[ActiveDir] Mixed Exchange and Mixed AD Modes
Title: Message Hi, this is a (hopefully) quick question that I have not had much luck researching. We're running Exchange 5.5 and Exchange 2000. Our domain is in Mixed mode. We have a business need to go to Native mode very soon, maybe even today. We have no more NT4 DC's, although we do have two-way trusts with several NT4 domains. Question: Will flipping the switch to Native mode negatively impact our Exchange site and/or any trust relationships? Any advice would be greatly appreciated! Thanks, -Jbl
RE: [ActiveDir] Mixed Exchange and Mixed AD Modes
Title: Message Super, thanks Mike. Just wanted to verify with the experts one this one... Justin L. x4903 -Original Message-From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 9:12 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Mixed Exchange and Mixed AD Modes Should not be a problem at all. You only need to stay in Mixed Mode if you have NT4 DCs which you don't. External trusts will still work also. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 From: Jb Leney [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 8:57 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Mixed Exchange and Mixed AD Modes Hi, this is a (hopefully) quick question that I have not had much luck researching. We're running Exchange 5.5 and Exchange 2000. Our domain is in Mixed mode. We have a business need to go to Native mode very soon, maybe even today. We have no more NT4 DC's, although we do have two-way trusts with several NT4 domains. Question: Will flipping the switch to Native mode negatively impact our Exchange site and/or any trust relationships? Any advice would be greatly appreciated! Thanks, -Jbl
RE: [ActiveDir] Mixed Exchange and Mixed AD Modes
Title: Message Good question...actually, no we have not migrated users yet. In fact, an external NT4-2000 AD migration using ADMT is the main reason we need to go Native. Migrating with SIDHistory enabledalso. The main issues I was worried about was thatsomething might break with Exch 5.5. Thanks! Justin L. x4903 -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 9:25 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Mixed Exchange and Mixed AD Modes Should be alright! Just curious, did you migrate the users without SID History? The minimum requirement for the SID History migration is windows 2000 native domain. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jb LeneySent: Tuesday, February 10, 2004 7:57 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Mixed Exchange and Mixed AD Modes Hi, this is a (hopefully) quick question that I have not had much luck researching. We're running Exchange 5.5 and Exchange 2000. Our domain is in Mixed mode. We have a business need to go to Native mode very soon, maybe even today. We have no more NT4 DC's, although we do have two-way trusts with several NT4 domains. Question: Will flipping the switch to Native mode negatively impact our Exchange site and/or any trust relationships? Any advice would be greatly appreciated! Thanks, -Jbl
RE: [ActiveDir] Mixed Exchange and Mixed AD Modes
Title: Message Excellent point Rich...I will have to dig around and see of we have any strange legacy apps that will fail. Offhand, anyone know if Citrix has problems against Native mode? (I know, very generic question; I am not the Citrix admin here...) Thanks, Justin L. x4903 -Original Message-From: Rich Milburn [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 9:58 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Mixed Exchange and Mixed AD Modes Make a last check that you dont have any older software that might be doing authentication that looks for an NT PDC, and that you dont have any strange stuff that must be run on a DC. Ive seen a security admin package break when I switched to Native mode native mode changes the security model for the domain and can sometimes break poorly written apps that do old-style authentication against NT. Sorry Im not being more specific on that, but I cant recall the specifics of what changes as quickly as someone else here could probably point it out (please do people J ). If you dont have this concern either then I dont know of any other issues youd have. Rich From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 8:12 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Mixed Exchange and Mixed AD Modes Should not be a problem at all. You only need to stay in Mixed Mode if you have NT4 DCs which you don't. External trusts will still work also. Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 From: Jb Leney [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 8:57 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Mixed Exchange and Mixed AD Modes Hi, this is a (hopefully) quick question that I have not had much luck researching. We're running Exchange 5.5 and Exchange 2000. Our domain is in Mixed mode. We have a business need to go to Native mode very soon, maybe even today. We have no more NT4 DC's, although we do have two-way trusts with several NT4 domains. Question: Will flipping the switch to Native mode negatively impact our Exchange site and/or any trust relationships? Any advice would be greatly appreciated! Thanks, -Jbl ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.
RE: [ActiveDir] Apply patch's via vbs scripts
We use PatchLink here. PatchLink covers lots of Unix flavors, macs, and all Windows platforms. Central management and deployment of all types of updates, including critical system patches, hotfixes, application updates/patches and virus definitions. -Original Message- From: Pennell, Ronald B. [mailto:[EMAIL PROTECTED] Sent: Thursday, January 22, 2004 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Apply patch's via vbs scripts They have battle field dressings that will stop the bleeding. Anyway, looking for a good cross platform package (unix, linux, mac's, And windows systems. Anyone using any type of software package that will do patch management? Ron -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, January 22, 2004 12:26 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Apply patch's via vbs scripts I'd describe it as more of a sucking chest wound than a bleeding ulcer -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Ken Cornetet [mailto:[EMAIL PROTECTED] Sent: Thursday, January 22, 2004 11:49 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Apply patch's via vbs scripts Trust me, there is a bleeding ulcer at the end of that path. Too many different schemes for patching, and too many places to look to see if a patch needs applied. Use SUS or buy Shavlik. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pennell, Ronald B. Sent: Thursday, January 22, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Apply patch's via vbs scripts Does anyone have scripts that push patch's across their network to all systems. Running w2k sp3 on servers. Clients are 98, NT, w2k, w2k XP and w3k. Ron Pennell List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Folder redir policy
We deal with this problem all of the time. The username needs to be the owner of the folder that is being redirected. For instance, if your policy is redirecting My Documents to \\home\%username%\My_Documents, then the owner of My Documents needs to be the user in question. Open the Folder Redirection policy and under the Settings Tab there is a checkbox named Grant the user exclusive rights to My Documents. This should be checked. Otherwise, have the user in question take ownership of My Documents and see if that helps. Hope this helps. -Original Message- From: Bruce Clingaman [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 9:24 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Folder redir policy When I ran the RSoP, it gave this reason for it not being applied: this security id may not be assigned as the owner of this object What is this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bruce Clingaman Sent: Wednesday, January 14, 2004 2:17 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Folder redir policy I have a folder redirection policy in place but it doesn't get applied. The path is valid, perms are set (folders are created in advance with a script). The user can browse to their directory and save files. The share is on a DFS volume; I wonder if this is the cause. Any ideas? Bruce Clingaman List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Has anyone had a problem with the RPC call tothe OS
Title: Message http://isc.sans.org/diary.html?date=2003-08-11 It goes by different names, depending on the antivirus vendor. The patch has been out for this for a while now. Our servers our patched, and we've seen no issues as of yet. -Original Message-From: Carlos Magalhaes [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 8:05 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: Has anyone had a problem with the RPC call to the OS Do you have the exact virus name? CM
[ActiveDir] Object Last Modified Parameters
Title: Object Last Modified Parameters Hello, Does anyone know how to verify when, and by who, an AD object was last modified? Specifically, there is a need to track when one of our team members resets passwords, adds a user to a group, etc. Any info would be greatly appreciated! -Jbl
RE: [ActiveDir] Failed SP4 install on a DC
Excellent, thanks Robbie. I'll use a new hostname. Thanks for the KB articles too. -Jbl -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 4:39 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Failed SP4 install on a DC It is safe, but before you re-promote it, you'll need to remove the objects in AD that are associated with the previous build. Unfortunately you can't simply reuse the DC-related objects in AD after rebuilding. The safest option is to use a different host name for the new build to ensure nothing gets confused. Here are the relevant MS KB articles: MS KB 216498 (HOW TO: Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion) MS KB 332199 (Using the DCPROMO /FORCEREMOVAL Command to Force the Demotion of Active Directory Domain Controllers) Regards, Robbie Allen http://www.rallenhome.com/ -Original Message- From: Jb Leney [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 3:17 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Failed SP4 install on a DC Hi All. Recently installed SP4 on a DC. Unfortunately the system won't boot now. Performed some troubleshooting, but as there were other issues with the system, I would just like to reinstall the OS and start from scratch. Is it safe enough to 1) Reinstall the OS 2) Perform Windows Updates, etc 3) Give system old name and IP 4) Run DCPROMO. Luckily this box held no operations master roles. Any advice would be greatly appreciated. Thanks! List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Single sign-on
Shshank, MMS (Microsoft Metadirectory Services) seems to be a nice solution. http://www.microsoft.com/windows2000/technologies/directory/MMS/default.asp The May 2003 issue of Windows .NET Magazine has 4 page infomercial about MMS. I can tell you from experience; one organization I am familiar with was quoted millions of dollars to set up a UNIX-based single sign on. I can't imagine MMS costing that much, however. Hope this helps and good luck. -Original Message- From: Sharma, Shshank [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 4:08 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Single sign-on Hi everybody, I am new to Active Directory realm. Am looking for help on implementing single sign-on for multiple web-based applications using Microsoft's Active Directory. Any and all pointers to how-to's et al will be thankfully received. -Shshank Sharma List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] test
Title: test Test Please Ignore, thanks.