RE: [ActiveDir] Quest Recovery Manager
Have implemented the product at a number of clients in single and multiple domain forests and used it for real on a number of occasions. One or two minor problems but nothing that would stop me implementing it again and the support on those occasions was excellent here in the UK can't comment about elsewhere obviously. Has the nice side benefit of providing a stash of .BKF files that can be used for other recovery scenarios but these must be well protected of course. Scotty -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 05 December 2006 22:11 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Quest Recovery Manager Does anybody have anything particularly good or bad to say about Quest's Recovery Manager product? We are evaluating it for an 2 forests, and 3 domains. As always, thanks for all of your insight and expertise. -James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] Quest Recovery Manager
Hi James We bought this when it was an Aelita tool and loved the product - it pretty much paid for itself in one step the second month we were using it. The product is still good but I have nothing good to say about Quest support (but I could complain for hours about it if I am allowed to). There are a couple of other similar ones that may also be worth. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-354-1464 202-230-2983 (CEL) [EMAIL PROTECTED] [EMAIL PROTECTED] ger.com Sent by: To [EMAIL PROTECTED] ActiveDir@mail.activedir.org ail.activedir.org cc Subject 12/05/2006 05:11 [ActiveDir] Quest Recovery Manager PM EST Please respond to [EMAIL PROTECTED] tivedir.org Does anybody have anything particularly good or bad to say about Quest's Recovery Manager product? We are evaluating it for an 2 forests, and 3 domains. As always, thanks for all of your insight and expertise. -James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Quest Recovery Manager
I would have to agree. We've been using it since the Aelita days as well. We rely on it and it performs well. One advantage of using a .bkf solution vs a database backend is being able to restore point-in-time attributes. One quirk - watch how/when it restores back-linked attributes. Hope this helps. Dan Conrad AD/Exchange Engineering Nortel Government Solutions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 7:03 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Quest Recovery Manager Hi James We bought this when it was an Aelita tool and loved the product - it pretty much paid for itself in one step the second month we were using it. The product is still good but I have nothing good to say about Quest support (but I could complain for hours about it if I am allowed to). There are a couple of other similar ones that may also be worth. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-354-1464 202-230-2983 (CEL) [EMAIL PROTECTED] [EMAIL PROTECTED] ger.com Sent by: To [EMAIL PROTECTED] ActiveDir@mail.activedir.org ail.activedir.org cc Subject 12/05/2006 05:11 [ActiveDir] Quest Recovery Manager PM EST Please respond to [EMAIL PROTECTED] tivedir.org Does anybody have anything particularly good or bad to say about Quest's Recovery Manager product? We are evaluating it for an 2 forests, and 3 domains. As always, thanks for all of your insight and expertise. -James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ smime.p7s Description: S/MIME cryptographic signature
RE: [ActiveDir] Quest Recovery Manager
Same here... Good stuff. To be fair though, most of the major AD players have these tools now. The thing about the Quest (Aelita) tool was its use of their own APIs to address issues like Domain Local Groups etc. I haven't kept up with the latest versions so I am not sure what direction they have gone since 2003. Latest information I remember was they offered you the option to use the MS API methods for recovery, or their special brew for more advanced recovery options. Now if put some extra effort into your query, you might get this thread nice and hot, and generate input from people like Stuart Kwan discussing supportability issues using the various recovery methods, Guido Vladimir discussing in great depth the inherent problems of group recovery, various opinions on how to use isolates sites with rubber chickens, MIIS, ADAM to reanimate deleted objects (This seems to be a favorite topic of Gil's to use to fill in spots at DEC)... did I forget anyone... hmm maybe Robbie might take time away from work on his fields medal or latest cookbook to write you a Monad shell script that Joe will find a way to compile into a .exe to execute from a ADFIND query pipe. In all seriousness though, when evaluating DR feature for AD you will have a lot of things to consider, technologies being just one. The nature of the type of AD objects you want to recover and in what state should be considered (Groups, GPO's, etc, attribute data). How much time you want to dedicate to this operation? How much you want to spend? And who will support you if the recovery operations fail or seem to cause more problems. If you are looking just to recover deleted users, the various free tools out there will do just fine. I highly recommend that you start your DR project today by just using the good'old MS backup utility at a minimum to make a MST formatted backup of the system state and data from a domain controller in each of your domains you think has the most current AD data in your organization. That pretty much guarantees you can recover every object given that you have the data in some backup. And to all the people I mentioned above. Happy Holidays... and New Year. Todd -Original Message- From: Day, James (NPS) Sent: Wednesday, December 06, 2006 8:03 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Quest Recovery Manager Hi James We bought this when it was an Aelita tool and loved the product - it pretty much paid for itself in one step the second month we were using it. The product is still good but I have nothing good to say about Quest support (but I could complain for hours about it if I am allowed to). There are a couple of other similar ones that may also be worth. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-354-1464 202-230-2983 (CEL) [EMAIL PROTECTED] [EMAIL PROTECTED] ger.com Sent by: To [EMAIL PROTECTED] ActiveDir@mail.activedir.org ail.activedir.org cc Subject 12/05/2006 05:11 [ActiveDir] Quest Recovery Manager PM EST Please respond to [EMAIL PROTECTED] tivedir.org Does anybody have anything particularly good or bad to say about Quest's Recovery Manager product? We are evaluating it for an 2 forests, and 3 domains. As always, thanks for all of your insight and expertise. -James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] OT: Vista Activation and KMS
Wow, 18 replies. I really appreciate all the information, folks. I've already read some of the resources out there on KMS and MAK, but it seems I managed to overlook the more important technical ones. I'll have a gander - thanks again. -- Brian Cline From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harvey Kamangwitz Sent: Wednesday 06 December 2006 00:41 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Vista Activation and KMS On 12/5/06, Laura A. Robinson [EMAIL PROTECTED] wrote: Inline... From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Harvey Kamangwitz Sent: Tuesday, December 05, 2006 11:28 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Vista Activation and KMS If you have any kind of a complex environment, you'll find volume activation to be very frustrating indeed: 1. The KMS service can't support more than one key, so if you have Longhorn VL clients in your environment you have to put up a second KMS infrastructure for them. Actually, when you purchase a KMS key, you get to activate TWO KMS hosts with that key, up to ten times each. Therefore, you don't have to put up a second KMS infrastructure. From a subsequent post on this thread: Doh! Okay, now I think I get what you're referencing in item 1. There's a reason for that- LH isn't out yet. When LH is out, that won't be an issue. :-) My hope was that KMS could support more than one key. I was astonished when I discovered it didn't. If you were Vista, KMS would supply you with a Vista key. Longhorn, a Longhorn key. Since KMS only supports one key, it triggers the need for two separate KMS infrastructures and the problems in #2 below. I'm assuming that Microsoft will be using Volume Activation for other products in the future; are we to put up a separate KMS for each? 2. You can't (rather, shouldn't) use autodiscovery If you do have both LH and Vista. The KMS client can't distinguish between a KMS with LH and a KMS with Vista, and there's nothing in the client that says oh, I hit a KMS but it has the wrong key so try again immediately so ~50% of a client's activation attempts will fail. So remove the DNS records for the LH KMS, or am I misunderstanding your point? To be more specific: In a Vista / Longhorn environment, you should only use autodiscovery for one KMS infrastructure because of 50% failure rate above. The other systems (Longhorn, if you choose autodiscovery for Vista) must be explictly pointed to a KMS with slmgr. How much of an adminstrative headache this is depends on how great a penetration of a standard build is in your company; you can code it into the build. 3. Autodiscovery isn't practical if you have more than a few forests that don't trust the forest your KMS is in. All admins of the untrusted forests must manually register the _vlmcs record in their forest to find the KMS. slmgr.vbs. We're not talking about a ton of records here or a difficult population mechanism. It's the logistics and overhead that's a pain. No, the act of registering a _vlmcs record in a domain is not in itself a difficult task; it's the help desk scripts and calls from panicky system administrators when all the clients in their forest start complaining about failure to activate and reduced functionality mode that have to be handled. In a large enterprise we could see a lot of these (everyone that brings up a sandbox forest for application testing, for example). I'm attempting to design a solution that minimizes the impact for everybody - corporate forest administrators, Vista users, help desk, untrusted test forest administrators, etc. ...the list goes on. (I haven't even mentioned the practical aspects of volume activation in a lab or firewalled environment.) I'd be happy to discuss your options around them if you should decide to elaborate further. If the firewalled labs don't want to open port 1688 to find a KMS, they either have to bring up their own KMS or use MAKs. I for one don't want to hand out KMS / volume keys to anyone outside the corporate KMS infrastructure. And MAKs, though I haven't studied them as closely, are a pain for labs that rebuild their clients because they're a single-use item (by which I mean that if you use up one activation count on a MAK then rebuild, it increments the MAK count - you can't reuse the previous one). And they still require some kind of
Re: [ActiveDir] OT: Exchange Design Question
I'm not sure what Brian said or thought, but there was not enough information in your question, Mark. What I mean by that is that if the security strategy is to use the juniper device, then I'm not sure I understand what the point of introducing ISA is in this situation? Just for SMTP? Why? What do they hope to gain from the additional investment (both money and complexity?) On 12/5/06, Brian Desmond [EMAIL PROTECTED] wrote:
RE: [ActiveDir] Quest Recovery Manager
FWIW I put together a table / matrix recently which listed the different recovery scenarios and the options available to address that scenario. I listed the following scenarios [not exhaustive, I'm sure]: Single object deletion Multiple (known) object deletions Multiple (unknown) object deletions [e.g. a script that did bad stuff :) ] OU deletion [and objects container therein] DC failure [e.g. hw fault] Database corruption [i.e. full forest recovery due to replicated corruption] Data corruption [e.g. wrong data in object attribute] Domain recovery [similar to database corruption, but confined to domain only] Forest recovery Schema corruption GPO rollback SYSVOL rollback [whole area or file(s) or folder(s)] FSMO holder failure [i.e. FSMO seizure] I then assigned one or more of the options below to each scenario: Lag site System state backup Full media back up Ntdsutil 3rd party recovery tool [e.g. Quest Recovery Manager] Manual process I won't give the full details of which option was assigned to which scenario, since this is slightly subjective :) Next comes the risk assessment then the cost / benefit analysis but I won't bore you all with that . . . and again, it's subjective :) I hope this is of benefit. neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: 06 December 2006 14:14 To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Same here... Good stuff. To be fair though, most of the major AD players have these tools now. The thing about the Quest (Aelita) tool was its use of their own APIs to address issues like Domain Local Groups etc. I haven't kept up with the latest versions so I am not sure what direction they have gone since 2003. Latest information I remember was they offered you the option to use the MS API methods for recovery, or their special brew for more advanced recovery options. Now if put some extra effort into your query, you might get this thread nice and hot, and generate input from people like Stuart Kwan discussing supportability issues using the various recovery methods, Guido Vladimir discussing in great depth the inherent problems of group recovery, various opinions on how to use isolates sites with rubber chickens, MIIS, ADAM to reanimate deleted objects (This seems to be a favorite topic of Gil's to use to fill in spots at DEC)... did I forget anyone... hmm maybe Robbie might take time away from work on his fields medal or latest cookbook to write you a Monad shell script that Joe will find a way to compile into a .exe to execute from a ADFIND query pipe. In all seriousness though, when evaluating DR feature for AD you will have a lot of things to consider, technologies being just one. The nature of the type of AD objects you want to recover and in what state should be considered (Groups, GPO's, etc, attribute data). How much time you want to dedicate to this operation? How much you want to spend? And who will support you if the recovery operations fail or seem to cause more problems. If you are looking just to recover deleted users, the various free tools out there will do just fine. I highly recommend that you start your DR project today by just using the good'old MS backup utility at a minimum to make a MST formatted backup of the system state and data from a domain controller in each of your domains you think has the most current AD data in your organization. That pretty much guarantees you can recover every object given that you have the data in some backup. And to all the people I mentioned above. Happy Holidays... and New Year. Todd -Original Message- From: Day, James (NPS) Sent: Wednesday, December 06, 2006 8:03 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Quest Recovery Manager Hi James We bought this when it was an Aelita tool and loved the product - it pretty much paid for itself in one step the second month we were using it. The product is still good but I have nothing good to say about Quest support (but I could complain for hours about it if I am allowed to). There are a couple of other similar ones that may also be worth. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-354-1464 202-230-2983 (CEL) [EMAIL PROTECTED] [EMAIL PROTECTED] ger.com Sent by: To [EMAIL PROTECTED] ActiveDir@mail.activedir.org ail.activedir.org cc Subject 12/05/2006 05:11 [ActiveDir] Quest Recovery Manager PM EST Please respond to [EMAIL PROTECTED] tivedir.org Does anybody have anything particularly good or bad to say about Quest's Recovery Manager product? We are evaluating it for an 2 forests, and
RE: [ActiveDir] Quest Recovery Manager
Sorry - refering to RM for AD James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wells, James Arthur Sent: Wednesday, December 06, 2006 2:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager James - Recovery Manager for Exchange, AD or both? We've been very happy with Quest Recovery Manager for Exchange. No experience with the AD product... --James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 05, 2006 4:11 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Quest Recovery Manager Does anybody have anything particularly good or bad to say about Quest's Recovery Manager product? We are evaluating it for an 2 forests, and 3 domains. As always, thanks for all of your insight and expertise. -James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Quest Recovery Manager
Todd, thanks for your insight. Good points to think about. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 9:14 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Same here... Good stuff. To be fair though, most of the major AD players have these tools now. The thing about the Quest (Aelita) tool was its use of their own APIs to address issues like Domain Local Groups etc. I haven't kept up with the latest versions so I am not sure what direction they have gone since 2003. Latest information I remember was they offered you the option to use the MS API methods for recovery, or their special brew for more advanced recovery options. Now if put some extra effort into your query, you might get this thread nice and hot, and generate input from people like Stuart Kwan discussing supportability issues using the various recovery methods, Guido Vladimir discussing in great depth the inherent problems of group recovery, various opinions on how to use isolates sites with rubber chickens, MIIS, ADAM to reanimate deleted objects (This seems to be a favorite topic of Gil's to use to fill in spots at DEC)... did I forget anyone... hmm maybe Robbie might take time away from work on his fields medal or latest cookbook to write you a Monad shell script that Joe will find a way to compile into a .exe to execute from a ADFIND query pipe. In all seriousness though, when evaluating DR feature for AD you will have a lot of things to consider, technologies being just one. The nature of the type of AD objects you want to recover and in what state should be considered (Groups, GPO's, etc, attribute data). How much time you want to dedicate to this operation? How much you want to spend? And who will support you if the recovery operations fail or seem to cause more problems. If you are looking just to recover deleted users, the various free tools out there will do just fine. I highly recommend that you start your DR project today by just using the good'old MS backup utility at a minimum to make a MST formatted backup of the system state and data from a domain controller in each of your domains you think has the most current AD data in your organization. That pretty much guarantees you can recover every object given that you have the data in some backup. And to all the people I mentioned above. Happy Holidays... and New Year. Todd -Original Message- From: Day, James (NPS) Sent: Wednesday, December 06, 2006 8:03 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Quest Recovery Manager Hi James We bought this when it was an Aelita tool and loved the product - it pretty much paid for itself in one step the second month we were using it. The product is still good but I have nothing good to say about Quest support (but I could complain for hours about it if I am allowed to). There are a couple of other similar ones that may also be worth. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-354-1464 202-230-2983 (CEL) [EMAIL PROTECTED] [EMAIL PROTECTED] ger.com Sent by: To [EMAIL PROTECTED] ActiveDir@mail.activedir.org ail.activedir.org cc Subject 12/05/2006 05:11 [ActiveDir] Quest Recovery Manager PM EST Please respond to [EMAIL PROTECTED] tivedir.org Does anybody have anything particularly good or bad to say about Quest's Recovery Manager product? We are evaluating it for an 2 forests, and 3 domains. As always, thanks for all of your insight and expertise. -James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] DFS vs Robocopy question
Hi all I'm looking for feedback on a couple of scenarios for our environment. We have three W2K3 SP1 domains and WAN separated regions in a couple of them. When deploying software, hotfixes and such I want to go to the 'distribution point' for that domain/region so as not to traverse the WAN for downloads. Each distribution point needs to mirror the others. Each region has an app server where we maintain these distribution points for downloads, patches and such and currently is managed manually as far as keeping each server identical to the other. I'm not familiar with DFS other than what is and does and have not configured or used it. Robocopy seems okay but also has a lot of configuration to deal with. DFS seems to be the best but wanted to see what the experts thought. My concern is if I create the DFS hierarchy I'd still be pointed to one server for the files. In reading the documentation I see multiple roots can be established which I'm hoping would provide access to each regional distribution point and still replicate the latest uploads from one point to all others. Appreciate any feedback. Thanks Jerry smime.p7s Description: S/MIME cryptographic signature
Re: [ActiveDir] Maybe OT: Shared Calendars w/o using Exchange? Tips/Suggestions/Recommedations?
Hi! Thanks for the prompt reply... As for hosted solutions, I guess that I don't much care wether the backend is Exchange, SBS or whatever the hosting company choses to provide ;) From what I've seen (http://www.arsys.es/aplicaciones/correo-exchange.htm, http://www.acens.com/seccion.web/correo/acens-exchange/678 - yes, we are based in Spain - or http://www.mi8.com/ to show that I'm looking elsewhere) basically what you get is a webbased admin panel and a number of accounts that you configure... not too much control but good enough Of course, I'd love to get recommendations for other providers or to be shown that not all of them are similar ;) As for the lack of a server for 40+ users, well, that's not really true: We have an AD (2003) domain (basic setup: single forest, single domain, 2 DCs) for the users, it's just that the email is hosted on a external server, to avoid downtime and lessen the administrative load on network admin (we don't have a full time person for that). Also, we currently have 2 main offices in Spain (conneted by DSL) and people working or tele-working in the US, Mexico, Colombia, Germany and the UK (2/3 people on each place at most): I believe that creating the infrastructure (relability-wise) to serve all those locations inhouse would be a tad expensive and (I belive) not really warranted. Of course, I'd love to hear opinions either way... As for control freak, we have an VPS so we have root on the mail server; as a matter of fact the hardest point for the internal acceptance of a hosted solution would probably lack of root access on the email server... I agree with you that to manage that that many (ok, those who manage Multi-K domains, please stop laughing) users, AD is a must And, besides, we delvelop security software that runs on top of AD, so I'd be a bit odd if we didn't use our own SW ;) In any case, I really am starting to believe that the simpler thing will be to get the real thing, so the options seem to be: 1) Get an Exchange Server inhouse. But that means making sure that our DSL line doesn't go down, and having the bandwith etc... 2) House a server on some co-lo. The comm. problems disappear, but we still have to babysit the thing... 3) Go for a hosted exchange provider. I've seen offers on the range of ~7€/mo/user; I believe that for a limited number of user (~30 ATM, possibly up to 40 in the foreseable future) that makes more sense than doing it all ourselves... I'd really love to hear your thoughts on the matter, and also if you could comment/recommend any service providers you'd make my life considerably easier ;) In any case, thanks again for reading this far and bearing with my ramblings. Happy Christmas for all ;) Javier Jarava On 05/12/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: Hosted SBS with Outlook 2003 Office Live http://office.microsoft.com/en-us/outlook/HA100809831033.aspx Not 2003 without a SBS box on the backend but 2007 uses Office Live to share calendars. 40 people and you don't have a server... wow.the control freak in me is freaking out. We put SBS servers in at 5 to 10 people and even less. Shared calendars pushes the sale of many a SBS box I don't know of non MS solutions. Javier Jarava wrote: Hi! Sorry if this question is a bit off-topic to the list, but I've seen some Exchange-related questions here, so I know there is Exchange expertise hanging around ;) and I didn't know where to ask; please feel free to point me to the proper forums (forii?) to ask in. I am looking for a way to implement shared calendars a la exchange (ie, they have to be visible and used from within Outlook 2003), but without actually using/hosting an Exchange Server ourselves. The idea is that people should be able to see/manage the calendar of the people they manage, so free/busy info is not enough. And the outlook requisite is a must (as my CEO put it yesterday: I live within Outlook; I don't want to meddle with web apps or the like) I know that it's a bit odd of a requisite, but we are a small co. (~ 40 employees) and the president feels that having to babysit a server in-house is a bit of a needless burden. At present we host our email / web presence / customer ticketing system in a pair of VPS from Verio, so if the proposed solution could run on top of FreeBSD it'd be a big plus ;) Of course (now going for the and ask about the KitchenSink part ;) if we could put it into place without having to tweak our email setup that'd be wonderful!!. We understand that we'd probably have to install some Outlook plugin, so that's OK... If there is no way to have the Shared Calendar feature as a stand-alone service/server, I guess the next step would be to ask those of you who know Exchange for an exchange clone that runs on FreeBDS / Unix. Or last but not least, I guess that there must be hosted Exchange providers out there that you can recommend. That'd mean re-doing our
RE: [ActiveDir] DFS vs Robocopy question
That's a huge question which can be answered in 10,000 words [ over to joe :) ], or with a 'go read up on DFSR, the newer version of DFS' :) DFS is site aware, uses AD replication topologies, uses compression, replicates deltas only etc etc. As usual, whether one product is more suited than the other - 'it depends'. Try starting here: http://www.microsoft.com/windowsserver2003/technologies/storage/dfs/defa ult.mspx neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Condra, Jerry W Mr HP Sent: 06 December 2006 16:34 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DFS vs Robocopy question Hi all I'm looking for feedback on a couple of scenarios for our environment. We have three W2K3 SP1 domains and WAN separated regions in a couple of them. When deploying software, hotfixes and such I want to go to the 'distribution point' for that domain/region so as not to traverse the WAN for downloads. Each distribution point needs to mirror the others. Each region has an app server where we maintain these distribution points for downloads, patches and such and currently is managed manually as far as keeping each server identical to the other. I'm not familiar with DFS other than what is and does and have not configured or used it. Robocopy seems okay but also has a lot of configuration to deal with. DFS seems to be the best but wanted to see what the experts thought. My concern is if I create the DFS hierarchy I'd still be pointed to one server for the files. In reading the documentation I see multiple roots can be established which I'm hoping would provide access to each regional distribution point and still replicate the latest uploads from one point to all others. Appreciate any feedback. Thanks Jerry PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Maybe OT: Shared Calendars w/o using Exchange? Tips/Suggestions/Recommedations?
Well with 40 people you're paying 280 euro a month. Some quick currency conversions tells me that an Exchange server for an org your size would likely set you back between 2300 and 3000 Euro from Dell. 280 goes into 2300 8.2 times - or it will pay for itself in 9 months. If you're already managing AD and other infrastructure, Exchange isn't going to add that much overhead. Create the mailboxes for your users, import the PSTs or whatever they have now, and make sure it's getting backed up and updated (which I'm sure you're already doing with your other servers). Has the DSL been reliable so far? If so, then I wouldn't worry about it. If not, either get a better DSL provider or find someone to be your MX or backup MX. Regarding bandwidth, ADSL goes to 6mbps these days - what limitations are on your circuit? Outlook 2003 in cached mode doesn't chew that much. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Javier Jarava Sent: Wednesday, December 06, 2006 11:57 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Maybe OT: Shared Calendars w/o using Exchange? Tips/Suggestions/Recommedations? Hi! Thanks for the prompt reply... As for hosted solutions, I guess that I don't much care wether the backend is Exchange, SBS or whatever the hosting company choses to provide ;) From what I've seen (http://www.arsys.es/aplicaciones/correo-exchange.htm, http://www.acens.com/seccion.web/correo/acens-exchange/678 - yes, we are based in Spain - or http://www.mi8.com/ to show that I'm looking elsewhere) basically what you get is a webbased admin panel and a number of accounts that you configure... not too much control but good enough Of course, I'd love to get recommendations for other providers or to be shown that not all of them are similar ;) As for the lack of a server for 40+ users, well, that's not really true: We have an AD (2003) domain (basic setup: single forest, single domain, 2 DCs) for the users, it's just that the email is hosted on a external server, to avoid downtime and lessen the administrative load on network admin (we don't have a full time person for that). Also, we currently have 2 main offices in Spain (conneted by DSL) and people working or tele-working in the US, Mexico, Colombia, Germany and the UK (2/3 people on each place at most): I believe that creating the infrastructure (relability-wise) to serve all those locations inhouse would be a tad expensive and (I belive) not really warranted. Of course, I'd love to hear opinions either way... As for control freak, we have an VPS so we have root on the mail server; as a matter of fact the hardest point for the internal acceptance of a hosted solution would probably lack of root access on the email server... I agree with you that to manage that that many (ok, those who manage Multi-K domains, please stop laughing) users, AD is a must And, besides, we delvelop security software that runs on top of AD, so I'd be a bit odd if we didn't use our own SW ;) In any case, I really am starting to believe that the simpler thing will be to get the real thing, so the options seem to be: 1) Get an Exchange Server inhouse. But that means making sure that our DSL line doesn't go down, and having the bandwith etc... 2) House a server on some co-lo. The comm. problems disappear, but we still have to babysit the thing... 3) Go for a hosted exchange provider. I've seen offers on the range of ~7€/mo/user; I believe that for a limited number of user (~30 ATM, possibly up to 40 in the foreseable future) that makes more sense than doing it all ourselves... I'd really love to hear your thoughts on the matter, and also if you could comment/recommend any service providers you'd make my life considerably easier ;) In any case, thanks again for reading this far and bearing with my ramblings. Happy Christmas for all ;) Javier Jarava On 05/12/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: Hosted SBS with Outlook 2003 Office Live http://office.microsoft.com/en- us/outlook/HA100809831033.aspx Not 2003 without a SBS box on the backend but 2007 uses Office Live to share calendars. 40 people and you don't have a server... wow.the control freak in me is freaking out. We put SBS servers in at 5 to 10 people and even less. Shared calendars pushes the sale of many a SBS box I don't know of non MS solutions. Javier Jarava wrote: Hi! Sorry if this question is a bit off-topic to the list, but I've seen some Exchange-related questions here, so I know there is Exchange expertise hanging around ;) and I didn't know where to ask; please feel free to point me to the proper forums (forii?) to ask in. I am looking for a way to implement shared calendars a la exchange (ie, they have
Re: [ActiveDir] Maybe OT: Shared Calendars w/o using Exchange? Tips/Suggestions/Recommedations?
A quick rundown of our setup, to see if it looks like SBS-land for those who know the bease ;) ;): ~ 40 employees. Most of them in two offices (development and sales would be a good approximation of the cut), but 2-3 working in USA (travelling around the country, but mostly in or around SF), 2-3 in Mexico (moving about), 1-2 in Colombia and the rest of Sout America, and home-workers in Germany and the UK. We have clients in (at least, last time I counted) 5 countries For the people in the main offices we have an in-house AD, but as you can see having a reliable (and not too pricey!!) email solution is a must for us. That's one of the reasons we use an VPS instead of a dedicated server: we are paying the premium Verio charges because they have good (very) support. Now, I believe that with this setup, using an external hosted solution makes sense... But if you have other opinion, please say so: I've been given the chance to re-think our setup (that does not mean there are going to be changes, but at least it's the time to propose them ;) Thanks a lot in advance,... JJ On 05/12/06, Brian Desmond [EMAIL PROTECTED] wrote: So, SBS sounds like the solution to your problem. Have you considered bringing in someone from a good local consulting firm that targets the SMB space and knows how to sell SBS on all levels (technical to exec)? Honestly, almost every SBS deal I've done it's started out with such and such manager says in house costs too much. I have a pretty good track record of putting an SBS box (or whatever was appropriate) in that shop after the fact. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 Javier Jarava wrote: Hi! Sorry if this question is a bit off-topic to the list, but I've seen some Exchange-related questions here, so I know there is Exchange expertise hanging around ;) and I didn't know where to ask; please feel free to point me to the proper forums (forii?) to ask in. I am looking for a way to implement shared calendars a la exchange (ie, they have to be visible and used from within Outlook 2003), but without actually using/hosting an Exchange Server ourselves. The idea is that people should be able to see/manage the calendar of the people they manage, so free/busy info is not enough. And the outlook requisite is a must (as my CEO put it yesterday: I live within Outlook; I don't want to meddle with web apps or the like) I know that it's a bit odd of a requisite, but we are a small co. (~ 40 employees) and the president feels that having to babysit a server in-house is a bit of a needless burden. At present we host our email / web presence / customer ticketing system in a pair of VPS from Verio, so if the proposed solution could run on top of FreeBSD it'd be a big plus ;) Of course (now going for the and ask about the KitchenSink part ;) if we could put it into place without having to tweak our email setup that'd be wonderful!!. We understand that we'd probably have to install some Outlook plugin, so that's OK... If there is no way to have the Shared Calendar feature as a stand-alone service/server, I guess the next step would be to ask those of you who know Exchange for an exchange clone that runs on FreeBDS / Unix. Or last but not least, I guess that there must be hosted Exchange providers out there that you can recommend. That'd mean re-doing our mail system, but I guess that we could live with it, if need be. Thanks a lot for those of you who have read this far. Best Regards Javier Jarava List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail- archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] DFS vs Robocopy question
How much data do you want to keep in sync between the distribution points? Cheers M@ On 12/6/06, Condra, Jerry W Mr HP [EMAIL PROTECTED] wrote: Hi all I'm looking for feedback on a couple of scenarios for our environment. We have three W2K3 SP1 domains and WAN separated regions in a couple of them. When deploying software, hotfixes and such I want to go to the 'distribution point' for that domain/region so as not to traverse the WAN for downloads. Each distribution point needs to mirror the others. Each region has an app server where we maintain these distribution points for downloads, patches and such and currently is managed manually as far as keeping each server identical to the other. I'm not familiar with DFS other than what is and does and have not configured or used it. Robocopy seems okay but also has a lot of configuration to deal with. DFS seems to be the best but wanted to see what the experts thought. My concern is if I create the DFS hierarchy I'd still be pointed to one server for the files. In reading the documentation I see multiple roots can be established which I'm hoping would provide access to each regional distribution point and still replicate the latest uploads from one point to all others. Appreciate any feedback. Thanks Jerry
RE: [ActiveDir] Maybe OT: Shared Calendars w/o using Exchange? Tips/Suggestions/Recommedations?
My two cents (these could euro cents or dollar cents). Exchange and Outlook are designed to work together. Despite having declared MAPI dead several times Microsoft continues to enhance and expand it, for example with RPC over HTTP. I am pretty sure you will either see reduced functionality, or face additional work on the clients to install add-ins if you go with a non-exchange based server. That is I support your conclusion that getting the real thing is the way to go. As for infrastructure well I am not sure about the amount of resilience that’s needed. If you set the users up to use OST files they may be able to tolerate short breaks in comms on your DSL, as they will still be able to read existing mails, compose new mails and meetings. Perhaps now is the time to move the query to an Exchange list, there are a number of them at Yahoo. Probably :- http://groups.yahoo.com/group/exchange-2003/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Javier Jarava Sent: 06 December 2006 16:57 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Maybe OT: Shared Calendars w/o using Exchange? Tips/Suggestions/Recommedations? Hi! Thanks for the prompt reply... As for hosted solutions, I guess that I don't much care wether the backend is Exchange, SBS or whatever the hosting company choses to provide ;) From what I've seen (http://www.arsys.es/aplicaciones/correo-exchange.htm, http://www.acens.com/seccion.web/correo/acens-exchange/678 - yes, we are based in Spain - or http://www.mi8.com/ to show that I'm looking elsewhere) basically what you get is a webbased admin panel and a number of accounts that you configure... not too much control but good enough Of course, I'd love to get recommendations for other providers or to be shown that not all of them are similar ;) As for the lack of a server for 40+ users, well, that's not really true: We have an AD (2003) domain (basic setup: single forest, single domain, 2 DCs) for the users, it's just that the email is hosted on a external server, to avoid downtime and lessen the administrative load on network admin (we don't have a full time person for that). Also, we currently have 2 main offices in Spain (conneted by DSL) and people working or tele-working in the US, Mexico, Colombia, Germany and the UK (2/3 people on each place at most): I believe that creating the infrastructure (relability-wise) to serve all those locations inhouse would be a tad expensive and (I belive) not really warranted. Of course, I'd love to hear opinions either way... As for control freak, we have an VPS so we have root on the mail server; as a matter of fact the hardest point for the internal acceptance of a hosted solution would probably lack of root access on the email server... I agree with you that to manage that that many (ok, those who manage Multi-K domains, please stop laughing) users, AD is a must And, besides, we delvelop security software that runs on top of AD, so I'd be a bit odd if we didn't use our own SW ;) In any case, I really am starting to believe that the simpler thing will be to get the real thing, so the options seem to be: 1) Get an Exchange Server inhouse. But that means making sure that our DSL line doesn't go down, and having the bandwith etc... 2) House a server on some co-lo. The comm. problems disappear, but we still have to babysit the thing... 3) Go for a hosted exchange provider. I've seen offers on the range of ~7€/mo/user; I believe that for a limited number of user (~30 ATM, possibly up to 40 in the foreseable future) that makes more sense than doing it all ourselves... I'd really love to hear your thoughts on the matter, and also if you could comment/recommend any service providers you'd make my life considerably easier ;) In any case, thanks again for reading this far and bearing with my ramblings. Happy Christmas for all ;) Javier Jarava On 05/12/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: Hosted SBS with Outlook 2003 Office Live http://office.microsoft.com/en-us/outlook/HA100809831033.aspx Not 2003 without a SBS box on the backend but 2007 uses Office Live to share calendars. 40 people and you don't have a server... wow.the control freak in me is freaking out. We put SBS servers in at 5 to 10 people and even less. Shared calendars pushes the sale of many a SBS box I don't know of non MS solutions. Javier Jarava wrote: Hi! Sorry if this question is a bit off-topic to the list, but I've seen some Exchange-related questions here, so I know there is Exchange expertise hanging around ;) and I didn't know where to ask; please feel free to point me to the proper forums (forii?) to ask in. I am looking for a way to implement shared calendars a la exchange
RE: [ActiveDir] DFS vs Robocopy question
I prefer DFS over Robocopy as DFS stores it information in a central location.. Active Directory ;-)) I would go for DFS replicated with DFS-R, which is available on R2 servers. DFS-R is so much cooler when compared with NTFRS. For example DFS-R ONLY replicates changes whereas NTFRS replicates everything, even when only ONE bit has changed. Independent of which replication mechanism used, DFS is a site aware service. It tries to locate the nearest Root Target and Link Target. However, be aware that when auto site link bridging is disable you need additional configuration with REPADMIN. Remember however, domain based DFS is just like it says...domain-based and not forest based. A domain DFS namespace can only have root targets from the domain where the DFS namespace exists and not from other domains. So, DCs from the domain that hosts the domain based DFS root must be available and preferably nearby as those are contacted to refer the client to the DFS root, even if a client is in another domain in the forest. The DFS link targets can be in any domain however. So if a client wants to connect to \\SOMEDOMAIN.COM\DFSROOT$\DFSLINK 1 it contacts a DC in the SOMEDOMAIN.COM 2 the DCs checks the nearest DFS root for DFSROOT$ and refers the client to it 2 the client contacts the DFS root and refers the client to the nearest DFS link target for DFSLINK I could tell you a complete story about DFS and DFS-R but you can also read it yourself. You might wanna have a look at: Designing Distributed File Systems http://technet2.microsoft.com/WindowsServer/en/library/1aa249c0-40f3-4974-b67f-e650b602415e1033.mspx?mfr=true Met vriendelijke groeten / Kind regards, __ MVP Profile → https://mvp.support.microsoft.com/profile=f8c04f4a-bff2-453e-9aed-7dfedab0be10 MVP Home Site → https://mvp.support.microsoft.com/ MVP Overview → https://mvp.support.microsoft.com/mvpexecsum BLOG → http://blogs.dirteam.com/blogs/jorge/default.aspx __ -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Condra, Jerry W Mr HP Sent: Wednesday, December 06, 2006 17:34 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DFS vs Robocopy question Hi all I'm looking for feedback on a couple of scenarios for our environment. We have three W2K3 SP1 domains and WAN separated regions in a couple of them. When deploying software, hotfixes and such I want to go to the 'distribution point' for that domain/region so as not to traverse the WAN for downloads. Each distribution point needs to mirror the others. Each region has an app server where we maintain these distribution points for downloads, patches and such and currently is managed manually as far as keeping each server identical to the other. I'm not familiar with DFS other than what is and does and have not configured or used it. Robocopy seems okay but also has a lot of configuration to deal with. DFS seems to be the best but wanted to see what the experts thought. My concern is if I create the DFS hierarchy I'd still be pointed to one server for the files. In reading the documentation I see multiple roots can be established which I'm hoping would provide access to each regional distribution point and still replicate the latest uploads from one point to all others. Appreciate any feedback. Thanks Jerry This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] Renaming sites
We just did it, In transition period, we saw clients wandering over WAN links, and not connecting to DC in same renamed site, after restarting the DC, clients returned back to renamed site DC.[1] Procedure: 1. Rename the site 2. Verify it is replicated to all DCs in that site 3. Restart DCs one by one, 4) After restart verify that DC is publishing the SRV records under new sitename, and has changed its sitename, (DynamicSiteName value in registry), or nltest /dsgetsite 5. And if needed restart all the machines in that site. -- Kamlesh [1] No this is not the issue, for which I have a open question in the list. On 12/5/06, Huber, Rob (HNI Corp) [EMAIL PROTECTED] wrote: Does anyone know of any issue with renaming sites? For example, if we change the site call Chicago to ChicagoIL, what issues could arise? I expect that since the GUID is not changes that there will not be a problem. How about if we use SMS?? -- ~ You teach best what you most need to learn. ~
RE: [ActiveDir] Quest Recovery Manager
shamelss plug NetPro has an AD data recovery product called RestoreADmin that competes very well with the Quest product. It's solves the AD object recovery problem nicely. See http://www.netpro.com/products/restoreadmin/index.cfm. /shameless plug -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 7:37 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Todd, thanks for your insight. Good points to think about. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 9:14 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Same here... Good stuff. To be fair though, most of the major AD players have these tools now. The thing about the Quest (Aelita) tool was its use of their own APIs to address issues like Domain Local Groups etc. I haven't kept up with the latest versions so I am not sure what direction they have gone since 2003. Latest information I remember was they offered you the option to use the MS API methods for recovery, or their special brew for more advanced recovery options. Now if put some extra effort into your query, you might get this thread nice and hot, and generate input from people like Stuart Kwan discussing supportability issues using the various recovery methods, Guido Vladimir discussing in great depth the inherent problems of group recovery, various opinions on how to use isolates sites with rubber chickens, MIIS, ADAM to reanimate deleted objects (This seems to be a favorite topic of Gil's to use to fill in spots at DEC)... did I forget anyone... hmm maybe Robbie might take time away from work on his fields medal or latest cookbook to write you a Monad shell script that Joe will find a way to compile into a .exe to execute from a ADFIND query pipe. In all seriousness though, when evaluating DR feature for AD you will have a lot of things to consider, technologies being just one. The nature of the type of AD objects you want to recover and in what state should be considered (Groups, GPO's, etc, attribute data). How much time you want to dedicate to this operation? How much you want to spend? And who will support you if the recovery operations fail or seem to cause more problems. If you are looking just to recover deleted users, the various free tools out there will do just fine. I highly recommend that you start your DR project today by just using the good'old MS backup utility at a minimum to make a MST formatted backup of the system state and data from a domain controller in each of your domains you think has the most current AD data in your organization. That pretty much guarantees you can recover every object given that you have the data in some backup. And to all the people I mentioned above. Happy Holidays... and New Year. Todd -Original Message- From: Day, James (NPS) Sent: Wednesday, December 06, 2006 8:03 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Quest Recovery Manager Hi James We bought this when it was an Aelita tool and loved the product - it pretty much paid for itself in one step the second month we were using it. The product is still good but I have nothing good to say about Quest support (but I could complain for hours about it if I am allowed to). There are a couple of other similar ones that may also be worth. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-354-1464 202-230-2983 (CEL) [EMAIL PROTECTED] [EMAIL PROTECTED] ger.com Sent by: To [EMAIL PROTECTED] ActiveDir@mail.activedir.org ail.activedir.org cc Subject 12/05/2006 05:11 [ActiveDir] Quest Recovery Manager PM EST Please respond to [EMAIL PROTECTED] tivedir.org Does anybody have anything particularly good or bad to say about Quest's Recovery Manager product? We are evaluating it for an 2 forests, and 3 domains. As always, thanks for all of your insight and expertise. -James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive:
RE: [ActiveDir] Quest Recovery Manager
They use magic chickens :) Todd -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager shamelss plug NetPro has an AD data recovery product called RestoreADmin that competes very well with the Quest product. It's solves the AD object recovery problem nicely. See http://www.netpro.com/products/restoreadmin/index.cfm. /shameless plug -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 7:37 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Todd, thanks for your insight. Good points to think about. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 9:14 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Same here... Good stuff. To be fair though, most of the major AD players have these tools now. The thing about the Quest (Aelita) tool was its use of their own APIs to address issues like Domain Local Groups etc. I haven't kept up with the latest versions so I am not sure what direction they have gone since 2003. Latest information I remember was they offered you the option to use the MS API methods for recovery, or their special brew for more advanced recovery options. Now if put some extra effort into your query, you might get this thread nice and hot, and generate input from people like Stuart Kwan discussing supportability issues using the various recovery methods, Guido Vladimir discussing in great depth the inherent problems of group recovery, various opinions on how to use isolates sites with rubber chickens, MIIS, ADAM to reanimate deleted objects (This seems to be a favorite topic of Gil's to use to fill in spots at DEC)... did I forget anyone... hmm maybe Robbie might take time away from work on his fields medal or latest cookbook to write you a Monad shell script that Joe will find a way to compile into a .exe to execute from a ADFIND query pipe. In all seriousness though, when evaluating DR feature for AD you will have a lot of things to consider, technologies being just one. The nature of the type of AD objects you want to recover and in what state should be considered (Groups, GPO's, etc, attribute data). How much time you want to dedicate to this operation? How much you want to spend? And who will support you if the recovery operations fail or seem to cause more problems. If you are looking just to recover deleted users, the various free tools out there will do just fine. I highly recommend that you start your DR project today by just using the good'old MS backup utility at a minimum to make a MST formatted backup of the system state and data from a domain controller in each of your domains you think has the most current AD data in your organization. That pretty much guarantees you can recover every object given that you have the data in some backup. And to all the people I mentioned above. Happy Holidays... and New Year. Todd -Original Message- From: Day, James (NPS) Sent: Wednesday, December 06, 2006 8:03 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Quest Recovery Manager Hi James We bought this when it was an Aelita tool and loved the product - it pretty much paid for itself in one step the second month we were using it. The product is still good but I have nothing good to say about Quest support (but I could complain for hours about it if I am allowed to). There are a couple of other similar ones that may also be worth. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-354-1464 202-230-2983 (CEL) [EMAIL PROTECTED] [EMAIL PROTECTED] ger.com Sent by: To [EMAIL PROTECTED] ActiveDir@mail.activedir.org ail.activedir.org cc Subject 12/05/2006 05:11 [ActiveDir] Quest Recovery Manager PM EST Please respond to [EMAIL PROTECTED] tivedir.org Does anybody have anything particularly good or bad to say about Quest's Recovery Manager product? We are evaluating it for an 2 forests, and 3 domains. As always, thanks for all of your insight and expertise. -James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List
RE: [ActiveDir] DFS vs Robocopy question
Initially the data size to be distributed is about 60G but that's subject to shrink and grow as needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe Sent: Wednesday, December 06, 2006 11:32 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DFS vs Robocopy question How much data do you want to keep in sync between the distribution points? Cheers M@ On 12/6/06, Condra, Jerry W Mr HP [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi all I'm looking for feedback on a couple of scenarios for our environment. We have three W2K3 SP1 domains and WAN separated regions in a couple of them. When deploying software, hotfixes and such I want to go to the 'distribution point' for that domain/region so as not to traverse the WAN for downloads. Each distribution point needs to mirror the others. Each region has an app server where we maintain these distribution points for downloads, patches and such and currently is managed manually as far as keeping each server identical to the other. I'm not familiar with DFS other than what is and does and have not configured or used it. Robocopy seems okay but also has a lot of configuration to deal with. DFS seems to be the best but wanted to see what the experts thought. My concern is if I create the DFS hierarchy I'd still be pointed to one server for the files. In reading the documentation I see multiple roots can be established which I'm hoping would provide access to each regional distribution point and still replicate the latest uploads from one point to all others. Appreciate any feedback. Thanks Jerry List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] Pagefile not being seen?
Colleagues, On two different Windows 2003 servers in as many weeks I have seen a popup when I logged in that says Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. On one server, I had 2048 pagefile on C. On the other, I had 4096 pagefile on C, but the note at the bottom of the screen showed only 2050. Both servers have 2Gb physical RAM, and both are Exchange 2003 servers. I have now put 2048 on C: and another 2048 on F: on both servers. So, I wonder if I have things set up right, so I have a few questions: 1. Isn't the pagefile limit in 2K3 Standard 4Gb per drive as I have read? Or is it actually 2Gb per drive? 2. With 2Gb physical RAM, isn't 4Gb pagefile the standard? 3. With the /3GB and /USERVA=3030 switches set, which is what I learned to do in class, why do I still get the Event Log error message that says The memory settings for this server are not optimal for Exchange.? -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] ADUC - Simple question
In ADUC, under Saved Queries/New/Query, why is the Query string: text box greyed out and uneditable? Thanks! -James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] Is it possible to determine who created an AD object?
Thanks to all the work from Laura, Jorge and Tony. Mitch On 12/5/06, Tony Murray [EMAIL PROTECTED] wrote: Well, I've done some more testing and the results are interesting. In both instances I have the policy in place and set to Object Creator. 1. If the account used for AD object creation is a member of Domain Admins the owner is shown as Domain Admins. 2. If the account used for AD object creation is a member of Administrators the owner is shown as the account used to create the object. Tony _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Wednesday, 6 December 2006 12:00 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Is it possible to determine who created an AD object? ? sorry to say, but I have different results...mailed them offline to Laura Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address _ From: [EMAIL PROTECTED] on behalf of Laura A. Robinson Sent: Tue 2006-12-05 23:04 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Is it possible to determine who created an AD object? Just to make sure everybody understands what I am saying, I'm going to summarize this one last time. If I create an object in AD while I am logged on with an account that is a member of Domain Admins, Domain Admins becomes the owner of the object. NOT the Administrators group. NOT the object creator. DOMAIN ADMINS. If I create an obect in AD while I am logged in with an account that is NOT a member of Domain Admins and IS a member of the built-in Administrators group in Active Directory, DOMAIN ADMINS STILL becomes the owner of the object. NOT Administrators, and NOT the object creator. Period. End of story. The group policy setting System objects: Default owner for objects created by members of the Administrators group DOES NOT AFFECT DIRECTORY OBJECTS. Test. It. Yourself. :-) Laura _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, December 05, 2006 3:53 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Is it possible to determine who created an AD object? ? just like I wrote it and tony confirmed it do you have other experiences? Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address _ From: [EMAIL PROTECTED] on behalf of Laura A. Robinson Sent: Tue 2006-12-05 21:17 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Is it possible to determine who created an AD object? Test what I wrote in my other response. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, December 05, 2006 2:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Is it possible to determine who created an AD object? ? which part? Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : see sender address _ From: [EMAIL PROTECTED] on behalf of Laura A. Robinson Sent: Tue 2006-12-05 19:44 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Is it possible to determine who created an AD object? Have you tested this? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, December 05, 2006 12:53 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Is it possible to determine who created an AD object? If you are member of ADMINISTRATORS directly or indirectly through a CUSTOM group it will by default list ADMINISTRATORS. Changing the policy lists the object creator. If you are member of DOMAIN ADMINS also, it will list DOMAIN ADMINS…. Is this what you mean? If the latter is the case check with REPADMIN /SHOWOBJMETA on which DC the object was created (also note the date and time). On the DC that is listed as the originating DC for the account creation check the security log. If it concerns SECURITY PRINICIPAL objects you might be lucky if you have configured Account Management for SUCCESS (also the default if I’m not mistaken). If it concerns OTHER objects you are lucky if you have configured directory service access for SUCCESS (also the default if I’m not mistaken) AND you have configured one or more SACLs on objects or Ous with objects that should be audited jorge _ From: [EMAIL PROTECTED] [mailto:[EMAIL
RE: [ActiveDir] Quest Recovery Manager
Tim- Sadly in our business I think you'd have a hard time finding someting akin to a decent, educated and un-biased review of this stuff. No Consumer Reports for software. What I would always recommend is to gather your requirements clearly and evaluate all players against those requirements and their costs. Darren -Original Message- From: Tim Onsomu [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Sent: 12/6/2006 11:05 AM Subject: RE: [ActiveDir] Quest Recovery Manager Does anybody know what independent rankings look like for AD DR tools? -Original Message- From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Wed 12/6/2006 9:59 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager shamelss plug NetPro has an AD data recovery product called RestoreADmin that competes very well with the Quest product. It's solves the AD object recovery problem nicely. See http://www.netpro.com/products/restoreadmin/index.cfm. /shameless plug -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 7:37 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Todd, thanks for your insight. Good points to think about. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 9:14 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Same here... Good stuff. To be fair though, most of the major AD players have these tools now. The thing about the Quest (Aelita) tool was its use of their own APIs to address issues like Domain Local Groups etc. I haven't kept up with the latest versions so I am not sure what direction they have gone since 2003. [truncated by sender] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] OT: Possible Security Hole in RDP?
If server and clients are in domain, you can disable the feature using group policies. Computer configuration Administrative Templates Windows Components Terminal Services Client / Server data redirection Do not allow drive redirection -- Kamlesh On 10/10/06, Dan DeStefano [EMAIL PROTECTED] wrote: I should have mentioned that my RDP connection to the TS was as a normal user as well. Dan DeStefano Info-lution Corporation [EMAIL PROTECTED] http://www.info-lution.com Office: 727 546-9143 FAX: 727 541-5888 -- *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Peter Johnson *Sent:* Tuesday, October 10, 2006 8:40 AM *To:* ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] OT: Possible Security Hole in RDP? If the RDP session is being created to the target server with Admin privileges and that account also has admin privileges on your machine then I would suspect that this is what happening here. I.E. the connection is back to your PC from the server, under the credentials you logged in with, and not from your PC to the server under your local credentials. Anyone else got any ideas?? *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Dan DeStefano *Sent:* 10 October 2006 14:10 *To:* ActiveDir@mail.activedir.org *Cc:* [EMAIL PROTECTED] *Subject:* [ActiveDir] OT: Possible Security Hole in RDP? I have noticed something with Terminal Services and RDP that is concerning. I am using a notebook on which I am just a normal user (I do not log on as administrator unless absolutely necessary). I create an RDP connection to a WS2k3 terminal server and choose to make the notebook's local disks available on the terminal server. I can then browse through my notebook's hard drive with impunity. I can access all files and folders to which I should not have any access at all, including the administrator profile. However, it does take very long to open these files/folders. I am sure this is a known issue, I just haven't read about it anywhere. Does anyone know if there is a way to mitigate this other than setting group policy to not allow local disks to connect to the terminal server? Dan DeStefano *Info-lution Corporation* [EMAIL PROTECTED] http://www.info-lution.com Office: 727 546-9143 FAX: 727 541-5888 If you have received this message in error please notify the sender, disregard any content and remove it from your possession. *Disclaimer:* The Development Bank of Southern Africa exercises no control over information contained in any e-mail message originating from within the organisation. The Bank makes no representation relating to the completeness or accuracy and accepts no responsibility for any loss, damage or liability that is incurred by reliance on the content hereof by the recipient or any other party. Each page attached hereto must also be read in conjunction with any disclaimer, which forms part of it. *Confidentiality:* The e-mail is privileged and confidential and for use of the addressee only. Should you have received this e-mail in error, please return it to [EMAIL PROTECTED][EMAIL PROTECTED]. Dissemination, disclosure, copying or any similar actions of the content of this e-mail is strictly prohibited. Dan DeStefano *Info-lution Corporation* [EMAIL PROTECTED] http://www.info-lution.com Office: 727 546-9143 FAX: 727 541-5888 If you have received this message in error please notify the sender, disregard any content and remove it from your possession. -- ~ You teach best what you most need to learn. ~
RE: [ActiveDir] Quest Recovery Manager
I don't think there are many independent rankings out there. You have to figure that Windows ITPro and SearchWindows are probably the easiest sources to get access to online, but they are influenced by ad dollars sometimes. It is possible that Burton Group and possibly Gartner have done some research But I doubt it. I know that directions on Microsoft hasn't covered it. It is a pretty niche topic. I think the best way to approach this is to have a good old fashion bake off of the technologies. Depending how big a player you are, you can probably get Quest, Netpro, Veritas, and Commvalt to step-up. I would say that all the technologies are pretty stable at the moment; there isn't a lot of innovation going on anymore, so it is pretty hard to make a mistake choosing one of these products. Todd From: Tim Onsomu [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 2:06 PM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager Does anybody know what independent rankings look like for AD DR tools? -Original Message- From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Wed 12/6/2006 9:59 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager shamelss plug NetPro has an AD data recovery product called RestoreADmin that competes very well with the Quest product. It's solves the AD object recovery problem nicely. See http://www.netpro.com/products/restoreadmin/index.cfm. /shameless plug -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 7:37 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Todd, thanks for your insight. Good points to think about. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 9:14 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Same here... Good stuff. To be fair though, most of the major AD players have these tools now. The thing about the Quest (Aelita) tool was its use of their own APIs to address issues like Domain Local Groups etc. I haven't kept up with the latest versions so I am not sure what direction they have gone since 2003. Latest information I remember was they offered you the option to use the MS API methods for recovery, or their special brew for more advanced recovery options. Now if put some extra effort into your query, you might get this thread nice and hot, and generate input from people like Stuart Kwan discussing supportability issues using the various recovery methods, Guido Vladimir discussing in great depth the inherent problems of group recovery, various opinions on how to use isolates sites with rubber chickens, MIIS, ADAM to reanimate deleted objects (This seems to be a favorite topic of Gil's to use to fill in spots at DEC)... did I forget anyone... hmm maybe Robbie might take time away from work on his fields medal or latest cookbook to write you a Monad shell script that Joe will find a way to compile into a .exe to execute from a ADFIND query pipe. In all seriousness though, when evaluating DR feature for AD you will have a lot of things to consider, technologies being just one. The nature of the type of AD objects you want to recover and in what state should be considered (Groups, GPO's, etc, attribute data). How much time you want to dedicate to this operation? How much you want to spend? And who will support you if the recovery operations fail or seem to cause more problems. If you are looking just to recover deleted users, the various free tools out there will do just fine. I highly recommend that you start your DR project today by just using the good'old MS backup utility at a minimum to make a MST formatted backup of the system state and data from a domain controller in each of your domains you think has the most current AD data in your organization. That pretty much guarantees you can recover every object given that you have the data in some backup. And to all the people I mentioned above. Happy Holidays... and New Year. Todd -Original Message- From: Day, James (NPS) Sent: Wednesday, December 06, 2006 8:03 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Quest Recovery Manager Hi James We bought this when it was an Aelita tool and loved the product - it pretty much paid for itself in one step the second month we were using it. The product is still good but I have nothing good to say about Quest support (but I could complain for hours about it if I am allowed to).
RE: [ActiveDir] ADUC - Simple question
You have to hit the Define Query button to the right to add to that field...are you saying that button is grayed out? Travis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 2:40 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADUC - Simple question In ADUC, under Saved Queries/New/Query, why is the Query string: text box greyed out and uneditable? Thanks! -James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Pagefile not being seen?
Check out this article for the Exchange memory settings. There are a few other tweaks in the registry. http://support.microsoft.com/kb/815372 Do you have any third-party apps running on your Exchange servers? I have seen memory leaks in third-party apps cause this kind of virtual memory issue. 2K3 Standard does allow 4GB on a drive. The way you have it set up with 2048 on two separate drives will give you a performance boost if they are actually separate physical disks or RAID sets. I have typically heard 1.5 times physical for virtual, but I don't think that is as much a best practice as a general rule of thumb. Depending on circumstances I have certainly set it lower or higher. 4 GB virtual should certainly be enough. Sorry for the random order of my answers. I also have trouble following directions and don't play well with others. Hope this helps Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Wednesday, December 06, 2006 1:28 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Pagefile not being seen? Colleagues, On two different Windows 2003 servers in as many weeks I have seen a popup when I logged in that says Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. On one server, I had 2048 pagefile on C. On the other, I had 4096 pagefile on C, but the note at the bottom of the screen showed only 2050. Both servers have 2Gb physical RAM, and both are Exchange 2003 servers. I have now put 2048 on C: and another 2048 on F: on both servers. So, I wonder if I have things set up right, so I have a few questions: 1. Isn't the pagefile limit in 2K3 Standard 4Gb per drive as I have read? Or is it actually 2Gb per drive? 2. With 2Gb physical RAM, isn't 4Gb pagefile the standard? 3. With the /3GB and /USERVA=3030 switches set, which is what I learned to do in class, why do I still get the Event Log error message that says The memory settings for this server are not optimal for Exchange.? -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Renaming sites
Thanks all for the assistance! It is greatly appreciated! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar Sent: Wednesday, December 06, 2006 11:43 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Renaming sites We just did it, In transition period, we saw clients wandering over WAN links, and not connecting to DC in same renamed site, after restarting the DC, clients returned back to renamed site DC.[1] Procedure: 1. Rename the site 2. Verify it is replicated to all DCs in that site 3. Restart DCs one by one, 4) After restart verify that DC is publishing the SRV records under new sitename, and has changed its sitename, (DynamicSiteName value in registry), or nltest /dsgetsite 5. And if needed restart all the machines in that site. -- Kamlesh [1] No this is not the issue, for which I have a open question in the list. On 12/5/06, Huber, Rob (HNI Corp) [EMAIL PROTECTED] wrote: Does anyone know of any issue with renaming sites? For example, if we change the site call Chicago to ChicagoIL, what issues could arise? I expect that since the GUID is not changes that there will not be a problem. How about if we use SMS?? -- ~ You teach best what you most need to learn. ~
RE: [ActiveDir] DFS vs Robocopy question
Jerry, Take a look at DirSync (http://www.archersoft.com/). James Blair -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Condra, Jerry W Mr HP Sent: Thursday, 7 December 2006 5:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DFS vs Robocopy question Initially the data size to be distributed is about 60G but that's subject to shrink and grow as needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe Sent: Wednesday, December 06, 2006 11:32 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DFS vs Robocopy question How much data do you want to keep in sync between the distribution points? Cheers M@ On 12/6/06, Condra, Jerry W Mr HP [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi all I'm looking for feedback on a couple of scenarios for our environment. We have three W2K3 SP1 domains and WAN separated regions in a couple of them. When deploying software, hotfixes and such I want to go to the 'distribution point' for that domain/region so as not to traverse the WAN for downloads. Each distribution point needs to mirror the others. Each region has an app server where we maintain these distribution points for downloads, patches and such and currently is managed manually as far as keeping each server identical to the other. I'm not familiar with DFS other than what is and does and have not configured or used it. Robocopy seems okay but also has a lot of configuration to deal with. DFS seems to be the best but wanted to see what the experts thought. My concern is if I create the DFS hierarchy I'd still be pointed to one server for the files. In reading the documentation I see multiple roots can be established which I'm hoping would provide access to each regional distribution point and still replicate the latest uploads from one point to all others. Appreciate any feedback. Thanks Jerry List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ Note: This email, including any attachments, is confidential. If you have received this email in error, please advise the sender and delete it and all copies of it from your system. If you are not the intended recipient of this email, you must not use, print, distribute, copy or disclose its content to anyone. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] ADUC - Simple question
Because you need to define the query first. The Query string is display only, i.e. it will display the query that you build using the Define Query option. Tony -- Original Message -- From: [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org Date: Wed, 6 Dec 2006 14:40:21 -0500 In ADUC, under Saved Queries/New/Query, why is the Query string: text box greyed out and uneditable? Thanks! -James List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] AD with mixed DC
I have an AD domain with 2 2k domain controllers. I want to add a thirds domain controller that has a 2k3 os. I know there is something that needs to be enabled or disable before having an AD with mixed DC. What do I need to do before adding the third DC? Thanks Antonio Aranda Network Analyst UT-Permian Basin 432-552-2413
[ActiveDir] Users Not receiving Logon Script GPO
I have a situation wherein after I applied a Folder redirection policy to a group of users, wherein I had a deny set on the apply group policy for the Group wherein I had the users computer and user accounts Now all of a sudden, for an entirely different User logon Script policy(Separate GPO), the policy will not flow down to the users. I have moved the users to different OU's with different user logon script GPO's, and none of the GPO's seem to make it to the users, even though a RSPO, shows that the users are in the right OU to receive the policy. Futher more, if i perform a GPO Model of the user, or even of the container that has the users, the model SHOWS that the user logon script GPO should apply,.. But by using the GP results wizard, the policy will not show in the user Applied Policy section and via checking, it is not in the denied policy section either. The policy simply will NOT go down to the user. As a separate test, if i set a Computer start up policy GPO to the computer, after a gpupdate, the Computer will see the policy, but for some reason the user(s0 will not get the policy. Any ideas? Let me add that I ran gpotool, and everything for that policy checks out ok. Also, there is no special security filtering for the logon script GPO. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.430 / Virus Database: 268.15.9/571 - Release Date: 12/5/2006 11:50 AM
RE: [ActiveDir] Quest Recovery Manager
Yeah. Sit down with your team and figure out what it is you need - must have, would like to have, and nice to have. Then, tell all the vendors you want a little webinar (they love these), and then compare your notes after each/all of them again. Rule out any ones now that don't do the trick Then go get ready to have it shoved way up your ass when they give you the pricing. Then you can suggest (if they haven't already) that they come discuss it in further and plan on a lunch/dinner or two on their dime while you further discuss how expensive their stuff is and what they can do for you to make it more attractive. The Quest guys told me the other day they had a lot of leeway on some pricing for one of my clients so I'm wondering if this is the end of the year for the salesmen and they need to make their year this month (if so this is an excellent time to buy Quest software). Now that said, I've worked in a few large shops, and we haven't had any of this frilly fancy shit. It's expensive, I hate the per head/per seat/per whatever pricing, and frankly all I think it does is idiot proof what's already there. Rather than having something do it for you, why don't you learn how it does it, because then you'll be smarter, and you can go get a new better job with your new found talents. That said there is some cool shit from quest and NetIQ and those guys - I'm into the change control/management stuff in shops where there are too many cooks in the kitchen. Quest's migration stuff is of course great if you can afford it. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 3:23 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager I don't think there are many independent rankings out there. You have to figure that Windows ITPro and SearchWindows are probably the easiest sources to get access to online, but they are influenced by ad dollars sometimes. It is possible that Burton Group and possibly Gartner have done some research But I doubt it. I know that directions on Microsoft hasn't covered it. It is a pretty niche topic. I think the best way to approach this is to have a good old fashion bake off of the technologies. Depending how big a player you are, you can probably get Quest, Netpro, Veritas, and Commvalt to step-up. I would say that all the technologies are pretty stable at the moment; there isn't a lot of innovation going on anymore, so it is pretty hard to make a mistake choosing one of these products. Todd From: Tim Onsomu [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 2:06 PM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager Does anybody know what independent rankings look like for AD DR tools? -Original Message- From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Wed 12/6/2006 9:59 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager shamelss plug NetPro has an AD data recovery product called RestoreADmin that competes very well with the Quest product. It's solves the AD object recovery problem nicely. See http://www.netpro.com/products/restoreadmin/index.cfm. /shameless plug -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 7:37 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Todd, thanks for your insight. Good points to think about. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 9:14 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Same here... Good stuff. To be fair though, most of the major AD players have these tools now. The thing about the Quest (Aelita) tool was its use of their own APIs to address issues like Domain Local Groups etc. I haven't kept up with the latest versions so I am not sure what direction they have gone since 2003. Latest information I remember was they offered you the option to use the MS API methods for recovery, or their special brew for more advanced recovery options. Now if put some extra effort into your query, you might get this thread nice and hot, and generate input from people like Stuart Kwan discussing supportability issues using the various recovery methods, Guido Vladimir discussing in great depth the inherent problems of group recovery, various opinions on how to use isolates sites with rubber chickens, MIIS, ADAM to reanimate deleted objects (This
RE: [ActiveDir] AD with mixed DC
I believe this KB will guide you in the correct direction. http://support.microsoft.com/kb/278875 /aaron From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Antonio Aranda Sent: Wednesday, December 06, 2006 3:12 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD with mixed DC I have an AD domain with 2 2k domain controllers. I want to add a thirds domain controller that has a 2k3 os. I know there is something that needs to be enabled or disable before having an AD with mixed DC. What do I need to do before adding the third DC? Thanks Antonio Aranda Network Analyst UT-Permian Basin 432-552-2413
RE: [ActiveDir] AD with mixed DC
Very straightforward... you need to do a domain and forest prep... search the internet for loads of info... i.e. - http://searchwinit.techtarget.com/tip/0,289483,sid1_gci990371,00.html Rob Robert Rutherford QuoStar Solutions Limited T:+44 (0) 8456 440 331 F:+44 (0) 8456 440 332 M:+44 (0) 7974 249 494 E:[EMAIL PROTECTED] W:www.quostar.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Antonio Aranda Sent: 06 December 2006 21:12 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD with mixed DC I have an AD domain with 2 2k domain controllers. I want to add a thirds domain controller that has a 2k3 os. I know there is something that needs to be enabled or disable before having an AD with mixed DC. What do I need to do before adding the third DC? Thanks Antonio Aranda Network Analyst UT-Permian Basin 432-552-2413
Re: [ActiveDir] Pagefile not being seen?
It's better to use 2x installed memory for Exchange as a starting point. Splitting the page file on separate physical disks should be OK as long as it is a total of 4 GB. Depending on the how much messaging activity you have you might want to bump up the memory to 4 GB and then the pagefile would need to obviously be increased substantially to about double the installed memory. Chuck -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Wed, 6 Dec 2006 3:31 PM Subject: RE: [ActiveDir] Pagefile not being seen? Check out this article for the Exchange memory settings. There are a few other tweaks in the registry. http://support.microsoft.com/kb/815372 Do you have any third-party apps running on your Exchange servers? I have seen memory leaks in third-party apps cause this kind of virtual memory issue. 2K3 Standard does allow 4GB on a drive. The way you have it set up with 2048 on two separate drives will give you a performance boost if they are actually separate physical disks or RAID sets. I have typically heard 1.5 times physical for virtual, but I don't think that is as much a best practice as a general rule of thumb. Depending on circumstances I have certainly set it lower or higher. 4 GB virtual should certainly be enough. Sorry for the random order of my answers. I also have trouble following directions and don't play well with others. Hope this helps Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Wednesday, December 06, 2006 1:28 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Pagefile not being seen? Colleagues, On two different Windows 2003 servers in as many weeks I have seen a popup when I logged in that says Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. On one server, I had 2048 pagefile on C. On the other, I had 4096 pagefile on C, but the note at the bottom of the screen showed only 2050. Both servers have 2Gb physical RAM, and both are Exchange 2003 servers. I have now put 2048 on C: and another 2048 on F: on both servers. So, I wonder if I have things set up right, so I have a few questions: 1. Isn't the pagefile limit in 2K3 Standard 4Gb per drive as I have read? Or is it actually 2Gb per drive? 2. With 2Gb physical RAM, isn't 4Gb pagefile the standard? 3. With the /3GB and /USERVA=3030 switches set, which is what I learned to do in class, why do I still get the Event Log error message that says The memory settings for this server are not optimal for Exchange.? -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ Check out the new AOL. Most comprehensive set of free safety and security tools, free access to millions of high-quality videos from across the web, free AOL Mail and more.
RE: [ActiveDir] Users Not receiving Logon Script GPO
Booker, Have a look at the security filtering component of the policy and verify that designated uses have Read and Apply Group Policy. I would implicitly add one of the effected uses to the security filtering see post gpupdate whether the policy is applied. Check if block inheritance is not enable and temporarily enforce the policy to see if it is applied. What does GPReult come back with from one of the effected users? James From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Washington, Booker Sent: Thursday, 7 December 2006 7:24 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Users Not receiving Logon Script GPO I have a situation wherein after I applied a Folder redirection policy to a group of users, wherein I had a deny set on the apply group policy for the Group wherein I had the users computer and user accounts Now all of a sudden, for an entirely different User logon Script policy(Separate GPO), the policy will not flow down to the users. I have moved the users to different OU's with different user logon script GPO's, and none of the GPO's seem to make it to the users, even though a RSPO, shows that the users are in the right OU to receive the policy. Futher more, if i perform a GPO Model of the user, or even of the container that has the users, the model SHOWS that the user logon script GPO should apply,.. But by using the GP results wizard, the policy will not show in the user Applied Policy section and via checking, it is not in the denied policy section either. The policy simply will NOT go down to the user. As a separate test, if i set a Computer start up policy GPO to the computer, after a gpupdate, the Computer will see the policy, but for some reason the user(s0 will not get the policy. Any ideas? Let me add that I ran gpotool, and everything for that policy checks out ok. Also, there is no special security filtering for the logon script GPO. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.430 / Virus Database: 268.15.9/571 - Release Date: 12/5/2006 11:50 AM Note: This email, including any attachments, is confidential. If you have received this email in error, please advise the sender and delete it and all copies of it from your system. If you are not the intended recipient of this email, you must not use, print, distribute, copy or disclose its content to anyone.
RE: [ActiveDir] Quest Recovery Manager
It is an excellent time to purchase Quest software. (In my opinion, my views do not represent my employer :-) :-)) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Wednesday, December 06, 2006 1:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager Yeah. Sit down with your team and figure out what it is you need - must have, would like to have, and nice to have. Then, tell all the vendors you want a little webinar (they love these), and then compare your notes after each/all of them again. Rule out any ones now that don't do the trick Then go get ready to have it shoved way up your ass when they give you the pricing. Then you can suggest (if they haven't already) that they come discuss it in further and plan on a lunch/dinner or two on their dime while you further discuss how expensive their stuff is and what they can do for you to make it more attractive. The Quest guys told me the other day they had a lot of leeway on some pricing for one of my clients so I'm wondering if this is the end of the year for the salesmen and they need to make their year this month (if so this is an excellent time to buy Quest software). Now that said, I've worked in a few large shops, and we haven't had any of this frilly fancy shit. It's expensive, I hate the per head/per seat/per whatever pricing, and frankly all I think it does is idiot proof what's already there. Rather than having something do it for you, why don't you learn how it does it, because then you'll be smarter, and you can go get a new better job with your new found talents. That said there is some cool shit from quest and NetIQ and those guys - I'm into the change control/management stuff in shops where there are too many cooks in the kitchen. Quest's migration stuff is of course great if you can afford it. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 3:23 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager I don't think there are many independent rankings out there. You have to figure that Windows ITPro and SearchWindows are probably the easiest sources to get access to online, but they are influenced by ad dollars sometimes. It is possible that Burton Group and possibly Gartner have done some research But I doubt it. I know that directions on Microsoft hasn't covered it. It is a pretty niche topic. I think the best way to approach this is to have a good old fashion bake off of the technologies. Depending how big a player you are, you can probably get Quest, Netpro, Veritas, and Commvalt to step-up. I would say that all the technologies are pretty stable at the moment; there isn't a lot of innovation going on anymore, so it is pretty hard to make a mistake choosing one of these products. Todd From: Tim Onsomu [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 2:06 PM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager Does anybody know what independent rankings look like for AD DR tools? -Original Message- From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Wed 12/6/2006 9:59 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager shamelss plug NetPro has an AD data recovery product called RestoreADmin that competes very well with the Quest product. It's solves the AD object recovery problem nicely. See http://www.netpro.com/products/restoreadmin/index.cfm. /shameless plug -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 7:37 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Todd, thanks for your insight. Good points to think about. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 9:14 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Same here... Good stuff. To be fair though, most of the major AD players have these tools now. The thing about the Quest (Aelita) tool was its use of their own APIs to address issues like Domain Local Groups etc. I haven't kept up with the latest versions so I am not sure what direction they have gone since 2003. Latest information I remember was they offered you the option to use the MS API methods for recovery, or their special brew for more advanced recovery options. Now if put some extra effort into
[ActiveDir] OT: But THANK YOU WSUS/Exchange
http://blogs.technet.com/wsus/archive/2006/12/06/intelligent-message-filter-for-exchange-server-2003-supersedence-release-model.aspx Starting today, the WSUS administrator will notice that the IMF Filters now supersede each other instead of direct expiration of every update. A review of the process over the last couple of months allowed us to identify that the expiration release model just wasn't working. The new model allows a better control of ensuring that an IMF update will always be available even if the release window for the new update is missed. The new release model will be as follows: 1. The new update (N) will supersede the previous update (N-1) when viewed by the WSUS administrator 2. N-3 updates and older will be expired. Scott Roberts (Exchange SE) -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Quest Recovery Manager
The Quest guys told me the other day they had a lot of leeway on some pricing for one of my clients so I'm wondering if this is the end of the year for the salesmen and they need to make their year this month (if so this is an excellent time to buy Quest software) Ha! Show me a sales person from ANY software company who doesn't get that wide-eyed, crazed, foaming-at-the-mouth look in his or her eye around quarter-end or year-end and I'll show you a sales person that is about to be fired. Its part of the game. Gotta make quota, esp. at year end, and to do that, you gotta discount! I would think most IT shops are wise to it by now. Its kind of a sick dance we all do J Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Wednesday, December 06, 2006 1:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager Yeah. Sit down with your team and figure out what it is you need - must have, would like to have, and nice to have. Then, tell all the vendors you want a little webinar (they love these), and then compare your notes after each/all of them again. Rule out any ones now that don't do the trick Then go get ready to have it shoved way up your ass when they give you the pricing. Then you can suggest (if they haven't already) that they come discuss it in further and plan on a lunch/dinner or two on their dime while you further discuss how expensive their stuff is and what they can do for you to make it more attractive. The Quest guys told me the other day they had a lot of leeway on some pricing for one of my clients so I'm wondering if this is the end of the year for the salesmen and they need to make their year this month (if so this is an excellent time to buy Quest software). Now that said, I've worked in a few large shops, and we haven't had any of this frilly fancy shit. It's expensive, I hate the per head/per seat/per whatever pricing, and frankly all I think it does is idiot proof what's already there. Rather than having something do it for you, why don't you learn how it does it, because then you'll be smarter, and you can go get a new better job with your new found talents. That said there is some cool shit from quest and NetIQ and those guys - I'm into the change control/management stuff in shops where there are too many cooks in the kitchen. Quest's migration stuff is of course great if you can afford it. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 3:23 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager I don't think there are many independent rankings out there. You have to figure that Windows ITPro and SearchWindows are probably the easiest sources to get access to online, but they are influenced by ad dollars sometimes. It is possible that Burton Group and possibly Gartner have done some research.. But I doubt it. I know that directions on Microsoft hasn't covered it. It is a pretty niche topic. I think the best way to approach this is to have a good old fashion bake off of the technologies. Depending how big a player you are, you can probably get Quest, Netpro, Veritas, and Commvalt to step-up. I would say that all the technologies are pretty stable at the moment; there isn't a lot of innovation going on anymore, so it is pretty hard to make a mistake choosing one of these products. Todd _ From: Tim Onsomu [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 2:06 PM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager Does anybody know what independent rankings look like for AD DR tools? -Original Message- From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Wed 12/6/2006 9:59 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager shamelss plug NetPro has an AD data recovery product called RestoreADmin that competes very well with the Quest product. It's solves the AD object recovery problem nicely. See http://www.netpro.com/products/restoreadmin/index.cfm. /shameless plug -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 7:37 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Todd, thanks for your insight. Good points to think about. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 9:14 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quest Recovery Manager Same
RE: [ActiveDir] Quest Recovery Manager
It gets even nuttier in competitive situations. Bring in the NetPro products for eval, and watch how fast the Quest price goes to zero. Its like the old Crazy Eddy's TV ads in New York. Of course its free like a puppy... :) -gil From: [EMAIL PROTECTED] on behalf of Darren Mar-Elia Sent: Wed 12/6/2006 4:18 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager The Quest guys told me the other day they had a lot of leeway on some pricing for one of my clients so I'm wondering if this is the end of the year for the salesmen and they need to make their year this month (if so this is an excellent time to buy Quest software) Ha! Show me a sales person from ANY software company who doesn't get that wide-eyed, crazed, foaming-at-the-mouth look in his or her eye around quarter-end or year-end and I'll show you a sales person that is about to be fired. Its part of the game. Gotta make quota, esp. at year end, and to do that, you gotta discount! I would think most IT shops are wise to it by now. Its kind of a sick dance we all do J Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Wednesday, December 06, 2006 1:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager Yeah. Sit down with your team and figure out what it is you need - must have, would like to have, and nice to have. Then, tell all the vendors you want a little webinar (they love these), and then compare your notes after each/all of them again. Rule out any ones now that don't do the trick Then go get ready to have it shoved way up your ass when they give you the pricing. Then you can suggest (if they haven't already) that they come discuss it in further and plan on a lunch/dinner or two on their dime while you further discuss how expensive their stuff is and what they can do for you to make it more attractive. The Quest guys told me the other day they had a lot of leeway on some pricing for one of my clients so I'm wondering if this is the end of the year for the salesmen and they need to make their year this month (if so this is an excellent time to buy Quest software). Now that said, I've worked in a few large shops, and we haven't had any of this frilly fancy shit. It's expensive, I hate the per head/per seat/per whatever pricing, and frankly all I think it does is idiot proof what's already there. Rather than having something do it for you, why don't you learn how it does it, because then you'll be smarter, and you can go get a new better job with your new found talents. That said there is some cool shit from quest and NetIQ and those guys - I'm into the change control/management stuff in shops where there are too many cooks in the kitchen. Quest's migration stuff is of course great if you can afford it. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DCRI) [E] Sent: Wednesday, December 06, 2006 3:23 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager I don't think there are many independent rankings out there. You have to figure that Windows ITPro and SearchWindows are probably the easiest sources to get access to online, but they are influenced by ad dollars sometimes. It is possible that Burton Group and possibly Gartner have done some research But I doubt it. I know that directions on Microsoft hasn't covered it. It is a pretty niche topic. I think the best way to approach this is to have a good old fashion bake off of the technologies. Depending how big a player you are, you can probably get Quest, Netpro, Veritas, and Commvalt to step-up. I would say that all the technologies are pretty stable at the moment; there isn't a lot of innovation going on anymore, so it is pretty hard to make a mistake choosing one of these products. Todd From: Tim Onsomu [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 2:06 PM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager Does anybody know what independent rankings look like for AD DR tools? -Original Message- From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Wed 12/6/2006 9:59 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Quest Recovery Manager shamelss plug NetPro has an AD data recovery product called RestoreADmin that competes very well with the Quest product. It's solves the AD object recovery problem nicely. See http://www.netpro.com/products/restoreadmin/index.cfm. /shameless plug -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 7:37 AM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED]