[ActiveDir] Odd Logon Delay with 2byte transfers
Hi everyone, I have a truly intriguing one for you. We have recently begun to experience an inconsistent problem where by interactive network logon onto a Windows 2000 or Windows 2003 server may take upwards of 40 mins to complete. The authenticating domain controller is on a gigabit link to the respective member servers (campus network). We've tried tests from various locations using a couple of domain controllers. It doesn't appear to be a specific domain controller. We've hit the KB articles and have been talking to MS. We've tried the Opportunistic Lock settings in it's permutable combinations from server and client. One of the things that does appear to be constant is that of the phases of the logon process, Applying Registry settings appears to last the absolute longest period of time during the logon process. It doesn't matter which 'registry.pol' that is being applied. Both Usrenv logs and network traces show that the delay corresponding the 'applying registry settings' occurs regardless as to the policies being evaluated/applied. Also, the largest 'registry.pol' is 554 bytes. With that size, two 'registry.pol' files could be transferred in one transfer. Another consistency being seen during this delay is that during the transfer of the 'registry.pol' file, the communication is in 2byte snippets. Can't explain that one. Can't even find any documentation on this phenomenon. Microsoft appeared to have found some internal documentation to that end, but it related to opportunistic locking and the respective changes did not produce a change in our environment as indicated by our network traces. We lean in this direction as the problem or at least a very significant anomaly. Load is not a question as we are early in our physical deployment of Active Directory (domain controllers...etc). There are only about 550 user in our AD environment and most of them authenticate to their respective domain controller at their corresponding locations. Of the clients authenticating at our hub site, which include the servers in this case numbers less than 200. Utilization on the hub DC is well in reason for both processor, memory, and TCP/IP interface utilization. But, just to rule out anything flaky with that DC, I temporarily switch subnets and sites with another DC, that at most does only DNS and carries the PDCE role. Same results. We continue to work with Microsoft. We've turned up logging on must hosts involved and will turn up logging on the remaining hosts today. In terms of errors, the eventlog is naked as a Jaybird. I'm also taking the route of disabling all unnecessary services on all domain controllers to simplify the troubleshooting. Because it is inconsistent, it is proving very hard to determine progress. Inconsistency breeds doubt and requirements for retesting and validationnot very fun... Any useful ideas, suggestions, golden nuggets, Easter eggs, PXE dust...etc would be greatly appreciated. Thanks, Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com
Re: [ActiveDir] GPO's not always applied.
I've had a similar problem. In digging through the problem, I found some of the following, usually by tracing through the eventlog on the respective machine. Computer account had a problem in the domain - just needed to be removed and put back in GPO policy processing - changed respective templates to always apply even if no changes had occurred NIC/Switch Port config - Found that there were cases that the computer would come up for login before the network connection was fully initialized. Once discovered it was simple to test. Simply boot up, logon..wait for everything to settle down. Then unplug the NIC and plug it back in. The network connection should come back immediately. If it doesn't then its possible that the computer may also be starting up before there's an available connection to a DC. This would cause inconsistent processing of user policies and prevent application of computer policies, other than those that had already been applied Local Policies on the computer - Local policies seem inert and possibly unimportant once on the AD domain, butnot in our environment. It was a 'twisted' implementation of local policies...scripts...and other things to ensure that local polices applied, reapplied...and couldn't be unapplied. So when we migrated the machines to AD, we experienced an unbelievable series of unpredictable results. Needless to say, one of which, was the lack of consistent GPO application - One of the permanent fixes was to automate the application of Setup Security.inf to all the respective clients upon their migration of AD The biggest problem by far was simply getting consistent failures to troubleshoot or getting the exact details of the respective occurrence from the desktop people in the field. When all else fails...turn up GPO and Winlogon logging, turn on failure auditing...get a fine tooth comb and settle in for a nice long debug session... Hope this helps. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/04/2004 11:52 AM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject Re: [ActiveDir] GPO's not always applied. Hey Mark... You can try /computer configuration/administrative templates/system/group policy/scripts policy processing You can set to always process over slow connections, and even if the GPO hasn't changed. HTH John Mark Orlando [EMAIL PROTECTED] com To Sent by: Active Directory Mailing List [EMAIL PROTECTED] [EMAIL PROTECTED] ail.activedir.org cc Subject 10/04/2004 10:46 [ActiveDir] GPO's not always AM applied. Please respond to [EMAIL PROTECTED] tivedir.org I am having issues with GPO's not being fully applied at every login. I need to change this. I know it might have something to do with the volume of LAN traffic but I need to find away around this. I also have some add printer login scripts that don't always work either. I have the scripts running synchronously and slow link detection set to 0. Does anyone have any ideas? Mark Orlando Systems Administrator I.T. Department Linden Public Schools List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Admin Share access for Non-Admins
Security Guru question... I read somewhere...don't know where, that it is possible to grant a power-user or otherwise non-admin the ability to access administrative shares such as admin$, c$,...etc. I believe that this is possible as of Windows 2003 and possibly Windows 2000. I'm in a situation that we must give our Security Group proper access w/o actually making them administrators on the respective servers in AD. Details on this possibility would be greatly appreciated. TIA. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com
[ActiveDir] W2k3 DNS Scalability
Potentially interesting oddity occurred today... Our primary and secondary Windows 2003 / AD integrated DNS server services abended at almost the exact same time. I have custom WMI monitoring set to auto-restart them, send email, call the president, and of course...raise the national threat level. The servers are dedicated AD boxes, so no rogue software or odd config. The servers are Dell PowerEdge 2560s with 4 GB RAM, 3.06GHz processors and lots diskspace on a RAID 1 / RAID 5 config. The reason that I suspect performance / scalability is that when I check the utilization trend reports and each server was averaging 82 queries/sec. But surely, the servers can handle more. Heck the over all CPU utilization is about 3%. We have most of the Windows platform using these two DNS servers, but still have more to go. Eventually the load will be distributed among soon to have future AD DCs. But I was very surprised to see the processes crash. All other trended perfmon metrics were well within reason. Any thoughts? Anyone perform specific DNS customizations to their respective dedicated AD DNS servers? TIA. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com
[ActiveDir] W2k3 DNS Scalability - More NFO
Potentially interesting oddity occurred today... Our primary and secondary Windows 2003 / AD integrated DNS server services abended at almost the exact same time with the following error message in the eventlog: Reporting queued error: faulting application dns.exe, version 5.2.3790.0, faulting module msvcrt.dll, version 7.0.3790.0, fault address 0x000351e4. I have custom WMI monitoring set to auto-restart DNS, send email, call the president, and of course...raise the national threat level. The servers are dedicated AD boxes, so no rogue software or odd config. The servers are Dell PowerEdge 2560s with 4 GB RAM, 3.06GHz processors and lots diskspace on a RAID 1 / RAID 5 config. The reason that I suspect performance / scalability is that when I check the utilization trend reports and each server was averaging 82 queries/sec. But surely, the servers can handle more. Heck the over all CPU utilization is about 3%. We have most of the Windows platform using these two DNS servers, but still have more to go. Eventually the load will be distributed among soon to have future AD DCs. But I was very surprised to see the processes crash. All other trended perfmon metrics were well within reason. Any thoughts? Anyone perform specific DNS customizations to their respective dedicated AD DNS servers? TIA. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com
[ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD?
Looking for some guidance / help... Our Enterprise Systems Management Group is in the process or rolling out Tivoli to all locations. It doesn't seem logical or best practice, to me, to put such an application on a Windows 2003 DC. When testing TMF 4.1 components on a test Windows 2003 DC, I had extreme difficulty getting it to work. I inquired about this recently and was told that the problem was most likely security and that the security for the entire domain would have to be greatly relaxed to support a Tivoli Gateway installation on a Windows 2003 domain controller, not to mention the gaping security hole opened by this installation. I was also informed that installing Tivoli Gateway or other managed node components on a Windows 2003 domain controller was not best practice and correspondingly should be avoided if possible. Has anyone else attempted or run into this scenario? TIA Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD?
I completely agree. I just wanted to ensure that I wasn't amiss with disagreeing with putting Tivoli Managed Node components on a W2k3 DC. We're aiming for MOM and its corresponding integration. I've looked at the AD Option provided by Tivoli and am not excited at all. I'm having to write a comparative proposal to use MOM instead of Tivoli to monitor the W2k3 DCs in our environment. If that proposal gets accepted, I'm hoping to expand to the entire Windows Server Platform next year. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com Mulnick, Al [EMAIL PROTECTED] T.com To Sent by: '[EMAIL PROTECTED]' [EMAIL PROTECTED] [EMAIL PROTECTED] ail.activedir.org cc Subject 06/01/2004 10:32 RE: [ActiveDir] Tivoli Gateway on AMWindows 2003 DC - BAD? Please respond to [EMAIL PROTECTED] tivedir.org Exactly! Tivoli is not going to give you very good information about Active Directory. I can tell you that in all honesty as a person who's been bit by the tivoli virus ;) In a past life as a consultant, I saw many Tivoli implementations gone bad and a lot of finger pointing; all for minimum data return. Not the type of thing I'd like to build a computing infrastructure on myself. Do yourself a favor and reduce the Tivoli presence and go with MOM. If Tivoli is your EM of choice, the integrate it with MOM. You won't be sorry about the choice. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, June 01, 2004 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD? Tivoli is not secure. If you care about security do not put it (even agents) on your domain controllers. Period. Whomever manages Tivoli, will own your forest the moment you add it to a DC. This goes for any application that runs as localsystem on the DC and is controlled by someone else other than the enterprise admins. Tivoli has the ability to copy down anything it wants and then run it on the machine. My recommendation would be to fire up MOM or some other management system that has the capability to feed info back into the Tivoli framework. This management system would be entirely owned and run by the enterprise admins. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, June 01, 2004 8:47 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD? Looking for some guidance / help... Our Enterprise Systems Management Group is in the process or rolling out Tivoli to all locations. It doesn't seem logical or best practice, to me, to put such an application on a Windows 2003 DC. When testing TMF 4.1 components on a test Windows 2003 DC, I had extreme difficulty getting it to work. I inquired about this recently and was told that the problem was most likely security and that the security for the entire domain would have to be greatly relaxed to support a Tivoli Gateway installation on a Windows 2003 domain controller, not to mention the gaping security hole opened by this installation. I was also informed that installing Tivoli Gateway or other managed node components on a Windows 2003 domain controller was not best practice and correspondingly should be avoided if possible. Has anyone else attempted or run into this scenario? TIA Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm
Re: [ActiveDir] HELP URGENT how to recover exch2000 admin account d eleted
Quite Ingenious... Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com clister [EMAIL PROTECTED] Sent by: To [EMAIL PROTECTED] [EMAIL PROTECTED] ail.activedir.org cc Subject 06/01/2004 11:58 Re: [ActiveDir] HELP URGENT how to AMrecover exch2000 admin account d eleted Please respond to [EMAIL PROTECTED] tivedir.org Problem solved!! I have assigned system full rigths access on domain controller, then Ive installed mmc for admin exchange, I ran mmc as system account by means of 'at' command and then delegate my exchange organization to other account so I succeded on getting admin access to exchange, so recovering. El Martes, 1 de Junio de 2004 11:14, Nicolas Blank escribió: Exchange Server 2003 Deployment Guide - page 84/85 The account you use to run ForestPrep must be a member of the Enterprise Administrator and the Schema Administrator groups. While you are running ForestPrep, you designate an account or group that has Exchange Full Administrator permissions to the organization object. This account or group has the authority to install and manage Exchange 2003 throughout the forest. This account or group also has the authority to delegate additional Exchange Full Administrator permissions after the first server is installed. . Exchange Server 2003 Deployment Guide - page 86 DomainPrep creates the groups and permissions necessary for Exchange servers to read and modify user attributes. Exchange Server 2003 Deployment Guide - http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/depgu ide.mspx The functionality described above has not changed significantly since Exchange 2000. Hope that helps. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 01 June 2004 08:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] HELP URGENT how to recover exch2000 admin account d eleted I think Domain Prep will do in reassiging those rights instead of Forest Prep. Please correct me if I am wrong. Regards, Mohammed Athif Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EMAIL PROTECTED] Save Internet, Keep all the systems patched Web: http://alfaisaliah.com -Original Message- From: Nicolas Blank [mailto:[EMAIL PROTECTED] Sent: Monday, 31 May 2004 8:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] HELP URGENT how to recover exch2000 admin account d eleted Authoritive restore or if you can't recover this puppy, re-run forest prep and nominate another account. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clist Sent: 31 May 2004 06:20 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] HELP URGENT how to recover exch2000 admin account deleted I have deleted the exch2000 administrator account, how can i revover this account? Thanks List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Active Directory and Other LDAP Integration
All, we are in search of the elusive single sign-on... We are designing/testing pieces of what may become a multi-platform authentication strategy. We've begun with the authentication integration with IBM's Websphere. While we've been successful in its integration (having Websphere on a Linux box authenticate to AD); we have a dilemma with how the DN is created...specifically the CN. The CN appears to default to be the same as the 'Display Name'. With this being the case, a user logging into Websphere's Portal would need to login with what would appear to them as yet another ID using their 'First' and 'Last' names. And that's assuming that our naming standards are intact and haven't had to account for identical names. A way around this appears to have the users logon name and 'Name' [CN] fields be identical. We would then add the Display Name column to ADUC and other such AD management tools for our sanity of management. Enforcing/ensuring this setting would not be difficult for us as we use Aelita Enterprise Directory Manager, so we would just create a validation/enforcement rule as well as ensure automatic policy validation. My questions are: Has anyone else run into this problem? Is this really a problem or just what I'm simply supposed to do. Are there other problems that might arise from this change in procedure? What kind of success have people had in having other platforms and LDAP'able' applications authenticate to AD? TIA, Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory and Other LDAP Integration
Thanks all for the feedback. We are a very centralized shop as well (and seem to be on a company buying spree...). The Enterprise Security team really wants to make AD the strategic direction for authentication strategy as well part of a staged user provisioning and automation mechanism. I/We are about to undertake a massive leap in automation, business rule enforcement, and data integrity as it relates to the Windows Server Platform...roled into our fledgling AD migration. And I gotta say, VBScript is an admin's best friend. [mine anyway] Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory and Other LDAP Integration
No, MIIS is not being used. I don't believe that the Security Group reviewed the product. They are about to pilot/implement CA Enterprise Admin. Like MIIS, it has hooks into some of the major LDAPs and is supposed to be very scriptable. In fact, although they have an AD integration piece, the direct feed into AD violates part of my principle design for our AD infrastructure, which is to force all AD Object Change/Add/Moves to go through the Aelita EDM product to enforce business rules and data consistency. CA has stated the integration should be able to be done completely via scripted integration...we're about to find out. How are other companies doing directory services integration. How was that tied into an authentication strategy? Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com Cotter, Paul M. [EMAIL PROTECTED] To Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] cc ail.activedir.org Subject RE: [ActiveDir] Active Directory 04/28/2004 05:27 and Other LDAP Integration PM Please respond to [EMAIL PROTECTED] tivedir.org Are you looking at MIIS as an account provisioning/automation tool? Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, April 28, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory and Other LDAP Integration Thanks all for the feedback. We are a very centralized shop as well (and seem to be on a company buying spree...). The Enterprise Security team really wants to make AD the strategic direction for authentication strategy as well part of a staged user provisioning and automation mechanism. I/We are about to undertake a massive leap in automation, business rule enforcement, and data integrity as it relates to the Windows Server Platform...roled into our fledgling AD migration. And I gotta say, VBScript is an admin's best friend. [mine anyway] Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ === Important: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. === List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] W2k3 AD DC DR - Need Immediate Help/Advice
Thanks for the quick response. That's the route that I wanted to take. Happy to see a second on the opinion. Thanks again...executing plan now. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com Coleman, Hunter [EMAIL PROTECTED] t.us To Sent by: '[EMAIL PROTECTED]' [EMAIL PROTECTED] [EMAIL PROTECTED] ail.activedir.org cc Subject 04/16/2004 11:26 RE: [ActiveDir] W2k3 AD DC DR - AMNeed Immediate Help/Advice Please respond to [EMAIL PROTECTED] tivedir.org http://support.microsoft.com/default.aspx?kbid=216498product=nts40 Make sure you clean out all references to the dead DC before promoing a new DC with the same name. If you're down to a single DC for the domain, you might want to consider bringing up another temporary DC with a different name until you get the cleanup done and have a chance to verify that all references to the old DC are gone. When that's done and the dust has settled, you can dcpromo the temporary DC back down. Hunter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, April 16, 2004 9:21 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] W2k3 AD DC DR - Need Immediate Help/Advice Importance: High Severe issue with and inability to recover (using Tivoli Storage Manager 5.2.2) one of our DCs that just happened to hold the three domain FSMO roles occurred yesterday. I've come to the conclusion that it is very, very unlikely that I'll be able to recover the system state, inclusive of AD system objects. The dilemma is as follows: I've seized the roles and 'technically' things appear to be okay. I need to recover this DC as soon as possible. I purposely haven't deleted the DC from the environment as I want to use the same name. I seem to remember that there is or was some issue with deleted a defunct DC and then turning right around and attempting to use the same name again, despite the use of GUIDs in AD replication. I'm hoping this is something that no longer applies or that I just misunderstood. But considering the potential impact I wanted to ask first. I'm about the crack open the whitepapers and also call MS to ask. Was hoping this would be a quicker route. TIA Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide
Link appears not to work [for me]. And I haven't been able to find the updated doc on Microsoft's website. Can anyone else get to this link. (anxiously waiting...for almost a year now...) Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com David Adner [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/31/2004 11:49 PM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide Enjoy. Windows Server 2003 Active Directory Branch Office Guide http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB- 9FA7-3A95C9540112displaylang=en List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide - Update
Thanks, but that's the one for Windows2000. I just saw a post on Microsoft's AD newsgroup. Microsoft (Jason Robarts) states that they are having a problem with the download site and are working to fix it. Jason Robarts is the MSFT person that originally posted the link on MSFT's AD related newsgroups. If there's anyone on this list that has been able to get a copy of the doc [for Windows 2003], I would definitely appreciate a directly emailed copy. TIA Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com Michael Wassell [EMAIL PROTECTED] ting.com To Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] cc ail.activedir.org Subject RE: [ActiveDir] Released! Windows 04/01/2004 08:42 Server 2003 Active Directory Branch AMOffice Guide Please respond to [EMAIL PROTECTED] tivedir.org http://www.microsoft.com/downloads/details.aspx?FamilyId=9A4C7AC3-185E-4644-9E98-4876B2A477E7displaylang=en I believe this is what you might be looking for? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Thursday, April 01, 2004 8:27 AM To: [EMAIL PROTECTED] Subject: Possible Spam:RE: [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide It reports: The download you requested is unavailable. If you continue to see this message when trying to access this download, you might try the Search for a Download area on the Download Center home page. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, April 01, 2004 8:25 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide This one works fine for me. http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112displaylang=en Perhaps youre having line wrapping issues? ~Eric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, April 01, 2004 5:27 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide Link appears not to work [for me]. And I haven't been able to find the updated doc on Microsoft's website. Can anyone else get to this link. (anxiously waiting...for almost a year now...) Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com David Adner [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] To edir.org [EMAIL PROTECTED] cc 03/31/2004 11:49 PM Subject [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide Please respond to [EMAIL PROTECTED] org
RE: [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide
Yeah! Huston...we have documentation... Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com Eric Fleischman [EMAIL PROTECTED] .com To Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] cc ail.activedir.org Subject RE: [ActiveDir] Released! Windows 04/01/2004 09:31 Server 2003 Active Directory Branch AMOffice Guide Please respond to [EMAIL PROTECTED] tivedir.org Its online again and should be all set. http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112displaylang=en ~Eric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, April 01, 2004 7:25 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide This one works fine for me. http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112displaylang=en Perhaps youre having line wrapping issues? ~Eric From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, April 01, 2004 5:27 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide Link appears not to work [for me]. And I haven't been able to find the updated doc on Microsoft's website. Can anyone else get to this link. (anxiously waiting...for almost a year now...) Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com David Adner [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] To vedir.org [EMAIL PROTECTED] cc 03/31/2004 11:49 PM Subject [ActiveDir] Released! Windows Server 2003 Active Directory Branch Office Guide Please respond to [EMAIL PROTECTED] .org Enjoy. Windows Server 2003 Active Directory Branch Office Guide http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB- 9FA7-3A95C9540112displaylang=en List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/.+-wi0-+YbmPi0-+bf.+-j! 0j!oryIV+v*
Re: [ActiveDir] Domain clients hangs before logon, multiple issues
The problem may not necessarily be configuration related. Are there any startup scripts? More specifically, are there any settings that require/force the respective machines to connect to any specific network hosts. I'm wondering if the problem may relate to the inconsistently consistent 'hang' of a connection trying to be made, but never succeeding...or possibly not succeeding in a timely fashion. It could be a GPO, that hasn't changed but is having problems executing one of its settings that requires some form of network connectivity. It could be as simple as a seemingly benign app or config that's hanging at startup... Doing a network trace/sniff of at least two computers experiencing the problem should yield enough network hosts/servers in common to narrow down your troubleshooting. When all else fails to yield the answer...sniff... Hope this helps... Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com J0mb [EMAIL PROTECTED] ment.org To Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] cc ail.activedir.org Subject [ActiveDir] Domain clients hangs 04/01/2004 12:54 before logon, multiple issues PM Please respond to [EMAIL PROTECTED] tivedir.org Good morning, i've recently runned into a weird problem i wasn't able to track down yet. Yesterday morning a number of users reported that their domain PCs would hang loading the Operating system just before the logon screen would appear. they're all stuck on Applying computer settings. The moment i unplug the network cable the PC will finish its startup procedure and show the logon screen. The network is made of a single forest/single domain, all DCs are Win2000 Server SP4. 4 sites across 2 Mb fast links (no evidence of traffic overload). Each site has 2 Dcs including the one (and only) site where the problem has been reported. DCs seem to perform fine. They have been rebooted, checked event logs, checked with netdiag and dcdiag. replication is working fine. None of the 2 DCs in the affected site hold FSMo roles. All other DCs on the network are working fine. There have been no modifications on group policies, memeberships so forth. Sysvol and netlogon shares are accessible. One of the 2 DCs in the site is the AD DNS server for the site and shows no problem (can resolve queries, can register records, SRV records are present and appear correct). on the client side: this has been reported on random machines attached to different network hardware. They're a mix of WinXP and 2000 machines, though the problem seems to affect mainly win2000. EventID 3034 is logged (checked most comments from eventid.net). client time looks synched with the DCs time. Once the machine is started through the unplugging cable tweak it's able to resolve from AD DNS. All network settings have been checked twice both for server and client and appear correct. Hosts file is clean. Attempted to remove one machine from the domain, and it would reboot fine. however, it was a hard task to join it again to the domain (reported RPC errors, network name no more valid...finally i could join it to the domain but it started showing the issue again...). The issue has been reported on 15-20 domain machines out of about 200. Please, please..help! I just can't get out of it (the problem...the office). thank you! List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Revising Site Design
Hello All, I'm revising our global site design, to further reduce DCs and get more efficient use of bandwidth. I'm finding that we have a number of physical sites that do not necessarily have enough users to constitute a DC and who also have high-speed connections to multiple other locations that do need and have DCs. I know that the bulk of design documentation says to create a site only if there will be a DC located at that location, but what about to control logon traffic? Having a site defined in AD for the respective subnets would allow me to setup costs and correspondingly control where these locations would attempt to authenticate as well as better controlling DFS...etc. Since I haven't run across any best practice documentation noting this scenario, I was wondering if there are others on this list who have come pondered or actually done this. Any nfo or general recommendations would be greatly appreciated. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Revising Site Design
Perfect! That is exactly what I needed to confirm. I truly appreciate the help. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Roger Seielstad| | | [EMAIL PROTECTED]| | | .com | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 02/03/2004 10:13 AM| | | Please respond to | | | ActiveDir | | | | |-+-- --| | | | To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] | | cc: | | Subject: RE: [ActiveDir] Revising Site Design | --| Bob Free posted a link to Gil Kirkpatrick's excellent logon topology doc: http://www.winnetmag.com/Articles/Index.cfm?ArticleID=37935 or http://www.netpro.com/forum/files/Authentication_Topology.pdf Well worth reading, and if I remember correctly, it covers the exact question you've got... -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 03, 2004 9:31 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Revising Site Design Hello All, I'm revising our global site design, to further reduce DCs and get more efficient use of bandwidth. I'm finding that we have a number of physical sites that do not necessarily have enough users to constitute a DC and who also have high-speed connections to multiple other locations that do need and have DCs. I know that the bulk of design documentation says to create a site only if there will be a DC located at that location, but what about to control logon traffic? Having a site defined in AD for the respective subnets would allow me to setup costs and correspondingly control where these locations would attempt to authenticate as well as better controlling DFS...etc. Since I haven't run across any best practice documentation noting this scenario, I was wondering if there are others on this list who have come pondered or actually done this. Any nfo or general recommendations would be greatly appreciated. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Event Log monitoring tools
Using WMI to write scripts to monitor servers, specifically event logs works extremely well. I did just that with WMI at our company. I went as far as to script out the permanent monitoring of processes, processor, memory, disk, various eventlog combinations, and various filesystem details. Your scripts could be as simple as a couple dozen lines or a couple thousand lines like mine. We run this for about the past 2 years with definitive success. We have some automated actions defined using the ActiveScriptConsumer, but most alerts send email to a specific email account that has about 20 rules setup on it to redirect alerts to appropriate people throughout the organization. There are some excellent WMI books at the book stores. Read a little...do a lot! (I should also note that we are now going through a successful implementation of Tivoli [which is nearly completely WMI based for the Windows platform] and will soon disable the custom monitoring that I've written) Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com Marco Bombardi [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 12/17/2003 10:38 AM Please respond to ActiveDir To: [EMAIL PROTECTED] cc: Subject: Re: [ActiveDir] Event Log monitoring tools You can always script it using either a temporary or a permanent event consumer to take actions when particular events are logged. Check out the Monitoring section of the Technet Script Center for samples. Marco Bombardi - Original Message - From: Clay Perrine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 6:53 AM Subject: FW: [ActiveDir] Event Log monitoring tools We have a free resource kit style tool called EventCombMT. It will query the event logs on selected servers for selected events. It doesn't do active monitoring, but it will generate a file of all the specified event id's from all the servers specified. Anyone who would like a copy can contact me directly. I tried to post it here, but the file is too big to send. There is a doc file that has the directions on how to use it. Give it a try. Clay Perrine MCSE Microsoft Directory Services Support Team. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Wednesday, December 17, 2003 8:22 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Event Log monitoring tools I'm wondering what people are using for event log monitoring. Looks like our environment will be expanding to the degree that I'll need to monitor numerous independent server farms and would like to be able to get daily centralized reports based on logs. I know MOM and NetIQ will do this, but 800 lb gorillas aren't really my style. ;-) Is there anything else good out there that will do this? Thanks. ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 985 0975 x5083 ** List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Unorthodox NT4 - W2k3 Migration Plan???
Hello everyone, I'm looking for some peer feedback on part of a migration plan. We are currently an NT4 environment. We've decided to go with W2k3 AD for our migration. We're doing a parallel migration into a W2k3 Native functional level forest. This was specifically to give us easier roll-back capability and to allow us to leave *most* of the junk behind. The unorthodox parts of the migration are as follows: The AD forest will have an empty PFR (protected forest root) domain, and all users and various other objects will go into a child domain. The child FQDN of the child domain will be logically named based on our infrastructure standards, but the *netbios* name of the child domain will be the same as our NT4 domain. No I'm not crazy...and it is possible. The DCs of the AD forest will each sit on a separate VLAN than the servers in the NT4 domain. This setup keeps netbios broadcast traffic separate. This also keeps the domains from seeing their respective twin. Correspondingly they aren't answering each other's requests for service. Also since the DCs are on separate VLANs from the NT4 domain, they are also on different subnets. Although the setup will be well documented, if someone were to *accidentally* plug one of the AD DCs into the wrong port, it wouldn't matter since the DC wouldn't be able to communicate with its IP on the wrong subnet. The reason the NetBIOS names are being kept the same is for ease of migration, specifically application migration. We have about 500 servers and have a very large number of server based application running. As with many environments, we're sure that there are applications that have the domain name hardcoded or manually entered and thus not easily changed. This migration method would seem to allow us to get the best of all worlds. The caveats that I've encountered thus far actually exist with 3rd party migration applications. Migration applications tend to see the migration as being from Domain A to Domain A even when specifying particular domain controllers. If the respective migration tool would either ignore NetBIOS names or only use DNS names, their would be no issue. Has anyone else tried this before? Is this actually a common path? Any constructive feedback would be appreciated. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Pagefile sizes... Its that time of year again.
Maximum pagefile size is not 4GB. The limit for a manually configured pagefile is 4GB. When set to System Managed, the page file(s) will be whatever the server needs. You 'must' use the setting of system managed to accommodate servers with more that this amount of memory. Otherwise the respective server would never be able to dump properly. And we all want good dumps... ;-) Windows 2003 seems to do a pretty good job at memory management (virtual physical). We run several large SQL2k ENT/W2k3 boxes are very pleased with the performance despite not being able to set the pagefile size(s) statically. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Michael B. Smith | | | [EMAIL PROTECTED] | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 08/15/2003 06:55 AM| | | Please respond to | | | ActiveDir | | | | |-+-- --| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: RE: [ActiveDir] Pagefile sizes... Its that time of year again. | --| Pagefile max is 4 GB. Regardless of how much memory you have. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2003 6:53 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Pagefile sizes... Its that time of year again. But in reality, that rule of thumb was created when RAM was very expensive, and systems usually had a very small amount of it. By that token, I'd require a separate array for the pagefile on my new database boxes - since I'd need to find space for a 9GB pagefile. With modern systems, I shoot for about 1-2GB max, depending on function. Most large memory hog applications - specifically Exchange and SQL server - don't like to page, and there is no performance benefit for them to do so, since all that data is already on disk within their store. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Costanzo, Ray [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 4:24 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Pagefile sizes... Its that time of year again. The rule of thumb I've always heard is RAM×1.5, so 1.5 GB. Ray at work -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] So you have a Gig of ram on a DC, what do you all set the pagefile size to? Memory +11 MB? Like to hear your feedback. ** The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. Distribution, publication, or retransmission of this message is strictly prohibited. This message may be a bank to client communication and as such is priviliged and confidential. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. The sender of this e-mail specifically opts-out of the Electronic Signatures and Global and National Commerce Act (E-Sign) and any and all similar state and federal acts. Accordingly, but without limitation, any and all documents, contracts, and ageements must contain a handwritten signature of the sender to be legal, valid, and enforceable. ** List info : http://www.activedir.org/mail_list.htm List FAQ:
Re: [ActiveDir] OT: Tivoli
Here ya' go. You will probably enjoy managing with Tivoli's current products. I'm monitoring our entire W2k3/AD lab environment with Tivoli. I think they've gotten it right this time (with customization). http://publib-b.boulder.ibm.com/Redbooks.nsf/Portals/TivoliTME10MailingList Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Bjelke John A Contr| | | AFRL/VSIO | | | [EMAIL PROTECTED]| | | f.mil | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 07/14/2003 11:38 AM| | | Please respond to | | | ActiveDir | | | | |-+-- --| | | | To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] | | cc: | | Subject: [ActiveDir] OT: Tivoli | --| Any of you folks know of a good list (or would that be a support group?) for Tivoli? John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] C8H10N4O2 Philosophy! Empty thinking by ignorant conceited men who think they can digest without eating! -Iris Murdoch List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Tivoli
Tivoli today is not nearly as horrible on the Windows Server Platform as it may have been before. Reference the following article...starting at about paragraph 7: http://www.informationweek.com/story/showArticle.jhtml?articleID=6502661 IBM's IBM Tivoli Monitoring products are nearly completely based on WMI. ITM seems to provide flexibility and capability to effectively monitor one's windows server platform w/o wanting to take a shot at the developers for making your life Hell. I am an admitted convert. I'm certainly not saying that Tivoli is the best [I don't know who is.]. ITM does have its limitations and issues. I am saying that the Tivoli products needed to monitor a Windows Server infrastructure are 'today' should not be the resource drain that it may have been in the past...providing you leave the past in the past...don't bring that stuff (--being kind) over to the new and improved Tivoli... One could even simply attribute this notion to the fact that ITM, again is almost completely based on WMI (Windows Management Instrumentation). Any one directly leveraging WMI is quite aware of the capabilities... especially on W2k/W2k3 boxes. From a 'single product' standpoint, you won't go wrong with selecting MOM, AppManager, or Tivoli. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Rod Trent| | | [EMAIL PROTECTED] | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 07/14/2003 12:52 PM| | | Please respond to | | | ActiveDir | | | | |-+-- --| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: RE: [ActiveDir] OT: Tivoli | --| But, at what cost? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: Tivoli Here ya' go. You will probably enjoy managing with Tivoli's current products. I'm monitoring our entire W2k3/AD lab environment with Tivoli. I think they've gotten it right this time (with customization). http://publib-b.boulder.ibm.com/Redbooks.nsf/Portals/TivoliTME10MailingList Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Bjelke John A Contr| | | AFRL/VSIO | | | [EMAIL PROTECTED]| | | f.mil | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 07/14/2003 11:38 AM| | | Please respond to | | | ActiveDir | | | | |-+-- --- ---| | | | To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] | | cc: | | Subject: [ActiveDir] OT: Tivoli | --- ---| Any of you folks know of a good list (or would that be a support group?) for Tivoli? John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] C8H10N4O2 Philosophy! Empty thinking by ignorant conceited men who think they can digest without eating! -Iris Murdoch List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: