[ActiveDir] Please Remove Me From your List
I will be on vacation for two weeks .
RE: [ActiveDir] Outlook Exchange
I am not sure if this is what you want. When you create a pst file you have the option of where to save it. Go to Mail in the Control Panel, Under Mail Setup click data files under Outlook Data Files, Select add then personal folder file (pst file) You can choose where to save it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of patrick Sent: Friday, January 13, 2006 12:33 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Outlook Exchange NOBODY??? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of patrick Sent: Thursday, January 12, 2006 10:20 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Outlook Exchange Could someone please expand on how to setup a PST and how to get it to download to the pst so as not to stay on the email server? Thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Windows 2003 Server
There are a few pdf files that I can not delete on my file and print server. I have domain admin permissions and the file is not read only. It gives me the error messages that the file is in use. I don't want to reboot the server. Has anyone else had this problem and what was the solution?
RE: [ActiveDir] Windows 2003 Server
Thanks for the info, but it did not work The pdf files did not show up as being in use. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, January 05, 2006 10:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server You can try this. On the file server run the command NET FILE Look for the files in question. Write down the ID Then when you have the IDs NET FILE ID /CLOSE DEL FILE Obviously replace ID with the ID from the NET FILE enumeration. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Thursday, January 05, 2006 10:03 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Windows 2003 Server There are a few pdf files that I can not delete on my file and print server. I have domain admin permissions and the file is not read only. It gives me the error messages that the file is in use. I don't want to reboot the server. Has anyone else had this problem and what was the solution? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Windows 2003 Server
I had already tried that and it did not work. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi Sent: Thursday, January 05, 2006 11:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server I've had this happen before and have always been able to remove all permissions to the file in question with the exception of Domain Admins or my personal log in, depending on the situation. Usually it is removing the System permissions that does the trick though. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Thursday, January 05, 2006 9:03 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Windows 2003 Server There are a few pdf files that I can not delete on my file and print server. I have domain admin permissions and the file is not read only. It gives me the error messages that the file is in use. I don't want to reboot the server. Has anyone else had this problem and what was the solution? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Windows 2003 Server
I did try this, but the problem is that the pdf files are not showing open even though the error message says they are From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Thursday, January 05, 2006 11:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server GUI-wise, a tool you can use is My Computer/manage/System Tools/Shared Folders/Open Files. Highlight the file in question, right-click, Close Open File. hth, Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Thursday, January 05, 2006 9:03 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Windows 2003 Server There are a few pdf files that I can not delete on my file and print server. I have domain admin permissions and the file is not read only. It gives me the error messages that the file is in use. I don't want to reboot the server. Has anyone else had this problem and what was the solution?
RE: [ActiveDir] Windows 2003 Server
I tried all and to no avail. The process could not be found. They are all pdf files and I can make a copy of them and am able to delete them without problems. Looks like I will have to reboot -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, January 05, 2006 11:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server Shoot over to sysinternals and look for their handle tool that will show you what processes have handles open to files. You may not have a choice but to reboot if you can't find what is holding the files. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Thursday, January 05, 2006 11:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server Thanks for the info, but it did not work The pdf files did not show up as being in use. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, January 05, 2006 10:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server You can try this. On the file server run the command NET FILE Look for the files in question. Write down the ID Then when you have the IDs NET FILE ID /CLOSE DEL FILE Obviously replace ID with the ID from the NET FILE enumeration. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Thursday, January 05, 2006 10:03 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Windows 2003 Server There are a few pdf files that I can not delete on my file and print server. I have domain admin permissions and the file is not read only. It gives me the error messages that the file is in use. I don't want to reboot the server. Has anyone else had this problem and what was the solution? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Windows 2003 Server
I had already tried that and received the same error message as I did in Explorer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Thursday, January 05, 2006 3:28 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server I have had this in Explorer and I have just fired up CMD and deleted them that way - with no issue. I know it sounds simplistic but it worked. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: 05 January 2006 20:09 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server I have seen this behavior too, but never got to the bottom of it. I ended up being pretty certain that antivirus software was locking it though. I have also seen the OS itself lock files, when it's trying to show a preview or for other unknown reasons. Sometimes opening a command prompt window to the file's parent folder, and then killing explorer with task manager, enabled me to delete it. Good luck Rich --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I love the smell of red herrings in the morning - anonymous -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Thursday, January 05, 2006 1:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server I tried all and to no avail. The process could not be found. They are all pdf files and I can make a copy of them and am able to delete them without problems. Looks like I will have to reboot -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, January 05, 2006 11:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server Shoot over to sysinternals and look for their handle tool that will show you what processes have handles open to files. You may not have a choice but to reboot if you can't find what is holding the files. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Thursday, January 05, 2006 11:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server Thanks for the info, but it did not work The pdf files did not show up as being in use. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, January 05, 2006 10:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Windows 2003 Server You can try this. On the file server run the command NET FILE Look for the files in question. Write down the ID Then when you have the IDs NET FILE ID /CLOSE DEL FILE Obviously replace ID with the ID from the NET FILE enumeration. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Thursday, January 05, 2006 10:03 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Windows 2003 Server There are a few pdf files that I can not delete on my file and print server. I have domain admin permissions and the file is not read only. It gives me the error messages that the file is in use. I don't want to reboot the server. Has anyone else had this problem and what was the solution? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail
RE: [ActiveDir] FSMO role transfer
Your links did not work -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, December 01, 2005 11:34 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FSMO role transfer Hey Rich - no need to script one yourselfRobbie's cookbook recipe 3.25 and 3.26 deal nicely with FSMO roles. 3.26 contains VBScript and Perl to transfer FSMO roles. http://www.rallenhome.com/books/adcookbook/code.html http://www.rallenhome.com/books/adcookbook/src/03.25-find_fsmos.vbs.txt http://www.rallenhome.com/books/adcookbook/src/03.26-transfer_fsmo.vbs.txt r/ Lou -Original Message- I was curious to see, with all these posts, no one ponied up with a real script to help out all these folks who are 1) not scripters and 2) amazed that moving the roles could be that easy. (I would post one but I have not actually scripted this... it's not currently my job :) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Display in ADUC
We have 2003 AD. I changed the display name of a user in their property sheet but it still shows the old display name when you look at it in Active Directory Users and Computers. You can look at the properties and it shows the new display name.. What else do I need to do?
[ActiveDir] Scripts
Does anyone know of a script I can include in the login scripts to change the local admin passwords on the computers in my environment? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Home Directories
So now you can map the user's H: drive or whatever to \\server\home1\johndoe. Hope that helps... :m:dsm:cci:mvp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Friday, May 27, 2005 10:50 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Home Directories But it also allows then to create new folders under the top level Home share. Is there a way around that? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 27, 2005 10:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories Now that your share-level permissions are correct, you need to add the individual user to their respective home folder and grant modify permissions (ntfs). That should give them change access to their files. :m:dsm:cci:mvp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Friday, May 27, 2005 9:04 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Home Directories I appreciate all the feedback. I had to end up giving domain users change access on the top level Home share folder. (On both file and share) I removed domain users from the individual home directory/folders. The problem I have with the solution is that won't users be able to create folders in the Home Folder? Is there a solution to this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 27, 2005 8:30 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories Sorry. Please don't perceive my earlier post as disrespecting your opinion. Simply typing in brevity. :) At any rate, I read it as a user end permission error, not as a copy process failure. :m:dsm:cci:mvp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, May 26, 2005 6:34 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories No problem in disagreeing, as long as we can respect each others opinions. Granted Debbie did not give a us lot of details, but based on what Debbie wrote, it sounds like she is having trouble copying the files from the server, and if her users had full control enabled on the original NT 4 home directory, then in the middle of the move process she would probably have an access denied even though she is the admin. By taking ownership of the files prior to her move this issue would be resolved. She also stated that the permissions are change ( Change for end users is better then Full control in my option) and Debbie stated that she has moved some of the files and that leads me to believe that the permissions on the target server have at least write access at the Share and NTFS permission level. I am also sure that Debbie was at least smart enough to verify the share level and file permissions on the new target server prior to posting on this list, however I doubt if she went through all the files on the source server to verify that none of them had full control as a ACL for the user account in question. The other issue that she me be experiencing is that if the files are currently in use the they will be locked also stopping the move process from occurring. Well that's my two cents, Jose -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 26, 2005 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories I disagree. Taking ownership isn't going to fix the permissions issues for the user at the opposite end. I'm leaning towards a share-level permission problem, since 2003 by default sets shares at Everyone:Read while NT was Everyone:Full Control. :m:dsm:cci:mvp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, May 26, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories Hi Debbie, This sounds like you need to take ownership of all the files in each home directory before moving the data. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ellis, Debbie Sent: Thursday, May 26, 2005 12:45 PM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Home Directories We are in the process of moving our user's home directories from NT server to 2003 server. We have moved some and have ran into a problem. The user's are unable to delete or add but the effective permissions is change access. Has anyone ran into this issue? List info : http://www.activedir.org/List.aspx List FAQ: http
RE: [ActiveDir] Home Directories
I appreciate all the feedback. I had to end up giving domain users change access on the top level Home share folder. (On both file and share) I removed domain users from the individual home directory/folders. The problem I have with the solution is that won't users be able to create folders in the Home Folder? Is there a solution to this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 27, 2005 8:30 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories Sorry. Please don't perceive my earlier post as disrespecting your opinion. Simply typing in brevity. :) At any rate, I read it as a user end permission error, not as a copy process failure. :m:dsm:cci:mvp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, May 26, 2005 6:34 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories No problem in disagreeing, as long as we can respect each others opinions. Granted Debbie did not give a us lot of details, but based on what Debbie wrote, it sounds like she is having trouble copying the files from the server, and if her users had full control enabled on the original NT 4 home directory, then in the middle of the move process she would probably have an access denied even though she is the admin. By taking ownership of the files prior to her move this issue would be resolved. She also stated that the permissions are change ( Change for end users is better then Full control in my option) and Debbie stated that she has moved some of the files and that leads me to believe that the permissions on the target server have at least write access at the Share and NTFS permission level. I am also sure that Debbie was at least smart enough to verify the share level and file permissions on the new target server prior to posting on this list, however I doubt if she went through all the files on the source server to verify that none of them had full control as a ACL for the user account in question. The other issue that she me be experiencing is that if the files are currently in use the they will be locked also stopping the move process from occurring. Well that's my two cents, Jose -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 26, 2005 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories I disagree. Taking ownership isn't going to fix the permissions issues for the user at the opposite end. I'm leaning towards a share-level permission problem, since 2003 by default sets shares at Everyone:Read while NT was Everyone:Full Control. :m:dsm:cci:mvp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, May 26, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories Hi Debbie, This sounds like you need to take ownership of all the files in each home directory before moving the data. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ellis, Debbie Sent: Thursday, May 26, 2005 12:45 PM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Home Directories We are in the process of moving our user's home directories from NT server to 2003 server. We have moved some and have ran into a problem. The user's are unable to delete or add but the effective permissions is change access. Has anyone ran into this issue? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Home Directories
