Re: [ActiveDir] Exchange queue(OT)

[Al Mulnick]

Hopefully we get this cleared up before too long. Blank messages makes
it look like I'm smarter than I am.

Can you export it and see if there's a X.500 and/or exchangeDN (likely
you'd see that in one of the display panels, but... it would look like
a x.500 address vs. a display name or something like that.)



On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote:


Under the "email addresses" tab, it is empty(kinda like this email I'm
replying to now :) )

Thanks


On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
>



[EMAIL PROTECTED]   ��V�r�y�&��-�÷Š¾4���i�b��b��

[ActiveDir] OT: Exchange patch this month

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Since there are a lot of Exchange questions on this list.. just a fyi 
there's a lovely patch for Exchange this month that not only changes 
persmissions affecting Blackberries...but has 'from remote attack' impact.


You Had Me At EHLO... : BlackBerry and GoodLink users may be unable to 
send messages after applying latest Exchange 2003 store hotfixes:

http://msexchangeteam.com/archive/2006/01/13/417440.aspx

On a SBS box it so far.. "is" requiring reboot.

Microsoft Security Bulletin MS06-019: Vulnerability in Microsoft 
Exchange Could Allow Remote Code Execution (916803):

http://www.microsoft.com/technet/security/Bulletin/MS06-019.mspx

And the EHLO blog has a new landing place
http://msexchangeteam.com/



--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP queries

[joe]

You need to enable paging. If they don't support paging 
there is an issue and you should probably feed that back to them. In the 
meanwhile you could sync your data into an ADAM set and then crank up the page 
size setting. I do not recommend doing it for your production AD. I don't really 
recommend it for ADAM either but if those are your only choices... 

 
Regardless, bring it up to your vendor.
 

--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Harding, 
DevonSent: Wednesday, May 10, 2006 5:35 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP 
queries


Is there a search limit 
on Global Catalogs?  The problem I could be having is that this Symantec 
appliance is limited to a 10,000 object search.
 
When I use LDAP 
Browser/editor, it returns only 1000 entries.
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Monday, May 08, 2006 5:22 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP 
queries
 
I am not 
familiar with the device, does it pull the objects locally and keep in some sort 
of cache or ???
 
Note that 
you will need to be searching the GC port to find anything since you have stuff 
across multiple domains. So find the way to specify port and say 3268 (or 3269 
if you want SSL but lets get it working first. :o)
 
Now as for 
the queries 
 
A query to 
find all users (i.e. not contacts) who are exchange enabled (both mail and 
mailbox enabled) you would do something like 
 
(&(sAMAccountType=805306368)(proxyaddresses=*))
 
or
 
(&(sAMAccountType=805306368)(mailnickname=*))
 

either 
should perform about the same.

 

 

 

For 
non-Exchange enabled groups which is what *I think* you are looking for in the 
second query 

 


(&(grouptype=*)(!(proxyaddresses=*)))

 

or

 


(&(grouptype=*)(!(mailnickname=*)))

 

 

...should 
be similar perf.

 

 

 

 

For 
exchange enabled groups

 

(&(grouptype=*)(proxyaddresses=*))

 

or

 


(&(grouptype=*)(mailnickname=*))

 

 

Again, 
should be comparable...

 

 

 

   
joe

 

 
--
O'Reilly 
Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Harding, DevonSent: Monday, May 08, 2006 4:24 
PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAP 
queries
I’m using a Symantec Mail Security 
8260 appliance that used LDAP to prevent Directory Harvest attacks.  The 
problem is, the built in queries is causing an issue with adding the LDAP 
server.  We have an empty root with several child domains.  Here are 
the queries:
 
Query start (Sync base 
DN):   
DC=domain,DC=com
User query:  
 
    
    
(|(mail=*)(proxyAddresses=*))
Group query: 
    
    
(&(!(mail=*))(!(proxyAddresses=*)))
Distribution list 
query: 
    
(|(mail=*)(proxyAddresses=*))
 
My question is, what other LDAP 
filters can I use instead of these to accomplish the result of querying for user 
SMTP addresses & distribution groups?
 
Devon 
Harding
Windows 
Systems Engineer
Southern Wine 
& Spirits - BSG
954-602-2469
 
--- 
This message (including any attachments) 
is intended only for the use of the individual or entity to which it is 
addressed and may contain information that is non-public, proprietary, 
privileged, confidential, and exempt from disclosure under applicable law or may 
constitute as attorney work product. If you are not the intended recipient, you 
are hereby notified that any use, dissemination, distribution, or copying of 
this communication is strictly prohibited. If you have received this 
communication in error, notify us immediately by telephone and (i) destroy this 
message if a facsimile or (ii) delete this message immediately if this is an 
electronic communication. Thank you. 
--- 
This message (including any attachments) is intended only for the use of 
the individual or entity to which it is addressed and may contain information 
that is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication. 
Thank you. 

RE: [ActiveDir] Windows Defender

[Molkentin, Steve]

_SO) glad I know this... It means that I can sleep tonight now...



themolk. 
 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> [EMAIL PROTECTED]
> Sent: Thursday, 11 May 2006 9:41 AM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Windows Defender
> 
> Return Receipt
>   
>  
>Your   [ActiveDir] Windows Defender
>  
>document:  
>  
>   
>  
>wasBob Mich/DSS/COSLO  
>  
>received   
>  
>by:
>  
>   
>  
>at:05/10/2006 04:41:29 PM  
>  
>   
>  
> 
> 
> 
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Windows Defender

[bmich]

Return Receipt
   
   Your   [ActiveDir] Windows Defender 
   document:   
   
   wasBob Mich/DSS/COSLO   
   received
   by: 
   
   at:05/10/2006 04:41:29 PM   
   




List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP queries

[Hutchins, Mike]

Yes, you have to page the results.You could always (not 
recommended) change the query response limit in 
ntdsutil.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Harding, 
DevonSent: Wednesday, May 10, 2006 2:35 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP 
queries


Is there a search limit 
on Global Catalogs?  The problem I could be having is that this Symantec 
appliance is limited to a 10,000 object search.
 
When I use LDAP 
Browser/editor, it returns only 1000 entries.
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Monday, May 08, 2006 5:22 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP 
queries
 
I am not 
familiar with the device, does it pull the objects locally and keep in some sort 
of cache or ???
 
Note that 
you will need to be searching the GC port to find anything since you have stuff 
across multiple domains. So find the way to specify port and say 3268 (or 3269 
if you want SSL but lets get it working first. :o)
 
Now as for 
the queries 
 
A query to 
find all users (i.e. not contacts) who are exchange enabled (both mail and 
mailbox enabled) you would do something like 
 
(&(sAMAccountType=805306368)(proxyaddresses=*))
 
or
 
(&(sAMAccountType=805306368)(mailnickname=*))
 

either 
should perform about the same.

 

 

 

For 
non-Exchange enabled groups which is what *I think* you are looking for in the 
second query 

 


(&(grouptype=*)(!(proxyaddresses=*)))

 

or

 


(&(grouptype=*)(!(mailnickname=*)))

 

 

...should 
be similar perf.

 

 

 

 

For 
exchange enabled groups

 

(&(grouptype=*)(proxyaddresses=*))

 

or

 


(&(grouptype=*)(mailnickname=*))

 

 

Again, 
should be comparable...

 

 

 

   
joe

 

 
--
O'Reilly 
Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Harding, DevonSent: Monday, May 08, 2006 4:24 
PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAP 
queries
I’m using a Symantec Mail Security 
8260 appliance that used LDAP to prevent Directory Harvest attacks.  The 
problem is, the built in queries is causing an issue with adding the LDAP 
server.  We have an empty root with several child domains.  Here are 
the queries:
 
Query start (Sync base 
DN):   
DC=domain,DC=com
User query:  
 
    
    
(|(mail=*)(proxyAddresses=*))
Group query: 
    
    
(&(!(mail=*))(!(proxyAddresses=*)))
Distribution list 
query: 
    
(|(mail=*)(proxyAddresses=*))
 
My question is, what other LDAP 
filters can I use instead of these to accomplish the result of querying for user 
SMTP addresses & distribution groups?
 
Devon 
Harding
Windows 
Systems Engineer
Southern Wine 
& Spirits - BSG
954-602-2469
 
--- 
This message (including any attachments) 
is intended only for the use of the individual or entity to which it is 
addressed and may contain information that is non-public, proprietary, 
privileged, confidential, and exempt from disclosure under applicable law or may 
constitute as attorney work product. If you are not the intended recipient, you 
are hereby notified that any use, dissemination, distribution, or copying of 
this communication is strictly prohibited. If you have received this 
communication in error, notify us immediately by telephone and (i) destroy this 
message if a facsimile or (ii) delete this message immediately if this is an 
electronic communication. Thank you. 
--- 
This message (including any attachments) is intended only for the use of 
the individual or entity to which it is addressed and may contain information 
that is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If 
you are not the intended recipient, you are hereby notified that any use, 
dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, notify us 
immediately by telephone and (i) destroy this message if a facsimile or (ii) 
delete this message immediately if this is an electronic communication. 
Thank you. 

