RE: [ActiveDir] Time Server for Forest Root PDC

[neil.ruston]

I would suggest you sync with whatever time source(s) the 
organisation considers to be 'authoritative'.
 
This may be an internal time server or some external clock. 
The important point is that you trust this source to be correct and thus 
authoritative.
 
Many larger orgs have internal clocks that they utilise, 
for example (which sync to the outside world). 
 
It's another 'it depends' kind of question. I don't think 
there is a prescriptive solution to such a question.
 
 
neil


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Teo De Las 
HerasSent: 12 June 2006 18:23To: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Time Server for 
Forest Root PDC

How have people on this list configured their Forest Root PDC to 
synchronize the time service?  Is it O.K. to use an internal time server on 
a firewall?  Is it best to point to tick.usno.navy.mil or time.windows.com?
 
TeoPLEASE READ: The information contained in this email is confidential and

intended for the named recipient(s) only. If you are not an intended

recipient of this email please notify the sender immediately and delete your

copy from your system. You must not copy, distribute or take any further

action in reliance on it. Email is not a secure method of communication and

Nomura International plc ('NIplc') will not, to the extent permitted by law,

accept responsibility or liability for (a) the accuracy or completeness of,

or (b) the presence of any virus, worm or similar malicious or disabling

code in, this message or any attachment(s) to it. If verification of this

email is sought then please request a hard copy. Unless otherwise stated

this email: (1) is not, and should not be treated or relied upon as,

investment research; (2) contains views or opinions that are solely those of

the author and do not necessarily represent those of NIplc; (3) is intended

for informational purposes only and is not a recommendation, solicitation or

offer to buy or sell securities or related financial instruments.  NIplc

does not provide investment services to private customers.  Authorised and

regulated by the Financial Services Authority.  Registered in England

no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St Martin's-le-Grand,

London, EC1A 4NP.  A member of the Nomura group of companies.

[ActiveDir] OT: Global Catalog languages & Exchange 2003

[Freddy HARTONO]

Title: OT: Global Catalog languages & Exchange 2003





Hi


Apart from installing the language options in regional settings, do I still need to input the registry keys in the gc to reflect the languages?

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Ntds/Language


Cant find the document for exchange 2003 but the 2000 is below..
http://support.microsoft.com/kb/325622/en-us


Thank you and have a splendid day!
 
Kind Regards,
 
Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: [EMAIL PROTECTED]
phone: (+65) 6330-9785
 

RE: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning Virtual Server

[Rob MOIR]

Virtual Machine Additions are a set of drivers and applets to extend and 
improve integration of a guest OS into the Virtual Server / PC application.

As for Where do you get it / Why wouldn't they just include it in the default 
install, you get it as part of the default install because it *is* included ;-) 
(unless you want the Linux additions, they are still new, if not 'beta' and 
hence are a separately available but still free download)
... but you have to choose to install it and this is frequently over looked by 
those in a rush or inexperienced with Virtual Server. VMWare, Parallels and 
other similar products all have their equivalents, btw, and the same thing 
applies there; the extras are often overlooked but the performance improvements 
can be profound.

--
Robert Moir
Microsoft MVP for Windows Servers & Security
Senior IT Systems Engineer
Luton Sixth Form College
Right vs. Wrong   | Good vs. Evil
God vs. the devil | What side you on? 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: 13 June 2006 05:08
To: ActiveDir@mail.activedir.org
Subject: RE: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning 
Virtual Server

The paper on running a DC on a VM is interesting, particularly this section.  
What is Virtual Machine Additions and where do you get it?  Why wouldn't they 
just include this in the default install?

You can improve performance by installing Virtual Machine Additions as soon as 
the guest operating system is up and running. Virtual Machine Additions is a 
set of features that improves the integration of the host and guest operating 
systems. It also improves the performance and manageability of the guest 
operating system. You must install Virtual Machine Additions on all virtual 
machines. Virtual Machine Additions adds the following enhancements to a guest 
operating system: 
* Improved mouse cursor tracking and control. 
* Greatly improved overall performance. 
* Virtual machine heartbeat generator. 
* Optional time synchronization with the clock of the physical computer. This 
feature is enabled by default and must be disabled for domain controllers that 
are running in virtual machines.
* Increased small computer system interface (SCSI) controller performance.
* Support for two-node clustering between virtual machines for testing and 
development scenarios.


Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Monday, June 12, 2006 9:07 PM
To: ActiveDir@mail.activedir.org
Subject: OT: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning 
Virtual Server

There's this: 
http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3-4209-8ED2-E261A117FC6B&displaylang=en
 
 
And then 
http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx
 
And 
http://www.microsoft.com/downloads/details.aspx?FamilyId=64DB845D-F7A3-4209-8ED2-E261A117FC6B&displaylang=en
 
 
But now that you mention it, I don't think a collective best practice for 
general usage is something I've seen.
 
 

 
On 6/12/06, Lucas, Bryan <[EMAIL PROTECTED]> wrote: 
Re-post
 
Administrator
Texas Christian University
(817) 257-6971

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Thursday, June 08, 2006 8:05 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Virtual DCs
 
Along these lines, has anyone seen an actual best practices whitepaper for MS 
Virtual Server?  How to configure disk arrays, controller cache, how many VHDs 
per volume, memory allocation, etc. 
 
Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Presley, Steven
Sent: Wednesday, June 07, 2006 10:23 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Virtual DCs
 
This is absolutely true.  I know virtualization scares a lot of people, but the 
fact is that in some environments virtualizing systems saves a great deal of 
money and actually makes managing systems much easier (here it has reportedly 
saved a "significant" amount in hardware cost for the enterprise).  I have been 
closely watching my Exchange servers ever since our AD side of the house 
started virtualizing DC's and with domain controllers running on ESX servers in 
an optimized configuration the performance is very close to hardware.  I have 
noticed that in terms of LDAP performance that VM's are a tad bit slower then 
hardware, but that "tad" is well within the range of performance that 
applications like Exchange require.  After over a year of having virtualized 
DC's we have not had any problems with virtualized domain controllers (placed 
globally on ESX servers around the world).  We do, however, work on the side of 
caution and do maintain a few 

RE: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning Virtual Server

[Rob MOIR]

I have a few notes on general best practices for building Virtual Servers on my 
website if that is any help:
http://robertmoir.com/blogs/someone_else/archive/2006/03/12/2155.aspx

-- 
Robert Moir
Microsoft MVP for Windows Servers & Security
Senior IT Systems Engineer
Luton Sixth Form College
Right vs. Wrong   | Good vs. Evil
God vs. the devil | What side you on?

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Al Mulnick
> Sent: 13 June 2006 03:07
> To: ActiveDir@mail.activedir.org
> Subject: OT: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on
> tuning Virtual Server
> 
> There's this:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3-
> 4209-8ED2-E261A117FC6B&displaylang=en
> 
> And then
> http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx
> 
> And
> http://www.microsoft.com/downloads/details.aspx?FamilyId=64DB845D-F7A3-
> 4209-8ED2-E261A117FC6B&displaylang=en
> 
> But now that you mention it, I don't think a collective best practice
> for general usage is something I've seen.
> 
> 
> 
> 
> On 6/12/06, Lucas, Bryan <[EMAIL PROTECTED]> wrote:
> 
>   Re-post
> 
> 
> 
>   Administrator
> 
>   Texas Christian University
> 
>   (817) 257-6971
> 
> 
> 
> 
> 
>   From: [EMAIL PROTECTED]  [EMAIL PROTECTED]>  [mailto:[EMAIL PROTECTED]
> On Behalf Of Lucas, Bryan
>   Sent: Thursday, June 08, 2006 8:05 AM
>   To: ActiveDir@mail.activedir.org
> 
>   Subject: RE: [ActiveDir] Virtual DCs
> 
> 
> 
>   Along these lines, has anyone seen an actual best practices
> whitepaper for MS Virtual Server?  How to configure disk arrays,
> controller cache, how many VHDs per volume, memory allocation, etc.
> 
> 
> 
>   Bryan Lucas
> 
>   Server Administrator
> 
>   Texas Christian University
> 
>   (817) 257-6971
> 
> 
> 
> 
> 
>   From: [EMAIL PROTECTED]  [EMAIL PROTECTED]>  [mailto:[EMAIL PROTECTED]
> On Behalf Of Presley, Steven
>   Sent: Wednesday, June 07, 2006 10:23 AM
>   To: ActiveDir@mail.activedir.org
> 
>   Subject: RE: [ActiveDir] Virtual DCs
> 
> 
> 
>   This is absolutely true.  I know virtualization scares a lot of
> people, but the fact is that in some environments virtualizing systems
> saves a great deal of money and actually makes managing systems much
> easier (here it has reportedly saved a "significant" amount in hardware
> cost for the enterprise).  I have been closely watching my Exchange
> servers ever since our AD side of the house started virtualizing DC's
> and with domain controllers running on ESX servers in an optimized
> configuration the performance is very close to hardware.  I have
> noticed that in terms of LDAP performance that VM's are a tad bit
> slower then hardware, but that "tad" is well within the range of
> performance that applications like Exchange require.  After over a year
> of having virtualized DC's we have not had any problems with
> virtualized domain controllers (placed globally on ESX servers around
> the world).  We do, however, work on the side of caution and do
> maintain a few hardware DC's in our HQ that own FSMO roles, but I've
> seen nothing to suggest that they could not be on VM's to date (it's
> just a precaution).
> 
> 
> 
>   I have to admit at first I totally dismissed virtualization
> because I considered it, like others, as more of a development\test
> environment solution, however I have since been convinced after working
> with virtualized OS's that it has it's place (we have 100's if not
> 1000's of virtualized hosts currently in production).  I/O intensive
> applications are not a good place for virtualization in production, but
> other less I/O intensive applications work great with it.  Brian does
> have a point in that it has to be "done correctly" and with the right
> understanding of how to build a high performing virtualization
> environment it will work just fine for domain controllers\global
> catalog servers.
> 
> 
> 
>   Regards,
> 
>   Steven
> 
> 
> 
> 
> 
> 
> 
>   From: [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED]  [EMAIL PROTECTED]> ] On Behalf Of Brian Desmond
>   Sent: Wednesday, June 07, 2006 12:04 AM
>   To: ActiveDir@mail.activedir.org
>   Subject: RE: [ActiveDir] Virtual DCs
> 
>   I have no problem with VMWare or Virtual Server DCs if done
> correctly. Frankly, 7K users is like pocket change if you ask me.
> Really, the users generate no load – they logon to the PC and change
> their password. Things like Exchange (and OLK), machines, and other AD
> aware apps do. If properly written and the virtual hardware properly
> configured everything should still jive.

RE: [ActiveDir] AD integration

[Rob MOIR]

Just want to quickly say thanks to both of you, Joe and Al, you've
helped me form some thoughts around this area that I can work with. This
short discussion has been very useful. If I ever see either of you at a
MVP gathering I owe you a beverage of your choice, or two.

-- 
Robert Moir
Microsoft MVP for Windows Servers & Security
Senior IT Systems Engineer
Luton Sixth Form College
Right vs. Wrong   | Good vs. Evil
God vs. the devil | What side you on?

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of joe
> Sent: 12 June 2006 15:57
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD integration
> 
> The answer to this one is of course it depends.
> 
> At first blush it sounds like a single threaded app. Depending on the
> vendor, this may be the best/safest thing to do. :)
> 
> As for best practices. I don't think there are any best practices for
> how many domains you should pull data from at a time. It would again
> depend entirely on the app and what it is supposed to be doing and the
> dangers exposed in doing it.
> 
> For a "relatively" fast application that works well in single and
> multidomain environments I could see cases where it is better to pull
> from the GC or better to set up a thread pool and pull from x domains
> at once or a combination. Certainly the thread pool solutions are the
> more scalable solutions but they are also the much harder to do right
> and the more costly solutions. Most customers chose apps on how cheap
> they are first, then later they start to realize the shortcomings that
> made them cheaper.
> 
> 
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rob MOIR
> Sent: Monday, June 12, 2006 8:31 AM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] AD integration
> 
> Just a quick question. Is anyone aware of any "best practice"
> documentation of how a product ought to integrate with AD (e.g. to
pull
> out user data for its own use).
> 
> Failing that, can anyone comment on what they think of a model that
can
> only pull data out of one domain at a time so for a >1 domain forest
> needs to make a connection to each domain in turn, pull down that
> information and then load it into SQL server. Am I crazy in thinking
> that anyone following this model has probably just found out that
their
> old NT4 domain integration code "kinda works" and did the bare minimum
> tidying up before halting any further work?
> 
> --
> Robert Moir
> Microsoft MVP for Windows Servers & Security Senior IT Systems
Engineer
> Luton Sixth Form College
> Right vs. Wrong   | Good vs. Evil
> God vs. the devil | What side you on?
> 
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Time Server for Forest Root PDC

[Rob MOIR]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Teo De Las Heras
> Sent: 12 June 2006 18:23
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Time Server for Forest Root PDC
> 
> How have people on this list configured their Forest Root PDC to
> synchronize the time service?  Is it O.K. to use an internal time
> server on a firewall?  Is it best to point to tick.usno.navy.mil or
> time.windows.com?

I'm coming late to this party but that hasn't stopped me throwing in my
two pennies worth before...

We have our own atomic / radio clock here, physically attached to a DC.
The DC it is connected to syncs to this hardware and all our other
servers sync to this DC.

My feeling is that while having the correct time is obviously a very
good thing, what is more important is that all your nodes are consistent
with each other; in other words, I think that what source you pick is
less important than picking just one source and making damn sure every
node uses time that is based off this source.

-- 
Robert Moir
Microsoft MVP for Windows Servers & Security
Senior IT Systems Engineer
Luton Sixth Form College
Right vs. Wrong   | Good vs. Evil
God vs. the devil | What side you on?
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] bitwise filters

[Matheesha Weerasinghe]

Thanks for replying Tony. Unfortunately gmail couldnt read your reply
so I resorted to the archive.

In my example for searching universal groups, I wasnt distinguishing
between security and distribution groups. Therefore the 2nd filter is
correct too isnt it?

As for the 3rd question, I am sure you can answer it. Please dont hold
back. I merely addressed it to Joe as he wrote the tool and hence
should know how it behaves more than anyone else ;-) But if anyone
else could explain it, I will be most grateful.

TIA

M@


On 6/13/06, Tony Murray <[EMAIL PROTECTED]> wrote:



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] OT: RUS

[Clay, Justin \(ITS\)]

We have 1 AD forest with 5 total domains.
They are “sister” domains and they don’t share a namespace. For instance we
have one domain for our Police Department, one for the Sheriff Department, one
for the Public Schools, etc.

 

As for Steven’s suggestion for UPN, we
were hoping to use that, but it looks like we’ll have to do a lot of cleanup
before we can. There’s a lot of incorrect UPNs in our directory.

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Monday, June 12, 2006 5:36
PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: RUS



 



There're probably too many definitions of the word "domain"
to really give good advice.  Can you expand that question? 







 





On 6/12/06, Clay,
Justin (ITS) <[EMAIL PROTECTED]>
wrote: 







Would
there be an easy way to write a RUS policy that stamped the email addresses
based on what domain each user was in? This seems like it would be easy, but I
don't see any attribute that I can get the domain from with an LDAP query. 

 

Please
tell me I'm missing something obvious!

 

Justin Clay 
ITS Enterprise Services 
Metropolitan Government
of Nashville and Davidson County 
 Howard School Building 
Phone: (615) 880-2573

 






 
  
  
  
  ITS ENTERPRISE SERVICES EMAIL NOTICE
  
  The information contained in this email and any attachments is confidential
  and may be subject to copyright or other intellectual property protection. If
  you are not the intended recipient, you are not authorized to use or disclose
  this information, and we request that you notify us by reply mail or
  telephone and delete the original message from your mail system. 
  
 






 









ITS ENTERPRISE SERVICES EMAIL NOTICE

The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.

Re: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on tuning Virtual Server

[Al Mulnick]

"When deploying virtual disks, the same rules apply as they would for the same process on physical disks. For example, do not allow a database store to use the same disk spindles as its transaction logs."

 
 
Something to note is that virtualization sometimes has a higher cost for the disk subsystem.  What I mean by that is that if you normally would expect 90 IOPS from a spindle on a standard machine, you might only be able to push 80 IOPS in a virtualized machine.  As Robert also points out, if you mix multiple VM's on spindles, which you're often pressured to do, that can become less responsive in large increments.  Don't assume you'll get a 1 for 1 performance swap for physical hardware. Also consider that the backplane becomes shared, and there's a shim driver between the host and the disk subsystem that adds performance cost. 

 
The good news is that a lot of legacy OS's have low hardware requirements.  They'd be really happy to use a 15K spindle, 400 MHZ memory, and 3GHZ processors with tons of cache and a fast FSB. Especially for OS's that are barely using their existing PII with 128 MB :)  Not to mention the 64b deployments that really open a lot of doors for memory and processor as well. 

 
Another one to watch that often gets overlooked is the network bandwidth.  For example, if you stack 10 VM's on a single guest, you have at least (details another time) 11 hosts worth of network traffic to plan for and support.  Gigabit adapters suddenly don't seem like they have so much extra capacity. 

 
Be careful what you do at the host level.  In the past, if you just willy-nilly threw on patches and configuration changes, at most  you would take down that machine only.  When you scale that to 10 or 20 or 30 guests, the impact is much much higher.  Consider employing best configuration practices for your hosts at a minimum.  You'll be glad you did. 

 
Look both ways when you cross the street, don't spit in the wind, and don't tug on Superman's cape. [1]
 
Virus scans: be sure to do your homework there.  Some of these VM's and components can look like morphing software to a virus scanner. 
 
Something else that wasn't mentioned before, but can be very helpful is that your VM's can be useful for creating valid-data test environments and can be instrumental in fast-recovery disaster scenarios if done correctly. They really can open the door for a lot of options. 

 
 
Al
 
[1] I just throw that in there because I'm drinking my coffee and it seemed like a diversion would be amusing for the moment.  That's not to say you can disregard that advice without consequence; to the contrary, you'll still want to understand the risk/reward of any of those actions before going against the advice. [2]

[2] Oh, and it's not original adivce.  I know that too 'cause the coffee is starting to kick in... 
On 6/13/06, Rob MOIR <[EMAIL PROTECTED]> wrote:
I have a few notes on general best practices for building Virtual Servers on my website if that is any help:
http://robertmoir.com/blogs/someone_else/archive/2006/03/12/2155.aspx--Robert MoirMicrosoft MVP for Windows Servers & Security
Senior IT Systems EngineerLuton Sixth Form CollegeRight vs. Wrong   | Good vs. EvilGod vs. the devil | What side you on?> -Original Message-> From: 
[EMAIL PROTECTED] [mailto:ActiveDir-> [EMAIL PROTECTED]] On Behalf Of Al Mulnick> Sent: 13 June 2006 03:07
> To: ActiveDir@mail.activedir.org> Subject: OT: Re: Was: RE: [ActiveDir] Virtual DCs - Now: Question on> tuning Virtual Server>> There's this:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3-> 4209-8ED2-E261A117FC6B&displaylang=en>
> And then> http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx>> And> 
http://www.microsoft.com/downloads/details.aspx?FamilyId=64DB845D-F7A3-> 4209-8ED2-E261A117FC6B&displaylang=en>> But now that you mention it, I don't think a collective best practice> for general usage is something I've seen.
> On 6/12/06, Lucas, Bryan <[EMAIL PROTECTED]> wrote:>>   Re-post   Administrator>
>   Texas Christian University>>   (817) 257-6971>>> >>>   From: 
[EMAIL PROTECTED] ActiveDir-> [EMAIL PROTECTED]>  [mailto:
[EMAIL PROTECTED]]> On Behalf Of Lucas, Bryan>   Sent: Thursday, June 08, 2006 8:05 AM>   To: ActiveDir@mail.activedir.org
> ActiveDir@mail.activedir.org>>   Subject: RE: [ActiveDir] Virtual DCs   Along these lines, has anyone seen an actual best practices
> whitepaper for MS Virtual Server?  How to configure disk arrays,> controller cache, how many VHDs per volume, memory allocation, etc.   Bryan Lucas>>   Server Administrator
>>   Texas Christian University>>   (817) 257-6971>>> >>>   From: 
[EMAIL PROTECTED] ActiveDir-> [EMAIL PROTECTED]>  [mailto:
[EMAIL PROTECTED]]> On Behalf Of Presley, Steven>   Sent: Wednesday, June 07, 2006 10:23 AM>   To: ActiveDir@mail.activedir

Re: [ActiveDir] OT: RUS

[Al Mulnick]

I think it's a really good idea to clean up the UPN's.  However, I think it worth noting that you may want to have a look at the process that provisions the users and creates those upn's.  Just to make sure you don't end up doing the work over and over again. 

 
I realize upn alone will work, but I think it would be a good idea to consider tagging the user objects' custom attributes with some identifying information as well.  It may be that in the future you'll want to sort on different attributes and you may or may not be in a situation where upn is flexible enough. 

 
Al 
On 6/13/06, Clay, Justin (ITS) <[EMAIL PROTECTED]> wrote:




We have 1 AD forest with 5 total domains. They are "sister" domains and they don't share a namespace. For instance we have one domain for our Police Department, one for the Sheriff Department, one for the Public Schools, etc.

 
As for Steven's suggestion for UPN, we were hoping to use that, but it looks like we'll have to do a lot of cleanup before we can. There's a lot of incorrect UPNs in our directory.

 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
On Behalf Of Al MulnickSent: Monday, June 12, 2006 5:36 PM
To: ActiveDir@mail.activedir.org

Subject: Re: [ActiveDir] OT: RUS 


 

There're probably too many definitions of the word "domain" to really give good advice.  Can you expand that question? 


 

On 6/12/06, Clay, Justin (ITS) <
[EMAIL PROTECTED]> wrote: 



Would there be an easy way to write a RUS policy that stamped the email addresses based on what domain each user was in? This seems like it would be easy, but I don't see any attribute that I can get the domain from with an LDAP query. 

 
Please tell me I'm missing something obvious!
 
Justin Clay
 ITS Enterprise Services
 Metropolitan Government of Nashville and Davidson County 
Howard School Building
 Phone: (615) 880-2573
 




ITS ENTERPRISE SERVICES EMAIL NOTICEThe information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. 

 





ITS ENTERPRISE SERVICES EMAIL NOTICEThe information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.

RE: [ActiveDir] OT: RUS

[Clay, Justin \(ITS\)]

Al,

 

I think that’s great advice. I wish
we really had a provisioning system, like MIIS or something similar. We have
22,000 users and they’re all maintained by hand, which is horrible.

 

We have considered using a custom
attribute to tag employees as well. We’re definitely going to be using
employeeType in the near future to at least identify service accounts and
contractors/vendors. I think we might end up tagging other custom attributes as
well. We currently tag a custom attribute with the user’s Exchange quota
limit so that our Exchange guys can use that attribute to set mailbox limits.

 

Since we’re on the topic of UPNs, how
are additional UPNs created and managed? There are about 15 additional UPNs in
our UPN dropdown list that were created long before I was here, and honestly we
don’t need them. I believe at some point the previous admin was going to
have a separate UPN for each department, such as police.domain.com,
fire.domain.com, sheriff.domain.com. I’m not sure what the thinking
behind that was (although I’m sure there was a reason) but we have no use
for them at this point. How can I remove them or modify them?

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Tuesday, June 13, 2006 7:41
AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: RUS



 



I think it's a really good idea to clean up the UPN's.  However, I
think it worth noting that you may want to have a look at the process that
provisions the users and creates those upn's.  Just to make sure you don't
end up doing the work over and over again. 





 





I realize upn alone will work, but I think it would be a good idea to
consider tagging the user objects' custom attributes with some identifying
information as well.  It may be that in the future you'll want to sort on
different attributes and you may or may not be in a situation where upn is
flexible enough. 





 





Al

 





On 6/13/06, Clay,
Justin (ITS) <[EMAIL PROTECTED]>
wrote: 







We have 1 AD forest with 5 total domains. They are
"sister" domains and they don't share a namespace. For instance we
have one domain for our Police Department, one for the Sheriff Department, one
for the Public Schools, etc. 

 

As for Steven's suggestion for UPN, we were hoping to use
that, but it looks like we'll have to do a lot of cleanup before we can.
There's a lot of incorrect UPNs in our directory. 

 









From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Al Mulnick
Sent: Monday, June 12, 2006 5:36
PM






To: ActiveDir@mail.activedir.org






Subject: Re:
[ActiveDir] OT: RUS 







 



There're
probably too many definitions of the word "domain" to really give
good advice.  Can you expand that question? 







 





On
6/12/06, Clay, Justin (ITS) <
[EMAIL PROTECTED]> wrote: 







Would
there be an easy way to write a RUS policy that stamped the email addresses
based on what domain each user was in? This seems like it would be easy, but I
don't see any attribute that I can get the domain from with an LDAP query. 

 

Please
tell me I'm missing something obvious!

 

Justin Clay 
ITS Enterprise Services 
Metropolitan Government of
 Nashville and Davidson County 
 Howard School Building 
Phone: (615) 880-2573

 






 
  
  
  
  ITS ENTERPRISE SERVICES EMAIL NOTICE
  
  The information contained in this email and any attachments is confidential
  and may be subject to copyright or other intellectual property protection. If
  you are not the intended recipient, you are not authorized to use or disclose
  this information, and we request that you notify us by reply mail or
  telephone and delete the original message from your mail system. 
  
 






 












 
  
  
  
  ITS ENTERPRISE SERVICES EMAIL NOTICE
  
  The information contained in this email and any attachments is confidential
  and may be subject to copyright or other intellectual property protection. If
  you are not the intended recipient, you are not authorized to use or disclose
  this information, and we request that you notify us by reply mail or
  telephone and delete the original message from your mail system. 
  
 






 









ITS ENTERPRISE SERVICES EMAIL NOTICE

The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.

Re: [ActiveDir] OT: RUS

[Al Mulnick]

http://support.microsoft.com/?kbid=243629
 
 
Al 
On 6/13/06, Clay, Justin (ITS) <[EMAIL PROTECTED]> wrote:




Al,
 
I think that's great advice. I wish we really had a provisioning system, like MIIS or something similar. We have 22,000 users and they're all maintained by hand, which is horrible.

 
We have considered using a custom attribute to tag employees as well. We're definitely going to be using employeeType in the near future to at least identify service accounts and contractors/vendors. I think we might end up tagging other custom attributes as well. We currently tag a custom attribute with the user's Exchange quota limit so that our Exchange guys can use that attribute to set mailbox limits.

 
Since we're on the topic of UPNs, how are additional UPNs created and managed? There are about 15 additional UPNs in our UPN dropdown list that were created long before I was here, and honestly we don't need them. I believe at some point the previous admin was going to have a separate UPN for each department, such as 
police.domain.com, 
fire.domain.com, sheriff.domain.com. I'm not sure what the thinking behind that was (although I'm sure there was a reason) but we have no use for them at this point. How can I remove them or modify them?

 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
On Behalf Of Al MulnickSent: Tuesday, June 13, 2006 7:41 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: RUS



 

I think it's a really good idea to clean up the UPN's.  However, I think it worth noting that you may want to have a look at the process that provisions the users and creates those upn's.  Just to make sure you don't end up doing the work over and over again. 


 

I realize upn alone will work, but I think it would be a good idea to consider tagging the user objects' custom attributes with some identifying information as well.  It may be that in the future you'll want to sort on different attributes and you may or may not be in a situation where upn is flexible enough. 


 

Al 

On 6/13/06, Clay, Justin (ITS) <
[EMAIL PROTECTED]> wrote: 



We have 1 AD forest with 5 total domains. They are "sister" domains and they don't share a namespace. For instance we have one domain for our Police Department, one for the Sheriff Department, one for the Public Schools, etc. 

 
As for Steven's suggestion for UPN, we were hoping to use that, but it looks like we'll have to do a lot of cleanup before we can. There's a lot of incorrect UPNs in our directory. 

 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
On Behalf Of Al MulnickSent: Monday, June 12, 2006 5:36 PM

To: 
ActiveDir@mail.activedir.org 

Subject: Re: [ActiveDir] OT: RUS 

 

There're probably too many definitions of the word "domain" to really give good advice.  Can you expand that question? 


 

On 6/12/06, Clay, Justin (ITS) <
 [EMAIL PROTECTED]> wrote: 



Would there be an easy way to write a RUS policy that stamped the email addresses based on what domain each user was in? This seems like it would be easy, but I don't see any attribute that I can get the domain from with an LDAP query. 

 
Please tell me I'm missing something obvious!
 
Justin Clay
 ITS Enterprise Services
 Metropolitan Government of Nashville and Davidson County 
Howard School Building
 Phone: (615) 880-2573
 




ITS ENTERPRISE SERVICES EMAIL NOTICEThe information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. 

 





ITS ENTERPRISE SERVICES EMAIL NOTICEThe information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. 

 





ITS ENTERPRISE SERVICES EMAIL NOTICEThe information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.

RE: [ActiveDir] OT: RUS

[Clay, Justin \(ITS\)]

Thanks Al!

 

That’s so easy I’m a bit embarrassed J

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Tuesday, June 13, 2006 8:28
AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: RUS



 



http://support.microsoft.com/?kbid=243629





 





 





Al

 





On 6/13/06, Clay,
Justin (ITS) <[EMAIL PROTECTED]>
wrote: 







Al,

 

I think that's great advice. I wish we really had a
provisioning system, like MIIS or something similar. We have 22,000 users and
they're all maintained by hand, which is horrible. 

 

We have considered using a custom attribute to tag employees
as well. We're definitely going to be using employeeType in the near future to
at least identify service accounts and contractors/vendors. I think we might
end up tagging other custom attributes as well. We currently tag a custom
attribute with the user's Exchange quota limit so that our Exchange guys can
use that attribute to set mailbox limits. 

 

Since we're on the topic of UPNs, how are additional UPNs
created and managed? There are about 15 additional UPNs in our UPN dropdown
list that were created long before I was here, and honestly we don't need them.
I believe at some point the previous admin was going to have a separate UPN for
each department, such as police.domain.com,
fire.domain.com, sheriff.domain.com. I'm
not sure what the thinking behind that was (although I'm sure there was a
reason) but we have no use for them at this point. How can I remove them or
modify them? 

 









From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Al Mulnick
Sent: Tuesday, June 13, 2006 7:41
AM






To: ActiveDir@mail.activedir.org

Subject: Re:
[ActiveDir] OT: RUS







 



I think
it's a really good idea to clean up the UPN's.  However, I think it worth
noting that you may want to have a look at the process that provisions the
users and creates those upn's.  Just to make sure you don't end up doing the
work over and over again. 





 





I realize
upn alone will work, but I think it would be a good idea to consider tagging
the user objects' custom attributes with some identifying information as
well.  It may be that in the future you'll want to sort on different
attributes and you may or may not be in a situation where upn is flexible
enough. 





 





Al

 





On
6/13/06, Clay, Justin (ITS) <
[EMAIL PROTECTED]> wrote: 







We have 1 AD forest with 5 total domains. They are
"sister" domains and they don't share a namespace. For instance we
have one domain for our Police Department, one for the Sheriff Department, one
for the Public Schools, etc. 

 

As for Steven's suggestion for UPN, we were hoping to use
that, but it looks like we'll have to do a lot of cleanup before we can.
There's a lot of incorrect UPNs in our directory. 

 









From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Al Mulnick
Sent: Monday, June 12, 2006 5:36
PM






To: ActiveDir@mail.activedir.org






Subject: Re: [ActiveDir] OT: RUS 







 



There're
probably too many definitions of the word "domain" to really give
good advice.  Can you expand that question? 







 





On
6/12/06, Clay, Justin (ITS) < [EMAIL PROTECTED]>
wrote: 







Would
there be an easy way to write a RUS policy that stamped the email addresses
based on what domain each user was in? This seems like it would be easy, but I
don't see any attribute that I can get the domain from with an LDAP query. 

 

Please
tell me I'm missing something obvious!

 

Justin Clay 
ITS Enterprise Services 
Metropolitan Government
of Nashville and Davidson County 
 Howard School Building 
Phone: (615) 880-2573

 






 
  
  
  
  ITS ENTERPRISE SERVICES EMAIL NOTICE
  
  The information contained in this email and any attachments is confidential
  and may be subject to copyright or other intellectual property protection. If
  you are not the intended recipient, you are not authorized to use or disclose
  this information, and we request that you notify us by reply mail or
  telephone and delete the original message from your mail system. 
  
 






 










 
  
  
  
  ITS ENTERPRISE SERVICES EMAIL NOTICE
  
  The information contained in this email and any attachments is confidential
  and may be subject to copyright or other intellectual property protection. If
  you are not the intended recipient, you are not authorized to use or disclose
  this information, and we request that you notify us by reply mail or
  telephone and delete the original message from your mail system. 
  
 






 












 
  
  
  
  ITS ENTERPRISE SERVICES EMAIL NOTICE
  
  The information contained in this email and any attachments is confidential
  and may be subject to copyright or other intellectual property protection. If
  you are not the intended recipient, you are not authorized to use or disclose
  this information, and we request that you notify us by reply mail or
  telephone and delete

[ActiveDir] OT: Cisco Unity AD schema extensions

[Jason Benway]

Has anyone worked with/been involved with the Cisco unity AD schema
extensions?

One of our divisions is planning to go with the integrated solution and
wants to run the schema update.

I have the link on Cisco's site about what they add. 

http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_white_pap
er09186a00800e4535.shtml

But I don't know enough about AD to know the impact now and in the
future for windows and Exchange upgrades.

Any feedback is appreciated.

Thanks,jb

--
Jason Benway
Network Services Manager
[EMAIL PROTECTED]
GHSP
  
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

[ActiveDir] corrupt vmware DC

[Darren Mar-Elia]

Booted up VMware 
with DC (2003, SP1) on it yesterday and got an "internal error" on AD at 
start, forcing a reboot. Went into DSRM and ran semantic checker in ntdsutil. 
Checker returned error: 
 
Records 
scanned:   1200Error fetching security 
descriptor [ Jet Error -1017]
 
which, upon 
searching out that error code, indicates the "record has been deleted". 
Thanks...
 
"Go 
Fixup" fails similarly. As this is just a test server, I'm not too bummed, 
although I would love to not have to reinstall the OS. In any case, anyone seen 
this and know any nifty tricks to recover from it?
 
Darren
 
 
 

[ActiveDir] FRS/DFS woes

[Rimmerman, Russ]

I'm trying to set up a DFS share and having all sorts of issues getting
it to work.  I've installed Ultrasound and i'm either not sure where to
look in it for the answer or it's not giving me the answer.

I set up a link with 3 targets in a ring replication topology.  2 of the
3 servers are Win2k3, 1 is Win2k.  The only server the file is showing
up on is the one that is set up as the master to replicate from.  The
errors i'm mostly seeing are:

The File Replication Service is having trouble enabling replication from
CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name
campatfs01.ccc.ourdomain.com. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name
campatfs01.ccc.ourdomain.com from this computer.
[2] FRS is not running on campatfs01.ccc.ourdomain.com.
[3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.

and

Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller
\\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration
information.

I'm thoroughly stumped.  Any advice?  Name resolution seems to be
working reverse and forward between the servers.

Thanks in advance

~~
This e-mail is confidential, may contain proprietary information
of Cameron and its operating Divisions and may be confidential
or privileged.

This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] corrupt vmware DC

[Eric Fleischman]

Taking offline.

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Tuesday, June 13, 2006 7:20
AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] corrupt
vmware DC



 



Booted up VMware with DC (2003, SP1) on it yesterday
and got an "internal error" on AD at start, forcing a reboot. Went
into DSRM and ran semantic checker in ntdsutil. Checker returned error: 





 





Records scanned:  
1200Error fetching security descriptor [ Jet Error -1017]





 





which, upon searching out that error code, indicates the
"record has been deleted". Thanks...





 





"Go Fixup" fails similarly. As this is just a
test server, I'm not too bummed, although I would love to not have to reinstall
the OS. In any case, anyone seen this and know any nifty tricks to recover from
it?





 





Darren





 





 





 

[ActiveDir] UserName & Psswd Script

[Za Vue]

I need to map to a windows standalone server from a domain machine with 
a different username and password other than the domain account. Anyone 
care to share a script?


Thank you,
Z.V.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Time Server for Forest Root PDC

[Freddy HARTONO]

Time lag can be a painful thing in certain applications, had an incident
before where the payroll system which is linked to the accesscard system was
getting out of sync, some factory production workers are getting "free"
overtime pay due to a few mins out of sync with the realworld's time...


Thank you and have a splendid day!
 
Kind Regards,
 
Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: [EMAIL PROTECTED]
phone: (+65) 6330-9785
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rob MOIR
Sent: Tuesday, June 13, 2006 6:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Time Server for Forest Root PDC

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir- 
> [EMAIL PROTECTED] On Behalf Of Teo De Las Heras
> Sent: 12 June 2006 18:23
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Time Server for Forest Root PDC
> 
> How have people on this list configured their Forest Root PDC to 
> synchronize the time service?  Is it O.K. to use an internal time 
> server on a firewall?  Is it best to point to tick.usno.navy.mil or 
> time.windows.com?

I'm coming late to this party but that hasn't stopped me throwing in my two
pennies worth before...

We have our own atomic / radio clock here, physically attached to a DC.
The DC it is connected to syncs to this hardware and all our other servers
sync to this DC.

My feeling is that while having the correct time is obviously a very good
thing, what is more important is that all your nodes are consistent with
each other; in other words, I think that what source you pick is less
important than picking just one source and making damn sure every node uses
time that is based off this source.

--
Robert Moir
Microsoft MVP for Windows Servers & Security Senior IT Systems Engineer
Luton Sixth Form College
Right vs. Wrong   | Good vs. Evil
God vs. the devil | What side you on?
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] UserName & Psswd Script

[Za Vue]

Solved my own problem.. Thank you..


Za Vue wrote:
I need to map to a windows standalone server from a domain machine 
with a different username and password other than the domain account. 
Anyone care to share a script?


Thank you,
Z.V.



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

[ActiveDir] Group membership question

[McCann, Danny]

Title: Group membership question






Sorry if this is a daft question, but I can't find an answer anywhere:

Is a User considered a Child object of a Group to which it is a member?


Cheers


Danny

RE: [ActiveDir] FRS/DFS woes

[McCann, Danny]

Where is the root of the DFS located?
I seem to remember having problems with DFS replication before, because
one of the servers hosting the root had it's DNS incorrectly configured.
Ultrasound would report any errors sure enough. After decoding what it
all means you'll need a dark room to lie down in for a few hours. :)

Cheers

Danny


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: 13 June 2006 15:31
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] FRS/DFS woes



I'm trying to set up a DFS share and having all sorts of issues getting
it to work.  I've installed Ultrasound and i'm either not sure where to
look in it for the answer or it's not giving me the answer.


I set up a link with 3 targets in a ring replication topology.  2 of the
3 servers are Win2k3, 1 is Win2k.  The only server the file is showing
up on is the one that is set up as the master to replicate from.  The
errors i'm mostly seeing are:


The File Replication Service is having trouble enabling replication from
CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name
campatfs01.ccc.ourdomain.com. FRS will keep retrying.

Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name
campatfs01.ccc.ourdomain.com from this computer.

[2] FRS is not running on campatfs01.ccc.ourdomain.com.

[3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.


and

Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller
\\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration
information.


I'm thoroughly stumped.  Any advice?  Name resolution seems to be
working reverse and forward between the servers.

Thanks in advance

~~
This e-mail is confidential, may contain proprietary information of
Cameron and its operating Divisions and may be confidential or
privileged.

This e-mail should be read, copied, disseminated and/or used only by the
addressee. If you have received this message in error please delete it,
together with any attachments, from your system.
~~
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Email has been scanned for viruses by Altman Technologies' email
management service - www.altman.co.uk/emailsystems
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] UserName & Psswd Script

[neil.ruston]

Why a script?

Why not:
"Net use * \\server\share /u:server\user *"

i.e. connect using an account defined locally on the machine named
'server'.


neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Za Vue
Sent: 13 June 2006 16:19
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] UserName & Psswd Script

I need to map to a windows standalone server from a domain machine with
a different username and password other than the domain account. Anyone
care to share a script?

Thank you,
Z.V.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments.  NIplc
does not provide investment services to private customers.  Authorised and
regulated by the Financial Services Authority.  Registered in England
no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP.  A member of the Nomura group of companies.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Group membership question

[joe]

Title: Group membership question



No it is a value in an attribute. A child object would be 
an object that has a group as its parent... 
 
I.E.  cn=group,ou=someou,dc=dom,dc=com and the child 
object of cn=somethingelse,cn=group,ou=someou,dc=com,dc=com
 
In the default schema, the only objectclass that can be 
instantiated as an object under a group is objectClass classStore. You can 
determine that by looking at the possibleInferiors attribute of the group 
object.
 
   joe
 

--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of McCann, 
DannySent: Tuesday, June 13, 2006 11:34 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Group membership 
question

Sorry if this is a daft question, but I can't find an 
answer anywhere: Is a User considered a Child 
object of a Group to which it is a member? 
Cheers 
Danny 

RE: [ActiveDir] FRS/DFS woes

[Rimmerman, Russ]

The root of the DFS is located on our PDC emulator, which is also a DNS
server itself.  If I go into the dfs root on the PDC emulator I see the
file I copied to the \\domain.com\dfs\software directory, it's just not
replicating to any of the other links.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny
Sent: Tuesday, June 13, 2006 10:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FRS/DFS woes

Where is the root of the DFS located?
I seem to remember having problems with DFS replication before, because
one of the servers hosting the root had it's DNS incorrectly configured.
Ultrasound would report any errors sure enough. After decoding what it
all means you'll need a dark room to lie down in for a few hours. :)

Cheers

Danny


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: 13 June 2006 15:31
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] FRS/DFS woes



I'm trying to set up a DFS share and having all sorts of issues getting
it to work.  I've installed Ultrasound and i'm either not sure where to
look in it for the answer or it's not giving me the answer.


I set up a link with 3 targets in a ring replication topology.  2 of the
3 servers are Win2k3, 1 is Win2k.  The only server the file is showing
up on is the one that is set up as the master to replicate from.  The
errors i'm mostly seeing are:


The File Replication Service is having trouble enabling replication from
CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name
campatfs01.ccc.ourdomain.com. FRS will keep retrying.

Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name
campatfs01.ccc.ourdomain.com from this computer.

[2] FRS is not running on campatfs01.ccc.ourdomain.com.

[3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.


and

Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller
\\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration
information.


I'm thoroughly stumped.  Any advice?  Name resolution seems to be
working reverse and forward between the servers.

Thanks in advance

~~
This e-mail is confidential, may contain proprietary information of
Cameron and its operating Divisions and may be confidential or
privileged.

This e-mail should be read, copied, disseminated and/or used only by the
addressee. If you have received this message in error please delete it,
together with any attachments, from your system.
~~
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Email has been scanned for viruses by Altman Technologies' email
management service - www.altman.co.uk/emailsystems
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

~~
This e-mail is confidential, may contain proprietary information
of Cameron and its operating Divisions and may be confidential
or privileged.

This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] FRS/DFS woes

[Rimmerman, Russ]

Sonar says the "CreateFailedCount" is 16 on my replication test.  Maybe
it's some sort of permission issue. ??

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny
Sent: Tuesday, June 13, 2006 10:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FRS/DFS woes

Where is the root of the DFS located?
I seem to remember having problems with DFS replication before, because
one of the servers hosting the root had it's DNS incorrectly configured.
Ultrasound would report any errors sure enough. After decoding what it
all means you'll need a dark room to lie down in for a few hours. :)

Cheers

Danny


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: 13 June 2006 15:31
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] FRS/DFS woes



I'm trying to set up a DFS share and having all sorts of issues getting
it to work.  I've installed Ultrasound and i'm either not sure where to
look in it for the answer or it's not giving me the answer.


I set up a link with 3 targets in a ring replication topology.  2 of the
3 servers are Win2k3, 1 is Win2k.  The only server the file is showing
up on is the one that is set up as the master to replicate from.  The
errors i'm mostly seeing are:


The File Replication Service is having trouble enabling replication from
CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name
campatfs01.ccc.ourdomain.com. FRS will keep retrying.

Following are some of the reasons you would see this warning.

[1] FRS can not correctly resolve the DNS name
campatfs01.ccc.ourdomain.com from this computer.

[2] FRS is not running on campatfs01.ccc.ourdomain.com.

[3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.


and

Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller
\\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration
information.


I'm thoroughly stumped.  Any advice?  Name resolution seems to be
working reverse and forward between the servers.

Thanks in advance

~~
This e-mail is confidential, may contain proprietary information of
Cameron and its operating Divisions and may be confidential or
privileged.

This e-mail should be read, copied, disseminated and/or used only by the
addressee. If you have received this message in error please delete it,
together with any attachments, from your system.
~~
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Email has been scanned for viruses by Altman Technologies' email
management service - www.altman.co.uk/emailsystems
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

~~
This e-mail is confidential, may contain proprietary information
of Cameron and its operating Divisions and may be confidential
or privileged.

This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] OT: Cisco Unity AD schema extensions

[Al Mulnick]

I haven't worked with Cisco's Unity products, but a quick look a the document link you sent doesn't indicate anything out of the ordinary.  It appears to add cisco-specific attributes to the user, group and contact objects and adds a new class specific to unity.  

 
From a managing the Active Directory viewpoint, it would be good to ensure this is not a pilot or a test because the schema mods are pretty much one way (sure, you can later disable them, but it gets trashy if you continue to add/disable, etc). 

 
If you really want to continue down the path of due diligence, you could look up the OID's that Cisco registered to make sure they're properly done etc.  I would expect they are, but belts and braces and all that. 

 
Al 
On 6/13/06, Jason Benway <[EMAIL PROTECTED]> wrote:
Has anyone worked with/been involved with the Cisco unity AD schemaextensions?One of our divisions is planning to go with the integrated solution and
wants to run the schema update.I have the link on Cisco's site about what they add.http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_white_pap
er09186a00800e4535.shtmlBut I don't know enough about AD to know the impact now and in thefuture for windows and Exchange upgrades.Any feedback is appreciated.Thanks,jb--
Jason BenwayNetwork Services Manager[EMAIL PROTECTED]GHSPList info   : http://www.activedir.org/List.aspxList FAQ: 
http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] OT: Cisco Unity AD schema extensions

[Rimmerman, Russ]

We're using this product and extended out schema.  No problems to-date.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Tuesday, June 13, 2006 9:06 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Cisco Unity AD schema extensions

Has anyone worked with/been involved with the Cisco unity AD schema
extensions?

One of our divisions is planning to go with the integrated solution and
wants to run the schema update.

I have the link on Cisco's site about what they add.

http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_white_pap
er09186a00800e4535.shtml

But I don't know enough about AD to know the impact now and in the
future for windows and Exchange upgrades.

Any feedback is appreciated.

Thanks,jb

--
Jason Benway
Network Services Manager
[EMAIL PROTECTED]
GHSP
 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

~~
This e-mail is confidential, may contain proprietary information
of Cameron and its operating Divisions and may be confidential
or privileged.

This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] Time Server for Forest Root PDC

[chuckgaff]

You do want to choose a reliable source, whatever it is.  An external atomic clock is most likely to be reliable so long as you can communicate with it successfully and consistently.  It is important to keep internal system clocks in synch.
 
Chuck -Original Message-From: Rob MOIR <[EMAIL PROTECTED]>To: ActiveDir@mail.activedir.orgSent: Tue, 13 Jun 2006 11:33:20 +0100Subject: RE: [ActiveDir] Time Server for Forest Root PDC


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED]] On Behalf Of Teo De Las Heras
> Sent: 12 June 2006 18:23
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Time Server for Forest Root PDC
> 
> How have people on this list configured their Forest Root PDC to
> synchronize the time service?  Is it O.K. to use an internal time
> server on a firewall?  Is it best to point to tick.usno.navy.mil or
> time.windows.com?

I'm coming late to this party but that hasn't stopped me throwing in my
two pennies worth before...

We have our own atomic / radio clock here, physically attached to a DC.
The DC it is connected to syncs to this hardware and all our other
servers sync to this DC.

My feeling is that while having the correct time is obviously a very
good thing, what is more important is that all your nodes are consistent
with each other; in other words, I think that what source you pick is
less important than picking just one source and making damn sure every
node uses time that is based off this source.

-- 
Robert Moir
Microsoft MVP for Windows Servers & Security
Senior IT Systems Engineer
Luton Sixth Form College
Right vs. Wrong   | Good vs. Evil
God vs. the devil | What side you on?
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx


Check out AOL.com today. Breaking news, video search, pictures, email and IM. All on demand. Always Free.

[ActiveDir] DNS reverse lookup problem

[James Carter]

   Hi,     Windows 2003, FFL Single Domain, Active Integrated DNS on two DC's     I have an issue with DNS and the reverse zone. Some computers have multiple PTR records e.g:     Computer1   192.168.6.5  Computer1   192.168.6.66     I don't know why this is happening, I noticed that the DHCP Properties under the DNS tab had changed from 'Dynamically update DNS A and PTR records only if requested by the DHCP Clients' to 'Always dynamically updated DNS A and PTR records'       I now have an issue whereby my I have multiple PTR records for individual PC's.     Does anyone know:     1) Whether the setting change would have this effect? if not, what else would? Whats the difference between the two? 
    2) What is the best way to clear the stale records that are no longer valid? do I need to manually delete them?     thanks from     James __Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 

RE: [ActiveDir] OT: Cisco Unity AD schema extensions

[Jason Benway]

Title: Message



Thank 
you for your feedback. I greatly respect the knowledge of this 
group.
 
jb

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Al MulnickSent: Tuesday, June 13, 2006 12:49 
  PMTo: ActiveDir@mail.activedir.orgSubject: Re: 
  [ActiveDir] OT: Cisco Unity AD schema extensions
  I haven't worked with Cisco's Unity products, but a quick look a the 
  document link you sent doesn't indicate anything out of the ordinary.  It 
  appears to add cisco-specific attributes to the user, group and contact 
  objects and adds a new class specific to unity.  
   
  From a managing the Active Directory viewpoint, it would be good to 
  ensure this is not a pilot or a test because the schema mods are pretty much 
  one way (sure, you can later disable them, but it gets trashy if you continue 
  to add/disable, etc). 
   
  If you really want to continue down the path of due diligence, you could 
  look up the OID's that Cisco registered to make sure they're properly done 
  etc.  I would expect they are, but belts and braces and all that. 
   
  Al 
  On 6/13/06, Jason 
  Benway <[EMAIL PROTECTED]> 
  wrote: 
  Has 
anyone worked with/been involved with the Cisco unity AD 
schemaextensions?One of our divisions is planning to go with the 
integrated solution and wants to run the schema update.I have 
the link on Cisco's site about what they add.http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_white_pap 
er09186a00800e4535.shtmlBut I don't know enough about AD to 
know the impact now and in thefuture for windows and Exchange 
upgrades.Any feedback is 
appreciated.Thanks,jb-- Jason 
BenwayNetwork Services Manager[EMAIL PROTECTED]GHSPList 
info   : http://www.activedir.org/List.aspxList 
FAQ: http://www.activedir.org/ListFAQ.aspxList 
archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Group membership question

[walls]

PLEASE TAKE ME OFF YOUR LIST = I AM GETTING HUNDREDS OF UNSOLICITED MESSAGES, THX PETE
 
-- Original message -- From: "joe" <[EMAIL PROTECTED]> 

No it is a value in an attribute. A child object would be an object that has a group as its parent... 
 
I.E.  cn=group,ou=someou,dc=dom,dc=com and the child object of cn=somethingelse,cn=group,ou=someou,dc=com,dc=com
 
In the default schema, the only objectclass that can be instantiated as an object under a group is objectClass classStore. You can determine that by looking at the possibleInferiors attribute of the group object.
 
   joe
 

--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, DannySent: Tuesday, June 13, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Group membership question
 
Sorry if this is a daft question, but I can't find an answer anywhere: Is a User considered a Child object of a Group to which it is a member? 
Cheers 
Danny 

RE: [ActiveDir] UserName & Psswd Script

[walls]

PLEASE TAKE ME OFF YOUR LIST I AM GETTING HUNDREDS OF UNSOLICITED EMAILS, THX PETE
 
-- Original message -- From: <[EMAIL PROTECTED]> > Why a script? > > Why not: > "Net use * \\server\share /u:server\user *" > > i.e. connect using an account defined locally on the machine named > 'server'. > > > neil > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue > Sent: 13 June 2006 16:19 > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] UserName & Psswd Script > > I need to map to a windows standalone server from a domain machine with > a different username and password other than the domain account. Anyone > care to share a script? > > Thank you, > Z.V. > >
; List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > > > PLEASE READ: The information contained in this email is confidential and > intended for the named recipient(s) only. If you are not an intended > recipient of this email please notify the sender immediately and delete your > copy from your system. You must not copy, distribute or take any further > action in reliance on it. Email is not a secure method of communication and > Nomura International plc ('NIplc') will not, to the extent permitted by law, > accept responsibility or liability for (a) the accuracy or completeness of, > or (b) the presence of any virus, worm or similar malicious or disabling > code in, this message or any attachment(s) to it. If verification of this > email is sought then please request a ha
rd copy. Unless otherwise stated > this email: (1) is not, and should not be treated or relied upon as, > investment research; (2) contains views or opinions that are solely those of > the author and do not necessarily represent those of NIplc; (3) is intended > for informational purposes only and is not a recommendation, solicitation or > offer to buy or sell securities or related financial instruments. NIplc > does not provide investment services to private customers. Authorised and > regulated by the Financial Services Authority. Registered in England > no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, > London, EC1A 4NP. A member of the Nomura group of companies. > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx 

Re: [ActiveDir] UserName & Psswd Script

[Phil Renouf]

Hi Pete,
 
Have you tried going to the site listed at the bottom of every message?
 
If you go to http://www.activedir.org/List.aspx you will find instructions on how to unsubscribe from the list.
 
Take care!
Phil 
On 6/13/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:



PLEASE TAKE ME OFF YOUR LIST I AM GETTING HUNDREDS OF UNSOLICITED EMAILS, THX PETE
 

-- Original message -- From: <[EMAIL PROTECTED]
> > Why a script? > > Why not: > "Net use * \\server\share /u:server\user *" > > i.e. connect using an account defined locally on the machine named > 'server'. 
> > > neil > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:
[EMAIL PROTECTED]] On Behalf Of Za Vue > Sent: 13 June 2006 16:19 > To: 
ActiveDir@mail.activedir.org > Subject: [ActiveDir] UserName & Psswd Script > > I need to map to a windows standalone server from a domain machine with > a different username and password other than the domain account. Anyone 
> care to share a script? > > Thank you, > Z.V. > 
> ; List info : http://www.activedir.org/List.aspx 
> List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: 
http://www.activedir.org/ml/threads.aspx > > > > PLEASE READ: The information contained in this email is confidential and 
> intended for the named recipient(s) only. If you are not an intended > recipient of this email please notify the sender immediately and delete your > copy from your system. You must not copy, distribute or take any further 
> action in reliance on it. Email is not a secure method of communication and > Nomura International plc ('NIplc') will not, to the extent permitted by law, > accept responsibility or liability for (a) the accuracy or completeness of, 
> or (b) the presence of any virus, worm or similar malicious or disabling > code in, this message or any attachment(s) to it. If verification of this 
> email is sought then please request a ha rd copy. Unless otherwise stated 
> this email: (1) is not, and should not be treated or relied upon as, > investment research; (2) contains views or opinions that are solely those of > the author and do not necessarily represent those of NIplc; (3) is intended 
> for informational purposes only and is not a recommendation, solicitation or > offer to buy or sell securities or related financial instruments. NIplc > does not provide investment services to private customers. Authorised and 
> regulated by the Financial Services Authority. Registered in England > no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, > London, EC1A 4NP. A member of the Nomura group of companies. 
> > List info : http://www.activedir.org/List.aspx > List FAQ : 
http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx
 

Re: [ActiveDir] DNS reverse lookup problem

[Al Mulnick]

1) I wouldn't expect it to change the behavior you're specifically seeing. Why? Because the system doesn't just arbitrarily decide to register some host.  That setting is more to do with security and legacy clients than it is spontaneous creation and registration of host records.

 
2) Best way to clear the unneeded/unused records is with scavenging.  In your case, I don't know that it solve your particular problem, but it's one way to get closer. I say that becuase a) I'm not sure why you're so terribly interested in the PTR records of workstations and b) laptops especially can/might/will wreak havoc on this type of record depending on how the records are created/updated, etc. 

 
What makes you interested in PTR records? Can you shed some light on that?  
On 6/13/06, James Carter <[EMAIL PROTECTED]> wrote:


 
Hi,
 
Windows 2003, FFL Single Domain, Active Integrated DNS on two DC's
 
I have an issue with DNS and the reverse zone. Some computers have multiple PTR records e.g:
 
Computer1   192.168.6.5
Computer1   192.168.6.66
 
I don't know why this is happening, I noticed that the DHCP Properties under the DNS tab had changed from 'Dynamically update DNS A and PTR records only if requested by the DHCP Clients' to 'Always dynamically updated DNS A and PTR records'  

 
I now have an issue whereby my I have multiple PTR records for individual PC's.
 
Does anyone know:
 
1) Whether the setting change would have this effect? if not, what else would? Whats the difference between the two?
 
2) What is the best way to clear the stale records that are no longer valid? do I need to manually delete them?
 
thanks from

 
James

__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

RE: [ActiveDir] DNS - How to tell the static DNS IP-addresses per server

[Victor W.]

Thank you all, great input. I will be trying this and will 
let you know the outcome.
 
Victor


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Richard 
KlineSent: dinsdag 13 juni 2006 6:18To: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DNS - How to 
tell the static DNS IP-addresses per server


Please find a better 
VBS script below.   The last post was a “while rushing out the door” 
effort.
 
There is 
now:

  A Where clause which limits the 
  adapter scope (“  where dnshostname is not 
  null”). 
  Less information as most of the 
  non-needed for this exercise stuff is removed. 
  An example of how to embed an 
  array of hosts. 
 
Of course the script 
assumes that the account with which you’ve logged in has adequate security 
permissions on all of the boxes being queried.
 
Richard

 
On Error Resume 
Next
 
Const 
wbemFlagReturnImmediately = &h10
Const 
wbemFlagForwardOnly = &h20
 
arrComputers = 
Array("192.168.1.15","192.168.1.16","192.168.1.154")
For Each strComputer In 
arrComputers
   
WScript.Echo
   
WScript.Echo 
"=="
   
WScript.Echo "Computer: " & strComputer
   
WScript.Echo 
"=="
 
   Set 
objWMIService = GetObject("winmgmts:\\" & strComputer & 
"\root\CIMV2")
   Set 
colItems = objWMIService.ExecQuery("SELECT * FROM 
Win32_NetworkAdapterConfiguration  where dnshostname is not null", "WQL", 
_
  
wbemFlagReturnImmediately + wbemFlagForwardOnly)
 
   For Each 
objItem In colItems
  
WScript.Echo "DNSHostName: " & 
objItem.DNSHostName
  
WScript.Echo "Caption: " & objItem.Caption
  
strDefaultIPGateway = Join(objItem.DefaultIPGateway, 
",")
 
WScript.Echo "DefaultIPGateway: " & 
strDefaultIPGateway
  
strDNSDomainSuffixSearchOrder = Join(objItem.DNSDomainSuffixSearchOrder, 
",")
 
WScript.Echo "DNSDomainSuffixSearchOrder: " & 
strDNSDomainSuffixSearchOrder
  
WScript.Echo "DNSEnabledForWINSResolution: " & 
objItem.DNSEnabledForWINSResolution
  
strDNSServerSearchOrder = Join(objItem.DNSServerSearchOrder, 
",")
 
WScript.Echo "DNSServerSearchOrder: " & 
strDNSServerSearchOrder
  
WScript.Echo "DomainDNSRegistrationEnabled: " & 
objItem.DomainDNSRegistrationEnabled
  
strIPAddress = Join(objItem.IPAddress, ",")
 
WScript.Echo "IPAddress: " & strIPAddress
  
WScript.Echo "WINSEnableLMHostsLookup: " & 
objItem.WINSEnableLMHostsLookup
  
WScript.Echo "WINSHostLookupFile: " & 
objItem.WINSHostLookupFile
  
WScript.Echo "WINSPrimaryServer: " & 
objItem.WINSPrimaryServer
  
WScript.Echo "WINSScopeID: " & 
objItem.WINSScopeID
  
WScript.Echo "WINSSecondaryServer: " & 
objItem.WINSSecondaryServer
  
WScript.Echo
   
Next
Next
 
 
Function 
WMIDateStringToDate(dtmDate)
WScript.Echo dtm: 

    
WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & 
_
    
Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) 
_
    
& " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & 
":" & Mid(dtmDate,13, 2))
End 
Function
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Freddy 
HARTONOSent: Monday, June 12, 
2006 11:16 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DNS - How to tell 
the static DNS IP-addresses per server
 
The only comments to 
the wmi below is that it will dump every network cards that you have, is there a 
way that you could do it for the primary network card (the one on top of the 
binding list?)

 

As for registry key it 
will be NameServerList value but still binds to the transport id..(which is 
different for all servers)

 

 
Thank you and have a splendid 
day!
 
Kind 
Regards,
 
Freddy 
Hartono
Group Support 
Engineer
InternationalSOS Pte Ltd
mail: 
[EMAIL PROTECTED]
phone: (+65) 
6330-9785
 

 

RE: [ActiveDir] UserName & Psswd Script

[Tony Murray]

I have manually unsubscribed the address.

 

Tony

 



From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Phil Renouf
Sent: Wednesday, 14 June 2006 8:12 a.m.
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] UserName & Psswd Script



 



Hi Pete,





 





Have you tried going to the site listed at the bottom of
every message?





 





If you go to http://www.activedir.org/List.aspx you
will find instructions on how to unsubscribe from the list.





 





Take care!





Phil

 





On 6/13/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: 







PLEASE TAKE ME OFF YOUR LIST I AM GETTING HUNDREDS OF
UNSOLICITED EMAILS, THX PETE





 







-- Original message --

From: <[EMAIL PROTECTED] > 

> Why a script? 
> 
> Why not: 
> "Net use * \\server\share
/u:server\user *" 
> 
> i.e. connect using an account defined locally on the machine
named 
> 'server'. 
> 
> 
> neil 
> 
> 
> -Original Message- 
> From: [EMAIL PROTECTED]

> [mailto: [EMAIL PROTECTED]] On Behalf Of Za Vue 
> Sent: 13 June 2006 16:19 
> To: ActiveDir@mail.activedir.org 
> Subject: [ActiveDir] UserName & Psswd Script 
> 
> I need to map to a windows standalone server from a domain
machine with 
> a different username and password other than the domain
account. Anyone 
> care to share a script? 
> 
> Thank you, 
> Z.V. 
> 





> ; List info : http://www.activedir.org/List.aspx







> List FAQ : http://www.activedir.org/ListFAQ.aspx 
> List archive: http://www.activedir.org/ml/threads.aspx

> 
> 
> 
> PLEASE READ: The information contained in this email is
confidential and 
> intended for the named recipient(s) only. If you are not an
intended 
> recipient of this email please notify the sender immediately
and delete your 
> copy from your system. You must not copy, distribute or take
any further 
> action in reliance on it. Email is not a secure method of
communication and 
> Nomura International plc ('NIplc') will not, to the extent
permitted by law, 
> accept responsibility or liability for (a) the accuracy or
completeness of, 
> or (b) the presence of any virus, worm or similar malicious
or disabling 
> code in, this message or any attachment(s) to it. If
verification of this 





> email is sought then please request a ha rd copy.
Unless otherwise stated 






> this email: (1) is not, and should not be treated or relied
upon as, 
> investment research; (2) contains views or opinions that are
solely those of 
> the author and do not necessarily represent those of NIplc;
(3) is intended 
> for informational purposes only and is not a recommendation,
solicitation or 
> offer to buy or sell securities or related financial
instruments. NIplc 
> does not provide investment services to private customers.
Authorised and 
> regulated by the Financial Services Authority. Registered in
England 
> no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
Martin's-le-Grand, 
> London, EC1A 4NP. A member of the Nomura group of companies.

> 
> List info : http://www.activedir.org/List.aspx 
> List FAQ : http://www.activedir.org/ListFAQ.aspx 
> List archive: http://www.activedir.org/ml/threads.aspx








 




This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.

RE: [ActiveDir] FRS/DFS woes

[Molkentin, Steve]

Russ,

Possibly - what are the permissions of the 3 folders you are trying to
replicate around? Are they identical? Check the share permissions as
well as the folder permissions. Can each machine resolve the FQDN of
each of the other two machines from it? I'm making the assumption that
all 3 machines are in the same domain - this is correct?

themolk.
 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Rimmerman, Russ
> Sent: Wednesday, 14 June 2006 2:25 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] FRS/DFS woes
> 
> 
> Sonar says the "CreateFailedCount" is 16 on my replication 
> test.  Maybe
> it's some sort of permission issue. ??
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny
> Sent: Tuesday, June 13, 2006 10:44 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] FRS/DFS woes
> 
> Where is the root of the DFS located?
> I seem to remember having problems with DFS replication 
> before, because
> one of the servers hosting the root had it's DNS incorrectly 
> configured.
> Ultrasound would report any errors sure enough. After decoding what it
> all means you'll need a dark room to lie down in for a few hours. :)
> 
> Cheers
> 
> Danny
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Rimmerman, Russ
> Sent: 13 June 2006 15:31
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] FRS/DFS woes
> 
> 
> 
> I'm trying to set up a DFS share and having all sorts of 
> issues getting
> it to work.  I've installed Ultrasound and i'm either not 
> sure where to
> look in it for the answer or it's not giving me the answer.
> 
> 
> I set up a link with 3 targets in a ring replication 
> topology.  2 of the
> 3 servers are Win2k3, 1 is Win2k.  The only server the file is showing
> up on is the one that is set up as the master to replicate from.  The
> errors i'm mostly seeing are:
> 
> 
> The File Replication Service is having trouble enabling 
> replication from
> CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name
> campatfs01.ccc.ourdomain.com. FRS will keep retrying.
> 
> Following are some of the reasons you would see this warning.
> 
> [1] FRS can not correctly resolve the DNS name
> campatfs01.ccc.ourdomain.com from this computer.
> 
> [2] FRS is not running on campatfs01.ccc.ourdomain.com.
> 
> [3] The topology information in the Active Directory for this replica
> has not yet replicated to all the Domain Controllers.
> 
> 
> and
> 
> Following is the summary of warnings and errors encountered by File
> Replication Service while polling the Domain Controller
> \\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration
> information.
> 
> 
> I'm thoroughly stumped.  Any advice?  Name resolution seems to be
> working reverse and forward between the servers.
> 
> Thanks in advance
> 
> ~~
> This e-mail is confidential, may contain proprietary information of
> Cameron and its operating Divisions and may be confidential or
> privileged.
> 
> This e-mail should be read, copied, disseminated and/or used 
> only by the
> addressee. If you have received this message in error please 
> delete it,
> together with any attachments, from your system.
> ~~
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
> 
> Email has been scanned for viruses by Altman Technologies' email
> management service - www.altman.co.uk/emailsystems
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
> 
> ~~
> This e-mail is confidential, may contain proprietary information
> of Cameron and its operating Divisions and may be confidential
> or privileged.
> 
> This e-mail should be read, copied, disseminated and/or used only
> by the addressee. If you have received this message in error please
> delete it, together with any attachments, from your system.
> ~~
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
> 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] UserName & Psswd Script

[Molkentin, Steve]

What a shame, Tony... his posts were so insightful... 

 
;)
 
themolk.
 

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Tony 
  MurraySent: Wednesday, 14 June 2006 7:02 AMTo: 
  ActiveDir@mail.activedir.orgCc: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] UserName & Psswd 
  Script
  
  
  I 
  have manually unsubscribed the address.
   
  Tony
   
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Phil RenoufSent: Wednesday, 14 June 2006 8:12 
  a.m.To: ActiveDir@mail.activedir.orgSubject: Re: 
  [ActiveDir] UserName & Psswd Script
   
  
  Hi Pete,
  
   
  
  Have you tried going to the site listed at the bottom of 
  every message?
  
   
  
  If you go to http://www.activedir.org/List.aspx you 
  will find instructions on how to unsubscribe from the 
  list.
  
   
  
  Take care!
  
  Phil 
  
  On 6/13/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: 
  
  
  
  
  PLEASE TAKE ME OFF YOUR LIST I AM GETTING HUNDREDS OF 
  UNSOLICITED EMAILS, THX PETE
  
   
  
  -- Original message 
  -- From: <[EMAIL PROTECTED] > > Why a script? > > Why not: > "Net use * \\server\share /u:server\user *" 
  > > i.e. connect using 
  an account defined locally on the machine named > 
  'server'. > > 
  > neil > 
  > > -Original 
  Message- > From: [EMAIL PROTECTED] 
  > [mailto: 
  [EMAIL PROTECTED]] On Behalf Of Za Vue > Sent: 13 June 2006 16:19 > To: ActiveDir@mail.activedir.org > 
  Subject: [ActiveDir] UserName & Psswd Script > 
  > I need to map to a windows standalone server 
  from a domain machine with > a different username 
  and password other than the domain account. Anyone > care to share a script? > 
  > Thank you, > Z.V. 
  > 
  
  > ; List info : http://www.activedir.org/List.aspx 
  
  > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > > 
  > PLEASE READ: The information contained in this 
  email is confidential and > intended for the named 
  recipient(s) only. If you are not an intended > 
  recipient of this email please notify the sender immediately and delete your 
  > copy from your system. You must not copy, 
  distribute or take any further > action in 
  reliance on it. Email is not a secure method of communication and 
  > Nomura International plc ('NIplc') will not, to 
  the extent permitted by law, > accept 
  responsibility or liability for (a) the accuracy or completeness of, 
  > or (b) the presence of any virus, worm or 
  similar malicious or disabling > code in, this 
  message or any attachment(s) to it. If verification of this 
  
  
  > email is sought then please request a ha rd copy. 
  Unless otherwise stated 
  
  > this email: (1) is not, and should 
  not be treated or relied upon as, > investment 
  research; (2) contains views or opinions that are solely those of 
  > the author and do not necessarily represent 
  those of NIplc; (3) is intended > for 
  informational purposes only and is not a recommendation, solicitation or 
  > offer to buy or sell securities or related 
  financial instruments. NIplc > does not provide 
  investment services to private customers. Authorised and > regulated by the Financial Services Authority. Registered in 
  England > no. 1550505 VAT No. 447 2492 35. 
  Registered Office: 1 St Martin's-le-Grand, > 
  London, EC1A 4NP. A member of the Nomura group of companies. > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx 
  
   
  This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.

  

[ActiveDir] OT: New Zealand

[Derek Harris]

Cheers Tony - I was down in your area in March 
& April, touring the South Island with Active New Zealand: awesome people, 
beautiful country, fantastic trip!  I highly recommend it to 
everyone!
 
Derek


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Tony 
MurraySent: Tuesday, June 13, 2006 3:02 PMTo: 
ActiveDir@mail.activedir.orgCc: [EMAIL PROTECTED]Subject: 
RE: [ActiveDir] UserName & Psswd Script


I 
have manually unsubscribed the address.
 
Tony
 

From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Phil RenoufSent: Wednesday, 14 June 2006 8:12 
a.m.To: ActiveDir@mail.activedir.orgSubject: Re: 
[ActiveDir] UserName & Psswd Script
 

Hi Pete,

 

Have you tried going to the site listed at the bottom of 
every message?

 

If you go to http://www.activedir.org/List.aspx you 
will find instructions on how to unsubscribe from the list.

 

Take care!

Phil 

On 6/13/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: 




PLEASE TAKE ME OFF YOUR LIST I AM GETTING HUNDREDS OF 
UNSOLICITED EMAILS, THX PETE

 

-- Original message -- 
From: <[EMAIL PROTECTED] > > Why a script? > > Why not: > "Net use * \\server\share /u:server\user *" 
> > i.e. connect using 
an account defined locally on the machine named > 
'server'. > > 
> neil > 
> > -Original 
Message- > From: [EMAIL PROTECTED] 
> [mailto: 
[EMAIL PROTECTED]] On Behalf Of Za Vue > Sent: 13 June 2006 16:19 > To: ActiveDir@mail.activedir.org > 
Subject: [ActiveDir] UserName & Psswd Script > 
> I need to map to a windows standalone server from 
a domain machine with > a different username and 
password other than the domain account. Anyone > 
care to share a script? > > Thank you, > Z.V. > 

> ; List info : http://www.activedir.org/List.aspx 

> List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > > 
> PLEASE READ: The information contained in this 
email is confidential and > intended for the named 
recipient(s) only. If you are not an intended > 
recipient of this email please notify the sender immediately and delete your 
> copy from your system. You must not copy, 
distribute or take any further > action in reliance 
on it. Email is not a secure method of communication and > Nomura International plc ('NIplc') will not, to the extent 
permitted by law, > accept responsibility or 
liability for (a) the accuracy or completeness of, > 
or (b) the presence of any virus, worm or similar malicious or disabling 
> code in, this message or any attachment(s) to it. 
If verification of this 

> email is sought then please request a ha rd copy. Unless 
otherwise stated 

> this email: (1) is not, and should not 
be treated or relied upon as, > investment research; 
(2) contains views or opinions that are solely those of > the author and do not necessarily represent those of NIplc; (3) is 
intended > for informational purposes only and is 
not a recommendation, solicitation or > offer to buy 
or sell securities or related financial instruments. NIplc > does not provide investment services to private customers. 
Authorised and > regulated by the Financial Services 
Authority. Registered in England > no. 1550505 VAT 
No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, > London, EC1A 4NP. A member of the Nomura group of companies. 
> > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx 

 
This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.

[ActiveDir] How to block a sender in Exchange.

[Ajay Kumar]

Hi there,
 
 I m having a exchange 2003 running in my org. with 500 clients using that.
few weeks i m monitoring that a Particular Id is sending a virius mails i wanna block this sender how i will do that ,. And also we are not able to send and recveive mails from a particular domain.
Everytime when we r sending mails to arvindmills.com msg bounce back with error of
Retry timeout exceeded.and on arvindmills side when they are sending mails they r not getting any bounce back and on our end we are not receiving that mail.
We are having DHCP ip . Plz help me out on this prob. wating for ur resp.
 
Thanx & Regds
Ajay

[ActiveDir] Active Directory Cookbook 2e

[Tony Murray]

…is now out.  

 

http://www.oreilly.com/catalog/activedckbk2/

 

Tony




This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.

[ActiveDir] Domain gets Blacklisted

[Ajay Kumar]

Hi all,
 
Can u help me on this prob. Problem is that my exchange 2003 which installed on win 2003 dc agets blacklisted (Means my static ip is blacklisted). I searched how to stop this
and on net i found solutions pointing towards open relay and spam protection. They r saying that ur exchange is spaming so tell me how to control and stop spamming.
 
Thanx
Ajay