Re: [ActiveDir] IIS Question

2002-07-18 Thread Eric Yeoh 

Hi,

So aslong the printer isinstalledandsharedon a Win2k Server with 
IISrunning you should be able manage it with 
http:///printers

ERIC

- Original Message -
From: "Salandra, Justin A." <[EMAIL PROTECTED]>
Date: Thursday, July 18, 2002 2:58 am
Subject: [ActiveDir] IIS Question

> How do you turn on printer management through IIS?  I know there 
> is a way to
> enable management of printers through the web, but I forgot how to 
> enablethis, any help would be appreciated.
> 
> Justin A. Salandra, MCSE
> Senior Network Engineer
> Catholic Healthcare System
> 914.681.8117 office
> 646.483.3325 cell
> [EMAIL PROTECTED]  
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.co
> 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Error in Event Log

2002-06-30 Thread Eric Yeoh 

Try rebooting your XP box.it couldn't find the GPO..


worked for me!!!

ERIC


- Original Message -
From: "Morgan, Joshua" <[EMAIL PROTECTED]>
Date: Friday, June 28, 2002 9:26 pm
Subject: [ActiveDir] Error in Event Log

> Has anyone seen these errors?
> I recently rebooted one of my DC'S and now I'm seeing this on my 
> Windows XP
> machines.
> 
> 
> Windows cannot access the file gpt.ini for GPO
> CN={31B2F340-016D-11D2-945F-
> 00C04FB984F9},CN=Policies,CN=System,DC=ENTERPRISE,DC=PROFIT-
> LAB,DC=net. The file must be present at the location
> <\\ENTERPRISE.PROFIT-LAB.net\sysvol\ENTERPRISE.PROFIT-
> LAB.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. 
> (Access is denied. ). Group
> Policy processing aborted. 
> 
> 
> 
> 
> 
> Joshua Morgan
> PROFITLAB
> Senior Network Engineer
> PH: (864) 250-1350 Ext 133
> Fax: (413) 581-4936
> [EMAIL PROTECTED]
> http://www.profit-lab.com
> http://ncontrol.info
> 
> The greatest glory is not in never failing, but in rising up every 
> time we
> fall.
> -- Confucius 
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.co
> 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] W2K DNS and old records

2002-06-28 Thread Eric Yeoh 

I faced the same problem and did it the old fashioned way...manually 
deleting and modifying 'ems.


ERIC

- Original Message -
From: Lev_Zden=ECk <[EMAIL PROTECTED]>
Date: Thursday, June 27, 2002 6:58 pm
Subject: [ActiveDir] W2K DNS and old records

> Hello I have problem with my DNS
> I have W2K dns with active directory integrated zones. Secure 
> updates only
> are allowed. My DHCP server dinamically updated DNS records of my W2K
> clients. Clients W2K boxes were installed by RIS server and 
> renamed to
> correct name after susscesful installation. In my DNS were created 
> A and PTR
> records twice to the same ip address. And old records are not 
> cleaned . I
> tried start scavenge stale records from mmc console as well as 
> from dnscmd
> without success.
> Do you have some advice for me ?
> THX
> Zdenek
> 
> 
> 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Active Directory Limitations - max 5000 users pergroup?

2002-06-04 Thread Eric Yeoh 
Title: Message




Hi David,
 
Thanks for the info, alas, it seems that MS still 
has a VERY long way to go before thay can live up to what they have promised...a 
scalable DS.
 
Why with all the hooha with DNs sizes, ya think 
the most administrators/users gonna be able to determine the sizes and 
stuff? Just get the damn thing to work is tough already.
 
ERIC  

  - Original Message - 
  From: 
  David 
  Stacer 
  To: [EMAIL PROTECTED] 
  
  Sent: Wednesday, June 05, 2002 
08:09
  Subject: RE: [ActiveDir] Active Directory 
  Limitations - max 5000 users pergroup?
  
  We 
  spent some MS Support $$ to research this question. What is widely known as 
  fact is really wrong. 
   
  This 
  is what we were told:
   
  The 
  limit might be somewhere around 5000 but it depends on the size of 
  Distinguished Names that are the members of the group. If you look at the 
  syntax for the "member" attribute of a group, it stores the distinguished 
  names of the users in the group. It doesn't store the SID. You can verify 
  this by using ADSIEDIT.msc and look for yourself. The DN's can be of variable 
  sizes depending on where you place your usersid's in AD.
   
  The 
  limitation is really in the replication code, it replicates the entire 
  attribute and it has a limit to the size of attribute that it can replicate. 
  If you have short DN's you can fit a lot more in the member attribute before 
  it doesn't work.
   
  I 
  tested this and had over 10,000 users in a group and it still replicated ok. 
  The final thing we were told is there is no easy way detect when its too 
  big.
   
  I 
  agree with a earlier message, use nested groups instead of one large 
  group.
  

-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]] On Behalf Of 
[EMAIL PROTECTED]Sent: Tuesday, June 04, 2002 4:44 
PMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] Active Directory Limitations - max 5000 users 
pergroup?
Did a google search...came up with the following:
 
When you 
change a user-account attribute under NT 4.0, NT replicates the user's 
entire record; AD replicates only the changed attribute. However, AD stores 
a group's membership as one attribute. The list of a group's users and 
machines (yes, groups can contain machine accounts in AD) resides in that 
attribute. The catch is that attributes have a maximum size in the AD 
database, and AD doesn't have room for more than 5000 SIDs in a group's 
membership attribute. (This gotcha doesn't limit the built-in Domain Users 
group, however, which apparently doesn't suffer from the 5000-member 
cap.)
 
http://www.winnetmag.com/Articles/Index.cfm?ArticleID=9672
 
http://216.239.35.100/search?q=cache:VSJxhzEJpTgC:www.securetips.com/subject/faqs/2kfaq.asp+Global+Group+Size+Limit+Active+Directory+5000&hl=en&ie=UTF8
 
An 
interesting read, anyone else have any more information?
 
Regards,
 
Benton Chase Wink - 
Benton Chase Wink, CCNA 
MCSEMcCombs 
School of 
Business 
LAN Administrator, 
Network Team 
512-471-9938 
512-619-9016
 

  -Original Message-[Benton Wink 
  {winkb}]  From: Hutchins, Mike 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, June 04, 2002 
  3:30 PMTo: '[EMAIL PROTECTED]'Subject: 
  RE: [ActiveDir] Active Directory Limitations - max 5000 users 
  pergroup?
  A global group is a global group, is a global group, is a global 
  group..
   
  But if your script enumerated the groups within the group to find 
  nested members, then that would be reasonable to find 
  10,000
  
  -Original Message-From: T Bowman 
  [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 04, 2002 2:26 
  PMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Active Directory Limitations - max 5000 users per 
  group?
  After my last response... I hesitate, but...
  If I'm not mistaken, I read somewhere that the Domain Users group 
  (at least I *think* it
  was that one) isn't actually a group in the strictest sense of the 
  word.
   
  Correct away... (crossing my fingers ;)
  T.
  ---Tony Bowman, MCSE, MCSA, 
  CCNAHarvest, AL[EMAIL PROTECTED] 
  
-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]]On Behalf Of Parker, 
EdwardSent: Tuesday, June 04, 2002 3:18 PMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Active 
Directory Limitations - max 5000 users per group?

Does this apply 
to the "Domain Users" group ?!?
 
I ran a script 
against our Domain and returned over 10,000 users that are a member of 
"Domain Users"
 
-Original 
Message-From

Re: [ActiveDir] Active Directory Limitations - max 5000 users per group?

2002-06-04 Thread Eric Yeoh 
Title: Message



Hi,
 
I do agree that in most cases, no one will be 
insane enuff to put 5000 users in one group, the thing is why can't 
we?
 
After all, we bought the s/ware so why can't we use 
it the way we want it?
 
ERIC

  - Original Message - 
  From: 
  Hutchins, 
  Mike 
  To: '[EMAIL PROTECTED]' 
  
  Sent: Wednesday, June 05, 2002 
03:46
  Subject: RE: [ActiveDir] Active Directory 
  Limitations - max 5000 users per group?
  
  The 
  5000 user limit is not a 5000 "user" limit, it is a 5000 
  Direct member limit. I don't think anyone in their right mind 
  would have 5000 users in one group. I would suggest nesting them to make them 
  more manageable anyways.
   
  FYI, 
  .NET removes this limitation for the nutty people.
  
  -Original Message-From: AMAN, ALICE L. 
  (JSC-GT4) (NASA) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 
  June 04, 2002 1:34 PMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Active 
  Directory Limitations - max 5000 users per group?
  Someone on slashdot.org (pro-linux site) indicated real-world problems 
  with AD
  including:
   
  "Groups aren't scalable, supporting 
  max 5000 users."
   
  I want to recommend that we keep our people directory 
  flat but if groups have a maximum of
  5000 users, this will be an obstacle. Would anyone 
  care to comment?
   
   
  -Original Message-From: Gil Kirkpatrick 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, June 04, 2002 11:49 
  AMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] Active Directory Limitations
  Eoin,
   
  Actually the size of the directory itself doesn't really affect 
  replication traffic (except when you bring up a new domain controller). Its 
  the amount of data that is changed, and how frequently it is changed, that 
  drives the replication traffic.
   
  -gil
  

-Original Message-From: T Bowman 
[mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 04, 2002 9:04 
AMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] Active Directory Limitations
Eoin,
  I do not believe there is a hard limit.  I do know it is 
capable of handling millions of objects.
However, keep in mind that the size will affect replication and thus 
your network.
 
T.
---Tony 
Bowman, MCSE, MCSA, CCNAHarvest, AL[EMAIL PROTECTED] 


  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On Behalf Of Eoin 
  MooneySent: Tuesday, June 04, 2002 10:48 AMTo: 
  '[EMAIL PROTECTED]'Subject: [ActiveDir] Active 
  Directory Limitations
  Hi all, 
  I know this is probably a very general question , but is 
  there a limit with relation to active directory size. Number of folders created , data stored ,etc,etc 
  Regards 
  Eoin

Re: [ActiveDir] Active Directory Limitations - max 5000 users per group?

2002-06-04 Thread Eric Yeoh 
Title: Message



Yes...this also is bothersomesince MS is 
so keen on saying win2k is scalable
 
ERIC 

  - Original Message - 
  From: 
  AMAN, ALICE L. (JSC-GT4) (NASA) 
  
  To: '[EMAIL PROTECTED]' 
  
  Sent: Wednesday, June 05, 2002 
03:34
  Subject: RE: [ActiveDir] Active Directory 
  Limitations - max 5000 users per group?
  
  Someone on slashdot.org (pro-linux site) indicated real-world problems 
  with AD
  including:
   
  "Groups aren't scalable, supporting 
  max 5000 users."
   
  I want to recommend that we keep our people directory 
  flat but if groups have a maximum of
  5000 users, this will be an obstacle. Would anyone 
  care to comment?
   
   
  -Original Message-From: Gil Kirkpatrick 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, June 04, 2002 11:49 
  AMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] Active Directory Limitations
  Eoin,
   
  Actually the size of the directory itself doesn't really affect 
  replication traffic (except when you bring up a new domain controller). Its 
  the amount of data that is changed, and how frequently it is changed, that 
  drives the replication traffic.
   
  -gil
  

-Original Message-From: T Bowman 
[mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 04, 2002 9:04 
AMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] Active Directory Limitations
Eoin,
  I do not believe there is a hard limit.  I do know it is 
capable of handling millions of objects.
However, keep in mind that the size will affect replication and thus 
your network.
 
T.
---Tony 
Bowman, MCSE, MCSA, CCNAHarvest, AL[EMAIL PROTECTED] 


  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On Behalf Of Eoin 
  MooneySent: Tuesday, June 04, 2002 10:48 AMTo: 
  '[EMAIL PROTECTED]'Subject: [ActiveDir] Active 
  Directory Limitations
  Hi all, 
  I know this is probably a very general question , but is 
  there a limit with relation to active directory size. Number of folders created , data stored ,etc,etc 
  Regards 
  Eoin

Re: [ActiveDir] Sort of OT: DMZ

2002-06-03 Thread Eric Yeoh 
Title: RE: [ActiveDir] Sort of OT: DMZ



If you have a small organisationit's okay but 
it is always a good idea to separate DNS from mail servers.
 
ERIC

  - Original Message - 
  From: 
  Sahib, Abdul A 
  
  To: '[EMAIL PROTECTED]' 
  
  Sent: Monday, June 03, 2002 21:48
  Subject: RE: [ActiveDir] Sort of OT: 
  DMZ
  
  Apart from security issues I don't see any other 
  problems. 
  -Original Message- From: 
  Morgan, Joshua [mailto:[EMAIL PROTECTED]] 
  Sent: 03 June, 2002 15:18 PM To: '[EMAIL PROTECTED]' 
  Subject: [ActiveDir] Sort of OT: DMZ 
  I have an Exchange Box in my DMZ running SMTP and OWA Is 
  there any known problems with Hosting DNS on it 
  ? 
  Joshua Morgan PROFITLAB 
  Senior Network Engineer PH: (864) 
  250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info 
  The greatest glory is not in never failing, but in rising up 
  every time we fall. -- 
  Confucius 
  List info   : http://www.activedir.org/mail_list.htm List FAQ    : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 
  
  
  
  __
  Disclaimer and 
  confidentiality note
  Everything in this e-mail 
  and any attachments relating to the official business of the Standard Bank Group  is 
  proprietary to the company. It is confidential, legally privileged and 
  protected by law. Stanbic 
  does not own and endorse any other content. 
  Views and opinions are those of the sender unless clearly stated as being that 
  of Stanbic. 
  The person addressed in the 
  e-mail is the sole authorised recipient. Please notify the sender immediately 
  if it has unintentionally reached you and do not read, disclose or use the 
  content in any way.
  
  Standard Bank can not assure that the integrity of this 
  communication has been maintained nor that it is free of errors, virus, 
  interception or interference.
   ___

[ActiveDir] Win2kDNS

2002-06-03 Thread Eric Yeoh 



Hi,
 
I have 1 DC (Server01) in my domain and another 
Win2k Server (a member-server, Server02) in a single domain forest with about 30 
Win2k Pro clients. 
 
The DC, Server02,  is running at Std Primary 
Zone and Server02 is running the Std secondary. Reverse lookups are 
configured as per the type of Zone on each Server.
 
My Question is, on the why can't I view all host 
records on Server02's Forward Lookup Zone? I can only see a handful 
(SOA, etc but not all CNAME's and A's)?
 
The books seem to be quiet on this.
 
Any help will do.
 
Thanks
ERIC  

[ActiveDir] IE6 Browser

2002-05-26 Thread Eric Yeoh 



Hi,
 
I just upgraded my my win2k Server's IE 5.5 to 
IE6 and I have this problem where Iwheneever I try to view any of the Win2k 
Resource Kit's Online Books I am told that my browser is an old version and told 
to upgrade.
 
 
Same problem with my Win2k Pro clients trying to 
read the Support Tool's documentation.
 
Any ideas?
 
 
ERIC
 

Re: [ActiveDir] OT: MS Exchange 2000

2002-05-04 Thread Eric Yeoh 

Agreed 

ERIC

- Original Message - 
From: "Rick Kingslan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, May 05, 2002 2:08 AM
Subject: RE: [ActiveDir] OT: MS Exchange 2000


> Eric,
> 
> In all fairness to MS, some of us (about 20 at last count :-)  ) have a
> real need for the nuts and bolts detail that they put into the ResKits.
> 
> Me, I live for them.  But, I wouldn't recommend them to my students as
> their first line of defense, nor to my co-workers (now that I'm back in
> the trenches where all the FUN is!).
> 
> The ResKit have their place, and I appreciate MS making this information
> available.  My personal fav in ResKit is about 20 pounds and 7000 pages
> - the CD tools alone for W2K server are worth the price of admission!
> 
> Rick Kingslan - Microsoft MVP [Windows NT/2000]
>   Microsoft Certified Trainer
>   MCSA, MCSE+I - Windows NT / 2000
>   
> "Any sufficiently advanced technology
> is indistinguishable from magic."
>   ---  Arthur C. Clarke
> 
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED]] On Behalf Of Eric Yeoh
> > Sent: Saturday, May 04, 2002 1:04 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [ActiveDir] OT: MS Exchange 2000
> > 
> > 
> > Rick,
> > 
> > I do agree. The MS Resource Kits are good if you have some 
> > idea what the products the Kits are meant for (e.g. Resource 
> > Kit for Win2k Server). The MCSE study kits are no better either.
> > 
> > I tend to find the Resource Kits a little intidimating for 
> > newbies, heck sometimes most of us even have to read the damn 
> > documentations at least a couple of times.
> > 
> > Why does MS like to make things difficult for their customers 
> > is something I find hard to understand.
> > 
> > ERIC
> > 
> > - Original Message -
> > From: "Rick Kingslan" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Sunday, May 05, 2002 1:41 AM
> > Subject: RE: [ActiveDir] OT: MS Exchange 2000
> > 
> > 
> > > Martin,
> > >
> > > Would you recommend this over another general reference geared more 
> > > towards teaching the nuances?  IMHO, I've found the 
> > Resource Kits for 
> > > all MS products to be a great reference once you have the 
> > basics under 
> > > your belt.
> > >
> > > As a learning aid, don't they leave something to be desired, 
> > > especially in this case where it has already been conceded that the 
> > > requester is a newbie?
> > >
> > > Just interested in your opinion.  What am *I* missing?
> > >
> > > Thanks!
> > >
> > > Rick Kingslan - Microsoft MVP [Windows NT/2000]
> > >   Microsoft Certified Trainer
> > >   MCSA, MCSE+I - Windows NT / 2000
> > >
> > > "Any sufficiently advanced technology
> > > is indistinguishable from magic."
> > >   ---  Arthur C. Clarke
> > >
> > >
> > >
> > >
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED]] On Behalf Of 
> > Martin Tuip
> > > > Sent: Saturday, May 04, 2002 7:16 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: [ActiveDir] OT: MS Exchange 2000
> > > >
> > > >
> > > > I would then get the Exchange 2000 Resource kit (see
> > > > www.exchange-mail.org/books.html)
> > > >
> > > >
> > > > Martin
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED]] On Behalf Of T Bowman
> > > > Sent: Saturday, May 04, 2002 4:33 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: [ActiveDir] OT: MS Exchange 2000
> > > >
> > > >
> > > > Question:  I know vitually nothing about Exchange.
> > > > What is the best book (can't afford any more classes) to use to 
> > > > teach myself Exchange 2000?  The certification books? Mastering 
> > > > Exchange 2000?  I need something that starts from scratch.
> > > >
> > > > Thanks!
> > > > T.
> > > > ---
> > > > Tony Bowman, MCSE, MCSA, CCNA
> > > > Harvest, AL
> > > > [EMAIL PROTECTED]
> > > >
> > > > List info   : http://www.active

Re: [ActiveDir] OT: MS Exchange 2000

2002-05-04 Thread Eric Yeoh 

Rick,

I do agree. The MS Resource Kits are good if you have some idea what the
products the Kits are meant for (e.g. Resource Kit for Win2k Server). The
MCSE study kits are no better either.

I tend to find the Resource Kits a little intidimating for newbies, heck
sometimes most of us even have to read the damn documentations at least a
couple of times.

Why does MS like to make things difficult for their customers is something I
find hard to understand.

ERIC

- Original Message -
From: "Rick Kingslan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, May 05, 2002 1:41 AM
Subject: RE: [ActiveDir] OT: MS Exchange 2000


> Martin,
>
> Would you recommend this over another general reference geared more
> towards teaching the nuances?  IMHO, I've found the Resource Kits for
> all MS products to be a great reference once you have the basics under
> your belt.
>
> As a learning aid, don't they leave something to be desired, especially
> in this case where it has already been conceded that the requester is a
> newbie?
>
> Just interested in your opinion.  What am *I* missing?
>
> Thanks!
>
> Rick Kingslan - Microsoft MVP [Windows NT/2000]
>   Microsoft Certified Trainer
>   MCSA, MCSE+I - Windows NT / 2000
>
> "Any sufficiently advanced technology
> is indistinguishable from magic."
>   ---  Arthur C. Clarke
>
>
>
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip
> > Sent: Saturday, May 04, 2002 7:16 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [ActiveDir] OT: MS Exchange 2000
> >
> >
> > I would then get the Exchange 2000 Resource kit (see
> > www.exchange-mail.org/books.html)
> >
> >
> > Martin
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of T Bowman
> > Sent: Saturday, May 04, 2002 4:33 AM
> > To: [EMAIL PROTECTED]
> > Subject: [ActiveDir] OT: MS Exchange 2000
> >
> >
> > Question:  I know vitually nothing about Exchange.
> > What is the best book (can't afford any more classes) to use
> > to teach myself Exchange 2000?  The certification books?
> > Mastering Exchange 2000?  I need something that starts from scratch.
> >
> > Thanks!
> > T.
> > ---
> > Tony Bowman, MCSE, MCSA, CCNA
> > Harvest, AL
> > [EMAIL PROTECTED]
> >
> > List info   : http://www.activedir.org/mail_list.htm
> > List FAQ: http://www.activedir.org/list_faq.htm
> > List archive:
> > http://www.mail-archive.com/activedir%> 40mail.activedir.org/
> >
> >
> >
> > List info   :
> > http://www.activedir.org/mail_list.htm
> > List FAQ: http://www.activedir.org/list_faq.htm
> > List archive:
> > http://www.mail-archive.com/activedir%> 40mail.activedir.org/
> >
>
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] OT: MS Exchange 2000

2002-05-04 Thread Eric Yeoh 

Try this book,

Exchange 2000 Server Administration: A Beginner's Guide 
by English & Cavalancia
Osborne McGraw-Hill


ERIC

- Original Message - 
From: "T Bowman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 04, 2002 10:32 AM
Subject: [ActiveDir] OT: MS Exchange 2000


> Question:  I know vitually nothing about Exchange.
> What is the best book (can't afford any more classes) to use
> to teach myself Exchange 2000?  The certification books?
> Mastering Exchange 2000?  I need something that starts from
> scratch.
> 
> Thanks!
> T.
> ---
> Tony Bowman, MCSE, MCSA, CCNA
> Harvest, AL
> [EMAIL PROTECTED]
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
> 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] It's A Question Of Trust...

2002-04-16 Thread Eric Yeoh 

Hi Rick,

What I meant was one forest each for the comapnies. In each forest, one
domain and explicit trsust between the forests.

Consolidating everything into one domain is cool too, but there are more
pressing issues like boundary administration and ownership issues.

In short, the technology is cool but human emotions may run high.

Cheers,

ERIC

- Original Message -
From: "Rick Kingslan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 16, 2002 10:23 PM
Subject: RE: [ActiveDir] It's A Question Of Trust...


> Eric,
>
> Tell me I'm reading this wrong - two different forests - one for each
> company - each forest with two domains?  Or, is this a new forest with
> two trees (tree root domains)?
>
> Thanks!
>
> Rick Kingslan - Microsoft MVP [Windows NT/2000]
>   Microsoft Certified Trainer
>   MCSA, MCSE+I - Windows NT / 2000
>
> "Any sufficiently advanced technology
> is indistinguishable from magic."
>   ---  Arthur C. Clarke
>
>
>
> > -----Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of Eric Yeoh
> > Sent: Tuesday, April 16, 2002 9:20 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [ActiveDir] It's A Question Of Trust...
> >
> >
> > Go with 2 domains in different Forest with 2-way transitive
> > trusts, easier and lesser hassles!
> >
> > ERIC
> > - Original Message -
> > From: "Blair, James" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, April 16, 2002 8:27 PM
> > Subject: [ActiveDir] It's A Question Of Trust...
> >
> >
> > >
> > > All,
> > >
> > > Need a bit of advise here...Our sister company has decided to
> > > eventually migrate to W2K and in their design
> > considerations they have
> > > put forward a proposal to create a new domain and have us integrate
> > > into it with them to "centralise" things and therefore make things
> > > easier to manage etc. Do you think that this is the right
> > way to go or
> > > would it be better to stick with having two domains and a
> > transitive
> > > trust etc. Our core business is not
> > the
> > > same and our network architecture is certainly a lot different to
> > > theirs. They are used to high speed WAN's and have predominantly
> > > "office workers" with the OS, Office Suite, IE 6 etc
> > installed. We on
> > > the other hand have a lot of places linked by various methods of
> > > phone: Satellite, Mobile etc.
> > in
> > > very remote locations dialling into central points. We also
> > have a WAN
> > > however our backbone is of inferior speed, still pretty
> > good however,
> > theirs
> > > a bit OTT. Over and above the standard installations we have a large
> > amount
> > > of software packages to support due to the nature of
> > business. There
> > > is a lot of theorising going on about the best way to go
> > and I would
> > > like a
> > real
> > > world answer. We are fully W2K in mixed mode and have been for more
> > > than a year now with no hassles...
> > >
> > > James
> > > List info   : http://www.activedir.org/mail_list.htm
> > > List FAQ: http://www.activedir.org/list_faq.htm
> > > List archive:
> > > http://www.mail-archive.com/activedir%40mail.activedir.org/
> > >
> >
> > List info   : http://www.activedir.org/mail_list.htm
> > List FAQ: http://www.activedir.org/list_faq.htm
> > List archive:
> > http://www.mail-archive.com/activedir%> 40mail.activedir.org/
> >
>
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] It's A Question Of Trust...

2002-04-16 Thread Eric Yeoh 

Go with 2 domains in different Forest with 2-way transitive trusts, easier
and lesser hassles!

ERIC
- Original Message -
From: "Blair, James" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 16, 2002 8:27 PM
Subject: [ActiveDir] It's A Question Of Trust...


>
> All,
>
> Need a bit of advise here...Our sister company has decided to eventually
> migrate to W2K and in their design considerations they have put forward a
> proposal to create a new domain and have us integrate into it with them to
> "centralise" things and therefore make things easier to manage etc. Do you
> think that this is the right way to go or would it be better to stick with
> having two domains and a transitive trust etc. Our core business is not
the
> same and our network architecture is certainly a lot different to theirs.
> They are used to high speed WAN's and have predominantly "office workers"
> with the OS, Office Suite, IE 6 etc installed. We on the other hand have a
> lot of places linked by various methods of phone: Satellite, Mobile etc.
in
> very remote locations dialling into central points. We also have a WAN
> however our backbone is of inferior speed, still pretty good however,
theirs
> a bit OTT. Over and above the standard installations we have a large
amount
> of software packages to support due to the nature of business. There is a
> lot of theorising going on about the best way to go and I would like a
real
> world answer. We are fully W2K in mixed mode and have been for more than a
> year now with no hassles...
>
> James
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] AD backup and restore applications ( besides NTBackup.exe )

2002-04-15 Thread Eric Yeoh 
Title: AD backup and restore applications ( besides NTBackup.exe )



Good day, 
 
Tried Veritas backup Exec? It's working great for 
me.
 
Just a thought.
 
ERIC

  - Original Message - 
  From: 
  Eoin Mooney 
  To: '[EMAIL PROTECTED]' 
  
  Sent: Monday, April 15, 2002 8:16 
PM
  Subject: [ActiveDir] AD backup and 
  restore applications ( besides NTBackup.exe )
  
  Hi all, 
  Apologies for any transgressions , first time in 
  this mailing group. 
  I'm looking/evaluating Active Directory back and 
  restore products. We have used NTBackup.exe but we found this limiting ( we 
  want to back up AD but not Registry info as well ( Restore turned out to be a 
  problem when PC wiped and rebuilt ) and it seems it does not allow us to 
  unselect that option in system backup ( unless we are doing it incorrectly 
  :-(   ))
  I have looked/found another product but that is all 
  , do any of you know of other 3rd party AD backup and restore products that I 
  can look at ( I have tried ERDisk by Aelita )
  Thanks for any help 
  Eoin

Re: [ActiveDir] reinstalling domain controller

2002-04-15 Thread Eric Yeoh 


Hi,

You should demote the DC you want to re-install and then delete the name
of the demoted DC from the ADUC snap-in.

Cheers,

ERIC

- Original Message -
From: "osman filiz" <[EMAIL PROTECTED]>
Date: Monday, April 15, 2002 2:41 pm
Subject: [ActiveDir] reinstalling domain controller

> I have a w2k domain with two domain controllers.I have to 
> reinstall one of 
> them with the same name as before.Before reinstalling should i 
> delete the 
> name of this domain controller from active directory?
> 
> _
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.co
> 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] A Question of 2 Domains

2002-04-14 Thread Eric Yeoh 
Title: Message



Hello David,
 
I have not set Forwarder on any of the DNS Servers 
( I will try this!). 
 
A Std Primary Zone for Domain A is configured in 
Domain B's DNS Server and vice versa. Maybe I will try your suggestion and 
convert the Std Primary Zone for Domain A in Domain B's DNS into 
Secondary.
 
I can set Domain B to resolve with Domain A's DNS 
(e.g. nslookup -> server ns1.doma.net) and vice versa.
 
I can only see one HOST record in Domain A's zone 
in Domain B's DNS Server and vice versa. 
 
I can add users from Domain A in ACL editor for 
File/Folder Permissions in Domain B but cannot add groups from Domain A into any 
groups in Domain B.
 
Nothing on Event Log.
 
 
Cheers,
ERIC
 

  - Original Message - 
  From: 
  davlloyd 
  To: [EMAIL PROTECTED] 
  
  Sent: Sunday, April 14, 2002 4:46 
PM
  Subject: RE: [ActiveDir] A Question of 2 
  Domains
  
  
  Just to extract a 
  little more information:
   
  You have single DNS 
  servers serving each of the two internal domain 
  zones
  They have each other 
  respectively configured as Forwarders
  You are also setup 
  for Zone transfers between the two Servers (Have you set up the Secondary 
  zones on each opposing DNS server for the transfers and listed the server in 
  the primary zones)
  (the above gives you a measure of 
  redundancy)
   
   
  You get full 
  visibility from Domain A for Domain B but not Vice 
  Versa
   
  DNS resolution works 
  both ways? (You can use Nslookup to test 
  this)
  Both Zones are 
  complete in each DNS Server?
   
   
  The problem sounds 
  more orientated towards visibility/resolution then security! Is the Eventlog telling you 
anything?
   
  Cheers
   
  David
   
   
  -Original 
  Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
  On Behalf Of Eric 
  YeohSent: 
  14 
  April 2002 
  06:41To: 
  [EMAIL PROTECTED]Subject: Re: [ActiveDir] A Question of 2 
  Domains
   
  
  Hi 
  Rick,
  
   
  
  Thans for the 
  reply.
  
   
  
  The thing is, I cannot add users 
  in Domain A into an Admin group in Domain B. 
  
  
   
  
  Also, although after zone 
  transfer, the Fwd Lookup Zone for Domain A in Domain B's DNS server only 
  has a sinle Host record for the NS, what happened to the other host 
  records?
  
   
  
  This is driving me up the wall, 
  any help will do.
  
   
  
  Thanks a 
  million
  
   
  
  Regards,
  
   
  
  ERIC  
  

- Original Message - 


From: Rick Kingslan 


To: [EMAIL PROTECTED] 


Sent: 
Saturday, April 13, 2002 9:54 PM

Subject: RE: 
[ActiveDir] A Question of 2 Domains

 

There 
may be much more going on here, but the quick answer (because I have about 2 
minutes this AM, and this caught my eye! :)  ) would be simple 
permissions.  The fact that the trust exists is good, but if there are 
no permissions granted, then what can an object in Forest A do in Forest 
B?  Or, vice versa?

 

Consider this the 
same (in very high altitude terms) the Domain Admin in 
Domain Corp.local and the Domain Admin sales.corp.local.  Does the 
Domain Admin in either domain have any administrative permission in the 
other?

 

Rick 
Kingslan - Microsoft Certified Trainer  MCSE+I on Windows NT 
4.0  MCSE on Windows 2000  MVP [Windows NT/2000 
Server]"Any sufficiently advanced technologyis indistinguishable 
from magic."  ---  Arthur C. 
Clarke 
 -Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]] On Behalf Of Eric YeohSent: Saturday, April 13, 2002 8:41 
AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] A Question of 2 
Domains

  
  Hi,
  
   
  
  I have this 
  scenario.
  
   
  
  Domains A (accounts domain) 
  and B (resource/Exchange 2k domain) are in diff forests and have two way 
  trusts enabled. In each other DNS servers (Std Primary 
  Zones) I have created a Standard Primary Zones for each other domains 
  i.e. in Domain A a Fwd Lookup Zone for Domain B and vice 
  versa.
  
   
  
  For each of the created Zones, 
  the primary name servers are of their respective domains. A NS 
  record is created for Domain B in Domain A's DNS server and 
  vice versa. Zone Transfer for both DNS servers are enabled for those in 
  the NS tab.
  
   
  
  My Question is, why can I 
  browse Domain B from Domain A's AD Uses&Comp but not from Domain B? 
  Also why can't members from each other 
  domains?
  
   
  
  Thanks
  
   
  
  ERIC 
  YEOH
  
  MCSE 
  NT4
  
   
  
   
  
   
  
   
  
   
  
   
  ---Incoming mail is

Re: [ActiveDir] A Question of 2 Domains

2002-04-13 Thread Eric Yeoh 
Title: Message



Hi Rick,
 
Thans for the reply.
 
The thing is, I cannot add users in Domain A into 
an Admin group in Domain B. 
 
Also, although after zone transfer, the Fwd 
Lookup Zone for Domain A in Domain B's DNS server only has a sinle Host record 
for the NS, what happened to the other host records?
 
This is driving me up the wall, any help will 
do.
 
Thanks a million
 
Regards,
 
ERIC  

  - Original Message - 
  From: 
  Rick Kingslan 
  
  To: [EMAIL PROTECTED] 
  
  Sent: Saturday, April 13, 2002 9:54 
  PM
  Subject: RE: [ActiveDir] A Question of 2 
  Domains
  
  There may be much more going on here, but the quick answer (because I 
  have about 2 minutes this AM, and this caught my eye! :)  ) would be 
  simple permissions.  The fact that the trust exists is good, but if there 
  are no permissions granted, then what can an object in Forest A do in Forest 
  B?  Or, vice versa?
   
  Consider this the same (in very high altitude terms) the Domain Admin 
  in Domain Corp.local and the Domain Admin sales.corp.local.  Does 
  the Domain Admin in either domain have any administrative permission in the 
  other?
   
  
  Rick Kingslan - Microsoft Certified 
  Trainer  MCSE+I on Windows NT 4.0  MCSE on Windows 
  2000  MVP [Windows NT/2000 Server]"Any sufficiently advanced 
  technologyis indistinguishable from magic."  ---  Arthur C. 
  Clarke 
   -Original 
  Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]] On Behalf Of Eric 
  YeohSent: Saturday, April 13, 2002 8:41 AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] A Question of 2 
  Domains
  
Hi,
 
I have this scenario.
 
Domains A (accounts domain) and B 
(resource/Exchange 2k domain) are in diff forests and have two way trusts 
enabled. In each other DNS servers (Std Primary Zones) I have 
created a Standard Primary Zones for each other domains i.e. in Domain A a 
Fwd Lookup Zone for Domain B and vice versa.
 
For each of the created Zones, the primary name 
servers are of their respective domains. A NS record is created 
for Domain B in Domain A's DNS server and vice versa. Zone 
Transfer for both DNS servers are enabled for those in the NS 
tab.
 
My Question is, why can I browse Domain B from 
Domain A's AD Uses&Comp but not from Domain B? Also why can't members 
from each other domains?
     
Thanks
 
ERIC YEOH
MCSE NT4
 
 
 
 
 
 

[ActiveDir] A Question of 2 Domains

2002-04-13 Thread Eric Yeoh 



Hi,
 
I have this scenario.
 
Domains A (accounts domain) and B 
(resource/Exchange 2k domain) are in diff forests and have two way trusts 
enabled. In each other DNS servers (Std Primary Zones) I have 
created a Standard Primary Zones for each other domains i.e. in Domain A a Fwd 
Lookup Zone for Domain B and vice versa.
 
For each of the created Zones, the primary name 
servers are of their respective domains. A NS record is created 
for Domain B in Domain A's DNS server and vice versa. Zone Transfer 
for both DNS servers are enabled for those in the NS tab.
 
My Question is, why can I browse Domain B from 
Domain A's AD Uses&Comp but not from Domain B? Also why can't members from 
each other domains?
 
Thanks
 
ERIC YEOH
MCSE NT4