Re: [ActiveDir] /3GB and/or /USERVA and/or /PAE???
You need 4GT enabled (/3GB switch) if these only function as DCs. There's not much info. on this, but if you want to get the maximum LSASS footprint into RAM (~2.7GB) then you need to enable 4GT. If you're running K3 SP1 Enterprise then PAE is enabled by default and therefore the boot.ini switch is not necessary. I don't think you need to worry about PAE although sometimes the full RAM doesn't show up unless you do enable it (or, in some cases, tweak some BIOS setting). --Paul - Original Message - From: Mike Baudino To: ActiveDir@mail.activedir.org Sent: Saturday, November 04, 2006 5:30 PM Subject: [ActiveDir] /3GB and/or /USERVA and/or /PAE??? Hi all, We're running a Server 2003 AD environment across 110 DCs across North America and Europe. We have physical DCs on a variety of fairly new hardware and ESX VMs. Older server hardware, approxtwo years old: quad proc 2GB ram ESX VMs: dual proc 3.6GB ram New server hardware, from this summer: quad proc 4GB ram Our DIT is around 2.3-2.4 GB and still growing slowly as we continue migrations of users. Server migrations coming next. There's no Exchange in our environment and the DCs are single-purpose as we don't permit anything else to be loaded on them (except for SYSVOL, antivirus,and monitoring tools, of course). My concern is that none of the older hardware or the VMs are running /3GB or /PAE. Some of the new hardware is running /PAE and some is not. I would like to have some degree of consistency. From what I can tell, running /3GB would make sense on the VMs and the newer physical boxes as it would permit more RAM to be allocated LSASS. If we use /3GB do we need to, or want to, use /USERVA? I don't see any advantage, and in fact a disadvantage, to running /PAE. The disadvantage may just be "bad press" but it appears that there are issues with /PAE compatibility. Also, it appears that /PAE has no impact at or below 4GB? I read another thread from earlier this summer that the VMs should probably be replaced. We're looking into that but it will take a while. The thread seemed to indicate that /3GB might be the way to go. Anyway, I would like to know what you're running and/or would recommend. Called Microsoft about this and they looked up the same article that we already had but seemed to offer no advise based on real world experience. You guys are where the rubber meets the road. Thanks,Mike
[ActiveDir] Event ID 108
I am having a problem when deploying applications via GPO in a Windows 2000 SP4 AD domain. The clients do not receive the package and I receive Event ID 108 There is no software installation data object in the Active Directory. I have followed the recommendations from http://eventid.net/display.asp?eventid=108eventno=1181source=Application%20Managementphase=1, as well as from other MSKB articles, but without success. I have deleted/recreated the GPO, msi and mst packages, but the problem persists. This is a network I inherited and when looking around in AD I noticed that the Default Domain Policy has either been deleted or renamed because it no longer exists. The only policy bound to the domain is one called All Users and Workstations, which I do not recognize as a built-in policy. I have run dcdiag /fix and netdiag /fix on all DCs and netdiag /fix on the test-deploy workstations, but this has not solved the problem. Everything else with the domain including authentication, name resolution, etc.. works fine, but I think this error may be evidence of a larger problem with AD. We are planning on upgrading the domain to WS2k3 within the next few weeks. Does anyone think that may fix the problem? If not, would it be wise to put off the upgrade until this issue is resolved? Thanks in advance for any help, Dan DeStefanoInfo-lution Corporation[EMAIL PROTECTED]http://www.info-lution.comOffice: 727 546-9143FAX: 727 541-5888 If you have received this message in error please notify the sender, disregard any content and remove it from your possession.
RE: [ActiveDir] DC crashed
That did it. thanks. Bruce Clingaman Information Technology Department Pensacola Christian College 850.478.8496 ext. 2198 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Friday, November 03, 2006 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC crashed Did you delete this server object from ADUC? If not, that's probably what you need to do. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clingaman, Bruce Sent: Friday, November 03, 2006 4:32 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC crashed I apologize for not doing my homework first, but I'm in a pickle and need help fast. One of my domain controllers (which held all the fsmo roles) crashed and I had to reinstall. Now that I've reinstalled, I'm ready to rejoin and promote. But I can't; I get User already exists when trying to join. I am using the same computer name as before. I have not deleted or changed anything in the directory on the other server yet. What do I need to do to get my old server back as a domain controller? Links to articles or even words to search by would be of great help. Thanks for any advice. Bruce. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] Exchange --NDR--
Hi, I am sending mail @XYZ.COM and here is the error I am getting. When id to Email ID Verification and MX Record lookup it works fine for xyz.com. Also I am not facing this problem with any other mail id. I am able to send mails to other clients/vendors. Here is the NDR I am getting. --- Your message did not reach some or all of the intended recipients. Subject: Updated: Undelivered Sent: 11/6/2006 6:58 PM The following recipient(s) could not be reached: [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 --- Please suggest what the possible reason is for the same. Do I need to change something from my end (a new connector) or get something changed at remote (Client) end? Thanks!!! Ravi Dogra
Re: [ActiveDir] DC crashing / LSASS -- memory leak
To quote Roger: In other words, I'd suspect malicious activity (could be viral/worms/Trojans) as a prime candidate. I don't recall seeing many memory leaks in lsass.exe in 2000 SP4.at the same time, I'm wondering about third party utils as well. There are a lot of environmental variables to weed through before you can solve. Upgrading might not be your answer either. In fact, if it is environmental, it could very well be that you have another dc exhibiting similar behavior now. If not, it could be a third party component to look at. Generally speaking, servers don't just arbitrarily begin eating memory like that. There was often a change at some point prior and/or an infiltration of some sort. Al On 11/4/06, Lucas, Bryan [EMAIL PROTECTED] wrote: I went that route actually. I unplugged, rebooted and it was fine. After I browsed some file properties, LSASS sucked up a bunch of RAM (caching I presume) and then stabilized ~500MB. After 30 minutes, I plugged it back in and it got drilled during replication but then returned to normal and so far so good. Been about an hour now. Its an older slower single CPU box and our only 2000 DC left, it will be demoted very soon after this incident ;) Thanks for the suggestion. I did call PSS btw and they wanted the typical dump and analyze and we'll call you in a week or so. No time for that unfortunately. Bryan Lucas Server Administrator Texas Christian University From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Longden Sent: Saturday, November 04, 2006 8:09 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC crashing / LSASS -- memory leak Assuming you have a Premier support agreement I suggest calling PSS and/or your TAM. I'd be curious if you see the same issue with the DC unplugged from the network. In other words, I'd suspect malicious activity (could be viral/worms/Trojans) as a prime candidate. I don't recall seeing many memory leaks in lsass.exe in 2000 SP4. - Roger From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Lucas, Bryan Sent: Saturday, November 04, 2006 2:50 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC crashing / LSASS -- memory leak I've got a Win2000 SP4 box that I believe has LSASS crashing leading to a huge run on memory causing the system to page and yield a Virtual Memory is too low… type error and all access to the server is cutoff essentially (other than local logon). After rebooting twice and watching TaskMgr, I see LSASS spike for about 4-8 seconds, then flatline and memory starts going nuts. The box becomes extremely unresponsive. I'm rebooting to safe mode now to review the logs, but in the mean time does anyone have any ideas? The box has been fairly stable for a long time now. Bryan Lucas Server Administrator Texas Christian University
RE: [ActiveDir] Exchange --NDR--
4.4.7 is "usually" the other server's problem. If you want, I can privately help you verify this, if you send me the domain/ip of the other server in a private (off-list) message. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Technical SupportSent: Mon 11/6/2006 8:14 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Exchange --NDR-- Hi, I am sending mail @XYZ.COM and here is the error I am getting. When id to Email ID Verification and MX Record lookup it works fine for xyz.com. Also I am not facing this problem with any other mail id. I am able to send mails to other clients/vendors. Here is the NDR I am getting. --- Your message did not reach some or all of the intended recipients. Subject: Updated: Undelivered Sent: 11/6/2006 6:58 PM The following recipient(s) could not be reached: [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 --- Please suggest what the possible reason is for the same. Do I need to change something from my end (a new connector) or get something changed at remote (Client) end? Thanks!!! Ravi Dogra
Re: [ActiveDir] Exchange --NDR--
Ravi; When you say your MX record looks fine what and how are you specifically checking the MX record? Is this an established MX record, any other history, might be helpfull as well. I have seen this before but need more information before going forward. Brent Eads Employee Technology Solutions, Inc. The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Technical Support [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/06/2006 10:14 AM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject [ActiveDir] Exchange --NDR-- Hi, I am sending mail @XYZ.COM and here is the error I am getting. When id to Email ID Verification and MX Record lookup it works fine for xyz.com. Also I am not facing this problem with any other mail id. I am able to send mails to other clients/vendors. Here is the NDR I am getting. --- Your message did not reach some or all of the intended recipients. Subject: Updated: Undelivered Sent: 11/6/2006 6:58 PM The following recipient(s) could not be reached: [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 --- Please suggest what the possible reason is for the same. Do I need to change something from my end (a new connector) or get something changed at remote (Client) end? Thanks!!! Ravi Dogra Message scanned by TrendMicro Message scanned by TrendMicro
RE: [ActiveDir] Exchange --NDR--
first thing you should do to troubleshoot if telnet directly into the other server and see what happens. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, November 06, 2006 11:55 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Exchange --NDR-- Ravi; When you say your MX record looks "fine" what and how are you specifically checking the MX record? Is this an established MX record, any other history, might be helpfull as well. I have seen this before but need more information before going forward. Brent EadsEmployee Technology Solutions, Inc.The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect.Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. "Technical Support" [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/06/2006 10:14 AM Please respond toActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject [ActiveDir] Exchange --NDR-- Hi, I am sending mail @XYZ.COM and here is the error I am getting. When id to Email ID Verification and MX Record lookup it works fine for xyz.com. Also I am not facing this problem with any other mail id. I am able to send mails to other clients/vendors. Here is the NDR I am getting. --- Your message did not reach some or all of the intended recipients. Subject: Updated: UndeliveredSent: 11/6/2006 6:58 PM The following recipient(s) could not be reached: [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 --- Please suggest what the possible reason is for the same. Do I need to change something from my end (a new connector) or get something changed at remote (Client) end? Thanks!!! Ravi Dogra Message scanned by TrendMicro Message scanned by TrendMicro
[ActiveDir] supportedsaslmechanisms
Is it possible to disable one (or more) of these mechanisms? I ask as I see the following on my 2 remaining w2k DCs supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO and on my w2k3 DCs supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: DIGEST-MD5 I have a misbehaving Unix app that exits right after it gets a list of the supported SASL mechanisms on a w2k3 DC but works fine with a w2k DC. I'd like to rule out some sort of overflow in the app. al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] OT - USB HD no boot
You could always put NTLDR and associated files on the drive and point it at the primary HDD in boot.ini. Alternatively you could try removing the bootable flag from the USB drive. This will simply save you from yourself if you forget to remove the drive before rebooting remotely =) Albert Duro [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/06/2006 10:54 AM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject Re: [ActiveDir] OT - USB HD no boot There is NOTHING in the BIOS to enable USB to boot or that changes the boot priority of USB. Infact there is no mention of USB anywhere in the BIOS. It's possible that HP has issued a BIOS update that would allow this, I've frankly not looked into it, but I say again, this machine is not capable of booting when a live USB HD drive is attached. As for booting from the USB drive, that's all well and good, but what's the point? I don't want to boot from the USB HD. All I want it to do is to be there to receive backups and file copies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] OT: VHDs really to roll
http://www.microsoft.com/downloads/details.aspx?familyid=558f3ece-6509-45e9-8d60-25175848a8b7displaylang=en http://www.microsoft.com/downloads/details.aspx?familyid=558f3ece-6509-45e9-8d60-25175848a8b7displaylang=en This download comes as a pre-configured VHD. Microsoft SQL Server 2005 is a comprehensive, integrated, end-to-end data solution that empowers your people by providing a more secure, reliable, and productive platform for enterprise data and BI applications. http://www.microsoft.com/downloads/details.aspx?familyid=708e826a-9dd9-4327-bf49-5a8fa5e53ab3displaylang=en http://www.microsoft.com/downloads/details.aspx?familyid=708e826a-9dd9-4327-bf49-5a8fa5e53ab3displaylang=en This download comes as a pre-configured VHD. ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing users with fast and secure remote access to applications and data. http://www.microsoft.com/downloads/details.aspx?familyid=6e6501f6-481a-4117-bc22-c745400bcda0displaylang=en http://www.microsoft.com/downloads/details.aspx?familyid=6e6501f6-481a-4117-bc22-c745400bcda0displaylang=en This download comes as a pre-configured VHD. This download enables you evaluate how Microsoft Exchange Server 2007 and Microsoft Office Live Communications Server 2005 together can help create an optimized messaging system for your organization. -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] OT (sorta) Description of the Windows Defender Group Policy administrative template settings:
Description of the Windows Defender Group Policy administrative template settings: http://support.microsoft.com/default.aspx?scid=kb;en-us;927367 -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] /3GB and/or /USERVA and/or /PAE???
Thank you Paul, Brian, and Sue, /3GB makes sense to me as well. We put a call into Microsoft on Saturday and were told that we wanted /PAE but not /3GB. But all they appeared to go by were the published kb articles, which we had already gone over, not found conclusive, and hence called Microsoft. When's the Server 2003 version of Notes from the Field going to come out??? (rhetorical...) Any issues with /PAE and /3GB in conjunction? We're not running enterprise but our Wintel team, who built the servers, put /PAE in the boot.ini on most of the physical boxes with 4GB phyiscal RAM. I read, in a kb article, that /PAE and /3GB can put strain on the system. Brian, yes, quads were serious overkill but that's what our Wintel team wanted out there. We spec'd pizza boxes since they're in field offices. Some FOs have upwards of 1,000 folks in them though. 35,000 across North America. Thanks,Mike On 11/6/06, Paul Williams [EMAIL PROTECTED] wrote: You need 4GT enabled (/3GB switch) if these only function as DCs. There's not much info. on this, but if you want to get the maximum LSASS footprint into RAM (~2.7GB) then you need to enable 4GT. If you're running K3 SP1 Enterprise then PAE is enabled by default and therefore the boot.ini switch is not necessary. I don't think you need to worry about PAE although sometimes the full RAM doesn't show up unless you do enable it (or, in some cases, tweak some BIOS setting). --Paul - Original Message - From: Mike Baudino To: ActiveDir@mail.activedir.org Sent: Saturday, November 04, 2006 5:30 PM Subject: [ActiveDir] /3GB and/or /USERVA and/or /PAE??? Hi all, We're running a Server 2003 AD environment across 110 DCs across North America and Europe. We have physical DCs on a variety of fairly new hardware and ESX VMs. Older server hardware, approxtwo years old: quad proc 2GB ram ESX VMs: dual proc 3.6GB ram New server hardware, from this summer: quad proc 4GB ram Our DIT is around 2.3-2.4 GB and still growing slowly as we continue migrations of users. Server migrations coming next. There's no Exchange in our environment and the DCs are single-purpose as we don't permit anything else to be loaded on them (except for SYSVOL, antivirus,and monitoring tools, of course). My concern is that none of the older hardware or the VMs are running /3GB or /PAE. Some of the new hardware is running /PAE and some is not. I would like to have some degree of consistency. From what I can tell, running /3GB would make sense on the VMs and the newer physical boxes as it would permit more RAM to be allocated LSASS. If we use /3GB do we need to, or want to, use /USERVA? I don't see any advantage, and in fact a disadvantage, to running /PAE. The disadvantage may just be bad press but it appears that there are issues with /PAE compatibility. Also, it appears that /PAE has no impact at or below 4GB? I read another thread from earlier this summer that the VMs should probably be replaced. We're looking into that but it will take a while. The thread seemed to indicate that /3GB might be the way to go. Anyway, I would like to know what you're running and/or would recommend. Called Microsoft about this and they looked up the same article that we already had but seemed to offer no advise based on real world experience. You guys are where the rubber meets the road. Thanks,Mike
RE: [ActiveDir] /3GB and/or /USERVA and/or /PAE???
You don't want PAE, if you have sufficient RAM and a DIT that exceeds 1.5GB then you will probably want /3GB. If your DIT exceeds 2 GB, you want to start considering x64.Here is about the best note on PAE sent to the list, you can pretty much take the words from the individual as gospel as he is one of the few people you will see an email from that is actually qualified to write ESE code and understand it.-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brett ShirleySent: Monday, November 21, 2005 12:01 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Microsofts Exchange Server 12 64 bit announcementI can confirm, yes, you will only be able to deploy Exchange 12 on amd64(well x64, i.e. including EMTWhatever) hardware.Now, I must confess something ...A bit over one and a half years ago (~Mar 2004, give or take a couplemonths), there was this "Focus 64" campaign, posters showed up everwhere"Focus 64 ... Shift to the power of 64-bit ... picture of rear viewmirror, with tailgating Semi-Truck with "64" on the grill, mirror reads:Objects in mirror are closer than they appear." It was just some internalpropaganda to get the development teams to be thinking and taking intoconsideration 64-bit ... there are always a few of these campaign's goingon ...Around the same time or shortly before this Exchange was still asking ifwe could add PAE/AWE support to ESE like SQL. At one point, I vaguelyremember yelling across the room, "PAE? PAE?!? Are you kidding me?! Wehave 64-bit desktops today! PAE will be mueseums in five years!" (theexact wording probably involved swear words). I also mentioned that PAEis a horrible hack, it makes me nauseous. Hack up ESE because they didn'twant to port to 64-bits? Shortly after they were waffling again!!Wondering if they could just make it run as a 32-bit app on 64-bit OSs,large memory aware so they could go from the ~3GB they got today to the3.9GB of address space a large aware app gets on a amd64 based Windows OS(that'd be a 30% increase in available memory). They could get this ifthey only ported the IFS driver to 64-bit, or removed it. BTW, the IFSdriver is what prevents running 32-bit Exch2k3 on 64-bit OSs. 64-bit OSsrequire 64-bit drivers / kernel mode components. At which point I made aclarifying comment to the effect of, "No, no, I want to see 48 GBs of ESEbuffer cache! Only a native 64-bit store.exe will do. Get off your ..."(perhpas I felt more swear words were necessary, I don't remember)Anyway, with all this debate on "what 64-bit support means", I just wasn't100% convinced that Exchange was compelled enough ...So I arranged with the guy in charge of the Focus 64 campaign to reserve50 posters for the Exchange mailbox team's floor exclusively, and onenight I snuck over in the dead of night (or early early morning I think)and plastered these posters up and down the mailbox team's hall, I put64-bit posters in thier regular reserved War team room, on the back of thedev manager's chair, and even on the back of the bathroom stall doors,just so when they're really "concentrating", they'd be thinking 64-bit.I mean what was I supposed to do grin!?, they were making JET Blue lookbad. We've servers 1 TB worth of databases attached, and only .09 to .12%of DB buffer cache, and email is kind of weird load, kind of 4/5ths OLTPand 1/5th DSS, and well basically Exchange is _starved_ for memory today.JET had multiple 64-bit binaries (the Win2k DEC Alpha binary - Sept 1999[last shipped in Beta 3, never made it to RTM], the ia64 binaries in Sept2001, the amd64 binaries in Mar 2003). We had tested 64-bit Itanium DCs,with on the order of 32 GBs of RAM, to great effectiveness for huge DITfiles.Anyway, I'm not going to claim my persistent nagging of the mailbox teamswung the tide, I honestly think they would've come to the decisionnaturally on thier own (it was the only real choice). But did walking bya couple hall ways of posters make them _only_ Focus 64?? I personallydon't think so, but I've confessed, so I have a clear conciousness. :) Ifyou need someone to blame, you can blame me personally if you like ...Overall ...I'm quite happy, the Exchange team stepped up to the plate, and is goingto release IMO, the killer 64-bit app. They deserve accolades.There are actuallly several details besides this one that make an inplaceupgrade a more difficult thing to do/support, and together these detailsembolden the forced migration option. If you read the notes from peopleat the IT Forum close enough, I saw at least 2 of the other reasons thatincrease the difficulty of doing in place upgrades. We rigorously debatethese things, there are more aspects to the decision than has beenmentioned so far.joe, I run my desktop heavily loaded, and frequently run with 200 to 300windows open, and persistently run out of desktop heap (a kernel moderesource, I've even increased this several times),
[ActiveDir] problem in changing the default password setting
Hi List, I am using AD on Win2k3 server. I have a requirement to disable the option "User must change password at next login" while adding a user to AD from AD Users Computers console and enable " password never expires" checkbox. While adding a user to a container, " User must change password at next login" is checked defaultly.To disable this option, the cmd line option "-pwdneverexpires yes" is working from AD machine's cmd prompt.To do the same from AD U C console, i created a group policy and set the max and min password ages in Account Settings -- password policies. But still the option "User must change password at next login" is checked and not checking the "password never expires".Pls help me in this.Thanks in Advance.Sri
Re: [ActiveDir] OT - USB HD no boot
Thank you, those are good ideas. Removing the bootable flag from the USB drive is especially promising. But I'm not sure where to do this. Not in the BIOS, certainly, and I can't find anything like that in the drive's Windows properties (which wouldn't do any good anyway, since Win loads after the problem). I think you must mean in the partitioning/formatting process? - Original Message - From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Monday, November 06, 2006 11:49 AM Subject: Re: [ActiveDir] OT - USB HD no boot You could always put NTLDR and associated files on the drive and point it at the primary HDD in boot.ini. Alternatively you could try removing the bootable flag from the USB drive. This will simply save you from yourself if you forget to remove the drive before rebooting remotely =) "Albert Duro" [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/06/2006 10:54 AM Please respond toActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject Re: [ActiveDir] OT - USB HD no boot There is NOTHING in the BIOS to enable USB to boot or that changes the boot priority of USB. Infact there is no mention of USB anywhere in the BIOS. It's possible that HP has issued a BIOS update that would allow this, I've frankly not looked into it, but I say again, this machine is not capable of booting when a live USB HD drive is attached.As for booting from the USB drive, that's all well and good, but what's the point? I don't want to boot from the USB HD. All I want it to do is to be there to receive backups and file copies.List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/