[ActiveDir] RFMAGIC
Title: Re: [ActiveDir] Forestprep Failure FYI, San Diego company RFMagic at www.rfmagic.com looking for a Linux admin. Just FYI Robert Oytun
RE: [ActiveDir] RFMAGIC
Title: Re: [ActiveDir] Forestprep Failure [EMAIL PROTECTED] ~]# dcpromo bash: dcpromo: command not found [EMAIL PROTECTED] ~]# pwd /home/bdesmond [EMAIL PROTECTED] ~]# uname Linux [EMAIL PROTECTED] ~]# whereis dcpromo dcpromo: [EMAIL PROTECTED] ~]# ls / -R | grep dcpromo [EMAIL PROTECTED] ~]# Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Oytun Sent: Friday, July 07, 2006 2:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] RFMAGIC FYI, San Diego company RFMagic at www.rfmagic.com looking for a Linux admin. Just FYI Robert Oytun
[ActiveDir] ISA 2004 schema extend
hello, i am really suprised that ISA 2004 in array mode need to extend the AD schema (and even need an AD!). Does anyone used a domainlet to make this config ? Cheers, Mathieu CHATEAU List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] RFMAGIC
[EMAIL PROTECTED] ~] # mv /dev/tty0 /dev/tty0_old [EMAIL PROTECTED] ~] # cp /dev/null /dev/tty0 [CONNECTION TO HOST LOST] -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: 07 July 2006 09:03 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] RFMAGIC [EMAIL PROTECTED] ~]# dcpromo bash: dcpromo: command not found [EMAIL PROTECTED] ~]# pwd /home/bdesmond [EMAIL PROTECTED] ~]# uname Linux [EMAIL PROTECTED] ~]# whereis dcpromo dcpromo: [EMAIL PROTECTED] ~]# ls / -R | grep dcpromo [EMAIL PROTECTED] ~]# Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Robert Oytun Sent: Friday, July 07, 2006 2:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] RFMAGIC FYI, San Diego company RFMagic at www.rfmagic.com http://www.rfmagic.com/ looking for a Linux admin. Just FYI Robert Oytun List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Can't find anyting on this [NTDS warning]
Sorry to rehash a year old thread... OT: http://www.mail-archive.com/activedir@mail.activedir.org/msg30076.html One of my DC's just logged this same message. Nothing else is logged around this event. Brian, was this ever resolved for you? Thanks, john Brian Desmond wrote: *Event Type: Warning* *Event Source: NTDS General* *Event Category: Internal Processing * *Event ID: 1173* *Date:6/21/2005* *Time:10:08:47 AM* *User:NT AUTHORITY\ANONYMOUS LOGON* *Computer: TheServer* *Description:* *Internal event: Active Directory has encountered the following exception and associated parameters. * * * *Exception:* *e0010004 * *Parameter:* *0 * * * *Additional Data * *Error value:* *-1603 * *Internal ID:* *2050344* * * *For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.* * * * * *Closest thing I Found was a -1605. Box is a 2k3 SP1 clean build (aka I built it on 2k3 SP1) PDC FSMO and GC. * ** ** ** ** **--brian** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] OT: Computer Account in Local Administrators Group
I see the flaws in my original statement, and should have worded it differently. My interpretation of "Network Service" functionality is different from joe's. But joe is smarter than me,has some cool tools that give him much more authoritative information on these kind of things, and he is almost always correct. So, please listen to him. If I have the time, I may come back and try to explain my interpretation. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.readymaids.com - we know ITwww.akomolafe.com-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: joeSent: Thu 7/6/2006 11:17 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Computer Account in Local Administrators Group A service running on ServerAas localsystem or networkservice will touch remote machines including ServerB with the security context of DOMAIN\ServerA, not networkservice. A service running on ServerA in localservice should touch remote machinesas anonymous. At no point will configuring permission on ServerB to networkservice give any rights to ServerA, only processes running on the local machine (ServerB))as networkservice. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deji AkomolafeSent: Thursday, July 06, 2006 12:40 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Computer Account in Local Administrators Group I see... If the service runs as LocalSystem, then it already has the highest privilege possible on that system. In this case, the vendor (or the vendor's support rep) may be asking for this simply for the "interact" portion of your statement. Without knowing what the app does, it's hard to tell. But, I'd ask the vendor's rep specifically what level of access is needed to perform whatever the app is supposed to perform on the "other machine". Because, you see, if the app runs in the context of LocalSystem on ServerA and needs to do something on ServerB, the Network Service credentials will be used. If whatever is running on ServerB allows "Network Service" account to do the job, then there is no additional config or privilege to add on ServerA. Ask the vendor if "Network Service" has the ability to successfully "interact" with the other machine in question, or if the access can be configured to accommodate the"Network Service" account. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.readymaids.com - we know ITwww.akomolafe.com-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED]Sent: Thu 7/6/2006 8:08 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: Computer Account in Local Administrators Group Im definitely not wanting to do this but a vendor was saying to do it to allow one of their services to run as Local System and be able to interact with another machine. I am very skeptical, and not allowing it. Thanks, James From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]omSent: Wednesday, July 05, 2006 5:54 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Computer Account in Local Administrators Group More directly - WHY are you looking to do this? What problem are you trying to solve? Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceshttp://www.readymaids.com/ - we know IThttp://www.akomolafe.com/-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: joeSent: Wed 7/5/2006 9:12 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Computer Account in Local Administrators Group Ultimately, anyone with physical access to the remote PC will have Adminrights over the PC in which you add the account to the admins group for. Directly, anyone who can run anything as localsystem or networkservice willhave those rights.--O'Reilly Active Directory Third Edition -http://www.joeware.net/win/ad3e.htm -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of[EMAIL PROTECTED]omSent: Wednesday, July 05, 2006 12:05 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: Computer Account in Local Administrators GroupWhat is the net effect of placing a remote computer account(\\domain\computer_name) in the Local Administrators group?Thanks,JamesList info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspxList info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive:
RE: [ActiveDir] RFMAGIC
Title: Re: [ActiveDir] Forestprep Failure [EMAIL PROTECTED] ~]# ls / -R | grep dcpromo Come on Brian ! man find + man locate/slocate. This is the most inefficient (complexity and memory wise) search you can ever do (and notice that grep is case sensitive. You should have used grep i ) [EMAIL PROTECTED] root]# service ads start ads: unrecognized service [EMAIL PROTECTED] root]# apt-get install ads Reading Package Lists... Done Building Dependency Tree... Done E: Couldn't find package ads [EMAIL PROTECTED] root]# make ads make: *** No rule to make target `ads'. Stop. Anyone knows which repository should I add to APT to get ADS ? or should I recompile it from the sources as in old days ? Guy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Friday, July 07, 2006 10:03 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] RFMAGIC [EMAIL PROTECTED] ~]# dcpromo bash: dcpromo: command not found [EMAIL PROTECTED] ~]# pwd /home/bdesmond [EMAIL PROTECTED] ~]# uname Linux [EMAIL PROTECTED] ~]# whereis dcpromo dcpromo: [EMAIL PROTECTED] ~]# ls / -R | grep dcpromo [EMAIL PROTECTED] ~]# Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Oytun Sent: Friday, July 07, 2006 2:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] RFMAGIC FYI, San Diego company RFMagic at www.rfmagic.com looking for a Linux admin. Just FYI Robert Oytun
[ActiveDir] Computer Hang at Applying Computer Settings
I am not sure whether it was this forum or the other forum I am also on, but some of us were having problems with XP boxes hanging on "Applying Computer Settings". I believe this may be due to the size of UDP packets utilized by Kerberos. One can force Kerberos to go through TCP instead of UDP http://support.microsoft.com/?kbid=244474 . Or increase the packet size of UDP, http://technet2.microsoft.com/WindowsServer/en/Library/0d2ba911-c0ef-42c6-8264-e982c3cbd43d1033.mspx?mfr=true . -Z.V.
Re: [ActiveDir] Can't find anyting on this [NTDS warning]
Going by the ESE error codes it appears to not find the record. Some DB corruption may be? Source is http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ese/ese/extensible_storage_engine_errors.asp JET_errNoCurrentRecord -1603 There is no current record. I guess someone like Brettsh could enlighten us more? M@ On 7/7/06, John Singler [EMAIL PROTECTED] wrote: Sorry to rehash a year old thread... OT: http://www.mail-archive.com/activedir@mail.activedir.org/msg30076.html One of my DC's just logged this same message. Nothing else is logged around this event. Brian, was this ever resolved for you? Thanks, john Brian Desmond wrote: *Event Type: Warning* *Event Source: NTDS General* *Event Category: Internal Processing * *Event ID: 1173* *Date:6/21/2005* *Time:10:08:47 AM* *User:NT AUTHORITY\ANONYMOUS LOGON* *Computer: TheServer* *Description:* *Internal event: Active Directory has encountered the following exception and associated parameters. * * * *Exception:* *e0010004 * *Parameter:* *0 * * * *Additional Data * *Error value:* *-1603 * *Internal ID:* *2050344* * * *For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.* * * * * *Closest thing I Found was a -1605. Box is a 2k3 SP1 clean build (aka I built it on 2k3 SP1) PDC FSMO and GC. * ** ** ** ** **--brian** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] ADAM Passwords?
Title: ADAM Passwords? Since ADAM doesn't have a PDC Emulator FSMO, how does it deal with the following? Assuming tons of replicas in a configuration set. 1.) ADAM User Account gets locked out, who authoritatively locks it out? 2.) ADAM User changes their password and typed in the old one..does this increment their badPasswordCount? Thanks! -Brandon
Re: [ActiveDir] Computer Hang at Applying Computer Settings
That may or may not be the issue. Can the user login to any computer or is it just this one?On 7/7/06, Za Vue [EMAIL PROTECTED] wrote: I am not sure whether it was this forum or the other forum I am also on, but some of us were having problems with XP boxes hanging on Applying Computer Settings. I believe this may be due to the size of UDP packets utilized by Kerberos. One can force Kerberos to go through TCP instead of UDP http://support.microsoft.com/?kbid=244474 . Or increase the packet size of UDP, http://technet2.microsoft.com/WindowsServer/en/Library/0d2ba911-c0ef-42c6-8264-e982c3cbd43d1033.mspx?mfr=true . -Z.V.
Re: [ActiveDir] Can't find anyting on this [NTDS warning]
Brian indicated, offline, that MS essentially said to not worry about it unless it happens frequently... john Matheesha Weerasinghe wrote: Going by the ESE error codes it appears to not find the record. Some DB corruption may be? Source is http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ese/ese/extensible_storage_engine_errors.asp JET_errNoCurrentRecord -1603 There is no current record. I guess someone like Brettsh could enlighten us more? M@ On 7/7/06, John Singler [EMAIL PROTECTED] wrote: Sorry to rehash a year old thread... OT: http://www.mail-archive.com/activedir@mail.activedir.org/msg30076.html One of my DC's just logged this same message. Nothing else is logged around this event. Brian, was this ever resolved for you? Thanks, john Brian Desmond wrote: *Event Type: Warning* *Event Source: NTDS General* *Event Category: Internal Processing * *Event ID: 1173* *Date:6/21/2005* *Time:10:08:47 AM* *User:NT AUTHORITY\ANONYMOUS LOGON* *Computer: TheServer* *Description:* *Internal event: Active Directory has encountered the following exception and associated parameters. * * * *Exception:* *e0010004 * *Parameter:* *0 * * * *Additional Data * *Error value:* *-1603 * *Internal ID:* *2050344* * * *For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.* * * * * *Closest thing I Found was a -1605. Box is a 2k3 SP1 clean build (aka I built it on 2k3 SP1) PDC FSMO and GC. * ** ** ** ** **--brian** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx -- John Singler IT Infrastructure Support Services School of Veterinary Medicine, University of Pennsylvania 3800 Spruce Street Philadelphia, PA 19104-6044 ph: 215.573.6525 fx: 215.573.8777 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Computer Hang at Applying Computer Settings
This happened on a lot of my computers, randomly. For the past few weeks everyone has been quiet. -Z.V. Matt Hargraves wrote: That may or may not be the issue. Can the user login to any computer or is it just this one? On 7/7/06, Za Vue [EMAIL PROTECTED] wrote: I am not sure whether it was this forum or the other forum I am also on, but some of us were having problems with XP boxes hanging on "Applying Computer Settings". I believe this may be due to the size of UDP packets utilized by Kerberos. One can force Kerberos to go through TCP instead of UDP http://support.microsoft.com/?kbid=244474 . Or increase the packet size of UDP, http://technet2.microsoft.com/WindowsServer/en/Library/0d2ba911-c0ef-42c6-8264-e982c3cbd43d1033.mspx?mfr=true . -Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] ADAM Passwords?