RE: [ActiveDir] LDAP queries

[Harding, Devon]

Is there a search limit on Global Catalogs? 

The problem I could be having is that this Symantec appliance is limited to a

10,000 object search.



 



When I use LDAP Browser/editor, it returns

only 1000 entries.



 



















From:

[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe

Sent: Monday, May 08, 2006 5:22 PM

To: ActiveDir@mail.activedir.org

Subject: RE: [ActiveDir] LDAP

queries







 



I am not familiar with

the device, does it pull the objects locally and keep in some sort of cache or

???



 



Note that you will need

to be searching the GC port to find anything since you have stuff across

multiple domains. So find the way to specify port and say 3268 (or 3269 if you

want SSL but lets get it working first. :o)



 



Now as for the

queries 



 



A query to find all users

(i.e. not contacts) who are exchange enabled (both mail and mailbox enabled)

you would do something like 



 



(&(sAMAccountType=805306368)(proxyaddresses=*))



 



or



 



(&(sAMAccountType=805306368)(mailnickname=*))



 







either should perform about

the same.











 











 











 











For non-Exchange enabled

groups which is what *I think* you are looking for in the second query 











 















(&(grouptype=*)(!(proxyaddresses=*)))















 











or











 















(&(grouptype=*)(!(mailnickname=*)))















 











 











...should be similar

perf.











 











 











 











 











For exchange enabled

groups











 











(&(grouptype=*)(proxyaddresses=*))











 











or











 















(&(grouptype=*)(mailnickname=*))











 











 











Again, should be

comparable...











 











 











 











   joe











 















 







--



O'Reilly Active Directory

Third Edition - http://www.joeware.net/win/ad3e.htm 



 







 







 















From:

[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding,

 Devon

Sent: Monday, May 08, 2006 4:24 PM

To: ActiveDir@mail.activedir.org

Subject: [ActiveDir] LDAP queries



I’m using a Symantec Mail

Security 8260 appliance that used LDAP to prevent Directory Harvest

attacks.  The problem is, the built in queries is causing an issue with

adding the LDAP server.  We have an empty root with several child domains. 

Here are the queries:



 



Query start (Sync base

DN):   DC=domain,DC=com



User query: 



   

   

(|(mail=*)(proxyAddresses=*))



Group query:

   

   

(&(!(mail=*))(!(proxyAddresses=*)))



Distribution list

query:

    (|(mail=*)(proxyAddresses=*))



 



My question is, what other LDAP

filters can I use instead of these to accomplish the result of querying for

user SMTP addresses & distribution groups?



 



Devon Harding



Windows

Systems Engineer



Southern

Wine & Spirits - BSG



954-602-2469



 



---



This message (including any attachments) is

intended only for the use of the individual or entity to which it is addressed

and may contain information that is non-public, proprietary, privileged,

confidential, and exempt from disclosure under applicable law or may constitute

as attorney work product. If you are not the intended recipient, you are hereby

notified that any use, dissemination, distribution, or copying of this

communication is strictly prohibited. If you have received this communication

in error, notify us immediately by telephone and (i) destroy this message if a

facsimile or (ii) delete this message immediately if this is an electronic

communication. 

Thank you. 







---



This message (including any attachments) is intended only for

the use of the individual or entity to which it is addressed and

may contain information that is non-public, proprietary,

privileged, confidential, and exempt from disclosure under

applicable law or may constitute as attorney work product.

If you are not the intended recipient, you are hereby notified

that any use, dissemination, distribution, or copying of this

communication is strictly prohibited. If you have received this

communication in error, notify us immediately by telephone and

(i) destroy this message if a facsimile or (ii) delete this message

immediately if this is an electronic communication.

Re: [ActiveDir] Exchange queue(OT)

[Tom Kern]

Under the "email addresses" tab, it is empty(kinda like this email I'm replying to now :) )
 
Thanks 
On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:

Re: [ActiveDir] Exchange queue(OT)

[Al Mulnick]

Interesting.  I changed nothing, but let's move past that for now ;-)

I'm stuck on the idea that a contact with no address was submitted to
the server for processing.  That has an address doesn't it? If you
export it, it has maybe a legacyexchangedn or something?


al



On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote:


Well the answer to your first question is "yup" to both :)
I actually was replying to "nothingness" for awhile because i couldn't read
your email until you changed the encoding in your gmail(i kept looking at
the html postings on Activedir.org to see your response).

Exchange 2k is current and up to date(mixed mode, though we have no Exchange
5.5 servers).
So is the OS(win2k sp4 plus hotfixes)
The user is sending to DL's in her pab.
Outlook 2k.

I imported her DL's into my Outlook 2k client and sent to each one. One by
one while checking the Exchange queues
When I got to the DL with the ADCDisabledMail contact with no addy, it just
sat in the "awaiting directory lookup" queue forever.
When i got rid of that contact and resent to the DL, everything went
through.

Afetr removing that contact from the other DL, I sent an email to all 15
DL's simultaneously as the user would, and this went through fine

However, I'm starting to think there is something wrong with the Exchange
enviorment here because sometimes i see email stuck in that queue from other
senders as well.

In fact while writing this email, I see that an 2emails each to ine
recipient(one external, the other internal) are stuck in the directory
lookup queue.
I have CAT logging set at 7 and the event id I see for the internal mail is-

Event Type: Error

Event Source: MSExchangeTransport
Event Category: Categorizer
Event ID: 9004
Date:  5/10/2006
Time:  11:23:06 AM
User:  N/A
Computer: EXSERVER1
Description:
Categorizer encountered a hard error while processing a message.  While
processing user 'smtp: [EMAIL PROTECTED]', the function
'ExpandRecipient' called 'HrSaveBCCRecipientIfNecessary' which returned
error code '0xc0040550' (The property was not set.
).  A DSN has been generated. (
m:[EMAIL PROTECTED] )
Data:
: 50 05 04 c0   P..À



And I also get this one for the external recipient-

Event Type: Error

Event Source: MSExchangeTransport
Event Category: Categorizer
Event ID: 9004
Date:  5/10/2006
Time:  11:23:06 AM
User:  N/A
Computer: EXSERVER1
Description:
Categorizer encountered a hard error while processing a message.  While
processing user 'smtp: [EMAIL PROTECTED]', the function
'CPhatCat::SaveBCCRecipientIfNecessary' called
'HrGetP1RecipientListEncoder' which returned error code '0xc0040550' (The
property was not set.
).  A DSN has been generated. (
m:[EMAIL PROTECTED] )
Data:
: 50 05 04 c0   P..À

Thanks for any insight you can provide.




On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
> Your reply came back as yup, but no context to know if you were just
> being sly and saying yup to nothingness or if it was related to the
> last question.  I'll assume the latter.
>
> That's not a good thing then that there was no email address and it
> made it all the way to the CAT.  That should be kicked out at the
> client, and if not at the client, during submission. Did you verify
> that your E2K and operating system are as up to date as possible? If
> not, how far back are you?
>
>
> Al
>
>
>
>
>
> On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote:
> >
> > Yup
> >
> >
> >
> > On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
> > >
> >
> >
>



[EMAIL PROTECTED]   ��V�r�y�&��-�÷Š¾4���i�b��b��

[ActiveDir] Windows Defender

[Anthony Crawford]

 

I installed Windows Defender (Beta) this weekend and it
promptly removed two programs that I didn’t want it to. 
Reinstalling one of the programs is not an option.  I have two questions:

 

1.  Where is the setting so Windows Defender will
prompt me prior to uninstalling a program instead of automatically uninstalling
it without notification?

 

2.  Where is the setting to tell Defender to restore
the programs it has uninstalled.  

 

Thanks.

 

Tony

Re: [ActiveDir] Exchange queue(OT)

[Tom Kern]

Well the answer to your first question is "yup" to both :)
I actually was replying to "nothingness" for awhile because i couldn't read your email until you changed the encoding in your gmail(i kept looking at the html postings on Activedir.org
 to see your response).
 
Exchange 2k is current and up to date(mixed mode, though we have no Exchange 5.5 servers).
So is the OS(win2k sp4 plus hotfixes)
The user is sending to DL's in her pab.
Outlook 2k.
 
I imported her DL's into my Outlook 2k client and sent to each one. One by one while checking the Exchange queues
When I got to the DL with the ADCDisabledMail contact with no addy, it just sat in the "awaiting directory lookup" queue forever.
When i got rid of that contact and resent to the DL, everything went through.
 
Afetr removing that contact from the other DL, I sent an email to all 15 DL's simultaneously as the user would, and this went through fine
 
However, I'm starting to think there is something wrong with the Exchange enviorment here because sometimes i see email stuck in that queue from other senders as well.
 
In fact while writing this email, I see that an 2emails each to ine recipient(one external, the other internal) are stuck in the directory lookup queue.
I have CAT logging set at 7 and the event id I see for the internal mail is-
 
Event Type: ErrorEvent Source: MSExchangeTransportEvent Category: Categorizer Event ID: 9004Date:  5/10/2006Time:  11:23:06 AMUser:  N/AComputer: EXSERVER1Description:Categorizer encountered a hard error while processing a message.  While processing user 'smtp:
[EMAIL PROTECTED]', the function 'ExpandRecipient' called 'HrSaveBCCRecipientIfNecessary' which returned error code '0xc0040550' (The property was not set.).  A DSN has been generated. ( 
m:[EMAIL PROTECTED] ) Data:: 50 05 04 c0   P..À     
 
 
And I also get this one for the external recipient-
 
Event Type: ErrorEvent Source: MSExchangeTransportEvent Category: Categorizer Event ID: 9004Date:  5/10/2006Time:  11:23:06 AMUser:  N/AComputer: EXSERVER1Description:Categorizer encountered a hard error while processing a message.  While processing user 'smtp:
[EMAIL PROTECTED]', the function 'CPhatCat::SaveBCCRecipientIfNecessary' called 'HrGetP1RecipientListEncoder' which returned error code '0xc0040550' (The property was not set.
).  A DSN has been generated. ( m:[EMAIL PROTECTED] ) Data:: 50 05 04 c0   P..À    
 
Thanks for any insight you can provide. 
 
On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
Your reply came back as yup, but no context to know if you were justbeing sly and saying yup to nothingness or if it was related to the
last question.  I'll assume the latter.That's not a good thing then that there was no email address and itmade it all the way to the CAT.  That should be kicked out at theclient, and if not at the client, during submission. Did you verify
that your E2K and operating system are as up to date as possible? Ifnot, how far back are you?AlOn 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote:
>> Yup On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:> >>>

RE: [ActiveDir] Exchange queue(OT)

[Douglas M. Long]

Sweet! I can see your messages again Al.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, May 10, 2006 1:10 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Exchange queue(OT)

Your reply came back as yup, but no context to know if you were just
being sly and saying yup to nothingness or if it was related to the
last question.  I'll assume the latter.

That's not a good thing then that there was no email address and it
made it all the way to the CAT.  That should be kicked out at the
client, and if not at the client, during submission. Did you verify
that your E2K and operating system are as up to date as possible? If
not, how far back are you?


Al





On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote:
>
> Yup
>
>
>
> On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
> >
>
>
.+w֧B+v*
rz Vryi˽箊

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] [OT] GMAIL encoding

[Matheesha Weerasinghe]

Thanks for that. My question is why doesnt the mail sent by Al
viewable by other gmail users? I was also seen blank emails and I use
gmail too.

M@

On 5/10/06, AdamT <[EMAIL PROTECTED]> wrote:

On 10/05/06, Lou Vega <[EMAIL PROTECTED]> wrote:
>
> I don't know exactly where it is off the top of my head because I don't have
> access to GMAIL at work, but GMAIL does allow you (to my knowledge) to set
> the encoding of your messages if you wanted to…perhaps you can check into
> that?
>
It's under the settings like at the top right of the screen.  You get
a choice of:

Use default text encoding for outgoing messages

Or:

Use Unicode (UTF-8) encoding for outgoing messages


--
AdamT
'Thank-you for not requesting read receipts'
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


[EMAIL PROTECTED]   ��V�r�y�&��-�÷Š¾4���i�b��b��

Re: [ActiveDir] Exchange queue(OT)

[Al Mulnick]

Your reply came back as yup, but no context to know if you were just
being sly and saying yup to nothingness or if it was related to the
last question.  I'll assume the latter.

That's not a good thing then that there was no email address and it
made it all the way to the CAT.  That should be kicked out at the
client, and if not at the client, during submission. Did you verify
that your E2K and operating system are as up to date as possible? If
not, how far back are you?


Al





On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote:


Yup



On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
>

RE: [ActiveDir] GPO

[Darren Mar-Elia]

This is primarily because 
GP will only refresh if the GPO has changed or, in the case of security policy, 
every 16 hours by default. However, there are a couple of ways around this. You 
can set security policy to refresh during every background interval by enabling 
the relevant policy at computer configuration\admin templates\system\group 
policy\security policy processing, or, you can tune down the 16 hour interval by 
modifying the registry value on every client, described at http://support.microsoft.com/kb/277543/en-us.
 
Darren
 
 
 

Darren Mar-Elia
For comprehensive 
Windows Group Policy Information, check out www.gpoguy.com-- the best source for GPO tips, 
tools and whitepapers. Also check out the Windows 
Group Policy Guide, a soup-to-nuts resource for Group Policy 
information.
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Riley, 
DevinSent: Wednesday, May 10, 2006 9:47 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
GPO

In my experience, this 
now works but there is still one issue. In my testing, groups that you add to 
the local group can be removed by a local admin and group policy does not 
replace them. As a result, I use a simple batch file configured as a startup 
script to achieve the same result. The downside is that it only applies when the 
machine is restarted.
 
Batch File:
net localgroup 
Administrators /add "domain_name\SomeDomainGroupName"
 
Devin Riley
City of Pasadena
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Darren 
Mar-EliaSent: Wednesday, May 10, 2006 8:02 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
GPO

Yes. Here's the KB 
article referencing the fix (works for Win2K as well):
 
http://support.microsoft.com/kb/810076/en-us


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Jef 
KazimerSent: Wednesday, May 10, 2006 7:52 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
GPO

John,
 
Just curious,  was these option *ONLY* availiable in XP SP2?   Any hope 
it exists in Windows Server 2003 SP1? :)
 
Thanks,
 
Jef




> From: [EMAIL PROTECTED]> Subject: RE: [ActiveDir] 
GPO> To: ActiveDir@mail.activedir.org> Date: Wed, 10 May 2006 
08:49:21 -0500> > Hi Peter...> > 
If the clients are SP2, you can use the bottom box, to use it additively.> 
They finally fixed it.> > 
You use the bottom box, kinda backwards relative to the top...So, you would> 
say for the group Domain Users, then that it is always a member of the> 
local power users group.  You can even just browse to that, if you just> 
pick the local machine as the location.> 
> Hope this helps,> John> > > 
> > > 
   > 
 "Peter Johnson"   > 
 <[EMAIL PROTECTED]> > 
 Sent by:   To > 
 [EMAIL PROTECTED]   > 
 ail.activedir.org  cc > 
   > 
   Subject > 
 05/10/2006 08:39  RE: [ActiveDir] GPO > 
 AM> 
   > 
   > 
 Please respond to > 
 [EMAIL PROTECTED] > 
tivedir.org> 
   > 
   > 
> > > > Hi John> > 
Is there some way to define additive versus replacement as the last time> 
I tried this it did a hard replacement.> 
> -Original Message-> 
From: [EMAIL PROTECTED]> 
[mailto:[EMAIL PROTECTED] On Behalf Of> 
[EMAIL PROTECTED]> 
Sent: 10 May 2006 14:57> 
To: ActiveDir@mail.activedir.org> 
Subject: Re: [ActiveDir] GPO> > 
Hi Christine..> > 
You can use the restricted groups function to add say domain users to> 
the> 
power users group on the local machine.  It's a little tricky as one> 
function of it will replace any other members of  the power users group,> 
should there be any.  As of XPSP2 though, you can do it additive,> 
instead> of replacing.> > 
Hope this helps...> > John> > > 
> > > > 
 "Christine Allen"> 
> 
 > 
> 
 bmchp.org>> 
To> 
 Sent by:  "ActiveDir@mail.activedir.org"> 
> 
 [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>> 
> 
 ail.activedir.org> 
cc> > > > Subject> 
 05/10/2006 07:46

Re: [ActiveDir] [OT] GMAIL encoding

[Al Mulnick]

Thanks guys.  I wish sometimes I was more familiar with email and how
it works.  :)





Al




On 5/10/06, Lou Vega <[EMAIL PROTECTED]> wrote:




I don't know exactly where it is off the top of my head because I don't have
access to GMAIL at work, but GMAIL does allow you (to my knowledge) to set
the encoding of your messages if you wanted to…perhaps you can check into
that?



Regards,

Lou







From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joe
Sent: Wednesday, May 10, 2006 10:17 AM
To: ActiveDir@mail.activedir.org
Subject: RE: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"



Ok Al this is getting downright annoying, tell google to stop encoding your
messages in MIME64.



I have already told MSFT to fix Outlook. I am not holding my breath though.






--

O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm










From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al
Mulnick
Sent: Wednesday, May 10, 2006 9:45 AM
To: ActiveDir@mail.activedir.org
Subject: OT: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"

RE: [ActiveDir] GPO

[jpsalemi]

Yep...Absoultely right you don't have to browse, and you can't choose from
there.  Sorry for the confusion.

What I have seen people do by mistake though, is to add Domain Users to the
Domain group "Remote Desktop Users" instead of the local group, by not
paying attention.

It's a powerful piece of GPO's, either way you use it.

Power Users doesn't exist on DC's though.  So, it would have been safe.

John




   
 "Darren Mar-Elia" 
 <[EMAIL PROTECTED] 
 m> To 
 Sent by:
 [EMAIL PROTECTED]  cc 
 ail.activedir.org 
   Subject 
   RE: [ActiveDir] GPO 
 05/10/2006 11:05  
 AM
   
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   




Christine-
Just try typing the group name free-hand in the dialog. You don't have to
browse to it for this work.

Darren

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christine Allen
Sent: Wednesday, May 10, 2006 8:53 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO

Hi,

Is there a special security template I need to add because I can pick any
local groups like power users.


-Christine

Christine N. Allen
Systems Engineer
BMC HealthNet Plan
2 Copley Place
Boston, MA 02116
617-748-6034
617-293-4407

[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, May 10, 2006 10:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO

Hi Jef...

I'm sure it works with 2003 also, was really a bug in XP that they had to
fix, that the additive part just plain didn't work.

I believe, but can't promise that 2000 SP4 works too.

John






 "Jef Kazimer"

 <[EMAIL PROTECTED]>

 Sent by:
To
 [EMAIL PROTECTED] 

 ail.activedir.org
cc



Subject
 05/10/2006 09:52  RE: [ActiveDir] GPO

 AM





 Please respond to

 [EMAIL PROTECTED]

tivedir.org









John,

Just curious,  was these option *ONLY* availiable in XP SP2?   Any hope
it
exists in Windows Server 2003 SP1? :)

Thanks,

Jef


> From: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] GPO
> To: ActiveDir@mail.activedir.org
> Date: Wed, 10 May 2006 08:49:21 -0500
>
> Hi Peter...
>
> If the clients are SP2, you can use the bottom box, to use it
additively.
> They finally fixed it.
>
> You use the bottom box, kinda backwards relative to the top...So, you
would
> say for the group Domain Users, then that it is always a member of the

> local power users group.  You can even just browse to that, if you
> just pick the local machine as the location.
>
> Hope this helps,
> John
>
>
>
>
>
>

>  "Peter Johnson"

>  <[EMAIL PROTECTED]>

>  Sent by:
To
>  [EMAIL PROTECTED] 

>  ail.activedir.org
cc
>

>
Subject
>  05/10/2006 08:39  RE: [ActiveDir] GPO

>  AM

>

>

>  Please respond to

>  [EMAIL PROTECTED]

> tivedir.org

>

>

>
>
>
>
> Hi John
>
> Is there some way to define additive versus replacement as the last
> time I tried this it did a hard replacement.
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: 10 May 2006 14:57
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] GPO
>
> Hi Christine..
>
> You can use the restricted groups function to add say domain users to
> the power users group on the local machine.  It's a little tricky as
> one function of it will replace any other members of  the power users
> group, should there be any.  As of XPSP2 though, you can do it
> additive, instead of replacing.
>
> Hope this helps...
>
> John
>
>
>
>
>
>
>  "Christine Allen"
>
>  
>  bmchp.org>
> To
>  

RE: [ActiveDir] GPO

[Riley, Devin]

In my experience, this 
now works but there is still one issue. In my testing, groups that you add to 
the local group can be removed by a local admin and group policy does not 
replace them. As a result, I use a simple batch file configured as a startup 
script to achieve the same result. The downside is that it only applies when the 
machine is restarted.
 
Batch File:
net localgroup 
Administrators /add "domain_name\SomeDomainGroupName"
 
Devin Riley
City of Pasadena
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Darren 
Mar-EliaSent: Wednesday, May 10, 2006 8:02 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
GPO

Yes. Here's the KB 
article referencing the fix (works for Win2K as well):
 
http://support.microsoft.com/kb/810076/en-us


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Jef 
KazimerSent: Wednesday, May 10, 2006 7:52 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
GPO

John,
 
Just curious,  was these option *ONLY* availiable in XP SP2?   Any hope 
it exists in Windows Server 2003 SP1? :)
 
Thanks,
 
Jef




> From: [EMAIL PROTECTED]> Subject: RE: [ActiveDir] 
GPO> To: ActiveDir@mail.activedir.org> Date: Wed, 10 May 2006 
08:49:21 -0500> > Hi Peter...> > 
If the clients are SP2, you can use the bottom box, to use it additively.> 
They finally fixed it.> > 
You use the bottom box, kinda backwards relative to the top...So, you would> 
say for the group Domain Users, then that it is always a member of the> 
local power users group.  You can even just browse to that, if you just> 
pick the local machine as the location.> 
> Hope this helps,> John> > > 
> > > 
   > 
 "Peter Johnson"   > 
 <[EMAIL PROTECTED]> > 
 Sent by:   To > 
 [EMAIL PROTECTED]   > 
 ail.activedir.org  cc > 
   > 
   Subject > 
 05/10/2006 08:39  RE: [ActiveDir] GPO > 
 AM> 
   > 
   > 
 Please respond to > 
 [EMAIL PROTECTED] > 
tivedir.org> 
   > 
   > 
> > > > Hi John> > 
Is there some way to define additive versus replacement as the last time> 
I tried this it did a hard replacement.> 
> -Original Message-> 
From: [EMAIL PROTECTED]> 
[mailto:[EMAIL PROTECTED] On Behalf Of> 
[EMAIL PROTECTED]> 
Sent: 10 May 2006 14:57> 
To: ActiveDir@mail.activedir.org> 
Subject: Re: [ActiveDir] GPO> > 
Hi Christine..> > 
You can use the restricted groups function to add say domain users to> 
the> 
power users group on the local machine.  It's a little tricky as one> 
function of it will replace any other members of  the power users group,> 
should there be any.  As of XPSP2 though, you can do it additive,> 
instead> of replacing.> > 
Hope this helps...> > John> > > 
> > > > 
 "Christine Allen"> 
> 
 > 
> 
 bmchp.org>> 
To> 
 Sent by:  "ActiveDir@mail.activedir.org"> 
> 
 [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>> 
> 
 ail.activedir.org> 
cc> > > > Subject> 
 05/10/2006 07:46  [ActiveDir] GPO> 
> 
 AM> 
> > > > > 
 Please respond to> 
> 
 [EMAIL PROTECTED]> 
> 
tivedir.org> 
> > > > > > > > > 
Hello,> > > 
Is there a way to change local computer rights via a gpo.  We would like> 
to> 
add our users to the Power users group to distribute software, then take> 
about that right after the software has been deployed.> 
> > -Christine> > > 
Christine N. Allen> Systems Engineer> 
BMC HealthNet Plan> 2 Copley Place> 
Boston, MA 02116> 617-748-6034> 617-293-4407> 
> > [EMAIL PROTECTED]> > > > 
List info   : http://www.activedir.org/List.aspx> 
List FAQ: http://www.activedir.org/ListFAQ.aspx> 
List archive:> 
http://www.mail-archive.com/activedir%40mail.activedir.org/> 
List info   : http://www.activedir.org/List.aspx> 
List FAQ: http://www.activedir.org/ListFAQ.aspx> 
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/> 
> > 
List info   : http://www.activedir.org/

Re: [ActiveDir] [OT] GMAIL encoding

[AdamT]

On 10/05/06, Lou Vega <[EMAIL PROTECTED]> wrote:
>
> I don't know exactly where it is off the top of my head because I don't have
> access to GMAIL at work, but GMAIL does allow you (to my knowledge) to set
> the encoding of your messages if you wanted to…perhaps you can check into
> that?
>
It's under the settings like at the top right of the screen.  You get
a choice of:

Use default text encoding for outgoing messages

Or:

Use Unicode (UTF-8) encoding for outgoing messages


--
AdamT
'Thank-you for not requesting read receipts'
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] [OT] GMAIL encoding

[Lou Vega]

I don’t know exactly where it is off
the top of my head because I don’t have access to GMAIL at work, but
GMAIL does allow you (to my knowledge) to set the encoding of your messages if
you wanted to…perhaps you can check into that?

 

Regards,

Lou

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, May 10, 2006
10:17 AM
To: ActiveDir@mail.activedir.org
Subject: RE: Re: [ActiveDir]
"Several IMAP Accounts-Outlook fail"



 

Ok Al this is getting downright annoying,
tell google to stop encoding your messages in MIME64.

 

I have already told MSFT to fix Outlook. I
am not holding my breath though.

 



 



--

O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 

 



 



 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, May 10, 2006 9:45
AM
To: ActiveDir@mail.activedir.org
Subject: OT: Re: [ActiveDir]
"Several IMAP Accounts-Outlook fail"

Re: [ActiveDir] Exchange queue(OT)

[Tom Kern]

Yup
 
On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:

RE: [ActiveDir] GPO

[Darren Mar-Elia]

Christine-
Just try typing the group name free-hand in the dialog. You don't have to
browse to it for this work.

Darren 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christine Allen
Sent: Wednesday, May 10, 2006 8:53 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO

Hi,

Is there a special security template I need to add because I can pick any
local groups like power users. 


-Christine

Christine N. Allen
Systems Engineer
BMC HealthNet Plan
2 Copley Place
Boston, MA 02116
617-748-6034
617-293-4407

[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, May 10, 2006 10:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO

Hi Jef...

I'm sure it works with 2003 also, was really a bug in XP that they had to
fix, that the additive part just plain didn't work.

I believe, but can't promise that 2000 SP4 works too.

John




 

 "Jef Kazimer"

 <[EMAIL PROTECTED]>

 Sent by:
To 
 [EMAIL PROTECTED] 

 ail.activedir.org
cc 
 

 
Subject 
 05/10/2006 09:52  RE: [ActiveDir] GPO

 AM

 

 

 Please respond to

 [EMAIL PROTECTED]

tivedir.org

 

 





John,

Just curious,  was these option *ONLY* availiable in XP SP2?   Any hope
it
exists in Windows Server 2003 SP1? :)

Thanks,

Jef


> From: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] GPO
> To: ActiveDir@mail.activedir.org
> Date: Wed, 10 May 2006 08:49:21 -0500
>
> Hi Peter...
>
> If the clients are SP2, you can use the bottom box, to use it
additively.
> They finally fixed it.
>
> You use the bottom box, kinda backwards relative to the top...So, you
would
> say for the group Domain Users, then that it is always a member of the

> local power users group.  You can even just browse to that, if you 
> just pick the local machine as the location.
>
> Hope this helps,
> John
>
>
>
>
>
>

>  "Peter Johnson"

>  <[EMAIL PROTECTED]>

>  Sent by:
To
>  [EMAIL PROTECTED] 

>  ail.activedir.org
cc
>

>
Subject
>  05/10/2006 08:39  RE: [ActiveDir] GPO

>  AM

>

>

>  Please respond to

>  [EMAIL PROTECTED]

> tivedir.org

>

>

>
>
>
>
> Hi John
>
> Is there some way to define additive versus replacement as the last 
> time I tried this it did a hard replacement.
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> [EMAIL PROTECTED]
> Sent: 10 May 2006 14:57
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] GPO
>
> Hi Christine..
>
> You can use the restricted groups function to add say domain users to 
> the power users group on the local machine.  It's a little tricky as 
> one function of it will replace any other members of  the power users 
> group, should there be any.  As of XPSP2 though, you can do it 
> additive, instead of replacing.
>
> Hope this helps...
>
> John
>
>
>
>
>
>
>  "Christine Allen"
>
>  
>  bmchp.org>
> To
>  Sent by:  "ActiveDir@mail.activedir.org"
>
>  [EMAIL PROTECTED]
<'ActiveDir@mail.activedir.org'>
>
>  ail.activedir.org
> cc
>
>
>
> Subject
>  05/10/2006 07:46  [ActiveDir] GPO
>
>  AM
>
>
>
>
>
>  Please respond to
>
>  [EMAIL PROTECTED]
>
> tivedir.org
>
>
>
>
>
>
>
>
>
> Hello,
>
>
> Is there a way to change local computer rights via a gpo.  We would 
> like to add our users to the Power users group to distribute software,

> then take about that right after the software has been deployed.
>
>
> -Christine
>
>
> Christine N. Allen
> Systems Engineer
> BMC HealthNet Plan
> 2 Copley Place
> Boston, MA 02116
> 617-748-6034
> 617-293-4407
>
>
> [EMAIL PROTECTED]
>
>
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/



Join the next generation of Hotmail and you could win the adventure of a
lifetime Learn More.



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List 

RE: [ActiveDir] GPO

[Christine Allen]

Hi,

Is there a special security template I need to add because I can pick
any local groups like power users. 


-Christine

Christine N. Allen
Systems Engineer
BMC HealthNet Plan
2 Copley Place
Boston, MA 02116
617-748-6034
617-293-4407

[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, May 10, 2006 10:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO

Hi Jef...

I'm sure it works with 2003 also, was really a bug in XP that they had
to fix, that the additive part just plain didn't work.

I believe, but can't promise that 2000 SP4 works too.

John




 

 "Jef Kazimer"

 <[EMAIL PROTECTED]>

 Sent by:
To 
 [EMAIL PROTECTED] 

 ail.activedir.org
cc 
 

 
Subject 
 05/10/2006 09:52  RE: [ActiveDir] GPO

 AM

 

 

 Please respond to

 [EMAIL PROTECTED]

tivedir.org

 

 





John,

Just curious,  was these option *ONLY* availiable in XP SP2?   Any hope
it
exists in Windows Server 2003 SP1? :)

Thanks,

Jef


> From: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] GPO
> To: ActiveDir@mail.activedir.org
> Date: Wed, 10 May 2006 08:49:21 -0500
>
> Hi Peter...
>
> If the clients are SP2, you can use the bottom box, to use it
additively.
> They finally fixed it.
>
> You use the bottom box, kinda backwards relative to the top...So, you
would
> say for the group Domain Users, then that it is always a member of the

> local power users group.  You can even just browse to that, if you 
> just pick the local machine as the location.
>
> Hope this helps,
> John
>
>
>
>
>
>

>  "Peter Johnson"

>  <[EMAIL PROTECTED]>

>  Sent by:
To
>  [EMAIL PROTECTED] 

>  ail.activedir.org
cc
>

>
Subject
>  05/10/2006 08:39  RE: [ActiveDir] GPO

>  AM

>

>

>  Please respond to

>  [EMAIL PROTECTED]

> tivedir.org

>

>

>
>
>
>
> Hi John
>
> Is there some way to define additive versus replacement as the last 
> time I tried this it did a hard replacement.
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> [EMAIL PROTECTED]
> Sent: 10 May 2006 14:57
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] GPO
>
> Hi Christine..
>
> You can use the restricted groups function to add say domain users to 
> the power users group on the local machine.  It's a little tricky as 
> one function of it will replace any other members of  the power users 
> group, should there be any.  As of XPSP2 though, you can do it 
> additive, instead of replacing.
>
> Hope this helps...
>
> John
>
>
>
>
>
>
>  "Christine Allen"
>
>  
>  bmchp.org>
> To
>  Sent by:  "ActiveDir@mail.activedir.org"
>
>  [EMAIL PROTECTED]
<'ActiveDir@mail.activedir.org'>
>
>  ail.activedir.org
> cc
>
>
>
> Subject
>  05/10/2006 07:46  [ActiveDir] GPO
>
>  AM
>
>
>
>
>
>  Please respond to
>
>  [EMAIL PROTECTED]
>
> tivedir.org
>
>
>
>
>
>
>
>
>
> Hello,
>
>
> Is there a way to change local computer rights via a gpo.  We would 
> like to add our users to the Power users group to distribute software,

> then take about that right after the software has been deployed.
>
>
> -Christine
>
>
> Christine N. Allen
> Systems Engineer
> BMC HealthNet Plan
> 2 Copley Place
> Boston, MA 02116
> 617-748-6034
> 617-293-4407
>
>
> [EMAIL PROTECTED]
>
>
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/



Join the next generation of Hotmail and you could win the adventure of a
lifetime Learn More.



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"

[Al Mulnick]

Why? Blue's your color isn't it?

I'm not sure it's not the list server creating havoc.  It was being
looked into last I checked.

al




On 5/10/06, joe <[EMAIL PROTECTED]> wrote:


Ok Al this is getting downright annoying, tell google to stop encoding your
messages in MIME64.

I have already told MSFT to fix Outlook. I am not holding my breath though.


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al
Mulnick
Sent: Wednesday, May 10, 2006 9:45 AM

To: ActiveDir@mail.activedir.org
Subject: OT: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"


To: ActiveDir@mail.activedir.org
Subject: OT: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"



[EMAIL PROTECTED]   ��V�r�y�&��-�÷Š¾4���i�b��b��

Re: [ActiveDir] Exchange queue(OT)

[Al Mulnick]

These are private (as in created by the user and lives in the PAB of
said user) lists?






On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote:


Thanks Al.

I sent a email to each DL and found out that what was holding it up was that
2 DL's had a member called "ADCDisabledMail" which I know is created by the
ADC but I don't know how it would end up as a contact.
The contact had no email address.

After I removed it, all was fine.

I'm amazed that something like that could stop an email from going out for
days.

Is there a difference in the way the CAT and the advanced queuing engine
process an Outlook private DL over an AD distribution group, btw?

Thank you everyone for all your help


On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
>



[EMAIL PROTECTED]   ��V�r�y�&��-�÷Š¾4���i�b��b��

RE: [ActiveDir] GPO

[Darren Mar-Elia]

Yes. Here's the KB 
article referencing the fix (works for Win2K as well):
 
http://support.microsoft.com/kb/810076/en-us


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Jef 
KazimerSent: Wednesday, May 10, 2006 7:52 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
GPO

John,
 
Just curious,  was these option *ONLY* availiable in XP SP2?   Any hope 
it exists in Windows Server 2003 SP1? :)
 
Thanks,
 
Jef




> From: [EMAIL PROTECTED]> Subject: RE: [ActiveDir] 
GPO> To: ActiveDir@mail.activedir.org> Date: Wed, 10 May 2006 
08:49:21 -0500> > Hi Peter...> > 
If the clients are SP2, you can use the bottom box, to use it additively.> 
They finally fixed it.> > 
You use the bottom box, kinda backwards relative to the top...So, you would> 
say for the group Domain Users, then that it is always a member of the> 
local power users group.  You can even just browse to that, if you just> 
pick the local machine as the location.> 
> Hope this helps,> John> > > 
> > > 
   > 
 "Peter Johnson"   > 
 <[EMAIL PROTECTED]> > 
 Sent by:   To > 
 [EMAIL PROTECTED]   > 
 ail.activedir.org  cc > 
   > 
   Subject > 
 05/10/2006 08:39  RE: [ActiveDir] GPO > 
 AM> 
   > 
   > 
 Please respond to > 
 [EMAIL PROTECTED] > 
tivedir.org> 
   > 
   > 
> > > > Hi John> > 
Is there some way to define additive versus replacement as the last time> 
I tried this it did a hard replacement.> 
> -Original Message-> 
From: [EMAIL PROTECTED]> 
[mailto:[EMAIL PROTECTED] On Behalf Of> 
[EMAIL PROTECTED]> 
Sent: 10 May 2006 14:57> 
To: ActiveDir@mail.activedir.org> 
Subject: Re: [ActiveDir] GPO> > 
Hi Christine..> > 
You can use the restricted groups function to add say domain users to> 
the> 
power users group on the local machine.  It's a little tricky as one> 
function of it will replace any other members of  the power users group,> 
should there be any.  As of XPSP2 though, you can do it additive,> 
instead> of replacing.> > 
Hope this helps...> > John> > > 
> > > > 
 "Christine Allen"> 
> 
 > 
> 
 bmchp.org>> 
To> 
 Sent by:  "ActiveDir@mail.activedir.org"> 
> 
 [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>> 
> 
 ail.activedir.org> 
cc> > > > Subject> 
 05/10/2006 07:46  [ActiveDir] GPO> 
> 
 AM> 
> > > > > 
 Please respond to> 
> 
 [EMAIL PROTECTED]> 
> 
tivedir.org> 
> > > > > > > > > 
Hello,> > > 
Is there a way to change local computer rights via a gpo.  We would like> 
to> 
add our users to the Power users group to distribute software, then take> 
about that right after the software has been deployed.> 
> > -Christine> > > 
Christine N. Allen> Systems Engineer> 
BMC HealthNet Plan> 2 Copley Place> 
Boston, MA 02116> 617-748-6034> 617-293-4407> 
> > [EMAIL PROTECTED]> > > > 
List info   : http://www.activedir.org/List.aspx> 
List FAQ: http://www.activedir.org/ListFAQ.aspx> 
List archive:> 
http://www.mail-archive.com/activedir%40mail.activedir.org/> 
List info   : http://www.activedir.org/List.aspx> 
List FAQ: http://www.activedir.org/ListFAQ.aspx> 
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/> 
> > 
List info   : http://www.activedir.org/List.aspx> 
List FAQ: http://www.activedir.org/ListFAQ.aspx> 
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Join the next generation of Hotmail and you could win the adventure of a 
lifetime Learn More. 

RE: [ActiveDir] GPO

[jpsalemi]

Hi Jef...

I'm sure it works with 2003 also, was really a bug in XP that they had to
fix, that the additive part just plain didn't work.

I believe, but can't promise that 2000 SP4 works too.

John




   
 "Jef Kazimer" 
 <[EMAIL PROTECTED]>  
 Sent by:   To 
 [EMAIL PROTECTED]   
 ail.activedir.org  cc 
   
   Subject 
 05/10/2006 09:52  RE: [ActiveDir] GPO 
 AM
   
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   




John,

Just curious,  was these option *ONLY* availiable in XP SP2?   Any hope it
exists in Windows Server 2003 SP1? :)

Thanks,

Jef


> From: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] GPO
> To: ActiveDir@mail.activedir.org
> Date: Wed, 10 May 2006 08:49:21 -0500
>
> Hi Peter...
>
> If the clients are SP2, you can use the bottom box, to use it additively.
> They finally fixed it.
>
> You use the bottom box, kinda backwards relative to the top...So, you
would
> say for the group Domain Users, then that it is always a member of the
> local power users group.  You can even just browse to that, if you just
> pick the local machine as the location.
>
> Hope this helps,
> John
>
>
>
>
>
>

>  "Peter Johnson"

>  <[EMAIL PROTECTED]>

>  Sent by:
To
>  [EMAIL PROTECTED] 

>  ail.activedir.org
cc
>

>
Subject
>  05/10/2006 08:39  RE: [ActiveDir] GPO

>  AM

>

>

>  Please respond to

>  [EMAIL PROTECTED]

> tivedir.org

>

>

>
>
>
>
> Hi John
>
> Is there some way to define additive versus replacement as the last time
> I tried this it did a hard replacement.
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: 10 May 2006 14:57
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] GPO
>
> Hi Christine..
>
> You can use the restricted groups function to add say domain users to
> the
> power users group on the local machine.  It's a little tricky as one
> function of it will replace any other members of  the power users group,
> should there be any.  As of XPSP2 though, you can do it additive,
> instead
> of replacing.
>
> Hope this helps...
>
> John
>
>
>
>
>
>
>  "Christine Allen"
>
>  
>  bmchp.org>
> To
>  Sent by:  "ActiveDir@mail.activedir.org"
>
>  [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>
>
>  ail.activedir.org
> cc
>
>
>
> Subject
>  05/10/2006 07:46  [ActiveDir] GPO
>
>  AM
>
>
>
>
>
>  Please respond to
>
>  [EMAIL PROTECTED]
>
> tivedir.org
>
>
>
>
>
>
>
>
>
> Hello,
>
>
> Is there a way to change local computer rights via a gpo.  We would like
> to
> add our users to the Power users group to distribute software, then take
> about that right after the software has been deployed.
>
>
> -Christine
>
>
> Christine N. Allen
> Systems Engineer
> BMC HealthNet Plan
> 2 Copley Place
> Boston, MA 02116
> 617-748-6034
> 617-293-4407
>
>
> [EMAIL PROTECTED]
>
>
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



Join the next generation of Hotmail and you could win the adventure of a
lifetime Learn More.



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] GPO

[Jef Kazimer]

John,
 
Just curious,  was these option *ONLY* availiable in XP SP2?   Any hope it exists in Windows Server 2003 SP1? :)
 
Thanks,
 
Jef



> From: [EMAIL PROTECTED]> Subject: RE: [ActiveDir] GPO> To: ActiveDir@mail.activedir.org> Date: Wed, 10 May 2006 08:49:21 -0500> > Hi Peter...> > If the clients are SP2, you can use the bottom box, to use it additively.> They finally fixed it.> > You use the bottom box, kinda backwards relative to the top...So, you would> say for the group Domain Users, then that it is always a member of the> local power users group.  You can even just browse to that, if you just> pick the local machine as the location.> > Hope this helps,> John> > > > > >    >  "Peter Johnson"   >  <[EMAIL PROTECTED]> >  Sent by:   To >  [EMAIL PROTECTED]   >  ail.activedir.org  cc >    >    Subject >  05/10/2006 08:39  RE: [ActiveDir] GPO >  AM>    >    >  Please respond to >  [EMAIL PROTECTED] > tivedir.org>    >    > > > > > Hi John> > Is there some way to define additive versus replacement as the last time> I tried this it did a hard replacement.> > -Original Message-> From: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] On Behalf Of> [EMAIL PROTECTED]> Sent: 10 May 2006 14:57> To: ActiveDir@mail.activedir.org> Subject: Re: [ActiveDir] GPO> > Hi Christine..> > You can use the restricted groups function to add say domain users to> the> power users group on the local machine.  It's a little tricky as one> function of it will replace any other members of  the power users group,> should there be any.  As of XPSP2 though, you can do it additive,> instead> of replacing.> > Hope this helps...> > John> > > > > > >  "Christine Allen"> >  > >  bmchp.org>> To>  Sent by:  "ActiveDir@mail.activedir.org"> >  [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>> >  ail.activedir.org> cc> > > > Subject>  05/10/2006 07:46  [ActiveDir] GPO> >  AM> > > > > >  Please respond to> >  [EMAIL PROTECTED]> > tivedir.org> > > > > > > > > > Hello,> > > Is there a way to change local computer rights via a gpo.  We would like> to> add our users to the Power users group to distribute software, then take> about that right after the software has been deployed.> > > -Christine> > > Christine N. Allen> Systems Engineer> BMC HealthNet Plan> 2 Copley Place> Boston, MA 02116> 617-748-6034> 617-293-4407> > > [EMAIL PROTECTED]> > > > List info   : http://www.activedir.org/List.aspx> List FAQ: http://www.activedir.org/ListFAQ.aspx> List archive:> http://www.mail-archive.com/activedir%40mail.activedir.org/> List info   : http://www.activedir.org/List.aspx> List FAQ: http://www.activedir.org/ListFAQ.aspx> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/> > > List info   : http://www.activedir.org/List.aspx> List FAQ: http://www.activedir.org/ListFAQ.aspx> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/Join the next generation of Hotmail and you could win the adventure of a lifetime Learn More.

Re: [ActiveDir] Exchange queue(OT)

[Tom Kern]

Thanks Al.
 
I sent a email to each DL and found out that what was holding it up was that 2 DL's had a member called "ADCDisabledMail" which I know is created by the ADC but I don't know how it would end up as a contact.

The contact had no email address.
 
After I removed it, all was fine.
 
I'm amazed that something like that could stop an email from going out for days.
 
Is there a difference in the way the CAT and the advanced queuing engine process an Outlook private DL over an AD distribution group, btw?
 
Thank you everyone for all your help 
On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:

RE: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"

[joe]

Ok Al this is getting downright annoying, tell google to 
stop encoding your messages in MIME64.
 
I have already told MSFT to fix Outlook. I am not holding 
my breath though.
 
 

--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Al 
MulnickSent: Wednesday, May 10, 2006 9:45 AMTo: 
ActiveDir@mail.activedir.orgSubject: OT: Re: [ActiveDir] "Several 
IMAP Accounts-Outlook fail"

RE: [ActiveDir] GPO Software Deployment

[Darren Mar-Elia]

Robert-
If Installer is really doing something, it should generate 
an MSI*.log file in %temp% (or in %windir\%temp% for per machine installs). I 
would look in there for a recent one that shows what's going 
on.
 
Darren


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Robert 
RutherfordSent: Wednesday, May 10, 2006 3:05 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] GPO Software 
Deployment


HI 
All,
 
Strange 
one…..
 
I have taken over the 
support of an organisation where the last organisation has made a bit of a pigs 
ear of the AD deployment. It appears upon discussion with staff that a software 
deployment of Acrobat reader has been put in at some point and then removed. I 
also found an old machine with a self built msi package 
on.
 
Now, while the users 
are working away an msi installer window just flickers up on the screen and 
vanishes regularly. This is infuriating for the user base but I can’t seem to 
nail it down as any reference has been removed from the 
registry.
 
Any 
ideas?
 
Cheers,
 
Rob

RE: [ActiveDir] GPO

[jpsalemi]

Hi Peter...

If the clients are SP2, you can use the bottom box, to use it additively.
They finally fixed it.

You use the bottom box, kinda backwards relative to the top...So, you would
say for the group Domain Users, then that it is always a member of the
local power users group.  You can even just browse to that, if you just
pick the local machine as the location.

Hope this helps,
John





   
 "Peter Johnson"   
 <[EMAIL PROTECTED]> 
 Sent by:   To 
 [EMAIL PROTECTED]   
 ail.activedir.org  cc 
   
   Subject 
 05/10/2006 08:39  RE: [ActiveDir] GPO 
 AM
   
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   




Hi John

Is there some way to define additive versus replacement as the last time
I tried this it did a hard replacement.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 10 May 2006 14:57
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] GPO

Hi Christine..

You can use the restricted groups function to add say domain users to
the
power users group on the local machine.  It's a little tricky as one
function of it will replace any other members of  the power users group,
should there be any.  As of XPSP2 though, you can do it additive,
instead
of replacing.

Hope this helps...

John






 "Christine Allen"

 
To
 Sent by:  "ActiveDir@mail.activedir.org"

 [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>

 ail.activedir.org
cc



Subject
 05/10/2006 07:46  [ActiveDir] GPO

 AM





 Please respond to

 [EMAIL PROTECTED]

tivedir.org









Hello,


Is there a way to change local computer rights via a gpo.  We would like
to
add our users to the Power users group to distribute software, then take
about that right after the software has been deployed.


-Christine


Christine N. Allen
Systems Engineer
BMC HealthNet Plan
2 Copley Place
Boston, MA 02116
617-748-6034
617-293-4407


[EMAIL PROTECTED]



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

OT: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"

[Al Mulnick]

You may also consider upgrading to some other version.  OL2002 was a
quirky version especially when it relates to internet protocols (IMAP,
POP, SMTP, etc)

Al

On 5/3/06, Milton Sancho <[EMAIL PROTECTED]> wrote:



Your Server Has Reported a UID Which Does Not Comply with the IMAP Standard"

I received this error once I configured several IMAP email-accounts in the
same profile, the worse point if I use ny other e-mail client
(Thunderbird-Evolution, etc) set the sme e-mail accounts "works fine"

I refer to this Kb:
http://support.microsoft.com/?kbid=294779

However the resolution is not very useful "To resolve this behavior, remove
the IMAP account and create a new one"
I am using Outlook 2003 client ,


Please help me to find a solution

[EMAIL PROTECTED]   ��V�r�y�&��-�÷Š¾4���i�b��b��

RE: [ActiveDir] GPO

[Peter Johnson]

Hi John

Is there some way to define additive versus replacement as the last time
I tried this it did a hard replacement.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 10 May 2006 14:57
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] GPO

Hi Christine..

You can use the restricted groups function to add say domain users to
the
power users group on the local machine.  It's a little tricky as one
function of it will replace any other members of  the power users group,
should there be any.  As of XPSP2 though, you can do it additive,
instead
of replacing.

Hope this helps...

John




 

 "Christine Allen"

 
To 
 Sent by:  "ActiveDir@mail.activedir.org"

 [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>

 ail.activedir.org
cc 
 

 
Subject 
 05/10/2006 07:46  [ActiveDir] GPO

 AM

 

 

 Please respond to

 [EMAIL PROTECTED]

tivedir.org

 

 





Hello,


Is there a way to change local computer rights via a gpo.  We would like
to
add our users to the Power users group to distribute software, then take
about that right after the software has been deployed.


-Christine


Christine N. Allen
Systems Engineer
BMC HealthNet Plan
2 Copley Place
Boston, MA 02116
617-748-6034
617-293-4407


[EMAIL PROTECTED]



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Exchange queue(OT)

[Al Mulnick]

Seems I've been doing that lately :)  I was asking for more information.


The biggest problem is that it's E2K :)

Be sure you're patches are as up to date as they can be for E2K and
the OS they run on.


One other test might help:

"The email causing this issue is an email sent to about 15 private
Outlook DL's which all contain single internal members. Anywhere from
2 to 100, depending on the DL.
No groups or nestd groups in the DL's. All recipients are internal. No
external."


What happens if you only send to one of those DL's? Does any of the
DL's have the same issues that the group of 15 does (test by sending
one message to each and observing the behavior)? That may help to
narrow it down.









On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote:


I didn't get anything, Al.

Just a blank email from you...


On 5/9/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
>



[EMAIL PROTECTED]   ��V�r�y�&��-�÷Š¾4���i�b��b��

Re: [ActiveDir] GPO

[jpsalemi]

Hi Christine..

You can use the restricted groups function to add say domain users to the
power users group on the local machine.  It's a little tricky as one
function of it will replace any other members of  the power users group,
should there be any.  As of XPSP2 though, you can do it additive, instead
of replacing.

Hope this helps...

John




   
 "Christine Allen" 
  To 
 Sent by:  "ActiveDir@mail.activedir.org"  
 [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>
 ail.activedir.org  cc 
   
   Subject 
 05/10/2006 07:46  [ActiveDir] GPO 
 AM
   
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   




Hello,


Is there a way to change local computer rights via a gpo.  We would like to
add our users to the Power users group to distribute software, then take
about that right after the software has been deployed.


-Christine


Christine N. Allen
Systems Engineer
BMC HealthNet Plan
2 Copley Place
Boston, MA 02116
617-748-6034
617-293-4407


[EMAIL PROTECTED]



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] ODBC driver packager

[adriaoramos]

Hi all,

        Does
anyone know a good tool to create msi packages for odbc drivers? (If there´s
 one to do that)
        I need
to install Uniaccess ODBC.
        The
one I have tried (veritas, an old version), did not work fine. 
        I need
to distribute these drivers to many computers

'        Can
any one help me?


___
Adrião Ferreira Ramos
[EMAIL PROTECTED]
Equipe Suporte Windows
(11) 3388-8193

[ActiveDir] GPO

[Christine Allen]

Title: GPO 






Hello,


Is there a way to change local computer rights via a gpo.  We would like to add our users to the Power users group to distribute software, then take about that right after the software has been deployed.

-Christine


Christine N. Allen

Systems Engineer

BMC HealthNet Plan

2 Copley Place

Boston, MA 02116

617-748-6034

617-293-4407


[EMAIL PROTECTED]

RE: [ActiveDir] Site Link Bridging

[Freddy HARTONO]

Title: RE: Site Link Bridging



Shouldnt your time be synchronized irregardless of which 
site you are at?
 

Thank you and have a splendid 
day!
 
Kind Regards,
 
Freddy Hartono
Group Support 
Engineer
InternationalSOS Pte Ltd
mail: 
[EMAIL PROTECTED]
phone: (+65) 
6330-9785
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Ion 
GottSent: Wednesday, May 10, 2006 7:47 AMTo: 
ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.orgSubject: 
RE: [ActiveDir] Site Link Bridging


The primary reason I have 
disabled site link bridging in the past has been to prevent domain controllers 
in spokes with replicating with other dc's in spoke sites that are in another 
hub site when they should only be replicating with DC's in the hub sites and 
second with spoke dc's in their own hub.
 
If for example you had three hub sites and 
one hub site failed you may want the dc's in the spokes to replicate with one of 
the other regional hubs rather than the KCC generating replication links with 
other hubs spoke dc's throughout the environment.
 
Site link costing of course comes into play 
here too...
 




Ion V. 
GottPrincipal Consultant
CISSP, MCSE + Security/Messaging
 


From: [EMAIL PROTECTED] on 
behalf of joeSent: Tue 5/9/2006 6:39 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Site Link 
Bridging

Having site link bridging should not have resulted in DCs 
from different sites registering in the same site unless their wasn't full 
coverage for the domains or if one of the sites didn't have a GC. Something 
isn't right here. 
 
Not that that might not be a response they heard from an 
architecture review though, the quality of 
those reviews/health checks/RAPs and the guidance given at the end 
vary drammatically in quality based on the analyst involved. I have found in 
general though the AD folks can't give any good advice on Exchange and the 
Exchange healthcheck folks can't give very good advice on AD and MSFT doesn't 
have an all consuming healthcheck that takes all of it into account. 
So you end up getting a case of one healthcheck pointing at the other for 
sources of problems. Usually what you see is the AD folks saying everything is 
fine and the Exchange folks saying AD is in trouble but not being able to point 
at anything in particular.
 
  joe
 

--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Tuesday, May 09, 2006 6:41 
AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 
Site Link Bridging

A friend of a friend when designing a new forest was asked 
to disable site link bridging (forest wide) based upon the reasoning given 
below.
 
I fail to see any connection between the description below 
and site link bridging.
 
Does anyone see how these issues could be caused by 
bridging and furthermore, why the issue would have been resolved by disabling 
bridging???
 
neil
PS I 
don't necessarily believe that MS really did suggest disabling bridging would 
help - I merely copy/pasted the original thread :)
___Neil RustonGlobal Technology 
InfrastructureNomura 
International plcTelephone: +44 (0) 20 7521 3481 
 

 
 We had an issue 
where the Domain Controllers in the New York site and New Jersey site were being 
registered under one site in DNS. This was causing users to authenticate to DC’s 
over the WAN link as well as Exchange servers using GC’s over the WAN link. This 
was causing some delays in users logging on as well as outlook being slow using 
the address book.
 Also servers were 
synching up their time with DC’s in other sites causing w32 time errors at night 
and during the weekend while backups were running. This caused some servers to 
have their time offset be 3-5 seconds.
 We had Microsoft 
on-site services evaluate the infrastructure and they recommended that we 
disable the Site Link Bridging to increase performance of the above issues. 

 
PLEASE READ: The 
information contained in this email is confidential and 
intended for the 
named recipient(s) only. If you are not an intended 
recipient of this 
email please notify the sender immediately and delete your 
copy from your 
system. You must not copy, distribute or take any further 
action in reliance 
on it. Email is not a secure method of communication and 
Nomura International 
plc ('NIplc') will not, to the extent permitted by law, 
accept 
responsibility or liability for (a) the accuracy or completeness of, 

or (b) the presence 
of any virus, worm or similar malicious or disabling 
code in, this 
message or any attachment(s) to it. If verification of this 
email is sought then 
please request a hard copy. Unless otherwise stated 
this email: (1) is 
not, and should not be treated or relied upon as, 
investment research; 
(2) contains views or opinions that are solely those of 
the author and do 
not necessarily represent those of NIplc; (3) is in

[ActiveDir] GPO Software Deployment

[Robert Rutherford]

HI All,

 

Strange one…..

 

I have taken over the support of an
organisation where the last organisation has made a bit of a pigs ear of the AD
deployment. It appears upon discussion with staff that a software deployment of
Acrobat reader has been put in at some point and then removed. I also found an
old machine with a self built msi package on.

 

Now, while the users are working away an
msi installer window just flickers up on the screen and vanishes regularly.
This is infuriating for the user base but I can’t seem to nail it down as
any reference has been removed from the registry.

 

Any ideas?

 

Cheers,

 

Rob

RE: [ActiveDir] Site Link Bridging

[neil.ruston]

Title: RE: Site Link Bridging



Appropriate costs would mitigate this issue. I would not 
disable bridging in a multi hub topology, unless there were other good reasons 
to do so.
 
 
neil


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Ion 
GottSent: 10 May 2006 00:47To: 
ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.orgSubject: 
RE: [ActiveDir] Site Link Bridging


The primary reason I have 
disabled site link bridging in the past has been to prevent domain controllers 
in spokes with replicating with other dc's in spoke sites that are in another 
hub site when they should only be replicating with DC's in the hub sites and 
second with spoke dc's in their own hub.
 
If for example you had three hub sites and 
one hub site failed you may want the dc's in the spokes to replicate with one of 
the other regional hubs rather than the KCC generating replication links with 
other hubs spoke dc's throughout the environment.
 
Site link costing of course comes into play 
here too...
 




Ion V. 
GottPrincipal Consultant
CISSP, MCSE + Security/Messaging
 


From: [EMAIL PROTECTED] on 
behalf of joeSent: Tue 5/9/2006 6:39 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Site Link 
Bridging

Having site link bridging should not have resulted in DCs 
from different sites registering in the same site unless their wasn't full 
coverage for the domains or if one of the sites didn't have a GC. Something 
isn't right here. 
 
Not that that might not be a response they heard from an 
architecture review though, the quality of 
those reviews/health checks/RAPs and the guidance given at the end 
vary drammatically in quality based on the analyst involved. I have found in 
general though the AD folks can't give any good advice on Exchange and the 
Exchange healthcheck folks can't give very good advice on AD and MSFT doesn't 
have an all consuming healthcheck that takes all of it into account. 
So you end up getting a case of one healthcheck pointing at the other for 
sources of problems. Usually what you see is the AD folks saying everything is 
fine and the Exchange folks saying AD is in trouble but not being able to point 
at anything in particular.
 
  joe
 

--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Tuesday, May 09, 2006 6:41 
AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 
Site Link Bridging

A friend of a friend when designing a new forest was asked 
to disable site link bridging (forest wide) based upon the reasoning given 
below.
 
I fail to see any connection between the description below 
and site link bridging.
 
Does anyone see how these issues could be caused by 
bridging and furthermore, why the issue would have been resolved by disabling 
bridging???
 
neil
PS I 
don't necessarily believe that MS really did suggest disabling bridging would 
help - I merely copy/pasted the original thread :)
___Neil RustonGlobal Technology 
InfrastructureNomura 
International plcTelephone: +44 (0) 20 7521 3481 
 

 
 We had an issue 
where the Domain Controllers in the New York site and New Jersey site were being 
registered under one site in DNS. This was causing users to authenticate to DC’s 
over the WAN link as well as Exchange servers using GC’s over the WAN link. This 
was causing some delays in users logging on as well as outlook being slow using 
the address book.
 Also servers were 
synching up their time with DC’s in other sites causing w32 time errors at night 
and during the weekend while backups were running. This caused some servers to 
have their time offset be 3-5 seconds.
 We had Microsoft 
on-site services evaluate the infrastructure and they recommended that we 
disable the Site Link Bridging to increase performance of the above issues. 

 
PLEASE READ: The 
information contained in this email is confidential and 
intended for the 
named recipient(s) only. If you are not an intended 
recipient of this 
email please notify the sender immediately and delete your 
copy from your 
system. You must not copy, distribute or take any further 
action in reliance 
on it. Email is not a secure method of communication and 
Nomura International 
plc ('NIplc') will not, to the extent permitted by law, 
accept 
responsibility or liability for (a) the accuracy or completeness of, 

or (b) the presence 
of any virus, worm or similar malicious or disabling 
code in, this 
message or any attachment(s) to it. If verification of this 
email is sought then 
please request a hard copy. Unless otherwise stated 
this email: (1) is 
not, and should not be treated or relied upon as, 
investment research; 
(2) contains views or opinions that are solely those of 
the author and do 
not necessarily represent those of NIplc; (3) is intended 
for informational 
purposes only and is not a recommendation, solicitation or 
offer to buy or sel

Re: [ActiveDir] Exchange queue(OT)

[Tom Kern]

I didn't get anything, Al.
 
Just a blank email from you... 
On 5/9/06, Al Mulnick <[EMAIL PROTECTED]> wrote: