[ActiveDir] Odd Logon Delay with 2byte transfers

2004-11-05 Thread Eric_Jones 

Hi everyone,

I have a truly intriguing one for you.
We have recently begun to experience an inconsistent problem where
by interactive network logon onto a Windows 2000 or Windows 2003 server
may take upwards of 40 mins to complete. The authenticating domain
controller is on a gigabit link to the respective member servers (campus
network). We've tried tests from various locations using a couple
of domain controllers. It doesn't appear to be a specific domain
controller. We've hit the KB articles and have been talking to MS.
We've tried the Opportunistic Lock settings in it's permutable
combinations from server and client.

One of the things that does appear to
be constant is that of the phases of the logon process, Applying
Registry settings appears to last the absolute longest period of
time during the logon process. It doesn't matter which 'registry.pol'
that is being applied. Both Usrenv logs and network traces show that
the delay corresponding the 'applying registry settings' occurs regardless
as to the policies being evaluated/applied. Also, the largest 'registry.pol'
is 554 bytes. With that size, two 'registry.pol' files could be transferred
in one transfer.

Another consistency being seen during
this delay is that during the transfer of the 'registry.pol' file, the
communication is in 2byte snippets. Can't explain that one. Can't
even find any documentation on this phenomenon. Microsoft appeared
to have found some internal documentation to that end, but it related to
opportunistic locking and the respective changes did not produce
a change in our environment as indicated by our network traces. We
lean in this direction as the problem or at least a very significant anomaly.

Load is not a question as we are early
in our physical deployment of Active Directory (domain controllers...etc).
There are only about 550 user in our AD environment and most of them
authenticate to their respective domain controller at their corresponding
locations. Of the clients authenticating at our hub site, which include
the servers in this case numbers less than 200. Utilization on the
hub DC is well in reason for both processor, memory, and TCP/IP interface
utilization. But, just to rule out anything flaky with that DC, I
temporarily switch subnets and sites with another DC, that at most does
only DNS and carries the PDCE role. Same results.

We continue to work with Microsoft.
We've turned up logging on must hosts involved and will turn up logging
on the remaining hosts today. In terms of errors, the eventlog is
naked as a Jaybird. I'm also taking the route of disabling all unnecessary
services on all domain controllers to simplify the troubleshooting.

Because it is inconsistent, it is proving
very hard to determine progress. Inconsistency breeds doubt and requirements
for retesting and validationnot very fun...

Any useful ideas, suggestions, golden
nuggets, Easter eggs, PXE dust...etc would be greatly appreciated.


Thanks,


Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

Re: [ActiveDir] GPO's not always applied.

2004-10-04 Thread Eric_Jones 

I've had a similar problem. In
digging through the problem, I found some of the following, usually by
tracing through the eventlog on the respective machine.


Computer account had a problem in the
domain - just needed to be removed and put back in
GPO policy processing - changed respective
templates to always apply even if no changes had occurred
NIC/Switch Port config - Found that
there were cases that the computer would come up for login before the network
connection was fully initialized. Once discovered it was simple to
test. Simply boot up, logon..wait for everything to settle down.
Then unplug the NIC and plug it back in. The network connection
should come back immediately. If it doesn't then its possible that
the computer may also be starting up before there's an available connection
to a DC. This would cause inconsistent processing of user policies
and prevent application of computer policies, other than those that had
already been applied
Local Policies on the computer - Local
policies seem inert and possibly unimportant once on the AD domain, butnot
in our environment. It was a 'twisted' implementation of local policies...scripts...and
other things to ensure that local polices applied, reapplied...and couldn't
be unapplied. So when we migrated the machines to AD, we experienced
an unbelievable series of unpredictable results. Needless to say,
one of which, was the lack of consistent GPO application - One of the permanent
fixes was to automate the application of Setup Security.inf
to all the respective clients upon their migration of AD
The biggest problem by far was simply
getting consistent failures to troubleshoot or getting the exact details
of the respective occurrence from the desktop people in the field. 


When all else fails...turn up GPO and
Winlogon logging, turn on failure auditing...get a fine tooth comb and
settle in for a nice long debug session...

Hope this helps.



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com





[EMAIL PROTECTED]

Sent by: [EMAIL PROTECTED]
10/04/2004 11:52 AM



Please respond to
[EMAIL PROTECTED]





To
[EMAIL PROTECTED]


cc



Subject
Re: [ActiveDir] GPO's not
always applied.








Hey Mark...

You can try /computer configuration/administrative templates/system/group
policy/scripts policy processing

You can set to always process over slow connections, and even if the GPO
hasn't changed.

HTH
John




  
  
  
 
   Mark Orlando   
  
  
   [EMAIL PROTECTED] 
  
  
   com   
  
  
  To 
   Sent by:   
 Active Directory Mailing List
   
   [EMAIL PROTECTED]  
  [EMAIL PROTECTED]   
   ail.activedir.org  
  
   cc 
  
  
  
 
  
  
  
 Subject 
   10/04/2004 10:46  
  [ActiveDir] GPO's not always
   AM
   applied. 
  
 
  
  
  
 
  
  
  
 
   Please respond to  
  
 
   [EMAIL PROTECTED]  
  
 
tivedir.org 
  
  

  
  
  
 
  
  
  
 




I am having issues with GPO's not being fully applied at every login.
I need to change this. I know it might have something to do with
the
volume of LAN traffic but I need to find away around this.
I also have some add printer login scripts that don't always work
either. I have the scripts running synchronously and slow link
detection set to 0. Does anyone have any ideas?

Mark Orlando
Systems Administrator
I.T. Department
Linden Public Schools

List info  : http://www.activedir.org/mail_list.htm
List FAQ  : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info  : http://www.activedir.org/mail_list.htm
List FAQ  : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Admin Share access for Non-Admins

2004-09-07 Thread Eric_Jones 

Security Guru question...

I read somewhere...don't know where,
that it is possible to grant a power-user or otherwise non-admin the ability
to access administrative shares such as admin$, c$,...etc. I
believe that this is possible as of Windows 2003 and possibly Windows 2000.

I'm in a situation that we must
give our Security Group proper access w/o actually making them administrators
on the respective servers in AD.

Details on this possibility would be
greatly appreciated.

TIA.



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

[ActiveDir] W2k3 DNS Scalability

2004-07-22 Thread Eric_Jones 

Potentially interesting oddity occurred
today...

Our primary and secondary Windows 2003
/ AD integrated DNS server services abended at almost the exact same time.
I have custom WMI monitoring set to auto-restart them, send email,
call the president, and of course...raise the national threat level. 

The servers are dedicated AD boxes,
so no rogue software or odd config. The servers are Dell PowerEdge
2560s with 4 GB RAM, 3.06GHz processors and lots diskspace on a RAID 1
/ RAID 5 config.

The reason that I suspect performance
/ scalability is that when I check the utilization trend reports and each
server was averaging 82 queries/sec. But surely, the servers can handle
more. Heck the over all CPU utilization is about 3%. We have
most of the Windows platform using these two DNS servers, but still have
more to go. Eventually the load will be distributed among soon to
have future AD DCs. But I was very surprised to see the processes
crash. All other trended perfmon metrics were well within reason.

Any thoughts? Anyone perform specific
DNS customizations to their respective dedicated AD DNS servers?

TIA.



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

[ActiveDir] W2k3 DNS Scalability - More NFO

2004-07-22 Thread Eric_Jones 

Potentially interesting oddity occurred
today...

Our primary and secondary Windows 2003
/ AD integrated DNS server services abended at almost the exact same time
with the following error message in the eventlog:

Reporting queued error:
faulting application dns.exe, version 5.2.3790.0, faulting module msvcrt.dll,
version 7.0.3790.0, fault address 0x000351e4.

I have custom WMI monitoring set to
auto-restart DNS, send email, call the president, and of course...raise
the national threat level. The servers are dedicated AD boxes, so
no rogue software or odd config. The servers are Dell PowerEdge 2560s
with 4 GB RAM, 3.06GHz processors and lots diskspace on a RAID 1 / RAID
5 config.

The reason that I suspect performance
/ scalability is that when I check the utilization trend reports and each
server was averaging 82 queries/sec. But surely, the servers can handle
more. Heck the over all CPU utilization is about 3%. We have
most of the Windows platform using these two DNS servers, but still have
more to go. Eventually the load will be distributed among soon to
have future AD DCs. But I was very surprised to see the processes
crash. All other trended perfmon metrics were well within reason.

Any thoughts? Anyone perform specific
DNS customizations to their respective dedicated AD DNS servers?


TIA.



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

[ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD?

2004-06-01 Thread Eric_Jones 





Looking for some guidance / help...

Our Enterprise Systems Management Group is in the process or rolling out
Tivoli to all locations.  It doesn't seem logical or best practice, to me,
to put such an application on a Windows 2003 DC.  When testing TMF 4.1
components on a test Windows 2003 DC, I had extreme difficulty getting it
to work.  I inquired about this recently and was told that the problem was
most likely security and that the security for the entire domain would have
to be greatly relaxed to support a Tivoli Gateway installation on a Windows
2003 domain controller, not to mention the gaping security hole opened by
this installation.  I was also informed that installing Tivoli Gateway or
other managed node components on a Windows 2003 domain controller was not
best practice and correspondingly should be avoided if possible.

Has anyone else attempted or run into this scenario?

TIA


Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD?

2004-06-01 Thread Eric_Jones 




I completely agree.  I just wanted to ensure that I wasn't amiss with
disagreeing with putting Tivoli Managed Node components on a W2k3 DC.
We're aiming for MOM and its corresponding integration.  I've looked at the
AD Option provided by Tivoli and am not excited at all.  I'm having to
write a comparative proposal to use MOM instead of Tivoli to monitor the
W2k3 DCs in our environment.  If that proposal gets accepted, I'm hoping to
expand to the entire Windows Server Platform next year.



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


   
 Mulnick, Al 
 [EMAIL PROTECTED] 
 T.com To 
 Sent by:  '[EMAIL PROTECTED]'
 [EMAIL PROTECTED] [EMAIL PROTECTED]  
 ail.activedir.org  cc 
   
   Subject 
 06/01/2004 10:32  RE: [ActiveDir] Tivoli Gateway on   
 AMWindows 2003 DC - BAD?  
   
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   




Exactly!  Tivoli is not going to give you very good information about
Active
Directory.  I can tell you that in all honesty as a person who's been bit
by
the tivoli virus ;)

In a past life as a consultant, I saw many Tivoli implementations gone bad
and a lot of finger pointing; all for minimum data return. Not the type of
thing I'd like to build a computing infrastructure on myself.  Do yourself
a
favor and reduce the Tivoli presence and go with MOM.  If Tivoli is your EM
of choice, the integrate it with MOM.  You won't be sorry about the choice.

Al

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 01, 2004 10:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD?

Tivoli is not secure. If you care about security do not put it (even
agents)
on your domain controllers. Period.

Whomever manages Tivoli, will own your forest the moment you add it to a
DC.
This goes for any application that runs as localsystem on the DC and is
controlled by someone else other than the enterprise admins. Tivoli has
the ability to copy down anything it wants and then run it on the machine.

My recommendation would be to fire up MOM or some other management system
that has the capability to feed info back into the Tivoli framework. This
management system would be entirely owned and run by the enterprise admins.

  joe



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, June 01, 2004 8:47 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD?






Looking for some guidance / help...

Our Enterprise Systems Management Group is in the process or rolling out
Tivoli to all locations.  It doesn't seem logical or best practice, to me,
to put such an application on a Windows 2003 DC.  When testing TMF 4.1
components on a test Windows 2003 DC, I had extreme difficulty getting it
to
work.  I inquired about this recently and was told that the problem was
most
likely security and that the security for the entire domain would have to
be
greatly relaxed to support a Tivoli Gateway installation on a Windows
2003 domain controller, not to mention the gaping security hole opened by
this installation.  I was also informed that installing Tivoli Gateway or
other managed node components on a Windows 2003 domain controller was not
best practice and correspondingly should be avoided if possible.

Has anyone else attempted or run into this scenario?

TIA


Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm

Re: [ActiveDir] HELP URGENT how to recover exch2000 admin account d eleted

2004-06-01 Thread Eric_Jones 




Quite Ingenious...



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


   
 clister   
 [EMAIL PROTECTED]
 Sent by:   To
 [EMAIL PROTECTED] [EMAIL PROTECTED]
 ail.activedir.org  cc
   
   Subject
 06/01/2004 11:58  Re: [ActiveDir] HELP URGENT how to
 AMrecover exch2000 admin account d
   eleted  
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   




Problem solved!!

I have assigned system full rigths access on domain controller, then Ive
installed mmc for admin exchange,

I ran mmc as system account by means of 'at' command and then delegate my
exchange organization to other account so I succeded on getting admin
access
to exchange, so recovering.

El Martes, 1 de Junio de 2004 11:14, Nicolas Blank escribió:
 Exchange Server  2003 Deployment Guide - page 84/85

 The account you use to run ForestPrep must be a member of the Enterprise
 Administrator and the Schema Administrator groups. While you are running
 ForestPrep, you designate an account or group that has Exchange Full
 Administrator permissions to the organization object. This account or
 group has the authority to install and manage Exchange 2003 throughout
 the forest. This account or group also has the authority to delegate
 additional Exchange Full Administrator permissions after the first
 server is installed.

 .

 Exchange Server  2003 Deployment Guide - page 86

 DomainPrep creates the groups and permissions necessary for Exchange
 servers to read and modify user attributes.



 Exchange Server  2003 Deployment Guide -

 http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/depgu
 ide.mspx



 The functionality described above has not changed significantly since
 Exchange 2000. Hope that helps.





 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 [EMAIL PROTECTED]
 Sent: 01 June 2004 08:05 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] HELP URGENT how to recover exch2000 admin
 account d eleted



 I think Domain Prep will do in reassiging those rights instead of Forest
 Prep. Please correct me if I am wrong.

 Regards,
 Mohammed Athif Khaleel
 Asst.Network Engineer
 AlFaisaliah Group Information Technology
 Tel.: +966-1-461-0077 x.209
 Moble.: +966-509774015
 Email: [EMAIL PROTECTED]
 Save Internet, Keep all the systems patched
 Web: http://alfaisaliah.com



 -Original Message-
 From: Nicolas Blank [mailto:[EMAIL PROTECTED]
 Sent: Monday, 31 May 2004 8:17 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] HELP URGENT how to recover exch2000 admin
 account d eleted



 Authoritive restore or if you can't recover this puppy, re-run forest
 prep and nominate another account.

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Clist
 Sent: 31 May 2004 06:20 PM
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] HELP URGENT how to recover exch2000 admin account
 deleted

 I have deleted the exch2000 administrator account,

 how can i revover this account?

 Thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Active Directory and Other LDAP Integration

2004-04-28 Thread Eric_Jones 




All,  we are in search of the elusive single sign-on...

We are designing/testing pieces of what may become a multi-platform
authentication strategy.  We've begun with the authentication integration
with IBM's Websphere.  While we've been successful in its integration
(having Websphere on a Linux box authenticate to AD); we have a dilemma
with how the DN is created...specifically the CN.  The CN appears to
default to be the same as the 'Display Name'.  With this being the case, a
user logging into Websphere's Portal would need to login with what would
appear to them as yet another ID using their 'First' and 'Last' names.  And
that's assuming that our naming standards are intact and haven't had to
account for identical names.

A way around this appears to have the users logon name and 'Name' [CN]
fields be identical.  We would then add the Display Name column to ADUC
and other such AD management tools for our sanity of management.
Enforcing/ensuring this setting would not be difficult for us as we use
Aelita Enterprise Directory Manager, so we would just create a
validation/enforcement rule as well as ensure automatic policy validation.

My questions are: Has anyone else run into this problem?  Is this really a
problem or just what I'm simply supposed to do.  Are there other problems
that might arise from this change in procedure?

What kind of success have people had in having other platforms and
LDAP'able' applications authenticate to AD?

TIA,


Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and Other LDAP Integration

2004-04-28 Thread Eric_Jones 




Thanks all for the feedback.

We are a very centralized shop as well (and seem to be on a company buying
spree...).  The Enterprise Security team really wants to make AD the
strategic direction for authentication strategy as well part of a staged
user provisioning and automation mechanism. I/We are about to undertake a
massive leap in automation, business rule enforcement, and data integrity
as it relates to the Windows Server Platform...roled into our fledgling AD
migration.  And I gotta say, VBScript is an admin's best friend. [mine
anyway]



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory and Other LDAP Integration

2004-04-28 Thread Eric_Jones 




No, MIIS is not being used.  I don't believe that the Security Group
reviewed the product.  They are about to pilot/implement CA Enterprise
Admin.  Like MIIS, it has hooks into some of the major LDAPs and is
supposed to be very scriptable.  In fact, although they have an AD
integration piece, the direct feed into AD violates part of my principle
design for our AD infrastructure, which is to force all AD Object
Change/Add/Moves to go through the Aelita EDM product to enforce business
rules and data consistency.  CA has stated the integration should be able
to be done completely via scripted integration...we're about to find out.

How are other companies doing directory services integration.  How was that
tied into an authentication strategy?



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


   
 Cotter, Paul M. 
 [EMAIL PROTECTED] 
   To 
 Sent by:  [EMAIL PROTECTED]  
 [EMAIL PROTECTED]  cc 
 ail.activedir.org 
   Subject 
   RE: [ActiveDir] Active Directory
 04/28/2004 05:27  and Other LDAP Integration  
 PM
   
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   





Are you looking at MIIS as an account provisioning/automation tool?

Paul



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, April 28, 2004 4:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Active Directory and Other LDAP Integration





Thanks all for the feedback.

We are a very centralized shop as well (and seem to be on a company
buying spree...).  The Enterprise Security team really wants to make AD
the strategic direction for authentication strategy as well part of a
staged user provisioning and automation mechanism. I/We are about to
undertake a massive leap in automation, business rule enforcement, and
data integrity as it relates to the Windows Server Platform...roled into
our fledgling AD migration.  And I gotta say, VBScript is an admin's
best friend. [mine anyway]



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/





===

Important:
This electronic mail message and any attached files contain information
intended for the exclusive use of the individual or entity to whom it is
addressed and may contain information that is proprietary, privileged,
confidential and/or exempt from disclosure under applicable law.  If you
are not the intended recipient, you are hereby notified that any viewing,
copying, disclosure or distribution of this information may be subject to
legal restriction or sanction.  Please notify the sender, by electronic
mail or telephone, of any unintended recipients and delete the original
message without making any copies.

===
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] W2k3 AD DC DR - Need Immediate Help/Advice

2004-04-16 Thread Eric_Jones 




Thanks for the quick response.  That's the route that I wanted to take.
Happy to see a second on the opinion.

Thanks again...executing plan now.



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


   
 Coleman, Hunter 
 [EMAIL PROTECTED] 
 t.us  To 
 Sent by:  '[EMAIL PROTECTED]'
 [EMAIL PROTECTED] [EMAIL PROTECTED]  
 ail.activedir.org  cc 
   
   Subject 
 04/16/2004 11:26  RE: [ActiveDir] W2k3 AD DC DR - 
 AMNeed Immediate Help/Advice  
   
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   




 http://support.microsoft.com/default.aspx?kbid=216498product=nts40

Make sure you clean out all references to the dead DC before promoing a new
DC with the same name. If you're down to a single DC for the domain, you
might want to consider bringing up another temporary DC with a different
name until you get the cleanup done and have a chance to verify that all
references to the old DC are gone. When that's done and the dust has
settled, you can dcpromo the temporary DC back down.

Hunter

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, April 16, 2004 9:21 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] W2k3 AD DC DR - Need Immediate Help/Advice
Importance: High





Severe issue with and inability to recover (using Tivoli Storage Manager
5.2.2) one of our DCs that just happened to hold the three domain FSMO
roles
occurred yesterday.  I've come to the conclusion that it is very, very
unlikely that I'll be able to recover the system state, inclusive of AD
system objects.

The dilemma is as follows:

I've seized the roles and 'technically' things appear to be okay.  I need
to
recover this DC as soon as possible.  I purposely haven't deleted the DC
from the environment as I want to use the same name.  I seem to remember
that there is or was some issue with deleted a defunct DC and then turning
right around and attempting to use the same name again, despite the use of
GUIDs in AD replication.  I'm hoping this is something that no longer
applies or that I just misunderstood.  But considering the potential impact
I wanted to ask first.

I'm about the crack open the whitepapers and also call MS to ask.  Was
hoping this would be a quicker route.

TIA



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide

2004-04-01 Thread Eric_Jones 

Link appears not to work [for me]. And
I haven't been able to find the updated doc on Microsoft's website. Can
anyone else get to this link.

(anxiously waiting...for almost a year
now...)



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com





David Adner
[EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
03/31/2004 11:49 PM



Please respond to
[EMAIL PROTECTED]





To
[EMAIL PROTECTED]


cc



Subject
[ActiveDir] Released! Windows
Server 2003 Active Directory Branch Office Guide








Enjoy.

Windows Server 2003 Active Directory Branch Office Guide
http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-
9FA7-3A95C9540112displaylang=en

List info  : http://www.activedir.org/mail_list.htm
List FAQ  : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide - Update

2004-04-01 Thread Eric_Jones 




Thanks, but that's the one for Windows2000.

I just saw a post on Microsoft's AD newsgroup.  Microsoft (Jason Robarts)
states that they are having a problem with the download site and are
working to fix it.  Jason Robarts is the MSFT person that originally posted
the link on MSFT's AD related newsgroups.

If there's anyone on this list that has been able to get a copy of the doc
[for Windows 2003], I would definitely appreciate a directly emailed copy.

TIA


Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


   
 Michael Wassell 
 [EMAIL PROTECTED] 
 ting.com  To 
 Sent by:  [EMAIL PROTECTED]  
 [EMAIL PROTECTED]  cc 
 ail.activedir.org 
   Subject 
   RE: [ActiveDir] Released! Windows   
 04/01/2004 08:42  Server 2003 Active Directory Branch 
 AMOffice Guide
   
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   




http://www.microsoft.com/downloads/details.aspx?FamilyId=9A4C7AC3-185E-4644-9E98-4876B2A477E7displaylang=en

I believe this is what you might be looking for?

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Thursday, April 01, 2004 8:27 AM
To: [EMAIL PROTECTED]
Subject: Possible Spam:RE: [ActiveDir] Released! Windows Server 2003 Active
Directory Branch Office Guide

It reports: The download you requested is unavailable.  If you continue to
see this message when trying to access this download, you might try the
Search for a Download area on the Download Center home page.

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Thursday, April 01, 2004 8:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Released! Windows Server 2003 Active Directory
Branch Office Guide

This one works fine for me.
http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112displaylang=en
Perhaps youre having line wrapping issues?

~Eric



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, April 01, 2004 5:27 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Released! Windows Server 2003 Active Directory
Branch Office Guide


Link appears not to work [for me].  And I haven't been able to find the
updated doc on Microsoft's website.  Can anyone else get to this link.

(anxiously waiting...for almost a year now...)



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com



   
 David Adner 
 [EMAIL PROTECTED]
 Sent by:  
 [EMAIL PROTECTED] To 
 edir.org   [EMAIL PROTECTED] 
cc 
   
 03/31/2004 11:49 PM   Subject 
[ActiveDir] Released! Windows  
Server 2003 Active Directory   
Branch Office Guide
   
   
  Please respond to
  [EMAIL PROTECTED]
 org

RE: [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide

2004-04-01 Thread Eric_Jones 




Yeah!

Huston...we have documentation...



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


   
 Eric Fleischman 
 [EMAIL PROTECTED] 
 .com  To 
 Sent by:  [EMAIL PROTECTED]  
 [EMAIL PROTECTED]  cc 
 ail.activedir.org 
   Subject 
   RE: [ActiveDir] Released! Windows   
 04/01/2004 09:31  Server 2003 Active Directory Branch 
 AMOffice Guide
   
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   




Its online again and should be all set.
http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112displaylang=en

~Eric



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Thursday, April 01, 2004 7:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Released! Windows Server 2003 Active Directory
Branch Office Guide

This one works fine for me.
http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112displaylang=en
Perhaps youre having line wrapping issues?

~Eric



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, April 01, 2004 5:27 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Released! Windows Server 2003 Active Directory
Branch Office Guide


Link appears not to work [for me].  And I haven't been able to find the
updated doc on Microsoft's website.  Can anyone else get to this link.

(anxiously waiting...for almost a year now...)



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


   
 David Adner 
 [EMAIL PROTECTED]
 Sent by:  
 [EMAIL PROTECTED]  To 
 vedir.org [EMAIL PROTECTED]  
cc 
   
 03/31/2004 11:49 PM   Subject 
   [ActiveDir] Released! Windows   
   Server 2003 Active Directory Branch 
   Office Guide
   
   
 Please respond to 
  [EMAIL PROTECTED] 
.org   
   
   
   
   
   





Enjoy.

Windows Server 2003 Active Directory Branch Office Guide
http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-

9FA7-3A95C9540112displaylang=en

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: 
http://www.mail-archive.com/activedir%40mail.activedir.org/.+-wi0-+YbmPi0-+bf.+-j!
0j!oryIV+v*

Re: [ActiveDir] Domain clients hangs before logon, multiple issues

2004-04-01 Thread Eric_Jones 




The problem may not necessarily be configuration related.  Are there any
startup scripts?  More specifically, are there any settings that
require/force the respective machines to connect to any specific network
hosts.  I'm wondering if the problem may relate to the inconsistently
consistent 'hang' of a connection trying to be made, but never
succeeding...or possibly not succeeding in a timely fashion.  It could be a
GPO, that hasn't changed but is having problems executing one of its
settings that requires some form of network connectivity.  It could be as
simple as a seemingly benign app or config that's hanging at startup...

Doing a network trace/sniff of at least two computers experiencing the
problem should yield enough network hosts/servers in common to narrow down
your troubleshooting.  When all else fails to yield the answer...sniff...

Hope this helps...



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


   
 J0mb
 [EMAIL PROTECTED] 
 ment.org  To 
 Sent by:  [EMAIL PROTECTED]  
 [EMAIL PROTECTED]  cc 
 ail.activedir.org 
   Subject 
   [ActiveDir] Domain clients hangs
 04/01/2004 12:54  before logon, multiple issues   
 PM
   
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   




Good morning,
i've recently runned into a weird problem i wasn't able to track down yet.
Yesterday morning a number of users reported that their domain PCs would
hang loading the Operating system just before the logon screen would
appear.
they're all stuck on Applying computer settings.
The moment i unplug the network cable the PC will finish its startup
procedure and show the logon screen.