Title: ADAM Passwords? 1. Any instance that receives too many bad password attempts will lock the account. That will then replicate. 2. If they don't hit an instance that has the new password it certainly does. This is a reason to keep replication latencies extremely low. joe p.s. Missed you at lunch. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernier, Brandon (.)Sent: Friday, July 07, 2006 1:08 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] ADAM Passwords? Since ADAM doesn't have a PDC Emulator FSMO, how does it deal with the following? Assuming tons of replicas in a configuration set. 1.) ADAM User Account gets locked out, who authoritatively locks it out? 2.) ADAM User changes their password and typed in the old one..does this increment their badPasswordCount? Thanks! -Brandon
Re: [ActiveDir] Computer Hang at Applying Computer Settings
I'd recommend checking with your switch or router (if you're running across a WAN) vendor to see if either one cuts off UDP packets over a particular size. It's unusual with newer equipment.Also, make sure that if you have a WAN you check with both because computers don't always authenticate with their local DC (ugh!). On 7/7/06, Za Vue [EMAIL PROTECTED] wrote: This happened on a lot of my computers, randomly. For the past few weeks everyone has been quiet. -Z.V. Matt Hargraves wrote: That may or may not be the issue. Can the user login to any computer or is it just this one? On 7/7/06, Za Vue [EMAIL PROTECTED] wrote: I am not sure whether it was this forum or the other forum I am also on, but some of us were having problems with XP boxes hanging on Applying Computer Settings. I believe this may be due to the size of UDP packets utilized by Kerberos. One can force Kerberos to go through TCP instead of UDP http://support.microsoft.com/?kbid=244474 . Or increase the packet size of UDP, http://technet2.microsoft.com/WindowsServer/en/Library/0d2ba911-c0ef-42c6-8264-e982c3cbd43d1033.mspx?mfr=true . -Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] All Accounts Locket Out -- Including Domain Admin
Hi, No - not exactly but something else misfired. U Know better. Thanks Ravi List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Replication issue: forest and child domain controllers
When I am logged into a forest domain controller (FORESTDC01.XYZ.COM) and try to manually replicate in Sites and Services between the forest server and a child domain server (CHILDDC01.ABC.XZY.COM) I get the following error. The following error occurred during the attempt to synchronize naming context DEF.XYZ.COM from domain controller CHILDDC01 and FORESTDC01: The naming context is in the process of being moved or is not replicated from the specified server. The operation will not continue. - FYI: DEF.ABC.COM is a different child domain. Any suggestions? Kevin Notice: This e-mail and any files transmitted are confidential and may also be privileged. This communication is intended solely for the use of the individual or entity to which it is addressed. If you are the intended recipient of this information, please treat it as confidential information and take all necessary action to keep it secure. If you are not the intended recipient, you are hereby notified that any use, dissemination, forwarding, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender at once by reply e-mail and destroy all copies of the original message.
RE: [ActiveDir] Replication issue: forest and child domain controllers
Kevin, Whats your OS? 2003? 2000? SP levels? Anything in the event logs? 1226 or 1265? Regards Mark From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: 07 July 2006 21:55 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Replication issue: forest and child domain controllers When I am logged into a forest domain controller (FORESTDC01.XYZ.COM) and try to manually replicate in Sites and Services between the forest server and a child domain server (CHILDDC01.ABC.XZY.COM) I get the following error. The following error occurred during the attempt to synchronize naming context DEF.XYZ.COM from domain controller CHILDDC01 and FORESTDC01: The naming context is in the process of being moved or is not replicated from the specified server. The operation will not continue. - FYI: DEF.ABC.COM is a different child domain. Any suggestions? Kevin Notice: This e-mail and any files transmitted are confidential and may also be privileged. This communication is intended solely for the use of the individual or entity to which it is addressed. If you are the intended recipient of this information, please treat it as confidential information and take all necessary actionto keep it secure. If you are not the intended recipient, you are hereby notified that any use, dissemination, forwarding, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender at once by reply e-mail and destroy all copies of the originalmessage.