RE: [ActiveDir] OT: M$
What does all this have to do with the hidden administrative share on the M: drive? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter Sent: Thursday, November 09, 2006 6:17 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: M$ You're not a fake employee, I've seen you. :-) BrettSh, too. It's that Stuart Kwan guy whose existence I'm doubting. (Come on, was that enough to inspire the rarity that is a Stuart Kwan ActiveDir post? Please? PLEASE?!?!?!?!?!?!?!?!?!?!? ;-)) On 11/9/06, Eric Fleischman [EMAIL PROTECTED] wrote: Not that I really care if people say M$ or not, but I thought I'd comment on one thing, in the name of full disclosure.. My participation on this list has __nothing__ to do with money. I don't get compensated on any level for this. Heck, I don't even work on AD anymore, so this is like 2 degrees of separation away from anything that MS compensates me for. So, is MS out to make $? Sure. Is AD part of that money-making strategy? Sure. Does that have anything to do with MS employee participation on this list? I don't think so. Others (at least those that I can recall posting here as I type this mail) on this list fall in to the same boat. A couple of them don't work on AD anymore either. Why do I hang out here? I do it because I care about customers and about AD/ADAM. It has nothing to do with my salary. It's also why I still blog about AD, answer newsgroup questions, answer internal questions (DLs, PSS, MCS, other PGs, etc.), handle direct emails from a myriad of non-MS people (some I know, some are totally out of the blue), fix code for people that ask for help, etc. I don't get paid for any of this. ~Eric Borg #145719302 Insert conspiracy theory here about how this whole mail is a lie and the man actually wrote it on behalf of the fake employee that goes by Eric Fleischman List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] mailbox enumeration(OT)
You can get a list of all the servers and SG's and stores from my blog post sample here: http://blogs.brnets.com/michael/archive/2006/07/11/2518.aspx Once you have that, search on homeMDB equal to the DN for each store and count the number of results you get. About a 5 minute job to add these lines at the end of the innermost-loop... ' Get number of users in that mailstore strQuery = LDAP:// _ strDomainNC ; _ (homeMDB= arrStore (k) ); _ name; _ subtree ' re-use storeTotal to count users storeTotal = 0 Call DoLDAPQuery (strQuery, Rs) While Not Rs.EOF storeTotal = storeTotal + 1 Rs.MoveNext Wend Call FinishLDAPQuery (Rs) e Space (6) Users in store: Formatnumber (storeTotal, 0) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Thursday, November 09, 2006 8:58 PM To: activedirectory Subject: [ActiveDir] mailbox enumeration(OT) Can anyone help me out with a script that will just query every exchange server and SG in the org and dump out the # of mailboxes on each store to a txt file? The output is simple, just EX severname-SGname-store-#of mailboxes. I can get the size of a mailbox or store but I can't seem to just query for # of mailboxes on a store and dump that to a text file.any example or suggestione would be appreciated. Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] Restrict CD rom, floppy and USB via group policy?
Title: Restrict CD rom, floppy and USB via group policy? Hi everyone Is there a way to use group policy to disable the CD rom, floppy and USB drives? Thanks Russ
RE: [ActiveDir] Restrict CD rom, floppy and USB via group policy?
Title: Restrict CD rom, floppy and USB via group policy? HOWTO: Use Group Policy to disable USB, CD-ROM, Floppy Disk and LS-120 drivers http://support.microsoft.com/kb/555324 Ryan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Group, Russ Sent: Friday, November 10, 2006 9:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Restrict CD rom, floppy and USB via group policy? Hi everyone Is there a way to use group policy to disable the CD rom, floppy and USB drives? Thanks Russ
RE: [ActiveDir] mailbox enumeration(OT)
Actually since homeMDB is linked you can use homeMDBBL which is an attribute of the msExchPrivateMDB objects[1]. There will be an entry for every connected mailbox for that store. Certainly that is about the fastest way to gather the info[2]. You should be able to dump the counts for even large orgs in seconds. If you want info about the connected users other than DN don't forget you can use Attribute Scoped Queries[3]... The alternate mechanism is as Brian mentions which is to use the MicrosoftExchangeV2 WMI pieces to enumerate through the stores, this is going to be far more expensive but will allow you to get the info for disconnected mailboxes as well. Why Microsoft doesn't maintain that info in AD too is beyond me. I guess they like making things complicated. :) joe [1] This assumes visibility into the Exchange portion of the config container... i.e. that you have Exchange View access... If you don't, you can still get this info, you just have to look at the forward links as mentioned previously. [2] For Windows Server 2003, this should be pretty fast, maybe as fast as using the backlinks depending on how good your code is. Theoretically the speeds could be identical However, chances are if you are using vbscript, it is going to be considerably slower as most people let vbscript choose what attributs to return so they end up getting a ton of crap when they need very little which takes time (and bits) on the wire to transfer. If you used AdFind and just asked for DNs, the speed difference between chasing the forward and back links should be neglible for 2003... Now for Windows 2000 AD, there will be no competition, enumerating the backlinks will be much faster than querying for the forward links. I admit, this is something only larger companies really tend to think about because doing some of these things can be unnecessarily slow doing it one way versus another but in a smaller environment, the differences may not even be noticeable. I think PowerShell is going t add a lot of fun here for Exchange... Smaller environments will end up loving it, larger environments probably not so much until we figure out how to hack around it. This is nothing new though, I brought this up to the Exchange team a while ago and challenged them to do a large scale test... [3] You should always query a GC for this homeMDBBL info (whether ASQ or otherwise) unless you have a single domain or know for a fact that the stores you are interested in only have users from the domain of the DC you are querying. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Thursday, November 09, 2006 9:26 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] mailbox enumeration(OT) I can think of a couple ways- You can modify the script here to just count: http://briandesmond.com/blog/archive/2006/09/04/Script-to-Dump-Exchange- Mailbox-Info-to-Spreadsheet-_2800_CSV_2900_.aspx You can also query the config partition, specifically cn=microsoft exchange,cn=services,dcn=configuration,dc=blah,dc=blech for whatever the cass is for the mailstores, I think msExchPrivateStore or something similar. Then just iterate each of those and search AD for homeMDB=DnOfThat. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Thursday, November 09, 2006 8:58 PM To: activedirectory Subject: [ActiveDir] mailbox enumeration(OT) Can anyone help me out with a script that will just query every exchange server and SG in the org and dump out the # of mailboxes on each store to a txt file? The output is simple, just EX severname-SGname-store-#of mailboxes. I can get the size of a mailbox or store but I can't seem to just query for # of mailboxes on a store and dump that to a text file.any example or suggestione would be appreciated. Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir]event log monitoring.
Return Receipt Your RE: [ActiveDir]event log monitoring. document: wasJason Centenni/CDS/CG/CAPITAL received by: at:11/10/2006 08:43:52 AM CST List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Restrict CD rom, floppy and USB via group policy?
