Re: [ActiveDir] Need some advices....

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

(yeah you beta bleeding edger folks..he's probably already running Vista 
sp1)


Eric Fleischman wrote:

Right...I always forget what is released and what isn't.


*From:* [EMAIL PROTECTED] on behalf of Susan Bradley, 
CPA aka Ebitz - SBS Rocks [MVP]

*Sent:* Wed 11/1/2006 8:58 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] Need some advices

SP2 'will' fix it... it's not released yet that I know of.

Eric Fleischman wrote:
> SP2 fixed this and it should be back to 180 days. The r2 thing was a 
mistake.

>
> ~Eric
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of joe

> Sent: Wednesday, November 01, 2006 3:20 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Need some advices
>
> Yep the R2 thing was an unfortunate rollback bug. It wasn't a purposeful
> event due to changing of minds or anything.
>
> It is fixed, currently, in LH and set to 180.
>
>   joe
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
> 
>

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Susan 
Bradley, CPA

> aka Ebitz - SBS Rocks [MVP]
> Sent: Wednesday, October 25, 2006 12:51 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Need some advices
>
> If memory serves me right the forest/trees tombstone values
> whatevers (you know those things we never worry about in SBSland) are
> different depending on how that SP1 got on the box...
>
> 2003 RTM you have 60 days
> 2003 SP1 (clean install) you have 180 days
> 2003 R2 (clean install) you have 60 days
>
> (they kinda went backwards on the r2 and reintroduced the 60 days if I
> remember right.)
>
>
>
> Brian Desmond wrote:
>  
>> *If the domain was created in Windows 2000 or 2003 R2, you've got 60

>> days to fix it, 2003 domains you have 180 days. This is assuming you
>> haven't tweaked the tombstone lifetime. 4 hours is nothing. :)*
>>
>> * *
>>
>> *Thanks,*
>>
>> *Brian Desmond*
>>
>> [EMAIL PROTECTED]
>>
>> * *
>>
>> *c - 312.731.3132*
>>
>> * *
>>
>> *From:* [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] *On Behalf Of *Yann
>> *Sent:* Wednesday, October 25, 2006 10:23 AM
>> *To:* ActiveDir@mail.activedir.org
>> *Subject:* [ActiveDir] Need some advices
>>
>> Hello all ;)
>>
>> Due to network outage that is scheduled for 4 hours on a active
>> directory site, i'd like to leave our DCs up without shut them down.
>>
>> Question:
>>
>> Could il leave all my DCs up despite they can not communicate with
>> each others for 4 hours ? Will that cause any issues (repl,
>> auth,etc..) ? or Do i have to shut them down and next reboot them when
>> network will up ?
>>
>> Thanks for advices.
>>
>> Cheers,
>>
>> Yann
>>
>> 


>>
>> Découvrez une nouvelle façon d'obtenir des réponses à toutes vos
>> questions ! Profitez des connaissances, des opinions et des
>> expériences des internautes sur Yahoo! Questions/Réponses
>> .
>>
>>
>
>  
List info   : http://www.activedir.org/List.aspx

List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Need some advices....

[Eric Fleischman]

Title: Re: [ActiveDir] Need some advices



Right...I always forget what is released and what isn't.


From: [EMAIL PROTECTED] on behalf of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]Sent: Wed 11/1/2006 8:58 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Need some advices

SP2 'will' fix it... it's not released yet that I know of.Eric Fleischman wrote:> SP2 fixed this and it should be back to 180 days. The r2 thing was a mistake.>> ~Eric -Original Message-> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of joe> Sent: Wednesday, November 01, 2006 3:20 PM> To: ActiveDir@mail.activedir.org> Subject: RE: [ActiveDir] Need some advices>> Yep the R2 thing was an unfortunate rollback bug. It wasn't a purposeful> event due to changing of minds or anything.>> It is fixed, currently, in LH and set to 180.>>   joe>>> --> O'Reilly Active Directory Third Edition -> http://www.joeware.net/win/ad3e.htm> >> -Original Message-> From: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]] On Behalf Of Susan Bradley, CPA> aka Ebitz - SBS Rocks [MVP]> Sent: Wednesday, October 25, 2006 12:51 PM> To: ActiveDir@mail.activedir.org> Subject: Re: [ActiveDir] Need some advices>> If memory serves me right the forest/trees tombstone values> whatevers (you know those things we never worry about in SBSland) are> different depending on how that SP1 got on the box...>> 2003 RTM you have 60 days> 2003 SP1 (clean install) you have 180 days> 2003 R2 (clean install) you have 60 days>> (they kinda went backwards on the r2 and reintroduced the 60 days if I> remember right.) Brian Desmond wrote:>  >> *If the domain was created in Windows 2000 or 2003 R2, you've got 60>> days to fix it, 2003 domains you have 180 days. This is assuming you>> haven't tweaked the tombstone lifetime. 4 hours is nothing. :)* * * *Thanks,* *Brian Desmond* [EMAIL PROTECTED] * * *c - 312.731.3132* * * *From:* [EMAIL PROTECTED]>> [mailto:[EMAIL PROTECTED]] *On Behalf Of *Yann>> *Sent:* Wednesday, October 25, 2006 10:23 AM>> *To:* ActiveDir@mail.activedir.org>> *Subject:* [ActiveDir] Need some advices Hello all ;) Due to network outage that is scheduled for 4 hours on a active>> directory site, i'd like to leave our DCs up without shut them down. Question: Could il leave all my DCs up despite they can not communicate with>> each others for 4 hours ? Will that cause any issues (repl,>> auth,etc..) ? or Do i have to shut them down and next reboot them when>> network will up ? Thanks for advices. Cheers, Yann  D?couvrez une nouvelle fa?on d'obtenir des r?ponses ? toutes vos>> questions ! Profitez des connaissances, des opinions et des>> exp?riences des internautes sur Yahoo! Questions/R?ponses>> .>>  List info   : http://www.activedir.org/List.aspxList FAQ    : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/

Re: [ActiveDir] Change default User-Account-Control behavior

[Steve Schofield]

Thanks Joe for the verification.  I couldn't find anything but figured if 
anyone knew if it could be done.   They would be on this list.  :)


Steve Schofield
Windows Server MVP - IIS
ASPInsider Member - MCP

http://www.orcsweb.com/
Managed Complex Hosting
#1 in Service and Support


- Original Message - 
From: "joe" <[EMAIL PROTECTED]>

To: 
Sent: Wednesday, November 01, 2006 5:58 PM
Subject: RE: [ActiveDir] Change default User-Account-Control behavior



Nope. Scripts, batch files, and custom tools for you. :)


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield
Sent: Tuesday, October 31, 2006 2:38 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Change default User-Account-Control behavior

Is it possible to change the default behavior when creating local or AD 
user


accounts?  I would like to set certain options when creating accounts 
using

normal tools without having to write a script.  Any tips / advice is
certainly appreciated.

Steve Schofield


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/




List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

Re: [ActiveDir] Need some advices....

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

SP2 'will' fix it... it's not released yet that I know of.

Eric Fleischman wrote:

SP2 fixed this and it should be back to 180 days. The r2 thing was a mistake.

~Eric



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, November 01, 2006 3:20 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Need some advices

Yep the R2 thing was an unfortunate rollback bug. It wasn't a purposeful
event due to changing of minds or anything.

It is fixed, currently, in LH and set to 180.

  joe 



--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, October 25, 2006 12:51 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Need some advices

If memory serves me right the forest/trees tombstone values 
whatevers (you know those things we never worry about in SBSland) are 
different depending on how that SP1 got on the box...


2003 RTM you have 60 days
2003 SP1 (clean install) you have 180 days
2003 R2 (clean install) you have 60 days

(they kinda went backwards on the r2 and reintroduced the 60 days if I 
remember right.)




Brian Desmond wrote:
  
*If the domain was created in Windows 2000 or 2003 R2, you've got 60 
days to fix it, 2003 domains you have 180 days. This is assuming you 
haven't tweaked the tombstone lifetime. 4 hours is nothing. :)*


* *

*Thanks,*

*Brian Desmond*

[EMAIL PROTECTED]

* *

*c - 312.731.3132*

* *

*From:* [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Yann

*Sent:* Wednesday, October 25, 2006 10:23 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* [ActiveDir] Need some advices

Hello all ;)

Due to network outage that is scheduled for 4 hours on a active 
directory site, i'd like to leave our DCs up without shut them down.


Question:

Could il leave all my DCs up despite they can not communicate with 
each others for 4 hours ? Will that cause any issues (repl, 
auth,etc..) ? or Do i have to shut them down and next reboot them when 
network will up ?


Thanks for advices.

Cheers,

Yann



Découvrez une nouvelle façon d'obtenir des réponses à toutes vos 
questions ! Profitez des connaissances, des opinions et des 
expériences des internautes sur Yahoo! Questions/Réponses 
.





  

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Need some advices....

[Eric Fleischman]

SP2 fixed this and it should be back to 180 days. The r2 thing was a mistake.

~Eric



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, November 01, 2006 3:20 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Need some advices

Yep the R2 thing was an unfortunate rollback bug. It wasn't a purposeful
event due to changing of minds or anything.

It is fixed, currently, in LH and set to 180.

  joe 


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, October 25, 2006 12:51 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Need some advices

If memory serves me right the forest/trees tombstone values 
whatevers (you know those things we never worry about in SBSland) are 
different depending on how that SP1 got on the box...

2003 RTM you have 60 days
2003 SP1 (clean install) you have 180 days
2003 R2 (clean install) you have 60 days

(they kinda went backwards on the r2 and reintroduced the 60 days if I 
remember right.)



Brian Desmond wrote:
>
> *If the domain was created in Windows 2000 or 2003 R2, you've got 60 
> days to fix it, 2003 domains you have 180 days. This is assuming you 
> haven't tweaked the tombstone lifetime. 4 hours is nothing. :)*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> [EMAIL PROTECTED]
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> *From:* [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Yann
> *Sent:* Wednesday, October 25, 2006 10:23 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Need some advices
>
> Hello all ;)
>
> Due to network outage that is scheduled for 4 hours on a active 
> directory site, i'd like to leave our DCs up without shut them down.
>
> Question:
>
> Could il leave all my DCs up despite they can not communicate with 
> each others for 4 hours ? Will that cause any issues (repl, 
> auth,etc..) ? or Do i have to shut them down and next reboot them when 
> network will up ?
>
> Thanks for advices.
>
> Cheers,
>
> Yann
>
> 
>
> Découvrez une nouvelle façon d'obtenir des réponses à toutes vos 
> questions ! Profitez des connaissances, des opinions et des 
> expériences des internautes sur Yahoo! Questions/Réponses 
> .
>

-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will
hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Characters with Accents and LDAP search

[joe]

I don't have any problem running that script and binding to 
an ID with accents... 
 
   joe
 

--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Steven 
WoodSent: Monday, October 23, 2006 5:14 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Characters with 
Accents and LDAP search


Hi all,
 
I’m using the following script to find a user which works fine so 
long as the CN value 
doesn’t contain a character with an 
accent, in the example below I’ve used Léo Apotheker, unfortunately the letter é 
produces an ‘Object not found error’. 
Does anyone have any idea what 
is going on here? Is the problem with _vbscript_ or 
AD?
 
Many thanks
Steven
 
Set dso = GetObject("LDAP:")
Set objUser = dso.OpenDSObject( _
"LDAP://APHRODITE/CN=Léo 
Apotheker,OU=Staff,DC=Domain,DC=Com", _
"Domain\User", _
"password", 
_
ADS_SECURE_AUTHENTICATION + 
ADS_SERVER_BIND)
objUser.AllowLogon = Disabled
objUser.SetInfo---This 
email is from Oldham Sixth Form College, but expresses the viewsof the 
sender and not necessarily the views of the college. The emailand any files 
transmitted with it are confidential to the intendedrecipient at the e-mail 
address to which it has been addressed. It maynot be disclosed or used by 
any other than that addressee, nor may itbe copied in any way. If received 
in error, please notify[EMAIL PROTECTED] quoting the name of the 
sender.This message has been scanned for viruses by F-Secure 
Anti-Virus.Please note that we cannot accept any responsibility for 
anytransmitted viruses. It is, therefore, your responsibility to 
scanattachments (if any).

RE: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based" administration.. (ADAM SP1)

[joe]

> (I'm interested in
> using ADAM to store security-related data, so 
> I'd love to be able to have a
> securuty admin that is not an AD admin, but I digress).. 

Someone doesn't need to be an AD Admin to admin ADAM. They can be a normal
user in either AD or on local machines. Though local machine IDs isn't very
scaleable. 


  joe


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of F. Javier Jarava
Sent: Tuesday, October 24, 2006 1:27 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based" administration..
(ADAM SP1)

Hi all!!

I'm (trying to) get up to speed with AD/AM, but I seem to be hitting some
glitch. So, please, if I'm doing something stupid, please do tell me:

As of ADAM SP1, it's possible to create ADAM users in the config. partition,
thus making it possible for an ADAM user to be the administrator of a
replica set. In this wey, it'd be possible to maintain some role separation
between the users of the Domain and ADAM roles/users. (I'm interested in
using ADAM to store security-related data, so I'd love to be able to have a
securuty admin that is not an AD admin, but I digress)...

The thing is, I manage to add an ADAM user as per the instructions on the
ADAM docs, and I can bind using LDP and simple security. The problem is that
I haven't been able to do the same with ADAM-ADSIEDIT... Do anybody knows
how you can set "advanced" connection options or, barring that, what you
have to do to get ADAM-ADSIEDIT to use an ADADM user to logon?

Of course, I know that it "ought" to be possible to do all admin. tasks from
LDP, but it's a bit... Not too user friendly ;)

Thanks a lot in advance.

Best Regards

Javier Jarava

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based" administration.. (ADAM SP1)

[joe]

Depends on the user. ;o) 


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of F. Javier Jarava
Sent: Wednesday, October 25, 2006 6:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based"
administration.. (ADAM SP1)

Thanks for the tip...

It's much more "user-friendly" than ldp (that’s not saying much, I know :)


-Mensaje original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] En nombre de Ansar Mohammed
Enviado el: miércoles, 25 de octubre de 2006 9:03
Para: ActiveDir@mail.activedir.org
Asunto: RE: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based" administration..
(ADAM SP1)

Use ldapeditor (http://www.ldapeditor.com)
Version 3 supports simple binds, ntlm and anonymous logins.
New version due in November should support Kerberos and Digest.


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Dmitri Gavrilov
> Sent: October 24, 2006 3:28 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based"
> administration.. (ADAM SP1)
> 
> Until Longhorn, ADAM-ADSIEdit will not support simple binds, sorry. LDP
> is your only option.
> 
> Second -- you cannot protect *anything* on a joined machine from an AD
> admin. If you don't trust them, leave the domain. That's the only way.
> For example, a builtin admin on the machine can bind to ADAM instance,
> take ownership of an object and update its security descriptor to grant
> herself any rights she needs.
> Even if we were to lock ADAM down, she would still be able to debug the
> adam service, and still do anything she wants.
> 
> Dmitri
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of F. Javier
> Jarava
> Sent: Tuesday, October 24, 2006 10:27 AM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based"
> administration.. (ADAM SP1)
> 
> Hi all!!
> 
> I'm (trying to) get up to speed with AD/AM, but I seem to be hitting
> some
> glitch. So, please, if I'm doing something stupid, please do tell me:
> 
> As of ADAM SP1, it's possible to create ADAM users in the config.
> partition,
> thus making it possible for an ADAM user to be the administrator of a
> replica set. In this wey, it'd be possible to maintain some role
> separation
> between the users of the Domain and ADAM roles/users. (I'm interested in
> using ADAM to store security-related data, so I'd love to be able to
> have a
> securuty admin that is not an AD admin, but I digress)...
> 
> The thing is, I manage to add an ADAM user as per the instructions on
> the
> ADAM docs, and I can bind using LDP and simple security. The problem is
> that
> I haven't been able to do the same with ADAM-ADSIEDIT... Do anybody
> knows
> how you can set "advanced" connection options or, barring that, what you
> have to do to get ADAM-ADSIEDIT to use an ADADM user to logon?
> 
> Of course, I know that it "ought" to be possible to do all admin. tasks
> from
> LDP, but it's a bit... Not too user friendly ;)
> 
> Thanks a lot in advance.
> 
>   Best Regards
> 
>   Javier Jarava
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: RE: [ActiveDir] Need some advices....

[joe]

Accident. 


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Yann
Sent: Wednesday, October 25, 2006 12:58 PM
To: ActiveDir@mail.activedir.org
Subject: RE : RE: [ActiveDir] Need some advices

interesting thing about tombstone lifetime depending
on version of AD

For my information, do you know why MS revers back the
tombstome lifetime from 180 days in AD 2003 to 60 days
in ADR2 ?

Thanks,

Yann


--- Brian Desmond <[EMAIL PROTECTED]> a écrit :

> If the domain was created in Windows 2000 or 2003
> R2, you've got 60 days to fix it, 2003 domains you
> have 180 days. This is assuming you haven't tweaked
> the tombstone lifetime. 4 hours is nothing. :)
> 
>  
> 
> Thanks,
> 
> Brian Desmond
> 
> [EMAIL PROTECTED]
> 
>  
> 
> c - 312.731.3132
> 
>  
> 
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Yann
> Sent: Wednesday, October 25, 2006 10:23 AM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Need some advices
> 
>  
> 
> Hello all ;)
> 
>  
> 
> Due to network outage that is scheduled for 4 hours
> on a active directory site, i'd like to leave our
> DCs up without shut them down.
> 
>  
> 
> Question:
> 
> Could il leave all my DCs up despite they can not
> communicate with each others for 4 hours ? Will that
> cause any issues (repl, auth,etc..) ? or Do i have
> to shut them down and next reboot them when network
> will up ?
> 
>  
> 
> Thanks for advices.
> 
>  
> 
> Cheers, 
> 
>  
> 
> Yann
> 
>   
> 
> 
> 
> Découvrez une nouvelle façon d'obtenir des réponses
> à toutes vos questions ! Profitez des connaissances,
> des opinions et des expériences des internautes sur
> Yahoo! Questions/Réponses
>

> .
> 
> 







___ 
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !

Profitez des connaissances, des opinions et des expériences des internautes
sur Yahoo! Questions/Réponses 
http://fr.answers.yahoo.com
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Need some advices....

[joe]

Yep the R2 thing was an unfortunate rollback bug. It wasn't a purposeful
event due to changing of minds or anything.

It is fixed, currently, in LH and set to 180.

  joe 


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, October 25, 2006 12:51 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Need some advices

If memory serves me right the forest/trees tombstone values 
whatevers (you know those things we never worry about in SBSland) are 
different depending on how that SP1 got on the box...

2003 RTM you have 60 days
2003 SP1 (clean install) you have 180 days
2003 R2 (clean install) you have 60 days

(they kinda went backwards on the r2 and reintroduced the 60 days if I 
remember right.)



Brian Desmond wrote:
>
> *If the domain was created in Windows 2000 or 2003 R2, you’ve got 60 
> days to fix it, 2003 domains you have 180 days. This is assuming you 
> haven’t tweaked the tombstone lifetime. 4 hours is nothing. :)*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> [EMAIL PROTECTED]
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> *From:* [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Yann
> *Sent:* Wednesday, October 25, 2006 10:23 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Need some advices
>
> Hello all ;)
>
> Due to network outage that is scheduled for 4 hours on a active 
> directory site, i'd like to leave our DCs up without shut them down.
>
> Question:
>
> Could il leave all my DCs up despite they can not communicate with 
> each others for 4 hours ? Will that cause any issues (repl, 
> auth,etc..) ? or Do i have to shut them down and next reboot them when 
> network will up ?
>
> Thanks for advices.
>
> Cheers,
>
> Yann
>
> 
>
> Découvrez une nouvelle façon d'obtenir des réponses à toutes vos 
> questions ! Profitez des connaissances, des opinions et des 
> expériences des internautes sur Yahoo! Questions/Réponses 
> .
>

-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will
hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] get information with wmic

[joe]

You will likely have to have another script that slaps the 
output together into a single line per DC.
 
 
 

--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
YannSent: Thursday, October 26, 2006 1:37 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] get information with 
wmic 

Hello,
 
i was trying to use wmic to get these information from a list of DCs:
Name (oh DC), TotalPhysicalMemory,InitialSize of pagefile,  
MaximumSize of pagefile on one line or in an excel file.
 
I use this
wmic PAGEFILESET list writeable that list the values of 
InitialSize  MaximumSize  Name
 
wmic COMPUTERSYSTEM get name,TotalPhysicalMemory that list the values 
of
Name  TotalPhysicalMemory
 
But how to concatenate the 2 commands line in order to have on one line the 
values of:
Name  TotalPhysicalMemory InitialSize  MaximumSize  
Name
 
Thanks for input,
 
Yann
 
 


Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! 
Profitez des connaissances, des opinions et des expériences des internautes sur 
Yahoo! 
Questions/Réponses.

RE: [ActiveDir] list lastlogontime for every user script

[joe]

n/p
 
 

--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Monday, October 30, 2006 5:41 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
list lastlogontime for every user script


Thanks for the 
insight.  BTW, DHTML won’t be missed… J
 




































:m:dsm:cci:mvp | 
marcusoh.blogspot.com
 


From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Saturday, October 28, 2006 12:37 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
list lastlogontime for every user script
 
Every 
time an auth occurs that updates the lastLogon (not logonTime like I miswrote 
last time)  attribute a calculation is done based on the update frequency 
value. This frequency can be modified by updating the msDS-LogonTimeSyncInterval 
attribute on the domain NC head (for AD). If the update frequency 
is greater than the swing value (5 days) then the update frequency value is 
modified by subtracting a random number in the range of 0-5. That resulting 
value (by default 9-14 days) is then compared to the length of time it has been 
since the last update. If the time has exceeded that value, the stamp is 
updated. The minimum frequency value for AD is 1 day, the max is in the hundreds 
of years so not something you will likely notice a problem with. ADAM allows you 
to specify 0 through the ADAMLastLogonTimestampWindow entry of the 
msDS-Other-Settings attribute of the nTDSService object for the instance which 
means update the attribute for every logon. This isn't an issue with ADAM as it 
is with AD since with AD your machine can be doing auths on your behalf all 
through the day and causing a lot of replication. ADAM auth is all very directed 
and specific. 
 
   
joe 

 

 

--
O'Reilly 
Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of [EMAIL PROTECTED]Sent: Friday, October 27, 2006 
9:44 AMTo: ActiveDir@mail.activedir.orgSubject: RE: 
[ActiveDir] list lastlogontime for every user script
by the short 
description in msdn, if sounds as if there’s a comparison done when the user 
logs on.  If it’s been at least a week since the value was updated, it’s 
subject to being updated again?  At that point, the random 
calculation?
 




































:m:dsm:cci:mvp | 
marcusoh.blogspot.com
 


From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Friday, October 27, 2006 12:40 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
list lastlogontime for every user script
 
It 
isn't, it is randomly calculated every time logonTime is updated. 


 
--
O'Reilly 
Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of [EMAIL PROTECTED]Sent: Thursday, October 26, 2006 
9:49 PMTo: ActiveDir@mail.activedir.orgSubject: RE: 
[ActiveDir] list lastlogontime for every user script
How 
is this 9-14 day value tracked for each user object, by the 
way?
 


From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Thursday, October 26, 2006 5:34 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
list lastlogontime for every user script
 
oldcmp
 
Keep in 
mind that by default, lastLogonTimeStamp is not updated every day, it will be 
updated about every 9-14 days (14 days with a random swing of minus 0-5 
days).
 
You can 
output to csv or html, whatever is more convenient for you. 

 
Alternately 
if you just want to query the value directly, you can use adfind to 
generate the output. 
 
However, 
oldcmp tends to be easier for most folks.
 
  
joe

 
--
O'Reilly 
Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Ramon LinanSent: Thursday, October 26, 2006 4:59 
PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 
list lastlogontime for every user script

Hi,

 

I am 
trying to do an script or something that will list lastlogontime for all users 
so I can receive an email when someone has not use the account for more than 30 
days.

 

I have 
seen a couple of examples of half built scripts that don't work, I get lost when 
they start dealing with the converting the number to a 
date...

 

Does 
anyone has a script will do some similar? does Joe ware has something 
similar?

 

Thanks

 

Ramon

RE: [ActiveDir] AD Security Group Information

[joe]

One small correction and one small alternative 
;o)
 
Use objectcategory=group versus objectclass=group unless 
you have indexed objectclass. You will notice a substantial query speed 
delta.
 
I don't see mention of a specific type of security group 
and the query provided only gets Security enabled global groups. If you want all 
security enabled groups change grouptype=-2147483646 to 
grouptype<=-1
 

--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael 
M.Sent: Tuesday, October 31, 2006 7:17 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD Security 
Group Information


adfind 
-default -f "&(objectclass=group)(groupType=-2147483646)" -tdc 
whenChanged
 
hth,
Mike 
Thommes
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Frank 
AbagnaleSent: Tuesday, October 
31, 2006 2:51 AMTo: 
activedir@mail.activedir.orgSubject: [ActiveDir] AD Security Group 
Information
 

I'm having a clear up of my domain and there are approx 
8000 security groups.

Some of these are no longer required, how is the best 
way to determine whether the groups are still in use? Is there any way to query 
the groups to identify when they were last 
modified?

thanks

Frank

Single Domain, Windows 2003 
FFL
  




We have the perfect Group for you. Check out the handy 
changes to Yahoo! Groups. 

RE: [ActiveDir] Change default User-Account-Control behavior

[joe]

Nope. Scripts, batch files, and custom tools for you. :) 


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield
Sent: Tuesday, October 31, 2006 2:38 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Change default User-Account-Control behavior

Is it possible to change the default behavior when creating local or AD user

accounts?  I would like to set certain options when creating accounts using 
normal tools without having to write a script.  Any tips / advice is 
certainly appreciated.

Steve Schofield


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

[ActiveDir] Exchange 2k3 FE/BE Migration to another Forest....

[Technical Support]

Hi,

 

We are planning to have only one domain for normal users and
users with mailbox. Currently we have two different forests.

My Exchange Forest is FE/BE structure.

 

Kindly suggest how I can achieve this in the best way.

 

Thanks and Regards

Ravi Dogra

RE: [ActiveDir] Active Directory Health Check tool - where can it run from?

[Alex Fontana]

Title: Active Directory Health Check tool - where can it run from?








Ahh…the good ‘ol days of being
a premier customer.  I miss those days…

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Washington, Booker
Sent: Wednesday, November 01, 2006
7:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active
Directory Health Check tool - where can it run from?



 

Yes, that is the tool.  At first MSFT
came on site and ran the test, and then left us with the tools.

 

Thanks

 

 

 









From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Paul Williams
Sent: Wednesday, November 01, 2006
3:44 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Active
Directory Health Check tool - where can it run from?



 



I assume you are
referring to the ADST tool that you get if you're a premier customer and MSFT
come and do an AD Healthcheck.  As far as I know, this can be run from
anywhere (in the domain), as it's really just a bunch of VBS scripts that do ADSI
and WMI queries against the DCs.  The cool thing is these scripts are
wrapped behind a decent GUI.





 





--Paul





 







- Original Message - 





From: Washington, Booker 





To: ActiveDir@mail.activedir.org






Sent: Tuesday, October
31, 2006 10:26 PM





Subject: RE: [ActiveDir]
Active Directory Health Check tool - where can it run from?





 



It is the Active Directory Health Check
Snapshot Tool. What exactly is ADRAP?  I got a copy from our Forest Admins
because I am a child domain of the forest.

 

The reason that I ask is because I seem to
get buggy results when I go from an XP workstation, or a member server, and I
wondered if I needed to run it from the DC itself.

 

 

Thanks

 

 

 









From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Brian Desmond
Sent: Tuesday, October 31, 2006
5:15 PM
To: ActiveDir@mail.activedir.org
Subject: RE: Active Directory
Health Check tool - where can it run from?



 





Which tool is this? The AD Snapshot tool
that you get from an ADRAP can run from any server.





 





--brian







 







From:
[EMAIL PROTECTED] on behalf of Washington,
 Booker
Sent: Tue 10/31/2006 4:04 PM
To: ActiveDir@mail.activedir.org
Subject: Active Directory Health
Check tool - where can it run from?





 

Does that
tool need to be run from a Domain Controller, or can it be run from any member
server in the Domain, or workstation.

Just
curious. 

Thanks


 

RE: [ActiveDir] Active Directory Health Check tool - where can it run from?

[Akomolafe, Deji]

Title: Active Directory Health Check tool - where can it run from?



The tool actually lists out the specific requirements for running it. You just need to read the "default.htm" that is part of the generated report.
 


Sincerely,    _      (, /  |  /)   /) /)       /---| (/_  __   ___// _   //  _  ) /    |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /)     (/   Microsoft MVP - Directory Serviceswww.akomolafe.com - we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon


From: Paul WilliamsSent: Wed 11/1/2006 12:43 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Active Directory Health Check tool - where can it run from?

I assume you are referring to the ADST tool that you get if you're a premier customer and MSFT come and do an AD Healthcheck.  As far as I know, this can be run from anywhere (in the domain), as it's really just a bunch of VBS scripts that do ADSI and WMI queries against the DCs.  The cool thing is these scripts are wrapped behind a decent GUI.
 
--Paul


- Original Message - 
From: Washington, Booker 
To: ActiveDir@mail.activedir.org 
Sent: Tuesday, October 31, 2006 10:26 PM
Subject: RE: [ActiveDir] Active Directory Health Check tool - where can it run from?


It is the Active Directory Health Check Snapshot Tool. What exactly is ADRAP?  I got a copy from our Forest Admins because I am a child domain of the forest.
 
The reason that I ask is because I seem to get buggy results when I go from an XP workstation, or a member server, and I wondered if I needed to run it from the DC itself.
 
 
Thanks
 
 
 




From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian DesmondSent: Tuesday, October 31, 2006 5:15 PMTo: ActiveDir@mail.activedir.orgSubject: RE: Active Directory Health Check tool - where can it run from?
 


Which tool is this? The AD Snapshot tool that you get from an ADRAP can run from any server.

 

--brian

 



From: [EMAIL PROTECTED] on behalf of Washington, BookerSent: Tue 10/31/2006 4:04 PMTo: ActiveDir@mail.activedir.orgSubject: Active Directory Health Check tool - where can it run from?

 
Does that tool need to be run from a Domain Controller, or can it be run from any member server in the Domain, or workstation.
Just curious. 
Thanks 
 

RE: [ActiveDir] Active Directory Health Check tool - where can it run from?

[Washington, Booker]

Title: Active Directory Health Check tool - where can it run from?








Yes, that is the tool.  At first MSFT came
on site and ran the test, and then left us with the tools.

 

Thanks

 

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Williams
Sent: Wednesday, November 01, 2006
3:44 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Active
Directory Health Check tool - where can it run from?



 



I assume you are
referring to the ADST tool that you get if you're a premier customer and MSFT
come and do an AD Healthcheck.  As far as I know, this can be run from
anywhere (in the domain), as it's really just a bunch of VBS scripts that do
ADSI and WMI queries against the DCs.  The cool thing is these scripts are
wrapped behind a decent GUI.





 





--Paul





 







- Original Message - 





From: Washington, Booker 





To: ActiveDir@mail.activedir.org






Sent: Tuesday, October
31, 2006 10:26 PM





Subject: RE: [ActiveDir]
Active Directory Health Check tool - where can it run from?





 



It is the Active Directory Health Check
Snapshot Tool. What exactly is ADRAP?  I got a copy from our Forest Admins
because I am a child domain of the forest.

 

The reason that I ask is because I seem to
get buggy results when I go from an XP workstation, or a member server, and I
wondered if I needed to run it from the DC itself.

 

 

Thanks

 

 

 









From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Brian Desmond
Sent: Tuesday, October 31, 2006
5:15 PM
To: ActiveDir@mail.activedir.org
Subject: RE: Active Directory
Health Check tool - where can it run from?



 





Which tool is this? The AD Snapshot tool
that you get from an ADRAP can run from any server.





 





--brian







 







From: [EMAIL PROTECTED]
on behalf of Washington, Booker
Sent: Tue 10/31/2006 4:04 PM
To: ActiveDir@mail.activedir.org
Subject: Active Directory Health
Check tool - where can it run from?





 

Does that
tool need to be run from a Domain Controller, or can it be run from any member
server in the Domain, or workstation.

Just
curious. 

Thanks


 

RE: [ActiveDir] OT: Exchange Question

[Larry Wahlers]

And, 
you can even turn the mailbox into a honeypot of sorts, by logging into it via 
Outlook and creating a rule that deletes all email sent to 
it!
 
--Larry WahlersConcordia TechnologiesThe Lutheran 
Church - Missouri Synodmailto:[EMAIL PROTECTED]direct 
office line: (314) 996-1876
 

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Steve 
  ComeauSent: Wednesday, November 01, 2006 8:12 AMTo: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Exchange 
  Question
  
  
  You can also make 
  their incoming email addresses something 
  obnoxious.
   
  
  Steve 
  Comeau
  IT 
  Manager
  Rutgers 
  Athletics
  83 
  Rockefeller Road
  Piscataway, 
  NJ  08854
  732-445-7802
  732-445-4623 
  (fax)
  www.scarletknights.com
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Daash, Amr 
  Sent: Wednesday, November 
  01, 2006 8:44 AMTo: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Exchange 
  Question
   
  Well there are a lot 
  of things that could be done,
   
  1-   
  u can 
  modify the user delivery restriction tab
  2-   
  u can 
  create a security group add the user names to this group then open THE ESM 
  navigate to the your default SMTP virtual server Access tab, the 
  authentication, add the group u created
   
  The job now is 
  done
   
  
  Amr 
  EL DaashSystem Administrator, 
  ITS EgyptKPMG Egypt, 
  Hazem HassanPyramid 
  Heights 
  Office 
  ParkKm22 Cairo-Alex Desert 
  Road, GizaEgyptTel +20 (2)536 22 00 
  / 11Fax +20 (2)536 23 01 / 05Mobile +20 (10) 
  1925369Email: [EMAIL PROTECTED] 
  
  
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Dan 
  DeStefanoSent: Wednesday, 
  November 01, 2006 3:01 PMTo: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: Exchange 
  Question
   
  I have a client who would like 
  certain users to no longer receive e-mail, while still being able to access 
  their mailboxes. Is there a way to do this other than exporting their mailbox 
  to PST and mailbox-disabling the users?
   
   
  Thank you in 
  advance,
   
  
  The information in this email is 
  confidential and may be legally privileged.
  It is intended solely for the 
  addressee. Access to this email by anyone else is unauthorized. 
  
  If you are not the intended 
  recipient, any disclosure, copying, 
  distribution or any action taken 
  or omitted to be taken in reliance on it, is prohibited and may be unlawful. 
  
  Any opinions or advice contained 
  in this email are subject to the terms and conditions expressed in the 
  governing KPMG client engagement letter. 
  
   
  
  
  
  *** This message contains confidential information and is intended only for 
  the individual named. If you are not the named addressee you should not 
  disseminate, distribute or copy this e-mail. Please notify the sender 
  immediately by e-mail if you have received this e-mail by mistake and delete 
  this e-mail from your system. E-mail transmission cannot be guaranteed to be 
  secure or error-free as information could be intercepted, corrupted, lost, 
  destroyed, arrive late or incomplete, or contain viruses. The sender therefore 
  does not accept liability for any errors or omissions in the contents of this 
  message, which arise as a result of e-mail transmission. If verification is 
  required please request a hard-copy version. Rutgers University - DIA, 83 
  Rockafeller Road, Piscataway, NJ www.scarletknights.com ***
  
  Dan 
  DeStefanoInfo-lution 
  Corporation[EMAIL PROTECTED]http://www.info-lution.comOffice: 
  727 
  546-9143FAX: 727 541-5888
  If you have 
  received this message in error please notify the sender, disregard any 
  content  and remove it from your possession.
   

RE: [ActiveDir] OT: Exchange Question

[Steve Comeau]

You can also make their incoming email
addresses something obnoxious.

 



Steve Comeau

IT Manager

Rutgers Athletics

83 Rockefeller Road

Piscataway, NJ  08854

732-445-7802

732-445-4623
(fax)

www.scarletknights.com











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daash, Amr 
Sent: Wednesday, November 01, 2006
8:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT:
Exchange Question



 

Well there are a lot of things that could
be done,

 

1-   u can modify the user delivery restriction tab

2-   u can create a security group add the user names to this group then
open THE ESM navigate to the your default SMTP virtual server Access tab, the
authentication, add the group u created

 

The job now is done

 



Amr EL Daash
System Administrator, ITS Egypt
 KPMG Egypt,
 Hazem Hassan
 Pyramid
  Heights
  Office Park
Km22 Cairo-Alex Desert
   Road, Giza
Egypt
Tel +20 (2)536 22 00 / 11
Fax +20 (2)536 23 01 / 05
Mobile +20 (10) 1925369
Email: [EMAIL PROTECTED]
















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano
Sent: Wednesday, November 01, 2006
3:01 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Exchange
Question



 

I have a client who would like
certain users to no longer receive e-mail, while still being able to access their
mailboxes. Is there a way to do this other than exporting their mailbox to PST
and mailbox-disabling the users?

 

 

Thank you in advance,

 



The information in this email is confidential and may be
legally privileged.

It is intended solely for the addressee. Access to this
email by anyone else is unauthorized. 

If you are not the intended recipient, any disclosure,
copying, 

distribution or any action taken or omitted to be taken in
reliance on it, is prohibited and may be unlawful. 

Any opinions or advice contained in this email are subject
to the terms and conditions expressed in the governing KPMG client engagement
letter. 



 





***  This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA, 83 Rockafeller Road, Piscataway, NJ  www.scarletknights.com ***






Dan DeStefanoInfo-lution Corporation[EMAIL PROTECTED]http://www.info-lution.comOffice: 727 546-9143FAX: 727 541-5888
If you have received this message in error please notify the sender, disregard any content  and remove it from your possession.
 

Re: [ActiveDir] Exchange Log files --Disk Full--

[Al Mulnick]

Well put Albert.  Thanks for that feedback.  What still has me curious is why BE wouldn't work in your environment and why ntbackup does (partially at least).  ntbackup as written by the same exact people and has a lot of the same code (it's licensed by Microsoft from Seagate last I checked). Ntbackup is the less featured version designed for single host backups and extended to act like it does more. 
So that said, I agree that the goal is that your client's data is backed up.  I have to say that I disagree that jury-rigs, mickey mouse and by the seat of your pants is the long term solution though.  That's an infrastructure component that will come back to haunt at some point down the road.  As an interim fix, of course it can work.  I'm not blinded by the big vendors to the point that I think they have the only solution.  Far from it.  But I like to think that I can at least share some perspective and experience related to where it leads and I definitely favor technology over layer8 processes. Why?  Because layer8 changes and grows out of current positions and foundational solutions should not have to be decimated when that happens.  I've seen that way too often to care to see it continue where possible. 
Basically, I hate to see a foundational solution such as backup, rely on such complexity and human intervention.  I completely understand that you have to do what you have to do. When you wrote it in your original email, it sounded like you approved of that method.  Reading this last one, I can you don't.  I was just trying to point out where that leads and trying to understand how you go there.  I bet I would have gotten there the same way you did ;)
Best of luck getting that worked out. If you need anything from me, please don't hesitate.  I have been known to make some backup solutions work :)  Feel free to ping off-line if I can be of any help. 
On 10/31/06, Albert Duro <[EMAIL PROTECTED]> wrote:







Al, since you ask, no I don't see it differently, at least not 
at the oratorical level.  But where the rubber meets the road, things can 
look very different. Like the military say, the best laid plan falls apart the 
moment it meets the enemy.  You assume that I monkey around with Ntbackup 
and balky media for economic reasons.  In fact, we spared no expense 
(relative to our small size) to put in industrial-strength backup systems, both 
software and hardware.  Even paid consultants to set it up and manage 
it.
It blew up in our faces.  Primarily because Backup Exec 
just wouldn't work right in our environment.  (I'm not saying that BE isn't 
a fine product, it would just never work for us).  Why not?  Don't 
know -- I couldn't figure it out.  Our consultants couldn't figure it 
out.  Veritas support couldn't either, nor the autoloader 
manufacturer.  For more than two years, nobody could figure it out, until I 
decided to stop throwing good money after bad.
Did I try alternative products?  In the same class, yes 
-- more tales of woe, but different reasons.  We did not nor are we going 
to buy the high-end systems, which cost more than our whole network is 
worth.So I was left with NTBackup, and admittedly a little more 
gun-shyness about brand-name backup products than is strictly 
rational.   That's what I have to work with, and I try to make the 
best of it.  That's the 'real world' in my little corner of 
it.
Believe me, when you and joe and others on this list urge us 
to 'make the best', I listen, I learn, and I applaud.  And it does 
push me in that direction.  But the only path there goes through 'make the 
best of what you've got'.  It's bumpy and often 
barricaded.But after all is said and done, the REAL point is that I am 
preserving my clients' data and keeping them happy.  Jury-rigs, mickey 
mouse, and by-the-pants not withstanding.
-- Original Message - 

  
From: 
  Al Mulnick 
  
  To: 
ActiveDir@mail.activedir.org 
  
  Sent: Sunday, October 29, 2006 4:30 
  AM
  Subject: Re: [ActiveDir] Exchange Log 
  files --Disk Full--
  
  sub-optimal media are part of the real world? 
   
  Wow, thanks :)
   
  Truth be told, that's a rant of mine.  I've heard a lot (lately 
  especially) about how we want to do things cheap and inexpensive and we'll fix 
  it later and so on. I've also spent a great deal of time cleaning up that kind 
  of stuff.  Unfortunately, once it escapes into the "real world" then it 
  becomes more difficult to clean up because you have to do so in front of 
  customers/clients. 
   
  Interesting approach though. Usually a less disciplined from what I've 
  seen and often results in more expense related to downtime and troubleshooting 
  and lack of service.  I'm interested if you see differently though. 

   
  This area of the business fascinates me 
  On 10/28/06, Albert 
  Duro <[EMAIL PROTECTED]> 
  wrote: 
  

I'm sure you and Susan are right.  All I'm saying is 
that it *can* happen, and for me, why take the chance when 
one-job/one-t

RE: [ActiveDir] OT: Exchange Question

[Nikki Peterson - OETX]

Are you wanting to stop ALL email or just SMTP email from 
outside? What is the goal of this?
 
Nikki Peterson


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Dan 
DeStefanoSent: Wednesday, November 01, 2006 6:01 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: Exchange 
Question


I have a client who would like 
certain users to no longer receive e-mail, while still being able to access 
their mailboxes. Is there a way to do this other than exporting their mailbox to 
PST and mailbox-disabling the users?
 
 
Thank you in 
advance,
 
Dan 
DeStefanoInfo-lution 
Corporation[EMAIL PROTECTED]http://www.info-lution.comOffice: 727 546-9143FAX: 
727 
541-5888
If you have 
received this message in error please notify the sender, disregard any 
content  and remove it from your possession.
 

RE: [ActiveDir] OT: Exchange Question

[Steve Szwejbka]

Return Receipt
   
   Your   RE: [ActiveDir] OT: Exchange Question
   document:   
   
   wasSteve Szwejbka/National/Hewitt Associates
   received
   by: 
   
   at:11/01/2006 07:55:40 AM   
   





 
The information contained in this e-mail and any accompanying documents may 
contain information that is confidential or otherwise protected from 
disclosure. If you are not the intended recipient of this message, or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message, including any attachments. Any 
dissemination, distribution or other use of the contents of this message by 
anyone other than the intended recipient 
is strictly prohibited.



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] OT: Exchange Question

[Daash, Amr]

Well there are a lot of things that could
be done,

 

1-   u can modify the user delivery restriction tab

2-   u can create a security group add the user names
to this group then open THE ESM navigate to the your default SMTP virtual
server Access tab, the authentication, add the group u created

 

The job now is done

 



Amr EL Daash
System Administrator, ITS Egypt
KPMG Egypt,
Hazem Hassan
Pyramid
 Heights
 Office Park
Km22 Cairo-Alex Desert Road,
 Giza
Egypt
Tel +20 (2)536 22 00 / 11
Fax +20 (2)536 23 01 / 05
Mobile +20 (10) 1925369
Email: [EMAIL PROTECTED]












From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano
Sent: Wednesday, November 01, 2006
3:01 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Exchange
Question



 

I have a client who would like
certain users to no longer receive e-mail, while still being able to access
their mailboxes. Is there a way to do this other than exporting their mailbox
to PST and mailbox-disabling the users?

 

 

Thank you in advance,

 





The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else is unauthorized. 
If you are not the intended recipient, any disclosure, copying, 
distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.  
Any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. 

 


Dan DeStefanoInfo-lution Corporation[EMAIL PROTECTED]http://www.info-lution.comOffice: 727 546-9143FAX: 727 541-5888
If you have received this message in error please notify the sender, disregard any content  and remove it from your possession.
 

RE: [ActiveDir] OT: Exchange Question

[Peter Johnson]

Set up the Mailbox so that no has permissions to send to it is
one option. 

 





From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano
Sent: 01 November 2006 15:01
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Exchange Question





 

I
have a client who would like certain users to no longer receive e-mail, while
still being able to access their mailboxes. Is there a way to do this other
than exporting their mailbox to PST and mailbox-disabling the users?

 

 

Thank
you in advance,

 

Dan
DeStefano
Info-lution Corporation
[EMAIL PROTECTED]
http://www.info-lution.com
Office: 727 546-9143
FAX: 727 541-5888

If
you have received this message in error please notify the sender, disregard any
content  and remove it from your possession.

 



Disclaimer: The Development Bank of Southern Africa exercises no control over information contained in any e-mail message originating from within the organisation. The Bank makes no representation relating to the completeness or accuracy and accepts no responsibility for any loss, damage or liability that is incurred by reliance on the content hereof by the recipient or any other party. Each page attached hereto must also be read in conjunction with any disclaimer, which forms part of it. Confidentiality: The e-mail is privileged and confidential and for use of the addressee only. Should you have received this e-mail in error, please return it to [EMAIL PROTECTED].  Dissemination, disclosure, copying or any similar actions of the content of this e-mail is strictly prohibited. 

[ActiveDir] OT: Exchange Question

[Dan DeStefano]

I have a client who would like certain users to no longer
receive e-mail, while still being able to access their mailboxes. Is there a
way to do this other than exporting their mailbox to PST and mailbox-disabling
the users?

 

 

Thank you in advance,

 






Dan DeStefanoInfo-lution Corporation[EMAIL PROTECTED]http://www.info-lution.comOffice: 727 546-9143FAX: 727 541-5888
If you have received this message in error please notify the sender, disregard any content  and remove it from your possession.
 

[ActiveDir] OT: Profile Maker

[Mark Parris]

All,

Does anyone now how to supress on a domain controller the 4103 profile maker 
master events.

These events indicate that you have reached a % of your licenses. I cannot find 
where to turn these alerts off; log perhaps once a day, not every 10 minutes or 
increase the license % threshold.




Regards,

Mark Parris

Base IT Ltd
Active Directory Consultancy
Tel +44(0)7801 690596
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

Re: [ActiveDir] Active Directory Health Check tool - where can it run from?

[Paul Williams]

Title: Active Directory Health Check tool - where can it run from?



I assume you are referring to the ADST 
tool that you get if you're a premier customer and MSFT come and do an AD 
Healthcheck.  As far as I know, this can be run from anywhere (in the 
domain), as it's really just a bunch of VBS scripts that do ADSI and WMI queries 
against the DCs.  The cool thing is these scripts are wrapped behind a 
decent GUI.
 
--Paul


  - Original Message - 
  From: 
  Washington, Booker 
  To: ActiveDir@mail.activedir.org 
  
  Sent: Tuesday, October 31, 2006 10:26 
  PM
  Subject: RE: [ActiveDir] Active Directory 
  Health Check tool - where can it run from?
  
  
  It is the Active 
  Directory Health Check Snapshot Tool. What exactly is ADRAP?  I got a 
  copy from our Forest Admins because I am a child domain of the 
  forest.
   
  The reason that I ask 
  is because I seem to get buggy results when I go from an XP workstation, or a 
  member server, and I wondered if I needed to run it from the DC 
  itself.
   
   
  Thanks
   
   
   
  
  
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Brian DesmondSent: Tuesday, October 31, 2006 5:15 
  PMTo: ActiveDir@mail.activedir.orgSubject: RE: Active Directory Health 
  Check tool - where can it run from?
   
  
  
  Which tool is this? 
  The AD Snapshot tool that you get from an ADRAP can run from any 
  server.
  
   
  
  --brian
  
   
  
  
  
  From: 
  [EMAIL PROTECTED] on behalf of Washington, BookerSent: Tue 10/31/2006 4:04 PMTo: ActiveDir@mail.activedir.orgSubject: Active Directory Health Check 
  tool - where can it run from?
  
   
  Does that 
  tool need to be run from a Domain Controller, or can it be run from any member 
  server in the Domain, or workstation.
  Just 
  curious. 
  Thanks