The network is made of a single forest/single domain, all DCs are Win2000
Server SP4. 4 sites across 2 Mb fast links (no evidence of traffic
overload). Each site has 2 Dcs including the one (and only) site where the
problem has been reported.
DCs seem to perform fine. They have been rebooted, checked event logs,
checked with netdiag and dcdiag. replication is working fine. None of the 2
DCs in the affected site hold FSMo roles. All other DCs on the network are
working fine.
There have been no modifications on group policies, memeberships so forth.
Sysvol and netlogon shares are accessible. One of the 2 DCs in the site is
the AD DNS server for the site and shows no problem (can resolve queries,
can register records, SRV records are present and appear correct).

on the client side: this has been reported on random machines attached to
different network hardware. They're a mix of WinXP and 2000 machines,
though
the problem seems to affect mainly win2000. EventID 3034 is logged (checked
most comments from eventid.net). client time looks synched with the DCs
time. Once the machine is started through the unplugging cable tweak it's
able to resolve from AD DNS. All network settings have been checked twice
both for server and client and appear correct. Hosts file is clean.
Attempted to remove one machine from the domain, and it would reboot fine.
however, it was a hard task to join it again to the domain (reported RPC
errors, network name no more valid...finally i could join it to the domain
but it started showing the issue again...). The issue has been reported on
15-20 domain machines out of about 200.

Please, please..help! I just can't get out of it (the problem...the
office).

thank you!

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Revising Site Design

2004-02-03 Thread Eric_Jones 




Hello All,

I'm revising our global site design, to further reduce DCs and get more
efficient use of bandwidth.  I'm finding that we have a number of physical
sites that do not necessarily have enough users to constitute a DC and who
also have high-speed connections to multiple other locations that do need
and have DCs.

I know that the bulk of design documentation says to create a site only if
there will be a DC located at that location, but what about to control
logon traffic?  Having a site defined in AD for the respective subnets
would allow me to setup costs and correspondingly control where these
locations would attempt to authenticate as well as better controlling
DFS...etc.

Since I haven't run across any best practice documentation noting this
scenario, I was wondering if there are others on this list who have come
pondered or actually done this.

Any nfo or general recommendations would be greatly appreciated.



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Revising Site Design

2004-02-03 Thread Eric_Jones 




Perfect!  That is exactly what I needed to confirm.

I truly appreciate the help.



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


|-+--
| |   Roger Seielstad|
| |   [EMAIL PROTECTED]|
| |   .com  |
| |   Sent by:   |
| |   [EMAIL PROTECTED]|
| |   tivedir.org|
| |  |
| |  |
| |   02/03/2004 10:13 AM|
| |   Please respond to  |
| |   ActiveDir  |
| |  |
|-+--
  
--|
  |
  |
  |   To:   '[EMAIL PROTECTED]' [EMAIL PROTECTED]  
|
  |   cc:  
  |
  |   Subject:  RE: [ActiveDir] Revising Site Design   
  |
  
--|




Bob Free posted a link to Gil Kirkpatrick's excellent logon topology doc:

http://www.winnetmag.com/Articles/Index.cfm?ArticleID=37935 or
http://www.netpro.com/forum/files/Authentication_Topology.pdf

Well worth reading, and if I remember correctly, it covers the exact
question you've got...

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, February 03, 2004 9:31 AM
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] Revising Site Design






 Hello All,

 I'm revising our global site design, to further reduce DCs
 and get more
 efficient use of bandwidth.  I'm finding that we have a
 number of physical
 sites that do not necessarily have enough users to constitute
 a DC and who
 also have high-speed connections to multiple other locations
 that do need
 and have DCs.

 I know that the bulk of design documentation says to create a
 site only if
 there will be a DC located at that location, but what about to control
 logon traffic?  Having a site defined in AD for the respective subnets
 would allow me to setup costs and correspondingly control where these
 locations would attempt to authenticate as well as better controlling
 DFS...etc.

 Since I haven't run across any best practice documentation noting this
 scenario, I was wondering if there are others on this list
 who have come
 pondered or actually done this.

 Any nfo or general recommendations would be greatly appreciated.



 Eric Jones, Senior SE
 Intel Server Group
 (W) 336.424.3084
 (M) 336.457.2591
 www.vfc.com

 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Event Log monitoring tools

2003-12-18 Thread Eric_Jones 

Using WMI to write scripts to monitor
servers, specifically event logs works extremely well. I did just
that with WMI at our company. I went as far as to script out the
permanent monitoring of processes, processor, memory, disk, various eventlog
combinations, and various filesystem details. Your scripts could
be as simple as a couple dozen lines or a couple thousand lines like mine.
We run this for about the past 2 years with definitive success. We
have some automated actions defined using the ActiveScriptConsumer, but
most alerts send email to a specific email account that has about 20 rules
setup on it to redirect alerts to appropriate people throughout the organization.

There are some excellent WMI books at
the book stores. Read a little...do a lot!

(I should also note that we are now
going through a successful implementation of Tivoli [which is nearly completely
WMI based for the Windows platform] and will soon disable the custom monitoring
that I've written)



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com






Marco Bombardi [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
12/17/2003 10:38 AM
Please respond to ActiveDir

To:
   [EMAIL PROTECTED]
cc:
   
Subject:
   Re: [ActiveDir] Event Log monitoring
tools


You can always script it using either a temporary
or a permanent event
consumer to take actions when particular events are logged.

Check out the Monitoring section of the Technet Script Center for samples.

Marco Bombardi
- Original Message - 
From: Clay Perrine [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 17, 2003 6:53 AM
Subject: FW: [ActiveDir] Event Log monitoring tools



We have a free resource kit style tool called EventCombMT. It will query
the event logs on selected servers for selected events.  It doesn't
do
active monitoring, but it will generate a file of all the specified
event id's from all the servers specified. Anyone who would like
a copy
can contact me directly. I tried to post it here, but the file is too
big to send. There is a doc file that has the directions on how to use
it.

Give it a try.

Clay Perrine MCSE
Microsoft Directory Services Support Team.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Sent: Wednesday, December 17, 2003 8:22 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Event Log monitoring tools

I'm wondering what people are using for event log monitoring. Looks like
our environment will be expanding to the degree that I'll need to
monitor numerous independent server farms and would like to be able to
get daily centralized reports based on logs. I know MOM and NetIQ will
do this, but 800 lb gorillas aren't really my style. ;-) Is there
anything else good out there that will do this?
Thanks.


**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 985 0975 x5083
**
List info  : http://www.activedir.org/mail_list.htm
List FAQ  : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info  : http://www.activedir.org/mail_list.htm
List FAQ  : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info  : http://www.activedir.org/mail_list.htm
List FAQ  : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Unorthodox NT4 - W2k3 Migration Plan???

2003-10-16 Thread Eric_Jones 




Hello everyone,  I'm looking for some peer feedback on part of a migration
plan.

We are currently an NT4 environment.  We've decided to go with W2k3  AD
for our migration.  We're doing a parallel migration into a W2k3 Native
functional level forest.  This was specifically to give us easier roll-back
capability and to allow us to leave *most* of the junk behind.  The
unorthodox parts of the migration are as follows:

The AD forest will have an empty PFR (protected forest root) domain, and
all users and various other objects will go into a child domain.  The child
FQDN of the child domain will be logically named based on our
infrastructure standards, but the *netbios* name of the child domain will
be the same as our NT4 domain.  No I'm not crazy...and it is possible.  The
DCs of the AD forest will each sit on a separate VLAN than the servers in
the NT4 domain.  This setup keeps netbios broadcast traffic separate.  This
also keeps the domains from seeing their respective twin.  Correspondingly
they aren't answering each other's requests for service.  Also since the
DCs are on separate VLANs from the NT4 domain, they are also on different
subnets.  Although the setup will be well documented, if someone were to
*accidentally* plug one of the AD DCs into the wrong port, it wouldn't
matter since the DC wouldn't be able to communicate with its IP on the
wrong subnet.

The reason the NetBIOS names are being kept the same is for ease of
migration, specifically application migration.  We have about 500 servers
and have a very large number of server based application running.  As with
many environments, we're sure that there are applications that have the
domain name hardcoded or manually entered and thus not easily changed.
This migration method would seem to allow us to get the best of all worlds.

The caveats that I've encountered thus far actually exist with 3rd party
migration applications.  Migration applications tend to see the migration
as being from Domain A to Domain A even when specifying particular domain
controllers.  If the respective migration tool would either ignore NetBIOS
names or only use DNS names, their would be no issue.

Has anyone else tried this before? Is this actually a common path?

Any constructive feedback would be appreciated.



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Pagefile sizes... Its that time of year again.

2003-08-15 Thread Eric_Jones 




Maximum pagefile size is not 4GB.  The limit for a manually configured
pagefile is 4GB.  When set to System Managed, the page file(s) will be
whatever the server needs.  You 'must' use the setting of system managed
to accommodate servers with more that this amount of memory.  Otherwise the
respective server would never be able to dump properly.  And we all want
good dumps... ;-)

Windows 2003 seems to do a pretty good job at memory management (virtual 
physical).  We run several large SQL2k ENT/W2k3 boxes are very pleased with
the performance despite not being able to set the pagefile size(s)
statically.



Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


|-+--
| |   Michael B. Smith |
| |   [EMAIL PROTECTED]   |
| |   Sent by:   |
| |   [EMAIL PROTECTED]|
| |   tivedir.org|
| |  |
| |  |
| |   08/15/2003 06:55 AM|
| |   Please respond to  |
| |   ActiveDir  |
| |  |
|-+--
  
--|
  |
  |
  |   To:   [EMAIL PROTECTED]
   |
  |   cc:  
  |
  |   Subject:  RE: [ActiveDir] Pagefile sizes...  Its that time of year again.
  |
  
--|




Pagefile max is 4 GB. Regardless of how much memory you have.

-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Friday, August 15, 2003 6:53 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Pagefile sizes... Its that time of year again.


But in reality, that rule of thumb was created when RAM was very expensive,
and systems usually had a very small amount of it. By that token, I'd
require a separate array for the pagefile on my new database boxes - since
I'd need to find space for a 9GB pagefile.

With modern systems, I shoot for about 1-2GB max, depending on function.
Most large memory hog applications - specifically Exchange and SQL server -
don't like to page, and there is no performance benefit for them to do so,
since all that data is already on disk within their store.

Roger
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.


 -Original Message-
 From: Costanzo, Ray [mailto:[EMAIL PROTECTED]
 Sent: Thursday, August 14, 2003 4:24 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] Pagefile sizes... Its that time of
 year again.


 The rule of thumb I've always heard is RAM×1.5, so 1.5 GB.

 Ray at work

  -Original Message-
  From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]

 
  So you have a Gig of ram on a DC, what do you all set the
  pagefile size to?
  Memory +11 MB?
 
  Like to hear your feedback.


 **
 
 The information contained in this e-mail message is intended
 only for the personal and confidential use
 of the recipient(s) named above.  Distribution, publication,
 or retransmission of this message is strictly
 prohibited.  This message may be a bank to client
 communication and as such is priviliged and confidential.
 If the reader of this message is not the intended recipient
 or an agent responsible for delivering it to the
 intended recipient, you are hereby notified that you have
 received this document in error and that any
 review, dissemination, distribution, or copying of this
 message is strictly prohibited.  If you have received
 this communication in error, please notify us immediately by
 e-mail, and delete the original message.

 The sender of this e-mail specifically opts-out of the
 Electronic Signatures and Global and National
 Commerce Act (E-Sign) and any and all similar state and
 federal acts.  Accordingly, but without limitation,
 any and all documents, contracts, and ageements must contain
 a handwritten signature of the sender to
 be legal, valid, and enforceable.
 **
 

 List info   : http://www.activedir.org/mail_list.htm
 List FAQ:

Re: [ActiveDir] OT: Tivoli

2003-07-14 Thread Eric_Jones 




Here ya' go.  You will probably enjoy managing with Tivoli's current
products.  I'm monitoring our entire W2k3/AD lab environment with Tivoli.
I think they've gotten it right this time (with customization).



http://publib-b.boulder.ibm.com/Redbooks.nsf/Portals/TivoliTME10MailingList


Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


|-+--
| |   Bjelke John A Contr|
| |   AFRL/VSIO  |
| |   [EMAIL PROTECTED]|
| |   f.mil |
| |   Sent by:   |
| |   [EMAIL PROTECTED]|
| |   tivedir.org|
| |  |
| |  |
| |   07/14/2003 11:38 AM|
| |   Please respond to  |
| |   ActiveDir  |
| |  |
|-+--
  
--|
  |
  |
  |   To:   '[EMAIL PROTECTED]' [EMAIL PROTECTED]  
|
  |   cc:  
  |
  |   Subject:  [ActiveDir] OT: Tivoli 
  |
  
--|




Any of you folks know of a good list (or would that be a support group?)
for Tivoli?





 John A. Bjelke
  Unisys
 505.853.6774
  [EMAIL PROTECTED]
 C8H10N4O2
Philosophy! Empty thinking by ignorant conceited men who think they can
digest without eating! -Iris Murdoch







List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Tivoli

2003-07-14 Thread Eric_Jones 




Tivoli today is not nearly as horrible on the Windows Server Platform as it
may have been before.  Reference the following article...starting at about
paragraph 7:

http://www.informationweek.com/story/showArticle.jhtml?articleID=6502661


IBM's IBM Tivoli Monitoring products are nearly completely based on WMI.
ITM seems to provide flexibility and capability to effectively monitor
one's windows server platform w/o wanting to take a shot at the developers
for making your life Hell. I am an admitted convert.  I'm certainly not
saying that Tivoli is the best [I don't know who is.].   ITM does have its
limitations and issues. I am saying that the Tivoli products needed to
monitor a Windows Server infrastructure are 'today' should not be the
resource drain that it may have been in the past...providing you leave the
past in the past...don't bring that stuff (--being kind) over to the new
and improved Tivoli...

One could even simply attribute this notion to the fact that ITM, again is
almost completely based on WMI (Windows Management Instrumentation).  Any
one directly leveraging WMI is quite aware of the capabilities...
especially on W2k/W2k3 boxes.  From a 'single product' standpoint, you
won't go wrong with selecting MOM, AppManager, or Tivoli.


Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


|-+--
| |   Rod Trent|
| |   [EMAIL PROTECTED]   |
| |   Sent by:   |
| |   [EMAIL PROTECTED]|
| |   tivedir.org|
| |  |
| |  |
| |   07/14/2003 12:52 PM|
| |   Please respond to  |
| |   ActiveDir  |
| |  |
|-+--
  
--|
  |
  |
  |   To:   [EMAIL PROTECTED]
   |
  |   cc:  
  |
  |   Subject:  RE: [ActiveDir] OT: Tivoli 
  |
  
--|




But, at what cost?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Monday, July 14, 2003 12:03 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] OT: Tivoli





Here ya' go.  You will probably enjoy managing with Tivoli's current
products.  I'm monitoring our entire W2k3/AD lab environment with Tivoli.
I think they've gotten it right this time (with customization).



http://publib-b.boulder.ibm.com/Redbooks.nsf/Portals/TivoliTME10MailingList


Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com


|-+--
| |   Bjelke John A Contr|
| |   AFRL/VSIO  |
| |   [EMAIL PROTECTED]|
| |   f.mil |
| |   Sent by:   |
| |   [EMAIL PROTECTED]|
| |   tivedir.org|
| |  |
| |  |
| |   07/14/2003 11:38 AM|
| |   Please respond to  |
| |   ActiveDir  |
| |  |
|-+--

---

---|
  |
|
  |   To:   '[EMAIL PROTECTED]'
[EMAIL PROTECTED]
|
  |   cc:
|
  |   Subject:  [ActiveDir] OT: Tivoli
|

---

---|




Any of you folks know of a good list (or would that be a support group?)
for Tivoli?





 John A. Bjelke
  Unisys
 505.853.6774
  [EMAIL PROTECTED]
 C8H10N4O2
Philosophy! Empty thinking by ignorant conceited men who think they can
digest without eating! -Iris Murdoch







List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: