Re: [ActiveDir] DC and ADC replication prob.
.. (and I'd just like to annoyingly point out that 50 pc's is perfect for a SBS network ;-) Ajay Kumar wrote: Hi all, Pls help me out, Just recently I set up small doamin of 50 Pc's with a DC and ADC. But the prob. is that the replication is not taking place between DC and ADC and there is no error in event log. What could be the problem. Ajay. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DC and ADC replication prob.
If Windows 2003 sp1 servers... the "low hanging fruit" of errors in replication is ensuring that either the firewall is off that second box... The firewall service is disabled, right? Ajay Kumar wrote: Hi all, Pls help me out, Just recently I set up small doamin of 50 Pc's with a DC and ADC. But the prob. is that the replication is not taking place between DC and ADC and there is no error in event log. What could be the problem. Ajay. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Change private IP on a cluster
Hi Mike, Looks like you are going to also have dependencies on Wins and with the MSDTC: Exchange Server 2003 and Exchange 2000 Server require NetBIOS name resolution for full functionality http://support.microsoft.com/default.aspx?scid=kb;en-us;837391 How to configure Microsoft Distributed Transaction Coordinator on a Windows Server 2003 cluster http://support.microsoft.com/default.aspx?scid=kb;en-us;301600 Regards, Jose :-) - Original Message - From: Jose Medeiros To: ActiveDir@mail.activedir.org ; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, June 04, 2006 9:53 PM Subject: Re: [ActiveDir] Change private IP on a cluster Hi Mike, I've only had to change a SQL 2000 Active / Active Cluster IP and it involves some additional steps for SQL Virtual Names. It's been over 5 years since I built an Exchange 2000 cluster, but I do not recall if Exchange has any dependencies (I would probably post this to the Exchange list and I am cc'ing them as well) Take a look at : Exchange Server 2003 Cluster Configuration Checklist http://www.microsoft.com/technet/itsolutions/msit/operations/exchclustercklist.mspx?pf=true Changing the IP address of network adapters in cluster server http://support.microsoft.com/kb/230356/EN-US/ Or in PDF format at: http://www.maned.com/support/knowledge_base/Roundhouse/Recommended_Reading/Q230356.pdf Also just in case you ever have to change it on a SQL: How to change the network IP addresses of SQL Server virtual servers http://support.microsoft.com/kb/244980/en-us Hope this helps, Sincerely, Jose Medeiros MCP+I, MCSE, NT4 MCT 408-765-0437 Direct 408-449-6621 Cell - Original Message - From: "Mike Newell" <[EMAIL PROTECTED]> To: Sent: Sunday, June 04, 2006 12:53 PM Subject: [ActiveDir] Change private IP on a cluster Doh! Didn't mean to let this go without the OT:. Sorry. From: [EMAIL PROTECTED] on behalf of Mike Newell Sent: Sun 6/4/2006 11:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Change private IP on a cluster Hey, I have an Exchange 2003 active/passive cluster on Windows 2003 and I need to change the private ip on both nodes. I realize that while I'm changing the IP the nodes will not talk to each other and likely kick the passive node off or stop the cluster service for a few minutes on the passive node. Is there anything else I will need to do or look out for? I don't *think* this is a big deal but since it's a production cluster, and I've never had to do this, I thought I would check before I tried it. Thanks again. Mike. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Change private IP on a cluster
Hi Mike, I've only had to change a SQL 2000 Active / Active Cluster IP and it involves some additional steps for SQL Virtual Names. It's been over 5 years since I built an Exchange 2000 cluster, but I do not recall if Exchange has any dependencies (I would probably post this to the Exchange list and I am cc'ing them as well) Take a look at : Exchange Server 2003 Cluster Configuration Checklist http://www.microsoft.com/technet/itsolutions/msit/operations/exchclustercklist.mspx?pf=true Changing the IP address of network adapters in cluster server http://support.microsoft.com/kb/230356/EN-US/ Or in PDF format at: http://www.maned.com/support/knowledge_base/Roundhouse/Recommended_Reading/Q230356.pdf Also just in case you ever have to change it on a SQL: How to change the network IP addresses of SQL Server virtual servers http://support.microsoft.com/kb/244980/en-us Hope this helps, Sincerely, Jose MedeirosMCP+I, MCSE, NT4 MCT408-765-0437 Direct408-449-6621 Cell - Original Message - From: "Mike Newell" <[EMAIL PROTECTED]> To:Sent: Sunday, June 04, 2006 12:53 PM Subject: [ActiveDir] Change private IP on a cluster Doh! Didn't mean to let this go without the OT:. Sorry.From: [EMAIL PROTECTED] on behalf of Mike NewellSent: Sun 6/4/2006 11:40 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Change private IP on a clusterHey,I have an Exchange 2003 active/passive cluster on Windows 2003 and I needto change the private ip on both nodes. I realize that while I'mchanging the IP the nodes will not talk to each other and likely kickthe passive node off or stop the cluster service for a few minutes onthe passive node.Is there anything else I will need to do or look out for? I don't*think* this is a big deal but since it's a production cluster, and I'venever had to do this, I thought I would check before I tried it.Thanks again.Mike.
[ActiveDir] DC and ADC replication prob.
Hi all, Pls help me out, Just recently I set up small doamin of 50 Pc's with a DC and ADC. But the prob. is that the replication is not taking place between DC and ADC and there is no error in event log. What could be the problem. Ajay.
RE: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups?
Hi Joe Thanks for the reply, just tested this myself and ADUC even allows creating more than 20char of samaccountname for groups... Does anyone know how to make ADC puts more than 20char? As obviously for groups 20 is not the limit Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan Sent: Monday, June 05, 2006 10:17 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups? My understanding is that the DS enforces a limit of 64 char for sAMAccountName for groups, but 20 for users. I know we have thousands of groups with sAMAccountName longer than 20. They still work and the DS doesn't balk. :) These are all created programmatically through tools though and are not created or modified with ADUC. There might be some behavior difference there. Joe K. - Original Message - From: Al Mulnick To: ActiveDir@mail.activedir.org Sent: Sunday, June 04, 2006 11:58 AM Subject: Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups? That's on the target? Or that's in the source? On 6/4/06, Freddy HARTONO <[EMAIL PROTECTED]> wrote: Hi Al I have one of this group with way more than 20char samaccountname AKL.AST.Assistance Management.Assistant GM- Assistance Services Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups?
My understanding is that the DS enforces a limit of 64 char for sAMAccountName for groups, but 20 for users. I know we have thousands of groups with sAMAccountName longer than 20. They still work and the DS doesn't balk. :) These are all created programmatically through tools though and are not created or modified with ADUC. There might be some behavior difference there. Joe K. - Original Message - From: Al Mulnick To: ActiveDir@mail.activedir.org Sent: Sunday, June 04, 2006 11:58 AM Subject: Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups? That's on the target? Or that's in the source? On 6/4/06, Freddy HARTONO <[EMAIL PROTECTED]> wrote: Hi Al I have one of this group with way more than 20char samaccountname AKL.AST.Assistance Management.Assistant GM- Assistance Services Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups?
Hi Al, The below is on AD attribute for one of the groups im having, is it normal? Apparently ADC only populates the first 20 char of the groupname, while actually it is allowing for longer than 20 characters even. Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Monday, June 05, 2006 12:59 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups? That's on the target? Or that's in the source? On 6/4/06, Freddy HARTONO <[EMAIL PROTECTED]> wrote: Hi Al I have one of this group with way more than 20char samaccountname AKL.AST.Assistance Management.Assistant GM- Assistance Services Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Al MulnickSent: Sunday, June 04, 2006 10:23 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups? Sam-account-name is a mandator attribute of the Group class. Sam-account-name is limited to 20 characters. What makes you say that samaccountname for a group can hold more than 20 chars? On 6/4/06, Freddy HARTONO <[EMAIL PROTECTED] > wrote: Hi all Just wondering, ADC was just installed on the environment and now am seeing quite a bit of naming hoohas - such that ADC creates groups with samaccountname chopping off names only to 20 characters, but apparently samaccountname for groups can hold way more than 20. Is the 20 charlimit for user object not applicable to group object? If so what is the limit for groups? Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785
[ActiveDir] Change private IP on a cluster
Doh! Didn't mean to let this go without the OT:. Sorry. From: [EMAIL PROTECTED] on behalf of Mike Newell Sent: Sun 6/4/2006 11:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Change private IP on a cluster Hey, I have an Exchange 2003 active/passive cluster on Windows 2003 and I need to change the private ip on both nodes. I realize that while I'm changing the IP the nodes will not talk to each other and likely kick the passive node off or stop the cluster service for a few minutes on the passive node. Is there anything else I will need to do or look out for? I don't *think* this is a big deal but since it's a production cluster, and I've never had to do this, I thought I would check before I tried it. Thanks again. Mike. This message and any attachments (the "Message") may contain confidential, proprietary and/or privileged information and are only for their intended recipient(s). If you are not the intended recipient, you should notify the sender and delete the Message. E-mail transmissions cannot be guaranteed to be secure or error-free. This Message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or financial instruments, or to provide investment advice in any jurisdiction where the sender is not properly licensed or permitted to do so. This Message is subject to additional conditions and restrictions. Please read them here: http://legal.dimensional.com/email/ This message and any attachments (the "Message") may contain confidential, proprietary and/or privileged information and are only for their intended recipient(s). If you are not the intended recipient, you should notify the sender and delete the Message. E-mail transmissions cannot be guaranteed to be secure or error-free. This Message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or financial instruments, or to provide investment advice in any jurisdiction where the sender is not properly licensed or permitted to do so. This Message is subject to additional conditions and restrictions. Please read them here: http://legal.dimensional.com/email/ <>
Re: [ActiveDir] OT: Changing OEM to VLK productID - really really impossible?
I Have info for XP Try this...http://support.microsoft.com/default.aspx?scid=kb;en-us;Q328874 http://www.microsoft.com/genuine/purchase/UpdateInstructions.aspxOr try this 3rd party stuffhttp://www.magicaljellybean.com/keyfinder.shtml --KamleshOn 6/4/06, Freddy HARTONO <[EMAIL PROTECTED]> wrote: Hi guys, Just realised some of the DCs in my environment is built with OEM version and now am having problem upgrading them to R2 using vlk keys... is there any way at all to change it to vlk, unsupported way maybe? Any help at all would be nice otherwise had to wiped out and rebuild 12 DCs because of this :( Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 -- ~"Be the change you want to see in the World"~
[ActiveDir] Change private IP on a cluster
Hey,I have an Exchange 2003 active/passive cluster on Windows 2003 and I needto change the private ip on both nodes. I realize that while I'mchanging the IP the nodes will not talk to each other and likely kickthe passive node off or stop the cluster service for a few minutes onthe passive node.Is there anything else I will need to do or look out for? I don't*think* this is a big deal but since it's a production cluster, and I'venever had to do this, I thought I would check before I tried it.Thanks again.Mike. This message and any attachments (the "Message") may contain confidential, proprietary and/or privileged information and are only for their intended recipient(s). If you are not the intended recipient, you should notify the sender and delete the Message. E-mail transmissions cannot be guaranteed to be secure or error-free. This Message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or financial instruments, or to provide investment advice in any jurisdiction where the sender is not properly licensed or permitted to do so. This Message is subject to additional conditions and restrictions. Please read them here: http://legal.dimensional.com/email/
Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups?
That's on the target? Or that's in the source? On 6/4/06, Freddy HARTONO <[EMAIL PROTECTED]> wrote: Hi Al I have one of this group with way more than 20char samaccountname AKL.AST.Assistance Management.Assistant GM- Assistance Services Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Al MulnickSent: Sunday, June 04, 2006 10:23 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups? Sam-account-name is a mandator attribute of the Group class. Sam-account-name is limited to 20 characters. What makes you say that samaccountname for a group can hold more than 20 chars? On 6/4/06, Freddy HARTONO <[EMAIL PROTECTED] > wrote: Hi all Just wondering, ADC was just installed on the environment and now am seeing quite a bit of naming hoohas - such that ADC creates groups with samaccountname chopping off names only to 20 characters, but apparently samaccountname for groups can hold way more than 20. Is the 20 charlimit for user object not applicable to group object? If so what is the limit for groups? Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785
RE: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups?
Hi Al I have one of this group with way more than 20char samaccountname AKL.AST.Assistance Management.Assistant GM- Assistance Services Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Sunday, June 04, 2006 10:23 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups? Sam-account-name is a mandator attribute of the Group class. Sam-account-name is limited to 20 characters. What makes you say that samaccountname for a group can hold more than 20 chars? On 6/4/06, Freddy HARTONO <[EMAIL PROTECTED]> wrote: Hi all Just wondering, ADC was just installed on the environment and now am seeing quite a bit of naming hoohas - such that ADC creates groups with samaccountname chopping off names only to 20 characters, but apparently samaccountname for groups can hold way more than 20. Is the 20 charlimit for user object not applicable to group object? If so what is the limit for groups? Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785
Re: [ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups?
Sam-account-name is a mandator attribute of the Group class. Sam-account-name is limited to 20 characters. What makes you say that samaccountname for a group can hold more than 20 chars? On 6/4/06, Freddy HARTONO <[EMAIL PROTECTED]> wrote: Hi all Just wondering, ADC was just installed on the environment and now am seeing quite a bit of naming hoohas - such that ADC creates groups with samaccountname chopping off names only to 20 characters, but apparently samaccountname for groups can hold way more than 20. Is the 20 charlimit for user object not applicable to group object? If so what is the limit for groups? Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785
[ActiveDir] OT: Changing OEM to VLK productID - really really impossible?
Title: OT: Changing OEM to VLK productID - really really impossible? Hi guys, Just realised some of the DCs in my environment is built with OEM version and now am having problem upgrading them to R2 using vlk keys... is there any way at all to change it to vlk, unsupported way maybe? Any help at all would be nice otherwise had to wiped out and rebuild 12 DCs because of this :( Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785
[ActiveDir] OT: Samaccountname attribute (20 char limit) not applicable to gr oups?
Title: OT: Samaccountname attribute (20 char limit) not applicable to groups? Hi all Just wondering, ADC was just installed on the environment and now am seeing quite a bit of naming hoohas - such that ADC creates groups with samaccountname chopping off names only to 20 characters, but apparently samaccountname for groups can hold way more than 20. Is the 20 charlimit for user object not applicable to group object? If so what is the limit for groups? Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785
[ActiveDir] OT: srvinfo output incomplete
I have seen this similar problem when I had a Ethernet port mismatch on the server and my switch. This could cause small packets to get through, but may be dropping packets larger. Try running netstat –s and see if you have any dropped connections or excessive TCP/IP retransmits. You may want to also verify on the switch in the L2 cam log for any CRC errors which would help to verify if you have an auto negotiation issue and may need to force your Ethernet NIC and switch to 100mb full duplex. Sincerely, Jose Medeiros MCP+I, MCSE, NT4 MCT 408-765-0437 Direct 408-449-6621 Cell From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Thursday, June 01, 2006 10:45 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: srvinfo output incomplete Darn reskit tools. :) Check to see that you have the latest version and you may also want to check the security logs on the target and dc that was used. I don't have access to see what that tool is using to gather that information, but I would guess wmi information is being collected else a walk through the registry. Ensure you can do same locally on that machine. Also, you may want to get a better sampling to rule out tool vs. target. Or at least to get a better set of data points. Al On 6/1/06, Thommes, Michael M. <[EMAIL PROTECTED]> wrote: Situation: running " srvinfo \\computer_name " with domain admin credentials from a remote computer. One w2k3/sp1 server target returns the full complement of information, including CPU, BIOS info, hotfixes, network card info, uptime. Another w2k3sp1 server target returns only partial information, missing CPU, BIOS info, hotfixes, network card info, and uptime. Also, this second computer also returns " Domain: Error 5" and " PDC: Error 5". This same domain admin can log into the second computer target directly and run " srvinfo" and get a full complement of information ! Both target computers are in AD and have the same policies applied to them. Security options appear to be the same. Does anyone have any thoughts as to what might be preventing a complete information disclosure when running srvinfo from across the network? TIA! Mike Thommes