But it also allows then to create new folders under the top level Home share. Is there a way around that? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 27, 2005 10:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories Now that your share-level permissions are correct, you need to add the individual user to their respective home folder and grant modify permissions (ntfs). That should give them change access to their files. :m:dsm:cci:mvp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Friday, May 27, 2005 9:04 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Home Directories I appreciate all the feedback. I had to end up giving domain users change access on the top level Home share folder. (On both file and share) I removed domain users from the individual home directory/folders. The problem I have with the solution is that won't users be able to create folders in the Home Folder? Is there a solution to this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 27, 2005 8:30 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories Sorry. Please don't perceive my earlier post as disrespecting your opinion. Simply typing in brevity. :) At any rate, I read it as a user end permission error, not as a copy process failure. :m:dsm:cci:mvp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, May 26, 2005 6:34 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories No problem in disagreeing, as long as we can respect each others opinions. Granted Debbie did not give a us lot of details, but based on what Debbie wrote, it sounds like she is having trouble copying the files from the server, and if her users had full control enabled on the original NT 4 home directory, then in the middle of the move process she would probably have an access denied even though she is the admin. By taking ownership of the files prior to her move this issue would be resolved. She also stated that the permissions are change ( Change for end users is better then Full control in my option) and Debbie stated that she has moved some of the files and that leads me to believe that the permissions on the target server have at least write access at the Share and NTFS permission level. I am also sure that Debbie was at least smart enough to verify the share level and file permissions on the new target server prior to posting on this list, however I doubt if she went through all the files on the source server to verify that none of them had full control as a ACL for the user account in question. The other issue that she me be experiencing is that if the files are currently in use the they will be locked also stopping the move process from occurring. Well that's my two cents, Jose -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 26, 2005 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories I disagree. Taking ownership isn't going to fix the permissions issues for the user at the opposite end. I'm leaning towards a share-level permission problem, since 2003 by default sets shares at Everyone:Read while NT was Everyone:Full Control. :m:dsm:cci:mvp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, May 26, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories Hi Debbie, This sounds like you need to take ownership of all the files in each home directory before moving the data. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ellis, Debbie Sent: Thursday, May 26, 2005 12:45 PM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Home Directories We are in the process of moving our user's home directories from NT server to 2003 server. We have moved some and have ran into a problem. The user's are unable to delete or add but the effective permissions is change access. Has anyone ran into this issue? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List
RE: [ActiveDir] Home Directories
This did it. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 27, 2005 11:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories Yes, make sure that the top level home folder that your share is pointing to does not have rights for those users to make changes. They should only have rights at their individual folder. For instance: Share Level Perms \\server\home1 is your home folder share which has the following perms: Administrators - FC Domain Users - C NTFS Perms That folder maps to h:\home1 on your server. Home1 should have the following: Administrators - FC There's a user folder under home1 that exists under home1 that maps to JohnDoe such as h:\home1\johndoe. At the johndoe folder, you want to make sure the following permissions are set: Administrators - FC JohnDoe - Modify So now you can map the user's H: drive or whatever to \\server\home1\johndoe. Hope that helps... :m:dsm:cci:mvp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Friday, May 27, 2005 10:50 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Home Directories But it also allows then to create new folders under the top level Home share. Is there a way around that? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 27, 2005 10:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories Now that your share-level permissions are correct, you need to add the individual user to their respective home folder and grant modify permissions (ntfs). That should give them change access to their files. :m:dsm:cci:mvp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Friday, May 27, 2005 9:04 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Home Directories I appreciate all the feedback. I had to end up giving domain users change access on the top level Home share folder. (On both file and share) I removed domain users from the individual home directory/folders. The problem I have with the solution is that won't users be able to create folders in the Home Folder? Is there a solution to this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 27, 2005 8:30 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories Sorry. Please don't perceive my earlier post as disrespecting your opinion. Simply typing in brevity. :) At any rate, I read it as a user end permission error, not as a copy process failure. :m:dsm:cci:mvp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, May 26, 2005 6:34 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories No problem in disagreeing, as long as we can respect each others opinions. Granted Debbie did not give a us lot of details, but based on what Debbie wrote, it sounds like she is having trouble copying the files from the server, and if her users had full control enabled on the original NT 4 home directory, then in the middle of the move process she would probably have an access denied even though she is the admin. By taking ownership of the files prior to her move this issue would be resolved. She also stated that the permissions are change ( Change for end users is better then Full control in my option) and Debbie stated that she has moved some of the files and that leads me to believe that the permissions on the target server have at least write access at the Share and NTFS permission level. I am also sure that Debbie was at least smart enough to verify the share level and file permissions on the new target server prior to posting on this list, however I doubt if she went through all the files on the source server to verify that none of them had full control as a ACL for the user account in question. The other issue that she me be experiencing is that if the files are currently in use the they will be locked also stopping the move process from occurring. Well that's my two cents, Jose -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 26, 2005 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Home Directories I disagree. Taking ownership isn't going to fix the permissions issues for the user at the opposite end. I'm leaning towards a share-level permission problem, since 2003 by default sets shares at Everyone:Read while NT was Everyone:Full Control. :m:dsm:cci:mvp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent
[ActiveDir] Home Directories
We are in the process of moving our users home directories from NT server to 2003 server. We have moved some and have ran into a problem. The users are unable to delete or add but the effective permissions is change access. Has anyone ran into this issue?
RE: [ActiveDir]
There is no way I would attempt to have each school a separate domain. You would have an administrative nightmare. You would need to have at least 27 domain controllers. Ideally you would have at least two for each domain for redundancy so that would mean 54 DC's. I would use OU's. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eddie Greene Sent: Monday, May 16, 2005 12:39 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] We have not rolled out AD yet and are banging our heads against the wall figuring out which way to go. We have 24 Schools 1 Main office, 1 Maintenance shop, 1 Bus Garage. would it be best for use to roll out a single domain or 27 domains in our forest. it is not important for our users to be able to go to other locations and log into the system. It would be nice to be able to replicate a folder with all the schools that contains programs you never have when you need them (i.e. Adobe). I haven't got a clear understanding of Domains vs. OUs. One way I read it would be best for each school to be a domain and in another reading I think that each school just needs to be their own OU. any help would be greatly appreciated Eddie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] 2003 DNS
I thought I read about an issue with having a 2003 DNS server pointing to itself as the preferred or primary DNS Server. Has anyone heard about this issue and if so, where can I find documentation on it?
[ActiveDir] SUS
We are going to deploy SUS sometimes soon. Can patches be deployed to machines while the user is logged off but the machine is turned on?
RE: [ActiveDir] RDP
My company was using Standard and auto enrollment would not work. We consulted our TAM and he said we had to have Enterprise for Auto Enrollment. Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Tuesday, November 16, 2004 10:28 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ken Cornetet wrote: You also need enterprise for autoenrollment. Weird, I wonder why autoenrollment works for me then? I'm only running standard, not enterprise. Autoenrollment is definitely working. - Robbie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, November 15, 2004 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP There are a number of PKI things that can't be done without Enterprise Edition. I believe the most important being extra certificate templates that can be used (although my terminology may be wrong). Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] RDP
I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). The problem I am having is when I try to connect remotely via Remote Desktop Protocol, the server reboots. It worked fine before the upgrade. Has anyone experienced this problem or know a solution?
RE: [ActiveDir] RDP
When it tries to connect, before the log on screen. Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. The problem I am having is when I try to connect remotely via Remote Desktop Protocol, the server reboots. It worked fine before the upgrade. Has anyone experienced this problem or know a solution? Does this happen as soon as the connection is established, or while you're logging on? I've never been a fan of domain controller upgrades. Too many things can break or become unstable. You're better off demoting it and rebuilding it from scratch. - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Shadow Copy
I don't really need faul tolerance at all for Shadow Copy if I am maintaining regular backups do I? Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 10:24 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Shadow Copy assuming you're talking about Shadow Copy Restore feature: - how many changes do your users make per day and how many versions of the documents do you want to keep? = this will determine the space you should calculate for each volume. Add 105 MB, which is what the feature requires for itself. - how much extra fault-tolerance do you need? you don't need to put the previous versions data on a particular safe disk = could also be RAID 0 or separte disks. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Tuesday, October 19, 2004 1:12 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Shadow Copy Is there any formula for figuring out how much hard drive space you will need ? Also which is better, Raid 5 or mirror sets for Shadow Copy? Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: Robert Mezzone [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 6:18 PM To: '[EMAIL PROTECTED]' Subject: Re: [ActiveDir] Shadow Copy There is an article in TechNet about formatting the drive with a certain cluster size, if you don't and you defrag the drive, all your snapshots are deleted during defrag. I've been using it for a year now wo any problems. I store all the snapshots on a dedicated set of mirrored drives. Between shadow copy and a long retention time for undelete, I have't restored anything from tape in a very long time. Robert -Original Message- From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Sent: Mon Oct 18 15:41:39 2004 Subject: [ActiveDir] Shadow Copy My company is thinking of instituting Shadow Copy. Any advice would be appreciated. What are the approximate costs ? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Shadow Copy
Is there any formula for figuring out how much hard drive space you will need ? Also which is better, Raid 5 or mirror sets for Shadow Copy? Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: Robert Mezzone [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 6:18 PM To: '[EMAIL PROTECTED]' Subject: Re: [ActiveDir] Shadow Copy There is an article in TechNet about formatting the drive with a certain cluster size, if you don't and you defrag the drive, all your snapshots are deleted during defrag. I've been using it for a year now wo any problems. I store all the snapshots on a dedicated set of mirrored drives. Between shadow copy and a long retention time for undelete, I have't restored anything from tape in a very long time. Robert -Original Message- From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Sent: Mon Oct 18 15:41:39 2004 Subject: [ActiveDir] Shadow Copy My company is thinking of instituting Shadow Copy. Any advice would be appreciated. What are the approximate costs ? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory Monitoring Tools
We would like to do both From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 13, 2004 9:27 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Active Directory Monitoring Tools MOM is a great tool, but I never recommend email alerts if you're also an Exchange shop. If Active Directory is having problems, it's possible that email won't work. Paging or text messaging is much more reliable. Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Tuesday, July 13, 2004 9:16 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Monitoring Tools My company is looking to purchase a tool that will monitor Active Directory and send an email when there are critical errors. What are your recommendations?
RE: [ActiveDir] Active Directory Monitoring Tools
Thanks, in fact I just downloaded an eval version of App Manager. We used their migration suite and had great results. Have you used App Manager and are you happy with it? From: Peter Johnson [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 13, 2004 10:16 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Monitoring Tools Also take a look at the NetIQ tools particularly App Manager and some of the SAS tools as well as their Security tools From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rachui, Scott Sent: 13 July 2004 15:28 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory Monitoring Tools Microsoft Operations Manager is very good, especially with the newest version (2005) about to come out. Also, NetPro makes a nice suite of products. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Ellis, Debbie Sent: Tuesday, July 13, 2004 8:16 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Monitoring Tools My company is looking to purchase a tool that will monitor Active Directory and send an email when there are critical errors. What are your recommendations?
RE: [ActiveDir] 2003 Domain Controllers
Thanks. I stopped and restarted the FRS service on both dc's and no longer receive the error message. From: Rachui, Scott [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 29, 2004 12:04 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] 2003 Domain Controllers There's an event log message in your File Replication log that's reporting an error. Check there and look that error up. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Ellis, Debbie Sent: Tuesday, June 29, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] 2003 Domain Controllers When running DCDIAG on one of my dc's I receive the following message: Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems I did a search on Technet but could not find the message. Does anyone have an idea of what it means?
RE: [ActiveDir] AD diagnostic tools
AD Tools -Original Message- From: Elton Gouvêa Pimentel [mailto:[EMAIL PROTECTED] Sent: Monday, June 28, 2004 1:25 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD diagnostic tools Dear friends,  Does anyone knows any tools to diagnose problems on AD ? Thanks, Elton Pimentel. List info  : http://www.activedir.org/mail_list.htm List FAQ   : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active directory Error
Have you looked at DNS? Can you ping the other domain controllers from this dc? -Original Message- From: Roseta Radfar [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 9:19 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active directory Error hi, I have active directory installed on my DC. but when i click on it . This gives error: The list of domain controllers for domain is unavailable because the RPC server is unavailable. what is this error and how can i correct it? any help is appriciated. roseta .+-wi0g-+YbmPi0-+bf.+-j! 0j!oryIV+v* List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] User Icons
I am looking at group memberships in various groups in my AD structure and notice some user icons are dim or gray looking. What does this mean? Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 attachment: image001.jpg
RE: [ActiveDir] User Icons
The whole user icon is dimmed or gray and other users in the same group arenot dimmed or gray. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, June 21, 2004 2:12 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] User Icons Hey Debbie, take a look here http://support.microsoft.com/default.aspx?scid=kb;en-us;281923 |-+-- | | Ellis, Debbie| | | [EMAIL PROTECTED]| | | m | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 06/21/2004 12:55 PM| | | Please respond to | | | ActiveDir | | | | |-+-- --- -| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: [ActiveDir] User Icons | --- -| I am looking at group memberships in various groups in my AD structure and notice some user icons are dim or gray looking. What does this mean? Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 (Embedded image moved to file: pic01990.jpg) List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Research Question
Title: OT: Research Question Pay Benefits Flexibility From: DL.ActiveDirectory [mailto:[EMAIL PROTECTED] Sent: Thursday, May 13, 2004 1:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question Paydays? Thank you, Mitch Lawrence -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zach Huseby Sent: Thursday, May 13, 2004 11:59 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question the 2nd and the 18th of each month. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DL.ActiveDirectory Sent: Thursday, May 13, 2004 10:05 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Research Question Hello, I am doing research for a college project, and I would appreciate any feedback I can get on the following question: As an IT professional, what factors in your employment make a difference to you? Why? I really appreciate the time you take to give me some insight into your world. Thank you, Mitch Noob college student
RE: [ActiveDir] Migration Dilemma
My company used Net IQ and had great results. Cost was about 6.00 per user for the whole suite. (Includes Exchange Migrator) We tried ADMT but had problems with the local profiles migrating over to the new domain. -Original Message- From: Morris, Adam [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 11:41 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Migration Dilemma Hello, We are in the process of planning our migration from NT 4 to Windows 2000 AD. Last year we deployed a minimal AD site in order to roll-out Exchange 2000 for our users. User accounts and mailboxes were created in the new domain but no users were migrated. Some initial testing with the ADMT indicates that it will not produce the desired results. At this time I can see 2 possible plans of action and I'm looking for some better options. (Like maybe another way to migrate the SID's to the new accounts in AD or a way to get ADMT to update the existing accounts instead of replacing them). Plan 1: Back up all the user mailboxes, wipe the AD accounts, use ADMT to move all the accounts/gropus, and then restore mailbox data. Plan 2: Spend the time to develop custom scripts that will add/create the appropriate groups and script as much of the migration as possible. Currently we have close to 150 groups for around 400 users and multiple file servers so the thought of doing a manual migration process is pretty painful. If anybody has any suggestions or thoughts I'd much appreciate the feedback. Thank you! Adam Morris List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] DHCP
We are almost completed with our migration to AD 2003. Our users are migrated and we have been using the DHCP Server in the old domain. I am a member of the Domain Admin Group and Enterprise Admin Group in the new domain. I tried to authorize the scopes on a domain controller in the new domain and received an access denied message. Do any of you know why I would be getting this error message?
RE: [ActiveDir] DHCP
I should re phrase this. I tired to authorize the DHCP Server, not activate the scopes. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 7:53 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] DHCP We are almost completed with our migration to AD 2003. Our users are migrated and we have been using the DHCP Server in the old domain. I am a member of the Domain Admin Group and Enterprise Admin Group in the new domain. I tried to authorize the scopes on a domain controller in the new domain and received an access denied message. Do any of you know why I would be getting this error message?
RE: [ActiveDir] DHCP
Title: Message Do we have to have a DHCP Server installed in the Forest Root? It is an empty forest root. I have tried logging in to the forest root on the Domain Controller DHCP is installed on, but there is no option given to authorize the server. I am using DHCP Admin tool. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 8:42 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP Log in as an enterprise admin in the forest root and try it. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 8:33 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP I am logging into the child domain of the Forest root domain. I am a member of the Enterprise Admin group We are 2003 function level. -Original Message- From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 8:20 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DHCP Hi, What is your forest/domain structure and to what domain do you logon to and what account are you using (including memberships) and what is the domain functionality level of the domain(s)? To authorize a DHCP server you must have one of the following memberships: * Root Domain Domain admins * Root Domain Enterprise admins These groups have the correct permissions on the NetServices container in Active Directory Sites and Services under the Services node to authorize DHCP servers. regards, Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Monday, March 15, 2004 14:00 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP I should re phrase this. I tired to authorize the DHCP Server, not activate the scopes. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 7:53 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] DHCP We are almost completed with our migration to AD 2003. Our users are migrated and we have been using the DHCP Server in the old domain. I am a member of the Domain Admin Group and Enterprise Admin Group in the new domain. I tried to authorize the scopes on a domain controller in the new domain and received an access denied message. Do any of you know why I would be getting this error message? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: [ActiveDir] DHCP
Title: Message Thanks, you are always a great deal of help. Where do I get the snap in? I tried to add it with mmc. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 9:11 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP I log into a forest root domain controller, as an enterprise admin/domain admin (in the forest root) to authorize DHCP servers when I need to do it (which is rarely). The only requirement is that you have the DHCP snap in installed on that box. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 9:04 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP Do we have to have a DHCP Server installed in the Forest Root? It is an empty forest root. I have tried logging in to the forest root on the Domain Controller DHCP is installed on, but there is no option given to authorize the server. I am using DHCP Admin tool. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 8:42 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP Log in as an enterprise admin in the forest root and try it. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 8:33 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP I am logging into the child domain of the Forest root domain. I am a member of the Enterprise Admin group We are 2003 function level. -Original Message- From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 8:20 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DHCP Hi, What is your forest/domain structure and to what domain do you logon to and what account are you using (including memberships) and what is the domain functionality level of the domain(s)? To authorize a DHCP server you must have one of the following memberships: * Root Domain Domain admins * Root Domain Enterprise admins These groups have the correct permissions on the NetServices container in Active Directory Sites and Services under the Services node to authorize DHCP servers. regards, Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Monday, March 15, 2004 14:00 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP I should re phrase this. I tired to authorize the DHCP Server, not activate the scopes. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 7:53 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] DHCP We are almost completed with our migration to AD 2003. Our users are migrated and we have been using the DHCP Server in the old domain. I am a member of the Domain Admin Group and Enterprise Admin Group in the new domain. I tried to authorize the scopes on a domain controller in the new domain and received an access denied message. Do any of you know why I would be getting this error message? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: [ActiveDir] DHCP
Title: Message Thanks this worked J -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 10:32 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP Install adminpak.msi on the server is the easiest way -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 10:08 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP Thanks, you are always a great deal of help. Where do I get the snap in? I tried to add it with mmc. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 9:11 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP I log into a forest root domain controller, as an enterprise admin/domain admin (in the forest root) to authorize DHCP servers when I need to do it (which is rarely). The only requirement is that you have the DHCP snap in installed on that box. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 9:04 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP Do we have to have a DHCP Server installed in the Forest Root? It is an empty forest root. I have tried logging in to the forest root on the Domain Controller DHCP is installed on, but there is no option given to authorize the server. I am using DHCP Admin tool. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 8:42 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP Log in as an enterprise admin in the forest root and try it. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 8:33 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP I am logging into the child domain of the Forest root domain. I am a member of the Enterprise Admin group We are 2003 function level. -Original Message- From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 8:20 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DHCP Hi, What is your forest/domain structure and to what domain do you logon to and what account are you using (including memberships) and what is the domain functionality level of the domain(s)? To authorize a DHCP server you must have one of the following memberships: * Root Domain Domain admins * Root Domain Enterprise admins These groups have the correct permissions on the NetServices container in Active Directory Sites and Services under the Services node to authorize DHCP servers. regards, Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Monday, March 15, 2004 14:00 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DHCP I should re phrase this. I tired to authorize the DHCP Server, not activate the scopes. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 7:53 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] DHCP We are almost completed with our migration to AD 2003. Our users are migrated and we have been using the DHCP Server in the old domain. I am a member of the Domain Admin Group and Enterprise Admin Group in the new domain. I tried to authorize the scopes on a domain controller in the new domain and received an access denied message. Do any of you know why I would be getting this error message? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: [ActiveDir] Domain Membership (Specify an Organizational Unit )
Title: Domain Membership (Specify an Organizational Unit) We tested out ADMT but had problems migrating the local user profiles on the machines. We started using NetIQ's Migration Suite and it worked great. We had 1500 users to migrate. -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 8:31 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Domain Membership (Specify an Organizational Unit) You can use ADMT V2.0 or any third party migration tool (Net IQ, Fastlane, Bind View etc) for this. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kent Maxwell Sent: Tuesday, February 24, 2004 3:54 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Domain Membership (Specify an Organizational Unit) I need to migrate several client computers from an NT 4.0 domain to a specific Organizational Unit in a new Active Directory. Is this possible? If so how can I do this? Additionally, I need retain and move the user profile folder from the NT 4.0 domain account to the new AD Account. Is there any way I can do this? Thank you for all the help! - This e-mail is intended for the use of the addressee (s) only and may contain privileged, confidential, or proprietary information that is exempt from disclosure under law. If you have received this message in error, please inform us promptly by reply e-mail, then delete the e-mail and destroy any printed copy. Thank you.
[ActiveDir] NT Member Server Migration to AD 2003
We have reached the phase in our migration where all the users and their computers have been migrated. We are upgrading most of our member servers to 2000 before migrating. There are a few servers we are leaving at NT4. We are using NetIQ Migration Suite and it works great. The question I have is have any of you had any problems migrating NT 4 member servers to AD? Are there any preparations that need to be done before the member servers are migrated. I know with our NT workstations we installed the directory services client, but I understand that is just for workstations. Our domain controllers are all 2003.
[ActiveDir] Directory Services Client Software
Does anyone know where I can download the dsclient software for Windows 98 clients? I found one for NT 4.0 but not 98. I also did a search on the Server 2003 CD. Thanks as always for your help.
[ActiveDir] Active Directory Users and Computers
We have a Windows 2003 Active Directory Structure. Can I install Active Directory Users and Computers on my Windows XP computer and use it to administer the domain? If so, how? I have tried but have been unsuccessful.
RE: [ActiveDir] ADMT Vs Third Party Migration Tools
Title: Re: [ActiveDir] We had problems with ADMT not migrating local profiles. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 4:01 PM To: [EMAIL PROTECTED] Subject: ADMT Vs Third Party Migration Tools What are the advantages (other than project based migration) of using any third party migration tools over ADMT V2.0 ? How do you justify the licensing cost if you don't have that much help with third party migration tools? Thanks in advance.
[ActiveDir] Migration Tool
My company has decided not to use ADMT. We are in the market for a migration tool. We checked with Bindview and were told they do not sell their products without also selling "Professional Services" .We are not interested in Professional Services. Can any of you recommend a good migration tool. We will also be migrating Exchange 5.5 to Exchange 2003 later on.
RE: [ActiveDir] Migration Tool
My organization wants to include both in purchasing a migration tool. Why buy one tool for AD migration and another tool for Exchange migration? We don't need to buy the service. -Original Message- From: DiBias, Chip [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 9:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migration Tool Just so everyone is clear on this subject...BindView will sell our NT/NDS migration tools to anyone. The Exchange migration tool however is now sold as a service. We recently changed this to help organizations expedite their Exchange migrations. As you all know Exchange migrations can be complex, challenging, and extremely visible projects. As such we have seen companies get themselves into trouble due to lack of preparedness, knowledge, or time. This is a new bundle and we feel it will lessen the time, stress, and challenges of moving to Exchange 2000/2003. Regards, Chip DiBias -Original Message- From: Chianese, David P. [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 8:15 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migration Tool NETIQ is a bomb IMO. It might as well be vaporware. We did better, and are currently doing better with a homespun vbscript, exmerge and another homespun profile update vbscript. Netiq looked good on paper but when it came down to the migration they left a lot to be desired. One of my biggest peeves about them is that we required a bunch of scripts outside of the netiq product itself and when they originally came in to demo it they told us the scripts would be made available to us. We have to date not received one script from them in helping our migration. In fact, they wanted to charge us for time to write the scripts we needed. We said no thanks and went on with our migration. Just a word of caution for you. Now with that said, our migration was a very complex one to say the least. We did inter-org with 5 different e-mail systems being collapsed to one new E2k org. including our nemesis, the dreaded World Talk switch. Buyer beware! Regards, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Leeuwen van, JWJ (Joost) Sent: Friday, November 14, 2003 8:06 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migration Tool Do not remind me of Aelita and profile updates, it was a total disaster at my site. A script I wrote myself in 2 hours worked a lot better. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: vrijdag 14 november 2003 13:52 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migration Tool I'm not involved directly but my team has been evaluation the Aleita tool. This handles profile updates. They are looking at methods to migrate 60,000 users in two orgs so there is quite a bit to look at. Not sure if this tool is suitable for your environment. I believe they only look at selling this to sites over 3,000 users. from:Ellis, Debbie [EMAIL PROTECTED] date:Fri, 14 Nov 2003 12:03:47 to: [EMAIL PROTECTED] subject: RE: [ActiveDir] Migration Tool Thanks. Did you have problems migrating local profiles? We are looking at NetIQ and Fastlane. NetIQ states they have the lowest cost, but we haven't received a price quote yet from either. I am concerned by the after a few patches... Does the Exchange Migration come bundled in with the Fastlane Migration tool or purchased separately? -Original Message- From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 6:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Migration Tool We're in the middle of a migration and we're using Quest Fastlane Migrator. We bought a small amount (big enough for a pilot of 5 or so sites) to make sure its worthwhile before buying enough for all 6000 users. They will let you 'lease' the software if you don't want to pay so much. That way, since you'll probably never use it again after the migration is over, you can just delete it and it ends up being cheaper. We've had pretty good luck with it (after a few patches). -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 5:27 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Migration Tool My company has decided not to use ADMT. We are in the market for a migration tool. We checked with Bindview and were told they do not sell their products without also selling Professional Services . We are not interested in Professional Services. Can any of you recommend a good migration tool. We will also be migrating Exchange 5.5 to Exchange 2003 later on. ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions
RE: [ActiveDir] Migration Tool
We spoke to the correct group, but why would we want to buy one tool for AD and another tool for Exchange? -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 10:55 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Migration Tool I thought so. It sounds like this company only spoke to your professional services group. Todd -Original Message- From: DiBias, Chip [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 9:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migration Tool Just so everyone is clear on this subject...BindView will sell our NT/NDS migration tools to anyone. The Exchange migration tool however is now sold as a service. We recently changed this to help organizations expedite their Exchange migrations. As you all know Exchange migrations can be complex, challenging, and extremely visible projects. As such we have seen companies get themselves into trouble due to lack of preparedness, knowledge, or time. This is a new bundle and we feel it will lessen the time, stress, and challenges of moving to Exchange 2000/2003. Regards, Chip DiBias -Original Message- From: Chianese, David P. [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 8:15 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migration Tool NETIQ is a bomb IMO. It might as well be vaporware. We did better, and are currently doing better with a homespun vbscript, exmerge and another homespun profile update vbscript. Netiq looked good on paper but when it came down to the migration they left a lot to be desired. One of my biggest peeves about them is that we required a bunch of scripts outside of the netiq product itself and when they originally came in to demo it they told us the scripts would be made available to us. We have to date not received one script from them in helping our migration. In fact, they wanted to charge us for time to write the scripts we needed. We said no thanks and went on with our migration. Just a word of caution for you. Now with that said, our migration was a very complex one to say the least. We did inter-org with 5 different e-mail systems being collapsed to one new E2k org. including our nemesis, the dreaded World Talk switch. Buyer beware! Regards, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Leeuwen van, JWJ (Joost) Sent: Friday, November 14, 2003 8:06 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migration Tool Do not remind me of Aelita and profile updates, it was a total disaster at my site. A script I wrote myself in 2 hours worked a lot better. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: vrijdag 14 november 2003 13:52 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migration Tool I'm not involved directly but my team has been evaluation the Aleita tool. This handles profile updates. They are looking at methods to migrate 60,000 users in two orgs so there is quite a bit to look at. Not sure if this tool is suitable for your environment. I believe they only look at selling this to sites over 3,000 users. from:Ellis, Debbie [EMAIL PROTECTED] date:Fri, 14 Nov 2003 12:03:47 to: [EMAIL PROTECTED] subject: RE: [ActiveDir] Migration Tool Thanks. Did you have problems migrating local profiles? We are looking at NetIQ and Fastlane. NetIQ states they have the lowest cost, but we haven't received a price quote yet from either. I am concerned by the after a few patches... Does the Exchange Migration come bundled in with the Fastlane Migration tool or purchased separately? -Original Message- From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 6:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Migration Tool We're in the middle of a migration and we're using Quest Fastlane Migrator. We bought a small amount (big enough for a pilot of 5 or so sites) to make sure its worthwhile before buying enough for all 6000 users. They will let you 'lease' the software if you don't want to pay so much. That way, since you'll probably never use it again after the migration is over, you can just delete it and it ends up being cheaper. We've had pretty good luck with it (after a few patches). -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 5:27 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Migration Tool My company has decided not to use ADMT. We are in the market for a migration tool. We checked with Bindview and were told they do not sell their products without also selling Professional Services . We are not interested in Professional Services. Can any of you recommend a good migration tool. We will also be migrating Exchange 5.5 to Exchange 2003 later
RE: [ActiveDir] Migration Tool
Title: Message Our migration is very simple, and basic. -Original Message- From: Morley, Scott [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 11:06 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Migration Tool The vendorsI've dealtwith(Quest/Aelita) both wanted Prof Services.initially I felt the same way. Unfortunately, the products aremade for people to do simple migrations. If your migration gets complicated (i.e. simple=migration within a single maintence cycle) then you need to dig into the products. THeir prof services provides the backdoors and the undocumented features to make life easier. In most cases, the documentation provided looks nice and clean, but is utterly deviod of any serious technical content. I've evaluated both products and my descision was based upon the lesser of two evilsreally! Scott Morley MCSE 2000/4.0, Exchange 2000/5.5, MCT, CCNA, CNE, CNI Senior Systems Engineer/Architect Global Messaging Services, Starwood Technology Center Starwood Hotels and Resorts, Worldwide Phone: 781-348-7120 Learning is not compulsory... neither is survival. - W. Edwards Deming -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 10:41 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Migration Tool We have used Bindview, I am surprised to hear Bindview only wants to sell professional services... Bindview has a tools division, and the Professional Services Division. Chip Dibias is on reader on the site and works for Bindview. He might be someone you should talk to maybe clear this up... Aelita is pretty good. They can do NT4 to AD, AD to AD, and Exchange 5.5 to Exchange 2K, pretty well. They like to sell tools, but also offer professional services. My recommendation is to hire the professionals to come in and manage it like a project. That way you build from the Vendors experience, and also put a serious dollar figure on the migration to get people to move their asses, instead of BWM about breaking stuff. Todd -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 6:27 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Migration Tool My company has decided not to use ADMT. We are in the market for a migration tool. We checked with Bindview and were told they do not sell their products without also selling Professional Services .We are not interested in Professional Services. Can any of you recommend a good migration tool. We will also be migrating Exchange 5.5 to Exchange 2003 later on. / This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, beaware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have receivedthis electronic transmission in error, please notify the sender immediately by replying to the address listed in the From: field. BODY
[ActiveDir] User Profile
Does anyone know of a process or service that locks a user profile even when logged off? We are trying to migrate local profiles using ADMT and are receiving an error message that the profile is in use. We have even tried rebooting the pc and not logging on and still receive the same error message.
RE: [ActiveDir] User Profile
I did do a shutdown and reboot but it did not solve the problem. -Original Message- From: Jef Kazimer [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 3:08 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: re: [ActiveDir] User Profile It's that Mysterious error they talk about in the ADMT 2.0 docs, that they say is unknown cause of it. Do a shutdown and reboot of your workstations before you migrate them, and it solves this problem. I meant to send out verification and reboot scripts this week since someone asked this earlier, but I forgot I am in training this week. Send me a noten ext week, and maybe it can be of help. J Original Message: From: Ellis, Debbie [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [ActiveDir] User Profile Date: Wed, 12 Nov 2003 14:30:39 -0500 Does anyone know of a process or service that locks a user profile even when logged off? We are trying to migrate local profiles using ADMT and are receiving an error message that the profile is in use. We have even tried rebooting the pc and not logging on and still receive the same error message. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Bindview and ADMT
Have any of your guys used the Bindview Migration tool? We have been testing the newest ADMT but have run into several problems that are listed below. Have any of you had similar problems? If a member of the domain admin or domain user group is migrated, there are problems with accessing the resources in the source domain. SIDhistory was migrated and instructions from ADMT were followed. There are problems migrating the local profiles on the user's desktops. It shows they were migrated over and no error message in the log files, but they were not migrated. We have tried with the user logged off and logged on.
[ActiveDir] ADMT
We are getting ready to migrate users to our new forest. We want to migrate passwords, but force the user to change the password when they first log on to the new domain.. I did not see a command line reference in ADMT to do this. Is there batch way to require this?
RE: [ActiveDir] Calculating AD replication traffic
Title: RE: [ActiveDir] Calculating AD replication traffic http://www.windows-servers.info/active_directory.htm Scroll close to the bottom and you will see "Free Tools, Utilities and Downloads" F"FreeEFREE Tools, Utilities Tools, -Original Message- From: Mayet, Yusuf Y [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 30, 2003 7:54 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Calculating AD replication traffic How can one get a hold of admapper It will definitely be helpful for future use. Regards, Yusuf __ For information about the Standard Bank group visit our web site www.standardbank.co.za __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___
RE: [ActiveDir] Migrating Computers and Users
I was looking for something where you could import the computer or user names into a text file. I am sorry I was not clear. -Original Message- From: John Reijnders [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 8:58 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migrating Computers and Users I was surprised by your remark that ADMT does not let you migrate compus/users in batch style. I've been through numerous migrations that ran in batches (up to 50K users and compus) using ADMT v2.0. Maybe your definition of batches is something else than mine? I've included some quotes and linksfrom Technet that confirm that batch wise migration (as I define it)is possible using ADMT... http://www.microsoft.com/technet/treeview/default.asp?url=""> http://www.microsoft.com/technet/treeview/default.asp?url=""> http://www.microsoft.com/technet/treeview/default.asp?url=""> If you have a large number of users, groups, or computers to migrate, you can list them in an include file. For example, to create an include file for a batch of computers, create a plain text file and list the computer names, each name on a separate line. Then specify the include file name with the /F option, as follows: ADMT COMPUTER /F "includefile_name" /SD:"source_domain" /TD:"target_domain" /TO:"target_OU" Cheers! John From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: woensdag 29 oktober 2003 14:05 To: [EMAIL PROTECTED] Subject: [ActiveDir] Migrating Computers and Users We plan on migrating our users and computers to a new forest and new domain. I am familiar with ADMT, but it does not appear to let you migrate computers or users in batch style. Does anyone know of a script or tool that will let you migrate more than one user or computer to a new domain? NT 4.0 - Windows 2003 AD.
[ActiveDir] AD 2003
My company is going to migrate from NT 40 to AD 2003. In the design, I have an empty forest root domain (Corp. Atlanta.com) and so far (there will more added later) just have one domain (Non contiguous namespace Atlanta.com). My understanding is the dns name of the domain will be Atlanta.com not Atlanta.corp.atlanta.com. I just wanted to confirm this. I substituted Atlanta for the name of my company.
RE: [ActiveDir] Groups and OU's
Title: Message What are the reasons for delegating the AD Root Identifier? Why delegate read? From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 6:25 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Groups and OU's Per delegation I do the following AD ---Root Identifier +Delegation Description =Del-ID (5 Char Max)Give FC to the Directory Administrators, Enterprise Admins, andSystem; Read to the Data Administrators Authenticated Users. +OU or CN = Users Description = Del_IDUsers Give R/C/M to Full Data Admins, Jr Data Admins, and R/M to Helpdesk. (Contains all Mail-Enabled Users in Delegation) +OU or CN = Groups Description = Del_ID-Groups Give R/C/M to Full Data Admins, Jr Data Admins, and R/M to Helpdesk. (Contains all Org Level Global Groups in delegation) +OU or CN = Computers Description = Del_ID-Computers Give R/C/M to Full Data Admins, Jr Data Admins, and R/M to Helpdesk. (Contains all Workstations in delegation) +OU = OPS Description =Del-ID-OPS GiveR/C to the Full Data Administrators. FC to the Create Owner (Contains Custom OU's for the delegation) + OU or CN = Accounts Description = Del_ID-Accounts Give R/C/M to Full Data Admins, R/C to Jr Data Admins, and R to Helpdesk. (Contains Alt-Admin credentials) + OU or CN = Services Description = Del_ID-ServicesGive R/C/M to Full Data Admins, R to Jr Data Admins and to Helpdesk. (Contains Service Accounts) + OU or CN = Resources Description = Del_ID-Resources Give R/C/M to Full Data Admins,R/C to Jr Data Admins and R to Helpdesk. (Contains DLG for Each Share Resource {Each type of Access}) + OU or CN = DL = Description =Del_ID-DL Give R/C/M to Full Data Admins,R/C to Jr Data Admins and R to Helpdesk. (Contains Mail Enabled UG for each level of org in del) + OU or CN = Contacts Description =Del_ID-Contacts Give R/C/M to Full Data Admins,R/C to Jr Data Admins and R to Helpdesk. (Contains Contacts for the Del) + OU or CN = Servers Description =Del_ID-Servers Give R/C/M to Full Data Admins,R/C to Jr Data Admins and R to Helpdesk. (Contains Servers for the Delegation) + OU or CN =SecGroup Description =Del_ID-SecGroup Give R/G/M to Full Data Admins,R/C Jr Data Admins and R to Helpdesk. (Contains GPO Filter Security Groups, and Special Security Groups) The main driver for this tight model is for easier scriptable delegations. Principles of the design = All OU/CNis identified with asmall 1 word identifierto facilitate searches. Each objects Description field is filled out with the delegation ID a - and the CN name to facilitate with proper identification from searches. OU's allow for additional OU's within the OU. CN's don'tI believe by default do. Data Administration is delegated as Full, Jr, and Helpdesk. Full DA's can create mail enabled DL UG only. GPO linking can be done on the Users/Computers/Accounts/Services/Servers containers for easy troubleshooting and modeling of changes. Full DA's are the only ones who can modify GPO's. FDA and Jr. DA can Link GPO's. Use Security Groups for GPO filtering. Dir Admins create GPO's and delegate them to the Data Admins. All accounts in the Users container are Mail Enabled. All accounts in the Accounts and Services are not mail enabled. (ME Service accounts are normally a Directory Admin, Exchange Admin function in my mind) Groups contains only GG and uses nesting to create organizational groups. Computers contains all workstations. Use GPO Security Groups for filtering. DL contains mail enabled Organizational UG. Use nesting like in the Groups container. Resources contains a DLG for Each resource with specific permissions, R/C/Deny. On the Network Share add each DLG for each Access type to the Share and assign permissions. Administer the DLG for Dir. As you can see I like to control were object creation happens, and also limit the creation of additional OU's if possible to a specific location under OPS. The reason is for Scriptability. If the name space Path is consistent, it is easier to create additional delegations through scripts and ACL them. With a good third-party tool, you can also do form validation, hide OU's from the Data Admins to make the provisioning or resources more focused, and automate certain Administration operations. Like Account Creation validation, transfers, enforcingonly certain types of object creation (Like noLG orUG creation),mailbox creation, etc. What do you all think? What are the Principles of AD delegation! What are theRules forNativeAccess Control Delegation What are the Rules for Proxy Access Control Delegation What are theRules for Native and Proxy Access Control Delegation. Toddler -Original Message- From: Ellis, Debbie [mailto
[ActiveDir] Group Policy
Does anyone have a Group Policy Spreadsheet ? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Group Policy
Could you please send it to [EMAIL PROTECTED] Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 2:23 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Group Policy We do. It is our way to display the GPO's in human readable format. Dan -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 10:32 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Group Policy Does anyone have a Group Policy Spreadsheet ? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Groups and OU's
I will have a single forest, single domain . Less than 1,000 users. I want it simple. If I don't create an OU for the groups will I have to include groups into another ou? I will have one person administer groups. -Original Message- From: Jimmy Andersson [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 4:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Groups and OU's Yes, you could have an OU for groups if you want. But the pros and cons all depend on the way you want to administrate your AD. Can you give a bit more info on your environment? Regards, /Jimmy - Jimmy Andersson, Q Advice AB CEO Principal Advisor Microsoft MVP - Active Directory -- www.qadvice.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Friday, August 08, 2003 10:20 PM To: [EMAIL PROTECTED] Is it advisible to have an OU for Groups? What are the pros and cons? I want a very simple and basic OU structure. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] DNS and Active Directory
I am considering setting up an Active Directory namespace that does not mirror my DNS namespace and I would like to make sure it can be done and the downside to doing it this way.
[ActiveDir] Network Monitoring Tool
My company is in the process of evaluating SolarWinds to monitor our network. Have any of you used this tool? If so, can you provide feedback? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD/Exchange Question
I know only one Exchange Organization per forest, but someone mentioned to me that if you have a forest structure with trees instead of child domains you have to have an Exchange Organization for each one because of the namespace issue. I don't believe that sounds correct, but I am not an Exchange expert.(Exchange 2003) -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 12:30 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD/Exchange Question You can have only one Ex2000 organization per forest. Or are you talking about Exchange 5.5? Kevin -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 9:35 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD/Exchange Question My company is getting ready to migrate to Windows 2003 Active Directory from NT 4.0. Our design is to have separate trees in the enterprise forest. Do we have to have separate Exchange Organizations or is there a work around to still have one? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] w2k replication
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B232690 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Thursday, May 29, 2003 3:57 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] w2k replicationCan you set the time for password replication in ad with windows 2000? The problem I have is that when I change a password it can take up to an hour to replicate the change. Thanks Ryan
RE: [ActiveDir] Setting up a secondary DNS Server
Check out this article in MCP Magazine this month. You may find it helpful. http://mcpmag.com/Features/article.asp?EditorialsID=273 -Original Message- From: Oluwaseyi Owoeye [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 05, 2002 3:51 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Setting up a secondary DNS Server Hi guys, I want to set up a secondary DNS Server on windows 2000. We have a primary DNS server that is running on Unix. This machine is public and receives regular updates of new DNS entries, but is far away from us and is managed by our sister company. Now I want the Unix box to replicate all its changes to the DNS server that I want to set up. How do I go about setting this up, and help would be highly appreciated. Thanks Seyi List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Program for blocking of websites
I would just enable Content Advisor in Internet Explorer. (Tools. Internet Options click on the Content tab) You have to be a local admin to do this. You can't block just one site, but it sounds like they want to block the porn sites and other objectionable sites. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 2:59 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Program for blocking of websites Actually they want to block one of their children from using the internet. _Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Christopher Hummert Sent: Monday, April 29, 2002 11:54 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Program for blocking of websites Well I just had a user ask if I could do this on their home computer. They have windows XP pro. Any idea on how to do it on there? -Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Morgan, Joshua Sent: Monday, April 29, 2002 11:51 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Program for blocking of websites Well there are a few ways... Proxy or IAS Or a third party program like WebSense Joshua Morgan PH: (864) 250-1350 Ext 133 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 2:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Program for blocking of websites I need to block certain websites from a few of my users computers. Could someone give me suggestions on how to do this? Thanks Chris Hummert Network Administrator - Albany Agency of Insurance Webmaster for Noghri.net http://www.noghri.net MS Beta tester ID #: 388366 Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contacts us. - from Calvin and Hobbes List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: VERY OT Re: [ActiveDir] Program for blocking of websites
To be honest, I use Content Advisor to keep hubby off the Porn sites, not my kids. They are in college. -Original Message- From: Hutchins, Mike [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 4:39 PM To: '[EMAIL PROTECTED]' Subject: RE: VERY OT Re: [ActiveDir] Program for blocking of websites I think the nail has been severely smacked on the top of the head on that one. I don't think it could have been more eloquent.. -Original Message- From: Nah Idee [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 2:37 PM To: [EMAIL PROTECTED] Subject: VERY OT Re: [ActiveDir] Program for blocking of websites There is nothing that will do what the parents ultimately want, complete porn screening. So they have 2 choices. Put in a network and run vnc server on the lad's PC and watch where he goes on another PC or here's a wild one, act like parents and exert parental control over internet access, rather than treat it as a substitute parent or substitute friends. Hell that one's free. Gee, how much do I have to pay to relinquish my duties as a parent, because if I can defer the child's needs for now, I can get the state (prisons, hospitals) to fulfill his needs later, woo hoo. Why did I have children again ? - Original Message - From: Christopher Hummert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 29, 2002 4:23 PM Subject: RE: [ActiveDir] Program for blocking of websites Yea after talking to them they caught their kid looking at porn and they want to block all porn sites from themI think cybersitter will be what I'm going to use for them. Thanks to everyone that helped and if anyone has any other comments I would love to hear them -Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ellis, Debbie Sent: Monday, April 29, 2002 12:43 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Program for blocking of websites I would just enable Content Advisor in Internet Explorer. (Tools. Internet Options click on the Content tab) You have to be a local admin to do this. You can't block just one site, but it sounds like they want to block the porn sites and other objectionable sites. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 2:59 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Program for blocking of websites Actually they want to block one of their children from using the internet. _Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Christopher Hummert Sent: Monday, April 29, 2002 11:54 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Program for blocking of websites Well I just had a user ask if I could do this on their home computer. They have windows XP pro. Any idea on how to do it on there? -Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Morgan, Joshua Sent: Monday, April 29, 2002 11:51 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Program for blocking of websites Well there are a few ways... Proxy or IAS Or a third party program like WebSense Joshua Morgan PH: (864) 250-1350 Ext 133 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 2:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Program for blocking of websites I need to block certain websites from a few of my users computers. Could someone give me suggestions on how to do this? Thanks Chris Hummert Network Administrator - Albany Agency of Insurance Webmaster for Noghri.net http://www.noghri.net MS Beta tester ID #: 388366 Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contacts us. - from Calvin and Hobbes List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir
RE: [ActiveDir] Event ID NET www.eventid.net
I was unable to reach the site at first. I was able to ping and noticed some spikes in response times. I just tried again and was able to reach. I am in Atlanta, Georgia, USA -Original Message- From: SALANDRA, JUSTIN [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 17, 2002 10:52 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Event ID NET www.eventid.net I am not sure, I just tried it and can't get to it. Can anyone get to it? -Original Message- From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 17, 2002 10:47 AM To: '[EMAIL PROTECTED]' Subject:[ActiveDir] Event ID NET www.eventid.net Does anyone know what happened to this jewel of a site? Todd List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Administration Tools Suvey
Title: Message I like DRA (Directory and Resource Administrator) from NetIQ Advanced delegation and reporting http://www.netiq.com/products/dra/default.asp -Original Message- From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]] Sent: Monday, April 08, 2002 9:03 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] AD Administration Tools Suvey Our group is in the process of evaluating some 3rd party tools to assist in delegation and administration of our Active Directory technology. We are evaluating the products based on 6 key areas. 1. Role / Trustee delegation 2. Control View of resources 3. Data Validation Rule Sets 4. Group Policy Management 5. Reporting 6. Web based administration We are also evaluating Native Delegation vs Proxy based Delegation. What I am fishing for from this community is some experiences and possibly some recommendations from this group on some of the Admin consoles you folks use. Thanks Todd
RE: [ActiveDir] Introductions...
Thanks for your input. I should have put modify instead of change. I was trying to encompass everything. This is why I did not put all changes: Many schema modifications cannot be reversed, so you must make sure that changes are planned and well thought out before they are implemented. Planning for schema modification involves examining the default schema that comes with Active Directory to verify that there is no way to use the existing classes or attributes for your needs. It is then necessary to understand the types of modifications that can be made and, conversely, that cannot be changed url: http://www.microsoft.com/WINDOWS2000/techinfo/reskit/en/Distrib/dsbe_ext_axg c.htm -Original Message- From: Rachui, Scott [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 2:13 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... This is a good list. The only modification I'd make to it is that ALL schema changes are permanent. There is currently no way to remove anything from the Schema. In future versions, yes. But not at present. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 1:15 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... -Original Message- From: Strand, Ted [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 1:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... Here are the points we used Had to copy to this e mail Was in PowerPoint format. This is for using separate forests (User accounts in one forest, resources in separate forests) There may be some things that have been left out. Pros Public Key Infrastructure Auto enrollment Single source for certificates Essential in secure e-commerce transactions between businesses Certificate Revocation List (CRL) Lower cost to support and maintain a single forest Case Studies and Gartner Report Indicate averages of 17% reduction in TCO $300-$600 per desktop savings in administration costs per year Common Schema Definition and extensibility of object classes are maintained centrally by committee Reduces risk of catastrophic failure, since group administrative membership for modifying the schema is smaller (some schema changes are permanent) Management of objects within an OU are easier to maintain and administer in a single forest Business Unit Administrators still maintain control of resources Common userid with permissions to multiple objects Supports single sign on from anywhere in the forest Easier search capabilities in AD Promotes single, one company view of the enterprise Increased collaboration thru a common global catalog Lower costs of performing audits to validate that separate forests are following corporate policies Less complex and more efficient use of bandwidth for replication and synchronization across the enterprise Allows common visible distribution lists, meeting requests, calendaring, instant messaging, presence notification, and a shared community of user throughout the forest Easier to find users and resources throughout the organization in a single forest (The AD Structure is transparent to user) Information and processes are consolidated Terminal Server management tools only recognize one forest Lower admin costs Distribution of administration is easier to delegate OU's are the new units of administration Local and centralized Cons Separate Exchange Organizations Increased network traffic Complicated Logons Users have to log on using UPN Logon time increased by 30 - 40 % TCO is higher More Labor Higher Maintenance Increased machine (server) needs Introduces complexity Synchronization of objects between forests isn't (natively) supported Requires very expensive Metadirectory services from Microsoft or 3rd party Vendor ( Can cost over one million dollars) Increased points of failure Duplication of efforts across the organization Multiple Schemas to maintain Duplication of Backup and Recovery processes Multiple DNS designs Complex navigation (Users will have to navigate AD Structure) Promotes separate company views of the enterprise Only NT4 style non-transitive trust are supported between forests Higher cost of managing the trusts (manual setup) Higher propensity for failure (due to human error - manual setup) Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 9:57 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... K Can you forward a copy of the pro's/con's list that you presented? We are about to embark on the same battle. Any information (documentation) that anyone has would be very beneficial. -Ted Strand- Tech Data Corporation - Cheers, Paul List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir
RE: [ActiveDir] Introductions...
-Original Message- From: Strand, Ted [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 1:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... Here are the points we used Had to copy to this e mail Was in PowerPoint format. This is for using separate forests (User accounts in one forest, resources in separate forests) There may be some things that have been left out. Pros Public Key Infrastructure Auto enrollment Single source for certificates Essential in secure e-commerce transactions between businesses Certificate Revocation List (CRL) Lower cost to support and maintain a single forest Case Studies and Gartner Report Indicate averages of 17% reduction in TCO $300-$600 per desktop savings in administration costs per year Common Schema Definition and extensibility of object classes are maintained centrally by committee Reduces risk of catastrophic failure, since group administrative membership for modifying the schema is smaller (some schema changes are permanent) Management of objects within an OU are easier to maintain and administer in a single forest Business Unit Administrators still maintain control of resources Common userid with permissions to multiple objects Supports single sign on from anywhere in the forest Easier search capabilities in AD Promotes single, one company view of the enterprise Increased collaboration thru a common global catalog Lower costs of performing audits to validate that separate forests are following corporate policies Less complex and more efficient use of bandwidth for replication and synchronization across the enterprise Allows common visible distribution lists, meeting requests, calendaring, instant messaging, presence notification, and a shared community of user throughout the forest Easier to find users and resources throughout the organization in a single forest (The AD Structure is transparent to user) Information and processes are consolidated Terminal Server management tools only recognize one forest Lower admin costs Distribution of administration is easier to delegate OU's are the new units of administration Local and centralized Cons Separate Exchange Organizations Increased network traffic Complicated Logons Users have to log on using UPN Logon time increased by 30 - 40 % TCO is higher More Labor Higher Maintenance Increased machine (server) needs Introduces complexity Synchronization of objects between forests isn't (natively) supported Requires very expensive Metadirectory services from Microsoft or 3rd party Vendor ( Can cost over one million dollars) Increased points of failure Duplication of efforts across the organization Multiple Schemas to maintain Duplication of Backup and Recovery processes Multiple DNS designs Complex navigation (Users will have to navigate AD Structure) Promotes separate company views of the enterprise Only NT4 style non-transitive trust are supported between forests Higher cost of managing the trusts (manual setup) Higher propensity for failure (due to human error - manual setup) Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 9:57 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... K Can you forward a copy of the pro's/con's list that you presented? We are about to embark on the same battle. Any information (documentation) that anyone has would be very beneficial. -Ted Strand- Tech Data Corporation - Cheers, Paul List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Introductions...
I added Exchange in the Cons for companies using entirely separate forests (user accounts and resources in same forests-Each business unit creating their own forest.) -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 2:15 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... -Original Message- From: Strand, Ted [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 1:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... Here are the points we used Had to copy to this e mail Was in PowerPoint format. This is for using separate forests (User accounts in one forest, resources in separate forests) There may be some things that have been left out. Pros Public Key Infrastructure Auto enrollment Single source for certificates Essential in secure e-commerce transactions between businesses Certificate Revocation List (CRL) Lower cost to support and maintain a single forest Case Studies and Gartner Report Indicate averages of 17% reduction in TCO $300-$600 per desktop savings in administration costs per year Common Schema Definition and extensibility of object classes are maintained centrally by committee Reduces risk of catastrophic failure, since group administrative membership for modifying the schema is smaller (some schema changes are permanent) Management of objects within an OU are easier to maintain and administer in a single forest Business Unit Administrators still maintain control of resources Common userid with permissions to multiple objects Supports single sign on from anywhere in the forest Easier search capabilities in AD Promotes single, one company view of the enterprise Increased collaboration thru a common global catalog Lower costs of performing audits to validate that separate forests are following corporate policies Less complex and more efficient use of bandwidth for replication and synchronization across the enterprise Allows common visible distribution lists, meeting requests, calendaring, instant messaging, presence notification, and a shared community of user throughout the forest Easier to find users and resources throughout the organization in a single forest (The AD Structure is transparent to user) Information and processes are consolidated Terminal Server management tools only recognize one forest Lower admin costs Distribution of administration is easier to delegate OU's are the new units of administration Local and centralized Cons Separate Exchange Organizations Increased network traffic Complicated Logons Users have to log on using UPN Logon time increased by 30 - 40 % TCO is higher More Labor Higher Maintenance Increased machine (server) needs Introduces complexity Synchronization of objects between forests isn't (natively) supported Requires very expensive Metadirectory services from Microsoft or 3rd party Vendor ( Can cost over one million dollars) Increased points of failure Duplication of efforts across the organization Multiple Schemas to maintain Duplication of Backup and Recovery processes Multiple DNS designs Complex navigation (Users will have to navigate AD Structure) Promotes separate company views of the enterprise Only NT4 style non-transitive trust are supported between forests Higher cost of managing the trusts (manual setup) Higher propensity for failure (due to human error - manual setup) Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 9:57 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... K Can you forward a copy of the pro's/con's list that you presented? We are about to embark on the same battle. Any information (documentation) that anyone has would be very beneficial. -Ted Strand- Tech Data Corporation - Cheers, Paul List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Tool opinions
Looks like you included everything. I would like a copy when you are finished. -Original Message- From: Nah Idee [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:14 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD Tool opinions Hi, I recognize that MS Op Mgr (MOM) gives you good info about AD status, but it is not free. So I am writing a little VB freeware utility and was wondering if I could solicit some comments about what you might like to see (or not see) with respect to what I am proposing to include. Thanks Performance reports will look like a spreadsheet in html showing (each): Availability * A/D Server name * Availability (tested by doing a login) % avail Directory Database * A/D Server name * Cache % Hit * Table Open Cache % hit * Cache Size * Log Threads Waiting * Log Record Stalls/sec Client logins * A/D Server name * Time * # of logins NTDS * A/D Server name * DS Reads per second * DS Writes per second * Threads in use * Search Time (seconds) Replication * A/D Server name * DRA Inbound Bytes * DRA Outbound Bytes Authentication * A/D Server name * LDAP bind time * LDAP client sessions * LDAP sessions per second * NTLM Authentications per second List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Tool opinions
AD Check should do this. It is free. Here is the URL: http://www.netiq.com/adcheck/instantdiagnostictests.asp -Original Message- From: Joe Sargent [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Tool opinions Anyway you could report which server has the FSMO roles also or if the target server has any of the roles if it is one machine at a time? I would also like a copy Thanks, Joe Sargent -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:10 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Tool opinions Looks like you included everything. I would like a copy when you are finished. -Original Message- From: Nah Idee [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:14 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD Tool opinions Hi, I recognize that MS Op Mgr (MOM) gives you good info about AD status, but it is not free. So I am writing a little VB freeware utility and was wondering if I could solicit some comments about what you might like to see (or not see) with respect to what I am proposing to include. Thanks Performance reports will look like a spreadsheet in html showing (each): Availability * A/D Server name * Availability (tested by doing a login) % avail Directory Database * A/D Server name * Cache % Hit * Table Open Cache % hit * Cache Size * Log Threads Waiting * Log Record Stalls/sec Client logins * A/D Server name * Time * # of logins NTDS * A/D Server name * DS Reads per second * DS Writes per second * Threads in use * Search Time (seconds) Replication * A/D Server name * DRA Inbound Bytes * DRA Outbound Bytes Authentication * A/D Server name * LDAP bind time * LDAP client sessions * LDAP sessions per second * NTLM Authentications per second List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] How to use AD
http://www.microsoft.com/windows2000/techinfo/planning/security/casetupsteps .asp Step by step guide -Original Message- From: enrique cauich [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:25 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] How to use AD Hi. I start to use Active Directory, because I need to configure an enterprise CA in Windows 2000, but I have no idea how to configure it, I use the ldp.exe utility to explore the AD contents, but I can't get certificates, or store it. Any idea how I can configure it,and store information Regards Enrique Cauich _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Tool opinions
This was in reference to the fsmo roles of servers. See comment from Joe Sargent. -Original Message- From: David Abbishaw [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:58 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD Tool opinions I used this tool to try and diagnose a AD DC where all of the c: drives permissions had been changed to allow just one normal user access to the machine, applications like exchange which where installed on the machine failed to start and the netiq check tool didnt find a damn thing wrong!! Bloody useless! regards David. - Original Message - From: Ellis, Debbie To: '[EMAIL PROTECTED]' Sent: Tuesday, April 02, 2002 8:43 PM Subject: RE: [ActiveDir] AD Tool opinions AD Check should do this. It is free. Here is the URL: http://www.netiq.com/adcheck/instantdiagnostictests.asp -Original Message- From: Joe Sargent [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Tool opinions Anyway you could report which server has the FSMO roles also or if the target server has any of the roles if it is one machine at a time? I would also like a copy Thanks, Joe Sargent -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:10 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Tool opinions Looks like you included everything. I would like a copy when you are finished. -Original Message- From: Nah Idee [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:14 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD Tool opinions Hi, I recognize that MS Op Mgr (MOM) gives you good info about AD status, but it is not free. So I am writing a little VB freeware utility and was wondering if I could solicit some comments about what you might like to see (or not see) with respect to what I am proposing to include. Thanks Performance reports will look like a spreadsheet in html showing (each): Availability * A/D Server name * Availability (tested by doing a login) % avail Directory Database * A/D Server name * Cache % Hit * Table Open Cache % hit * Cache Size * Log Threads Waiting * Log Record Stalls/sec Client logins * A/D Server name * Time * # of logins NTDS * A/D Server name * DS Reads per second * DS Writes per second * Threads in use * Search Time (seconds) Replication * A/D Server name * DRA Inbound Bytes * DRA Outbound Bytes Authentication * A/D Server name * LDAP bind time * LDAP client sessions * LDAP sessions per second * NTLM Authentications per second List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Workstation migration
This is for you migration veterans. We are about to embark of moving 1000 workstations from our old NT Resource domain into a pristine forest. There are 4 OU's the computer accounts need to be moved to . These will all be W2K Professional using Sysprep. My understanding is these computer accounts will join our domain and will be automatically added to the default computers OU created when AD was installed. I am looking for the cleanest and most efficient way to move these workstations to the correct OU's. Any tips from you veterans?
RE: [ActiveDir] Workstation migration
I know about these two. I was hoping someone knew an easier way or method, if not I will have to pre-create the accounts in the correct OU . Thanks for your input. -Original Message- From: Parker, Edward [mailto:[EMAIL PROTECTED]] Sent: Friday, March 29, 2002 9:50 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Workstation migration Within Users and Computersyou can drag and drop them into the correct OU. Or You could pre-create the computer accounts in the correct OU, and when the computers join, they are already there. This requires all PC names to be known upfront. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Friday, March 29, 2002 8:28 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Workstation migration This is for you migration veterans. We are about to embark of moving 1000 workstations from our old NT Resource domain into a pristine forest. There are 4 OU's the computer accounts need to be moved to . These will all be W2K Professional using Sysprep. My understanding is these computer accounts will join our domain and will be automatically added to the default computers OU created when AD was installed. I am looking for the cleanest and most efficient way to move these workstations to the correct OU's. Any tips from you veterans?
RE: [ActiveDir] Workstation migration
Title: Message Thanks I knew there had to be a better way. I had looked at Sysprep documentation, but did not see this -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, March 29, 2002 10:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Workstation migration Q226315 -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: 29 March 2002 15:45 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Workstation migration I know about these two. I was hoping someone knew an easier way or method, if not I will have to pre-create the accounts in the correct OU . Thanks for your input. -Original Message- From: Parker, Edward [mailto:[EMAIL PROTECTED]] Sent: Friday, March 29, 2002 9:50 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Workstation migration Within Users and Computersyou can drag and drop them into the correct OU. Or You could pre-create the computer accounts in the correct OU, and when the computers join, they are already there. This requires all PC names to be known upfront. -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Friday, March 29, 2002 8:28 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Workstation migration This is for you migration veterans. We are about to embark of moving 1000 workstations from our old NT Resource domain into a pristine forest. There are 4 OU's the computer accounts need to be moved to . These will all be W2K Professional using Sysprep. My understanding is these computer accounts will join our domain and will be automatically added to the default computers OU created when AD was installed. I am looking for the cleanest and most efficient way to move these workstations to the correct OU's. Any tips from you veterans? - ATTENTION: No legal consequences can be derived from the content of this e-mail and/or its attachments. Neither is sender committed to these. The content of this e-mail is exclusively intended for addressee(s) and information purposes. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Sender accepts no liability for any damage resulting from the use and/or acceptation of the content of this e-mail. Always scan attachments for viruses before opening them. -
RE: [ActiveDir] Group Policy Object and registry keys
This link may help. Part of Windows 2000 Resource Kit drill down to Windows 2000 Group Policy Reference/Group policy regsitry table Hope it helps! http://www.microsoft.com/windows2000/techinfo/reskit/en/default.asp -Original Message- From: Abbiss, Mark [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 9:32 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Group Policy Object and registry keys How can I locate the registry key that corresponds to any setting I have changed via the Group Policy MMC ? For example, if I use the GPO MMC to set the value of Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Option - Network Security: Force logoff when logon hours expire to ENABLED, how do I find the corresponding modified registry key ? Many thanks, Mark List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Win2k and Roaming Profiles
It works good in my environment -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 1:52 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Win2k and Roaming Profiles Thank you for your reply, I have read most of the white papers and TechNet Articles, but I was looking for more real world experiences Joshua Morgan PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 1:46 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Win2k and Roaming Profiles Check out Intellimirror -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 1:45 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: [ActiveDir] Win2k and Roaming Profiles I'm looking at implementing some Roaming Profiles with Win2k Pro and AD Does anyone have any recommendations on doing this? Joshua Morgan PROFITLAB Network Engineer PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] One is glad to be of service --Robin Williams (Bicentennial Man)-- List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] My Computer Icon
Are you trying to find a way to do this by using scripting or manually with the correct pc name? -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 3:22 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: [ActiveDir] My Computer Icon I know that you can set the registry entry manually to change the Name of My Computer to My Computer %computername% The process I have for this is a bit cumbersome reference this Article: http://www.techrepublic.com/article.jhtml?id=r00320010611det02.htmsrc=searc h Does anyone have any easier way to do it? Joshua Morgan PROFITLAB Network Engineer [EMAIL PROTECTED] One is glad to be of service --Robin Williams (Bicentennial Man)-- List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] My Computer Icon
I don't know if this is what you are after or not, but when my field support personnel set up a pc for a user, I have them just rename (with a Right Click) the My Computer Icon to My Computer-correct pc name .I prefer to keep it simple. -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 3:22 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: [ActiveDir] My Computer Icon I know that you can set the registry entry manually to change the Name of My Computer to My Computer %computername% The process I have for this is a bit cumbersome reference this Article: http://www.techrepublic.com/article.jhtml?id=r00320010611det02.htmsrc=searc h Does anyone have any easier way to do it? Joshua Morgan PROFITLAB Network Engineer [EMAIL PROTECTED] One is glad to be of service --Robin Williams (Bicentennial Man)-- List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] My Computer Icon
Don't believe it would, but in our environment, each pc is assigned to only one user. There has got to be an easier way. -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 3:52 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] My Computer Icon But if you do that does that name stay constant for all users? Joshua Morgan PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 3:48 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] My Computer Icon I don't know if this is what you are after or not, but when my field support personnel set up a pc for a user, I have them just rename (with a Right Click) the My Computer Icon to My Computer-correct pc name .I prefer to keep it simple. -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 3:22 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: [ActiveDir] My Computer Icon I know that you can set the registry entry manually to change the Name of My Computer to My Computer %computername% The process I have for this is a bit cumbersome reference this Article: http://www.techrepublic.com/article.jhtml?id=r00320010611det02.htmsrc=searc h Does anyone have any easier way to do it? Joshua Morgan PROFITLAB Network Engineer [EMAIL PROTECTED] One is glad to be of service --Robin Williams (Bicentennial Man)-- List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] My Computer Icon
http://www.onecomputerguy.com/tips.htm Check this site out. -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 3:52 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] My Computer Icon But if you do that does that name stay constant for all users? Joshua Morgan PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 3:48 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] My Computer Icon I don't know if this is what you are after or not, but when my field support personnel set up a pc for a user, I have them just rename (with a Right Click) the My Computer Icon to My Computer-correct pc name .I prefer to keep it simple. -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 3:22 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: [ActiveDir] My Computer Icon I know that you can set the registry entry manually to change the Name of My Computer to My Computer %computername% The process I have for this is a bit cumbersome reference this Article: http://www.techrepublic.com/article.jhtml?id=r00320010611det02.htmsrc=searc h Does anyone have any easier way to do it? Joshua Morgan PROFITLAB Network Engineer [EMAIL PROTECTED] One is glad to be of service --Robin Williams (Bicentennial Man)-- List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] My Computer Icon
http://www.onecomputerguy.com/tips.htm Check this site out. I found the answer at this site. Open up Regedit and do a find on 20D04FE0-3AEA-1069-A2D8-08002B30309D Once you find the key, double click in the right pane on localized string , change My computer at the end of the string ( @C:\WINNT\system32\shell32.dll,-9216@1033,My Computer) to the name you wish. I have tried it and every user that logs on will see this name . -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 3:52 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] My Computer Icon But if you do that does that name stay constant for all users? Joshua Morgan PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 3:48 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] My Computer Icon I don't know if this is what you are after or not, but when my field support personnel set up a pc for a user, I have them just rename (with a Right Click) the My Computer Icon to My Computer-correct pc name .I prefer to keep it simple. -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 3:22 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: [ActiveDir] My Computer Icon I know that you can set the registry entry manually to change the Name of My Computer to My Computer %computername% The process I have for this is a bit cumbersome reference this Article: http://www.techrepublic.com/article.jhtml?id=r00320010611det02.htmsrc=searc h Does anyone have any easier way to do it? Joshua Morgan PROFITLAB Network Engineer [EMAIL PROTECTED] One is glad to be of service --Robin Williams (Bicentennial Man)-- List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/