RE: [ActiveDir] Time Server for Forest Root PDC
I would suggest you sync with whatever time source(s) the organisation considers to be 'authoritative'. This may be an internal time server or some external clock. The important point is that you trust this source to be correct and thus authoritative. Many larger orgs have internal clocks that they utilise, for example(which sync to the outside world). It's another 'it depends' kind of question. I don't think there is a prescriptive solution to such a question. neil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Teo De Las HerasSent: 12 June 2006 18:23To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Time Server for Forest Root PDC How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com? TeoPLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies.
[ActiveDir] OT: Global Catalog languages Exchange 2003
Title: OT: Global Catalog languages Exchange 2003 Hi Apart from installing the language options in regional settings, do I still need to input the registry keys in the gc to reflect the languages? HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Ntds/Language Cant find the document for exchange 2003 but the 2000 is below.. http://support.microsoft.com/kb/325622/en-us Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785
RE: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning Virtual Server
Virtual Machine Additions are a set of drivers and applets to extend and improve integration of a guest OS into the Virtual Server / PC application. As for Where do you get it / Why wouldn't they just include it in the default install, you get it as part of the default install because it *is* included ;-) (unless you want the Linux additions, they are still new, if not 'beta' and hence are a separately available but still free download) ... but you have to choose to install it and this is frequently over looked by those in a rush or inexperienced with Virtual Server. VMWare, Parallels and other similar products all have their equivalents, btw, and the same thing applies there; the extras are often overlooked but the performance improvements can be profound. -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan Sent: 13 June 2006 05:08 To: ActiveDir@mail.activedir.org Subject: RE: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning Virtual Server The paper on running a DC on a VM is interesting, particularly this section. What is Virtual Machine Additions and where do you get it? Why wouldn't they just include this in the default install? You can improve performance by installing Virtual Machine Additions as soon as the guest operating system is up and running. Virtual Machine Additions is a set of features that improves the integration of the host and guest operating systems. It also improves the performance and manageability of the guest operating system. You must install Virtual Machine Additions on all virtual machines. Virtual Machine Additions adds the following enhancements to a guest operating system: * Improved mouse cursor tracking and control. * Greatly improved overall performance. * Virtual machine heartbeat generator. * Optional time synchronization with the clock of the physical computer. This feature is enabled by default and must be disabled for domain controllers that are running in virtual machines. * Increased small computer system interface (SCSI) controller performance. * Support for two-node clustering between virtual machines for testing and development scenarios. Bryan Lucas Server Administrator Texas Christian University (817) 257-6971 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, June 12, 2006 9:07 PM To: ActiveDir@mail.activedir.org Subject: OT: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning Virtual Server There's this: http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3-4209-8ED2-E261A117FC6Bdisplaylang=en And then http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx And http://www.microsoft.com/downloads/details.aspx?FamilyId=64DB845D-F7A3-4209-8ED2-E261A117FC6Bdisplaylang=en But now that you mention it, I don't think a collective best practice for general usage is something I've seen. On 6/12/06, Lucas, Bryan [EMAIL PROTECTED] wrote: Re-post Administrator Texas Christian University (817) 257-6971 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan Sent: Thursday, June 08, 2006 8:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Virtual DCs Along these lines, has anyone seen an actual best practices whitepaper for MS Virtual Server? How to configure disk arrays, controller cache, how many VHDs per volume, memory allocation, etc. Bryan Lucas Server Administrator Texas Christian University (817) 257-6971 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Presley, Steven Sent: Wednesday, June 07, 2006 10:23 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Virtual DCs This is absolutely true. I know virtualization scares a lot of people, but the fact is that in some environments virtualizing systems saves a great deal of money and actually makes managing systems much easier (here it has reportedly saved a significant amount in hardware cost for the enterprise). I have been closely watching my Exchange servers ever since our AD side of the house started virtualizing DC's and with domain controllers running on ESX servers in an optimized configuration the performance is very close to hardware. I have noticed that in terms of LDAP performance that VM's are a tad bit slower then hardware, but that tad is well within the range of performance that applications like Exchange require. After over a year of having virtualized DC's we have not had any problems with virtualized domain controllers (placed globally on ESX servers around the world). We do, however, work on the side of caution and do maintain a few hardware
RE: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning Virtual Server
I have a few notes on general best practices for building Virtual Servers on my website if that is any help: http://robertmoir.com/blogs/someone_else/archive/2006/03/12/2155.aspx -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: 13 June 2006 03:07 To: ActiveDir@mail.activedir.org Subject: OT: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning Virtual Server There's this: http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3- 4209-8ED2-E261A117FC6Bdisplaylang=en And then http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx And http://www.microsoft.com/downloads/details.aspx?FamilyId=64DB845D-F7A3- 4209-8ED2-E261A117FC6Bdisplaylang=en But now that you mention it, I don't think a collective best practice for general usage is something I've seen. On 6/12/06, Lucas, Bryan [EMAIL PROTECTED] wrote: Re-post Administrator Texas Christian University (817) 257-6971 From: [EMAIL PROTECTED] mailto:ActiveDir- [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan Sent: Thursday, June 08, 2006 8:05 AM To: ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Virtual DCs Along these lines, has anyone seen an actual best practices whitepaper for MS Virtual Server? How to configure disk arrays, controller cache, how many VHDs per volume, memory allocation, etc. Bryan Lucas Server Administrator Texas Christian University (817) 257-6971 From: [EMAIL PROTECTED] mailto:ActiveDir- [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Presley, Steven Sent: Wednesday, June 07, 2006 10:23 AM To: ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Virtual DCs This is absolutely true. I know virtualization scares a lot of people, but the fact is that in some environments virtualizing systems saves a great deal of money and actually makes managing systems much easier (here it has reportedly saved a significant amount in hardware cost for the enterprise). I have been closely watching my Exchange servers ever since our AD side of the house started virtualizing DC's and with domain controllers running on ESX servers in an optimized configuration the performance is very close to hardware. I have noticed that in terms of LDAP performance that VM's are a tad bit slower then hardware, but that tad is well within the range of performance that applications like Exchange require. After over a year of having virtualized DC's we have not had any problems with virtualized domain controllers (placed globally on ESX servers around the world). We do, however, work on the side of caution and do maintain a few hardware DC's in our HQ that own FSMO roles, but I've seen nothing to suggest that they could not be on VM's to date (it's just a precaution). I have to admit at first I totally dismissed virtualization because I considered it, like others, as more of a development\test environment solution, however I have since been convinced after working with virtualized OS's that it has it's place (we have 100's if not 1000's of virtualized hosts currently in production). I/O intensive applications are not a good place for virtualization in production, but other less I/O intensive applications work great with it. Brian does have a point in that it has to be done correctly and with the right understanding of how to build a high performing virtualization environment it will work just fine for domain controllers\global catalog servers. Regards, Steven From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] mailto:ActiveDir- [EMAIL PROTECTED] ] On Behalf Of Brian Desmond Sent: Wednesday, June 07, 2006 12:04 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Virtual DCs I have no problem with VMWare or Virtual Server DCs if done correctly. Frankly, 7K users is like pocket change if you ask me. Really, the users generate no load – they logon to the PC and change their password. Things like Exchange (and OLK), machines, and other AD aware apps do. If properly written and the virtual hardware properly configured everything should still jive. If I had to make a one off guess with no more info I'd say go for it. The price war with MS and EMC on virtualization has made this far more economical,
RE: [ActiveDir] AD integration
Just want to quickly say thanks to both of you, Joe and Al, you've helped me form some thoughts around this area that I can work with. This short discussion has been very useful. If I ever see either of you at a MVP gathering I owe you a beverage of your choice, or two. -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of joe Sent: 12 June 2006 15:57 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD integration The answer to this one is of course it depends. At first blush it sounds like a single threaded app. Depending on the vendor, this may be the best/safest thing to do. :) As for best practices. I don't think there are any best practices for how many domains you should pull data from at a time. It would again depend entirely on the app and what it is supposed to be doing and the dangers exposed in doing it. For a relatively fast application that works well in single and multidomain environments I could see cases where it is better to pull from the GC or better to set up a thread pool and pull from x domains at once or a combination. Certainly the thread pool solutions are the more scalable solutions but they are also the much harder to do right and the more costly solutions. Most customers chose apps on how cheap they are first, then later they start to realize the shortcomings that made them cheaper. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob MOIR Sent: Monday, June 12, 2006 8:31 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD integration Just a quick question. Is anyone aware of any best practice documentation of how a product ought to integrate with AD (e.g. to pull out user data for its own use). Failing that, can anyone comment on what they think of a model that can only pull data out of one domain at a time so for a 1 domain forest needs to make a connection to each domain in turn, pull down that information and then load it into SQL server. Am I crazy in thinking that anyone following this model has probably just found out that their old NT4 domain integration code kinda works and did the bare minimum tidying up before halting any further work? -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Time Server for Forest Root PDC
-Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Teo De Las Heras Sent: 12 June 2006 18:23 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Time Server for Forest Root PDC How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com? I'm coming late to this party but that hasn't stopped me throwing in my two pennies worth before... We have our own atomic / radio clock here, physically attached to a DC. The DC it is connected to syncs to this hardware and all our other servers sync to this DC. My feeling is that while having the correct time is obviously a very good thing, what is more important is that all your nodes are consistent with each other; in other words, I think that what source you pick is less important than picking just one source and making damn sure every node uses time that is based off this source. -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] bitwise filters
Thanks for replying Tony. Unfortunately gmail couldnt read your reply so I resorted to the archive. In my example for searching universal groups, I wasnt distinguishing between security and distribution groups. Therefore the 2nd filter is correct too isnt it? As for the 3rd question, I am sure you can answer it. Please dont hold back. I merely addressed it to Joe as he wrote the tool and hence should know how it behaves more than anyone else ;-) But if anyone else could explain it, I will be most grateful. TIA M@ On 6/13/06, Tony Murray [EMAIL PROTECTED] wrote: List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] OT: RUS
We have 1 AD forest with 5 total domains. They are sister domains and they dont share a namespace. For instance we have one domain for our Police Department, one for the Sheriff Department, one for the Public Schools, etc. As for Stevens suggestion for UPN, we were hoping to use that, but it looks like well have to do a lot of cleanup before we can. Theres a lot of incorrect UPNs in our directory. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, June 12, 2006 5:36 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: RUS There're probably too many definitions of the word domain to really give good advice. Can you expand that question? On 6/12/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: Would there be an easy way to write a RUS policy that stamped the email addresses based on what domain each user was in? This seems like it would be easy, but I don't see any attribute that I can get the domain from with an LDAP query. Please tell me I'm missing something obvious! Justin Clay ITS Enterprise Services Metropolitan Government of Nashville and Davidson County Howard School Building Phone: (615) 880-2573 ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
Re: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning Virtual Server
When deploying virtual disks, the same rules apply as they would for the same process on physical disks. For example, do not allow a database store to use the same disk spindles as its transaction logs. Something to note is that virtualization sometimes has a higher cost for the disk subsystem. What I mean by that is that if you normally would expect 90 IOPS from a spindle on a standard machine, you might only be able to push 80 IOPS in a virtualized machine. As Robert also points out, if you mix multiple VM's on spindles, which you're often pressured to do, that can become less responsive in large increments. Don't assume you'll get a 1 for 1 performance swap for physical hardware. Also consider that the backplane becomes shared, and there's a shim driver between the host and the disk subsystem that adds performance cost. The good news is that a lot of legacy OS's have low hardware requirements. They'd be really happy to use a 15K spindle, 400 MHZ memory, and 3GHZ processors with tons of cache and a fast FSB. Especially for OS's that are barely using their existing PII with 128 MB :) Not to mention the 64b deployments that really open a lot of doors for memory and processor as well. Another one to watch that often gets overlooked is the network bandwidth. For example, if you stack 10 VM's on a single guest, you have at least (details another time) 11 hosts worth of network traffic to plan for and support. Gigabit adapters suddenly don't seem like they have so much extra capacity. Be careful what you do at the host level. In the past, if you just willy-nilly threw on patches and configuration changes, at most you would take down that machine only. When you scale that to 10 or 20 or 30 guests, the impact is much much higher. Consider employing best configuration practices for your hosts at a minimum. You'll be glad you did. Look both ways when you cross the street, don't spit in the wind, and don't tug on Superman's cape. [1] Virus scans: be sure to do your homework there. Some of these VM's and components can look like morphing software to a virus scanner. Something else that wasn't mentioned before, but can be very helpful is that your VM's can be useful for creating valid-data test environments and can be instrumental in fast-recovery disaster scenarios if done correctly. They really can open the door for a lot of options. Al [1] I just throw that in there because I'm drinking my coffee and it seemed like a diversion would be amusing for the moment. That's not to say you can disregard that advice without consequence; to the contrary, you'll still want to understand the risk/reward of any of those actions before going against the advice. G[2] [2] Oh, and it's not original adivce. I know that too 'cause the coffee is starting to kick in... On 6/13/06, Rob MOIR [EMAIL PROTECTED] wrote: I have a few notes on general best practices for building Virtual Servers on my website if that is any help: http://robertmoir.com/blogs/someone_else/archive/2006/03/12/2155.aspx--Robert MoirMicrosoft MVP for Windows Servers Security Senior IT Systems EngineerLuton Sixth Form CollegeRight vs. Wrong | Good vs. EvilGod vs. the devil | What side you on? -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED]] On Behalf Of Al Mulnick Sent: 13 June 2006 03:07 To: ActiveDir@mail.activedir.org Subject: OT: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning Virtual Server There's this: http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3- 4209-8ED2-E261A117FC6Bdisplaylang=en And then http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx And http://www.microsoft.com/downloads/details.aspx?FamilyId=64DB845D-F7A3- 4209-8ED2-E261A117FC6Bdisplaylang=en But now that you mention it, I don't think a collective best practice for general usage is something I've seen. On 6/12/06, Lucas, Bryan [EMAIL PROTECTED] wrote: Re-post Administrator Texas Christian University (817) 257-6971 From: [EMAIL PROTECTED] mailto:ActiveDir- [EMAIL PROTECTED][mailto: [EMAIL PROTECTED]] On Behalf Of Lucas, Bryan Sent: Thursday, June 08, 2006 8:05 AM To: ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Virtual DCs Along these lines, has anyone seen an actual best practices whitepaper for MS Virtual Server?How to configure disk arrays, controller cache, how many VHDs per volume, memory allocation, etc. Bryan Lucas Server Administrator Texas Christian University (817) 257-6971 From: [EMAIL PROTECTED] mailto:ActiveDir- [EMAIL PROTECTED][mailto: [EMAIL PROTECTED]] On Behalf Of Presley, Steven Sent: Wednesday, June 07, 2006 10:23 AM To: ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Virtual DCs This is absolutely true.I know virtualization scares a lot of people, but the fact is that in some environments
Re: [ActiveDir] OT: RUS
I think it's a really good idea to clean up the UPN's. However, I think it worth noting that you may want to have a look at the process that provisions the users and creates those upn's. Just to make sure you don't end up doing the work over and over again. I realize upn alone will work, but I think it would be a good idea to consider tagging the user objects' custom attributes with some identifying information as well. It may be that in the future you'll want to sort on different attributes and you may or may not be in a situation where upn is flexible enough. Al On 6/13/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: We have 1 AD forest with 5 total domains. They are "sister" domains and they don't share a namespace. For instance we have one domain for our Police Department, one for the Sheriff Department, one for the Public Schools, etc. As for Steven's suggestion for UPN, we were hoping to use that, but it looks like we'll have to do a lot of cleanup before we can. There's a lot of incorrect UPNs in our directory. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Al MulnickSent: Monday, June 12, 2006 5:36 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: RUS There're probably too many definitions of the word domain to really give good advice. Can you expand that question? On 6/12/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: Would there be an easy way to write a RUS policy that stamped the email addresses based on what domain each user was in? This seems like it would be easy, but I don't see any attribute that I can get the domain from with an LDAP query. Please tell me I'm missing something obvious! Justin Clay ITS Enterprise Services Metropolitan Government of Nashville and Davidson County Howard School Building Phone: (615) 880-2573 ITS ENTERPRISE SERVICES EMAIL NOTICEThe information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. ITS ENTERPRISE SERVICES EMAIL NOTICEThe information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
RE: [ActiveDir] OT: RUS
Al, I think thats great advice. I wish we really had a provisioning system, like MIIS or something similar. We have 22,000 users and theyre all maintained by hand, which is horrible. We have considered using a custom attribute to tag employees as well. Were definitely going to be using employeeType in the near future to at least identify service accounts and contractors/vendors. I think we might end up tagging other custom attributes as well. We currently tag a custom attribute with the users Exchange quota limit so that our Exchange guys can use that attribute to set mailbox limits. Since were on the topic of UPNs, how are additional UPNs created and managed? There are about 15 additional UPNs in our UPN dropdown list that were created long before I was here, and honestly we dont need them. I believe at some point the previous admin was going to have a separate UPN for each department, such as police.domain.com, fire.domain.com, sheriff.domain.com. Im not sure what the thinking behind that was (although Im sure there was a reason) but we have no use for them at this point. How can I remove them or modify them? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Tuesday, June 13, 2006 7:41 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: RUS I think it's a really good idea to clean up the UPN's. However, I think it worth noting that you may want to have a look at the process that provisions the users and creates those upn's. Just to make sure you don't end up doing the work over and over again. I realize upn alone will work, but I think it would be a good idea to consider tagging the user objects' custom attributes with some identifying information as well. It may be that in the future you'll want to sort on different attributes and you may or may not be in a situation where upn is flexible enough. Al On 6/13/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: We have 1 AD forest with 5 total domains. They are sister domains and they don't share a namespace. For instance we have one domain for our Police Department, one for the Sheriff Department, one for the Public Schools, etc. As for Steven's suggestion for UPN, we were hoping to use that, but it looks like we'll have to do a lot of cleanup before we can. There's a lot of incorrect UPNs in our directory. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Al Mulnick Sent: Monday, June 12, 2006 5:36 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: RUS There're probably too many definitions of the word domain to really give good advice. Can you expand that question? On 6/12/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: Would there be an easy way to write a RUS policy that stamped the email addresses based on what domain each user was in? This seems like it would be easy, but I don't see any attribute that I can get the domain from with an LDAP query. Please tell me I'm missing something obvious! Justin Clay ITS Enterprise Services Metropolitan Government of Nashville and Davidson County Howard School Building Phone: (615) 880-2573 ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
Re: [ActiveDir] OT: RUS
http://support.microsoft.com/?kbid=243629 Al On 6/13/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: Al, I think that's great advice. I wish we really had a provisioning system, like MIIS or something similar. We have 22,000 users and they're all maintained by hand, which is horrible. We have considered using a custom attribute to tag employees as well. We're definitely going to be using employeeType in the near future to at least identify service accounts and contractors/vendors. I think we might end up tagging other custom attributes as well. We currently tag a custom attribute with the user's Exchange quota limit so that our Exchange guys can use that attribute to set mailbox limits. Since we're on the topic of UPNs, how are additional UPNs created and managed? There are about 15 additional UPNs in our UPN dropdown list that were created long before I was here, and honestly we don't need them. I believe at some point the previous admin was going to have a separate UPN for each department, such as police.domain.com, fire.domain.com, sheriff.domain.com. I'm not sure what the thinking behind that was (although I'm sure there was a reason) but we have no use for them at this point. How can I remove them or modify them? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Al MulnickSent: Tuesday, June 13, 2006 7:41 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: RUS I think it's a really good idea to clean up the UPN's. However, I think it worth noting that you may want to have a look at the process that provisions the users and creates those upn's. Just to make sure you don't end up doing the work over and over again. I realize upn alone will work, but I think it would be a good idea to consider tagging the user objects' custom attributes with some identifying information as well. It may be that in the future you'll want to sort on different attributes and you may or may not be in a situation where upn is flexible enough. Al On 6/13/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: We have 1 AD forest with 5 total domains. They are sister domains and they don't share a namespace. For instance we have one domain for our Police Department, one for the Sheriff Department, one for the Public Schools, etc. As for Steven's suggestion for UPN, we were hoping to use that, but it looks like we'll have to do a lot of cleanup before we can. There's a lot of incorrect UPNs in our directory. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Al MulnickSent: Monday, June 12, 2006 5:36 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: RUS There're probably too many definitions of the word domain to really give good advice. Can you expand that question? On 6/12/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: Would there be an easy way to write a RUS policy that stamped the email addresses based on what domain each user was in? This seems like it would be easy, but I don't see any attribute that I can get the domain from with an LDAP query. Please tell me I'm missing something obvious! Justin Clay ITS Enterprise Services Metropolitan Government of Nashville and Davidson County Howard School Building Phone: (615) 880-2573 ITS ENTERPRISE SERVICES EMAIL NOTICEThe information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. ITS ENTERPRISE SERVICES EMAIL NOTICEThe information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. ITS ENTERPRISE SERVICES EMAIL NOTICEThe information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
RE: [ActiveDir] OT: RUS
Thanks Al! Thats so easy Im a bit embarrassed J From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Tuesday, June 13, 2006 8:28 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: RUS http://support.microsoft.com/?kbid=243629 Al On 6/13/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: Al, I think that's great advice. I wish we really had a provisioning system, like MIIS or something similar. We have 22,000 users and they're all maintained by hand, which is horrible. We have considered using a custom attribute to tag employees as well. We're definitely going to be using employeeType in the near future to at least identify service accounts and contractors/vendors. I think we might end up tagging other custom attributes as well. We currently tag a custom attribute with the user's Exchange quota limit so that our Exchange guys can use that attribute to set mailbox limits. Since we're on the topic of UPNs, how are additional UPNs created and managed? There are about 15 additional UPNs in our UPN dropdown list that were created long before I was here, and honestly we don't need them. I believe at some point the previous admin was going to have a separate UPN for each department, such as police.domain.com, fire.domain.com, sheriff.domain.com. I'm not sure what the thinking behind that was (although I'm sure there was a reason) but we have no use for them at this point. How can I remove them or modify them? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Al Mulnick Sent: Tuesday, June 13, 2006 7:41 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: RUS I think it's a really good idea to clean up the UPN's. However, I think it worth noting that you may want to have a look at the process that provisions the users and creates those upn's. Just to make sure you don't end up doing the work over and over again. I realize upn alone will work, but I think it would be a good idea to consider tagging the user objects' custom attributes with some identifying information as well. It may be that in the future you'll want to sort on different attributes and you may or may not be in a situation where upn is flexible enough. Al On 6/13/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: We have 1 AD forest with 5 total domains. They are sister domains and they don't share a namespace. For instance we have one domain for our Police Department, one for the Sheriff Department, one for the Public Schools, etc. As for Steven's suggestion for UPN, we were hoping to use that, but it looks like we'll have to do a lot of cleanup before we can. There's a lot of incorrect UPNs in our directory. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Al Mulnick Sent: Monday, June 12, 2006 5:36 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: RUS There're probably too many definitions of the word domain to really give good advice. Can you expand that question? On 6/12/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: Would there be an easy way to write a RUS policy that stamped the email addresses based on what domain each user was in? This seems like it would be easy, but I don't see any attribute that I can get the domain from with an LDAP query. Please tell me I'm missing something obvious! Justin Clay ITS Enterprise Services Metropolitan Government of Nashville and Davidson County Howard School Building Phone: (615) 880-2573 ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail
[ActiveDir] OT: Cisco Unity AD schema extensions
Has anyone worked with/been involved with the Cisco unity AD schema extensions? One of our divisions is planning to go with the integrated solution and wants to run the schema update. I have the link on Cisco's site about what they add. http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_white_pap er09186a00800e4535.shtml But I don't know enough about AD to know the impact now and in the future for windows and Exchange upgrades. Any feedback is appreciated. Thanks,jb -- Jason Benway Network Services Manager [EMAIL PROTECTED] GHSP List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] corrupt vmware DC
Booted up VMware with DC (2003, SP1)on it yesterday and got an "internal error" on AD at start, forcing a reboot. Went into DSRM and ran semantic checker in ntdsutil. Checker returned error: Records scanned: 1200Error fetching security descriptor [ Jet Error -1017] which, upon searching out that error code, indicates the "record has been deleted". Thanks... "Go Fixup"fails similarly. As this is just a test server, I'm not too bummed, although I would love to not have to reinstall the OS. In any case, anyone seen this and know any nifty tricks to recover from it? Darren
[ActiveDir] FRS/DFS woes
I'm trying to set up a DFS share and having all sorts of issues getting it to work. I've installed Ultrasound and i'm either not sure where to look in it for the answer or it's not giving me the answer. I set up a link with 3 targets in a ring replication topology. 2 of the 3 servers are Win2k3, 1 is Win2k. The only server the file is showing up on is the one that is set up as the master to replicate from. The errors i'm mostly seeing are: The File Replication Service is having trouble enabling replication from CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name campatfs01.ccc.ourdomain.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name campatfs01.ccc.ourdomain.com from this computer. [2] FRS is not running on campatfs01.ccc.ourdomain.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. and Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller \\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration information. I'm thoroughly stumped. Any advice? Name resolution seems to be working reverse and forward between the servers. Thanks in advance ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] corrupt vmware DC
Taking offline. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Tuesday, June 13, 2006 7:20 AM To: activedir@mail.activedir.org Subject: [ActiveDir] corrupt vmware DC Booted up VMware with DC (2003, SP1)on it yesterday and got an internal error on AD at start, forcing a reboot. Went into DSRM and ran semantic checker in ntdsutil. Checker returned error: Records scanned: 1200Error fetching security descriptor [ Jet Error -1017] which, upon searching out that error code, indicates the record has been deleted. Thanks... Go Fixupfails similarly. As this is just a test server, I'm not too bummed, although I would love to not have to reinstall the OS. In any case, anyone seen this and know any nifty tricks to recover from it? Darren
[ActiveDir] UserName Psswd Script
I need to map to a windows standalone server from a domain machine with a different username and password other than the domain account. Anyone care to share a script? Thank you, Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Time Server for Forest Root PDC
Time lag can be a painful thing in certain applications, had an incident before where the payroll system which is linked to the accesscard system was getting out of sync, some factory production workers are getting free overtime pay due to a few mins out of sync with the realworld's time... Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob MOIR Sent: Tuesday, June 13, 2006 6:33 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Time Server for Forest Root PDC -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Teo De Las Heras Sent: 12 June 2006 18:23 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Time Server for Forest Root PDC How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com? I'm coming late to this party but that hasn't stopped me throwing in my two pennies worth before... We have our own atomic / radio clock here, physically attached to a DC. The DC it is connected to syncs to this hardware and all our other servers sync to this DC. My feeling is that while having the correct time is obviously a very good thing, what is more important is that all your nodes are consistent with each other; in other words, I think that what source you pick is less important than picking just one source and making damn sure every node uses time that is based off this source. -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] UserName Psswd Script
Solved my own problem.. Thank you.. Za Vue wrote: I need to map to a windows standalone server from a domain machine with a different username and password other than the domain account. Anyone care to share a script? Thank you, Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Group membership question
Title: Group membership question Sorry if this is a daft question, but I can't find an answer anywhere: Is a User considered a Child object of a Group to which it is a member? Cheers Danny
RE: [ActiveDir] FRS/DFS woes
Where is the root of the DFS located? I seem to remember having problems with DFS replication before, because one of the servers hosting the root had it's DNS incorrectly configured. Ultrasound would report any errors sure enough. After decoding what it all means you'll need a dark room to lie down in for a few hours. :) Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: 13 June 2006 15:31 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] FRS/DFS woes I'm trying to set up a DFS share and having all sorts of issues getting it to work. I've installed Ultrasound and i'm either not sure where to look in it for the answer or it's not giving me the answer. I set up a link with 3 targets in a ring replication topology. 2 of the 3 servers are Win2k3, 1 is Win2k. The only server the file is showing up on is the one that is set up as the master to replicate from. The errors i'm mostly seeing are: The File Replication Service is having trouble enabling replication from CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name campatfs01.ccc.ourdomain.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name campatfs01.ccc.ourdomain.com from this computer. [2] FRS is not running on campatfs01.ccc.ourdomain.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. and Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller \\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration information. I'm thoroughly stumped. Any advice? Name resolution seems to be working reverse and forward between the servers. Thanks in advance ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] UserName Psswd Script
Why a script? Why not: Net use * \\server\share /u:server\user * i.e. connect using an account defined locally on the machine named 'server'. neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: 13 June 2006 16:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] UserName Psswd Script I need to map to a windows standalone server from a domain machine with a different username and password other than the domain account. Anyone care to share a script? Thank you, Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Group membership question
Title: Group membership question No it is a value in an attribute. A child object would be an object that has a group as its parent... I.E. cn=group,ou=someou,dc=dom,dc=com and the child object of cn=somethingelse,cn=group,ou=someou,dc=com,dc=com In the default schema, the only objectclass that can be instantiated as an object under a group is objectClass classStore. You can determine that by looking at the possibleInferiors attribute of the group object. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, DannySent: Tuesday, June 13, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Group membership question Sorry if this is a daft question, but I can't find an answer anywhere: Is a User considered a Child object of a Group to which it is a member? Cheers Danny
RE: [ActiveDir] FRS/DFS woes
The root of the DFS is located on our PDC emulator, which is also a DNS server itself. If I go into the dfs root on the PDC emulator I see the file I copied to the \\domain.com\dfs\software directory, it's just not replicating to any of the other links. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny Sent: Tuesday, June 13, 2006 10:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FRS/DFS woes Where is the root of the DFS located? I seem to remember having problems with DFS replication before, because one of the servers hosting the root had it's DNS incorrectly configured. Ultrasound would report any errors sure enough. After decoding what it all means you'll need a dark room to lie down in for a few hours. :) Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: 13 June 2006 15:31 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] FRS/DFS woes I'm trying to set up a DFS share and having all sorts of issues getting it to work. I've installed Ultrasound and i'm either not sure where to look in it for the answer or it's not giving me the answer. I set up a link with 3 targets in a ring replication topology. 2 of the 3 servers are Win2k3, 1 is Win2k. The only server the file is showing up on is the one that is set up as the master to replicate from. The errors i'm mostly seeing are: The File Replication Service is having trouble enabling replication from CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name campatfs01.ccc.ourdomain.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name campatfs01.ccc.ourdomain.com from this computer. [2] FRS is not running on campatfs01.ccc.ourdomain.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. and Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller \\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration information. I'm thoroughly stumped. Any advice? Name resolution seems to be working reverse and forward between the servers. Thanks in advance ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] FRS/DFS woes
Sonar says the CreateFailedCount is 16 on my replication test. Maybe it's some sort of permission issue. ?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny Sent: Tuesday, June 13, 2006 10:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FRS/DFS woes Where is the root of the DFS located? I seem to remember having problems with DFS replication before, because one of the servers hosting the root had it's DNS incorrectly configured. Ultrasound would report any errors sure enough. After decoding what it all means you'll need a dark room to lie down in for a few hours. :) Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: 13 June 2006 15:31 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] FRS/DFS woes I'm trying to set up a DFS share and having all sorts of issues getting it to work. I've installed Ultrasound and i'm either not sure where to look in it for the answer or it's not giving me the answer. I set up a link with 3 targets in a ring replication topology. 2 of the 3 servers are Win2k3, 1 is Win2k. The only server the file is showing up on is the one that is set up as the master to replicate from. The errors i'm mostly seeing are: The File Replication Service is having trouble enabling replication from CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name campatfs01.ccc.ourdomain.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name campatfs01.ccc.ourdomain.com from this computer. [2] FRS is not running on campatfs01.ccc.ourdomain.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. and Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller \\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration information. I'm thoroughly stumped. Any advice? Name resolution seems to be working reverse and forward between the servers. Thanks in advance ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] OT: Cisco Unity AD schema extensions
I haven't worked with Cisco's Unity products, but a quick look a the document link you sent doesn't indicate anything out of the ordinary. It appears to add cisco-specific attributes to the user, group and contact objects and adds a new class specific to unity. From a managing the Active Directory viewpoint, it would be good to ensure this is not a pilot or a test because the schema mods are pretty much one way (sure, you can later disable them, but it gets trashy if you continue to add/disable, etc). If you really want to continue down the path of due diligence, you could look up the OID's that Cisco registered to make sure they're properly done etc. I would expect they are, but belts and braces and all that. Al On 6/13/06, Jason Benway [EMAIL PROTECTED] wrote: Has anyone worked with/been involved with the Cisco unity AD schemaextensions?One of our divisions is planning to go with the integrated solution and wants to run the schema update.I have the link on Cisco's site about what they add.http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_white_pap er09186a00800e4535.shtmlBut I don't know enough about AD to know the impact now and in thefuture for windows and Exchange upgrades.Any feedback is appreciated.Thanks,jb-- Jason BenwayNetwork Services Manager[EMAIL PROTECTED]GHSPList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] OT: Cisco Unity AD schema extensions
We're using this product and extended out schema. No problems to-date. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, June 13, 2006 9:06 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Cisco Unity AD schema extensions Has anyone worked with/been involved with the Cisco unity AD schema extensions? One of our divisions is planning to go with the integrated solution and wants to run the schema update. I have the link on Cisco's site about what they add. http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_white_pap er09186a00800e4535.shtml But I don't know enough about AD to know the impact now and in the future for windows and Exchange upgrades. Any feedback is appreciated. Thanks,jb -- Jason Benway Network Services Manager [EMAIL PROTECTED] GHSP List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Time Server for Forest Root PDC
You do want to choose a reliable source, whatever it is. An external atomic clock is most likely to be reliable so long as you can communicate with it successfully and consistently. It is important to keep internal system clocks in synch. Chuck-Original Message-From: Rob MOIR [EMAIL PROTECTED]To: ActiveDir@mail.activedir.orgSent: Tue, 13 Jun 2006 11:33:20 +0100Subject: RE: [ActiveDir] Time Server for Forest Root PDC -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED]] On Behalf Of Teo De Las Heras Sent: 12 June 2006 18:23 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Time Server for Forest Root PDC How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com? I'm coming late to this party but that hasn't stopped me throwing in my two pennies worth before... We have our own atomic / radio clock here, physically attached to a DC. The DC it is connected to syncs to this hardware and all our other servers sync to this DC. My feeling is that while having the correct time is obviously a very good thing, what is more important is that all your nodes are consistent with each other; in other words, I think that what source you pick is less important than picking just one source and making damn sure every node uses time that is based off this source. -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Check out AOL.com today. Breaking news, video search, pictures, email and IM. All on demand. Always Free.
[ActiveDir] DNS reverse lookup problem
Hi,Windows 2003, FFL Single Domain, Active Integrated DNS on two DC'sI have an issue with DNS and the reverse zone.Some computers have multiple PTR records e.g:Computer1 192.168.6.5 Computer1 192.168.6.66I don't know why this is happening,I noticed that theDHCP Properties under the DNS tab had changed from 'Dynamically update DNS A and PTR records only if requested by the DHCP Clients'to 'Always dynamically updated DNS A and PTR records' I nowhave an issue whereby my I have multiple PTR records for individual PC's.Does anyone know:1) Whether the setting change would have this effect? if not, what else would? Whats the difference between the two? 2) What is the best way to clear the stale records that are no longer valid? do I need to manually delete them?thanks fromJames __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: [ActiveDir] OT: Cisco Unity AD schema extensions
Title: Message Thank you for your feedback. I greatly respect the knowledge of this group. jb -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Tuesday, June 13, 2006 12:49 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: Cisco Unity AD schema extensions I haven't worked with Cisco's Unity products, but a quick look a the document link you sent doesn't indicate anything out of the ordinary. It appears to add cisco-specific attributes to the user, group and contact objects and adds a new class specific to unity. From a managing the Active Directory viewpoint, it would be good to ensure this is not a pilot or a test because the schema mods are pretty much one way (sure, you can later disable them, but it gets trashy if you continue to add/disable, etc). If you really want to continue down the path of due diligence, you could look up the OID's that Cisco registered to make sure they're properly done etc. I would expect they are, but belts and braces and all that. Al On 6/13/06, Jason Benway [EMAIL PROTECTED] wrote: Has anyone worked with/been involved with the Cisco unity AD schemaextensions?One of our divisions is planning to go with the integrated solution and wants to run the schema update.I have the link on Cisco's site about what they add.http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_white_pap er09186a00800e4535.shtmlBut I don't know enough about AD to know the impact now and in thefuture for windows and Exchange upgrades.Any feedback is appreciated.Thanks,jb-- Jason BenwayNetwork Services Manager[EMAIL PROTECTED]GHSPList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Group membership question
PLEASE TAKE ME OFF YOUR LIST = I AM GETTING HUNDREDS OF UNSOLICITED MESSAGES, THX PETE -- Original message -- From: "joe" [EMAIL PROTECTED] No it is a value in an attribute. A child object would be an object that has a group as its parent... I.E. cn=group,ou=someou,dc=dom,dc=com and the child object of cn=somethingelse,cn=group,ou=someou,dc=com,dc=com In the default schema, the only objectclass that can be instantiated as an object under a group is objectClass classStore. You can determine that by looking at the possibleInferiors attribute of the group object. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, DannySent: Tuesday, June 13, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Group membership question Sorry if this is a daft question, but I can't find an answer anywhere: Is a User considered a Child object of a Group to which it is a member? Cheers Danny
RE: [ActiveDir] UserName Psswd Script
PLEASE TAKE ME OFF YOUR LIST I AM GETTING HUNDREDS OF UNSOLICITED EMAILS, THX PETE -- Original message -- From: [EMAIL PROTECTED] Why a script? Why not: "Net use * \\server\share /u:server\user *" i.e. connect using an account defined locally on the machine named 'server'.neil-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: 13 June 2006 16:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] UserName Psswd Script I need to map to a windows standalone server from a domain machine with a different username and password other than the domain account. Anyone care to share a script? Thank you, Z.V. ; List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a ha rd copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] UserName Psswd Script
Hi Pete, Have you tried going to the site listed at the bottom of every message? If you go to http://www.activedir.org/List.aspxyou will find instructions on how to unsubscribe from the list. Take care! Phil On 6/13/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: PLEASE TAKE ME OFF YOUR LIST I AM GETTING HUNDREDS OF UNSOLICITED EMAILS, THX PETE -- Original message -- From: [EMAIL PROTECTED] Why a script? Why not: Net use * \\server\share /u:server\user * i.e. connect using an account defined locally on the machine named 'server'. neil-Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Za Vue Sent: 13 June 2006 16:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] UserName Psswd Script I need to map to a windows standalone server from a domain machine with a different username and password other than the domain account. Anyone care to share a script? Thank you, Z.V. gt ; List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a ha rd copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DNS reverse lookup problem
1) I wouldn't expect it to change the behavior you're specifically seeing. Why? Because the system doesn't just arbitrarily decide to register some host. That setting is more to do with security and legacy clients than it is spontaneous creation and registration of host records. 2) Best way to clear the unneeded/unused records is with scavenging. In your case, I don't know that it solve your particular problem, but it's one way to get closer. I say that becuase a) I'm not sure why you're so terribly interested in the PTR records of workstations and b) laptopsespecially can/might/willwreak havoc on this type of record depending on how the records are created/updated, etc. What makes you interested in PTR records? Can you shed some light on that? On 6/13/06, James Carter [EMAIL PROTECTED] wrote: Hi, Windows 2003, FFL Single Domain, Active Integrated DNS on two DC's I have an issue with DNS and the reverse zone.Some computers have multiple PTR records e.g: Computer1 192.168.6.5 Computer1 192.168.6.66 I don't know why this is happening,I noticed that theDHCP Properties under the DNS tab had changed from 'Dynamically update DNS A and PTR records only if requested by the DHCP Clients'to 'Always dynamically updated DNS A and PTR records' I nowhave an issue whereby my I have multiple PTR records for individual PC's. Does anyone know: 1) Whether the setting change would have this effect? if not, what else would? Whats the difference between the two? 2) What is the best way to clear the stale records that are no longer valid? do I need to manually delete them? thanks from James __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: [ActiveDir] DNS - How to tell the static DNS IP-addresses per server
Thank you all, great input. I will be trying this and will let you know the outcome. Victor From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard KlineSent: dinsdag 13 juni 2006 6:18To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DNS - How to tell the static DNS IP-addresses per server Please find a better VBS script below. The last post was a while rushing out the door effort. There is now: A Where clause which limits the adapter scope ( where dnshostname is not null). Less information as most of the non-needed for this exercise stuff is removed. An example of how to embed an array of hosts. Of course the script assumes that the account with which youve logged in has adequate security permissions on all of the boxes being queried. Richard On Error Resume Next Const wbemFlagReturnImmediately = h10 Const wbemFlagForwardOnly = h20 arrComputers = Array("192.168.1.15","192.168.1.16","192.168.1.154") For Each strComputer In arrComputers WScript.Echo WScript.Echo "==" WScript.Echo "Computer: " strComputer WScript.Echo "==" Set objWMIService = GetObject("winmgmts:\\" strComputer "\root\CIMV2") Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration where dnshostname is not null", "WQL", _ wbemFlagReturnImmediately + wbemFlagForwardOnly) For Each objItem In colItems WScript.Echo "DNSHostName: " objItem.DNSHostName WScript.Echo "Caption: " objItem.Caption strDefaultIPGateway = Join(objItem.DefaultIPGateway, ",") WScript.Echo "DefaultIPGateway: " strDefaultIPGateway strDNSDomainSuffixSearchOrder = Join(objItem.DNSDomainSuffixSearchOrder, ",") WScript.Echo "DNSDomainSuffixSearchOrder: " strDNSDomainSuffixSearchOrder WScript.Echo "DNSEnabledForWINSResolution: " objItem.DNSEnabledForWINSResolution strDNSServerSearchOrder = Join(objItem.DNSServerSearchOrder, ",") WScript.Echo "DNSServerSearchOrder: " strDNSServerSearchOrder WScript.Echo "DomainDNSRegistrationEnabled: " objItem.DomainDNSRegistrationEnabled strIPAddress = Join(objItem.IPAddress, ",") WScript.Echo "IPAddress: " strIPAddress WScript.Echo "WINSEnableLMHostsLookup: " objItem.WINSEnableLMHostsLookup WScript.Echo "WINSHostLookupFile: " objItem.WINSHostLookupFile WScript.Echo "WINSPrimaryServer: " objItem.WINSPrimaryServer WScript.Echo "WINSScopeID: " objItem.WINSScopeID WScript.Echo "WINSSecondaryServer: " objItem.WINSSecondaryServer WScript.Echo Next Next Function WMIDateStringToDate(dtmDate) WScript.Echo dtm: WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) "/" _ Mid(dtmDate, 7, 2) "/" Left(dtmDate, 4) _ " " Mid (dtmDate, 9, 2) ":" Mid(dtmDate, 11, 2) ":" Mid(dtmDate,13, 2)) End Function From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Freddy HARTONOSent: Monday, June 12, 2006 11:16 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DNS - How to tell the static DNS IP-addresses per server The only comments to the wmi below is that it will dump every network cards that you have, is there a way that you could do it for the primary network card (the one on top of the binding list?) As for registry key it will be NameServerList value but still binds to the transport id..(which is different for all servers) Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785
RE: [ActiveDir] UserName Psswd Script
I have manually unsubscribed the address. Tony From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Wednesday, 14 June 2006 8:12 a.m. To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] UserName Psswd Script Hi Pete, Have you tried going to the site listed at the bottom of every message? If you go to http://www.activedir.org/List.aspxyou will find instructions on how to unsubscribe from the list. Take care! Phil On 6/13/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: PLEASE TAKE ME OFF YOUR LIST I AM GETTING HUNDREDS OF UNSOLICITED EMAILS, THX PETE -- Original message -- From: [EMAIL PROTECTED] Why a script? Why not: Net use * \\server\share /u:server\user * i.e. connect using an account defined locally on the machine named 'server'. neil -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Za Vue Sent: 13 June 2006 16:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] UserName Psswd Script I need to map to a windows standalone server from a domain machine with a different username and password other than the domain account. Anyone care to share a script? Thank you, Z.V. gt ; List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a ha rd copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.
RE: [ActiveDir] FRS/DFS woes
Russ, Possibly - what are the permissions of the 3 folders you are trying to replicate around? Are they identical? Check the share permissions as well as the folder permissions. Can each machine resolve the FQDN of each of the other two machines from it? I'm making the assumption that all 3 machines are in the same domain - this is correct? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, 14 June 2006 2:25 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FRS/DFS woes Sonar says the CreateFailedCount is 16 on my replication test. Maybe it's some sort of permission issue. ?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny Sent: Tuesday, June 13, 2006 10:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FRS/DFS woes Where is the root of the DFS located? I seem to remember having problems with DFS replication before, because one of the servers hosting the root had it's DNS incorrectly configured. Ultrasound would report any errors sure enough. After decoding what it all means you'll need a dark room to lie down in for a few hours. :) Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: 13 June 2006 15:31 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] FRS/DFS woes I'm trying to set up a DFS share and having all sorts of issues getting it to work. I've installed Ultrasound and i'm either not sure where to look in it for the answer or it's not giving me the answer. I set up a link with 3 targets in a ring replication topology. 2 of the 3 servers are Win2k3, 1 is Win2k. The only server the file is showing up on is the one that is set up as the master to replicate from. The errors i'm mostly seeing are: The File Replication Service is having trouble enabling replication from CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name campatfs01.ccc.ourdomain.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name campatfs01.ccc.ourdomain.com from this computer. [2] FRS is not running on campatfs01.ccc.ourdomain.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. and Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller \\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration information. I'm thoroughly stumped. Any advice? Name resolution seems to be working reverse and forward between the servers. Thanks in advance ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] UserName Psswd Script
What a shame, Tony... his posts were so insightful... ;) themolk. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony MurraySent: Wednesday, 14 June 2006 7:02 AMTo: ActiveDir@mail.activedir.orgCc: [EMAIL PROTECTED]Subject: RE: [ActiveDir] UserName Psswd Script I have manually unsubscribed the address. Tony From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil RenoufSent: Wednesday, 14 June 2006 8:12 a.m.To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] UserName Psswd Script Hi Pete, Have you tried going to the site listed at the bottom of every message? If you go to http://www.activedir.org/List.aspxyou will find instructions on how to unsubscribe from the list. Take care! Phil On 6/13/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: PLEASE TAKE ME OFF YOUR LIST I AM GETTING HUNDREDS OF UNSOLICITED EMAILS, THX PETE -- Original message -- From: [EMAIL PROTECTED] Why a script? Why not: "Net use * \\server\share /u:server\user *" i.e. connect using an account defined locally on the machine named 'server'. neil -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Za Vue Sent: 13 June 2006 16:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] UserName Psswd Script I need to map to a windows standalone server from a domain machine with a different username and password other than the domain account. Anyone care to share a script? Thank you, Z.V. gt ; List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a ha rd copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.
[ActiveDir] OT: New Zealand
CheersTony - I was down in your area in March April, touring the South Island with Active New Zealand: awesome people, beautiful country, fantastic trip! I highly recommend it to everyone! Derek From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony MurraySent: Tuesday, June 13, 2006 3:02 PMTo: ActiveDir@mail.activedir.orgCc: [EMAIL PROTECTED]Subject: RE: [ActiveDir] UserName Psswd Script I have manually unsubscribed the address. Tony From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil RenoufSent: Wednesday, 14 June 2006 8:12 a.m.To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] UserName Psswd Script Hi Pete, Have you tried going to the site listed at the bottom of every message? If you go to http://www.activedir.org/List.aspxyou will find instructions on how to unsubscribe from the list. Take care! Phil On 6/13/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: PLEASE TAKE ME OFF YOUR LIST I AM GETTING HUNDREDS OF UNSOLICITED EMAILS, THX PETE -- Original message -- From: [EMAIL PROTECTED] Why a script? Why not: "Net use * \\server\share /u:server\user *" i.e. connect using an account defined locally on the machine named 'server'. neil -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Za Vue Sent: 13 June 2006 16:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] UserName Psswd Script I need to map to a windows standalone server from a domain machine with a different username and password other than the domain account. Anyone care to share a script? Thank you, Z.V. gt ; List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a ha rd copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.
[ActiveDir] How to block a sender in Exchange.
Hi there, I m having a exchange 2003 running in my org. with 500 clients using that. few weeks i m monitoring that a Particular Id is sending a virius mails i wanna block this sender how i will do that,.And also we are not able to send and recveive mails from a particular domain. Everytime when we r sending mails to arvindmills.com msg bounce back with error of Retry timeout exceeded.and on arvindmills side when they are sending mails they r not getting any bounce back and on our end we are not receiving that mail. We are having DHCP ip . Plz help me out on this prob. wating for ur resp. Thanx Regds Ajay
[ActiveDir] Active Directory Cookbook 2e
is now out. http://www.oreilly.com/catalog/activedckbk2/ Tony This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.
[ActiveDir] Domain gets Blacklisted
Hi all, Can u help me on this prob. Problem is that my exchange 2003 which installed on win 2003 dc agets blacklisted (Means my static ip is blacklisted). I searched how to stop this and on net i found solutions pointing towards open relay and spam protection. They r saying that ur exchange is spaming so tell me how to control and stop spamming. Thanx Ajay