[ActiveDir] Export Group's Members details
Hi, How can I export the details of the members of a group like their firstname, lastname, display name, smtp address etc... I had tried with both csvde ldifde but not able to get all the information. Also is there any list which can show all the attributes of a user... Dhiraj Haritwal --- This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway. ---
RE: [ActiveDir] Shares with Computer Account Permissions
No. This would only apply for things running in the context of the computer account (e.g. services as SYSTEM or NETWORK SERVICE). When you go \\server file:///\\server in explorer you connect as ben not bensmachine... Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN Sent: Tuesday, January 09, 2007 4:09 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Shares with Computer Account Permissions I was asked today whether it was possible to allow or deny access to shares not just based on user accounts, but also upon computer accounts. My immediate response was that I didn't think so. So I tested it by simply creating a folder up on our file server, and added the computer account for my workstation and denying it access completely. This made no difference to my permissions when trying to access it from this workstation. So my question is this, is there any way to design access permissions in such a way so you could not only allow access to a share to a certain security group, but also to this security group only when they are accessing it on hosts that we have explicitly defined? ~Ben
[ActiveDir] Domain Admin
I have a consultant that is asking for domain admin rights on 2 member servers. I have google it but nothing seems to work out right. The servers are on the domain but the consultant just has a domain user account. He can logon on to the servers while they are on the domain but the administrative tools is not there (as it should). I want to creat an OU and put the two machines in that ou and delegate control to the consultants domain user account. Any other way to do this without registry hacks or scripts? All assistance welcomed
RE: [ActiveDir] Domain Admin
If he only needs admin rights on these 2 machines, just add his domain
account into the local admins group on both servers.
You can install any missing tools onto those servers, too.
Does that help?
neil
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Patrick
Sent: 10 January 2007 05:20
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Domain Admin
I have a consultant that is asking for domain admin rights on 2 member
servers. I have google it but nothing seems to work out right. The
servers are on the domain but the consultant just has a domain user
account.
He can logon on to the servers while they are on the domain but the
administrative tools is not there (as it should). I want to creat an OU
and put the two machines in that ou and delegate control to the
consultants domain user account. Any other way to do this without
registry hacks or scripts?
All assistance welcomed
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
RE: [ActiveDir] Domain Admin
If he just needs administrative equivalent permissions on THOSE TWO MEMBER SERVERS you can put his account into the local administrators group of each server...If he is logged on, tell him to log out and log on AFTER you have added his account to the groups. DOMAIN ADMIN quirevalent permissions is a little bit too much imo as that gives him full access to everything in AD... Either you need to install the adminpak and/or you need to make them visible in the start menu For what tasks are the administrative equivalent permissions needed? Cheers, jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Sent: woensdag 10 januari 2007 6:20 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Domain Admin I have a consultant that is asking for domain admin rights on 2 member servers. I have google it but nothing seems to work out right. The servers are on the domain but the consultant just has a domain user account. He can logon on to the servers while they are on the domain but the administrative tools is not there (as it should). I want to creat an OU and put the two machines in that ou and delegate control to the consultants domain user account. Any other way to do this without registry hacks or scripts? All assistance welcomed This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: RE : Re: [ActiveDir] Moving ADC
Hi Yann, You r right but what is the procedure to move the CA's to the new DC? Thanks Regds. Dinesh From: Yann [EMAIL PROTECTED]Reply-To: ActiveDir@mail.activedir.orgTo: ActiveDir@mail.activedir.orgSubject: RE : Re: [ActiveDir] Moving ADCDate: Tue, 9 Jan 2007 19:12:17 +0100 (CET)MIME-Version: 1.0Received: from mail.activedir.org ([12.168.66.190]) by bay0-mc3-f19.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Tue, 9 Jan 2007 10:19:12 -0800Received: from web26308.mail.ukl.yahoo.com [217.146.176.19] by mail.activedir.org (SMTPD32-8.15) id AB01210600C8; Tue, 09 Jan 2007 13:12:17 -0500Received: (qmail 95471 invoked by uid 60001); 9 Jan 2007 18:12:17 -Received: from [82.67.17.144] by web26308.mail.ukl.yahoo.com via HTTP; Tue, 09 Jan 2007 19:12:17 CET Hi, I don't know if i get it all but if I resume: You have a DC, say DCold,that has also Active Directory Connector(ADC) that points to a 5.5 BH server. You want to decomission it to a member server and promote a new one to a new DC, say DCnew. Right ? - OnDCold that has the ADC, move all Connection Agreemenjts (CA)to an other ADC server then decommission DCold. - or if u have no other ADC server, just decomission DCold *BUT* be caution to verify that no CAs point to DCold before. Yanndinesh shinde [EMAIL PROTECTED] a écrit: My Questoin was:I have mixed mode environment in my setup with 28 Child Domains at remote loactions having Additional DC's and I am planning to move my DC to Additional Domain Controller making it a DC because of new Hardware we have received. We can move the Roles to the new server but the old one also has Active Directory Connector to our Bridgehead server(Exchange5.5).So what needs to be done to decommission old DC and make the new DC having AD Controller. size=5Thanks Regds. size=5 size=5DineshFrom: AdamT Reply-To: ActiveDir@mail.activedir.orgTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Moving ADCDate: Mon, 8 Jan 2007 20:25:18 +MIME-Version: 1.0Received: from mail.activedir.org ([12.168.66.190]) by bay0-mc12-f15.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Mon, 8 Jan 2007 12:40:22 -0800Received: from nf-out-0910.google.com [64.233.182.184] by mail.activedir.org with ESMTP (SMTPD32-8.15) id A8B219D300D4; Mon, 08 Jan 2007 15:25:22 -0500Received: by nf-out-0910.google.com with SMTP id o60so8933690nfa for ; Mon, 08 Jan 2007 12:25:19 -0800 (PST)Received: by 10.49.13.14 with SMTP id q14mr28309403nfi.1168287918998; Mon, 08 Jan 2007 12:25:18 -0800 (PST)Received: by 10.48.254.12 with HTTP; Mon, 8 Jan 2007 12:25:18 -0800 (PST)X-Message-Info: LsUYwwHHNt3660MmjhEvYg2f34OAemlK3oXsmRrh6gU=DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fPbqRYXljrVJVt+f8tR2FxS9bYzrOfMLrHTqkbtQLUW/z4Q1G4JZQYAJVjfHv4KXvJ/0SyVWcwYrls/nmPeiHwaQmeo1JAdLBBNpgHkSDV4yx5tWEiM8jCWnr4Nniou8vNgVcrS5AqcFgaYJH4t+5tY/ocA2a0QzFx3zPtSeTPQ=References: Precedence: bulkReturn-Path: [EMAIL PROTECTED]X-OriginalArrivalTime: 08 Jan 2007 20:40:22.0775 (UTC) FILETIME=[38028070:01C73365]On 08/01/07, dinesh shinde wrote:Hello Can someone help me on the below issue?I don't mean to come across as being awkward, but I found it difficultto understand what it is you're trying to do. Could you perhapsrephrase it a little?Regards,--AdamT"A casual stroll through the lunatic asylum shows that faith does notprove anything." - NietzscheList info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ma/default.aspx_Try Sanjeev Kapoor's culinary delights! http://content.msn.co.in/Lifestyle/Moreonlifestyle/LifestylePT_101106_1530.htmList info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ma/default.aspx __Do You Yahoo!?En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités http://mail.yahoo.fr Yahoo! Mail Do women make better employees? Join the debate List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] Domain Admin
I might go so far as to create a new account for the consultant. Inform the consultant to only use the new account when they need to perform the work on the two servers. A new account will allow you to audit their work and also watch for creep. Also, do not give the elevated account e-mail or anything like so that there is no way those servers can pick up anything like a virus or spyware. Dan Original Message Subject: [ActiveDir] Domain Admin From: Patrick [EMAIL PROTECTED] Date: Tue, January 09, 2007 10:19 pm To: ActiveDir@mail.activedir.org I have a consultant that is asking for domain admin rights on 2 member servers. I have google it but nothing seems to work out right. The servers are on the domain but the consultant just has a domain user account. He can logon on to the servers while they are on the domain but the administrative tools is not there (as it should). I want to creat an OU and put the two machines in that ou and delegate control to the consultants domain user account. Any other way to do this without registry hacks or scripts? All assistance welcomed List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
[ActiveDir] How to change login authentication
Hi all, I have one *Domain Contoller* (name dc01) in India and other one *DC* (name dc02) in remote location. Bothe *DC* can Communication. I have told to change user login authentication from *DC01* to *DC02.* So how I can perform this task. Pls help me. I din't find any doc related this. Thanks, Ajay
[ActiveDir] OT: Is anyone having trouble with Vista and ISA authentication?