Title: Restrict CD rom, floppy and USB via group policy? Depends on your exact requirements as the standard settings arent too flexible youll probably find out you need a 3rd party tool, such as :- http://www.gfi.com/endpointsecurity/ Rob Robert Rutherford QuoStar Solutions Limited T: +44 (0) 8456 440 331 F: +44 (0) 8456 440 332 M: +44 (0) 7974 249 494 E: [EMAIL PROTECTED] W: www.quostar.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Conrad Sent: 10 November 2006 14:40 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Restrict CD rom, floppy and USB via group policy? HOWTO: Use Group Policy to disable USB, CD-ROM, Floppy Disk and LS-120 drivers http://support.microsoft.com/kb/555324 Ryan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Group, Russ Sent: Friday, November 10, 2006 9:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Restrict CD rom, floppy and USB via group policy? Hi everyone Is there a way to use group policy to disable the CD rom, floppy and USB drives? Thanks Russ
RE: [ActiveDir] Restrict CD rom, floppy and USB via group policy?
Title: Restrict CD rom, floppy and USB via group policy? Ahhh I bow to your search foo. Thank you very much! Russ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan ConradSent: Friday, November 10, 2006 9:40 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Restrict CD rom, floppy and USB via group policy? HOWTO: Use Group Policy to disable USB, CD-ROM, Floppy Disk and LS-120 drivers http://support.microsoft.com/kb/555324 Ryan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Group, RussSent: Friday, November 10, 2006 9:21 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Restrict CD rom, floppy and USB via group policy? Hi everyone Is there a way to use group policy to disable the CD rom, floppy and USB drives? Thanks Russ
RE: [ActiveDir] Restrict CD rom, floppy and USB via group policy?
Title: Restrict CD rom, floppy and USB via group policy? Sorry if I sound ignorant, will this work in a Windows 2000 environment? ThanksRuss From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan ConradSent: Friday, November 10, 2006 9:40 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Restrict CD rom, floppy and USB via group policy? HOWTO: Use Group Policy to disable USB, CD-ROM, Floppy Disk and LS-120 drivers http://support.microsoft.com/kb/555324 Ryan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Group, RussSent: Friday, November 10, 2006 9:21 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Restrict CD rom, floppy and USB via group policy? Hi everyone Is there a way to use group policy to disable the CD rom, floppy and USB drives? Thanks Russ
RE: [ActiveDir] Applying Permissions to 'cn=Schema' Container
I certainly support joes second solution: dont delegate this. As with some other suggestions described in the Delegation Guide (which overall is very useful), you shouldnt implement every role just because you can. Your AD infrastructure will not be in any danger if the Schema FSMO happens to be unavailable for a while. However, the likelihood for introducing danger to AD will grow if you delegate seizure of this role to someone who doesnt know what theyre doing the control of any FSMO role in your root domain should remain in the hands of the Enterprise Admins (lets just assume that they know what theyre doing, otherwise they shouldnt be EA either). /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, November 08, 2006 6:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Applying Permissions to 'cn=Schema' Container You have to modify the Schema container because the Schema FSMO is all about the Schema container. It is right and logical that you control who can do it by modifying permissions on it. Anothersolution would be don't delegate that. It isn't something that really shouldn't need to bemoved all that much anyway. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Levendyan Sent: Wednesday, November 08, 2006 12:06 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Applying Permissions to 'cn=Schema' Container Hi All ! While reading Best Practices for Delegating Active Directory Administration (http://www.microsoft.com/downloads/details.aspx?familyid=631747a3-79e1-48fa-9730-dae7c0a1d6d3displaylang=en, http://www.microsoft.com/downloads/details.aspx?FamilyID=29dbae88-a216-45f9-9739-cb1fb22a0642DisplayLang=en) I can see that MSFT recommends using the following permissions while delegating 'Operation Master Roles Management': Seize the Schema Master Role WP on cn=Schema, cn=Configuration, dc=ForestRootDomain to modify the fSMORoleOwner attribute Extended Right Change-Schema-Master on cn=Schema, cn=Configuration, dc=ForestRootDomain The same thing (applying permissions to'cn=Schema') I can see in many other recommendations there. Why it is required to apply permissions directly to'cn=Schema' container and are thereany other solutions? Thanks, Ivan.
RE: [ActiveDir] OT for those in California
Nope, there weren't any updates on hypervisor during WinConnections - at least none I heard of. So this info is actually quite useful. Did they actually demo it at VMworld? Or just talk about it? Thanks Mark for sharing. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Wednesday, November 08, 2006 1:49 PM To: ActiveDir.org Subject: Re: [ActiveDir] OT for those in California What I did manage to glean from MS was - that the virtualisation product will ship 180 days after longhorn does and will run on server core and full gui version. When the +180 server core ships it will be an update to the basic core version - rather than there being two flavours of core. All resources will be hot plug - disk, network, ram and cpu; but not hot unplugable. Oh and it will be free But that needs defining - you may need to sacrifice several goats to Rah though, to qualify. They were running 5735 for the sad ones out there, it will go to limited beta in two months and connect should have the details soon. Not sure about the mountain dew as the drink bins are always empty but, there are no queue's (lines) for the ladies - but that being said there are a fair few ladies here. Anyone got an update from WinConnections? Regards, Mark Parris Base IT Ltd Active Directory Consultancy Tel +44(0)7801 690596 -Original Message- From: Laura A. Robinson [EMAIL PROTECTED] Date: Wed, 08 Nov 2006 00:53:19 To:ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT for those in California Okay, maybe my sense of humor is a little skewed. :-P -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson Sent: Wednesday, November 08, 2006 12:48 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT for those in California What's funny is that the blog entry doesn't say where Patrick is, either. That's why I commented. ;-) Laura -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Wednesday, November 08, 2006 12:37 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT for those in California Blog post cut and paste http://blogs.technet.com/windowsserver/ I wasn't there.. Mark was at VMworld as well as Patrick If I had been there I would have blogged about the lack of line for the women's restroom, whether or not Mountain Dew was readily available and what not... ;-) Now I did google for the PGE links Laura A. Robinson wrote: Susan, two questions- 1. Why are you now going by Patrick? 2. Do you plan to identify the event of which you write below for those who may not know? :-) Laura -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, November 07, 2006 10:12 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT for those in California http://blogs.technet.com/windowsserver/archive/2006/11/07/LA-T raffic-_2D00_-1_2C00_500-Shirts-in-150-minutes.aspx The show floor proved to be really busy this morning. One piece of evidence: we distributed 1,500 shirts in 2.5 hours. The orange shirts say Virtualize World Peace and the crowd was 2-deep at demos for Virtual Machine Manager (in beta now), SoftGrid and Windows Server virtualization (the hypervisor-based architecture for Longhorn). The sessions have proved to be muc better than the keynote. A few sessions on VDI and some interesting insights on how that model can create even more power consumption than before and the scalability challenge of adding all those desktop images to the servers/blades. The power consumption challenge was perhaps the most interesting given the comments from PGE earlier today in the keynote. PGE, which provides power to most of California, is providing business with credits ($700-$1,300) for consolidating servers in the datacenter using server virtualization. More to come later. Patrick -- Tax credits... interesting. and excuse me us SBSers have been been putting 5 servers and the kitchen sink service on one box for years and I've not gotten a dime from PGE and I'm a shareholder snort ;-) http://searchservervirtualization.techtarget.com/originalConte nt/0,289142,sid94_gci1226458,00.html High Tech and Healthcare Program: http://www.pge.com/biz/rebates/hightech/ http://www.pge.com/docs/word_xls/biz/rebates/2006_Incentive_Ap p/2006%20PGE%20app%20forms.xls -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you
Re: [ActiveDir] Restrict CD rom, floppy and USB via group policy?
XP sp2 is when that GP was put in there. The xp sp2 policy only controls Microsoft drivers. Group, Russ wrote: Sorry if I sound ignorant, will this work in a Windows 2000 environment? Thanks Russ *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Ryan Conrad *Sent:* Friday, November 10, 2006 9:40 AM *To:* ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] Restrict CD rom, floppy and USB via group policy? HOWTO: Use Group Policy to disable USB, CD-ROM, Floppy Disk and LS-120 drivers http://support.microsoft.com/kb/555324 Ryan *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Group, Russ *Sent:* Friday, November 10, 2006 9:21 AM *To:* ActiveDir@mail.activedir.org *Subject:* [ActiveDir] Restrict CD rom, floppy and USB via group policy? Hi everyone Is there a way to use group policy to disable the CD rom, floppy and USB drives? Thanks Russ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] Restrict CD rom, floppy and USB via group policy?
Title: Restrict CD rom, floppy and USB via group policy? If you read the article, at the bottom it states that it applies to Win 2003. I'd have to infer that the policy settings are not present for 2000. - Original Message - From: Group, Russ To: ActiveDir@mail.activedir.org Sent: Friday, November 10, 2006 9:55 AM Subject: RE: [ActiveDir] Restrict CD rom, floppy and USB via group policy? Sorry if I sound ignorant, will this work in a Windows 2000 environment? ThanksRuss From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan ConradSent: Friday, November 10, 2006 9:40 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Restrict CD rom, floppy and USB via group policy? HOWTO: Use Group Policy to disable USB, CD-ROM, Floppy Disk and LS-120 drivers http://support.microsoft.com/kb/555324 Ryan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Group, RussSent: Friday, November 10, 2006 9:21 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Restrict CD rom, floppy and USB via group policy? Hi everyone Is there a way to use group policy to disable the CD rom, floppy and USB drives? Thanks Russ
RE: [ActiveDir] OT: M$
I highly doubt that any MS employee takes offence at what is surely as tongue in cheek _expression_. Let's not get _too_ PC please :/ neil -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Laura A. RobinsonSent: Thursday, November 09, 2006 6:14 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: M$ Just out of curiosity, whatmakes people think it's appropriate to refer toMicrosoft as "M$" on an MS-focused mailing list whose participants include Microsoft employees, Microsoft contractors, Microsoft MVPs and various other people who may have a relatively positiveview of Microsoft? Laura From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jitendra KalyankarSent: Thursday, November 09, 2006 10:16 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Beginner's Book on Scripting - WSH or _vbscript_? This is the link to M$ to start with...very good info http://msdn.microsoft.com/library/default.asp?url=""> -- Sincerely,J On 11/9/06, Stu Packett [EMAIL PROTECTED] wrote: Hello everyone. After reading through a lot of the posts on this mailing list, I realize I could make my job easier if I knew how to script. I have no experience in scripting, but would like to know what books do you recommend as a beginner's book on scripting? Also, I don't really know the difference between WSH and _vbscript_, so if anyone could explain that, I'd appreciate that. After browsing through Amazon, I saw several books on WSH and _vbscript_, but don't know where I should focus on. I'm also open to computer based training (CBT) videos of any exist. Thanks in advance. PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies.
[ActiveDir] Is it 2000 or 2003?
Hi Several months ago, I upgraded a small, multi-site domain from W2k to W2k3. Or so I thought. The various markings in the schema indicate that the upgrade was successful. But when I run, for example, gpresult, it reports a Windows 2000 domain. Is this just some flag or string that did not get set properly or is there really a problem with the upgrade? Thanks. -- nme P.S. I also just noticed that when I run netdiag on a new W2k3EN DC, it says System info: Windows 2000 Server (Build 3790). -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006
RE: [ActiveDir] Is it 2000 or 2003?
What does it say under: AD Users Computers | [right click domain name] | Raise Domain Functional Level... ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Friday, November 10, 2006 11:12 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Is it 2000 or 2003? Hi - Several months ago, I upgraded a small, multi-site domain from W2k to W2k3. Or so I thought. The various markings in the schema indicate that the upgrade was successful. But when I run, for example, gpresult, it reports a Windows 2000 domain. Is this just some flag or string that did not get set properly or is there really a problem with the upgrade? Thanks. -- nme P.S. I also just noticed that when I run netdiag on a new W2k3EN DC, it says System info: Windows 2000 Server (Build 3790). -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] OT for those in California
It was demo'd (or should I say in was installed and running with a few tasks constantly repeated to show it off) and looks - just like Windows on Windows! and very seemless - no splash screens or the like. They were showing off the whole suite Softgrid and VSR2SP1 and something else too. Regards, Mark Parris Base IT Ltd Active Directory Consultancy Tel +44(0)7801 690596 -Original Message- From: Grillenmeier, Guido [EMAIL PROTECTED] Date: Fri, 10 Nov 2006 10:30:31 To:ActiveDir@mail.activedir.org ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT for those in California Nope, there weren't any updates on hypervisor during WinConnections - at least none I heard of. So this info is actually quite useful. Did they actually demo it at VMworld? Or just talk about it? Thanks Mark for sharing. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Wednesday, November 08, 2006 1:49 PM To: ActiveDir.org Subject: Re: [ActiveDir] OT for those in California What I did manage to glean from MS was - that the virtualisation product will ship 180 days after longhorn does and will run on server core and full gui version. When the +180 server core ships it will be an update to the basic core version - rather than there being two flavours of core. All resources will be hot plug - disk, network, ram and cpu; but not hot unplugable. Oh and it will be free But that needs defining - you may need to sacrifice several goats to Rah though, to qualify. They were running 5735 for the sad ones out there, it will go to limited beta in two months and connect should have the details soon. Not sure about the mountain dew as the drink bins are always empty but, there are no queue's (lines) for the ladies - but that being said there are a fair few ladies here. Anyone got an update from WinConnections? Regards, Mark Parris Base IT Ltd Active Directory Consultancy Tel +44(0)7801 690596 -Original Message- From: Laura A. Robinson [EMAIL PROTECTED] Date: Wed, 08 Nov 2006 00:53:19 To:ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT for those in California Okay, maybe my sense of humor is a little skewed. :-P -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson Sent: Wednesday, November 08, 2006 12:48 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT for those in California What's funny is that the blog entry doesn't say where Patrick is, either. That's why I commented. ;-) Laura -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Wednesday, November 08, 2006 12:37 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT for those in California Blog post cut and paste http://blogs.technet.com/windowsserver/ I wasn't there.. Mark was at VMworld as well as Patrick If I had been there I would have blogged about the lack of line for the women's restroom, whether or not Mountain Dew was readily available and what not... ;-) Now I did google for the PGE links Laura A. Robinson wrote: Susan, two questions- 1. Why are you now going by Patrick? 2. Do you plan to identify the event of which you write below for those who may not know? :-) Laura -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, November 07, 2006 10:12 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT for those in California http://blogs.technet.com/windowsserver/archive/2006/11/07/LA-T raffic-_2D00_-1_2C00_500-Shirts-in-150-minutes.aspx The show floor proved to be really busy this morning. One piece of evidence: we distributed 1,500 shirts in 2.5 hours. The orange shirts say Virtualize World Peace and the crowd was 2-deep at demos for Virtual Machine Manager (in beta now), SoftGrid and Windows Server virtualization (the hypervisor-based architecture for Longhorn). The sessions have proved to be muc better than the keynote. A few sessions on VDI and some interesting insights on how that model can create even more power consumption than before and the scalability challenge of adding all those desktop images to the servers/blades. The power consumption challenge was perhaps the most interesting given the comments from PGE earlier today in the keynote. PGE, which provides power to most of California, is providing business with credits ($700-$1,300) for consolidating servers in the datacenter using server virtualization. More to come later. Patrick -- Tax credits... interesting. and excuse me us SBSers have been been putting 5 servers and the
RE: [ActiveDir]event log monitoring.
Return Receipt Your RE: [ActiveDir]event log monitoring. document: wasSteve Szwejbka/National/Hewitt Associates received by: at:11/10/2006 12:12:21 PM The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] GPO Error on Domain Controller
I'm currently getting the following error on my domain controller. I'm receiving this on a server that runs, DC; DNS; DHCP services (it's showing onEventViewer\application every 5 minutes, after trying to refresh a GPO) ++ Event Type: Error Event Source: Userenv Event Category: None Event ID: 1000 Date: 9/11/2006 Time: 9:05:32 PM User: NT AUTHORITY\SYSTEM Computer: Domain ControllerNameGoesHere Description: Windows cannot process extension Registry ProcessGroupPolicy. Return value (0x80004005). ** I've enabled script debugging using the KB article 221833 , but now I'm lost on whta GPO is causing the issue? Any help would be great ... I can post part of that log file -- - Disclaimer NOTICE: The information contained in this email and any document attached hereto is intended only for the named recipient(s). It is the property of the BankFive and shall not be used, disclosed or reproduced without the express written consent of BankFive. If you are not the intended recipient (or the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this transmittal or its attachments is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify me immediately by reply email or telephone and immediately delete this message and all its attachments. Thank you
[ActiveDir] GPO Error on Domain Controller
Return Receipt Your [ActiveDir] GPO Error on Domain Controller document: wasJason Centenni/CDS/CG/CAPITAL received by: at:11/10/2006 12:55:54 PM CST List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] GPO Error on Domain Controller
Return Receipt Your [ActiveDir] GPO Error on Domain Controller document: wasChris Roosien/NA/Johnson_Controls received by: at:11/10/2006 01:58:58 PM List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Is it 2000 or 2003?
I noticed the same thing yesterday with gpresult in 2 different forests and I can assure you they are both at 2003 FFL, I wrote it off to a bug in gpresult. Also noticed the same thing with netdiag- duh- how can 2K server have a build number from 2K3? Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\WINNTnetdiag Computer Name: DNS Host Name: System info : Windows 2000 Server (Build 3790) Anyway, I'd bet dollars to donughts that your levels are OKor should that be euros to eclairs? :-) You can just check msDS-Behavior-Version with adfind if you really want to put your mind at rest. adfind -s base -b dc=noahs,dc=domain DS-Behavior-Version Domain functional level setting The attribute is msDS-Behavior-Version on the NC head root of each domain DC=Mydomain, DC=ForestRootDom, DC=tld object. *Value of 0 or not set=mixed level domain *Value of 1=Windows Server 2003 domain level *Value of 2=Windows Server 2003 domain level Forest level setting The attribute is msDS-Behavior-Version on the CN=Partitions, CN=Configuration, DC=ForestRootDom, DC=tld object. *Value of 0 or not set=mixed level forest *Value of 1=Windows Server 2003 interim forest level *Value of 2=Windows Server 2003 forest level Mixed/Native mode setting The attribute is ntMixedDomain on the NC head root of each domain DC=Mydomain, DC=ForestRootDom, DC=tld object. *Value of 0=Native level domain *Value of 1=Mixed level domain From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Friday, November 10, 2006 9:12 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Is it 2000 or 2003? Hi - Several months ago, I upgraded a small, multi-site domain from W2k to W2k3. Or so I thought. The various markings in the schema indicate that the upgrade was successful. But when I run, for example, gpresult, it reports a Windows 2000 domain. Is this just some flag or string that did not get set properly or is there really a problem with the upgrade? Thanks. -- nme P.S. I also just noticed that when I run netdiag on a new W2k3EN DC, it says System info: Windows 2000 Server (Build 3790). -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Is it 2000 or 2003?
Good question. DFL = 2003 and FFL = 2003. So it must just be some lingering text string. Does anyone think there is more it? Thanks. -- nme -Original Message- From: Clingaman, Bruce [mailto:[EMAIL PROTECTED] Sent: Friday, November 10, 2006 9:39 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Is it 2000 or 2003? What does it say under: AD Users Computers | [right click domain name] | Raise Domain Functional Level... ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Friday, November 10, 2006 11:12 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Is it 2000 or 2003? Hi - Several months ago, I upgraded a small, multi-site domain from W2k to W2k3. Or so I thought. The various markings in the schema indicate that the upgrade was successful. But when I run, for example, gpresult, it reports a Windows 2000 domain. Is this just some flag or string that did not get set properly or is there really a problem with the upgrade? Thanks. -- nme P.S. I also just noticed that when I run netdiag on a new W2k3EN DC, it says System info: Windows 2000 Server (Build 3790). -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] GPO Error on Domain Controller
Return Receipt Your [ActiveDir] GPO Error on Domain Controller document : was [EMAIL PROTECTED] received by: at: 11/10/2006 02:26:56 PM List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] GPO Error on Domain Controller
Return Receipt Your [ActiveDir] GPO Error on Domain Controller document: wasSteve Szwejbka/National/Hewitt Associates received by: at:11/10/2006 01:35:35 PM The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] OT: M$
Ah - now I see - that must be their back-door to access every system Windows is running on ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Lefkovics Sent: Friday, November 10, 2006 9:36 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: M$ What does all this have to do with the hidden administrative share on the M: drive? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter Sent: Thursday, November 09, 2006 6:17 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: M$ You're not a fake employee, I've seen you. :-) BrettSh, too. It's that Stuart Kwan guy whose existence I'm doubting. (Come on, was that enough to inspire the rarity that is a Stuart Kwan ActiveDir post? Please? PLEASE?!?!?!?!?!?!?!?!?!?!? ;-)) On 11/9/06, Eric Fleischman [EMAIL PROTECTED] wrote: Not that I really care if people say M$ or not, but I thought I'd comment on one thing, in the name of full disclosure.. My participation on this list has __nothing__ to do with money. I don't get compensated on any level for this. Heck, I don't even work on AD anymore, so this is like 2 degrees of separation away from anything that MS compensates me for. So, is MS out to make $? Sure. Is AD part of that money-making strategy? Sure. Does that have anything to do with MS employee participation on this list? I don't think so. Others (at least those that I can recall posting here as I type this mail) on this list fall in to the same boat. A couple of them don't work on AD anymore either. Why do I hang out here? I do it because I care about customers and about AD/ADAM. It has nothing to do with my salary. It's also why I still blog about AD, answer newsgroup questions, answer internal questions (DLs, PSS, MCS, other PGs, etc.), handle direct emails from a myriad of non-MS people (some I know, some are totally out of the blue), fix code for people that ask for help, etc. I don't get paid for any of this. ~Eric Borg #145719302 Insert conspiracy theory here about how this whole mail is a lie and the man actually wrote it on behalf of the fake employee that goes by Eric Fleischman List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Creating WMI Filters
The problem is not that the WMI script does not work, it is that I can not even CREATE one from my desktop. When I right click on the WMI Filters section in GPMC and click on NEW or IMPORT I get a Generic Failure message box and that is it Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: Wednesday, November 08, 2006 2:37 PM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Creating WMI Filters 1/ Can we see the WMI filter? :) That will help ... 2/ Have you run WMIDiag on your XP SP2 machine to asses the WMI state? WMIDiag usage: http://www.microsoft.com/technet/scriptcenter/topics/help/wmidiag.mspx WMIDiag FAQ: http://blogs.msdn.com/wmi/archive/2006/05/12/596266.aspx WMIDiag Download: http://www.microsoft.com/downloads/details.aspx?FamilyID=d7ba3cd6-18d1-4d05-b11e-4c64192ae97dDisplayLang=en WMIDiag webcast: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032290320Culture=en-US WMI Troubleshooting: http://www.microsoft.com/technet/scriptcenter/topics/help/wmi.mspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, November 08, 2006 10:35 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: [ActiveDir] Creating WMI Filters On my Windows XP SP2 workstation I get a Generic Failure when I try to create or import a WMI Filter. On my Windows 2003 SP1 Domain Controller I am able to create the filter. What could be stopping me from being able to on my XP workstation. I cant find anything on the web about this. Thanks Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED]
