[ActiveDir] Regarding printer configure through web
Hi all, Please help me out, How I can configure websiteof printer server. Actually we having 40 printer of different make and having around 1000 user on different location.So pls tell me how I can create website for printer access. Thanks, Sam
Re: [ActiveDir] Regarding printer configure through web
You might look into iPrint for Windows 2003. I know it's a Novell product, but we used it for a few years to allow print acces for our wireless patrons. it was ported over for 2003 in version 3.08 I think.PaulOn 7/10/06, Ajay Kumar [EMAIL PROTECTED] wrote:Hi all, Please help me out, How I can configure websiteof printer server. Actually we having 40 printer of different make and having around 1000 user on different location.So pls tell me how I can create website for printer access. Thanks, Sam -- ***I've got a fever and the only prescription is morecowbell.--Christopher Walken ***
[ActiveDir] Migration to AD 2003
Hello All: I am a newbie to Active Directory and have some questions about migration our current active directory environment (AD2000) to AD2003. We have WINS, DNS, DHCP, running on two domain controllers. Reasoning for migrating is that we have some old hardware for our domain controllers and we want to move AD over to newer more stable servers. My question is what process should we move forth with first, getting DNS off of these older domain controllers and put that service on the newer soon to be domain controllers first? Then run the forest prep utility to prepare for AD migration? Thanks for any help.
Re: [ActiveDir] Migration to AD 2003
Hi Chris Are you creating a new forest or just upgrading the one you have? I would start by setting the DHCP lease time really low (1 day perhaps). I would run forest prep and domain prep on the boxes you have now, and then dcpromo a new server into the environment. It should pick up the DNS partitions by itself. Once it has DNS and all AD partitions I would then change the DHCP server to point to the new box for DNS, wait a day, then demote the existing server. Do that for each of the DCs. That should put your DNS services and all AD services on the new 2K3 boxes and demote the 2K boxes. After that you can upgrade to 2K3 functional domain and forest (once all 2K DCs are gone). It may also be worth swapping the ips so your new boxes have your old IPs and vice versa. This will allow you to keep the DNS settings on anything that is static. You will need to re-authorize your DHCP servers on the new IPs and change the WINS in both DHCP and on the static machines but that may be less work then changing DNS on all those servers and WINS is less critical to AD operations then WINS is. Of course this assumes that your domain structure is good the way it is, you do not have Exchange, and you are looking to separate DHCP and WINS off the DCs, keeping the old boxes for those. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-230-2983 [EMAIL PROTECTED] |-+- | | Chris Pohlschneider | | | [EMAIL PROTECTED]| | | wayusa.com | | | Sent by: | | | [EMAIL PROTECTED]| | | edir.org | | | | | | | | | 07/10/2006 12:19 PM AST | | | Please respond to | | | ActiveDir | |-+- --| | | | To: ActiveDir@mail.activedir.org | | cc: (bcc: James Day/Contractor/NPS) | | Subject: [ActiveDir] Migration to AD 2003 | --| Hello All: I am a newbie to Active Directory and have some questions about migration our current active directory environment (AD2000) to AD2003. We have WINS, DNS, DHCP, running on two domain controllers. Reasoning for migrating is that we have some old hardware for our domain controllers and we want to move AD over to newer more stable servers. My question is what process should we move forth with first, getting DNS off of these older domain controllers and put that service on the newer soon to be domain controllers first? Then run the forest prep utility to prepare for AD migration? Thanks for any help. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Migration to AD 2003
see: http://blogs.dirteam.com/blogs/jorge/archive/2005/11/20/110.aspx Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address From: [EMAIL PROTECTED] on behalf of Chris Pohlschneider Sent: Mon 2006-07-10 18:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Migration to AD 2003 Hello All: I am a newbie to Active Directory and have some questions about migration our current active directory environment (AD2000) to AD2003. We have WINS, DNS, DHCP, running on two domain controllers. Reasoning for migrating is that we have some old hardware for our domain controllers and we want to move AD over to newer more stable servers. My question is what process should we move forth with first, getting DNS off of these older domain controllers and put that service on the newer soon to be domain controllers first? Then run the forest prep utility to prepare for AD migration? Thanks for any help. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. winmail.dat
Re: [ActiveDir] Migration to AD 2003
Hi Chris, Do you want to change the hardware only or you want to migrate the domain itself. Like for eg. your currentdomain is abc.com and you just want your servers on new hardware or with new hardware you want new domain alsosay chris.com. As far as i can understand from your mail you just need to installyou DC on new servers and if that is sothen you can do this in any sequence. You can run DCPROMO on the new server and whenthe wizard is runningyoucan let it install DNS on the new server ( Which is actually very good feature of Windows 2003 ).Preferably create AD Integrated Zone. Later on you can move DHCP andWINS etc. Just keep in mind that when youplan to remove your old serversfrom the domain Demote them properly. This i am telling you from my own personal experience when i was a newbie to Active Dir. i did this mistake of not properly demoting the servers which could have caused havoc in my network but by the grace of god i came to know about this issue in time and manually seized the roles to one of the new servers create. Hope this would be of some help to you. Regards, Jaspreet Singh Jolly On 7/10/06, Chris Pohlschneider [EMAIL PROTECTED] wrote: Hello All: I am a newbie to Active Directory and have some questions about migration our current active directory environment (AD2000) to AD2003. We have WINS, DNS, DHCP, running on two domain controllers. Reasoning for migrating is that we have some old hardware for our domain controllers and we want to move AD over to newer more stable servers. My question is what process should we move forth with first, getting DNS off of these older domain controllers and put that service on the newer soon to be domain controllers first? Then run the forest prep utility to prepare for AD migration? Thanks for any help. -- Regards,Jaspreet Singh Jolly
OT: Re:[ActiveDir] Regarding printer configure through web
If you want a web based view of what printers are available on a print server, then installing IIS should do it. This will install a virtual directory called printers so you could then browse http://printserver/printers to get a list of printers. Users could then browse and choose a printer and click connect to download and install the driver and then print to it. More info at http://www.microsoft.com/windowsserver2003/techinfo/overview/internetprint.mspx M@ P.S. This is strictly not an AD topic. Please prefix OT: to future topics for the benefit of other users. Thanks! On 7/10/06, Ajay Kumar [EMAIL PROTECTED] wrote: Hi all, Please help me out, How I can configure website of printer server. Actually we having 40 printer of different make and having around 1000 user on different location.So pls tell me how I can create website for printer access. Thanks, Sam List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Rights for Authorizing DHCP Server
I seem to be finding conflicting posts and articles on this subject. Are Enterprise Admin rights required to authorize a DHCP server in a child domain? Can a Domain Admin authorize a DHCP server in his own child domain? Thanks all! Justin Clay ITS Enterprise Services Metropolitan Government of Nashville and Davidson County Howard School Building Phone: (615) 880-2573 ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
RE: [ActiveDir] Migration to AD 2003
We are just upgrading the forest that we already have. We do have Exchange 2003 as well. Our goal is to totally remove the old domain controllers and get rid of them. The hardware is just what we call white boxes custom built computers. We are going to use HP Proliant Servers as the new domain controllers for the active directory 2003 environment. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 10, 2006 12:38 PM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Migration to AD 2003 Hi Chris Are you creating a new forest or just upgrading the one you have? I would start by setting the DHCP lease time really low (1 day perhaps). I would run forest prep and domain prep on the boxes you have now, and then dcpromo a new server into the environment. It should pick up the DNS partitions by itself. Once it has DNS and all AD partitions I would then change the DHCP server to point to the new box for DNS, wait a day, then demote the existing server. Do that for each of the DCs. That should put your DNS services and all AD services on the new 2K3 boxes and demote the 2K boxes. After that you can upgrade to 2K3 functional domain and forest (once all 2K DCs are gone). It may also be worth swapping the ips so your new boxes have your old IPs and vice versa. This will allow you to keep the DNS settings on anything that is static. You will need to re-authorize your DHCP servers on the new IPs and change the WINS in both DHCP and on the static machines but that may be less work then changing DNS on all those servers and WINS is less critical to AD operations then WINS is. Of course this assumes that your domain structure is good the way it is, you do not have Exchange, and you are looking to separate DHCP and WINS off the DCs, keeping the old boxes for those. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-230-2983 [EMAIL PROTECTED] |-+- | | Chris Pohlschneider | | | [EMAIL PROTECTED]| | | wayusa.com | | | Sent by: | | | [EMAIL PROTECTED]| | | edir.org | | | | | | | | | 07/10/2006 12:19 PM AST | | | Please respond to | | | ActiveDir | |-+- --- ---| | | | To: ActiveDir@mail.activedir.org | | cc: (bcc: James Day/Contractor/NPS) | | Subject: [ActiveDir] Migration to AD 2003 | --- ---| Hello All: I am a newbie to Active Directory and have some questions about migration our current active directory environment (AD2000) to AD2003. We have WINS, DNS, DHCP, running on two domain controllers. Reasoning for migrating is that we have some old hardware for our domain controllers and we want to move AD over to newer more stable servers. My question is what process should we move forth with first, getting DNS off of these older domain controllers and put that service on the newer soon to be domain controllers first? Then run the forest prep utility to prepare for AD migration? Thanks for any help. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Rights for Authorizing DHCP Server
Are Enterprise Admin rights required to authorize a DHCP server in a child domain? YES Can a Domain Admin authorize a DHCP server in his own child domain? NO see: http://technet2.microsoft.com/WindowsServer/en/Library/9f713d6c-d7e5-42a0-87f7-43dbf86a17301033.mspx?mfr=true http://technet2.microsoft.com/WindowsServer/en/Library/c8580ddf-bd29-4d31-9df9-eaeeaa37a1e91033.mspx?mfr=true Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address From: [EMAIL PROTECTED] on behalf of Clay, Justin (ITS) Sent: Mon 2006-07-10 20:20 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Rights for Authorizing DHCP Server I seem to be finding conflicting posts and articles on this subject. Are Enterprise Admin rights required to authorize a DHCP server in a child domain? Can a Domain Admin authorize a DHCP server in his own child domain? Thanks all! Justin Clay ITS Enterprise Services Metropolitan Government of Nashville and Davidson County Howard School Building Phone: (615) 880-2573 ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. winmail.dat
[ActiveDir] Kerberos MaxTokenSize and too many groups issues
Title: Kerberos MaxTokenSize and too many groups issues Hi all Have a badly designed applications which is tapping on AD memberships for its grouping rights and user memberships to define their roles and permissions and today found out that one of the user is unable to access the application, but standard logon access to exchange mailbox etc are working fine. Digging further im seeing quite a few errors on eventlog (details below) - then did a registry key of MaxTokenSize as below and everything seems to works fine. Also prior to this, running gpresult on the machine doesnt give any result at all. Question - I was under the assumptions that this applies to Win 2000 only, not xp or 2003, but apparently this does? Also if I remembered correctly there's a command or tool to calculate the tokensize of a user anybody has that tool again pls? MaxTokenSize regkey http://support.microsoft.com/?id=263693 Event Type: Error Event Source: Userenv Event Category: None Event ID: 1000 Date: 7/7/2006 Time: 5:07:09 AM User: NT AUTHORITY\SYSTEM Computer: XX Description: Windows cannot determine the user or computer name. Return value (14). Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785
RE: [ActiveDir] Kerberos MaxTokenSize and too many groups issues
Title: Kerberos MaxTokenSize and too many groups issues Tokensz http://www.microsoft.com/downloads/details.aspx?FamilyID=4a303fa5-cf20-43fb-9483-0f0b0dae265cDisplayLang=en Kurt Falde From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Freddy HARTONO Sent: Monday, July 10, 2006 9:16 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Kerberos MaxTokenSize and too many groups issues Hi all Have a badly designed applications which is tapping on AD memberships for its grouping rights and user memberships to define their roles and permissions and today found out that one of the user is unable to access the application, but standard logon access to exchange mailbox etc are working fine. Digging further im seeing quite a few errors on eventlog (details below) - then did a registry key of MaxTokenSize as below and everything seems to works fine. Also prior to this, running gpresult on the machine doesnt give any result at all. Question - I was under the assumptions that this applies to Win 2000 only, not xp or 2003, but apparently this does? Also if I remembered correctly there's a command or tool to calculate the tokensize of a user anybody has that tool again pls? MaxTokenSize regkey http://support.microsoft.com/?id=263693 Event Type: Error Event Source: Userenv Event Category: None Event ID: 1000 Date: 7/7/2006 Time: 5:07:09 AM User: NT AUTHORITY\SYSTEM Computer: XX Description: Windows cannot determine the user or computer name. Return value (14). Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785
[ActiveDir] DFS Roots insecure
The actual physical file folder of the DFS root has "Everyone" with full control. This is how it was by default which has led to a small amount of garbage files being placed there by uneducated users. 1) Can I change the NTFS perms on the root? If so, how or can you point me to a KB, google isn't turning anything up so far. 2) There are a few files in the 30 or so that are there that might potentially be system created. Is it safe to delete any files (not folders) in the DFS root or are there some system files there. Any known listing of them I can compare against? E.g. 121202b.HAF (142MB) DFSLinknamePOSB1CHK1PM.txt (41KB) DFSLinknamePOSB1CHK2PM.txt (31KB) AcTpCatalog.atc (1kb) The others are .xls, .doc, etc that are obviously user created. Bryan Lucas Server Administrator Texas Christian University (817) 257-6971