I've been having an issue for some time where Vista (w2k3 domain member) will work fine for a while, then suddenly start asking for proxy authentication for browsing - and won't accept what I give it, even though other network access is fine, and I can even connect to \\proxysrv\mspclnt file:///\\proxysrv\mspclnt (so obviously the proxy server can authenticate me). Our ISA 2004 server requires user authentication for all outbound Internet requests. I end up with a 407 (proxy requires authentication) error after 3 tries with my correct credentials. I'm using Wireshark (Ethereal) to look at the traffic, and I have a support incident open with Microsoft... but I'm trying to see if anyone else is having this issue. I only found one or two people on the beta newsgroups who did, and others here are not seeing the issue. I see it repeatedly, across multiple clean installations. The only difference I know of is that they are running as domain admins and I am not - but why would that make a difference intermittently? Thanks Rich --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I love the smell of red herrings in the morning - anonymous ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.
RE: [ActiveDir] How to change login authentication
You can't just change the authenticating DC from X to Y. A DC for authentication is located by using DNS. By default clients search for a DC that has records in DNS for their own site (DCs physically there or covering the site) and when none found a query for the DCs that have registered domain wide records (by the default all the DCs). For that to work correctly you need to: * Define your sites in AD correctly for one or more locations (most of the times each location has its own AD site definition) * Define the subnets within each location in AD and associate each subnet with an AD site that represents the location of the subnets Also make sure an AD site link exists with the sites associated to it so that DCs in each site/location can replicate with each other That way a client in site A will go for a DC in site A first and a client in site B will go for a DC in site B first. Cheers, jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ajay Kumar Sent: woensdag 10 januari 2007 15:18 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] How to change login authentication Hi all, I have one Domain Contoller (name dc01) in India and other one DC (name dc02) in remote location. Bothe DC can Communication. I have told to change user login authentication from DC01 to DC02. So how I can perform this task. Pls help me. I din't find any doc related this. Thanks, Ajay This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: [ActiveDir] How to change login authentication
You need sites. Check out:- http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog ies/directory/activedirectory/stepbystep/adsrv.mspx#EFE Sorry if the URL its a bit long you may have to glue it back together ... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ajay Kumar Sent: 10 January 2007 14:18 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] How to change login authentication Hi all, I have one Domain Contoller (name dc01) in India and other one DC (name dc02) in remote location. Bothe DC can Communication. I have told to change user login authentication from DC01 to DC02. So how I can perform this task. Pls help me. I din't find any doc related this. Thanks, Ajay ** This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport e-Services via [EMAIL PROTECTED] and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk **
RE: [ActiveDir] AD Schema - adding an attribute
Hi, Thanks for the replies. birthDate already exists - can you take advantage of it? Where would I find this? If it already exists I think I'd be better off using that one. Thanks, -- Matt Brown [EMAIL PROTECTED] Sr. Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Tuesday, January 09, 2007 9:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Schema - adding an attribute Well, first off - birthDate already exists - can you take advantage of it? Second you need to register a prefix and OID tree with Microsoft on MSDN. This is how you will get a starting point for OIDs. You'll also get a prefix so it would be ewu-birthMonth or something. Don't use oidgen. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Tuesday, January 09, 2007 10:56 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD Schema - adding an attribute How do I add an attribute to AD? I'd like to add birthMonth, birthDay, birthYear to my Active Directory Schema for extra data to store for my users. Looking in MMC - Schema, I see I can add an attribute, but it wants an Object ID (OID). I know there's a oidgen program somewhere (haven't found it yet). but is that the best way to do it? Thanks, -- Matt Brown [EMAIL PROTECTED] Sr. Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] How to change login authentication
In addition to the below, if we assume that DC01 and DC02 are both in
the *same* site, then perhaps ajay should consider DNS weighting, so
that DC02 is used 'in preference' to DC01.
As usual, it's a 'it depends' style question.
neil
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: 10 January 2007 14:39
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How to change login authentication
You can't just change the authenticating DC from X to Y.
A DC for authentication is located by using DNS. By default clients
search for a DC that has records in DNS for their own site (DCs
physically there or covering the site) and when none found a query for
the DCs that have registered domain wide records (by the default all the
DCs). For that to work correctly you need to:
* Define your sites in AD correctly for one or more locations (most of
the times each location has its own AD site definition)
* Define the subnets within each location in AD and associate each
subnet with an AD site that represents the location of the subnets
Also make sure an AD site link exists with the sites associated to it so
that DCs in each site/location can replicate with each other
That way a client in site A will go for a DC in site A first and a
client in site B will go for a DC in site B first.
Cheers,
jorge
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ajay Kumar
Sent: woensdag 10 januari 2007 15:18
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to change login authentication
Hi all,
I have one Domain Contoller (name dc01) in India and other one DC (name
dc02) in remote location. Bothe DC can Communication. I have told to
change user login authentication from DC01 to DC02.
So how I can perform this task. Pls help me. I din't find any doc
related this.
Thanks,
Ajay
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied, disclosed to, retained or used by, any other party. If you are
not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
RE: [ActiveDir] How to change login authentication
Return Receipt Your RE: [ActiveDir] How to change login authentication document: wasJustin Leney/US/DCI received by: at:01/10/2007 10:03:00 AM Visit http://discoverystore.com for award-winning toys, fan favorite DVDs, and unique gifts. This e-mail, and any attachment, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, copying, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The contents of this message may contain personal views which are not the views of Discovery Communications, Inc. (DCI). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] How to change login authentication
I thought of that...
I think you mean DNS Priority (which will always use the DC with the
lowest value) instead of DNS Weight (which would still use the other DC,
but less/more frequently depending on the weight configuration) ;-))
You can't just change the authenticating DC from X to Y.-- I mean
redirect a set of clients to one DC and another set of clients to the
other DC (while either set never uses the other DC).
As you said: it depends... because what does he mean with: I have
told to change user login authentication from DC01 to DC02. Everything
is in one site and DC02 must now be used OR clients in remote site must
only use DC02 instead of also use DC01
Cheers,
Jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: woensdag 10 januari 2007 15:54
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How to change login authentication
In addition to the below, if we assume that DC01 and DC02 are both in
the *same* site, then perhaps ajay should consider DNS weighting, so
that DC02 is used 'in preference' to DC01.
As usual, it's a 'it depends' style question.
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: 10 January 2007 14:39
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How to change login authentication
You can't just change the authenticating DC from X to Y.
A DC for authentication is located by using DNS. By default clients
search for a DC that has records in DNS for their own site (DCs
physically there or covering the site) and when none found a query for
the DCs that have registered domain wide records (by the default all the
DCs). For that to work correctly you need to:
* Define your sites in AD correctly for one or more locations (most of
the times each location has its own AD site definition)
* Define the subnets within each location in AD and associate each
subnet with an AD site that represents the location of the subnets
Also make sure an AD site link exists with the sites associated to it so
that DCs in each site/location can replicate with each other
That way a client in site A will go for a DC in site A first and a
client in site B will go for a DC in site B first.
Cheers,
jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ajay Kumar
Sent: woensdag 10 januari 2007 15:18
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to change login authentication
Hi all,
I have one Domain Contoller (name dc01) in India and other one DC (name
dc02) in remote location. Bothe DC can Communication. I have told to
change user login authentication from DC01 to DC02.
So how I can perform this task. Pls help me. I din't find any doc
related this.
Thanks,
Ajay
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied, disclosed to, retained or used by, any other party. If you are
not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete
your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication
and
Nomura International plc ('NIplc') will not, to the extent permitted by
law,
accept responsibility or liability for (a) the accuracy or completeness
of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of
this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely
those of
the author and do not necessarily represent those of NIplc; (3) is
intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised
and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
RE: [ActiveDir] Domain Admin
Assuming the servers are at least Windows 2000 or newer, the administrative tools can be installed using adminpak.msi which is found in %systemroot%\system32 which is usually c:\winnt\system32 or c:\windows\system32. It is also possible to delegate control in the AD over a couple of servers either individually or by OU, but the best practice would be to use a separate account for the admin tasks as Daniel describes and use a group to delegate control in the AD if that's really necessary. You want to be careful not to delegate too much control. Full control over the OU gives the delegated administrators too much since they would be able to create additional OUs and any kind of objects that they would want. Very bad in most enterprises. Only delegate control in AD if you absolutely have too and then audit those activities closely to avoid disasters of forest-wide proportions. Wook -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert Sent: Wednesday, January 10, 2007 6:12 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Domain Admin I might go so far as to create a new account for the consultant. Inform the consultant to only use the new account when they need to perform the work on the two servers. A new account will allow you to audit their work and also watch for creep. Also, do not give the elevated account e-mail or anything like so that there is no way those servers can pick up anything like a virus or spyware. Dan Original Message Subject: [ActiveDir] Domain Admin From: Patrick [EMAIL PROTECTED] Date: Tue, January 09, 2007 10:19 pm To: ActiveDir@mail.activedir.org I have a consultant that is asking for domain admin rights on 2 member servers. I have google it but nothing seems to work out right. The servers are on the domain but the consultant just has a domain user account. He can logon on to the servers while they are on the domain but the administrative tools is not there (as it should). I want to creat an OU and put the two machines in that ou and delegate control to the consultants domain user account. Any other way to do this without registry hacks or scripts? All assistance welcomed List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] AD Schema - adding an attribute
It's an attribute of the user class. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Wednesday, January 10, 2007 8:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Schema - adding an attribute Hi, Thanks for the replies. birthDate already exists - can you take advantage of it? Where would I find this? If it already exists I think I'd be better off using that one. Thanks, -- Matt Brown [EMAIL PROTECTED] Sr. Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Tuesday, January 09, 2007 9:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Schema - adding an attribute Well, first off - birthDate already exists - can you take advantage of it? Second you need to register a prefix and OID tree with Microsoft on MSDN. This is how you will get a starting point for OIDs. You'll also get a prefix so it would be ewu-birthMonth or something. Don't use oidgen. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Tuesday, January 09, 2007 10:56 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD Schema - adding an attribute How do I add an attribute to AD? I'd like to add birthMonth, birthDay, birthYear to my Active Directory Schema for extra data to store for my users. Looking in MMC - Schema, I see I can add an attribute, but it wants an Object ID (OID). I know there's a oidgen program somewhere (haven't found it yet). but is that the best way to do it? Thanks, -- Matt Brown [EMAIL PROTECTED] Sr. Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
Re: [ActiveDir] OT: Is anyone having trouble with Vista and ISA authentication?
Which ISA firewall client do you have? The new one that supports ISA? Rich Milburn wrote: Ive been having an issue for some time where Vista (w2k3 domain member) will work fine for a while, then suddenly start asking for proxy authentication for browsing and wont accept what I give it, even though other network access is fine, and I can even connect to \\proxysrv\mspclnt (so obviously the proxy server can authenticate me). Our ISA 2004 server requires user authentication for all outbound Internet requests. I end up with a 407 (proxy requires authentication) error after 3 tries with my correct credentials. Im using Wireshark (Ethereal) to look at the traffic, and I have a support incident open with Microsoft but Im trying to see if anyone else is having this issue. I only found one or two people on the beta newsgroups who did, and others here are not seeing the issue. I see it repeatedly, across multiple clean installations. The only difference I know of is that they are running as domain admins and I am not but why would that make a difference intermittently? Thanks Rich --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I love the smell of red herrings in the morning - anonymous ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] How to change login authentication
Return Receipt Your RE: [ActiveDir] How to change login authentication document: wasSteve Szwejbka/National/Hewitt Associates received by: at:01/10/2007 11:10:33 AM The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] AD Schema - adding an attribute
I can't seem to find the birthDate attribute in any of my classes. Looking in MMC-ActiveDirectorySchema. Thanks, -- Matt Brown [EMAIL PROTECTED] Sr. Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Wednesday, January 10, 2007 8:55 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Schema - adding an attribute It's an attribute of the user class. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Wednesday, January 10, 2007 8:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Schema - adding an attribute Hi, Thanks for the replies. birthDate already exists - can you take advantage of it? Where would I find this? If it already exists I think I'd be better off using that one. Thanks, -- Matt Brown [EMAIL PROTECTED] Sr. Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Tuesday, January 09, 2007 9:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Schema - adding an attribute Well, first off - birthDate already exists - can you take advantage of it? Second you need to register a prefix and OID tree with Microsoft on MSDN. This is how you will get a starting point for OIDs. You'll also get a prefix so it would be ewu-birthMonth or something. Don't use oidgen. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Tuesday, January 09, 2007 10:56 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD Schema - adding an attribute How do I add an attribute to AD? I'd like to add birthMonth, birthDay, birthYear to my Active Directory Schema for extra data to store for my users. Looking in MMC - Schema, I see I can add an attribute, but it wants an Object ID (OID). I know there's a oidgen program somewhere (haven't found it yet). but is that the best way to do it? Thanks, -- Matt Brown [EMAIL PROTECTED] Sr. Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] How to change login authentication
Return Receipt Your RE: [ActiveDir] How to change login authentication document: wasJason Centenni/CDS/CG/CAPITAL received by: at:01/10/2007 11:19:02 AM CST List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
Re: [ActiveDir] OT: Is anyone having trouble with Vista and ISA authentication?
(and these days I can't assume) 64 or 32? 64 there's a needed hotfix for Vista 64 to work with ISA. Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Which ISA firewall client do you have? The new one that supports ISA? Rich Milburn wrote: I’ve been having an issue for some time where Vista (w2k3 domain member) will work fine for a while, then suddenly start asking for proxy authentication for browsing – and won’t accept what I give it, even though other network access is fine, and I can even connect to \\proxysrv\mspclnt file:///%5C%5Cproxysrv%5Cmspclnt (so obviously the proxy server can authenticate me). Our ISA 2004 server requires user authentication for all outbound Internet requests. I end up with a 407 (proxy requires authentication) error after 3 tries with my correct credentials. I’m using Wireshark (Ethereal) to look at the traffic, and I have a support incident open with Microsoft… but I’m trying to see if anyone else is having this issue. I only found one or two people on the beta newsgroups who did, and others here are not seeing the issue. I see it repeatedly, across multiple clean installations. The only difference I know of is that they are running as domain admins and I am not – but why would that make a difference intermittently? Thanks Rich /--- //Rich Milburn// //MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc.// //4551 W. 107th St// //Overland Park, KS 66207// //913-967-2819// //--// //”I love the smell of red herrings in the morning” - anonymous/ / *---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE---* PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system./ -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
Re: [ActiveDir] OT: Is anyone having trouble with Vista and ISA authentication?
KB917902 http://support.microsoft.com/kb/917902/en-us on second thought ... that might/prob not applicable...we only need it as ISA is on our DC and Vista 64 doesn't play nice with that setup. Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Which ISA firewall client do you have? The new one that supports ISA? Rich Milburn wrote: I’ve been having an issue for some time where Vista (w2k3 domain member) will work fine for a while, then suddenly start asking for proxy authentication for browsing – and won’t accept what I give it, even though other network access is fine, and I can even connect to \\proxysrv\mspclnt file:///%5C%5Cproxysrv%5Cmspclnt (so obviously the proxy server can authenticate me). Our ISA 2004 server requires user authentication for all outbound Internet requests. I end up with a 407 (proxy requires authentication) error after 3 tries with my correct credentials. I’m using Wireshark (Ethereal) to look at the traffic, and I have a support incident open with Microsoft… but I’m trying to see if anyone else is having this issue. I only found one or two people on the beta newsgroups who did, and others here are not seeing the issue. I see it repeatedly, across multiple clean installations. The only difference I know of is that they are running as domain admins and I am not – but why would that make a difference intermittently? Thanks Rich /--- //Rich Milburn// //MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc.// //4551 W. 107th St// //Overland Park, KS 66207// //913-967-2819// //--// //”I love the smell of red herrings in the morning” - anonymous/ / *---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE---* PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system./ -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] AD Schema - adding an attribute
Yeah. Joe just emailed me too offlist - I seem to be hallucinating. I've seen it in so many directories I guess I thought it was part of the standard g. My suggestion is to keep birthDate in HR but you can easily extend the schema to include it if you want. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Wednesday, January 10, 2007 11:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Schema - adding an attribute I can't seem to find the birthDate attribute in any of my classes. Looking in MMC-ActiveDirectorySchema. Thanks, -- Matt Brown [EMAIL PROTECTED] Sr. Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Wednesday, January 10, 2007 8:55 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Schema - adding an attribute It's an attribute of the user class. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Wednesday, January 10, 2007 8:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Schema - adding an attribute Hi, Thanks for the replies. birthDate already exists - can you take advantage of it? Where would I find this? If it already exists I think I'd be better off using that one. Thanks, -- Matt Brown [EMAIL PROTECTED] Sr. Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Tuesday, January 09, 2007 9:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Schema - adding an attribute Well, first off - birthDate already exists - can you take advantage of it? Second you need to register a prefix and OID tree with Microsoft on MSDN. This is how you will get a starting point for OIDs. You'll also get a prefix so it would be ewu-birthMonth or something. Don't use oidgen. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Tuesday, January 09, 2007 10:56 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD Schema - adding an attribute How do I add an attribute to AD? I'd like to add birthMonth, birthDay, birthYear to my Active Directory Schema for extra data to store for my users. Looking in MMC - Schema, I see I can add an attribute, but it wants an Object ID (OID). I know there's a oidgen program somewhere (haven't found it yet). but is that the best way to do it? Thanks, -- Matt Brown [EMAIL PROTECTED] Sr. Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
[ActiveDir] OT: DFS Access Denied Error
Hello, all. I am receiving an Access Denied error when attempting to add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate AD objects and they look correct. Any ideas would be appreciated. Thanks, James dfs-error.PNG Description: PNG image
RE: [ActiveDir] OT: Is anyone having trouble with Vista and ISA authentication?
Yes. But I have the issue even after uninstalling it. I've tried Ultimate x64, and Enterprise x86, (both RTM) and the new firewall client with each. I have had this problem with many pre-release builds too, raised the issue many times in beta and it was always non-repro. I asked some Microsoft guys when I visited Redmond, and they said, oh wait, you authenticate _outbound_ web traffic? That _is_ different from what we do, no wonder we couldn't repro... --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I love the smell of red herrings in the morning - anonymous From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Wednesday, January 10, 2007 11:02 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Is anyone having trouble with Vista and ISA authentication? Which ISA firewall client do you have? The new one that supports ISA? Rich Milburn wrote: I've been having an issue for some time where Vista (w2k3 domain member) will work fine for a while, then suddenly start asking for proxy authentication for browsing - and won't accept what I give it, even though other network access is fine, and I can even connect to \\proxysrv\mspclnt file:///\\%5C%5Cproxysrv%5Cmspclnt (so obviously the proxy server can authenticate me). Our ISA 2004 server requires user authentication for all outbound Internet requests. I end up with a 407 (proxy requires authentication) error after 3 tries with my correct credentials. I'm using Wireshark (Ethereal) to look at the traffic, and I have a support incident open with Microsoft... but I'm trying to see if anyone else is having this issue. I only found one or two people on the beta newsgroups who did, and others here are not seeing the issue. I see it repeatedly, across multiple clean installations. The only difference I know of is that they are running as domain admins and I am not - but why would that make a difference intermittently? Thanks Rich --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I love the smell of red herrings in the morning - anonymous ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored
RE: [ActiveDir] OT: Is anyone having trouble with Vista and ISA authentication?
I don't blame it ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Wednesday, January 10, 2007 11:28 AM To: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Cc: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Is anyone having trouble with Vista and ISA authentication? KB917902 http://support.microsoft.com/kb/917902/en-us on second thought ... that might/prob not applicable...we only need it as ISA is on our DC and Vista 64 doesn't play nice with that setup. Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Which ISA firewall client do you have? The new one that supports ISA? Rich Milburn wrote: I've been having an issue for some time where Vista (w2k3 domain member) will work fine for a while, then suddenly start asking for proxy authentication for browsing - and won't accept what I give it, even though other network access is fine, and I can even connect to \\proxysrv\mspclnt file:///%5C%5Cproxysrv%5Cmspclnt (so obviously the proxy server can authenticate me). Our ISA 2004 server requires user authentication for all outbound Internet requests. I end up with a 407 (proxy requires authentication) error after 3 tries with my correct credentials. I'm using Wireshark (Ethereal) to look at the traffic, and I have a support incident open with Microsoft... but I'm trying to see if anyone else is having this issue. I only found one or two people on the beta newsgroups who did, and others here are not seeing the issue. I see it repeatedly, across multiple clean installations. The only difference I know of is that they are running as domain admins and I am not - but why would that make a difference intermittently? Thanks Rich /--- //Rich Milburn// //MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc.// //4551 W. 107th St// //Overland Park, KS 66207// //913-967-2819// //-- // //I love the smell of red herrings in the morning - anonymous/ / *---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE---* PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system./ -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. List info : http://www.activedir.org/List.aspx List FAQ:
RE: [ActiveDir] OT: DFS Access Denied Error
James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a new link to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attempting to add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate AD objects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
[ActiveDir] Client time sync
I have a machine (at least one I know of) that isn't syncing time with the domain controller its logging into. I've restarted the win32time service on it to see if that would sync it and it doesn't. Any suggestions on where to start? The DC and the client are off by about 9 minutes. ~~ This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information of Cameron and its Operating Divisions. Any unauthorized use or disclosure is prohibited. If you are not the intended recipient, please contact the sender by reply email and delete and destroy all copies of the original message inclusive of any attachments. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] Client time sync
Try the command... w32tm /resync /rediscover See if that helps the client figure out where it should look for time. ~Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, January 10, 2007 2:12 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Client time sync I have a machine (at least one I know of) that isn't syncing time with the domain controller its logging into. I've restarted the win32time service on it to see if that would sync it and it doesn't. Any suggestions on where to start? The DC and the client are off by about 9 minutes. ~~ This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information of Cameron and its Operating Divisions. Any unauthorized use or disclosure is prohibited. If you are not the intended recipient, please contact the sender by reply email and delete and destroy all copies of the original message inclusive of any attachments. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] OT: DFS Access Denied Error
I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFS attributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a new link to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attempting to add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate AD objects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] OT: DFS Access Denied Error
James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFS attributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a new link to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attempting to add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate AD objects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
[ActiveDir] OT: Vista BSOD with more than 2GB of RAM
All Sorry for the OT topic. I have a PC I use as my lab with VMs. It has Vista Ultimate and only has 2GB of RAM and was working fine. However I tried to upgrade the memory by using a 512MB module and the PC wont boot now. It blue screens with a message similar to KB 929777. I tried getting the hotfix from technet+ with no luck. Its stage is private and wont be released until the 30th Jan. My Premier connection doesn't seem to allow download of the hotfix either. I would like to know before I try and escalate this whether there is anyone out there with a Vista RTM PC with more than 4GB of RAM. I have run memtest86 on my PC and it reports everything is working. However I'd appreciate if I can get some confirmation that there are others who either have the issue or dont. Cheers M@ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
Re: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM
Sorry! I meant to ask is there anyone with a Vista RTM X86 PC with more than 2GB of RAM. Thanks M@ On 1/11/07, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: All Sorry for the OT topic. I have a PC I use as my lab with VMs. It has Vista Ultimate and only has 2GB of RAM and was working fine. However I tried to upgrade the memory by using a 512MB module and the PC wont boot now. It blue screens with a message similar to KB 929777. I tried getting the hotfix from technet+ with no luck. Its stage is private and wont be released until the 30th Jan. My Premier connection doesn't seem to allow download of the hotfix either. I would like to know before I try and escalate this whether there is anyone out there with a Vista RTM PC with more than 4GB of RAM. I have run memtest86 on my PC and it reports everything is working. However I'd appreciate if I can get some confirmation that there are others who either have the issue or dont. Cheers M@ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM
Yes - I have a Dell Precision that has 4GB RAM, and which has had both Vista x86 and x64 on it and it doesn't BSOD. The issue in the KB seems to be with devices that use DMA and you have more than 4GB of RAM. That used to cause issues on XP as well (which is why I believe SP2 for XP limited the amount of RAM that could be utilised to 4GB for 32bit editions). STOP 0xA is pretty common. If you want a detailed explanation of what's going on, then check out Part 1 here: http://www.adopenstatic.com/cs/blogs/ken/archive/tags/Debugging/default.aspx http://www.adopenstatic.com/cs/blogs/ken/archive/tags/Debugging/default.aspx Do you have minidump files handy? I'm happy to have a look if you want. Cheers Ken From: [EMAIL PROTECTED] on behalf of Matheesha Weerasinghe Sent: Thu 11/01/2007 12:22 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM Sorry! I meant to ask is there anyone with a Vista RTM X86 PC with more than 2GB of RAM. Thanks M@ On 1/11/07, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: All Sorry for the OT topic. I have a PC I use as my lab with VMs. It has Vista Ultimate and only has 2GB of RAM and was working fine. However I tried to upgrade the memory by using a 512MB module and the PC wont boot now. It blue screens with a message similar to KB 929777. I tried getting the hotfix from technet+ with no luck. Its stage is private and wont be released until the 30th Jan. My Premier connection doesn't seem to allow download of the hotfix either. I would like to know before I try and escalate this whether there is anyone out there with a Vista RTM PC with more than 4GB of RAM. I have run memtest86 on my PC and it reports everything is working. However I'd appreciate if I can get some confirmation that there are others who either have the issue or dont. Cheers M@ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] OT: DFS Access Denied Error
I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFS attributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a new link to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attemptingto add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate AD objects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive:
Re: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM
I didnt configure the memory dumps for this machine. I assume a kernel dump is preferred over minidump? Either way I will check and let you know. Thanks for the reply. On 1/11/07, Ken Schaefer [EMAIL PROTECTED] wrote: Yes - I have a Dell Precision that has 4GB RAM, and which has had both Vista x86 and x64 on it and it doesn't BSOD. The issue in the KB seems to be with devices that use DMA and you have more than 4GB of RAM. That used to cause issues on XP as well (which is why I believe SP2 for XP limited the amount of RAM that could be utilised to 4GB for 32bit editions). STOP 0xA is pretty common. If you want a detailed explanation of what's going on, then check out Part 1 here: http://www.adopenstatic.com/cs/blogs/ken/archive/tags/Debugging/default.aspx Do you have minidump files handy? I'm happy to have a look if you want. Cheers Ken From: [EMAIL PROTECTED] on behalf of Matheesha Weerasinghe Sent: Thu 11/01/2007 12:22 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM Sorry! I meant to ask is there anyone with a Vista RTM X86 PC with more than 2GB of RAM. Thanks M@ On 1/11/07, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: All Sorry for the OT topic. I have a PC I use as my lab with VMs. It has Vista Ultimate and only has 2GB of RAM and was working fine. However I tried to upgrade the memory by using a 512MB module and the PC wont boot now. It blue screens with a message similar to KB 929777. I tried getting the hotfix from technet+ with no luck. Its stage is private and wont be released until the 30th Jan. My Premier connection doesn't seem to allow download of the hotfix either. I would like to know before I try and escalate this whether there is anyone out there with a Vista RTM PC with more than 4GB of RAM. I have run memtest86 on my PC and it reports everything is working. However I'd appreciate if I can get some confirmation that there are others who either have the issue or dont. Cheers M@ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx Sorry! I meant to ask is there anyone with a Vista RTM X86 PC with more than 2GB of RAM. Thanks M@ On 1/11/07, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: All Sorry for the OT topic. I have a PC I use as my lab with VMs. It has Vista Ultimate and only has 2GB of RAM and was working fine. However I tried to upgrade the memory by using a 512MB module and the PC wont boot now. It blue screens with a message similar to KB 929777. I tried getting the hotfix from technet+ with no luck. Its stage is private and wont be released until the 30th Jan. My Premier connection doesn't seem to allow download of the hotfix either. I would like to know before I try and escalate this whether there is anyone out there with a Vista RTM PC with more than 4GB of RAM. I have run memtest86 on my PC and it reports everything is working. However I'd appreciate if I can get some confirmation that there are others who either have the issue or dont. Cheers M@ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM
Minidump is 100kb, whilst a kernel dump is 150MB+ I would prefer you to email me a 80-100kb file in the first instance if that is enough to solve the problem :-) Cheers Ken From: [EMAIL PROTECTED] on behalf of Matheesha Weerasinghe Sent: Thu 11/01/2007 12:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM I didnt configure the memory dumps for this machine. I assume a kernel dump is preferred over minidump? Either way I will check and let you know. Thanks for the reply. On 1/11/07, Ken Schaefer [EMAIL PROTECTED] wrote: Yes - I have a Dell Precision that has 4GB RAM, and which has had both Vista x86 and x64 on it and it doesn't BSOD. The issue in the KB seems to be with devices that use DMA and you have more than 4GB of RAM. That used to cause issues on XP as well (which is why I believe SP2 for XP limited the amount of RAM that could be utilised to 4GB for 32bit editions). STOP 0xA is pretty common. If you want a detailed explanation of what's going on, then check out Part 1 here: http://www.adopenstatic.com/cs/blogs/ken/archive/tags/Debugging/default.aspx Do you have minidump files handy? I'm happy to have a look if you want. Cheers Ken From: [EMAIL PROTECTED] on behalf of Matheesha Weerasinghe Sent: Thu 11/01/2007 12:22 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM Sorry! I meant to ask is there anyone with a Vista RTM X86 PC with more than 2GB of RAM. Thanks M@ On 1/11/07, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: All Sorry for the OT topic. I have a PC I use as my lab with VMs. It has Vista Ultimate and only has 2GB of RAM and was working fine. However I tried to upgrade the memory by using a 512MB module and the PC wont boot now. It blue screens with a message similar to KB 929777. I tried getting the hotfix from technet+ with no luck. Its stage is private and wont be released until the 30th Jan. My Premier connection doesn't seem to allow download of the hotfix either. I would like to know before I try and escalate this whether there is anyone out there with a Vista RTM PC with more than 4GB of RAM. I have run memtest86 on my PC and it reports everything is working. However I'd appreciate if I can get some confirmation that there are others who either have the issue or dont. Cheers M@ Sorry! I meant to ask is there anyone with a Vista RTM X86 PC with more than 2GB of RAM. Thanks M@ On 1/11/07, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: All Sorry for the OT topic. I have a PC I use as my lab with VMs. It has Vista Ultimate and only has 2GB of RAM and was working fine. However I tried to upgrade the memory by using a 512MB module and the PC wont boot now. It blue screens with a message similar to KB 929777. I tried getting the hotfix from technet+ with no luck. Its stage is private and wont be released until the 30th Jan. My Premier connection doesn't seem to allow download of the hotfix either. I would like to know before I try and escalate this whether there is anyone out there with a Vista RTM PC with more than 4GB of RAM. I have run memtest86 on my PC and it reports everything is working. However I'd appreciate if I can get some confirmation that there are others who either have the issue or dont. Cheers M@
Re: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM
Sure ;-) I was just trying to get as much info as you needed the first time ;-) Sending the minidump offline On 1/11/07, Ken Schaefer [EMAIL PROTECTED] wrote: Minidump is 100kb, whilst a kernel dump is 150MB+ I would prefer you to email me a 80-100kb file in the first instance if that is enough to solve the problem :-) Cheers Ken From: [EMAIL PROTECTED] on behalf of Matheesha Weerasinghe Sent: Thu 11/01/2007 12:49 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM I didnt configure the memory dumps for this machine. I assume a kernel dump is preferred over minidump? Either way I will check and let you know. Thanks for the reply. On 1/11/07, Ken Schaefer [EMAIL PROTECTED] wrote: Yes - I have a Dell Precision that has 4GB RAM, and which has had both Vista x86 and x64 on it and it doesn't BSOD. The issue in the KB seems to be with devices that use DMA and you have more than 4GB of RAM. That used to cause issues on XP as well (which is why I believe SP2 for XP limited the amount of RAM that could be utilised to 4GB for 32bit editions). STOP 0xA is pretty common. If you want a detailed explanation of what's going on, then check out Part 1 here: http://www.adopenstatic.com/cs/blogs/ken/archive/tags/Debugging/default.aspx Do you have minidump files handy? I'm happy to have a look if you want. Cheers Ken From: [EMAIL PROTECTED] on behalf of Matheesha Weerasinghe Sent: Thu 11/01/2007 12:22 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM Sorry! I meant to ask is there anyone with a Vista RTM X86 PC with more than 2GB of RAM. Thanks M@ On 1/11/07, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: All Sorry for the OT topic. I have a PC I use as my lab with VMs. It has Vista Ultimate and only has 2GB of RAM and was working fine. However I tried to upgrade the memory by using a 512MB module and the PC wont boot now. It blue screens with a message similar to KB 929777. I tried getting the hotfix from technet+ with no luck. Its stage is private and wont be released until the 30th Jan. My Premier connection doesn't seem to allow download of the hotfix either. I would like to know before I try and escalate this whether there is anyone out there with a Vista RTM PC with more than 4GB of RAM. I have run memtest86 on my PC and it reports everything is working. However I'd appreciate if I can get some confirmation that there are others who either have the issue or dont. Cheers M@ Sorry! I meant to ask is there anyone with a Vista RTM X86 PC with more than 2GB of RAM. Thanks M@ On 1/11/07, Matheesha Weerasinghe [EMAIL PROTECTED] wrote: All Sorry for the OT topic. I have a PC I use as my lab with VMs. It has Vista Ultimate and only has 2GB of RAM and was working fine. However I tried to upgrade the memory by using a 512MB module and the PC wont boot now. It blue screens with a message similar to KB 929777. I tried getting the hotfix from technet+ with no luck. Its stage is private and wont be released until the 30th Jan. My Premier connection doesn't seem to allow download of the hotfix either. I would like to know before I try and escalate this whether there is anyone out there with a Vista RTM PC with more than 4GB of RAM. I have run memtest86 on my PC and it reports everything is working. However I'd appreciate if I can get some confirmation that there are others who either have the issue or dont. Cheers M@ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
Re: [ActiveDir] client time sync
I tried it, it says: The computer did not resync because no time data was available I followed http://support.microsoft.com/kb/929276 but it was already set right Try the command... w32tm /resync /rediscover See if that helps the client figure out where it should look for time. ~Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, January 10, 2007 2:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Client time sync I have a machine (at least one I know of) that isn't syncing time with the domain controller its logging into. I've restarted the win32time service on it to see if that would sync it and it doesn't. Any suggestions on where to start? The DC and the client are off by about 9 minutes. ~~ This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information of Cameron and its Operating Divisions. Any unauthorized use or disclosure is prohibited. If you are not the intended recipient, please contact the sender by reply email and delete and destroy all copies of the original message inclusive of any attachments. ~~
Re: [ActiveDir] client time sync
http://www.minasi.com/newsletters/nws0306.htm Fixing Time Synchronization Problems My XP desktop stopped synchronizing its time with the domain. The Event Log kept showing that the desktop hadn't time-synced with any of my DCs in weeks. That worried me because if my workstation's time drifted more than five minutes from the domain controllers' time then I'd not be able to log on. Once I was three minutes off, I figured it was time to figure out what had happened. I tried to re-synchronize from the command line: w32tm /resync And got the computer did not resync because no time data was available. Oooh, that doesn't look good. But then I realized that I'd fixed my system's time server as an experiment rather than letting AD set it. Some free time sync programs do that also, so many of you may be in this position. I just cleared out HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters's NtpServer value entry, and then I restarted the Windows Time Service. Sadly, no dice ... still no sync. For some reason, if your domain doesn't find all of the Registry entries to be just right, then it won't sync with your system. You can, thankfully, fix it with this command: w32tm /config /syncfromflags:DOMHIER /update Type that from a command line, and then restart Windows Time Service and retry the w32tm /resync or, better, w32tm /resync /rediscover A command that cleans out and rebuilds a few other Registry entries. I had that problem with my XP box about a year ago; since then I've found these commands useful on a number of systems. When workstations get more than five minutes out of sync with the DC, then they stop authenticating but they're not very forthcoming about the reason -- so when authentication's a problem then first look at DNS, and if that doesn't help then look at time! Rimmerman, Russ wrote: I tried it, it says: The computer did not resync because no time data was available I followed http://support.microsoft.com/kb/929276 but it was already set right…. Try the command... w32tm /resync /rediscover See if that helps the client figure out where it should look for time. ~Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, January 10, 2007 2:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Client time sync I have a machine (at least one I know of) that isn't syncing time with the domain controller its logging into. I've restarted the win32time service on it to see if that would sync it and it doesn't. Any suggestions on where to start? The DC and the client are off by about 9 minutes. ~~ This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information of Cameron and its Operating Divisions. Any unauthorized use or disclosure is prohibited. If you are not the intended recipient, please contact the sender by reply email and delete and destroy all copies of the original message inclusive of any attachments. ~~ -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
Re: [ActiveDir] client time sync
Have you checked the Type registry parameter? http://www.activedir.org/article.aspx?aid=74 Tony -- Original Message -- From: Rimmerman, Russ [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org Date: Wed, 10 Jan 2007 20:37:53 -0600 I tried it, it says: The computer did not resync because no time data was available I followed http://support.microsoft.com/kb/929276 but it was already set right Try the command... w32tm /resync /rediscover See if that helps the client figure out where it should look for time. ~Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, January 10, 2007 2:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Client time sync I have a machine (at least one I know of) that isn't syncing time with the domain controller its logging into. I've restarted the win32time service on it to see if that would sync it and it doesn't. Any suggestions on where to start? The DC and the client are off by about 9 minutes. ~~ This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information of Cameron and its Operating Divisions. Any unauthorized use or disclosure is prohibited. If you are not the intended recipient, please contact the sender by reply email and delete and destroy all copies of the original message inclusive of any attachments. ~~ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] OT: DFS Access Denied Error
James, Domain or stand-alone root? (should have asked that earlier...) themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFS attributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a new link to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attemptingto add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate AD objects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these
RE: [ActiveDir] OT: DFS Access Denied Error
James, Where is the link located that you are trying to add - is it within the DFS structure already published? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFS attributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a new link to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attemptingto add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate AD objects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts
RE: [ActiveDir] OT: DFS Access Denied Error
James... ...and one more thing - it might have something to do with the fact that the folder is set to replicate. Where is the FRS-Staging folder for the replica you are adding the link to, and do you have permission to that folder? Thanks! :) themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFS attributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a new link to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attemptingto add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate AD objects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer
RE: [ActiveDir] OT: DFS Access Denied Error
Domain root James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 10:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Domain or stand-alone root? (should have asked that earlier...) themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFS attributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a newlink to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attemptingto add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate ADobjects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about theauthenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email
RE: [ActiveDir] OT: DFS Access Denied Error
It is within the structure already published James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 10:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Where is the link located that you are trying to add - is it within the DFS structure already published? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFS attributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a newlink to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attemptingto add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate ADobjects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about theauthenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and
RE: [ActiveDir] OT: DFS Access Denied Error
I apologize for my DFS illiteracy, but I'm not sure what you mean by the FRS-Staging folder... James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 10:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James... and one more thing - it might have something to do with the fact that the folder is set to replicate. Where is the FRS-Staging folder for the replica you are adding the link to, and do you have permission to that folder? Thanks! :) themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFS attributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a newlink to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attemptingto add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate ADobjects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about theauthenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx This email (including any attachments) contains confidential information and is intended only for the named addressee. If you
RE: [ActiveDir] OT: DFS Access Denied Error
So let me get this straight... You have a root with folders like this: RootFolder --Folder1 --Folder2 You've published the RootFolder as your domain root, and it is shared accordingly, so when you go to \\domain\rootfoldershare you see folder1 and folder2. You then are trying to add a link to Folder1 within the replicated structure of the DFSroot already established. I am assuming you are doing this so that you can replicate it independently of Folder2. Is this the case? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error It is within the structure already published James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 10:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Where is the link located that you are trying to add - is it within the DFS structure already published? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFS attributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a newlink to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attemptingto add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate ADobjects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties
RE: [ActiveDir] OT: DFS Access Denied Error
James, DFS under Win2K3 R1 uses the File Replication System (the same one that replicates the SYSVOL share's contents) to replicate files. It's a bit kludgy, which is why DFSR under Win2K3 R2 is such a breath of fresh air (to be frank I think it would do what you are trying to do, but I get that upgrading to R2 isn't easy for everyone). The FRS-Staging folder is automatically created on each replica instance that you are replicating a folder to to manage the file copying between shares. When it is created it should give the administrators group and the system group full control of this folder. Please check that is indeed the case (you'll have to view it through advanced properties, though). themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I apologize for my DFS illiteracy, but I'm not sure what you mean by the FRS-Staging folder... James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 10:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James... and one more thing - it might have something to do with the fact that the folder is set to replicate. Where is the FRS-Staging folder for the replica you are adding the link to, and do you have permission to that folder? Thanks! :) themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFS attributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e. had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a newlink to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attemptingto add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate ADobjects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also
RE: [ActiveDir] OT: DFS Access Denied Error
I'm trying to add a new link to a new share (call it Folder3) James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 11:19 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error So let me get this straight... You have a root with folders like this: RootFolder --Folder1 --Folder2 You've published the RootFolder as your domain root, and it is shared accordingly, so when you go to \\domain\rootfoldershare you see folder1 and folder2. You then are trying to add a link to Folder1 within the replicated structure of the DFSroot already established. I am assuming you are doing this so that you can replicate it independently of Folder2. Is this the case? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error It is within the structure already publishedJames Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 10:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Where is the link located that you are trying to add - is it within the DFS structure already published? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFSattributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e.had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a newlink to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attemptingto add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate ADobjects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidentialinformation and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and
RE: [ActiveDir] OT: DFS Access Denied Error
Thanks for the info, that helps -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 11:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, DFS under Win2K3 R1 uses the File Replication System (the same one that replicates the SYSVOL share's contents) to replicate files. It's a bit kludgy, which is why DFSR under Win2K3 R2 is such a breath of fresh air (to be frank I think it would do what you are trying to do, but I get that upgrading to R2 isn't easy for everyone). The FRS-Staging folder is automatically created on each replica instance that you are replicating a folder to to manage the file copying between shares. When it is created it should give the administrators group and the system group full control of this folder. Please check that is indeed the case (you'll have to view it through advanced properties, though). themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I apologize for my DFS illiteracy, but I'm not sure what you mean by the FRS-Staging folder...James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 10:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James... and one more thing - it might have something to do with the fact that the folder is set to replicate. Where is the FRS-Staging folder for the replica you are adding the link to, and do you have permission to that folder? Thanks! :) themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFSattributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e.had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a newlink to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DFS Access Denied Error Hello, all. I am receiving an Access Denied error when attemptingto add a New Link into an existing DFS namespace. I am a DA/EA and I have checked the ACL's on the appropriate ADobjects and they look correct. Any ideas would be appreciated. Thanks, James This email (including any attachments) contains confidential
RE: [ActiveDir] OT: DFS Access Denied Error
OK, so Folder3 exists and lives totally outside the existing DFS root or it's actual location - this is a new share that you are trying to add as a link - yes? Sorry to be so persnickety - just want to make sure I understand your situation. As a matter of interest, if you create another domainroot, and add Folder3 as a link (no replication), does it let you? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I'm trying to add a new link to a new share (call it Folder3) James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 11:19 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error So let me get this straight... You have a root with folders like this: RootFolder --Folder1 --Folder2 You've published the RootFolder as your domain root, and it is shared accordingly, so when you go to \\domain\rootfoldershare you see folder1 and folder2. You then are trying to add a link to Folder1 within the replicated structure of the DFSroot already established. I am assuming you are doing this so that you can replicate it independently of Folder2. Is this the case? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error It is within the structure already publishedJames Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 10:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Where is the link located that you are trying to add - is it within the DFS structure already published? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions to the link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFSattributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e.had it had time to replicate this information everywhere)? I'm interested by the phrase look correct - what do you mean? Just so I have it right in my head - you are trying to add a newlink to an existing DFS root, right? This is Win2K3 R1 (the image suggests so, but just checking)? So many questions, so little help so far... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 5:58 AM To: ActiveDir@mail.activedir.org Subject:
RE: [ActiveDir] OT: DFS Access Denied Error
No problem - and yes, that is correct. I have created a separate DFS root, added a link to Folder3 and everything works fine. Think my existing DFS root is whacked? James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Thursday, January 11, 2007 12:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error OK, so Folder3 exists and lives totally outside the existing DFS root or it's actual location - this is a new share that you are trying to add as a link - yes? Sorry to be so persnickety - just want to make sure I understand your situation. As a matter of interest, if you create another domainroot, and add Folder3 as a link (no replication), does it let you? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I'm trying to add a new link to a new share (call it Folder3) James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 11:19 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error So let me get this straight... You have a root with folders like this: RootFolder --Folder1 --Folder2 You've published the RootFolder as your domain root, and it is shared accordingly, so when you go to \\domain\rootfoldershare you see folder1 and folder2. You then are trying to add a link to Folder1 within the replicated structure of the DFSroot already established. I am assuming you are doing this so that you can replicate it independently of Folder2. Is this the case? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error It is within the structure already publishedJames Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 10:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Where is the link located that you are trying to add - is it within the DFS structure already published? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions tothe link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFSattributes in the domain. You are correct, R1 and existing DFS root. Thanks for the reply, -James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 4:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Any specific event log entries around then? Do you have a big forest? How recently was the root setup (i.e.had it had time to replicate this
RE: [ActiveDir] OT: DFS Access Denied Error
James, This may sound harsh, but it could be. Humour us all and try deleting the root and rebuilding it and let us know... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 3:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error No problem - and yes, that is correct. I have created a separate DFS root, added a link to Folder3 and everything works fine. Think my existing DFS root is whacked? James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Thursday, January 11, 2007 12:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error OK, so Folder3 exists and lives totally outside the existing DFS root or it's actual location - this is a new share that you are trying to add as a link - yes? Sorry to be so persnickety - just want to make sure I understand your situation. As a matter of interest, if you create another domainroot, and add Folder3 as a link (no replication), does it let you? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I'm trying to add a new link to a new share (call it Folder3) James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 11:19 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error So let me get this straight... You have a root with folders like this: RootFolder --Folder1 --Folder2 You've published the RootFolder as your domain root, and it is shared accordingly, so when you go to \\domain\rootfoldershare you see folder1 and folder2. You then are trying to add a link to Folder1 within the replicated structure of the DFSroot already established. I am assuming you are doing this so that you can replicate it independently of Folder2. Is this the case? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error It is within the structure already publishedJames Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 10:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Where is the link located that you are trying to add - is it within the DFS structure already published? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions tothe link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 10:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I don't see any interesting event log entries. Not a big forest really, 5 domains, 120,000 users, 1 DFS site. The root has been around for 4 years. By look correct I mean that DA/EA have full rights on the DFSattributes in the domain. You are correct, R1 and existing DFS root.
RE: [ActiveDir] OT: DFS Access Denied Error
Will do - thanks much for your help. James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Thursday, January 11, 2007 12:56 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, This may sound harsh, but it could be. Humour us all and try deleting the root and rebuilding it and let us know... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 3:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error No problem - and yes, that is correct. I have created a separate DFS root, added a link to Folder3 and everything works fine. Think my existing DFS root is whacked?James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Thursday, January 11, 2007 12:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error OK, so Folder3 exists and lives totally outside the existing DFS root or it's actual location - this is a new share that you are trying to add as a link - yes? Sorry to be so persnickety - just want to make sure I understand your situation. As a matter of interest, if you create another domainroot, and add Folder3 as a link (no replication), does it let you? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I'm trying to add a new link to a new share (call it Folder3) James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 11:19 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error So let me get this straight... You have a root with folders like this: RootFolder --Folder1 --Folder2 You've published the RootFolder as your domain root, and it is shared accordingly, so when you go to \\domain\rootfoldershare you see folder1 and folder2. You then are trying to add a link to Folder1 within the replicated structure of the DFSroot already established. I am assuming you are doing this so that you can replicate it independently of Folder2. Is this the case? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 2:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error It is within the structure already publishedJames Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 10:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, Where is the link located that you are trying to add - is it within the DFS structure already published? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 11 January 2007 11:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error I verified that DA/EA has Full Control both share and NTFS.James Masters Systems Architecture and Engineering The Kroger Co. Office: (859) 363-2346 Cell:(859) 653-8644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Molkentin, Steve Sent: Wednesday, January 10, 2007 7:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DFS Access Denied Error James, I may not be able to help, but I hope at least I don't confuse things. Does your DA/EA account have both share and NTFS permissions tothe link you are trying to add? themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of[EMAIL