RE: [ActiveDir] Event ID 108
I just tried to deploy the package by assigning it to a user who is an administrator of the test workstation and it deployed fine. However, this is undesirable since the users of the domain are not given administrative privileges on their workstations. I believe that when assigning it to the computers that all permissions are set correctly (E.G. the computers group being used for deployment is assigned Apply Group Policy on the GPO, and the group has read share and NTFS permissions to the AIP for the package). Plus, usually when there is a permissions problem, the Event Log on the workstation will say something like cannot find package or something and that is not what it is saying. Do you think it is possible that the problem is the domain is in Windows 2000 Mixed mode and there are both w2k3 and w2k domain controllers? Dan DeStefano Info-lution Corporation [EMAIL PROTECTED] http://www.info-lution.com Office: 727 546-9143 FAX: 727 541-5888 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Wednesday, November 08, 2006 8:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Event ID 108 Yes, if you deleted and recreated the GPO, it would have a different GUID. So I'm guessing that one of those packageRegistration objects is the package you've deployed and one is a package that has been removed. I can't think of any reason why software deployment would just fail like that, across GPOs. Can you successfully deploy another package--say adminpak.msi--just to see if its something with that media you're using? Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Wednesday, November 08, 2006 11:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Event ID 108 I did delete and recreate the deployment GPO so that may be the reason for the 2 packages. However, since the GPO was deleted and recreated, wouldnt the new GPO have a different GUID? If so, then why would the old package be in the new GPO? Additionally, the MSI packages is directly from the Outlook 2003 media that works fine when run manually. Also, when I create other software deployment GPOs, they fail as well. The AIP that I used to create the GPO is the exact same AIP used on a different, w2k3 domain for a different client and it works fine. So I think the problem is with software deployment GPOs in genera. Does that make sense? OK, I will rename the DDP back to the default. Dan DeStefano Info-lution Corporation [EMAIL PROTECTED] http://www.info-lution.com Office: 727 546-9143 FAX: 727 541-5888 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Wednesday, November 08, 2006 12:23 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Event ID 108 Dan- The 2 packageRegistration objects represent two separate packages. The MSI and MST are referenced within the msiFileList attribute on each packageRegistration object. Its possible that one of those packageRegistration objects is a removed package--removed packages don't actually get deleted in AD--they just lie around forever :-). So, I'm not sure why you're getting errors since it does appear that the packages are getting created properly. Renaming the DDP is not a problem for Windows, but it can be confusing to administrators looking at it. I would rename it back to DDP to avoid any confusion. Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Wednesday, November 08, 2006 8:07 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Event ID 108 Thanks for your help. When I look in the SYSVOL folder, I do see the software deployment policy I have created. I can also see the policy in the \System\Policies AD container. There are 2 packageRegistration objects in the Domain\System\Policies\GUID\Machine\Class Store\Packages container. I assume one is for the MSI and one for the MST, correct? Yes, the All Users and Computers GPO does begin with 31B2F3 Also, there is a container named Default Domain Policy under the System container in AD. Does renaming the DDP cause problems? Would it be advisable to name it back to DDP? Dan DeStefano Info-lution Corporation [EMAIL PROTECTED] http://www.info-lution.com Office: 727 546-9143 FAX: 727 541-5888 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Tuesday, November 07, 2006 11:33 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Event ID 108 Dan- I would resolve the problem before upgrading. Itsounds like you have at least two things going on. First off, the sw. deployment error sounds like something deeply wrong with AD. The software installation data object referred to below is probably something called a packageRegistration object, which should exist in AD under the GPC portion of the GPO. The fact that you don't seem
RE: [ActiveDir] Exchange --NDR--
Here is my SMTPDiag results attached. And these are results from other end domain I just received. 220-tx-node2.otherdomain.com ESMTP 220 You've connected to Ironport 02 via mailhost.otherdomain.com from the hostname: da l1mspmx02.otherdomain.domain.corp, IP address of: xxx.xxx.xx.xxx, matched the group: Al lowed_Relays and the SenderBase Organization: ehlo otherdomain.com 250-tx-node2.otherdomain.com 250-8BITMIME 250 SIZE 104857600 mail from:[EMAIL PROTECTED] 250 sender [EMAIL PROTECTED] ok rcpt to:[EMAIL PROTECTED] 250 recipient [EMAIL PROTECTED] ok data 354 go ahead test . 250 ok: Message 40527585 accepted quit 221 tx-node2.otherdomain.com According to them this is a firewall issue. How can I verify if there is a problem at my end? Thanks!!! Ravi Dogra From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, November 10, 2006 5:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange --NDR-- Without an reverse PTR to your MX your likely to have this problem with a number of folks. You can try sending me a private message as well. My server will not except traffic without a reverse record. Though it should be child's play for the ISP to configure - usually just one entry, maybe two depending on the version of UNIX BIND they are running. If you use dnsstuff.com's top middle colum spam database lookup, it will indicate what your PTR is or isn't. The CBLs and DBNS may or may not have you listed depending on the amount of email you have sent or if anyone has complained so that too makes sense. I just ran into this problem with someone in the same building. Really, this is pretty simple to fix once everything is in place. Good luck and let know how things turn out. Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Technical Support [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/09/2006 04:47 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject RE: [ActiveDir] Exchange --NDR-- I dont have a reverse lookup set up at my ISP. This is the possible reason I think. What should I do in this case as this will take some time to get it setup. Can I use any other smtp server and how? DNS Stuff doesnt show my in BL. I am able to telnet the other server but not able to do helo it gives unrecognized command reply (500 #5.5.1 command not recognized). Thanks!!! Ravi Dogra From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan Sent: Thursday, November 09, 2006 1:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange --NDR-- did you guys ever resolved this problem? www.dnsstuff.com, there you can check if your IP is in a DNS BL or similar, he queries a bunch of list. Where you able to send email telneting into the other server? telnet servername 25 helo yourdomain? mail from:youremailaddress rcpt to:valid email address in that domain data test . From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji Sent: Wednesday, November 08, 2006 2:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange --NDR-- You should be able to see my email from the response. Sincerely, _ (, / | /)/) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.com - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Technical Support Sent: Tue 11/7/2006 11:35 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange
[ActiveDir] Help with Replication Mess
Hi - I am trying to sort out a long-standing replication mess. The configuration is three sites (W2k3 FL as per earlier email) connected over T1 lines in series (A-B-C). The layout is: Site A: - DCA1 (bridgehead) - DCA2 Site B: - DCB1 (self for DNS) - DCB2 (bridgehead; DCA1 for DNS) - DCB3 (DCA1 DCA2 for DNS) Site C: - DCC1 (bridgehead) There are two IP site links with equal cost: A-B and A-C. Site B is the problem. The event logs of DCB1 are filled with KCC and FRS errors. Also, depending on where you point your Sites and Services tool, you get different information about what DC is in what Site as well as phantom objects (such as the same DC in two sites, long demoted DCs lingering, dead sites still present). The goal for the weekend is to remove DCB1 and DCB2, leaving only DCB3. But, I am concerned that replication is not working correctly and that demoting them improperly will lead to bigger problems. What is the best way to go about cleaning this up? The DCs in Site A and C are fine. Can I just pull replication data from there? Thanks. -- nme -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006
RE: [ActiveDir] GPO Error on Domain Controller
That indicates that something is preventing Admi. Template policy from running. Posting the relevants part of userenv.log would be helpful. Darren -Original Message- From: Paul G. DaSilva [EMAIL PROTECTED] Cc: ActiveDir@mail.activedir.org Sent: 11/10/2006 10:43 AM Subject: [ActiveDir] GPO Error on Domain Controller I'm currently getting the following error on my domain controller. I'm receiving this on a server that runs, DC; DNS; DHCP services (it's showing on EventViewer\application every 5 minutes, after trying to refresh a GPO) ++ Event Type: Error Event Source: Userenv Event Category: None Event ID: 1000 Date: 9/11/2006 Time: 9:05:32 PM User: NT AUTHORITY\SYSTEM Computer: Domain ControllerNameGoesHere Description: Windows cannot process extension Registry ProcessGroupPolicy. Return value (0x80004005). ** I've enabled script debugging using the KB article 221833 , but now I'm lost on whta GPO is causing the issue? Any help would be great ... I can post part of that log file - Disclaimer NOTICE: The information contained in this email and any document attached hereto is intended only for the named recipient(s). It is the property of the BankFive and shall not be used, disclosed or reproduced without the express written consent of BankFive. If you are not the intended recipient (or the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this transmittal or its attachments is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify me immediately by reply email or telephone and immediately delete this message and all its attachments. Thank you List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] OT: M$
You may doubt it, but I don't. It's a moniker that implies (aside from childishness on the part of the person who uses it) that Microsoft is a company that is all about corporate greed. That's an unfair characterization and IMO, is insulting to the 75%+ of Microsoft employees who spend a lot of their own time and money in philanthropic pursuits. It's also dismissive of the actual motivation of most Microsoft employees who I know, which is to produce software that makes businesses and people more equipped to do what they need to do. This is just my personal opinion and is in no way intended to represent the views of my employer, which, as it happens, is Microsoft. So yes, there are Microsoft employees who find it offensive. Laura From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Friday, November 10, 2006 12:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: M$ I highly doubt that any MS employee takes offence at what is surely as tongue in cheek _expression_. Let's not get _too_ PC please :/ neil -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Laura A. RobinsonSent: Thursday, November 09, 2006 6:14 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: M$ Just out of curiosity, whatmakes people think it's appropriate to refer toMicrosoft as "M$" on an MS-focused mailing list whose participants include Microsoft employees, Microsoft contractors, Microsoft MVPs and various other people who may have a relatively positiveview of Microsoft? Laura From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jitendra KalyankarSent: Thursday, November 09, 2006 10:16 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Beginner's Book on Scripting - WSH or _vbscript_? This is the link to M$ to start with...very good info http://msdn.microsoft.com/library/default.asp?url=""> -- Sincerely,J On 11/9/06, Stu Packett [EMAIL PROTECTED] wrote: Hello everyone. After reading through a lot of the posts on this mailing list, I realize I could make my job easier if I knew how to script. I have no experience in scripting, but would like to know what books do you recommend as a beginner's book on scripting? Also, I don't really know the difference between WSH and _vbscript_, so if anyone could explain that, I'd appreciate that. After browsing through Amazon, I saw several books on WSH and _vbscript_, but don't know where I should focus on. I'm also open to computer based training (CBT) videos of any exist. Thanks in advance. PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies.
RE: [ActiveDir] OT: M$
That's the secret share we use for the man. It's where we keep the collective intelligence that allows us to represent our single self as multiple entities. Laura I am Dsylexia of Borg. Your a$$ will be laminated. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Lefkovics Sent: Friday, November 10, 2006 3:36 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: M$ What does all this have to do with the hidden administrative share on the M: drive? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter Sent: Thursday, November 09, 2006 6:17 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: M$ You're not a fake employee, I've seen you. :-) BrettSh, too. It's that Stuart Kwan guy whose existence I'm doubting. (Come on, was that enough to inspire the rarity that is a Stuart Kwan ActiveDir post? Please? PLEASE?!?!?!?!?!?!?!?!?!?!? ;-)) On 11/9/06, Eric Fleischman [EMAIL PROTECTED] wrote: Not that I really care if people say M$ or not, but I thought I'd comment on one thing, in the name of full disclosure.. My participation on this list has __nothing__ to do with money. I don't get compensated on any level for this. Heck, I don't even work on AD anymore, so this is like 2 degrees of separation away from anything that MS compensates me for. So, is MS out to make $? Sure. Is AD part of that money-making strategy? Sure. Does that have anything to do with MS employee participation on this list? I don't think so. Others (at least those that I can recall posting here as I type this mail) on this list fall in to the same boat. A couple of them don't work on AD anymore either. Why do I hang out here? I do it because I care about customers and about AD/ADAM. It has nothing to do with my salary. It's also why I still blog about AD, answer newsgroup questions, answer internal questions (DLs, PSS, MCS, other PGs, etc.), handle direct emails from a myriad of non-MS people (some I know, some are totally out of the blue), fix code for people that ask for help, etc. I don't get paid for any of this. ~Eric Borg #145719302 Insert conspiracy theory here about how this whole mail is a lie and the man actually wrote it on behalf of the fake employee that goes by Eric Fleischman List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] OT: M$
it's friday, can't we all just get along? -- Original message -- From: "Laura A. Robinson" [EMAIL PROTECTED] You may doubt it, but I don't. It's a moniker that implies (aside from childishness on the part of the person who uses it) that Microsoft is a company that is all about corporate greed. That's an unfair characterization and IMO, is insulting to the 75%+ of Microsoft employees who spend a lot of their own time and money in philanthropic pursuits. It's also dismissive of the actual motivation of most Microsoft employees who I know, which is to produce software that makes businesses and people more equipped to do what they need to do. This is just my personal opinion and is in no way intended to represent the views of my employer, which, as it happens, is Microsoft. So yes, there are Microsoft employees who find it offensive. Laura From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Friday, November 10, 2006 12:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: M$ I highly doubt that any MS employee takes offence at what is surely as tongue in cheek _expression_. Let's not get _too_ PC please :/ neil -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Laura A. RobinsonSent: Thursday, November 09, 2006 6:14 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: M$ Just out of curiosity, whatmakes people think it's appropriate to refer toMicrosoft as "M$" on an MS-focused mailing list whose participants include Microsoft employees, Microsoft contractors, Microsoft MVPs and various other people who may have a relatively positiveview of Microsoft? Laura From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jitendra KalyankarSent: Thursday, November 09, 2006 10:16 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Beginner's Book on Scripting - WSH or _vbscript_? This is the link to M$ to start with...very good info http://msdn.microsoft.com/library/default.asp?url=""> -- Sincerely,J On 11/9/06, Stu Packett [EMAIL PROTECTED] wrote: Hello everyone. After reading through a lot of the posts on this mailing list, I realize I could make my job easier if I knew how to script. I have no experience in scripting, but would like to know what books do you recommend as a beginner's book on scripting? Also, I don't really know the difference between WSH and _vbscript_, so if anyone could explain that, I'd appreciate that.. After browsing through Amazon, I saw several books on WSH and _vbscript_, but don't know where I should focus on. I'm also open to computer based training (CBT) videos of any exist. Thanks in advance. PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies.
RE: [ActiveDir] Help with Replication Mess
Whats repadmin.exe /showrepl * show? Quite possibly the site B DCs will need to be forcibly demoted based on your description. - Roger From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Friday, November 10, 2006 2:40 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Help with Replication Mess Hi - I am trying to sort out a long-standing replication mess. The configuration is three sites (W2k3 FL as per earlier email) connected over T1 lines in series (A-B-C). The layout is: Site A: - DCA1 (bridgehead) - DCA2 Site B: - DCB1 (self for DNS) - DCB2 (bridgehead; DCA1 for DNS) - DCB3 (DCA1 DCA2 for DNS) Site C: - DCC1 (bridgehead) There are two IP site links with equal cost: A-B and A-C. Site B is the problem. The event logs of DCB1 are filled with KCC and FRS errors. Also, depending on where you point your Sites and Services tool, you get different information about what DC is in what Site as well as phantom objects (such as the same DC in two sites, long demoted DCs lingering, dead sites still present). The goal for the weekend is to remove DCB1 and DCB2, leaving only DCB3. But, I am concerned that replication is not working correctly and that demoting them improperly will lead to bigger problems. What is the best way to go about cleaning this up? The DCs in Site A and C are fine. Can I just pull replication data from there? Thanks. -- nme -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006
RE: [ActiveDir] Exchange --NDR--
Its a firewall issue alright - lol - theirs! They are using an appliance called IronPort and because you don't have the required, in this case by the IronPort appliance, a PTR record its not putting you into the allowed relay list. They may also require ICMP (ping) to accept mail first. Some email servers are configured to ping the sender first to verify the sender and not some spoofed UDP traffic. Though there is no outward indication below to that effect. Not familiar with all the specifics here with IronPort but its something to ask from the email receiver. I don't see much here that would indicate a firewall issue on your side. Assuming that you allow port 25 (SMTP) and ICMP-echo out of your firewall. This looks like a pretty standard extended helo handshake to me. Looking at equinoxco.com I can see that it is indeed setup properly and nothing in the DNSBL or CBL though it took me a minute to find the IP address. Network Solutions - Bah! I dislike that policy of theirs. The only other thing to do would be to ask that the email/IronPort administrator add you to the Whitelist configuration while you get your PTR record in place with the ISP. Assuming that IronPort has a Whitelist. It may not but I don't see why they wouldn't build one into the appliance. Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Technical Support [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/10/2006 02:05 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject RE: [ActiveDir] Exchange --NDR-- Here is my SMTPDiag results attached. And these are results from other end domain I just received. 220-tx-node2.otherdomain.com ESMTP 220 You've connected to Ironport 02 via mailhost.otherdomain.com from the hostname: da l1mspmx02.otherdomain.domain.corp, IP address of: xxx.xxx.xx.xxx, matched the group: Al lowed_Relays and the SenderBase Organization: ehlo otherdomain.com 250-tx-node2.otherdomain.com 250-8BITMIME 250 SIZE 104857600 mail from:[EMAIL PROTECTED] 250 sender [EMAIL PROTECTED] ok rcpt to:[EMAIL PROTECTED] 250 recipient [EMAIL PROTECTED] ok data 354 go ahead test . 250 ok: Message 40527585 accepted quit 221 tx-node2.otherdomain.com According to them this is a firewall issue. How can I verify if there is a problem at my end? Thanks!!! Ravi Dogra From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, November 10, 2006 5:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange --NDR-- Without an reverse PTR to your MX your likely to have this problem with a number of folks. You can try sending me a private message as well. My server will not except traffic without a reverse record. Though it should be child's play for the ISP to configure - usually just one entry, maybe two depending on the version of UNIX BIND they are running. If you use dnsstuff.com's top middle colum spam database lookup, it will indicate what your PTR is or isn't. The CBLs and DBNS may or may not have you listed depending on the amount of email you have sent or if anyone has complained so that too makes sense. I just ran into this problem with someone in the same building. Really, this is pretty simple to fix once everything is in place. Good luck and let know how things turn out. Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or
RE: [ActiveDir] Help with Replication Mess
Thanks, Roger. When I sent the original message, I had just run /showreps and gotten complaints on DCB1 that it could not find DCB2. However, when I run /showrepl *, everything comes up clean. (BTW: the use of * just made my life a lot simpler thanks.) I am going to brush up on the force removal process and hope for the best. I should add that the phantom objects are still there. Are these something to manually remove with admod or adsi? Thanks again. -- nme From: Roger Longden [mailto:[EMAIL PROTECTED] Sent: Friday, November 10, 2006 3:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Help with Replication Mess Whats repadmin.exe /showrepl * show? Quite possibly the site B DCs will need to be forcibly demoted based on your description. - Roger From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Friday, November 10, 2006 2:40 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Help with Replication Mess Hi - I am trying to sort out a long-standing replication mess. The configuration is three sites (W2k3 FL as per earlier email) connected over T1 lines in series (A-B-C). The layout is: Site A: - DCA1 (bridgehead) - DCA2 Site B: - DCB1 (self for DNS) - DCB2 (bridgehead; DCA1 for DNS) - DCB3 (DCA1 DCA2 for DNS) Site C: - DCC1 (bridgehead) There are two IP site links with equal cost: A-B and A-C. Site B is the problem. The event logs of DCB1 are filled with KCC and FRS errors. Also, depending on where you point your Sites and Services tool, you get different information about what DC is in what Site as well as phantom objects (such as the same DC in two sites, long demoted DCs lingering, dead sites still present). The goal for the weekend is to remove DCB1 and DCB2, leaving only DCB3. But, I am concerned that replication is not working correctly and that demoting them improperly will lead to bigger problems. What is the best way to go about cleaning this up? The DCs in Site A and C are fine. Can I just pull replication data from there? Thanks. -- nme -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006
RE: [ActiveDir] Help with Replication Mess
I cant say what could be happening without seeing lots more data. Just because repadmin.exe /showrepl shows no apparent errors doesnt definitively mean there arent any. Its conceivable the DC(s) failing to replicate has no inbound and/or outbound replication partners in which case repadmin.exe wont complain. The absence of trying to replicate isnt considered a failure by the tool even though we would normally think it is (until RODCs, I suppose). You could run repadmin.exe /replsum /bysrc /bydest /sort:delta and verify an equal number of destination and source DCs and that it also reports no errors. You mentioned errors in the logs which might contain useful info. The fact some DCs appear to have a different view of the Configuration partition isnt a good thing. I wouldnt start forcibly demoting DCs unless youre sure what youre doing. Might be time for a PSS call. Id also make sure you have recent, valid system state backups before fiddling with anything. - Roger From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Friday, November 10, 2006 6:28 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Help with Replication Mess Thanks, Roger. When I sent the original message, I had just run /showreps and gotten complaints on DCB1 that it could not find DCB2. However, when I run /showrepl *, everything comes up clean. (BTW: the use of * just made my life a lot simpler thanks.) I am going to brush up on the force removal process and hope for the best. I should add that the phantom objects are still there. Are these something to manually remove with admod or adsi? Thanks again. -- nme From: Roger Longden [mailto:[EMAIL PROTECTED] Sent: Friday, November 10, 2006 3:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Help with Replication Mess Whats repadmin.exe /showrepl * show? Quite possibly the site B DCs will need to be forcibly demoted based on your description. - Roger From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Friday, November 10, 2006 2:40 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Help with Replication Mess Hi - I am trying to sort out a long-standing replication mess. The configuration is three sites (W2k3 FL as per earlier email) connected over T1 lines in series (A-B-C). The layout is: Site A: - DCA1 (bridgehead) - DCA2 Site B: - DCB1 (self for DNS) - DCB2 (bridgehead; DCA1 for DNS) - DCB3 (DCA1 DCA2 for DNS) Site C: - DCC1 (bridgehead) There are two IP site links with equal cost: A-B and A-C. Site B is the problem. The event logs of DCB1 are filled with KCC and FRS errors. Also, depending on where you point your Sites and Services tool, you get different information about what DC is in what Site as well as phantom objects (such as the same DC in two sites, long demoted DCs lingering, dead sites still present). The goal for the weekend is to remove DCB1 and DCB2, leaving only DCB3. But, I am concerned that replication is not working correctly and that demoting them improperly will lead to bigger problems. What is the best way to go about cleaning this up? The DCs in Site A and C are fine. Can I just pull replication data from there? Thanks. -- nme -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.13.32/523 - Release Date: 11/7/2006
RE: [ActiveDir] OT: M$
There's no anger or distress on my end (and I doubt there's any on anybody else's part, either). I'm simply pointing out that yes, there are Microsoft employees who don't find the slur amusing. No emotional investment, I assure you. :-) Laura From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Friday, November 10, 2006 5:24 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: M$ it's friday, can't we all just get along? -- Original message -- From: "Laura A. Robinson" [EMAIL PROTECTED] You may doubt it, but I don't. It's a moniker that implies (aside from childishness on the part of the person who uses it) that Microsoft is a company that is all about corporate greed. That's an unfair characterization and IMO, is insulting to the 75%+ of Microsoft employees who spend a lot of their own time and money in philanthropic pursuits. It's also dismissive of the actual motivation of most Microsoft employees who I know, which is to produce software that makes businesses and people more equipped to do what they need to do. This is just my personal opinion and is in no way intended to represent the views of my employer, which, as it happens, is Microsoft. So yes, there are Microsoft employees who find it offensive. Laura From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Friday, November 10, 2006 12:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: M$ I highly doubt that any MS employee takes offence at what is surely as tongue in cheek _expression_. Let's not get _too_ PC please :/ neil -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Laura A. RobinsonSent: Thursday, November 09, 2006 6:14 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: M$ Just out of curiosity, whatmakes people think it's appropriate to refer toMicrosoft as "M$" on an MS-focused mailing list whose participants include Microsoft employees, Microsoft contractors, Microsoft MVPs and various other people who may have a relatively positiveview of Microsoft? Laura From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jitendra KalyankarSent: Thursday, November 09, 2006 10:16 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Beginner's Book on Scripting - WSH or _vbscript_? This is the link to M$ to start with...very good info http://msdn.microsoft.com/library/default.asp?url=""> -- Sincerely,J On 11/9/06, Stu Packett [EMAIL PROTECTED] wrote: Hello everyone. After reading through a lot of the posts on this mailing list, I realize I could make my job easier if I knew how to script. I have no experience in scripting, but would like to know what books do you recommend as a beginner's book on scripting? Also, I don't really know the difference between WSH and _vbscript_, so if anyone could explain that, I'd appreciate that.. After browsing through Amazon, I saw several books on WSH and _vbscript_, but don't know where I should focus on. I'm also open to computer based training (CBT) videos of any exist. Thanks in advance. PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do
Re: [ActiveDir] Exchange --NDR--
Go to dyndns.com. They'll set up a PTR for you immediately and cheaply. Provided you own your domain, that is. - Original Message - From: Technical Support To: ActiveDir@mail.activedir.org Sent: Thursday, November 09, 2006 2:47 PM Subject: RE: [ActiveDir] Exchange --NDR-- I don’t have a reverse lookup set up at my ISP. This is the possible reason I think. What should I do in this case as this will take some time to get it setup. Can I use any other smtp server and how? DNS Stuff doesn’t show my in BL. I am able to telnet the other server but not able to do helo it gives unrecognized command reply (500 #5.5.1 command not recognized). Thanks!!! Ravi Dogra From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Thursday, November 09, 2006 1:50 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange --NDR-- did you guys ever resolved this problem? www.dnsstuff.com, there you can check if your IP is in a DNS BL or similar, he queries a bunch of list. Where you able to send email telneting into the other server? telnet servername 25 helo yourdomain? mail from:youremailaddress rcpt to:valid email address in that domain data test . From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, DejiSent: Wednesday, November 08, 2006 2:43 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange --NDR-- You should be able to see my email from the response. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Technical SupportSent: Tue 11/7/2006 11:35 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange --NDR-- Please let me know how I can contact you Deji From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, DejiSent: Monday, November 06, 2006 10:19 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange --NDR-- 4.4.7 is "usually" the other server's problem. If you want, I can privately help you verify this, if you send me the domain/ip of the other server in a private (off-list) message. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Technical SupportSent: Mon 11/6/2006 8:14 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Exchange --NDR-- Hi, I am sending mail @XYZ.COM and here is the error I am getting. When id to Email ID Verification and MX Record lookup it works fine for xyz.com. Also I am not facing this problem with any other mail id. I am able to send mails to other clients/vendors. Here is the NDR I am getting. --- Your message did not reach some or all of the intended recipients. Subject: Updated: Undelivered Sent: 11/6/2006 6:58 PM The following recipient(s) could not be reached: [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. MyFrontEnd.Domain.local #4.4.7 --- Please suggest what the possible reason is for the same. Do I need to change something from my end (a new connector) or get something changed at remote (Client) end? Thanks!!! Ravi Dogra