[ActiveDir] Different between Exchange 2000 and 2003
Hi all, Can any onepls tell me what's deffernet between Exchange 2000 and 2003. Regards, Ajay.
Re: [ActiveDir] Different between Exchange 2000 and 2003
Can yo please narrow that down a bit? In terms of security? In terms of features? Exchange 2000 you have internal IM built in.. Exchange 2003 you don't and have to purchase LCS. Exchange 2000 has had some pretty nasty security bugs that didn't require authentication to exploit Exchange 2003's only real nasty one that made me jump up and down to get SBSers to patch is the recent iCal vulnerability. Better recovery story in the 2003 era than 2000 era is another strong advantage in my book. Outlook over http.. hands down right there is a huge advantage. Exchange 2003 sp2 mobility story.. remote wipe.. Window Mobile is really starting to kick butt over Blackberry.. the Treos are Blackberry killer.. and for standard Exchange boxes.. the fact that in the Exchange 2003 sp2 era we have 75 gigs of storage wheras before we had 16 gig max (and no snickering from the terrabyte folks.. I can hear you over there) means we don't have Standard firms buying the Exchange Enterprise as much anymore as they were hitting that 16 gig ceiling. .. and I just barely scratched the surface IMHO Ajay Kumar wrote: Hi all, Can any one pls tell me what's deffernet between Exchange 2000 and 2003. Regards, Ajay. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] [OT]Identity Access Mangement
There's a basic workflow example available, IIRC either with SP1 or a Reskit. It's webbased and easy to modify/adjust. A workflow engine is supposed to ship with Gemini (the next full version of MIIS). This was mentioned in the TechEds and IT-Forums of the last two years (at least), so anyone who did attend should be able to find the sessions. Currently you are able to use Biztalk as workflow engine, or the Office 2007 workflow engine when available. Gruesse - Sincerely, Ulf B. Simon-Weidner Profile Publications: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811 D Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: Thursday, May 25, 2006 12:00 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] [OT]Identity Access Mangement On Thu, 25 May 2006 11:53:43 +0200, Carlos Magalhaes wrote Not yet no but we both know thats in the pipe line for SP2. I still would like to know why MIIS was not an option.C Workflow is not included in SP2, some solution is planned in Gemini time frame -- Tomasz Onyszko http://www.w2k.pl/ (PL blog) http://blogs.dirteam.com/blogs/tomek (EN blog) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] OT help with VBS/WMI Script
I'm usually prefering not to use CMD-Commands out of VBS if not necessary
(there are many areas where it's really handy, but a ping is not one of
them).
You can also use WMI to ping the machine - works fast and you don't have to
text-analyze the output of the ping-command. I've just dug out an example
for you at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/
wmi_tasks__networking.asp - look at the last example.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
Profile Publications:
http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811
D
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Bernier, Brandon (.)
Sent: Thursday, May 25, 2006 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT help with VBS/WMI Script
If your concerned about the server being up, incorporate this
into your script. It will ping the box and execute your logic
if its up. This is just an example, it wouldn't actually work
if you cut and paste it.
Set objShell = CreateObject(WScript.Shell)
For Each strServerName in colServerList
Set objScriptExec = objShell.Exec(ping -n 2 -w 1000
servername)
strPingResults = LCase(objScriptExec.StdOut.ReadAll)
If InStr(strPingResults, reply from) Then
Put your OS version WMI code here, call
a function preferably.
Else
Wscript.Echo Error:
Err.Description (something like this)
End if
Next
Set objShell = Nothing
-Brandon
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Hutchins, Mike
Sent: Thursday, May 25, 2006 12:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT help with VBS/WMI Script
If I use this, everything gets Server1++ nothing ever gets anywhere.
:-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Timo Ed
Sent: Wednesday, May 24, 2006 4:22 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT help with VBS/WMI Script
'=
For Each strComputer In serverList
Set colSettings =
Set objWMIService = GetObject(winmgmts: _
{impersonationLevel=impersonate}!\\ strComputer
\root\cimv2)
Set colSettings = objWMIService.ExecQuery _
(Select * from Win32_OperatingSystem)
If err then
WScript.Echo strComputer + ++
else
Set colSettings = objWMIService.ExecQuery _
(Select * from Win32_OperatingSystem)
For Each OS In colSettings'
WScript.Echo strComputer + + + OS.Caption + + +
OS.Version
Next
end if
Next
'=
Rgds,
Tim
On 5/25/06, Hutchins, Mike [EMAIL PROTECTED] wrote:
So I am trying to get some information from a gigantic list of
machines.
Problem is that if the machine isn't up, the script retains the
previous values. Example
server1+Microsoft(R) Windows(R) Server 2003, Enterprise
server1+Edition+5.2.3790
server2+Microsoft(R) Windows(R) Server 2003, Enterprise
server2+Edition+5.2.3790
In this example Server1 is Accurate (the + is a delimiter)
Server2 is not online so the script retained the OS.Caption and
OS.Version part. I would rather it be blank like;
server2++
Here is the script part that this lies in. Any suggestions greatly
appreciated.
For Each strComputer In serverList
Set colSettings =
Set objWMIService = GetObject(winmgmts: _
{impersonationLevel=impersonate}!\\ strComputer
\root\cimv2)
Set colSettings = objWMIService.ExecQuery _
(Select * from Win32_OperatingSystem)
For Each OS In colSettings
WScript.Echo strComputer + + + OS.Caption + + + OS.Version
Next
Next
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] OT help with VBS/WMI Script
You can also use WMI to ping the machine - works fast and you don't have to text-analyze the output of the ping-command. I've just dug out an example for you at http://msdn.microsoft.com/library/default.asp?url=/library/en-u s/wmisdk/wmi/ wmi_tasks__networking.asp - look at the last example. Before getting corrected: first example of the last question / howto on that page. Ulf List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Machine Psswd Age
Hmm - I can not find where I got this information from. The KB about disablePasswordChange has not been updated pretty long (still stated only NT in the early WS2k3 days). The following page even states that the NT4 Workstation changes the password every 3 days, and retries after another 3 days: http://www.microsoft.com/technet/archive/winntas/maintain/ntopt4.mspx?mfr=tr ue However I stand corrected - need to update my brains cache from google more often - to bad brains don't support TTL of websites. Gruesse - Sincerely, Ulf B. Simon-Weidner Profile Publications: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811 D Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, May 24, 2006 9:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Machine Psswd Age I agree with Bob. Seven days pre-W2K, 30 days for W2K and better. I have never seen a machine change its password at the 50% age and I have looked at this quite a bit for various[1] reasons. joe [1] OldCmp being one of them... -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Wednesday, May 24, 2006 3:21 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Machine Psswd Age The default was 7 days for NT, increased to 30 in W2K and above. See http://support.microsoft.com/kb/154501/ or q175468 or any of the old domain sizing docs. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Wednesday, May 24, 2006 11:52 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Machine Psswd Age AFAIK the password change interval is set to 30 in XP (15 in NT, W2k), but the computer accounts starts to request renewal after 50% of the time is over. After 30 days it'll change it if being logged onto the domain for sure (unless otherwise configured or connected). Gruesse - Sincerely, Ulf B. Simon-Weidner Profile Publications: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B48 9-F2F1214 C811 D Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: Wednesday, May 24, 2006 5:04 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Machine Psswd Age Anyone know how often machine passwords are renew/reset in the domain? -Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] How To Determine What GC a Server is Using?
Title: How To Determine What GC a Server is Using? Correction nltest wont help you with your exchange problem, because it shows what OS locator has cached currently. Exchange has its own DC location mechanism, separate from the OS locator. I believe Steve posted a KB link on how to query Exchange for its list of GCs. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dmitri Gavrilov Sent: Saturday, May 27, 2006 10:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How To Determine What GC a Server is Using? If you run nltest /server:targetServer /dsgetdc:forestDnsName /gc Then you get an answer which should be fairly precise. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blair, James Sent: Thursday, May 25, 2006 5:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How To Determine What GC a Server is Using? Stu, Download and configure BGINFO and check to Login Server attribute... http://www.sysinternals.com/Utilities/BgInfo.html James Blair From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stu Packett Sent: Friday, 26 May 2006 10:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] How To Determine What GC a Server is Using? We have a strange situation here where one of our Exchange servers keeps getting 8026 and 2102 errors. This causes our users on that Exchange server to temporarily lose connection to the Exchange server. Also, my Unity server just failed over to the secondary Unity server at exactly the same time my last Exchange 8026 error happened. This leads me to believe I may have a problem with a global catalog server. Is there a way to determine what GC each server is using? Thanks in advance.
RE: [ActiveDir] Different between Exchange 2000 and 2003
I usually answer 3 to questions like this. Why? Well its too general an open ended for a list like this. You know whats important in your deployemnt, we can only guess. So:- 1. If you want general info there is a wealth of information on the MS web site, read it taking care to concentrate on the bits that you are interested in. 2, If you are considering an upgrade describe your existing system and ask whats in it for you, or highlight areas of concern 3. If you are considering a new deployment, deploy 2003. Dave Wade -Original Message- From: [EMAIL PROTECTED] on behalf of Ajay Kumar Sent: Sun 28/05/2006 07:00 To: ActiveDir@mail.activedir.org Cc: Subject: [ActiveDir] Different between Exchange 2000 and 2003 Hi all, Can any one pls tell me what's deffernet between Exchange 2000 and 2003. Regards, Ajay. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport e-Services via [EMAIL PROTECTED] and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk ** winmail.dat
Re: [ActiveDir] Different between Exchange 2000 and 2003
Susan Bradley, Can U tell me different in exchnage in term of feature ?. And thanks for giving me details in same. Regards, Ajay On 5/29/06, Dave Wade [EMAIL PROTECTED] wrote: I usually answer 3 to questions like this. Why? Well its too general an open ended for a list like this. You know whats important in your deployemnt, we can only guess. So:- 1. If you want general info there is a wealth of information on the MS web site, read it taking care to concentrate on the bits that you are interested in.2, If you are considering an upgrade describe your existing system and ask whats in it for you, or highlight areas of concern 3. If you are considering a new deployment, deploy 2003.Dave Wade-Original Message-From: [EMAIL PROTECTED] on behalf of Ajay Kumar Sent: Sun 28/05/2006 07:00To: ActiveDir@mail.activedir.orgCc:Subject: [ActiveDir] Different between Exchange 2000 and 2003 Hi all, Can any one pls tell me what's deffernet between Exchange 2000 and 2003. Regards, Ajay.**This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom theyare addressed. As a public body, the Council may be required to disclose this email,or any response to it,under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport e-Services via [EMAIL PROTECTED] and then permanently remove it from your system.Thank you. http://www.stockport.gov.uk**
Re: [ActiveDir] Different between Exchange 2000 and 2003
.. well let me throw this back to you.. what do you want in terms of features? What's the reason for the question? Is it from a I'm an admin migrating from 2k to 2k3 so how much new stuff do I need to learn.. or is it we're deploying a new server or is it we're thinking of upgrading Okay so here we are in 2006... to me deploying a 6 year old anything (because we all know that while Exchange 2000 is 'called' 2000.. the bulk of that code was written when Prince was still dancing around and partying like it was 1999 and even earlier. So first and foremost.. to me.. the question is not.. what's the difference between 2000 and 2003 but rather. Do I upgrade/new deploy 2003 now or wait until the Exchange 2007 with Monad and all that stuff comes out? In my mind if you are doing a new deployment... 2000 is dead in my mind. It's not even worth the consideration. If your are currently on NT... that's even more dead as it's officially dead from a tech support standpoint. And there's probably a budgetary reason or some stupid line of business (probably an accounting application) that won't support the upgrade. So the question back at you is.. what are you using now? What are your needs that aren't being met now? I already told you why Exchange 2003 sp2 in terms of features is the way to go for a Standard box 1. 75 gigs of storage 2. Exchange IMF v2 3. Mobility security pack/remote wipe/ I don't have to install some Blackberry software... we just buy Mobile 3 or 5 phones 4. Better security/permissions/ etc. 5. Outlook over http 6. OWA more near Outlookishy I include the better recoverability as part of that feature list as well. And a feature for me on 2003 versus 2000 is the community of 2003. I can't remember a dang thing at all about the NT platform and starting to lose 2k info. So I want to stay in the 'sweet spot' of community and support. Now in terms of Exchange 2007 we're going to be set free of those x86/32 bit limitations and up on the 64 bit platform... so you'll need to hardware proof yourself. If you are on 2000 right now.. and are looking to upgrade right now to 2003... should the firm wait for 2007? Boy I can't tell you that that's something that you'll need to decide for your organization. If on NT... get on 2k3. If on 2000.. we're starting to get to that ..h are we getting to that time frame that maybe we need to wait for 2007 if we are willing to be an early adopter and jump soon after it ships and not wait for Exchange 2007 sp1? But I'm not an unbiased person here.. I have Software Assurance so it's already proven that I'm insane. But I'm still not sure of what's the reason for the question? As an admin point of view ..the System Manager between the 2k and 2k3 looks pretty close to one another.. it's the Monad era stuff in Exchange 2007 that will be the learning curve era for me. Ajay Kumar wrote: Susan Bradley, Can U tell me different in exchnage *in term of feature* ?. And thanks for giving me details in same. Regards, Ajay On 5/29/06, *Dave Wade* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I usually answer 3 to questions like this. Why? Well its too general an open ended for a list like this. You know whats important in your deployemnt, we can only guess. So:- 1. If you want general info there is a wealth of information on the MS web site, read it taking care to concentrate on the bits that you are interested in. 2, If you are considering an upgrade describe your existing system and ask whats in it for you, or highlight areas of concern 3. If you are considering a new deployment, deploy 2003. Dave Wade -Original Message- From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] on behalf of Ajay Kumar Sent: Sun 28/05/2006 07:00 To: ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org Cc: Subject: [ActiveDir] Different between Exchange 2000 and 2003 Hi all, Can any one pls tell me what's deffernet between Exchange 2000 and 2003. Regards, Ajay. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport e-Services via [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk ** List info :
Re: [ActiveDir] Different between Exchange 2000 and 2003
'cuse me it's not called Monad anymore...it's Windows PowerShell (what was I thinking.. Monad is sooo last week) Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: .. well let me throw this back to you.. what do you want in terms of features? What's the reason for the question? Is it from a I'm an admin migrating from 2k to 2k3 so how much new stuff do I need to learn.. or is it we're deploying a new server or is it we're thinking of upgrading Okay so here we are in 2006... to me deploying a 6 year old anything (because we all know that while Exchange 2000 is 'called' 2000.. the bulk of that code was written when Prince was still dancing around and partying like it was 1999 and even earlier. So first and foremost.. to me.. the question is not.. what's the difference between 2000 and 2003 but rather. Do I upgrade/new deploy 2003 now or wait until the Exchange 2007 with Monad and all that stuff comes out? In my mind if you are doing a new deployment... 2000 is dead in my mind. It's not even worth the consideration. If your are currently on NT... that's even more dead as it's officially dead from a tech support standpoint. And there's probably a budgetary reason or some stupid line of business (probably an accounting application) that won't support the upgrade. So the question back at you is.. what are you using now? What are your needs that aren't being met now? I already told you why Exchange 2003 sp2 in terms of features is the way to go for a Standard box 1. 75 gigs of storage 2. Exchange IMF v2 3. Mobility security pack/remote wipe/ I don't have to install some Blackberry software... we just buy Mobile 3 or 5 phones 4. Better security/permissions/ etc. 5. Outlook over http 6. OWA more near Outlookishy I include the better recoverability as part of that feature list as well. And a feature for me on 2003 versus 2000 is the community of 2003. I can't remember a dang thing at all about the NT platform and starting to lose 2k info. So I want to stay in the 'sweet spot' of community and support. Now in terms of Exchange 2007 we're going to be set free of those x86/32 bit limitations and up on the 64 bit platform... so you'll need to hardware proof yourself. If you are on 2000 right now.. and are looking to upgrade right now to 2003... should the firm wait for 2007? Boy I can't tell you that that's something that you'll need to decide for your organization. If on NT... get on 2k3. If on 2000.. we're starting to get to that ..h are we getting to that time frame that maybe we need to wait for 2007 if we are willing to be an early adopter and jump soon after it ships and not wait for Exchange 2007 sp1? But I'm not an unbiased person here.. I have Software Assurance so it's already proven that I'm insane. But I'm still not sure of what's the reason for the question? As an admin point of view ..the System Manager between the 2k and 2k3 looks pretty close to one another.. it's the Monad era stuff in Exchange 2007 that will be the learning curve era for me. Ajay Kumar wrote: Susan Bradley, Can U tell me different in exchnage *in term of feature* ?. And thanks for giving me details in same. Regards, Ajay On 5/29/06, *Dave Wade* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I usually answer 3 to questions like this. Why? Well its too general an open ended for a list like this. You know whats important in your deployemnt, we can only guess. So:- 1. If you want general info there is a wealth of information on the MS web site, read it taking care to concentrate on the bits that you are interested in. 2, If you are considering an upgrade describe your existing system and ask whats in it for you, or highlight areas of concern 3. If you are considering a new deployment, deploy 2003. Dave Wade -Original Message- From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] on behalf of Ajay Kumar Sent: Sun 28/05/2006 07:00 To: ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org Cc: Subject: [ActiveDir] Different between Exchange 2000 and 2003 Hi all, Can any one pls tell me what's deffernet between Exchange 2000 and 2003. Regards, Ajay. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport e-Services via [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] and then permanently remove it
RE: [ActiveDir] tokenGroups field
Excellent thanks Dmitri. The three attributes are tokenGroups tokenGroupsGlobalAndUniversal tokenGroupsNoGCAcceptable To the list denizens, Dmitri is one of those people like ~Eric and our local garage door operator that you really really want to listen to. I think this is the first time I have seen him posting here which is great. You will usually find him in the MSFT newsgroups answering the really hard AD and ADAM questions that the rest of us are guessing on. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dmitri Gavrilov Sent: Saturday, May 27, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] tokenGroups field TokenGroups does talk to a GC, if the current DC is not a GC itself. Basically, that's the reason we disallow one-level and subtree searches hitting tokenGroups (so that we don't overload the DC -- it is an expensive call). You will get different results depending on which DC you are connected to, because the results include local groups. If you want consistent results, read tokenGroupsGlobalAndUniversal -- that will return the same result no matter which DC you are connected to. However, it will not include local groups. If you want to avoid the GC call, then call tokenGroupsNoGcAvailable (or something like this, sorry, forgot the exact name -- check in the schema) -- this one will give you local info without talking to the GC, but then you've got what you've got. Dmitri -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, May 26, 2006 5:25 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] tokenGroups field nah-ah. would have to hit a GC to get those. Thanks for responding Deji. Good guess, 50/50 shot at it[1]. Unfortunately you are incorrect. :) I had a feeling but wasn't positive when I wrote that response so I made it clear that I wasn't sure and that I needed to test it (that was the part you snipped). Now that I have had a chance to test it though I can definitely say that tokenGroups WILL get the Universal groups from the other domains even if is NOT a GC. I just did it in my test lab. I thought it worked that way as I recalled chasing the source path and actually seeing it. I wanted to understand why the three tokengroups attributes were the only ones you had to use a BASE query for. In the source I finally chased through all of the nested calls and got to the point where it looked like it would call out to a GC for expansion if needed which answered that question pretty well (been a while since I looked at it, I should go peek again). Basically the intent is that the value of the attribute should be what would be generated for your logon token. wrt #2, any GC should be able to hand out the UG info in the forest. So, by hitting a GC in a domain local to the account, we should be able to retrieve the domain local, global and universal groups the account belongs to. For that domain only The OP's question was about getting memberships from other domains which is fine if all other memberships are only UGs. That won't catch DLGs however. And as corrected above, you don't have to hit a GC in the default domain, any DC will do as the token expansion will be handled just like it is for auth. joe [1] Well not really I was about 72.6022% sure it would work so lets say you had about a 5% chance of being right. ;o) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 26, 2006 6:21 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] tokenGroups field but I think that will get the Universals from other domains as well nah-ah. would have to hit a GC to get those. wrt #2, any GC should be able to hand out the UG info in the forest. So, by hitting a GC in a domain local to the account, we should be able to retrieve the domain local, global and universal groups the account belongs to. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) /|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.readymaids.com http://www.readymaids.com - we know IT www.akomolafe.com http://www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of joe Sent: Fri 5/26/2006 2:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] tokenGroups field Not in a single call no... You would need to 1. Request tokengroups from a DC of the default domain for the user, I am not sure, but I think that will get the Universals from other domains as well, but possibly you have to hit a GC of the default domain. I would have to check it and can't at the moment.
Re: [ActiveDir] tokenGroups field
I've been checked out of the group here for a few weeks and just poked back in. I think Dmitri summed things up quite well. I'll just add that ADSI and S.DS don't do anything interesting here. The net result is the same base LDAP query you'd do in any other language. DLGs from multiple domains are not easy to get and there seems to be no really easy way to do it. The UGs and GGs from the user's home domain should always be there with tokenGroups though. We kind of glossed this over in our book, although our tokenGroups samples are pretty good otherwise. Ryan showed three different methods for converting the SIDs back into friendly names, which could help a lot of people. Joe K. - Original Message - From: joe [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Friday, May 26, 2006 8:32 PM Subject: RE: [ActiveDir] tokenGroups field Something could be happening under the covers for you by NET or ADSI. JoeK could probably help there. However hitting a GC in each domain should do it. The main thing it is going to get you if it wasn't clear in the response to Deji is the domain local groups in the foreign domains. Obviously the user couldn't be in GGs in other domains and UGs would be handled by hitting the default DC for the user assuming you aren't in mixed mode. You may want to use adfind to look at the results from each of the domains. With the new -resolvesids switch the tokenGroups attribute gets a nice resolved output which is nice joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Different between Exchange 2000 and 2003
Hi Susan, Thanks for your support giving me details. One more thing I want to know, I have just installed win2k3 exchange server on 2k3 parent root server and I made child domain in a forest. I have created mailbox user on both domain, But when I send mails from child domain users its ask for authentication and Global catalog can't be contected.But when I send mails through parent mailbox user in same domain (parent) its works. Pls suggest me what I have to do to make mailing between child and parent doamin ? ? Regards, Ajay On 5/29/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: .. well let me throw this back to you.. what do you want in terms offeatures?What's the reason for the question? Is it from a I'm an admin migrating from 2k to 2k3 so how much newstuff do I need to learn.. or is it we're deploying a new server oris itwe're thinking of upgrading Okay so here we are in 2006... to me deploying a 6 year old anything(because we all know that while Exchange 2000 is 'called' 2000.. thebulk of that code was written when Prince was still dancing around and partying like it was 1999 and even earlier.So first and foremost.. tome.. the question is not.. what's the difference between 2000 and 2003but rather.Do I upgrade/new deploy 2003 now or wait until the Exchange 2007 with Monad and all that stuff comes out?In my mind if you are doing a new deployment... 2000 is dead in mymind.It's not even worth the consideration.If your are currently on NT... that's even more dead as it's officially dead from a tech support standpoint.And there's probably a budgetaryreason or some stupid line of business (probably an accountingapplication) that won't support the upgrade.So the question back at you is.. what are you using now?What are your needs that aren't being met now?I already told you why Exchange 2003 sp2 in terms of features is the wayto go for a Standard box1.75 gigs of storage2.Exchange IMF v23.Mobility security pack/remote wipe/ I don't have to install some Blackberry software... we just buy Mobile 3 or 5 phones4.Better security/permissions/ etc.5. Outlook over http6.OWA more near OutlookishyI include the better recoverability as part of that feature list as well.And a feature for me on 2003 versus 2000 is the community of2003.I can't remember a dang thing at all about the NT platform andstarting to lose 2k info.So I want to stay in the 'sweet spot' of community and support.Now in terms of Exchange 2007 we're going to be set free of thosex86/32 bit limitations andup on the 64 bit platform... so you'll needto hardware proof yourself. If you are on 2000 right now.. and are looking to upgrade right now to 2003... should the firm wait for 2007?Boy I can't tell you that that's something that you'll need todecide for your organization.If on NT... get on 2k3.If on 2000.. we're starting to get to that ..h are we getting to that time frame that maybe we need to wait for 2007 if we are willing tobe an early adopter and jump soon after it ships and not wait forExchange 2007 sp1?But I'm not an unbiased person here.. I have Software Assurance so it's already proven that I'm insane.But I'm still not sure of what's the reason for the question?As anadmin point of view ..the System Manager between the 2k and 2k3 lookspretty close to one another.. it's the Monad era stuff in Exchange 2007 that will be the learning curve era for me.Ajay Kumar wrote: Susan Bradley, Can U tell me different in exchnage *in term of feature* ?. And thanks for giving me details in same. Regards, Ajay On 5/29/06, *Dave Wade* [EMAIL PROTECTED] mailto: [EMAIL PROTECTED] wrote: I usually answer 3 to questions like this. Why? Well its too general an open ended for a list like this. You know whats important in your deployemnt, we can only guess. So:- 1. If you want general info there is a wealth of information on the MS web site, read it taking care to concentrate on the bits that you are interested in. 2, If you are considering an upgrade describe your existing system and ask whats in it for you, or highlight areas of concern 3. If you are considering a new deployment, deploy 2003. Dave Wade -Original Message- From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] on behalf of Ajay Kumar Sent: Sun 28/05/2006 07:00 To: ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org Cc: Subject: [ActiveDir] Different between Exchange 2000 and 2003Hi all,Can any one pls tell me what's deffernet between Exchange 2000 and 2003.Regards,Ajay. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email,or any response to it,under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in
[ActiveDir] Regarding Exchange problem
On 5/29/06, Ajay Kumar [EMAIL PROTECTED] wrote: Hi Susan, Thanks for your support giving me details. One more thing I want to know, I have just installed win2k3 exchange server on 2k3 parent root server and I made child domain in a forest. I have created mailbox user on both domain, But when I send mails from child domain users its ask for authentication and Global catalog can't be contected.But when I send mails through parent mailbox user in same domain (parent) its works. Pls suggest me what I have to do to make mailing between child and parent doamin ? ? Regards, Ajay On 5/29/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: .. well let me throw this back to you.. what do you want in terms offeatures?What's the reason for the question? Is it from a I'm an admin migrating from 2k to 2k3 so how much newstuff do I need to learn.. or is it we're deploying a new server oris itwe're thinking of upgrading Okay so here we are in 2006... to me deploying a 6 year old anything(because we all know that while Exchange 2000 is 'called' 2000.. thebulk of that code was written when Prince was still dancing around and partying like it was 1999 and even earlier.So first and foremost.. tome.. the question is not.. what's the difference between 2000 and 2003but rather.Do I upgrade/new deploy 2003 now or wait until the Exchange 2007 with Monad and all that stuff comes out?In my mind if you are doing a new deployment... 2000 is dead in mymind.It's not even worth the consideration.If your are currently on NT... that's even more dead as it's officially dead from a tech support standpoint.And there's probably a budgetaryreason or some stupid line of business (probably an accountingapplication) that won't support the upgrade.So the question back at you is.. what are you using now?What are your needs that aren't being met now?I already told you why Exchange 2003 sp2 in terms of features is the wayto go for a Standard box1.75 gigs of storage2.Exchange IMF v23.Mobility security pack/remote wipe/ I don't have to install some Blackberry software... we just buy Mobile 3 or 5 phones4.Better security/permissions/ etc.5. Outlook over http6.OWA more near OutlookishyI include the better recoverability as part of that feature list as well.And a feature for me on 2003 versus 2000 is the community of2003.I can't remember a dang thing at all about the NT platform andstarting to lose 2k info.So I want to stay in the 'sweet spot' of community and support.Now in terms of Exchange 2007 we're going to be set free of thosex86/32 bit limitations andup on the 64 bit platform... so you'll needto hardware proof yourself. If you are on 2000 right now.. and are looking to upgrade right now to 2003... should the firm wait for 2007?Boy I can't tell you that that's something that you'll need todecide for your organization.If on NT... get on 2k3.If on 2000.. we're starting to get to that ..h are we getting to that time frame that maybe we need to wait for 2007 if we are willing tobe an early adopter and jump soon after it ships and not wait forExchange 2007 sp1?But I'm not an unbiased person here.. I have Software Assurance so it's already proven that I'm insane.But I'm still not sure of what's the reason for the question?As anadmin point of view ..the System Manager between the 2k and 2k3 lookspretty close to one another.. it's the Monad era stuff in Exchange 2007 that will be the learning curve era for me.Ajay Kumar wrote: Susan Bradley, Can U tell me different in exchnage *in term of feature* ?. And thanks for giving me details in same. Regards, Ajay On 5/29/06, *Dave Wade* [EMAIL PROTECTED] mailto: [EMAIL PROTECTED] wrote: I usually answer 3 to questions like this. Why? Well its too general an open ended for a list like this. You know whats important in your deployemnt, we can only guess. So:- 1. If you want general info there is a wealth of information on the MS web site, read it taking care to concentrate on the bits that you are interested in. 2, If you are considering an upgrade describe your existing system and ask whats in it for you, or highlight areas of concern 3. If you are considering a new deployment, deploy 2003. Dave Wade -Original Message- From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] on behalf of Ajay Kumar Sent: Sun 28/05/2006 07:00 To: ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org Cc: Subject: [ActiveDir] Different between Exchange 2000 and 2003 Hi all,Can any one pls tell me what's deffernet between Exchange 2000 and 2003.Regards,Ajay. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email,or any response to it,under the Freedom of Information Act 2000, unless the information in it
Re: [ActiveDir] Regarding Exchange problem
Ajay? Didn't you already ask this earlier? (and if you only knew how funny it is to ask a SBS MVP about child domains... cause I'd be googling the activedir listserve or asking in a Exchange 2003 listserve'cause we don't got 'em) (speaking of which ... is there a search box on the archives? I can't find it? http://www.activedir.org/ml/thrd2.aspx ) Original Message Subject: RE: [ActiveDir] Mailing problem exchange 2003 server Date: Thu, 25 May 2006 16:08:40 +1000 From: Blair, James [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Ajay, Need to put OT in the topic for this one...with the limited information I am going to presume that the other domain is running Exchange as well...You need to create an SMTP connector between parent root server and their Exchange server. Exchange System Manager - Administrative Groups - RespectiveGroup - Routing Groups - Connectors - RespectiveGroup - New SMTP Connector They would of course have to do the same thing and if a firewall is in place you will need to open the respective ports... James Blair From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ajay Kumar Sent: Thursday, 25 May 2006 3:58 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Mailing problem exchange 2003 server Dear all, I have parent root server, in which exchange server 2003 installed and I have other child domain in same forest. Can any tell me how can send and recieve mails between parent and child Domain. Thank Regards, Ajay Ajay Kumar wrote: On 5/29/06, *Ajay Kumar* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Susan, Thanks for your support giving me details. One more thing I want to know, I have just installed win2k3 exchange server on 2k3 parent root server and I made child domain in a forest. I have created mailbox user on both domain, But when I send mails from child domain users its ask for authentication and Global catalog can't be contected.But when I send mails through parent mailbox user in same domain (parent) its works. Pls suggest me what I have to do to make mailing between child and parent doamin ? ? Regards, Ajay On 5/29/06, *Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: .. well let me throw this back to you.. what do you want in terms of features? What's the reason for the question? Is it from a I'm an admin migrating from 2k to 2k3 so how much new stuff do I need to learn.. or is it we're deploying a new server or is it we're thinking of upgrading Okay so here we are in 2006... to me deploying a 6 year old anything (because we all know that while Exchange 2000 is 'called' 2000.. the bulk of that code was written when Prince was still dancing around and partying like it was 1999 and even earlier. So first and foremost.. to me.. the question is not.. what's the difference between 2000 and 2003 but rather. Do I upgrade/new deploy 2003 now or wait until the Exchange 2007 with Monad and all that stuff comes out? In my mind if you are doing a new deployment... 2000 is dead in my mind. It's not even worth the consideration. If your are currently on NT... that's even more dead as it's officially dead from a tech support standpoint. And there's probably a budgetary reason or some stupid line of business (probably an accounting application) that won't support the upgrade. So the question back at you is.. what are you using now? What are your needs that aren't being met now? I already told you why Exchange 2003 sp2 in terms of features is the way to go for a Standard box 1. 75 gigs of storage 2. Exchange IMF v2 3. Mobility security pack/remote wipe/ I don't have to install some Blackberry software... we just buy Mobile 3 or 5 phones 4. Better security/permissions/ etc. 5. Outlook over http 6. OWA more near Outlookishy I include the better recoverability as part of that feature list as well. And a feature for me on 2003 versus 2000 is the community of 2003. I can't remember a dang thing at all about the NT platform and starting to lose 2k info. So I want to stay in the 'sweet spot' of community and support. Now in terms of Exchange 2007 we're going to be set free of those x86/32 bit limitations and up on the 64 bit platform... so you'll need to hardware proof yourself. If you are on 2000 right now.. and
