RE: [ActiveDir] Disable CD ROM through GP

2007-01-27 Thread Haritwal, Dhiraj 
If anyone had done the same, kindly guide me...

Bcoz right now donot have this mucb of time.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Saturday, January 27, 2007 1:10 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Disable CD ROM through GP

Why not setting up a test network/machine in VirtualPC/Vmware?


Haritwal, Dhiraj wrote:
>
> Hi All,
>
> I want to disable CD ROM on all client machines through GP. I found 
> the KB http://support.microsoft.com/kb/555324 & created the attached 
> test.adm file. Actually I don't have any testing machine where I can 
> test this *adm *file. Can anybody try & tell me the complete process 
> to enable it. Also tell me where it will reflect the changes whether 
> in registry or it will create that option in GP to disable/enable CD
ROM.
>
> Dhiraj Haritwal
>
>

>
> This email is confidential and intended only for the use of the 
> individual or entity named above and may contain information that is 
> privileged. If you are not the intended recipient, you are notified 
> that any dissemination, distribution or copying of this email is 
> strictly prohibited. If you have received this email in error, please 
> notify us immediately by return email or telephone and destroy the 
> original message. - This mail is sent via Sony Asia Pacific Mail
Gateway.
>

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx




---
This email is confidential and intended only for the use of the individual or 
entity named above and may contain information that is privileged. If you are 
not the intended recipient, you are notified that any dissemination, 
distribution or copying of this email is strictly prohibited. If you have 
received this email in error, please notify us immediately by return email or 
telephone and destroy the original message. - This mail is sent via Sony Asia 
Pacific Mail Gateway.
---
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

Re: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-27 Thread Mathieu CHATEAU 

In my opinion, there is a pure TCP/IP network issue...

A sample example:
The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated).
if you try to ping 10.10.41.104, it will try to communicate on the LAN, 
seeking its arp.

It won't send packet to the gateway since 10.10.41.0 must be on the LAN.

The only way to get it work is to use a Layer 2 link between both site.


Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


- Original Message - 
From: "Almeida Pinto, Jorge de" <[EMAIL PROTECTED]>

To: 
Sent: Friday, January 26, 2007 11:37 PM
Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries


it will go for the second site 10.10.41.0/24 (= best matching)

Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
(   Tel : +31-(0)40-29.57.777
(   Mobile : +31-(0)6-26.26.62.80
*   E-mail : 



From: [EMAIL PROTECTED] on behalf of Brian Cline
Sent: Fri 2007-01-26 22:19
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Overlapping AD Subnet Boundaries



Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site, 
and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will 
AD treat a client address of, say, 10.10.41.104 as a client on the secondary 
site, or will it default to the more general primary subnet? The reason I 
ask is we now have a need for a second AD site (I can see all the enterprise 
folks grinning now) and we have quite a number of other subnets that I'd 
have to manually enter if this is not the case. I don't mind doing it, but I 
was curious either way.


Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax



This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an 
intended recipient then please promptly delete this e-mail and any 
attachment and all copies and inform the sender. Thank you.


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

RE: [ActiveDir] Disable CD ROM through GP

2007-01-27 Thread Ulf B. Simon-Weidner 
Hello Dhiraj,

it's always a kind of risk to put something into production without testing
- even with good guidance there might be small issues which may lead to big
results.

That said - implementing a new Policy Extension in GP is pretty easy. First,
copy the ADM to the ADM-Files in the Group Policy Object in Sysvol. They are
referenced by GUID ({xxx-xxx-xxx-xxx}) there - you are able to find out the
GUID of your GPO using GPMC. After you copied the ADM-File there, open the
Group Policy. For custom ADMs you have to adjust the Filter (in the View
Menu of the GP-Object Editor): Select the Administrative Template Node
underneath either User or Computer Configuration (prop. Computer in your
case), then go into the View Menu and click "Filter". Unselect "Only show
policy settings that can be fully managed".
Afterwards you should be able to find your policy setting and you are able
to configure it.

I'd do this in a separate GPO for testing, and remove the Right (in
Security, make sure that you remove the right and do _not_ deny it) of
Authenticated Users to apply the policy. Afterward enter your own
computeraccount and give him the right to apply the policy - just to make
sure that you are testing it before. If it works on your computer you can
reset the rights be allowing Authenticated Users to apply it again and
remove your computer account from the security settings. Now they will apply
to all computer accounts underneath the level (domain, OU, site) where you
linked the GPO.

Gruesse - Sincerely, 

Ulf B. Simon-Weidner 

  Profile &
Publications:   http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-
B489-F2F1214C811D   
  Weblog: http://msmvps.org/UlfBSimonWeidner
  Website: http://www.windowsserverfaq.org

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Haritwal, Dhiraj
Sent: Samstag, 27. Januar 2007 09:18
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Disable CD ROM through GP

If anyone had done the same, kindly guide me...

Bcoz right now donot have this mucb of time.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Saturday, January 27, 2007 1:10 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Disable CD ROM through GP

Why not setting up a test network/machine in VirtualPC/Vmware?


Haritwal, Dhiraj wrote:
>
> Hi All,
>
> I want to disable CD ROM on all client machines through GP. I found 
> the KB http://support.microsoft.com/kb/555324 & created the attached 
> test.adm file. Actually I don't have any testing machine where I can 
> test this *adm *file. Can anybody try & tell me the complete process 
> to enable it. Also tell me where it will reflect the changes whether 
> in registry or it will create that option in GP to disable/enable CD
ROM.
>
> Dhiraj Haritwal
>
>

>
> This email is confidential and intended only for the use of the 
> individual or entity named above and may contain information that is 
> privileged. If you are not the intended recipient, you are notified 
> that any dissemination, distribution or copying of this email is 
> strictly prohibited. If you have received this email in error, please 
> notify us immediately by return email or telephone and destroy the 
> original message. - This mail is sent via Sony Asia Pacific Mail
Gateway.
>

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx




---
This email is confidential and intended only for the use of the individual
or entity named above and may contain information that is privileged. If you
are not the intended recipient, you are notified that any dissemination,
distribution or copying of this email is strictly prohibited. If you have
received this email in error, please notify us immediately by return email
or telephone and destroy the original message. - This mail is sent via Sony
Asia Pacific Mail Gateway.
---
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

RE: [ActiveDir] How to find non-primary SMTP addresses?

2007-01-27 Thread joe 
To change the previous perl script to give the same output it would look
something like


open ofh,">QueryOutput.csv" or die("ERROR: Can't open CSV output file:
$!\n");
print ofh "First Name, Last Name, ID, Primary Mail Address,,Additional Email
Addresses\n";

@out=`adfind -nodn -sc exchaddresses:smtp -csv -csvq \"\" -csvmvdelim ,
-nocsvheader givenname sn samaccountname mail`;

foreach $thisline (@out)
 {
  $thisline=~s/smtp://ig; # strip smtp: and SMTP:
  print ofh $thisline;
 }
 

:)

Then to take it a step further for the later conversation about a disjoint
between mail and proxyaddresses primary SMTP (yes this is possible I see it
pretty regulary in companies, it is only enforced I believe by ADUC, nothing
in Exchange) you can make the script identify cases where you have a
disjoint between mail and the primary SMTP with something like

open ofh,">QueryOutput.csv" or die("ERROR: Can't open CSV output file:
$!\n");
print ofh "Disjoint Mail Attribs, First Name, Last Name, ID, Primary Mail
Address,,Additional Email Addresses\n";

@out=`adfind -nodn -sc exchaddresses:smtp -csv -csvq \"\" -csvmvdelim ,
-nocsvheader givenname sn samaccountname mail`;

foreach $thisline (@out)
 {
 
($mail,$primarysmtp)=($thisline=~/,([^,[EMAIL PROTECTED],]+),.*SMTP:([^,[EMAIL 
PROTECTED],]+)[\n,]/)
;
  $disjoint=($mail ne $primarysmtp)?"TRUE":"FALSE";
  $thisline=~s/smtp://ig; # strip smtp: and SMTP:
  print ofh "$disjoint,$thisline";
 }
 

  joe


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fuller, Stuart
Sent: Friday, January 26, 2007 1:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How to find non-primary SMTP addresses?

Here is a cheesy VB script to list email addresses and kick them to a
CSV file***.  It's not horribly efficient, tight coding, or cleaned up
very much but it has worked for me. Remember to replace the 
with yours and you may have to adjust the page size if you have more
than 2000 objects.  Also watch for line feeds in the code that may be
email caused.

Have fun..
_Stuart Fuller

(***Full disclaimer of liability - use at own risk)

---
'--
'ListUsers Email Script
'Stuart Fuller
'7/7/05
'--

Dim adsComputer
Dim adsOU
Dim operatingSystem
Dim osVersion
Dim servicePack
Dim fileSys
Dim fileTxt
Const ForReading = 1, ForWriting = 2, ForAppending = 8

wscript.echo "Start"

'Create the output file
set fileSys = CreateObject("Scripting.FileSystemObject")
Set fileTxt = fileSys.OpenTextFile("QueryOutput.csv", ForWriting, True)
fileTxt.Writeline("First Name, Last Name, ID, Primary Mail
Address,,Additional Email Addresses")

'Create the connection to AD
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection

'Set the SQL type query against AD
'REPLACE  with OU or domain you want to query in the
objCommand.Commandtext line
'Example 'LDAP://ou=users,dc=joeware,dc=com'
objCommand.CommandText = "Select givenName, sn, sAMaccountName, mail,
ADsPath from ''" _
& "where objectClass='user' AND objectCategory='Person'" 
objCommand.Properties("Page Size") = 2000
objCommand.Properties("Timeout") = 60 
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
objCommand.Properties("Cache Results") = False 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

'Loop through the returned records
Do Until objRecordSet.EOF
strGName = objRecordSet.Fields("givenName").value
strSName = objRecordSet.Fields("sn").value
strMail = objRecordSet.Fields("mail").value
strSAM = objRecordSet.Fields("sAMaccountName").value

'In order to get the multi-varied attribute go get the user object
'and then query the proxyaddress attribute
set objUser =
GetObject(objRecordSet.Fields("ADsPath").value)
on error resume next
For each strProxyAddress in
objUser.ProxyAddresses
strAdd = Left(strProxyAddress,4)
If ((strAdd = "SMTP") OR (strAdd =
"smtp")) Then
strAddress = Right(strProxyAddress,
LEN(strProxyAddress) - 5)   
strAddAll = strAddAll & strAddress & ","
End If
Next
fileTxt.WriteLine(strGName & "," & strSName & "," & strSAM & ","
& strMail & ", ," & strAddAll )

'Since we are using strAddAll as additive - clear the vars  
strAddress = null
strAddAll = null

'Go grab the next record and restart loop   
objRecordSet.MoveNext
Loop

ws

RE: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-27 Thread Brian Desmond 
While your math is right you should look up supernetting and subnetting 
somewhere.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
> Sent: Saturday, January 27, 2007 4:17 AM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries
>
> In my opinion, there is a pure TCP/IP network issue...
>
> A sample example:
> The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated).
> if you try to ping 10.10.41.104, it will try to communicate on the LAN,
> seeking its arp.
> It won't send packet to the gateway since 10.10.41.0 must be on the
> LAN.
>
> The only way to get it work is to use a Layer 2 link between both site.
>
>
> Regards,
> Mathieu CHATEAU
> http://lordoftheping.blogspot.com
>
>
> - Original Message -
> From: "Almeida Pinto, Jorge de" <[EMAIL PROTECTED]>
> To: 
> Sent: Friday, January 26, 2007 11:37 PM
> Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries
>
>
> it will go for the second site 10.10.41.0/24 (= best matching)
>
> Met vriendelijke groeten / Kind regards,
> Ing. Jorge de Almeida Pinto
> Senior Infrastructure Consultant
> MVP Windows Server - Directory Services
>
> LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
> (   Tel : +31-(0)40-29.57.777
> (   Mobile : +31-(0)6-26.26.62.80
> *   E-mail : 
>
> 
>
> From: [EMAIL PROTECTED] on behalf of Brian Cline
> Sent: Fri 2007-01-26 22:19
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Overlapping AD Subnet Boundaries
>
>
>
> Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary
> site,
> and another subnet as 10.10.41.0/24 and assign it to a secondary site.
> Will
> AD treat a client address of, say, 10.10.41.104 as a client on the
> secondary
> site, or will it default to the more general primary subnet? The reason
> I
> ask is we now have a need for a second AD site (I can see all the
> enterprise
> folks grinning now) and we have quite a number of other subnets that
> I'd
> have to manually enter if this is not the case. I don't mind doing it,
> but I
> was curious either way.
>
> Brian Cline, Applications Developer
> Department of Information Technology
> G&P Trucking Company, Inc.
> 803.936.8595 Direct Line
> 800.922.1147 Toll-Free (x8595)
> 803.739.1176 Fax
>
>
>
> This e-mail and any attachment is for authorised use by the intended
> recipient(s) only. It may contain proprietary material, confidential
> information and/or be subject to legal privilege. It should not be
> copied,
> disclosed to, retained or used by, any other party. If you are not an
> intended recipient then please promptly delete this e-mail and any
> attachment and all copies and inform the sender. Thank you.
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

Re: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-27 Thread Mathieu CHATEAU 

hi,

i am coming from network job, so i am used to sub/super netting somehow :)
thanks anyway !

Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


- Original Message - 
From: "Brian Desmond" <[EMAIL PROTECTED]>

To: 
Sent: Saturday, January 27, 2007 6:47 PM
Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries


While your math is right you should look up supernetting and subnetting 
somewhere.


Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132


-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
Sent: Saturday, January 27, 2007 4:17 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries

In my opinion, there is a pure TCP/IP network issue...

A sample example:
The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated).
if you try to ping 10.10.41.104, it will try to communicate on the LAN,
seeking its arp.
It won't send packet to the gateway since 10.10.41.0 must be on the
LAN.

The only way to get it work is to use a Layer 2 link between both site.


Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


- Original Message -
From: "Almeida Pinto, Jorge de" <[EMAIL PROTECTED]>
To: 
Sent: Friday, January 26, 2007 11:37 PM
Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries


it will go for the second site 10.10.41.0/24 (= best matching)

Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
(   Tel : +31-(0)40-29.57.777
(   Mobile : +31-(0)6-26.26.62.80
*   E-mail : 



From: [EMAIL PROTECTED] on behalf of Brian Cline
Sent: Fri 2007-01-26 22:19
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Overlapping AD Subnet Boundaries



Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary
site,
and another subnet as 10.10.41.0/24 and assign it to a secondary site.
Will
AD treat a client address of, say, 10.10.41.104 as a client on the
secondary
site, or will it default to the more general primary subnet? The reason
I
ask is we now have a need for a second AD site (I can see all the
enterprise
folks grinning now) and we have quite a number of other subnets that
I'd
have to manually enter if this is not the case. I don't mind doing it,
but I
was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax



This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

RE: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-27 Thread Brian Desmond 
OK well you don't need a layer 2 link to do what the OP wants...

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
> Sent: Saturday, January 27, 2007 12:53 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries
>
> hi,
>
> i am coming from network job, so i am used to sub/super netting somehow
> :)
> thanks anyway !
>
> Regards,
> Mathieu CHATEAU
> http://lordoftheping.blogspot.com
>
>
> - Original Message -
> From: "Brian Desmond" <[EMAIL PROTECTED]>
> To: 
> Sent: Saturday, January 27, 2007 6:47 PM
> Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries
>
>
> While your math is right you should look up supernetting and subnetting
> somewhere.
>
> Thanks,
> Brian Desmond
> [EMAIL PROTECTED]
>
> c - 312.731.3132
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:ActiveDir-
> > [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
> > Sent: Saturday, January 27, 2007 4:17 AM
> > To: ActiveDir@mail.activedir.org
> > Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries
> >
> > In my opinion, there is a pure TCP/IP network issue...
> >
> > A sample example:
> > The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated).
> > if you try to ping 10.10.41.104, it will try to communicate on the
> LAN,
> > seeking its arp.
> > It won't send packet to the gateway since 10.10.41.0 must be on the
> > LAN.
> >
> > The only way to get it work is to use a Layer 2 link between both
> site.
> >
> >
> > Regards,
> > Mathieu CHATEAU
> > http://lordoftheping.blogspot.com
> >
> >
> > - Original Message -
> > From: "Almeida Pinto, Jorge de"
> <[EMAIL PROTECTED]>
> > To: 
> > Sent: Friday, January 26, 2007 11:37 PM
> > Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries
> >
> >
> > it will go for the second site 10.10.41.0/24 (= best matching)
> >
> > Met vriendelijke groeten / Kind regards,
> > Ing. Jorge de Almeida Pinto
> > Senior Infrastructure Consultant
> > MVP Windows Server - Directory Services
> >
> > LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
> > (   Tel : +31-(0)40-29.57.777
> > (   Mobile : +31-(0)6-26.26.62.80
> > *   E-mail : 
> >
> > 
> >
> > From: [EMAIL PROTECTED] on behalf of Brian Cline
> > Sent: Fri 2007-01-26 22:19
> > To: ActiveDir@mail.activedir.org
> > Subject: [ActiveDir] Overlapping AD Subnet Boundaries
> >
> >
> >
> > Say I create an AD subnet of 10.10.0.0/16 and assign it to our
> primary
> > site,
> > and another subnet as 10.10.41.0/24 and assign it to a secondary
> site.
> > Will
> > AD treat a client address of, say, 10.10.41.104 as a client on the
> > secondary
> > site, or will it default to the more general primary subnet? The
> reason
> > I
> > ask is we now have a need for a second AD site (I can see all the
> > enterprise
> > folks grinning now) and we have quite a number of other subnets that
> > I'd
> > have to manually enter if this is not the case. I don't mind doing
> it,
> > but I
> > was curious either way.
> >
> > Brian Cline, Applications Developer
> > Department of Information Technology
> > G&P Trucking Company, Inc.
> > 803.936.8595 Direct Line
> > 800.922.1147 Toll-Free (x8595)
> > 803.739.1176 Fax
> >
> >
> >
> > This e-mail and any attachment is for authorised use by the intended
> > recipient(s) only. It may contain proprietary material, confidential
> > information and/or be subject to legal privilege. It should not be
> > copied,
> > disclosed to, retained or used by, any other party. If you are not an
> > intended recipient then please promptly delete this e-mail and any
> > attachment and all copies and inform the sender. Thank you.
> >
> > List info   : http://www.activedir.org/List.aspx
> > List FAQ: http://www.activedir.org/ListFAQ.aspx
> > List archive: http://www.activedir.org/ma/default.aspx
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

Re: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-27 Thread Mathieu CHATEAU 

i don't agree.
the /24 is included in the /16.
You won't have layer 3 routing between the two site, at least from the 
primary to the secondary. Even if it will work from a routing point of view 
from the secondary to the primary.


what's the point ?

Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


- Original Message - 
From: "Brian Desmond" <[EMAIL PROTECTED]>

To: 
Sent: Saturday, January 27, 2007 6:58 PM
Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries


OK well you don't need a layer 2 link to do what the OP wants...

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132



-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
Sent: Saturday, January 27, 2007 12:53 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries

hi,

i am coming from network job, so i am used to sub/super netting somehow
:)
thanks anyway !

Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


- Original Message -
From: "Brian Desmond" <[EMAIL PROTECTED]>
To: 
Sent: Saturday, January 27, 2007 6:47 PM
Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries


While your math is right you should look up supernetting and subnetting
somewhere.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
> Sent: Saturday, January 27, 2007 4:17 AM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries
>
> In my opinion, there is a pure TCP/IP network issue...
>
> A sample example:
> The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as indicated).
> if you try to ping 10.10.41.104, it will try to communicate on the
LAN,
> seeking its arp.
> It won't send packet to the gateway since 10.10.41.0 must be on the
> LAN.
>
> The only way to get it work is to use a Layer 2 link between both
site.
>
>
> Regards,
> Mathieu CHATEAU
> http://lordoftheping.blogspot.com
>
>
> - Original Message -
> From: "Almeida Pinto, Jorge de"
<[EMAIL PROTECTED]>
> To: 
> Sent: Friday, January 26, 2007 11:37 PM
> Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries
>
>
> it will go for the second site 10.10.41.0/24 (= best matching)
>
> Met vriendelijke groeten / Kind regards,
> Ing. Jorge de Almeida Pinto
> Senior Infrastructure Consultant
> MVP Windows Server - Directory Services
>
> LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
> (   Tel : +31-(0)40-29.57.777
> (   Mobile : +31-(0)6-26.26.62.80
> *   E-mail : 
>
> 
>
> From: [EMAIL PROTECTED] on behalf of Brian Cline
> Sent: Fri 2007-01-26 22:19
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Overlapping AD Subnet Boundaries
>
>
>
> Say I create an AD subnet of 10.10.0.0/16 and assign it to our
primary
> site,
> and another subnet as 10.10.41.0/24 and assign it to a secondary
site.
> Will
> AD treat a client address of, say, 10.10.41.104 as a client on the
> secondary
> site, or will it default to the more general primary subnet? The
reason
> I
> ask is we now have a need for a second AD site (I can see all the
> enterprise
> folks grinning now) and we have quite a number of other subnets that
> I'd
> have to manually enter if this is not the case. I don't mind doing
it,
> but I
> was curious either way.
>
> Brian Cline, Applications Developer
> Department of Information Technology
> G&P Trucking Company, Inc.
> 803.936.8595 Direct Line
> 800.922.1147 Toll-Free (x8595)
> 803.739.1176 Fax
>
>
>
> This e-mail and any attachment is for authorised use by the intended
> recipient(s) only. It may contain proprietary material, confidential
> information and/or be subject to legal privilege. It should not be
> copied,
> disclosed to, retained or used by, any other party. If you are not an
> intended recipient then please promptly delete this e-mail and any
> attachment and all copies and inform the sender. Thank you.
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx

RE: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-27 Thread joe 
Active directory will use the most specific network address that applies to
it. For instance, I set up a class-A address (or multiple in some companies)
that applies to all of the network space of the company and assign that to
the primary data center location. Then I start making more focused subnets
that route clients / replication to more specific locations. That way you
don't run into the issue where clients can't find their own subnet so choose
a random DC. I have set up subnets all the way from 8 bit down to 32 bit as
needed and it all works fine. 
 
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 
 

  _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline
Sent: Friday, January 26, 2007 4:20 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Overlapping AD Subnet Boundaries



Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site,
and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will
AD treat a client address of, say, 10.10.41.104 as a client on the secondary
site, or will it default to the more general primary subnet? The reason I
ask is we now have a need for a second AD site (I can see all the enterprise
folks grinning now) and we have quite a number of other subnets that I'd
have to manually enter if this is not the case. I don't mind doing it, but I
was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

RE: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-27 Thread joe 
You are mistaking machine subnetting and subnetting defined in AD. They are
not connected. The definitions in AD do not have to reflect what is really
happening at the routing layer. They are generally close but there isn't any
technical reason why they have to be. 
 
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 
 

  _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
Sent: Friday, January 26, 2007 4:34 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries


is it really 10.10.0.0/16 or a mistake (/24) ?
Because your first site won't be able to joint the other one as it will
think it's local and won't sent packet to the gateway (if it's really a
/16). 
 
If it's a real /24, then it will works as expected (10.10.41.104 will be
attached to the secondary site).
 
If it's a /16 and you need router between both site, your configuration
can't work from a network point of view.
Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
 
 

- Original Message - 
From: Brian Cline   
To: ActiveDir@mail.activedir.org 
Sent: Friday, January 26, 2007 10:19 PM
Subject: [ActiveDir] Overlapping AD Subnet Boundaries


Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary site,
and another subnet as 10.10.41.0/24 and assign it to a secondary site. Will
AD treat a client address of, say, 10.10.41.104 as a client on the secondary
site, or will it default to the more general primary subnet? The reason I
ask is we now have a need for a second AD site (I can see all the enterprise
folks grinning now) and we have quite a number of other subnets that I'd
have to manually enter if this is not the case. I don't mind doing it, but I
was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

RE: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT

2007-01-27 Thread joe 
Ewww.  :)
 
Unless there are other needs that require MIIS I don't think I would deploy
it for this. MIIS is a 50 caliber when all that was probably needed was foam
pellet gun. 
 
I have seen folks doing this before, usually they get an LDIF extract from
Notes and just slam that into AD as contacts or mail-enabled users. Actually
getting the info out of Notes... no clue, I didn't even want to start
touching Exchange let alone any other messaging apps. I am happy just with
Windows Server 2003 SMTP and looking at the text files. ;o)
 
 
 
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 
 

  _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson
Sent: Friday, January 26, 2007 12:52 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT


Have you looked at MIIS?
 
Laura


  _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas W Stelley
Sent: Friday, January 26, 2007 10:19 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT



Same topic, but this one is for Notes Admin/Gurus as well. 

I populate the mail attribute in AD with the Notes Users primary internet
address. Does anyone have a script or method that will allow me to publish
in AD the same info for groups and other addresses for users. 

Even something that can query Domino for all users and groups and return all
addresses into a file, I can use that as a basis to update AD with proxy
info etc. 
Thanks in advance. 

Douglas Stelley
IT Engineer
Seneca Nation Health Department
(716)532-5582 x5404
[EMAIL PROTECTED] 



"Brian Cline" <[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED] 


01/26/2007 09:47 AM 


Please respond to
ActiveDir@mail.activedir.org



To
 

cc

Subject
RE: [ActiveDir] How to find non-primary SMTP addresses? 






Ah, yes, good call. Almost forgot that it changes that, too.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Wells, James
Arthur
Sent: Friday 26 January 2007 08:44
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How to find non-primary SMTP addresses?

It should also update the 'mail' attribute to the new primary SMTP:
address.


--James

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline
Sent: Friday, January 26, 2007 7:38 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How to find non-primary SMTP addresses?

Out of curiosity, when setting a different primary e-mail address to an
address that already exists as a secondary, does ADUC do anything more
than change the prefix on the old primary address from 'SMTP' to 'smtp'
and vice-versa for the new primary?


Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan
Sent: Thursday 25 January 2007 19:52
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] How to find non-primary SMTP addresses?

In addition to what Ulf said, there also isn't any practical way to
query 
for users that have secondary addresses vs. only having a primary and
there 
isn't any practical way to just get the secondary addresses out of the 
proxyAddresses attribute.  You essentially need to get all the data and
then 
check for the values that are prefixed with lower case "smtp".

Maybe Joe R. has a neat trick with ADFind to make this easier, but LDAP 
itself doesn't help much.

Joe K.

- Original Message - 
From: Ulf B. Simon-Weidner
To: ActiveDir@mail.activedir.org
Sent: Thursday, January 25, 2007 6:00 PM
Subject: RE: [ActiveDir] How to find non-primary SMTP addresses?


Hi Stu,

I don't think there's a way to expose mulitvalued attributes with CSVDE
- 
you'd either have to use LDIFDE or VBScript or anything else to view all

values of those attributes.

Gruesse - Sincerely,
Ulf B. Simon-Weidner
 Profile & Publications: 
http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214
C811D
 Weblog: http://msmvps.org/UlfBSimonWeidner
 Website: http://www.windowsserverfaq.org

From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Stu Packett
Sent: Freitag, 26. Januar 2007 00:53
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to find non-primary SMTP addresses?

How does one go about getting the non-primary SMTP addresses for every 
Exchange user?  I can't seem to find a way via csvde, but maybe I'm
doing 
something wrong.  Thanks again. 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: htt

Re: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-27 Thread Mathieu CHATEAU 
Overlapping AD Subnet BoundariesI know there is not a direct relation, but i 
don't know if the original poster understand that this can't work if it's the
real implementation.

I think that someone knowing this wouldn't have post the question.

Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


  - Original Message - 
  From: joe 
  To: ActiveDir@mail.activedir.org 
  Sent: Saturday, January 27, 2007 9:03 PM
  Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries


  You are mistaking machine subnetting and subnetting defined in AD. They are 
not connected. The definitions in AD do not have to reflect what is really 
happening at the routing layer. They are generally close but there isn't any 
technical reason why they have to be. 

  --
  O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 





--
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
  Sent: Friday, January 26, 2007 4:34 PM
  To: ActiveDir@mail.activedir.org
  Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries


  is it really 10.10.0.0/16 or a mistake (/24) ?
  Because your first site won't be able to joint the other one as it will think 
it's local and won't sent packet to the gateway (if it's really a /16). 

  If it's a real /24, then it will works as expected (10.10.41.104 will be 
attached to the secondary site).

  If it's a /16 and you need router between both site, your configuration can't 
work from a network point of view.
  Regards,
  Mathieu CHATEAU
  http://lordoftheping.blogspot.com


- Original Message - 
From: Brian Cline 
To: ActiveDir@mail.activedir.org 
Sent: Friday, January 26, 2007 10:19 PM
Subject: [ActiveDir] Overlapping AD Subnet Boundaries


Say I create an AD subnet of 10.10.0.0/16 and assign it to our primary 
site, and another subnet as 10.10.41.0/24 and assign it to a secondary site. 
Will AD treat a client address of, say, 10.10.41.104 as a client on the 
secondary site, or will it default to the more general primary subnet? The 
reason I ask is we now have a need for a second AD site (I can see all the 
enterprise folks grinning now) and we have quite a number of other subnets that 
I'd have to manually enter if this is not the case. I don't mind doing it, but 
I was curious either way.

Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax

RE: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT

2007-01-27 Thread Brian Desmond 
You can whack notes with ldifde or something. MIIS is a convenient way to do it 
though.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Saturday, January 27, 2007 3:08 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT

Ewww.  :)

Unless there are other needs that require MIIS I don't think I would deploy it 
for this. MIIS is a 50 caliber when all that was probably needed was foam 
pellet gun.

I have seen folks doing this before, usually they get an LDIF extract from 
Notes and just slam that into AD as contacts or mail-enabled users. Actually 
getting the info out of Notes... no clue, I didn't even want to start touching 
Exchange let alone any other messaging apps. I am happy just with Windows 
Server 2003 SMTP and looking at the text files. ;o)



--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson
Sent: Friday, January 26, 2007 12:52 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT
Have you looked at MIIS?

Laura


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas W Stelley
Sent: Friday, January 26, 2007 10:19 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT

Same topic, but this one is for Notes Admin/Gurus as well.

I populate the mail attribute in AD with the Notes Users primary internet 
address. Does anyone have a script or method that will allow me to publish in 
AD the same info for groups and other addresses for users.

Even something that can query Domino for all users and groups and return all 
addresses into a file, I can use that as a basis to update AD with proxy info 
etc.
Thanks in advance.

Douglas Stelley
IT Engineer
Seneca Nation Health Department
(716)532-5582 x5404
[EMAIL PROTECTED]

"Brian Cline" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]

01/26/2007 09:47 AM
Please respond to
ActiveDir@mail.activedir.org


To



cc

Subject

RE: [ActiveDir] How to find non-primary SMTP addresses?







Ah, yes, good call. Almost forgot that it changes that, too.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Wells, James
Arthur
Sent: Friday 26 January 2007 08:44
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How to find non-primary SMTP addresses?

It should also update the 'mail' attribute to the new primary SMTP:
address.


--James

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Cline
Sent: Friday, January 26, 2007 7:38 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] How to find non-primary SMTP addresses?

Out of curiosity, when setting a different primary e-mail address to an
address that already exists as a secondary, does ADUC do anything more
than change the prefix on the old primary address from 'SMTP' to 'smtp'
and vice-versa for the new primary?


Brian Cline, Applications Developer
Department of Information Technology
G&P Trucking Company, Inc.
803.936.8595 Direct Line
800.922.1147 Toll-Free (x8595)
803.739.1176 Fax


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan
Sent: Thursday 25 January 2007 19:52
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] How to find non-primary SMTP addresses?

In addition to what Ulf said, there also isn't any practical way to
query
for users that have secondary addresses vs. only having a primary and
there
isn't any practical way to just get the secondary addresses out of the
proxyAddresses attribute.  You essentially need to get all the data and
then
check for the values that are prefixed with lower case "smtp".

Maybe Joe R. has a neat trick with ADFind to make this easier, but LDAP
itself doesn't help much.

Joe K.

- Original Message -
From: Ulf B. Simon-Weidner
To: ActiveDir@mail.activedir.org
Sent: Thursday, January 25, 2007 6:00 PM
Subject: RE: [ActiveDir] How to find non-primary SMTP addresses?


Hi Stu,

I don't think there's a way to expose mulitvalued attributes with CSVDE
-
you'd either have to use LDIFDE or VBScript or anything else to view all

values of those attributes.

Gruesse - Sincerely,
Ulf B. Simon-Weidner
 Profile & Publications:
http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214
C811D
 Weblog: http://msmvps.org/UlfBSimonWeidner
 Website: http://www.windowsserverfaq.org

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stu Packett
Sent: Freitag, 26. Januar 2007 00:53
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to find non-primary SMTP addresses?

How does one go about getting the non-primary SMTP addresses for every
Exchange user?

RE: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-27 Thread Brian Desmond 
AD subnets have nothing to do with how the WAN is actually routed. All they do 
is link an IP address to a site. If you don't have a blanket subnet as a last 
resort your DCs start filling their event logs with events about how clients 
are connecting from unknown subnets.

So what you do is you take your hub datacenter(s) and associate large supernets 
with the site objects (as big as 10.0.0.0/8 if appropriate). Then you associate 
the actual subnets with the sites where they're physically located.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
> Sent: Saturday, January 27, 2007 1:34 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries
>
> i don't agree.
> the /24 is included in the /16.
> You won't have layer 3 routing between the two site, at least from the
> primary to the secondary. Even if it will work from a routing point of
> view
> from the secondary to the primary.
>
> what's the point ?
>
> Regards,
> Mathieu CHATEAU
> http://lordoftheping.blogspot.com
>
>
> - Original Message -
> From: "Brian Desmond" <[EMAIL PROTECTED]>
> To: 
> Sent: Saturday, January 27, 2007 6:58 PM
> Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries
>
>
> OK well you don't need a layer 2 link to do what the OP wants...
>
> Thanks,
> Brian Desmond
> [EMAIL PROTECTED]
>
> c - 312.731.3132
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:ActiveDir-
> > [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
> > Sent: Saturday, January 27, 2007 12:53 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries
> >
> > hi,
> >
> > i am coming from network job, so i am used to sub/super netting
> somehow
> > :)
> > thanks anyway !
> >
> > Regards,
> > Mathieu CHATEAU
> > http://lordoftheping.blogspot.com
> >
> >
> > - Original Message -
> > From: "Brian Desmond" <[EMAIL PROTECTED]>
> > To: 
> > Sent: Saturday, January 27, 2007 6:47 PM
> > Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries
> >
> >
> > While your math is right you should look up supernetting and
> subnetting
> > somewhere.
> >
> > Thanks,
> > Brian Desmond
> > [EMAIL PROTECTED]
> >
> > c - 312.731.3132
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:ActiveDir-
> > > [EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU
> > > Sent: Saturday, January 27, 2007 4:17 AM
> > > To: ActiveDir@mail.activedir.org
> > > Subject: Re: [ActiveDir] Overlapping AD Subnet Boundaries
> > >
> > > In my opinion, there is a pure TCP/IP network issue...
> > >
> > > A sample example:
> > > The DC is 10.10.0.1 with a netmask of 255.255.0.0 (/16 as
> indicated).
> > > if you try to ping 10.10.41.104, it will try to communicate on the
> > LAN,
> > > seeking its arp.
> > > It won't send packet to the gateway since 10.10.41.0 must be on the
> > > LAN.
> > >
> > > The only way to get it work is to use a Layer 2 link between both
> > site.
> > >
> > >
> > > Regards,
> > > Mathieu CHATEAU
> > > http://lordoftheping.blogspot.com
> > >
> > >
> > > - Original Message -
> > > From: "Almeida Pinto, Jorge de"
> > <[EMAIL PROTECTED]>
> > > To: 
> > > Sent: Friday, January 26, 2007 11:37 PM
> > > Subject: RE: [ActiveDir] Overlapping AD Subnet Boundaries
> > >
> > >
> > > it will go for the second site 10.10.41.0/24 (= best matching)
> > >
> > > Met vriendelijke groeten / Kind regards,
> > > Ing. Jorge de Almeida Pinto
> > > Senior Infrastructure Consultant
> > > MVP Windows Server - Directory Services
> > >
> > > LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
> > > (   Tel : +31-(0)40-29.57.777
> > > (   Mobile : +31-(0)6-26.26.62.80
> > > *   E-mail : 
> > >
> > > 
> > >
> > > From: [EMAIL PROTECTED] on behalf of Brian Cline
> > > Sent: Fri 2007-01-26 22:19
> > > To: ActiveDir@mail.activedir.org
> > > Subject: [ActiveDir] Overlapping AD Subnet Boundaries
> > >
> > >
> > >
> > > Say I create an AD subnet of 10.10.0.0/16 and assign it to our
> > primary
> > > site,
> > > and another subnet as 10.10.41.0/24 and assign it to a secondary
> > site.
> > > Will
> > > AD treat a client address of, say, 10.10.41.104 as a client on the
> > > secondary
> > > site, or will it default to the more general primary subnet? The
> > reason
> > > I
> > > ask is we now have a need for a second AD site (I can see all the
> > > enterprise
> > > folks grinning now) and we have quite a number of other subnets
> that
> > > I'd
> > > have to manually enter if this is not the case. I don't mind doing
> > it,
> > > but I
> > > was curious either way.
> > >
> > > Brian Cline, Applications Developer
> > > Department of Information Technology
> > > G&P Trucking Company, Inc.
> > > 803.936.8595 Direct Line
> > > 800.922.1147 Toll-Free (x8595)
> > > 803.739.1176 Fax
> > >
> > >
> > >
> > > This e-mail and any a