Re: [ActiveDir] Exchange queue(OT)
Hopefully we get this cleared up before too long. Blank messages makes it look like I'm smarter than I am. Can you export it and see if there's a X.500 and/or exchangeDN (likely you'd see that in one of the display panels, but... it would look like a x.500 address vs. a display name or something like that.) On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote: Under the "email addresses" tab, it is empty(kinda like this email I'm replying to now :) ) Thanks On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] ��V�r�y�&��-�÷¾4���i�b��b��
[ActiveDir] OT: Exchange patch this month
Since there are a lot of Exchange questions on this list.. just a fyi there's a lovely patch for Exchange this month that not only changes persmissions affecting Blackberries...but has 'from remote attack' impact. You Had Me At EHLO... : BlackBerry and GoodLink users may be unable to send messages after applying latest Exchange 2003 store hotfixes: http://msexchangeteam.com/archive/2006/01/13/417440.aspx On a SBS box it so far.. "is" requiring reboot. Microsoft Security Bulletin MS06-019: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803): http://www.microsoft.com/technet/security/Bulletin/MS06-019.mspx And the EHLO blog has a new landing place http://msexchangeteam.com/ -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP queries
You need to enable paging. If they don't support paging there is an issue and you should probably feed that back to them. In the meanwhile you could sync your data into an ADAM set and then crank up the page size setting. I do not recommend doing it for your production AD. I don't really recommend it for ADAM either but if those are your only choices... Regardless, bring it up to your vendor. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, DevonSent: Wednesday, May 10, 2006 5:35 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP queries Is there a search limit on Global Catalogs? The problem I could be having is that this Symantec appliance is limited to a 10,000 object search. When I use LDAP Browser/editor, it returns only 1000 entries. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, May 08, 2006 5:22 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP queries I am not familiar with the device, does it pull the objects locally and keep in some sort of cache or ??? Note that you will need to be searching the GC port to find anything since you have stuff across multiple domains. So find the way to specify port and say 3268 (or 3269 if you want SSL but lets get it working first. :o) Now as for the queries A query to find all users (i.e. not contacts) who are exchange enabled (both mail and mailbox enabled) you would do something like (&(sAMAccountType=805306368)(proxyaddresses=*)) or (&(sAMAccountType=805306368)(mailnickname=*)) either should perform about the same. For non-Exchange enabled groups which is what *I think* you are looking for in the second query (&(grouptype=*)(!(proxyaddresses=*))) or (&(grouptype=*)(!(mailnickname=*))) ...should be similar perf. For exchange enabled groups (&(grouptype=*)(proxyaddresses=*)) or (&(grouptype=*)(mailnickname=*)) Again, should be comparable... joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, DevonSent: Monday, May 08, 2006 4:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAP queries I’m using a Symantec Mail Security 8260 appliance that used LDAP to prevent Directory Harvest attacks. The problem is, the built in queries is causing an issue with adding the LDAP server. We have an empty root with several child domains. Here are the queries: Query start (Sync base DN): DC=domain,DC=com User query: (|(mail=*)(proxyAddresses=*)) Group query: (&(!(mail=*))(!(proxyAddresses=*))) Distribution list query: (|(mail=*)(proxyAddresses=*)) My question is, what other LDAP filters can I use instead of these to accomplish the result of querying for user SMTP addresses & distribution groups? Devon Harding Windows Systems Engineer Southern Wine & Spirits - BSG 954-602-2469 --- This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. --- This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
RE: [ActiveDir] Windows Defender
_SO) glad I know this... It means that I can sleep tonight now... themolk. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Thursday, 11 May 2006 9:41 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Windows Defender > > Return Receipt > > >Your [ActiveDir] Windows Defender > >document: > > > >wasBob Mich/DSS/COSLO > >received > >by: > > > >at:05/10/2006 04:41:29 PM > > > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Windows Defender
Return Receipt Your [ActiveDir] Windows Defender document: wasBob Mich/DSS/COSLO received by: at:05/10/2006 04:41:29 PM List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP queries
Yes, you have to page the results.You could always (not recommended) change the query response limit in ntdsutil. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, DevonSent: Wednesday, May 10, 2006 2:35 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP queries Is there a search limit on Global Catalogs? The problem I could be having is that this Symantec appliance is limited to a 10,000 object search. When I use LDAP Browser/editor, it returns only 1000 entries. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, May 08, 2006 5:22 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP queries I am not familiar with the device, does it pull the objects locally and keep in some sort of cache or ??? Note that you will need to be searching the GC port to find anything since you have stuff across multiple domains. So find the way to specify port and say 3268 (or 3269 if you want SSL but lets get it working first. :o) Now as for the queries A query to find all users (i.e. not contacts) who are exchange enabled (both mail and mailbox enabled) you would do something like (&(sAMAccountType=805306368)(proxyaddresses=*)) or (&(sAMAccountType=805306368)(mailnickname=*)) either should perform about the same. For non-Exchange enabled groups which is what *I think* you are looking for in the second query (&(grouptype=*)(!(proxyaddresses=*))) or (&(grouptype=*)(!(mailnickname=*))) ...should be similar perf. For exchange enabled groups (&(grouptype=*)(proxyaddresses=*)) or (&(grouptype=*)(mailnickname=*)) Again, should be comparable... joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, DevonSent: Monday, May 08, 2006 4:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAP queries I’m using a Symantec Mail Security 8260 appliance that used LDAP to prevent Directory Harvest attacks. The problem is, the built in queries is causing an issue with adding the LDAP server. We have an empty root with several child domains. Here are the queries: Query start (Sync base DN): DC=domain,DC=com User query: (|(mail=*)(proxyAddresses=*)) Group query: (&(!(mail=*))(!(proxyAddresses=*))) Distribution list query: (|(mail=*)(proxyAddresses=*)) My question is, what other LDAP filters can I use instead of these to accomplish the result of querying for user SMTP addresses & distribution groups? Devon Harding Windows Systems Engineer Southern Wine & Spirits - BSG 954-602-2469 --- This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. --- This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
RE: [ActiveDir] LDAP queries
Is there a search limit on Global Catalogs? The problem I could be having is that this Symantec appliance is limited to a 10,000 object search. When I use LDAP Browser/editor, it returns only 1000 entries. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, May 08, 2006 5:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP queries I am not familiar with the device, does it pull the objects locally and keep in some sort of cache or ??? Note that you will need to be searching the GC port to find anything since you have stuff across multiple domains. So find the way to specify port and say 3268 (or 3269 if you want SSL but lets get it working first. :o) Now as for the queries A query to find all users (i.e. not contacts) who are exchange enabled (both mail and mailbox enabled) you would do something like (&(sAMAccountType=805306368)(proxyaddresses=*)) or (&(sAMAccountType=805306368)(mailnickname=*)) either should perform about the same. For non-Exchange enabled groups which is what *I think* you are looking for in the second query (&(grouptype=*)(!(proxyaddresses=*))) or (&(grouptype=*)(!(mailnickname=*))) ...should be similar perf. For exchange enabled groups (&(grouptype=*)(proxyaddresses=*)) or (&(grouptype=*)(mailnickname=*)) Again, should be comparable... joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Monday, May 08, 2006 4:24 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP queries I’m using a Symantec Mail Security 8260 appliance that used LDAP to prevent Directory Harvest attacks. The problem is, the built in queries is causing an issue with adding the LDAP server. We have an empty root with several child domains. Here are the queries: Query start (Sync base DN): DC=domain,DC=com User query: (|(mail=*)(proxyAddresses=*)) Group query: (&(!(mail=*))(!(proxyAddresses=*))) Distribution list query: (|(mail=*)(proxyAddresses=*)) My question is, what other LDAP filters can I use instead of these to accomplish the result of querying for user SMTP addresses & distribution groups? Devon Harding Windows Systems Engineer Southern Wine & Spirits - BSG 954-602-2469 --- This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. --- This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication.
Re: [ActiveDir] Exchange queue(OT)
Under the "email addresses" tab, it is empty(kinda like this email I'm replying to now :) ) Thanks On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
Re: [ActiveDir] Exchange queue(OT)
Interesting. I changed nothing, but let's move past that for now ;-) I'm stuck on the idea that a contact with no address was submitted to the server for processing. That has an address doesn't it? If you export it, it has maybe a legacyexchangedn or something? al On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote: Well the answer to your first question is "yup" to both :) I actually was replying to "nothingness" for awhile because i couldn't read your email until you changed the encoding in your gmail(i kept looking at the html postings on Activedir.org to see your response). Exchange 2k is current and up to date(mixed mode, though we have no Exchange 5.5 servers). So is the OS(win2k sp4 plus hotfixes) The user is sending to DL's in her pab. Outlook 2k. I imported her DL's into my Outlook 2k client and sent to each one. One by one while checking the Exchange queues When I got to the DL with the ADCDisabledMail contact with no addy, it just sat in the "awaiting directory lookup" queue forever. When i got rid of that contact and resent to the DL, everything went through. Afetr removing that contact from the other DL, I sent an email to all 15 DL's simultaneously as the user would, and this went through fine However, I'm starting to think there is something wrong with the Exchange enviorment here because sometimes i see email stuck in that queue from other senders as well. In fact while writing this email, I see that an 2emails each to ine recipient(one external, the other internal) are stuck in the directory lookup queue. I have CAT logging set at 7 and the event id I see for the internal mail is- Event Type: Error Event Source: MSExchangeTransport Event Category: Categorizer Event ID: 9004 Date: 5/10/2006 Time: 11:23:06 AM User: N/A Computer: EXSERVER1 Description: Categorizer encountered a hard error while processing a message. While processing user 'smtp: [EMAIL PROTECTED]', the function 'ExpandRecipient' called 'HrSaveBCCRecipientIfNecessary' which returned error code '0xc0040550' (The property was not set. ). A DSN has been generated. ( m:[EMAIL PROTECTED] ) Data: : 50 05 04 c0 P..à And I also get this one for the external recipient- Event Type: Error Event Source: MSExchangeTransport Event Category: Categorizer Event ID: 9004 Date: 5/10/2006 Time: 11:23:06 AM User: N/A Computer: EXSERVER1 Description: Categorizer encountered a hard error while processing a message. While processing user 'smtp: [EMAIL PROTECTED]', the function 'CPhatCat::SaveBCCRecipientIfNecessary' called 'HrGetP1RecipientListEncoder' which returned error code '0xc0040550' (The property was not set. ). A DSN has been generated. ( m:[EMAIL PROTECTED] ) Data: : 50 05 04 c0 P..à Thanks for any insight you can provide. On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > Your reply came back as yup, but no context to know if you were just > being sly and saying yup to nothingness or if it was related to the > last question. I'll assume the latter. > > That's not a good thing then that there was no email address and it > made it all the way to the CAT. That should be kicked out at the > client, and if not at the client, during submission. Did you verify > that your E2K and operating system are as up to date as possible? If > not, how far back are you? > > > Al > > > > > > On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote: > > > > Yup > > > > > > > > On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > > > > > > > > [EMAIL PROTECTED] ��V�r�y�&��-�÷¾4���i�b��b��
[ActiveDir] Windows Defender
I installed Windows Defender (Beta) this weekend and it promptly removed two programs that I didn’t want it to. Reinstalling one of the programs is not an option. I have two questions: 1. Where is the setting so Windows Defender will prompt me prior to uninstalling a program instead of automatically uninstalling it without notification? 2. Where is the setting to tell Defender to restore the programs it has uninstalled. Thanks. Tony
Re: [ActiveDir] Exchange queue(OT)
Well the answer to your first question is "yup" to both :) I actually was replying to "nothingness" for awhile because i couldn't read your email until you changed the encoding in your gmail(i kept looking at the html postings on Activedir.org to see your response). Exchange 2k is current and up to date(mixed mode, though we have no Exchange 5.5 servers). So is the OS(win2k sp4 plus hotfixes) The user is sending to DL's in her pab. Outlook 2k. I imported her DL's into my Outlook 2k client and sent to each one. One by one while checking the Exchange queues When I got to the DL with the ADCDisabledMail contact with no addy, it just sat in the "awaiting directory lookup" queue forever. When i got rid of that contact and resent to the DL, everything went through. Afetr removing that contact from the other DL, I sent an email to all 15 DL's simultaneously as the user would, and this went through fine However, I'm starting to think there is something wrong with the Exchange enviorment here because sometimes i see email stuck in that queue from other senders as well. In fact while writing this email, I see that an 2emails each to ine recipient(one external, the other internal) are stuck in the directory lookup queue. I have CAT logging set at 7 and the event id I see for the internal mail is- Event Type: ErrorEvent Source: MSExchangeTransportEvent Category: Categorizer Event ID: 9004Date: 5/10/2006Time: 11:23:06 AMUser: N/AComputer: EXSERVER1Description:Categorizer encountered a hard error while processing a message. While processing user 'smtp: [EMAIL PROTECTED]', the function 'ExpandRecipient' called 'HrSaveBCCRecipientIfNecessary' which returned error code '0xc0040550' (The property was not set.). A DSN has been generated. ( m:[EMAIL PROTECTED] ) Data:: 50 05 04 c0 P..À And I also get this one for the external recipient- Event Type: ErrorEvent Source: MSExchangeTransportEvent Category: Categorizer Event ID: 9004Date: 5/10/2006Time: 11:23:06 AMUser: N/AComputer: EXSERVER1Description:Categorizer encountered a hard error while processing a message. While processing user 'smtp: [EMAIL PROTECTED]', the function 'CPhatCat::SaveBCCRecipientIfNecessary' called 'HrGetP1RecipientListEncoder' which returned error code '0xc0040550' (The property was not set. ). A DSN has been generated. ( m:[EMAIL PROTECTED] ) Data:: 50 05 04 c0 P..À Thanks for any insight you can provide. On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote: Your reply came back as yup, but no context to know if you were justbeing sly and saying yup to nothingness or if it was related to the last question. I'll assume the latter.That's not a good thing then that there was no email address and itmade it all the way to the CAT. That should be kicked out at theclient, and if not at the client, during submission. Did you verify that your E2K and operating system are as up to date as possible? Ifnot, how far back are you?AlOn 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote: >> Yup On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:> >>>
RE: [ActiveDir] Exchange queue(OT)
Sweet! I can see your messages again Al. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, May 10, 2006 1:10 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Exchange queue(OT) Your reply came back as yup, but no context to know if you were just being sly and saying yup to nothingness or if it was related to the last question. I'll assume the latter. That's not a good thing then that there was no email address and it made it all the way to the CAT. That should be kicked out at the client, and if not at the client, during submission. Did you verify that your E2K and operating system are as up to date as possible? If not, how far back are you? Al On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote: > > Yup > > > > On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > > > > .+w֧B+v*rz Vryi˽箊 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] [OT] GMAIL encoding
Thanks for that. My question is why doesnt the mail sent by Al viewable by other gmail users? I was also seen blank emails and I use gmail too. M@ On 5/10/06, AdamT <[EMAIL PROTECTED]> wrote: On 10/05/06, Lou Vega <[EMAIL PROTECTED]> wrote: > > I don't know exactly where it is off the top of my head because I don't have > access to GMAIL at work, but GMAIL does allow you (to my knowledge) to set > the encoding of your messages if you wanted toâ¦perhaps you can check into > that? > It's under the settings like at the top right of the screen. You get a choice of: Use default text encoding for outgoing messages Or: Use Unicode (UTF-8) encoding for outgoing messages -- AdamT 'Thank-you for not requesting read receipts' List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ [EMAIL PROTECTED] ��V�r�y�&��-�÷¾4���i�b��b��
Re: [ActiveDir] Exchange queue(OT)
Your reply came back as yup, but no context to know if you were just being sly and saying yup to nothingness or if it was related to the last question. I'll assume the latter. That's not a good thing then that there was no email address and it made it all the way to the CAT. That should be kicked out at the client, and if not at the client, during submission. Did you verify that your E2K and operating system are as up to date as possible? If not, how far back are you? Al On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote: Yup On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote: >
RE: [ActiveDir] GPO
This is primarily because GP will only refresh if the GPO has changed or, in the case of security policy, every 16 hours by default. However, there are a couple of ways around this. You can set security policy to refresh during every background interval by enabling the relevant policy at computer configuration\admin templates\system\group policy\security policy processing, or, you can tune down the 16 hour interval by modifying the registry value on every client, described at http://support.microsoft.com/kb/277543/en-us. Darren Darren Mar-Elia For comprehensive Windows Group Policy Information, check out www.gpoguy.com-- the best source for GPO tips, tools and whitepapers. Also check out the Windows Group Policy Guide, a soup-to-nuts resource for Group Policy information. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Riley, DevinSent: Wednesday, May 10, 2006 9:47 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] GPO In my experience, this now works but there is still one issue. In my testing, groups that you add to the local group can be removed by a local admin and group policy does not replace them. As a result, I use a simple batch file configured as a startup script to achieve the same result. The downside is that it only applies when the machine is restarted. Batch File: net localgroup Administrators /add "domain_name\SomeDomainGroupName" Devin Riley City of Pasadena From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Wednesday, May 10, 2006 8:02 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] GPO Yes. Here's the KB article referencing the fix (works for Win2K as well): http://support.microsoft.com/kb/810076/en-us From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jef KazimerSent: Wednesday, May 10, 2006 7:52 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] GPO John, Just curious, was these option *ONLY* availiable in XP SP2? Any hope it exists in Windows Server 2003 SP1? :) Thanks, Jef > From: [EMAIL PROTECTED]> Subject: RE: [ActiveDir] GPO> To: ActiveDir@mail.activedir.org> Date: Wed, 10 May 2006 08:49:21 -0500> > Hi Peter...> > If the clients are SP2, you can use the bottom box, to use it additively.> They finally fixed it.> > You use the bottom box, kinda backwards relative to the top...So, you would> say for the group Domain Users, then that it is always a member of the> local power users group. You can even just browse to that, if you just> pick the local machine as the location.> > Hope this helps,> John> > > > > > > "Peter Johnson" > <[EMAIL PROTECTED]> > Sent by: To > [EMAIL PROTECTED] > ail.activedir.org cc > > Subject > 05/10/2006 08:39 RE: [ActiveDir] GPO > AM> > > Please respond to > [EMAIL PROTECTED] > tivedir.org> > > > > > > Hi John> > Is there some way to define additive versus replacement as the last time> I tried this it did a hard replacement.> > -Original Message-> From: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] On Behalf Of> [EMAIL PROTECTED]> Sent: 10 May 2006 14:57> To: ActiveDir@mail.activedir.org> Subject: Re: [ActiveDir] GPO> > Hi Christine..> > You can use the restricted groups function to add say domain users to> the> power users group on the local machine. It's a little tricky as one> function of it will replace any other members of the power users group,> should there be any. As of XPSP2 though, you can do it additive,> instead> of replacing.> > Hope this helps...> > John> > > > > > > "Christine Allen"> > > > bmchp.org>> To> Sent by: "ActiveDir@mail.activedir.org"> > [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>> > ail.activedir.org> cc> > > > Subject> 05/10/2006 07:46
Re: [ActiveDir] [OT] GMAIL encoding
Thanks guys. I wish sometimes I was more familiar with email and how it works. :) Al On 5/10/06, Lou Vega <[EMAIL PROTECTED]> wrote: I don't know exactly where it is off the top of my head because I don't have access to GMAIL at work, but GMAIL does allow you (to my knowledge) to set the encoding of your messages if you wanted to…perhaps you can check into that? Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, May 10, 2006 10:17 AM To: ActiveDir@mail.activedir.org Subject: RE: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail" Ok Al this is getting downright annoying, tell google to stop encoding your messages in MIME64. I have already told MSFT to fix Outlook. I am not holding my breath though. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, May 10, 2006 9:45 AM To: ActiveDir@mail.activedir.org Subject: OT: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"
RE: [ActiveDir] GPO
Yep...Absoultely right you don't have to browse, and you can't choose from there. Sorry for the confusion. What I have seen people do by mistake though, is to add Domain Users to the Domain group "Remote Desktop Users" instead of the local group, by not paying attention. It's a powerful piece of GPO's, either way you use it. Power Users doesn't exist on DC's though. So, it would have been safe. John "Darren Mar-Elia" <[EMAIL PROTECTED] m> To Sent by: [EMAIL PROTECTED] cc ail.activedir.org Subject RE: [ActiveDir] GPO 05/10/2006 11:05 AM Please respond to [EMAIL PROTECTED] tivedir.org Christine- Just try typing the group name free-hand in the dialog. You don't have to browse to it for this work. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christine Allen Sent: Wednesday, May 10, 2006 8:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO Hi, Is there a special security template I need to add because I can pick any local groups like power users. -Christine Christine N. Allen Systems Engineer BMC HealthNet Plan 2 Copley Place Boston, MA 02116 617-748-6034 617-293-4407 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, May 10, 2006 10:58 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO Hi Jef... I'm sure it works with 2003 also, was really a bug in XP that they had to fix, that the additive part just plain didn't work. I believe, but can't promise that 2000 SP4 works too. John "Jef Kazimer" <[EMAIL PROTECTED]> Sent by: To [EMAIL PROTECTED] ail.activedir.org cc Subject 05/10/2006 09:52 RE: [ActiveDir] GPO AM Please respond to [EMAIL PROTECTED] tivedir.org John, Just curious, was these option *ONLY* availiable in XP SP2? Any hope it exists in Windows Server 2003 SP1? :) Thanks, Jef > From: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] GPO > To: ActiveDir@mail.activedir.org > Date: Wed, 10 May 2006 08:49:21 -0500 > > Hi Peter... > > If the clients are SP2, you can use the bottom box, to use it additively. > They finally fixed it. > > You use the bottom box, kinda backwards relative to the top...So, you would > say for the group Domain Users, then that it is always a member of the > local power users group. You can even just browse to that, if you > just pick the local machine as the location. > > Hope this helps, > John > > > > > > > "Peter Johnson" > <[EMAIL PROTECTED]> > Sent by: To > [EMAIL PROTECTED] > ail.activedir.org cc > > Subject > 05/10/2006 08:39 RE: [ActiveDir] GPO > AM > > > Please respond to > [EMAIL PROTECTED] > tivedir.org > > > > > > > Hi John > > Is there some way to define additive versus replacement as the last > time I tried this it did a hard replacement. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: 10 May 2006 14:57 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] GPO > > Hi Christine.. > > You can use the restricted groups function to add say domain users to > the power users group on the local machine. It's a little tricky as > one function of it will replace any other members of the power users > group, should there be any. As of XPSP2 though, you can do it > additive, instead of replacing. > > Hope this helps... > > John > > > > > > > "Christine Allen" > > > bmchp.org> > To >
RE: [ActiveDir] GPO
In my experience, this now works but there is still one issue. In my testing, groups that you add to the local group can be removed by a local admin and group policy does not replace them. As a result, I use a simple batch file configured as a startup script to achieve the same result. The downside is that it only applies when the machine is restarted. Batch File: net localgroup Administrators /add "domain_name\SomeDomainGroupName" Devin Riley City of Pasadena From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Wednesday, May 10, 2006 8:02 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] GPO Yes. Here's the KB article referencing the fix (works for Win2K as well): http://support.microsoft.com/kb/810076/en-us From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jef KazimerSent: Wednesday, May 10, 2006 7:52 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] GPO John, Just curious, was these option *ONLY* availiable in XP SP2? Any hope it exists in Windows Server 2003 SP1? :) Thanks, Jef > From: [EMAIL PROTECTED]> Subject: RE: [ActiveDir] GPO> To: ActiveDir@mail.activedir.org> Date: Wed, 10 May 2006 08:49:21 -0500> > Hi Peter...> > If the clients are SP2, you can use the bottom box, to use it additively.> They finally fixed it.> > You use the bottom box, kinda backwards relative to the top...So, you would> say for the group Domain Users, then that it is always a member of the> local power users group. You can even just browse to that, if you just> pick the local machine as the location.> > Hope this helps,> John> > > > > > > "Peter Johnson" > <[EMAIL PROTECTED]> > Sent by: To > [EMAIL PROTECTED] > ail.activedir.org cc > > Subject > 05/10/2006 08:39 RE: [ActiveDir] GPO > AM> > > Please respond to > [EMAIL PROTECTED] > tivedir.org> > > > > > > Hi John> > Is there some way to define additive versus replacement as the last time> I tried this it did a hard replacement.> > -Original Message-> From: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] On Behalf Of> [EMAIL PROTECTED]> Sent: 10 May 2006 14:57> To: ActiveDir@mail.activedir.org> Subject: Re: [ActiveDir] GPO> > Hi Christine..> > You can use the restricted groups function to add say domain users to> the> power users group on the local machine. It's a little tricky as one> function of it will replace any other members of the power users group,> should there be any. As of XPSP2 though, you can do it additive,> instead> of replacing.> > Hope this helps...> > John> > > > > > > "Christine Allen"> > > > bmchp.org>> To> Sent by: "ActiveDir@mail.activedir.org"> > [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>> > ail.activedir.org> cc> > > > Subject> 05/10/2006 07:46 [ActiveDir] GPO> > AM> > > > > > Please respond to> > [EMAIL PROTECTED]> > tivedir.org> > > > > > > > > > Hello,> > > Is there a way to change local computer rights via a gpo. We would like> to> add our users to the Power users group to distribute software, then take> about that right after the software has been deployed.> > > -Christine> > > Christine N. Allen> Systems Engineer> BMC HealthNet Plan> 2 Copley Place> Boston, MA 02116> 617-748-6034> 617-293-4407> > > [EMAIL PROTECTED]> > > > List info : http://www.activedir.org/List.aspx> List FAQ: http://www.activedir.org/ListFAQ.aspx> List archive:> http://www.mail-archive.com/activedir%40mail.activedir.org/> List info : http://www.activedir.org/List.aspx> List FAQ: http://www.activedir.org/ListFAQ.aspx> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/> > > List info : http://www.activedir.org/
Re: [ActiveDir] [OT] GMAIL encoding
On 10/05/06, Lou Vega <[EMAIL PROTECTED]> wrote: > > I don't know exactly where it is off the top of my head because I don't have > access to GMAIL at work, but GMAIL does allow you (to my knowledge) to set > the encoding of your messages if you wanted to…perhaps you can check into > that? > It's under the settings like at the top right of the screen. You get a choice of: Use default text encoding for outgoing messages Or: Use Unicode (UTF-8) encoding for outgoing messages -- AdamT 'Thank-you for not requesting read receipts' List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] [OT] GMAIL encoding
I don’t know exactly where it is off the top of my head because I don’t have access to GMAIL at work, but GMAIL does allow you (to my knowledge) to set the encoding of your messages if you wanted to…perhaps you can check into that? Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, May 10, 2006 10:17 AM To: ActiveDir@mail.activedir.org Subject: RE: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail" Ok Al this is getting downright annoying, tell google to stop encoding your messages in MIME64. I have already told MSFT to fix Outlook. I am not holding my breath though. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, May 10, 2006 9:45 AM To: ActiveDir@mail.activedir.org Subject: OT: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"
Re: [ActiveDir] Exchange queue(OT)
Yup On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
RE: [ActiveDir] GPO
Christine- Just try typing the group name free-hand in the dialog. You don't have to browse to it for this work. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christine Allen Sent: Wednesday, May 10, 2006 8:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO Hi, Is there a special security template I need to add because I can pick any local groups like power users. -Christine Christine N. Allen Systems Engineer BMC HealthNet Plan 2 Copley Place Boston, MA 02116 617-748-6034 617-293-4407 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, May 10, 2006 10:58 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO Hi Jef... I'm sure it works with 2003 also, was really a bug in XP that they had to fix, that the additive part just plain didn't work. I believe, but can't promise that 2000 SP4 works too. John "Jef Kazimer" <[EMAIL PROTECTED]> Sent by: To [EMAIL PROTECTED] ail.activedir.org cc Subject 05/10/2006 09:52 RE: [ActiveDir] GPO AM Please respond to [EMAIL PROTECTED] tivedir.org John, Just curious, was these option *ONLY* availiable in XP SP2? Any hope it exists in Windows Server 2003 SP1? :) Thanks, Jef > From: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] GPO > To: ActiveDir@mail.activedir.org > Date: Wed, 10 May 2006 08:49:21 -0500 > > Hi Peter... > > If the clients are SP2, you can use the bottom box, to use it additively. > They finally fixed it. > > You use the bottom box, kinda backwards relative to the top...So, you would > say for the group Domain Users, then that it is always a member of the > local power users group. You can even just browse to that, if you > just pick the local machine as the location. > > Hope this helps, > John > > > > > > > "Peter Johnson" > <[EMAIL PROTECTED]> > Sent by: To > [EMAIL PROTECTED] > ail.activedir.org cc > > Subject > 05/10/2006 08:39 RE: [ActiveDir] GPO > AM > > > Please respond to > [EMAIL PROTECTED] > tivedir.org > > > > > > > Hi John > > Is there some way to define additive versus replacement as the last > time I tried this it did a hard replacement. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: 10 May 2006 14:57 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] GPO > > Hi Christine.. > > You can use the restricted groups function to add say domain users to > the power users group on the local machine. It's a little tricky as > one function of it will replace any other members of the power users > group, should there be any. As of XPSP2 though, you can do it > additive, instead of replacing. > > Hope this helps... > > John > > > > > > > "Christine Allen" > > > bmchp.org> > To > Sent by: "ActiveDir@mail.activedir.org" > > [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'> > > ail.activedir.org > cc > > > > Subject > 05/10/2006 07:46 [ActiveDir] GPO > > AM > > > > > > Please respond to > > [EMAIL PROTECTED] > > tivedir.org > > > > > > > > > > Hello, > > > Is there a way to change local computer rights via a gpo. We would > like to add our users to the Power users group to distribute software, > then take about that right after the software has been deployed. > > > -Christine > > > Christine N. Allen > Systems Engineer > BMC HealthNet Plan > 2 Copley Place > Boston, MA 02116 > 617-748-6034 > 617-293-4407 > > > [EMAIL PROTECTED] > > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ Join the next generation of Hotmail and you could win the adventure of a lifetime Learn More. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List
RE: [ActiveDir] GPO
Hi, Is there a special security template I need to add because I can pick any local groups like power users. -Christine Christine N. Allen Systems Engineer BMC HealthNet Plan 2 Copley Place Boston, MA 02116 617-748-6034 617-293-4407 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, May 10, 2006 10:58 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO Hi Jef... I'm sure it works with 2003 also, was really a bug in XP that they had to fix, that the additive part just plain didn't work. I believe, but can't promise that 2000 SP4 works too. John "Jef Kazimer" <[EMAIL PROTECTED]> Sent by: To [EMAIL PROTECTED] ail.activedir.org cc Subject 05/10/2006 09:52 RE: [ActiveDir] GPO AM Please respond to [EMAIL PROTECTED] tivedir.org John, Just curious, was these option *ONLY* availiable in XP SP2? Any hope it exists in Windows Server 2003 SP1? :) Thanks, Jef > From: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] GPO > To: ActiveDir@mail.activedir.org > Date: Wed, 10 May 2006 08:49:21 -0500 > > Hi Peter... > > If the clients are SP2, you can use the bottom box, to use it additively. > They finally fixed it. > > You use the bottom box, kinda backwards relative to the top...So, you would > say for the group Domain Users, then that it is always a member of the > local power users group. You can even just browse to that, if you > just pick the local machine as the location. > > Hope this helps, > John > > > > > > > "Peter Johnson" > <[EMAIL PROTECTED]> > Sent by: To > [EMAIL PROTECTED] > ail.activedir.org cc > > Subject > 05/10/2006 08:39 RE: [ActiveDir] GPO > AM > > > Please respond to > [EMAIL PROTECTED] > tivedir.org > > > > > > > Hi John > > Is there some way to define additive versus replacement as the last > time I tried this it did a hard replacement. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: 10 May 2006 14:57 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] GPO > > Hi Christine.. > > You can use the restricted groups function to add say domain users to > the power users group on the local machine. It's a little tricky as > one function of it will replace any other members of the power users > group, should there be any. As of XPSP2 though, you can do it > additive, instead of replacing. > > Hope this helps... > > John > > > > > > > "Christine Allen" > > > bmchp.org> > To > Sent by: "ActiveDir@mail.activedir.org" > > [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'> > > ail.activedir.org > cc > > > > Subject > 05/10/2006 07:46 [ActiveDir] GPO > > AM > > > > > > Please respond to > > [EMAIL PROTECTED] > > tivedir.org > > > > > > > > > > Hello, > > > Is there a way to change local computer rights via a gpo. We would > like to add our users to the Power users group to distribute software, > then take about that right after the software has been deployed. > > > -Christine > > > Christine N. Allen > Systems Engineer > BMC HealthNet Plan > 2 Copley Place > Boston, MA 02116 > 617-748-6034 > 617-293-4407 > > > [EMAIL PROTECTED] > > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ Join the next generation of Hotmail and you could win the adventure of a lifetime Learn More. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"
Why? Blue's your color isn't it? I'm not sure it's not the list server creating havoc. It was being looked into last I checked. al On 5/10/06, joe <[EMAIL PROTECTED]> wrote: Ok Al this is getting downright annoying, tell google to stop encoding your messages in MIME64. I have already told MSFT to fix Outlook. I am not holding my breath though. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, May 10, 2006 9:45 AM To: ActiveDir@mail.activedir.org Subject: OT: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail" To: ActiveDir@mail.activedir.org Subject: OT: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail" [EMAIL PROTECTED] ��V�r�y�&��-�÷¾4���i�b��b��
Re: [ActiveDir] Exchange queue(OT)
These are private (as in created by the user and lives in the PAB of said user) lists? On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote: Thanks Al. I sent a email to each DL and found out that what was holding it up was that 2 DL's had a member called "ADCDisabledMail" which I know is created by the ADC but I don't know how it would end up as a contact. The contact had no email address. After I removed it, all was fine. I'm amazed that something like that could stop an email from going out for days. Is there a difference in the way the CAT and the advanced queuing engine process an Outlook private DL over an AD distribution group, btw? Thank you everyone for all your help On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] ��V�r�y�&��-�÷¾4���i�b��b��
RE: [ActiveDir] GPO
Yes. Here's the KB article referencing the fix (works for Win2K as well): http://support.microsoft.com/kb/810076/en-us From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jef KazimerSent: Wednesday, May 10, 2006 7:52 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] GPO John, Just curious, was these option *ONLY* availiable in XP SP2? Any hope it exists in Windows Server 2003 SP1? :) Thanks, Jef > From: [EMAIL PROTECTED]> Subject: RE: [ActiveDir] GPO> To: ActiveDir@mail.activedir.org> Date: Wed, 10 May 2006 08:49:21 -0500> > Hi Peter...> > If the clients are SP2, you can use the bottom box, to use it additively.> They finally fixed it.> > You use the bottom box, kinda backwards relative to the top...So, you would> say for the group Domain Users, then that it is always a member of the> local power users group. You can even just browse to that, if you just> pick the local machine as the location.> > Hope this helps,> John> > > > > > > "Peter Johnson" > <[EMAIL PROTECTED]> > Sent by: To > [EMAIL PROTECTED] > ail.activedir.org cc > > Subject > 05/10/2006 08:39 RE: [ActiveDir] GPO > AM> > > Please respond to > [EMAIL PROTECTED] > tivedir.org> > > > > > > Hi John> > Is there some way to define additive versus replacement as the last time> I tried this it did a hard replacement.> > -Original Message-> From: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] On Behalf Of> [EMAIL PROTECTED]> Sent: 10 May 2006 14:57> To: ActiveDir@mail.activedir.org> Subject: Re: [ActiveDir] GPO> > Hi Christine..> > You can use the restricted groups function to add say domain users to> the> power users group on the local machine. It's a little tricky as one> function of it will replace any other members of the power users group,> should there be any. As of XPSP2 though, you can do it additive,> instead> of replacing.> > Hope this helps...> > John> > > > > > > "Christine Allen"> > > > bmchp.org>> To> Sent by: "ActiveDir@mail.activedir.org"> > [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>> > ail.activedir.org> cc> > > > Subject> 05/10/2006 07:46 [ActiveDir] GPO> > AM> > > > > > Please respond to> > [EMAIL PROTECTED]> > tivedir.org> > > > > > > > > > Hello,> > > Is there a way to change local computer rights via a gpo. We would like> to> add our users to the Power users group to distribute software, then take> about that right after the software has been deployed.> > > -Christine> > > Christine N. Allen> Systems Engineer> BMC HealthNet Plan> 2 Copley Place> Boston, MA 02116> 617-748-6034> 617-293-4407> > > [EMAIL PROTECTED]> > > > List info : http://www.activedir.org/List.aspx> List FAQ: http://www.activedir.org/ListFAQ.aspx> List archive:> http://www.mail-archive.com/activedir%40mail.activedir.org/> List info : http://www.activedir.org/List.aspx> List FAQ: http://www.activedir.org/ListFAQ.aspx> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/> > > List info : http://www.activedir.org/List.aspx> List FAQ: http://www.activedir.org/ListFAQ.aspx> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Join the next generation of Hotmail and you could win the adventure of a lifetime Learn More.
RE: [ActiveDir] GPO
Hi Jef... I'm sure it works with 2003 also, was really a bug in XP that they had to fix, that the additive part just plain didn't work. I believe, but can't promise that 2000 SP4 works too. John "Jef Kazimer" <[EMAIL PROTECTED]> Sent by: To [EMAIL PROTECTED] ail.activedir.org cc Subject 05/10/2006 09:52 RE: [ActiveDir] GPO AM Please respond to [EMAIL PROTECTED] tivedir.org John, Just curious, was these option *ONLY* availiable in XP SP2? Any hope it exists in Windows Server 2003 SP1? :) Thanks, Jef > From: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] GPO > To: ActiveDir@mail.activedir.org > Date: Wed, 10 May 2006 08:49:21 -0500 > > Hi Peter... > > If the clients are SP2, you can use the bottom box, to use it additively. > They finally fixed it. > > You use the bottom box, kinda backwards relative to the top...So, you would > say for the group Domain Users, then that it is always a member of the > local power users group. You can even just browse to that, if you just > pick the local machine as the location. > > Hope this helps, > John > > > > > > > "Peter Johnson" > <[EMAIL PROTECTED]> > Sent by: To > [EMAIL PROTECTED] > ail.activedir.org cc > > Subject > 05/10/2006 08:39 RE: [ActiveDir] GPO > AM > > > Please respond to > [EMAIL PROTECTED] > tivedir.org > > > > > > > Hi John > > Is there some way to define additive versus replacement as the last time > I tried this it did a hard replacement. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: 10 May 2006 14:57 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] GPO > > Hi Christine.. > > You can use the restricted groups function to add say domain users to > the > power users group on the local machine. It's a little tricky as one > function of it will replace any other members of the power users group, > should there be any. As of XPSP2 though, you can do it additive, > instead > of replacing. > > Hope this helps... > > John > > > > > > > "Christine Allen" > > > bmchp.org> > To > Sent by: "ActiveDir@mail.activedir.org" > > [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'> > > ail.activedir.org > cc > > > > Subject > 05/10/2006 07:46 [ActiveDir] GPO > > AM > > > > > > Please respond to > > [EMAIL PROTECTED] > > tivedir.org > > > > > > > > > > Hello, > > > Is there a way to change local computer rights via a gpo. We would like > to > add our users to the Power users group to distribute software, then take > about that right after the software has been deployed. > > > -Christine > > > Christine N. Allen > Systems Engineer > BMC HealthNet Plan > 2 Copley Place > Boston, MA 02116 > 617-748-6034 > 617-293-4407 > > > [EMAIL PROTECTED] > > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Join the next generation of Hotmail and you could win the adventure of a lifetime Learn More. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO
John, Just curious, was these option *ONLY* availiable in XP SP2? Any hope it exists in Windows Server 2003 SP1? :) Thanks, Jef > From: [EMAIL PROTECTED]> Subject: RE: [ActiveDir] GPO> To: ActiveDir@mail.activedir.org> Date: Wed, 10 May 2006 08:49:21 -0500> > Hi Peter...> > If the clients are SP2, you can use the bottom box, to use it additively.> They finally fixed it.> > You use the bottom box, kinda backwards relative to the top...So, you would> say for the group Domain Users, then that it is always a member of the> local power users group. You can even just browse to that, if you just> pick the local machine as the location.> > Hope this helps,> John> > > > > > > "Peter Johnson" > <[EMAIL PROTECTED]> > Sent by: To > [EMAIL PROTECTED] > ail.activedir.org cc > > Subject > 05/10/2006 08:39 RE: [ActiveDir] GPO > AM> > > Please respond to > [EMAIL PROTECTED] > tivedir.org> > > > > > > Hi John> > Is there some way to define additive versus replacement as the last time> I tried this it did a hard replacement.> > -Original Message-> From: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] On Behalf Of> [EMAIL PROTECTED]> Sent: 10 May 2006 14:57> To: ActiveDir@mail.activedir.org> Subject: Re: [ActiveDir] GPO> > Hi Christine..> > You can use the restricted groups function to add say domain users to> the> power users group on the local machine. It's a little tricky as one> function of it will replace any other members of the power users group,> should there be any. As of XPSP2 though, you can do it additive,> instead> of replacing.> > Hope this helps...> > John> > > > > > > "Christine Allen"> > > > bmchp.org>> To> Sent by: "ActiveDir@mail.activedir.org"> > [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'>> > ail.activedir.org> cc> > > > Subject> 05/10/2006 07:46 [ActiveDir] GPO> > AM> > > > > > Please respond to> > [EMAIL PROTECTED]> > tivedir.org> > > > > > > > > > Hello,> > > Is there a way to change local computer rights via a gpo. We would like> to> add our users to the Power users group to distribute software, then take> about that right after the software has been deployed.> > > -Christine> > > Christine N. Allen> Systems Engineer> BMC HealthNet Plan> 2 Copley Place> Boston, MA 02116> 617-748-6034> 617-293-4407> > > [EMAIL PROTECTED]> > > > List info : http://www.activedir.org/List.aspx> List FAQ: http://www.activedir.org/ListFAQ.aspx> List archive:> http://www.mail-archive.com/activedir%40mail.activedir.org/> List info : http://www.activedir.org/List.aspx> List FAQ: http://www.activedir.org/ListFAQ.aspx> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/> > > List info : http://www.activedir.org/List.aspx> List FAQ: http://www.activedir.org/ListFAQ.aspx> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/Join the next generation of Hotmail and you could win the adventure of a lifetime Learn More.
Re: [ActiveDir] Exchange queue(OT)
Thanks Al. I sent a email to each DL and found out that what was holding it up was that 2 DL's had a member called "ADCDisabledMail" which I know is created by the ADC but I don't know how it would end up as a contact. The contact had no email address. After I removed it, all was fine. I'm amazed that something like that could stop an email from going out for days. Is there a difference in the way the CAT and the advanced queuing engine process an Outlook private DL over an AD distribution group, btw? Thank you everyone for all your help On 5/10/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
RE: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"
Ok Al this is getting downright annoying, tell google to stop encoding your messages in MIME64. I have already told MSFT to fix Outlook. I am not holding my breath though. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Wednesday, May 10, 2006 9:45 AMTo: ActiveDir@mail.activedir.orgSubject: OT: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"
RE: [ActiveDir] GPO Software Deployment
Robert- If Installer is really doing something, it should generate an MSI*.log file in %temp% (or in %windir\%temp% for per machine installs). I would look in there for a recent one that shows what's going on. Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert RutherfordSent: Wednesday, May 10, 2006 3:05 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] GPO Software Deployment HI All, Strange one….. I have taken over the support of an organisation where the last organisation has made a bit of a pigs ear of the AD deployment. It appears upon discussion with staff that a software deployment of Acrobat reader has been put in at some point and then removed. I also found an old machine with a self built msi package on. Now, while the users are working away an msi installer window just flickers up on the screen and vanishes regularly. This is infuriating for the user base but I can’t seem to nail it down as any reference has been removed from the registry. Any ideas? Cheers, Rob
RE: [ActiveDir] GPO
Hi Peter... If the clients are SP2, you can use the bottom box, to use it additively. They finally fixed it. You use the bottom box, kinda backwards relative to the top...So, you would say for the group Domain Users, then that it is always a member of the local power users group. You can even just browse to that, if you just pick the local machine as the location. Hope this helps, John "Peter Johnson" <[EMAIL PROTECTED]> Sent by: To [EMAIL PROTECTED] ail.activedir.org cc Subject 05/10/2006 08:39 RE: [ActiveDir] GPO AM Please respond to [EMAIL PROTECTED] tivedir.org Hi John Is there some way to define additive versus replacement as the last time I tried this it did a hard replacement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 10 May 2006 14:57 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GPO Hi Christine.. You can use the restricted groups function to add say domain users to the power users group on the local machine. It's a little tricky as one function of it will replace any other members of the power users group, should there be any. As of XPSP2 though, you can do it additive, instead of replacing. Hope this helps... John "Christine Allen" To Sent by: "ActiveDir@mail.activedir.org" [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'> ail.activedir.org cc Subject 05/10/2006 07:46 [ActiveDir] GPO AM Please respond to [EMAIL PROTECTED] tivedir.org Hello, Is there a way to change local computer rights via a gpo. We would like to add our users to the Power users group to distribute software, then take about that right after the software has been deployed. -Christine Christine N. Allen Systems Engineer BMC HealthNet Plan 2 Copley Place Boston, MA 02116 617-748-6034 617-293-4407 [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
OT: Re: [ActiveDir] "Several IMAP Accounts-Outlook fail"
You may also consider upgrading to some other version. OL2002 was a quirky version especially when it relates to internet protocols (IMAP, POP, SMTP, etc) Al On 5/3/06, Milton Sancho <[EMAIL PROTECTED]> wrote: Your Server Has Reported a UID Which Does Not Comply with the IMAP Standard" I received this error once I configured several IMAP email-accounts in the same profile, the worse point if I use ny other e-mail client (Thunderbird-Evolution, etc) set the sme e-mail accounts "works fine" I refer to this Kb: http://support.microsoft.com/?kbid=294779 However the resolution is not very useful "To resolve this behavior, remove the IMAP account and create a new one" I am using Outlook 2003 client , Please help me to find a solution [EMAIL PROTECTED] ��V�r�y�&��-�÷¾4���i�b��b��
RE: [ActiveDir] GPO
Hi John Is there some way to define additive versus replacement as the last time I tried this it did a hard replacement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 10 May 2006 14:57 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GPO Hi Christine.. You can use the restricted groups function to add say domain users to the power users group on the local machine. It's a little tricky as one function of it will replace any other members of the power users group, should there be any. As of XPSP2 though, you can do it additive, instead of replacing. Hope this helps... John "Christine Allen" To Sent by: "ActiveDir@mail.activedir.org" [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'> ail.activedir.org cc Subject 05/10/2006 07:46 [ActiveDir] GPO AM Please respond to [EMAIL PROTECTED] tivedir.org Hello, Is there a way to change local computer rights via a gpo. We would like to add our users to the Power users group to distribute software, then take about that right after the software has been deployed. -Christine Christine N. Allen Systems Engineer BMC HealthNet Plan 2 Copley Place Boston, MA 02116 617-748-6034 617-293-4407 [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Exchange queue(OT)
Seems I've been doing that lately :) I was asking for more information. The biggest problem is that it's E2K :) Be sure you're patches are as up to date as they can be for E2K and the OS they run on. One other test might help: "The email causing this issue is an email sent to about 15 private Outlook DL's which all contain single internal members. Anywhere from 2 to 100, depending on the DL. No groups or nestd groups in the DL's. All recipients are internal. No external." What happens if you only send to one of those DL's? Does any of the DL's have the same issues that the group of 15 does (test by sending one message to each and observing the behavior)? That may help to narrow it down. On 5/10/06, Tom Kern <[EMAIL PROTECTED]> wrote: I didn't get anything, Al. Just a blank email from you... On 5/9/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] ��V�r�y�&��-�÷¾4���i�b��b��
Re: [ActiveDir] GPO
Hi Christine.. You can use the restricted groups function to add say domain users to the power users group on the local machine. It's a little tricky as one function of it will replace any other members of the power users group, should there be any. As of XPSP2 though, you can do it additive, instead of replacing. Hope this helps... John "Christine Allen" To Sent by: "ActiveDir@mail.activedir.org" [EMAIL PROTECTED] <'ActiveDir@mail.activedir.org'> ail.activedir.org cc Subject 05/10/2006 07:46 [ActiveDir] GPO AM Please respond to [EMAIL PROTECTED] tivedir.org Hello, Is there a way to change local computer rights via a gpo. We would like to add our users to the Power users group to distribute software, then take about that right after the software has been deployed. -Christine Christine N. Allen Systems Engineer BMC HealthNet Plan 2 Copley Place Boston, MA 02116 617-748-6034 617-293-4407 [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] ODBC driver packager
Hi all, Does anyone know a good tool to create msi packages for odbc drivers? (If there´s one to do that) I need to install Uniaccess ODBC. The one I have tried (veritas, an old version), did not work fine. I need to distribute these drivers to many computers ' Can any one help me? ___ Adrião Ferreira Ramos [EMAIL PROTECTED] Equipe Suporte Windows (11) 3388-8193
[ActiveDir] GPO
Title: GPO Hello, Is there a way to change local computer rights via a gpo. We would like to add our users to the Power users group to distribute software, then take about that right after the software has been deployed. -Christine Christine N. Allen Systems Engineer BMC HealthNet Plan 2 Copley Place Boston, MA 02116 617-748-6034 617-293-4407 [EMAIL PROTECTED]
RE: [ActiveDir] Site Link Bridging
Title: RE: Site Link Bridging Shouldnt your time be synchronized irregardless of which site you are at? Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ion GottSent: Wednesday, May 10, 2006 7:47 AMTo: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Site Link Bridging The primary reason I have disabled site link bridging in the past has been to prevent domain controllers in spokes with replicating with other dc's in spoke sites that are in another hub site when they should only be replicating with DC's in the hub sites and second with spoke dc's in their own hub. If for example you had three hub sites and one hub site failed you may want the dc's in the spokes to replicate with one of the other regional hubs rather than the KCC generating replication links with other hubs spoke dc's throughout the environment. Site link costing of course comes into play here too... Ion V. GottPrincipal Consultant CISSP, MCSE + Security/Messaging From: [EMAIL PROTECTED] on behalf of joeSent: Tue 5/9/2006 6:39 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Site Link Bridging Having site link bridging should not have resulted in DCs from different sites registering in the same site unless their wasn't full coverage for the domains or if one of the sites didn't have a GC. Something isn't right here. Not that that might not be a response they heard from an architecture review though, the quality of those reviews/health checks/RAPs and the guidance given at the end vary drammatically in quality based on the analyst involved. I have found in general though the AD folks can't give any good advice on Exchange and the Exchange healthcheck folks can't give very good advice on AD and MSFT doesn't have an all consuming healthcheck that takes all of it into account. So you end up getting a case of one healthcheck pointing at the other for sources of problems. Usually what you see is the AD folks saying everything is fine and the Exchange folks saying AD is in trouble but not being able to point at anything in particular. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Tuesday, May 09, 2006 6:41 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Site Link Bridging A friend of a friend when designing a new forest was asked to disable site link bridging (forest wide) based upon the reasoning given below. I fail to see any connection between the description below and site link bridging. Does anyone see how these issues could be caused by bridging and furthermore, why the issue would have been resolved by disabling bridging??? neil PS I don't necessarily believe that MS really did suggest disabling bridging would help - I merely copy/pasted the original thread :) ___Neil RustonGlobal Technology InfrastructureNomura International plcTelephone: +44 (0) 20 7521 3481 We had an issue where the Domain Controllers in the New York site and New Jersey site were being registered under one site in DNS. This was causing users to authenticate to DC’s over the WAN link as well as Exchange servers using GC’s over the WAN link. This was causing some delays in users logging on as well as outlook being slow using the address book. Also servers were synching up their time with DC’s in other sites causing w32 time errors at night and during the weekend while backups were running. This caused some servers to have their time offset be 3-5 seconds. We had Microsoft on-site services evaluate the infrastructure and they recommended that we disable the Site Link Bridging to increase performance of the above issues. PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is in
[ActiveDir] GPO Software Deployment
HI All, Strange one….. I have taken over the support of an organisation where the last organisation has made a bit of a pigs ear of the AD deployment. It appears upon discussion with staff that a software deployment of Acrobat reader has been put in at some point and then removed. I also found an old machine with a self built msi package on. Now, while the users are working away an msi installer window just flickers up on the screen and vanishes regularly. This is infuriating for the user base but I can’t seem to nail it down as any reference has been removed from the registry. Any ideas? Cheers, Rob
RE: [ActiveDir] Site Link Bridging
Title: RE: Site Link Bridging Appropriate costs would mitigate this issue. I would not disable bridging in a multi hub topology, unless there were other good reasons to do so. neil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ion GottSent: 10 May 2006 00:47To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Site Link Bridging The primary reason I have disabled site link bridging in the past has been to prevent domain controllers in spokes with replicating with other dc's in spoke sites that are in another hub site when they should only be replicating with DC's in the hub sites and second with spoke dc's in their own hub. If for example you had three hub sites and one hub site failed you may want the dc's in the spokes to replicate with one of the other regional hubs rather than the KCC generating replication links with other hubs spoke dc's throughout the environment. Site link costing of course comes into play here too... Ion V. GottPrincipal Consultant CISSP, MCSE + Security/Messaging From: [EMAIL PROTECTED] on behalf of joeSent: Tue 5/9/2006 6:39 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Site Link Bridging Having site link bridging should not have resulted in DCs from different sites registering in the same site unless their wasn't full coverage for the domains or if one of the sites didn't have a GC. Something isn't right here. Not that that might not be a response they heard from an architecture review though, the quality of those reviews/health checks/RAPs and the guidance given at the end vary drammatically in quality based on the analyst involved. I have found in general though the AD folks can't give any good advice on Exchange and the Exchange healthcheck folks can't give very good advice on AD and MSFT doesn't have an all consuming healthcheck that takes all of it into account. So you end up getting a case of one healthcheck pointing at the other for sources of problems. Usually what you see is the AD folks saying everything is fine and the Exchange folks saying AD is in trouble but not being able to point at anything in particular. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Tuesday, May 09, 2006 6:41 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Site Link Bridging A friend of a friend when designing a new forest was asked to disable site link bridging (forest wide) based upon the reasoning given below. I fail to see any connection between the description below and site link bridging. Does anyone see how these issues could be caused by bridging and furthermore, why the issue would have been resolved by disabling bridging??? neil PS I don't necessarily believe that MS really did suggest disabling bridging would help - I merely copy/pasted the original thread :) ___Neil RustonGlobal Technology InfrastructureNomura International plcTelephone: +44 (0) 20 7521 3481 We had an issue where the Domain Controllers in the New York site and New Jersey site were being registered under one site in DNS. This was causing users to authenticate to DC’s over the WAN link as well as Exchange servers using GC’s over the WAN link. This was causing some delays in users logging on as well as outlook being slow using the address book. Also servers were synching up their time with DC’s in other sites causing w32 time errors at night and during the weekend while backups were running. This caused some servers to have their time offset be 3-5 seconds. We had Microsoft on-site services evaluate the infrastructure and they recommended that we disable the Site Link Bridging to increase performance of the above issues. PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sel
Re: [ActiveDir] Exchange queue(OT)
I didn't get anything, Al. Just a blank email from you... On 5/9/06, Al Mulnick <[EMAIL PROTECTED]> wrote: