that you've
previously installed SFU 3.5 or was it maybe SFU 2.0 ?

The reason I'm asking is that there's a known schema incompatibility
with SFU 2.0:
check out http://support.microsoft.com/?id=293783 "Cannot Upgrade
Windows 2000 Server to Windows Server 2003 with Windows Services for
UNIX 2.0 Installed"

CAUSE
The upgrade may not work because the attributeSchema 'uid' that is used
by Windows 2000 Server for the NIS schema is not compatible with the one
that is used by Windows Server 2003. 

As such your error is likely independent from the changes in the R2
schema - it's actually an incompatibility in the Win2003 base schema
(not that this really matters for you; I just want to clarify that the
error should be unrelated to R2). As such it's different from Aric's
case, who was performing an upgrade from a Win2003 schema to Win2003
R2...


/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Donnerstag, 16. Februar 2006 02:53
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Aric,
No, there were a lot more errors - all seem to be related to SFU
attributes.  I only copied a small portion to my posting to save
bandwidth.  Painful = time = headaches  8-(  I was expecting this
upgrade to be a "walk in the park".

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: Wednesday, February 15, 2006 7:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Are these the only two errors you received?

I encountered similar errors during beta testing when I implemented R2
in an existing forest - but a lot more than just 2. :)  I created a
secondary forest and validated that it did not recur.  Note that I also
had SFU installed in the original forest and the new secondary forest.

I was able to clean up the schema in the existing forest exhibiting the
errors but it was a fairly painful process of what seemed to be a goose
chase.  The tasks included disabling objects attributes in the schema
and renaming them amongst other things.

Fortunately I have not heard of this happening in production...yet.

So can these errors be ignored?  If I remember correctly ADPrep is
actually failing and therefore NO you cannot ignore these errors since
ADPREP will nto occur until they are resolved.

Regards,

Aric

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Wednesday, February 15, 2006 5:22 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi,
We did a adprep /forestprep from the W2K3/SP1 R2 Disk 2 CD today on
our testbed FSMO DC.  It gave the following errors (only a portion shown
below) because, I am guessing, that we had already installed SFU 3.5 on
this forest some time ago.  Should I assume these errors can be ignored?
Has anybody else experienced this?  Thank

RE: [ActiveDir] Setting up Home Folder Gives User Full Access

[Derek Harris]

I'd like to have one that adds the perms back in the 
right order: the attached one is supposed to reorder them, but doesn't.  
The fix is simple but tedious -- open the security tab for each folder, and 
Explorer will reorder them correctly.  I modified this from one I found; 
anyone have a better one?
 
Derek


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Friday, February 17, 
2006 8:36 AMTo: ActiveDir@mail.activedir.orgSubject: 
[ActiveDir] Setting up Home Folder Gives User Full Access

We create a home 
folder for each of our users in ADUC by adding the server path to the Profile 
Tab. When we setup the home folder, ADUC by default grants the user "Full 
Control" to this folder, which we would like to stop. We would prefer that 
they have the ability to read-write, but not to modify the permissions. Two 
questions here:
 
1) How do we stop 
ADUC from automatically granting full access to the end user on their home 
folder?
2) We have about 
2000 home folders that have already been created with the incorrect permissions 
already setup. Is there a script or utility that can be used to remove the "Full 
Access" check box from the individual user accounts on the folders? (just for a 
bit of background, only the domain admins and the user have access to each home 
folder).
 
Any guidance would 
be much appreciated.
 
 
Bonnie 
Pohlschneider
On Error Resume Next

Dom = "Domain\"   'Enter your domain here
strFolder = "e:\users"   'Root for user dirs

Set objFSO = CreateObject("Scripting.FileSystemObject")
strFolder = objFSO.GetAbsolutePathName(strFolder)

Set objFolder = objFSO.GetFolder(strFolder)
Set colSubFolders = objFolder.SubFolders
For Each objSubFolder In colSubfolders
SubFolderName = objSubFolder.Name
FullPath = strFolder & "\" & SubFolderName
WScript.Echo FullPath
Action = "ADD(" & Dom & SubFolderName & ":F)+DEL(EVERYONE:R)"
EditACL FullPath,Action
Next


Function EditACL(filenm, permspart)
 ' Edit permissions on a single file or folder
 'Set fs=Wscript.CreateObject("Scripting.FileSystemObject")
 chkfile=objFSO.fileexists(filenm) ' make sure the file exists or wscript 
will crash
 
 If chkfile=true Then
  ChangeACLS filenm, permspart, "EDIT", "FILE"
 Else
  chkfolder=objFSO.folderexists(filenm) ' if its not a file, is it a 
folder ?
  If chkfolder=true Then
   ChangeACLS filenm, permspart, "EDIT", "FOLDER"
  End If
 End If
 
 Set fs=nothing
End Function

Function ReplaceACL(filenm, permspart)
'-- Replace ACL on single file or folder---
 'Set fs=Wscript.CreateObject("Scripting.FileSystemObject")
 chkfile=objFSO.fileexists(filenm) ' make sure file exists
 
 If chkfile=true Then
  ChangeACLS filenm, permspart, "REPLACE", "FILE"
 Else
  chkfolder=objFSO.folderexists(filenm) ' if its not a file, is it a 
folder?
  If chkfolder=true Then
   ChangeACLS filenm, permspart, "REPLACE", "FOLDER"
  End If
 End If
 
 Set fs=nothing
End Function

Function RecursiveEdit(rootfolder,permspart)
'--- Edit ACL's on rootfolder and all its subfolders and files
 Set fs=Wscript.CreateObject("Scripting.FileSystemObject")
 Set rfldr=objFSO.getfolder(rootfolder)
 ChangeACLS rfldr.path, permspart, "EDIT", "FOLDER" 'edit rootfolder first
 
 For Each file In rfldr.files
  'edit all files in root folder
  ChangeACLS rfldr.path & "\" & file.name, permspart, "EDIT", "FILE"
 Next
 
 For Each sfldr In rfldr.subfolders
  RecursiveEdit sfldr, permspart ' recurse through subfolders
 Next
 
 Set fs=nothing
 Set rfldr=nothing
End Function


Function RecursiveReplace(rootfolder,permspart)
'--Replace ACLS on rootfolder and all its subfolders and files 
 Set fs=Wscript.CreateObject("Scripting.FileSystemObject")
 Set rfldr=objFSO.getfolder(rootfolder)
 ChangeACLS rfldr.path, permspart, "REPLACE","FOLDER"
 
 For Each file In rfldr.files
  ChangeACLS rfldr.path & "\" & file.name, permspart,"REPLACE","FILE"
 Next
 
 For Each sfldr In rfldr.subfolders
  RecursiveReplace sfldr, permspart
 Next
 
 Set fs=nothing
 Set rfldr=nothing
End Function


Function ChangeACLS(FILE,PERMS,REDIT,FFOLDER)
'- Edit ACLS of specified file -
 Const ADS_ACETYPE_ACCESS_ALLOWED = 0
 Const ADS_ACETYPE_ACCESS_DENIED = 1
 Const ADS_ACEFLAG_INHERIT_ACE = 2
 Const ADS_ACEFLAG_SUB_NEW = 9
 
 Set sec = Wscript.CreateObject("ADsSecurity")
 Set sd = sec.GetSecurityDescriptor("FILE://" & FILE)
 Set dacl = sd.DiscretionaryAcl

 'if flagged Replace then remove all existing aces from dacl first
 If ucase(REDIT)="REPLACE" Then
  For Each existingAce In dacl
   dacl.removeace existingace
  Next
 End If
 
 'break up Perms into in

RE: [ActiveDir] HP Insight Manger Question

[Alexander Suhovey]

Well, I'm not an HP employee but... 
AFAIK sensors data such as temperature or fan speeds are not collected by
Data Collect jobs so they are not in SIM database. You can check that by
querying CIM_Sensors table in your Insight_ SQL database. Additional
information on this topic can also be found on HP ITRC forum. Try this
search:
http://www5.itrc.hp.com/service/james/search.do?todo=search&searchtext=insig
ht+manager+temperature&from=forums&origin=0&wpa=forums1.itrc.hp.com%3A80&sea
rchcategory=ALL&hpl=1&searchcriteria=allwords&rn=25&source=7000&presort=rank
&chkServStor=on&esc=support.itrc.hp.com&admit=552267591+1140186464652+283534
75

As far as reporting is concerned, can't say about previous versions but in
SIM 5.0 reports are quite customizable. You can have for example a report on
sensors for several servers. You will not have actual temps or rpms in this
report though, just a status.

--Al


> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Medeiros, Jose
> Sent: Friday, February 17, 2006 1:42 AM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] HP Insight Manger Question 
> 
> Greetings, 
> 
>  
> 
> I realize that this is off topic, however I need to put 
> together a report using Insight Manager and since we have 
> several HP employees on this list, I was wondering if Insight 
> Manger has the capability of just giving me a report listing 
> only the CPU temperature of each system that I am managing 
> rather then a full report?  
> 
>  
> 
> Sincerely,
> 
> Jose Medeiros
> Intel Corporation
> MCP+I, MCSE, NT4 MCT
> 408-765-0437 Direct
> 408-449-6621 Cell
> 
>  
> 
> 


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] OT Exchange 2003

[John Singler]

from a posting Michael B. Smith sent awhile ago:

The MSExchange.org list: [EMAIL PROTECTED] 



The Sunbelt Exchange list: exchangelist@lyris.sunbelt-software.com 



A Yahoo Exchange 2000 list: [EMAIL PROTECTED] 



A Yahoo Exchange 2003 list: [EMAIL PROTECTED] 



The Swynk list: exchange@intm-dl.sparklist.com


A MSN Exchange 2003 list: [EMAIL PROTECTED]



hth,

john


Todd Hofert wrote:

Can anyone recommend a good Exchange 2003 mailing list?
Todd Hofert
IT Director
Spartan Graphics, Inc. 





List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT Exchange 2003

[Kennedy, Jim]

Second one under Microsoft Internet 
Technology..
 
http://e-newsletters.internet.com/discussionlists.html/

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Todd 
  HofertSent: Friday, February 17, 2006 1:17 PMTo: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT Exchange 
  2003
  
  Can anyone 
  recommend a good Exchange 2003 mailing list?
  
  Todd HofertIT 
  DirectorSpartan Graphics, Inc. 
  This e-mail and any attachments may contain confidential and 
  privilegedinformation. If you are not the intended recipient, please 
  notify thesender immediately by return e-mail, delete this e-mail and 
  destroy anycopies. Any dissemination or use of this information by a 
  person otherthan the intended recipient is unauthorized and may be 
  illegal.

[ActiveDir] OT Exchange 2003

[Todd Hofert]

Can anyone 
recommend a good Exchange 2003 mailing list?

Todd HofertIT 
DirectorSpartan Graphics, Inc. 



This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.

Re: [ActiveDir] Exchange ActiveSync (OT)

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

activesync-error-85010014 [Vlad Wiki]:
http://www.vladville.com/wiki/activesync-error-85010014


Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

Petergal's SBS Blog : 85010001 Error Trying to Sync with WM5.0 
Device/ActiveSync4.1/ISA2004:

http://blogs.technet.com/petergal/archive/2006/02/02/418663.aspx

Got a 85010001 error resolution  ;-)

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:


My understanding over SSL, yes.
Is this a pocket PC style device or a smart phone?

If PPC you can manually move the cert (in SBSland we have two) to the 
device and 'install' them by merely drilling down the file explorer 
and clicking on it...this will 'install' it on the device.


Smartphone mobile 5 you need a cert installer from the company.

Nick Whittome - "The Naked MVP" : Windows Mobile 5.0 Devices and Self 
Signed Certs:

http://msmvps.com/blogs/thenakedmvp/archive/2005/11/15/75687.aspx

We need to gather up all the resolutions and stick them in one blog 
post.




Liz Vaibar wrote:


I tried that and couldn't get my cert to install. Do I absolutely need
the cert?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Thursday, February 16, 2006 11:52 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Exchange ActiveSync (OT)

http://blogs.technet.com/sbs their latest podcast is all about 
mobility.


http://blogs.technet.com/sbs/archive/2006/02/12/419364.aspx

You've added the cert to the device?

Liz Vaibar wrote:

 

Has anybody had the joyous experience of trying to make the new 
Palm Treo 700w sync with their Exchange environment?


I am running Exchange 2003 SP2 on clustered servers. I have OWA 
running on a front-end server. I have checked configurations as the 
OMA stuff is setup by default and verified that I can log into OMA. 
I have added my mobile carrier, I can see messages in my logs 
saying that things are working but the Palm never synchronizes. 
Instead, I get an error on the Palm that says The server could not 
be reached.
This can be caused by temporary network conditions. Support code: 
0x80072EFDI have had this thing miraculously begin working and 
then suddenly stop. I cannot duplicate success. There is no rhyme 
or reason to it. I have spent countless hours on this searching the 
web and see there are a lot of other folks out there who are 
frustrated but not a whole lot of support information on it. Does 
anyone have any
  




 


suggestions?

Thanks,
Liz Vaibar
Shape Corp.
Systems Administrator
  





--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: 
http://www.mail-archive.com/activedir%40mail.activedir.org/


 







--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Null values in adfind results

[al_maurer]

Whoops!  I need to update my copy of
adfind.

 

Thanks, Ryan

 



Al Maurer 
Service
Manager, Naming and Authentication Services 
IT
| Information Technology

Agilent
Technologies 
(719)
590-2639; Telnet 590-2639 
http://activedirectory.it.agilent.com 











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan A. Conrad
Sent: Friday, February 17, 2006
8:45 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Null
values in adfind results



 



adfind -default -f
"&(objectcategory=organizationalperson)(!attributename=*)"
-csv  should do the trick.  





 





Ryan

 





On 2/17/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:




I'm
looking for null values in several attributes of user objects but the result
only returns the attributes where a value is present.  I'd like to have
the output in some kind of delimited text file so I can import it into a
spreadsheet. 

 

Can
adfind do that?  I couldn't find a switch to specify returning null
values.

 

Al Maurer

Service Manager, Naming and
Authentication Services 
IT | Information Technology

Agilent Technologies 
(719) 590-2639; Telnet 590-2639 
http://activedirectory.it.agilent.com


 





 

RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

[Thommes, Michael M.]

As an update to this thread, we transferred the Schema Master role back
to other DC that has the SFU tools installed originally thinking this
might get the R2 schema update to work.  Wrong!  It fails with the same
error.  I can only imagine we do not have that unique an environment in
our testbed and expect others to have the same experience.  Luckily, we
never put SFU 3.5 on our production systems.  

We are going to open up a trouble ticket with Microsoft regarding this
issue.  I would like to hear of others' experiences (success or failure)
when trying to install R2 in an environment where SFU 3.5 had been
installed.  Thanks!

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Thursday, February 16, 2006 9:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Guido,
   Thanks for the response!  This server is Windows 2003/SP1 with all
but the current month's patches.  It is the current FSMO role holder.  I
did some checking this morning and find the SFU 3.5 tools on another DC
that could have been the FSMO role holder at the time the SFU schema
changes were made.  I don't see why that would make any difference, do
you?

-mike

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Thursday, February 16, 2006 3:00 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Mike - I see you're upgrading from Win2000 AD. Are your sure that you've
previously installed SFU 3.5 or was it maybe SFU 2.0 ?

The reason I'm asking is that there's a known schema incompatibility
with SFU 2.0:
check out http://support.microsoft.com/?id=293783 "Cannot Upgrade
Windows 2000 Server to Windows Server 2003 with Windows Services for
UNIX 2.0 Installed"

CAUSE
The upgrade may not work because the attributeSchema 'uid' that is used
by Windows 2000 Server for the NIS schema is not compatible with the one
that is used by Windows Server 2003. 

As such your error is likely independent from the changes in the R2
schema - it's actually an incompatibility in the Win2003 base schema
(not that this really matters for you; I just want to clarify that the
error should be unrelated to R2). As such it's different from Aric's
case, who was performing an upgrade from a Win2003 schema to Win2003
R2...


/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Donnerstag, 16. Februar 2006 02:53
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi Aric,
No, there were a lot more errors - all seem to be related to SFU
attributes.  I only copied a small portion to my posting to save
bandwidth.  Painful = time = headaches  8-(  I was expecting this
upgrade to be a "walk in the park".

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: Wednesday, February 15, 2006 7:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] issue with R2 upgrade; SFU confusion?

Are these the only two errors you received?

I encountered similar errors during beta testing when I implemented R2
in an existing forest - but a lot more than just 2. :)  I created a
secondary forest and validated that it did not recur.  Note that I also
had SFU installed in the original forest and the new secondary forest.

I was able to clean up the schema in the existing forest exhibiting the
errors but it was a fairly painful process of what seemed to be a goose
chase.  The tasks included disabling objects attributes in the schema
and renaming them amongst other things.

Fortunately I have not heard of this happening in production...yet.

So can these errors be ignored?  If I remember correctly ADPrep is
actually failing and therefore NO you cannot ignore these errors since
ADPREP will nto occur until they are resolved.

Regards,

Aric

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Wednesday, February 15, 2006 5:22 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] issue with R2 upgrade; SFU confusion?

Hi,
We did a adprep /forestprep from the W2K3/SP1 R2 Disk 2 CD today on
our testbed FSMO DC.  It gave the following errors (only a portion shown
below) because, I am guessing, that we had already installed SFU 3.5 on
this forest some time ago.  Should I assume these errors can be ignored?
Has anybody else experienced this?  Thanks as always!

Mike Thommes



"attributeId" attribute value for objects defined in Windows 2000 schema
and ext
ended schema do not match.


A previous schema extension has defined the attribute value as
"1.2.840.113556.1
.4.7000.187.70" for object
"CN=uidNumber,CN=Schema,CN=Configuration,DC=anl,

RE: [ActiveDir] R2 and W2K3 SP1

[Almeida Pinto, Jorge de]

>>>Do you guys/gals know whether it is true that R2 disk 1 
>>>is the same as Windows 2003 SP1?
Yep, the same. You can also use the w2k3 cd, then install sp1 and then
integrate R2 into the OS

>>>SP1, except when the license agreement screen comes up, 
>>>it lists the OS as 2003 R2
R2 is a new distribution and as such that distribution contains 2 disks,
one with W2K3SP1 and on with the R2 binaries

>>>In the R2 FAQ page on the 
>>>Microsoft site, it says that you do not need to upgrade 
>>>your 2003 servers to R2, you need to only upgrade them to 
>>>SP1
If you have W2K3 and you want those to be R2, you need to install SP1
first
If you have W2K3 already with SP1 and you want those to be R2, just
integrate the R2 binaries. Integrating does not mean INSTALL! You still
need to enable the features you want to use. However, integrating R2
onto a DC requires a schema change

>>> Is there not a distinct difference in the Kernel of R2 
>>>and the Kernel of 2003 SP1?  If not, then for the 2003 
>>>servers that I already have online, they need only SP1 to 
>>>be up to standards.

Nope, kernel is not different, just new OS features. Also see above

Cheers,
Jorge

--->>>-Original Message-
--->>>From: [EMAIL PROTECTED] 
--->>>[mailto:[EMAIL PROTECTED] On Behalf Of 
--->>>Bahta, Nathaniel V Contractor NASIC/SCNA
--->>>Sent: Friday, February 17, 2006 16:34
--->>>To: ActiveDir@mail.activedir.org
--->>>Subject: [ActiveDir] R2 and W2K3 SP1
--->>>
--->>>Hey list,
--->>>
--->>>Do you guys/gals know whether it is true that R2 disk 1 
--->>>is the same as Windows 2003 SP1?  I loaded the first disk 
--->>>and it loads exactly and looks exactly like Windows 2003 
--->>>SP1, except when the license agreement screen comes up, 
--->>>it lists the OS as 2003 R2.  In the R2 FAQ page on the 
--->>>Microsoft site, it says that you do not need to upgrade 
--->>>your 2003 servers to R2, you need to only upgrade them to 
--->>>SP1 
--->>>http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx. 
--->>> Is there not a distinct difference in the Kernel of R2 
--->>>and the Kernel of 2003 SP1?  If not, then for the 2003 
--->>>servers that I already have online, they need only SP1 to 
--->>>be up to standards.  R2 Disk 2 seems like the NT4 Option 
--->>>Pack, not another OS release or kernel, but another set 
--->>>of features on a separate disk.  Correct me if I am wrong.
--->>>
--->>>
--->>>Nathaniel Bahta
--->>>GD-NS
--->>>List info   : http://www.activedir.org/List.aspx
--->>>List FAQ: http://www.activedir.org/ListFAQ.aspx
--->>>List archive: 
--->>>http://www.mail-archive.com/activedir%40mail.activedir.org/
--->>>


This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] R2 and W2K3 SP1

[neil.ruston]

R2 CD1 == w2k3 SP1.
R2 CD2 == addon components.

Does that help?
neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V Contractor NASIC/SCNA
Sent: 17 February 2006 15:34
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] R2 and W2K3 SP1

Hey list,

Do you guys/gals know whether it is true that R2 disk 1 is the same as
Windows 2003 SP1?  I loaded the first disk and it loads exactly and
looks exactly like Windows 2003 SP1, except when the license agreement
screen comes up, it lists the OS as 2003 R2.  In the R2 FAQ page on the
Microsoft site, it says that you do not need to upgrade your 2003
servers to R2, you need to only upgrade them to SP1
http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx.  Is there not
a distinct difference in the Kernel of R2 and the Kernel of 2003 SP1?
If not, then for the 2003 servers that I already have online, they need
only SP1 to be up to standards.  R2 Disk 2 seems like the NT4 Option
Pack, not another OS release or kernel, but another set of features on a
separate disk.  Correct me if I am wrong.


Nathaniel Bahta
GD-NS
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments.  NIplc
does not provide investment services to private customers.  Authorised and
regulated by the Financial Services Authority.  Registered in England
no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP.  A member of the Nomura group of companies.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Null values in adfind results

[Ryan A. Conrad]

adfind -default -f "&(objectcategory=organizationalperson)(!attributename=*)" -csv  should do the trick.  
 
Ryan 
On 2/17/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:



I'm looking for null values in several attributes of user objects but the result only returns the attributes where a value is present.  I'd like to have the output in some kind of delimited text file so I can import it into a spreadsheet.

 
Can adfind do that?  I couldn't find a switch to specify returning null values.
 
Al Maurer Service Manager, Naming and Authentication Services 
IT | Information Technology Agilent Technologies (719) 590-2639; Telnet 590-2639
 http://activedirectory.it.agilent.com
 
 

[ActiveDir] Setting up Home Folder Gives User Full Access

[bonnie . pohlschneider]

We create a home 
folder for each of our users in ADUC by adding the server path to the Profile 
Tab. When we setup the home folder, ADUC by default grants the user "Full 
Control" to this folder, which we would like to stop. We would prefer that 
they have the ability to read-write, but not to modify the permissions. Two 
questions here:
 
1) How do we stop 
ADUC from automatically granting full access to the end user on their home 
folder?
2) We have about 
2000 home folders that have already been created with the incorrect permissions 
already setup. Is there a script or utility that can be used to remove the "Full 
Access" check box from the individual user accounts on the folders? (just for a 
bit of background, only the domain admins and the user have access to each home 
folder).
 
Any guidance would 
be much appreciated.
 
 
Bonnie 
Pohlschneider

[ActiveDir] R2 and W2K3 SP1

[Bahta, Nathaniel V Contractor NASIC/SCNA]

Hey list,

Do you guys/gals know whether it is true that R2 disk 1 is the same as Windows 
2003 SP1?  I loaded the first disk and it loads exactly and looks exactly like 
Windows 2003 SP1, except when the license agreement screen comes up, it lists 
the OS as 2003 R2.  In the R2 FAQ page on the Microsoft site, it says that you 
do not need to upgrade your 2003 servers to R2, you need to only upgrade them 
to SP1 http://www.microsoft.com/windowsserver2003/R2/R2FAQ.mspx.  Is there not 
a distinct difference in the Kernel of R2 and the Kernel of 2003 SP1?  If not, 
then for the 2003 servers that I already have online, they need only SP1 to be 
up to standards.  R2 Disk 2 seems like the NT4 Option Pack, not another OS 
release or kernel, but another set of features on a separate disk.  Correct me 
if I am wrong.


Nathaniel Bahta
GD-NS
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Null values in adfind results

[al_maurer]

I’m looking for null values in several attributes of
user objects but the result only returns the attributes where a value is
present.  I’d like to have the output in some kind of delimited text
file so I can import it into a spreadsheet.

 

Can adfind do that?  I couldn’t find a switch to
specify returning null values.

 

Al Maurer

Service Manager, Naming and
Authentication Services 
IT | Information Technology

Agilent Technologies 
(719) 590-2639; Telnet 590-2639

http://activedirectory.it.agilent.com


 

RE: [ActiveDir] Limit Logon thru GPO

[Mike Griffiths]

as long as you've got a well setup network Limit Logon 
works quite nicely. We trialled it before christmas with the intention of 
limiting our students, but unfortunately we could only get it to work on our 
staff domain - we're assuming it's because of poor design(or rather 
complete lack of, since the driving factor was "I just setup a 2000 server as a 
backup domain controller and...oh") from when we first moved over to 2000 
domains.
 
Installation is simply a case of reading the instructions 
and clicking through on a 2003 domain controller with IIS installed, deploying 
the client & logon & logoff scripts through group policy, and running 
the MMC update installer on an admin machine to get the ADUC extensions. 
After that it pretty much integrates into ADUC for managing login quotas etc 

 
No more of a pain than getting cconnect working properly, 
to be honest
 
If it all goes horribly wrong rolling back is (mostly) a 
case of re-running the installers to uninstall everything. There's a bit of 
manual intervention to remove the schema updates if you really want, but we just 
left those in and as far as most day to day administration is concerned it looks 
like the software was never installed.
 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Aaron 
VisserSent: 16 February 2006 15:59To: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Limit Logon thru 
GPO


Sorry if this question has already 
been asked but I was sure I saw this at one time and now I cannot find it 
anywhere. I am beginning to think it was all just a wishful 
dream.
 
Q. Is it possible to limit the 
number of logon’s a user may have at any one moment, using GPO?
 
Microsoft has released 
the LimitLogin tool, which you can download from 
http://download.microsoft.com/download/f/d/0/fd05def7-68a1-4f71-8546-25c359cc0842/limitlogin.exe. 
The tool stores logged-on information in a custom AD partition (dc=limitlogin, 
dc=, dc=; e.g., dc=limitlogin,dc=savilltech,dc=com) via 
a Microsoft IIS 6.0 (Windows Server 2003) hosted Web service, a client 
component, and a logon and logoff script.
 
This is the only answer I could find 
on the internet but surely this cannot be the only way, like I mentioned I was 
sure I saw this at one time and now I cannot find it anywhere. Was it all a 
dream? Should MS get there act together? or did I really see this? I would 
rather not use LimitLogon as it seems like a bit of a pain in the a$$ to setup 
and I am pretty sure it is irreversible.
 
 
Thanks,
 
 
Aaron 
Visser
 
Computer Services 
Tech
School 
District #33
Chilliwack Secondary 
School
[EMAIL PROTECTED]
604.795.7295
 

RE: [ActiveDir] ability to create container objects not in ADUC

[Olivarez, Sergio J Mr ANOSC/FCBS]

http://www.microsoft.com/WINDOWS2000/techinfo/howitworks/activedirectory/glo
ssary.asp

container -- a special type of Active Directory object. A container is like
other directory objects in that it has attributes and is part of the Active
Directory namespace. However, unlike other objects, it does not usually
represent something concrete. It is the container for a group of objects and
other containers.

organizational unit (OU) -- a container object that is an Active Directory
administrative partition. OUs can contain users, groups, resources, and
other OUs. Organizational Units enable the delegation of administration to
distinct subtrees of the directory.

Thanks... ... ... ...
Sergio J. Olivarez - Contractor
Phone # (520) 538-2909  DSN: 879-2909
[EMAIL PROTECTED]
GD-NS
 
-Original Message-
From: Mark Parris [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 16, 2006 4:23 PM
To: ActiveDir.org
Subject: Re: [ActiveDir] ability to create container objects not in ADUC

A container is not an OU.
-Original Message-
From: "Olivarez, Sergio J Mr ANOSC/FCBS" <[EMAIL PROTECTED]>
Date: Thu, 16 Feb 2006 15:26:22 
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] ability to create container objects not in ADUC

What kind of container?  An OU is a container.  

Thanks... ... ... ...
Sergio J. Olivarez - Contractor
GD-NS
 

-Original Message-
From: Thommes, Michael M. [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 16, 2006 3:11 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] ability to create container objects not in ADUC

Is there a technical reason why the ability to create a new container is
not available in the Active Directory Users and Computers (ADUC) mmc?
(Sorry if this is a dumb question.)

Mike Thommes
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Merge RecordSet

[stefano tufillaro]

Yes




From: "Atila Firmino" <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
To: 
Subject: [ActiveDir] Merge RecordSet
Date: Thu, 16 Feb 2006 11:43:50 -0300
MIME-Version: 1.0
Received: from mail.activedir.org ([12.168.66.190]) by 
bay0-mc6-f2.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 16 
Feb 2006 05:48:55 -0800
Received: from mail2.santanderbanespa.com.br [200.220.180.3] by 
mail.activedir.org with ESMTP  (SMTPD32-8.15) id A18E4A77010C; Thu, 16 Feb 
2006 08:43:42 -0500
Received: from mail2.santanderbanespa.com.br (localhost [127.0.0.1])by 
localhost.santanderbanespa.com.br (Postfix) with ESMTP id 5FA0E163Afor 
; Thu, 16 Feb 2006 11:40:30 -0200 (BRST)
Received: from bsbrsp35.bs.br.bsch (unknown [180.128.1.12])by 
mail2.santanderbanespa.com.br (Postfix) with ESMTP id 4EB4F1636for 
; Thu, 16 Feb 2006 11:40:30 -0200 (BRST)
Received: from bsbrsp42.bs.br.bsch ([180.128.4.45]) by bsbrsp35.bs.br.bsch 
with Microsoft SMTPSVC(5.0.2195.6713); Thu, 16 Feb 2006 11:44:29 -0300

X-Message-Info: yilqo4+6kc59PjJBklji4yFTtTbgxTT7PL6o/I+7LsY=
Content-Class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-MS-Has-Attach: X-MS-TNEF-Correlator: Priority: normal
Thread-Topic: Merge RecordSet
thread-index: AcYzB2aCimUZmCW+QoeufPpmd+LpHg==
X-OriginalArrivalTime: 16 Feb 2006 14:44:29.0926 (UTC) 
FILETIME=[7E0DD060:01C63307]

X-imss-version: 2.34
X-imss-result: Passed
X-imss-scores: Clean:60.72184 C:2 M:3 S:5 R:5
X-imss-settings: Baseline:2 C:2 M:2 S:3 R:2 (0.1500 0.1500)
Precedence: bulk
Return-Path: [EMAIL PROTECTED]

Hi all,

I will build two queries by ADODB connections. Is it possible to make a
union of results in only one recordset? I mean, can I merge two
recordsets in only one?

Thanks

Atila




Essa mensagem e destinada exclusivamente ao seu destinatario e pode conter 
informacoes confidenciais, protegidas por sigilo profissional ou cuja 
divulgacao seja proibida por lei. O uso nao autorizado de tais informacoes 
e proibido e esta sujeito as penalidades cabiveis.


This message is intended exclusively for its addressee and may contain 
information that is confidential and protected by a professional privilege 
or whose disclosure is prohibited by law. Unauthorized use of such 
information is prohibited and subject to applicable penalties.



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Limit Logon thru GPO

[Senthil kumar]

The cconnect.exe also works well in w2k3
server .

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Thursday, February 16, 2006
10:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Limit
Logon thru GPO



 

This cconnect.exe seems interesting
anybody used it with 2003 Server? or is it strictly a NT/2000 tool?

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Thursday, February 16, 2006
8:17 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Limit
Logon thru GPO



 

There is no native way of doing this in
GP, but there is the Resource Kit utility Cconnect.exe that tries to accomplish
the same thing without messy AD partitions (not at all to imply that anything
remotely related to AD is messy :))

 

Darren

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Thursday, February 16, 2006
7:59 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Limit Logon
thru GPO

Sorry if this question has already been asked but I was sure
I saw this at one time and now I cannot find it anywhere. I am beginning to
think it was all just a wishful dream.

 

Q. Is it possible to limit the number of logon’s a
user may have at any one moment, using GPO?

 

Microsoft has released the LimitLogin
tool, which you can download from
http://download.microsoft.com/download/f/d/0/fd05def7-68a1-4f71-8546-25c359cc0842/limitlogin.exe.
The tool stores logged-on information in a custom AD partition (dc=limitlogin,
dc=, dc=; e.g., dc=limitlogin,dc=savilltech,dc=com)
via a Microsoft IIS 6.0 (Windows Server 2003) hosted Web service, a client
component, and a logon and logoff script.

 

This is the only answer I could find on the internet but
surely this cannot be the only way, like I mentioned I was sure I saw this at
one time and now I cannot find it anywhere. Was it all a dream? Should MS get
there act together? or did I really see this? I would rather not use LimitLogon
as it seems like a bit of a pain in the a$$ to setup and I am pretty sure it is
irreversible.

 

 

Thanks,

 

 

Aaron Visser

 

Computer Services Tech

School District #33

Chilliwack
 Secondary School

[EMAIL PROTECTED]

604.795.7295