[ActiveDir] ADFind help
Hello, colleagues, I'm sorry to have to ask this, but I can't figure out how to get this information for a particular client. She wants a list of all the primary email addresses and their secondary email addresses (aliases) for a particular OU in Active Directory. This OU is named FND, and it is at the top of mydomain.mydepartment.local. It has sub-OU's as well. I figure ADFind will do the job, but I just am not familiar enough with the tool to get the information out. Can somebody help me? -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
RE: [ActiveDir] Pagefile not being seen?
Thanks, Kevin. Yes, I had read that article before I posted, but it seemed that I had things set right. When I put 4096Mb pagefile on one drive, hit the set button, and reboot, coming back to the screen just before you set the pagefile on all the drives, it still says 2050 total pagefile on all drives. When I set 2048 on two different drives, then I get the correct number, 4096 total pagefile on all drives. Still a mystery. And, what's more, when I changed from 4096 on drive C to 2048 on C and another 2048 on F, it took two reboots before the total pagefile on all drives went up to 4096 as expected. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson Sent: Wednesday, December 06, 2006 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Pagefile not being seen? Check out this article for the Exchange memory settings. There are a few other tweaks in the registry. http://support.microsoft.com/kb/815372 Do you have any third-party apps running on your Exchange servers? I have seen memory leaks in third-party apps cause this kind of virtual memory issue. 2K3 Standard does allow 4GB on a drive. The way you have it set up with 2048 on two separate drives will give you a performance boost if they are actually separate physical disks or RAID sets. I have typically heard 1.5 times physical for virtual, but I don't think that is as much a best practice as a general rule of thumb. Depending on circumstances I have certainly set it lower or higher. 4 GB virtual should certainly be enough. Sorry for the random order of my answers. I also have trouble following directions and don't play well with others. Hope this helps Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Wednesday, December 06, 2006 1:28 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Pagefile not being seen? Colleagues, On two different Windows 2003 servers in as many weeks I have seen a popup when I logged in that says Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. On one server, I had 2048 pagefile on C. On the other, I had 4096 pagefile on C, but the note at the bottom of the screen showed only 2050. Both servers have 2Gb physical RAM, and both are Exchange 2003 servers. I have now put 2048 on C: and another 2048 on F: on both servers. So, I wonder if I have things set up right, so I have a few questions: 1. Isn't the pagefile limit in 2K3 Standard 4Gb per drive as I have read? Or is it actually 2Gb per drive? 2. With 2Gb physical RAM, isn't 4Gb pagefile the standard? 3. With the /3GB and /USERVA=3030 switches set, which is what I learned to do in class, why do I still get the Event Log error message that says The memory settings for this server are not optimal for Exchange.? -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Pagefile not being seen?
Thanks, Chuck. If I had more users on these Exchange servers, I'd buy more memory. But, there are only about 300 users on each one, so I'm thinking upping the pagefile will do the trick. But, as I wrote to Kevin, I couldn't get the total pagefile on all drives to be 4GB unless I split it up between 2 drives, which is not what I expected. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 5:20 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Pagefile not being seen? It's better to use 2x installed memory for Exchange as a starting point. Splitting the page file on separate physical disks should be OK as long as it is a total of 4 GB. Depending on the how much messaging activity you have you might want to bump up the memory to 4 GB and then the pagefile would need to obviously be increased substantially to about double the installed memory. Chuck -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Wed, 6 Dec 2006 3:31 PM Subject: RE: [ActiveDir] Pagefile not being seen? Check out this article for the Exchange memory settings. There are a few other tweaks in the registry. http://support.microsoft.com/kb/815372 Do you have any third-party apps running on your Exchange servers? I have seen memory leaks in third-party apps cause this kind of virtual memory issue. 2K3 Standard does allow 4GB on a drive. The way you have it set up with 2048 on two separate drives will give you a performance boost if they are actually separate physical disks or RAID sets. I have typically heard 1.5 times physical for virtual, but I don't think that is as much a best practice as a general rule of thumb. Depending on circumstances I have certainly set it lower or higher. 4 GB virtual should certainly be enough. Sorry for the random order of my answers. I also have trouble following directions and don't play well with others. Hope this helps Kevin -Original Message- From: [EMAIL PROTECTED] mailto:ActiveDir-owner%40mail.activedir.org [mailto:[EMAIL PROTECTED] mailto:ActiveDir-owner%40mail.activedir.org ] On Behalf Of Larry Wahlers Sent: Wednesday, December 06, 2006 1:28 PM To: ActiveDir@mail.activedir.org mailto:ActiveDir%40mail.activedir.org Subject: [ActiveDir] Pagefile not being seen? Colleagues, On two different Windows 2003 servers in as many weeks I have seen a popup when I logged in that says Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. On one server, I had 2048 pagefile on C. On the other, I had 4096 pagefile on C, but the note at the bottom of the screen showed only 2050. Both servers have 2Gb physical RAM, and both are Exchange 2003 servers. I have now put 2048 on C: and another 2048 on F: on both servers. So, I wonder if I have things set up right, so I have a few questions: 1. Isn't the pagefile limit in 2K3 Standard 4Gb per drive as I have read? Or is it actually 2Gb per drive? 2. With 2Gb physical RAM, isn't 4Gb pagefile the standard? 3. With the /3GB and /USERVA=3030 switches set, which is what I learned to do in class, why do I still get the Event Log error message that says The memory settings for this server are not optimal for Exchange.? -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] mailto:larry.wahlers%40concordiatech.org direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ Check out the new AOL http://pr.atwola.com/promoclk/1615326657x4311227241x4298082137/aol?redi r=http%3A%2F%2Fwww%2Eaol%2Ecom%2Fnewaol . Most comprehensive set of free safety and security tools, free access
[ActiveDir] Pagefile not being seen?
Colleagues, On two different Windows 2003 servers in as many weeks I have seen a popup when I logged in that says Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. On one server, I had 2048 pagefile on C. On the other, I had 4096 pagefile on C, but the note at the bottom of the screen showed only 2050. Both servers have 2Gb physical RAM, and both are Exchange 2003 servers. I have now put 2048 on C: and another 2048 on F: on both servers. So, I wonder if I have things set up right, so I have a few questions: 1. Isn't the pagefile limit in 2K3 Standard 4Gb per drive as I have read? Or is it actually 2Gb per drive? 2. With 2Gb physical RAM, isn't 4Gb pagefile the standard? 3. With the /3GB and /USERVA=3030 switches set, which is what I learned to do in class, why do I still get the Event Log error message that says The memory settings for this server are not optimal for Exchange.? -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Split pagefile
Woo-hoo! Thanks, Laura. Thanks everybody else who replied as well. After a couple days without electricity at home, finally getting electricity Saturday and getting a good night's sleep, I got up early this morning dreading having to drive into work in all this ice and snow here in St. Louis, but was able to change the pagefile and reboot, and voila, I can log in remotely again. Thanks again, folks. I'll be all right now. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson Sent: Friday, December 01, 2006 11:33 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Split pagefile Larry, You can reboot the server the same way you can change the pagefile size- connect to it in Computer Management, right-click the server, choose Properties, Advanced. At the bottom of the property sheet, there will be a button labeled shut down, but when you click it, it will give you other options than just shutting the machine down. HTH, Laura List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Split pagefile
Laura, Thanks ever so much for all your help. I will be trying some of these things soon, but for now, I'm one of the over 400,000 people in St. Louis without power. My workplace is closed, too, so I might end up waiting it out One question, if you don't mind and have a minute: How do I reboot the server if I can't log on? Many thanks again. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson Sent: Thursday, November 30, 2006 8:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Split pagefile Inline... Thanks for replying, Laura! Sure thing. You wrote: Are you able to connect to the server via Computer Management? Yes. Then you can use that to reconfigure the pagefile, making very, very sure you click Set. :-) After you've connected to it in CM, right click the computer, choose Properties, go to the Advanced tab, yada yada yada. If so, can you see the service statuses and event logs on the server? Yes. I looked all through the event logs, and didn't see anything relating to terminal services failures. And the terminal services service is started. How about the security log? Are you seeing logon failures? Can you telnet to the RDP port? If you mean, can I telnet to the server by name or by its IP address, no. But yes, I can telnet to port 3389 on the server, and the cursor sits there and blinks at me, but as soon as I hit any key, I get back to my command prompt. Okay, port's open. Can you map a drive to a share on the server? Yes. And, in fact, I have the same 2Gb pagefile on C: that I had before, and no pagefile on E: So, I'm thinking that A. I forgot to hit the set button, or B. The server got confused. The snow might have made it sluggish. (That's a joke, folks.) See above for remedy (hopefully). When you say you can't log on, do you get the logon dialog box and a failure to let you log on, or do you get no remote desktop UI at all? No remote desktop UI at all. I immediately get the disconnected from server message. Okay. Try logging on with a different account that has TS connection permissions. Check the security logs. If you're not auditing logon events, you'll need to do that. Check the terminal services permissions, etc. Maybe do a preemptive reboot (or just do it as part of that pagefile adjustment) and see if anything changes. If none of that works, there's still more stuff to check, but I'm tired of typing right now and hopefully one of the above things will determine the issue. Laura (probably a bit overcaffeinated now; can you tell?) No problem. I'm snowed in, but the server is running. I guess what I'd like to do is see if I can reset the pagefile and reboot the server, all remotely, and still manage to terminal service to it and log in. Thanks for your help, Laura. You deserve many pats on the back, attagirls, and stuff. No problem, and no pats necessary. Laura -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006 5:07 AM List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] Split pagefile?
Colleagues, Is there a best practice for splitting the pagefile on a Windows Server 2003 Standard system (it's running Exchange 2003) across multiple drives? My C drive is up to nearly 9GB used out of 10GB, and I'd like to move off most of the 3GB pagefile to maybe the database drive. We have only 500 users on that system, so performance shouldn't be too much of an issue. Thanks in advance, folks. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Split pagefile
Sorry for the reply to my own post, but this article: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips /Miscellaneous/EnhancePerformancebyMovingthePagefile.html says I can move the whole thing to a different partition. I'll leave a meg on the C drive just for the dumpfile, which we limit to 64K, in case the system crashes and I can actually figure out how to read the dumpfile. But, really, is it OK to leave absolutely NO pagefile on C:/? We normally leave at least 200Mb on the C: partition when we move the rest to a different drive. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Thursday, November 30, 2006 9:55 AM To: Exchange Discussions Subject: Split pagefile Colleagues, Is there a best practice for splitting the pagefile on Exchange 2003 across multiple drives? My C drive is up to nearly 9GB used out of 10GB, and I'd like to move off most of the 3GB pagefile to maybe the database drive. We have only 500 users on that system, so performance shouldn't be too much of an issue. Thanks in advance, folks. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Split pagefile
Thanks, everyone, for your replies. Meanwhile, Laura wrote: Yes, it's okay, with the crashdump caveats that you've already acknowledged and accommodated. Good! It's also a good idea to split pagefiles across multiple spindles It will be on a RAID-5 array, so technically yes, it will be across multiple spindles. Kevin wrote: I think 2k3r2 requires at least 16MB on C:. At least that is the error message I have gotten before when I tried to make it smaller than that. This isn't R2, but it is 2K3 sp1. I'll see if it complains about 1MB pagefile on C before I reboot at 5 today. Thanks again for your comments, folks. Larry Wahlers List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Split pagefile
Laura wrote: That's only if you select the custom size radio button and try to set it to less than 16MB. If you select the no paging file option, it works fine. Very good. I just tried that on a test server, and that worked. However, I have a very different problem now. I went ahead and put 16Mb on my C: volume, and 4096Mb on my F: volume, rebooted, the server came up, Exchange is working, but I cannot log onto the server with Remote Desktops anymore. Are these related? Any advice as to how I can get Remote Desktops to this server working again will be greatly appreciated, as St. Louis is now experiencing one of its famous ice storms, and going in to where the server is just isn't an option right now. Larry Wahlers List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Split pagefile
Thanks for replying, Laura! You wrote: Are you able to connect to the server via Computer Management? Yes. If so, can you see the service statuses and event logs on the server? Yes. I looked all through the event logs, and didn't see anything relating to terminal services failures. And the terminal services service is started. Can you telnet to the RDP port? If you mean, can I telnet to the server by name or by its IP address, no. But yes, I can telnet to port 3389 on the server, and the cursor sits there and blinks at me, but as soon as I hit any key, I get back to my command prompt. P:\telnet ctms100 Connecting To ctms100...Could not open connection to the host, on port 23: Conne ct failed Can you map a drive to a share on the server? Yes. And, in fact, I have the same 2Gb pagefile on C: that I had before, and no pagefile on E: So, I'm thinking that A. I forgot to hit the set button, or B. The server got confused. When you say you can't log on, do you get the logon dialog box and a failure to let you log on, or do you get no remote desktop UI at all? No remote desktop UI at all. I immediately get the disconnected from server message. Laura (probably a bit overcaffeinated now; can you tell?) No problem. I'm snowed in, but the server is running. I guess what I'd like to do is see if I can reset the pagefile and reboot the server, all remotely, and still manage to terminal service to it and log in. Thanks for your help, Laura. You deserve many pats on the back, attagirls, and stuff. Larry Wahlers List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir]event log monitoring.
We are just now in process of configuring a product called WhatsUp. So far, it looks good. Previously, we used a home-grown program which worked most of the time! --Larry WahlersConcordia TechnologiesThe Lutheran Church - Missouri Synodmailto:[EMAIL PROTECTED]direct office line: (314) 996-1876 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon LinanSent: Thursday, November 09, 2006 12:25 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir]event log monitoring. Hi, I want to implement a system that will send me an email whenever there is an error in any of the event logs in my servers. I could do this with an script or similar, butI don't have the time to do it that way and many other reasons. I was wondering if any of you has used GFI EventsManager, my main concern is to know if monitoring the events will put to much work on the servers that I am monitoring, I don't want to crash my server because I am monitoring it. Any suggestion? Thanks Rezuma
RE: [ActiveDir] DC crashed
Did you delete this server object from ADUC? If not, that's probably what you need to do. --Larry WahlersConcordia TechnologiesThe Lutheran Church - Missouri Synodmailto:[EMAIL PROTECTED]direct office line: (314) 996-1876 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clingaman, BruceSent: Friday, November 03, 2006 4:32 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DC crashed I apologize for not doing my homework first, but I'm in a pickle and need help fast. One of my domain controllers (which held all the fsmo roles) crashed and I had to reinstall. Now that I've reinstalled, I'm ready to rejoin and promote. But I can't; I get "User already exists" when trying to join. I am using the same computer name as before. I have not deleted or changed anything in the directory on the other server yet. What do I need to do to get my old server back as a domain controller? Links to articles or even words to search by would be of great help. Thanks for any advice. Bruce.
RE: [ActiveDir] OT: Exchange Question
And, you can even turn the mailbox into a honeypot of sorts, by logging into it via Outlook and creating a rule that deletes all email sent to it! --Larry WahlersConcordia TechnologiesThe Lutheran Church - Missouri Synodmailto:[EMAIL PROTECTED]direct office line: (314) 996-1876 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve ComeauSent: Wednesday, November 01, 2006 8:12 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Exchange Question You can also make their incoming email addresses something obnoxious. Steve Comeau IT Manager Rutgers Athletics 83 Rockefeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daash, Amr Sent: Wednesday, November 01, 2006 8:44 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Exchange Question Well there are a lot of things that could be done, 1- u can modify the user delivery restriction tab 2- u can create a security group add the user names to this group then open THE ESM navigate to the your default SMTP virtual server Access tab, the authentication, add the group u created The job now is done Amr EL DaashSystem Administrator, ITS EgyptKPMG Egypt, Hazem HassanPyramid Heights Office ParkKm22 Cairo-Alex Desert Road, GizaEgyptTel +20 (2)536 22 00 / 11Fax +20 (2)536 23 01 / 05Mobile +20 (10) 1925369Email: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Wednesday, November 01, 2006 3:01 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: Exchange Question I have a client who would like certain users to no longer receive e-mail, while still being able to access their mailboxes. Is there a way to do this other than exporting their mailbox to PST and mailbox-disabling the users? Thank you in advance, The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA, 83 Rockafeller Road, Piscataway, NJ www.scarletknights.com *** Dan DeStefanoInfo-lution Corporation[EMAIL PROTECTED]http://www.info-lution.comOffice: 727 546-9143FAX: 727 541-5888 If you have received this message in error please notify the sender, disregard any content and remove it from your possession.
[ActiveDir] OT: PrintMigrator and Windows 2003
Colleagues, We're replacing an old Windows 2000 file/print server, and I'd like to get all 80 printers off of it and onto our Windows 2003 file server. In the past I used PrintMigrator, but I remember that it was only able to move the older-style kernel-mode print drivers, not the newer-style user-mode drivers. Is this still the case? Bottom line: Is there a utility that I can use to move these printers en masse without recreating each one manually on the new server? Thanks, folks. Sorry if this is way OT for this group. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Disk Space Hogs
ShowSize works for us http://showsize.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Friday, October 06, 2006 10:26 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disk Space Hogs I've used/liked FolderSizes (www.foldersizes.com) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Comeau Sent: Friday, October 06, 2006 8:01 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Disk Space Hogs Is there a tool or utility out there that I can find out who/what/when has been eating up disk space on the server? I would like to see who is hogging up space with a parameter of by date. Thank you. Steve Comeau IT Manager Rutgers Athletics 83 Rockefeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA, 83 Rockafeller Road, Piscataway, NJ www.scarletknights.com *** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] blocking OOO in the listserv?
I've blocked OoO messages from leaving our network, so this isn't a problem for us. In this day and age, I was able to convince the CIO's that proliferating SPAM by providing confirmation of valid email addresses via automatic replies to the internet was going to cause their users more problems than the small convenience of the OoO replies. It's a sign of the times, I suppose, that in Exchange 5.5 we enabled automatic replies to the internet, but by the time we got around to installing Exchange 2003 we did not. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 26, 2006 10:33 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] blocking OOO in the listserv? Wouldn't it be more reliable to configure the listserv to automatically drop such e-mails? Then you're not dependent on hundreds or thousands of mail servers all being correctly configured (which seems unlikely to me). I would think that most OOO messages are flagged as such using some SMTP header, and/or can be flagged fairly reliably with a regular expression. (e.g., grep -i out.*of.*office should catch 90% or more of them) -- Idan Shoham Chief Technology Officer M-Tech Information Technology, Inc. [EMAIL PROTECTED] http://mtechIT.com On Mon, 25 Sep 2006, Derek Harris wrote: There have been some good threads on the Exchange List about ways to NOT send OOOs to listservers: http://intm-dl.sparklist.com/read/?forum=exchange -snip- List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Search Mailbox
ExMerge? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Thursday, September 21, 2006 8:02 AMTo: activedir@mail.activedir.orgSubject: [ActiveDir] Search Mailbox Is there any way to search for messages within a mailbox without using Outlook in Exchange 2000; like using System Administrator? Dan DeStefanoInfo-lution Corporation[EMAIL PROTECTED]http://www.info-lution.comOffice: 727 546-9143FAX: 727 541-5888 If you have received this message in error please notify the sender, disregard any content and remove it from your possession.
[ActiveDir] AD Reporting Tool?
Our auditors, for the first time, now suddenly want a report of all our users in AD, what groups they are in, and if the account is disabled or not. Is there a tool that I can get up to speed on quickly (today if possible), run it against our AD, and get this report for them? Thanks in advance, folks. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] AD Reporting Tool?
Many thanks to everybody who replied. I wish I could FTP you all a few Anheuser-Busch products of your choice from St. Louis in return! I downloaded Hyena, Exporter, Exporter Express, Quest Reporter (the freeware version, too) and finally thought about the Joeware AdFind product, which I'd been meaning to try for a while but didn't have a reason until now. Anyway, AdFind worked just fine to give the auditors exactly what they wanted. Someday we'll probably need the higher horsepower these other tools provide, but for now, Joe's product came through for us just great. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] AD Reporting Tool?
I actually did it before I read this. My command line was similar, but still worked fine. We only wanted certain OU's, and the tool worked just great. I just did a plain text file, which stacked all the groups under each user. Didn't have to format anything. It even told me which users were disabled - something else the auditors wanted. Larry Wahlers -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Newell Sent: Wednesday, September 20, 2006 10:48 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Reporting Tool? At the risk of sounding like a one trick pony, I'd have to go with adfind from www.joeware.net. adfind -default -nodn -csv -f ((objectCategory=person)(objectclass= user)) cn memberof useraccountcontrol filename.csv You can clean it up in excel in just a few minutes (sort by CN, wrap the memberof, find and replace useraccountcontrol EG: replace 512 with normal user, 514 with disabled, etc. Look up the values here http://support.microsoft.com/kb/305144/ Or, better yet, leave it with the numeric values and hand them a printed copy of that article along with the report and let the auditors figure it out. Should keep them busy for a while;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Wednesday, September 20, 2006 8:34 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD Reporting Tool? Our auditors, for the first time, now suddenly want a report of all our users in AD, what groups they are in, and if the account is disabled or not. Is there a tool that I can get up to speed on quickly (today if possible), run it against our AD, and get this report for them? Thanks in advance, folks. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This message and any attachments (the Message) may contain confidential, proprietary and/or privileged information and are only for their intended recipient(s). If you are not the intended recipient, you should notify the sender and delete the Message. E-mail transmissions cannot be guaranteed to be secure or error-free. This Message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or financial instruments, or to provide investment advice in any jurisdiction where the sender is not properly licensed or permitted to do so. This Message is subject to additional conditions and restrictions. Please read them here: http://legal.dimensional.com/email/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] AD Reporting Tool?
I absolutely would if I could. Definitely going to buy the book, tho. Larry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard Sent: Wednesday, September 20, 2006 12:53 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Reporting Tool? I say send Joe a six-pack of his favorite beer and expense it to your auditors! :) Alex List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] OT: RAID-5 expansion problem
Esteemed colleagues, We can't get the RAID configuration utility to give us the amount of disk space we think we ought to have on our main file server. We used to have 4 72Gb drives in a RAID-5. We put two more 72Gb drives into the server, and followed the directions to expand the array using HP's ACU-XE program. The directions say this can take 10-15 minutes per Gb, and it took lots more time than that, but finally, it was done. So, here are the figures for drive space we are now working with, and they just don't add up. In ACU-XE: - The original drive space is listed as 208378 Mb This is roughly equivalent to 69460, which is the physical drive capacity reported by the System Management Homepage, times 3, leaving out the 4th drive to make the RAID-5, which comes out to 208380. This is fine. - The new unused space is listed as 166707 Mb This is actually quite a bit more than 69460 times the two drives we added, which would be 138920. This is confusing to me, and the figures do not add up. - When I go to extend size in ACU-XE, the maximum size I can extend the array to is 261116. This is not even as much space as adding one drive to the array should give us, and we've added two drives! This really doesn't add up. More figures: If you add the two numbers in ACU-XE (original plus unused), I come up with 375085. If you figure out what 5 times 69460 would be, it comes up to 347300. Either one of these numbers would be fine with us, but 261116 is just plain not enough! Thanks in advance for your help. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Reset home page via GPO
David Adner wrote: This IE setting can be applied via policy mode or preferences mode. Policy mode is what you normally think of when configuring GPO settings in that it'll be reset if a user ever changes it. Preferences mode only changes the initial value but allows the user to change it afterwards if they like without having it switch back each time GPOs are applied. Instead, it is only reset if the GPO itself is modified. I hate to beat this dead horse, but the client wants the policy mode enabled. I did that on the DC, did the gpupdate /force, but it's not working. Folks who change the forced IE home page to be their own custom one can reboot their computers, log in, and they still get their custom home page, not the GPO forced home page. Now, I linked the GPO to an OU that has OU's beneath it, one for users, one for admins, one for groups, etc. Group Policy Results Wizard shows that the GPO is a winning GPO, but the actual results are, it is not being enforced. What am I missing here? How can I enforce this GPO so that every time a person logs in, they get the GPO-forced home page? Thanks, folks! -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Reset home page via GPO
Thanks, Darren! That did the trick for us. -- Larry Wahlers -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Tuesday, July 25, 2006 2:23 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Reset home page via GPO Sigh. I truly wish MS would either fix IE maintenance policy or just kill it because its just the buggiest piece of insert expletive here around. Larry, try enabling the following policy on all computers that receive the home page policy--Computer Configuration\Admin Templates\System\Group Policy\IE Maintenance Policy Processing\Process even if the GP objects have not changed. Give that a go (it may require a couple of logons to trigger) and see if that helps. This is described at http://support.microsoft.com/kb/306915/en-us, though I'm not sure why the KB article tells you to tweak the registry directly, since they provide a policy for that very purpose... Darren List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Reset home page via GPO
Hello, colleagues, Our HR department wants everybody's IE home page reset to our intranet home page. I presume the way to do this is via GPO, and apply it only to the users' OU. Are there any issues (other than political ones, of course) with doing this? (Just an aside: We're back to work following the worst power outtage in St. Louis history. Over 500,000 people without power for several days, and nearly 200,000 still out. Very interesting week we just had.) -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Reset home page via GPO
Thanks, everybody, for your replies. I thought it would work fine with no technical issues (political ones are inevitable, of course). Meanwhile, David Adner wrote: This IE setting can be applied via policy mode or preferences mode. Policy mode is what you normally think of when configuring GPO settings in that it'll be reset if a user ever changes it. Preferences mode only changes the initial value but allows the user to change it afterwards if they like without having it switch back each time GPOs are applied. Instead, it is only reset if the GPO itself is modified. I can't seem to find those distinctions. I'd love to be able to reset everybody's home page just for their initial login after all the training is done, and let them reset it if they want to, and let it stay that way. I see where you can set it as enforced which I did not do, but our testing shows that everytime somebody logs off and then on again, they'll get the intranet start page regardless of whether they changed it or not. In fact, one of our testers discovered that if she closes all instances of IE, then waits five minutes or so, starting IE back up again once again resets her homepage, even if she didn't log off the machine. Gotta love all this fun we're having! In a few days, it'll be a moot point. Some exec will decide they don't like it, and I'll be instructed to take it off. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Planning for the future
Many thanks, everybody. The big meeting is today at 1:30 CDT. The determining factor, I believe, will probably be cost right now. So, we will probably follow the advice of some folks here and just make them an OU. If they get sold, we'll get the buyers to pay for the migration :) But, of course, I don't decide those things. The players at the meeting do. Thanks again for your assistance, folks. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Planning for the future
Esteemed colleagues, We have a radio station that is currently part of our denomination that we want to finally put on our network. They are located about 20 miles from our headquarters. However, there has been talk for many, many years about selling off this radio station, but that hasn't come to pass yet. My question is, if we put them in their own domain in our existing forest, would that make it easier to get them into their own forest if they should some day no longer be a part of us? If not, what's the best way to plan for a possible future in which these 30 people might no longer be working for us? Many thanks in advance. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Ammunition, please!
I am being asked to install a single server in a remote location (about 20 miles from here, 20 users) that will be a DC for our entire network, running DHCP and DNS, acting as a file server and print server for this remote location. And, this server will be in an unlocked rack in a semi-public area where literally anyone could gain physical access to the box. At the very least, the 20 employees will be walking past it every day. There are many red flags about this scenario. I can think of a few. But, what I need is documentation from an *external* source that tells management just how bad an idea this is. After all, they won't believe me, but they might believe an expert. At the very least, I would want the rack in which this server is placed to be locked 24/7. Better would be a locked room. All help welcomed with many thanks. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Ammunition, please!
Thanks, everyone. What is the connection speed between the office 20 miles away and your home office with the DC's now? T1. IMO, plenty of speed to handle authentication. But, there is concern that if the T1 goes down, these 20 people will beunable to do anything at all on the network. Larry Wahlers
RE: [ActiveDir] Ammunition, please!
On a lesser note, is there any problem with having a DC also be their file server and print server? Again, we're only talking 20 people here. Assuming I can at least get the server rack locked, and I put the file shares on a separate partition (i.e., not on the C drive, of course). This is all good. I think I have enough ammunition to, at least, cover myself if management decides to go ahead and put a DC in that location. The reason is, of course, this group of 20 folks have no money, so we'll have to buy them a server out of our own budget, because they are one of our supported clients and we have no choice. In my opinion, however, we *do* have a choice as to whether we allow a DC to be in a physically non-secure location. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Group Policy question
Many thanks, John! I'll have a good long look at that article. And, we played around quite a bit with the GPMC. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, June 26, 2006 2:17 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Group Policy question Hi Larry... http://technet2.microsoft.com/WindowsServer/en/Library/a834e84 4-8eb2-4ee2-927c-9989b4f55dd71033.mspx?mfr=true You can easily use the GPMC to delegete where they can link them, just click the OU, and the delegate tab. HTH, John Larry Wahlers [EMAIL PROTECTED] ncordiatech.org To Sent by: ActiveDir@mail.activedir.org [EMAIL PROTECTED] cc ail.activedir.org Subject [ActiveDir] Group Policy question 06/26/2006 01:27 PM Please respond to [EMAIL PROTECTED] tivedir.org Colleagues, Our Microcomputer Support group wants the ability to create Group Policy objects and apply them to various workstations. I've taken a few classes in AD, but I'm a tad shaky on how to give these folks just barely enough privs to create GPO's and only link them to the OU's I choose. It would seem that I should add the whole Micro group to the Group Policy Creator Owners group in the Users OU, but the description Members in this group can modify group policy for the domain scares me a bit. Unless, of course, it is *also* necessary to use the Delegate Control wizard on whatever OU's they need, thus limiting their power to link GPO's to only those OU's. All suggestions from you knowledgeable AD Admins gratefully accepted! -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Manage printers?
Thanks for your replies, gentlemen. Shariff wrote: Check the 'Security' tab under printer properties and check to see if the 'Print Manager's group' is there. Shariff, if you mean the Print Operators built-in group, it's not there. What's worse, I can't even add it. When I go to add the group, it's not in the list. Brian Desmond wrote: Ensure the helpdesk user has the ability to Manage Documents in the ACL of the printer. I can do that, and my testing shows this will work, but we have over 200 printers spread out over a half-dozen servers! Do I really have to add this individual user to the security tab of each printer, and remember to do the same every time we install another printer? I was hoping that simply being a member of the built-in Print Operators group would automagically give her the required privs to manage documents for all printers in the domain. Isn't there some way to make that happen? I could also simply make her a power user on each of the printservers, but that's more privs than I'm willing to give! Thanks, all, for your continued help. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Tuesday, March 21, 2006 10:56 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Manage printers? Hello, colleagues. We're using Windows 2003 Active Directory, not yet elevated to native 2003 mode. I have a help desk person who needs to be able to delete print jobs from network printers. She is in the Print Operator's group, but whenever she tries to delete a job for a user she gets an access denied message. What can I do to give her the ability to manage print jobs? -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Manage printers?
Hi, Shariff. Thanks for your reply. I must be dense. I read both parts of the article, and I still don't see how to grant the built-in Print Operators group power to manage documents. You'd think that group would have that power automatically, but apparently not! -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Navroz Shariff Sent: Thursday, March 23, 2006 2:18 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Manage printers? I apologize for not receiving your question, Larry. Are you using GPO in your organization to manage printers. Please visit the link below. It will show you how to Managing Printers Using Group Policy. http://www.windowsnetworking.com/articles_tutorials/Managing-P rinters-Gr oup-Policy-Part2.html The link will take you to the 2nd part of the initial article. Within it, there is a link to the first part. I hope it helps. -Shariff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Thursday, March 23, 2006 11:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Manage printers? Thanks for your replies, gentlemen. Shariff wrote: Check the 'Security' tab under printer properties and check to see if the 'Print Manager's group' is there. Shariff, if you mean the Print Operators built-in group, it's not there. What's worse, I can't even add it. When I go to add the group, it's not in the list. Brian Desmond wrote: Ensure the helpdesk user has the ability to Manage Documents in the ACL of the printer. I can do that, and my testing shows this will work, but we have over 200 printers spread out over a half-dozen servers! Do I really have to add this individual user to the security tab of each printer, and remember to do the same every time we install another printer? I was hoping that simply being a member of the built-in Print Operators group would automagically give her the required privs to manage documents for all printers in the domain. Isn't there some way to make that happen? I could also simply make her a power user on each of the printservers, but that's more privs than I'm willing to give! Thanks, all, for your continued help. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Tuesday, March 21, 2006 10:56 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Manage printers? Hello, colleagues. We're using Windows 2003 Active Directory, not yet elevated to native 2003 mode. I have a help desk person who needs to be able to delete print jobs from network printers. She is in the Print Operator's group, but whenever she tries to delete a job for a user she gets an access denied message. What can I do to give her the ability to manage print jobs? -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Manage printers?
Hello, colleagues. We're using Windows 2003 Active Directory, not yet elevated to native 2003 mode. I have a help desk person who needs to be able to delete print jobs from network printers. She is in the Print Operator's group, but whenever she tries to delete a job for a user she gets an access denied message. What can I do to give her the ability to manage print jobs? -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] There must be an easier way...
Thanks, everybody, for your helpful replies. Just to clarify: We have an empty root domain. We have several child domains, one of which is our main domain with most of the objects. That main domain has 5 sites. One of those sites has one DC in it. That physical site also has an administrator who talked me into promoting one of his servers to a dc in the root domain, since only I know the root domain administrator password. The plan was that we would let things replicate, then ghost the two DC's, bring the two DC's over to my location, cut the wire between us, demote the two DC's and remove them from the domain, take them back over to the site that's leaving, re-ghost the machines back so they're DC's again in their copy of our domains, change the root domain administrator password to something those guys know, and let them have at it in their own copy of our domain. Then, their users continue to log on to their copy of our domain in their own forest, while the IT group gets stuff migrated over to what will be their real new forest. Unfortunately, the very evening that I promoted their DC, this guy cut the line. So, now I have to run ntdsutil to clean up. But, fortunately, I just happened to be signed up for an intermediate AD class in which we did that very thing today. So, I think I'm OK, along with the great suggestions here. As I see it, the steps are: 1. Run NTDSUTIL and remove the two DC's. 2. Wait until tomorrow - overnight should be plenty of time for replication. (We only have about 800 users total) 3. Go into Sites and Services and delete the computers from the site, and then the site itself. 4. Probably have to delete the connections to either of the deleted computers from the many other DC's. Thanks again, all. If there's something I've missed, I'm all ears! -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] There must be an easier way...
Hello, colleagues, A client that we had set up as a site within our domain with its own pair of DC's has decided to break off from us, get their own ISP, and cut the network cable between us. In fact, they've done that last weekend. Now, the Directory Service event log on one of our DC's is spewing out 21 warning and error messages every 15 minutes, all related to the fact that there are no available DC's in that site. Doing a Google search, I found this article http://support.microsoft.com/?kbid=216498 which describes at least 20 steps that must be taken to remove a DC following an unsuccessful DC demotion. Which, I suppose, is what I would have done had I had the opportunity to demote the DC's before this client cut the line. The article also has this warning: Caution The administrator must also make sure that replication has occurred since the demotion before manually removing the NTDS Settings object for any server. Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality. Being a relative newbie to Active Directory management (but, just emerging from a pair of classes), I have to ask if there is an easier way to do this? We have about 800 users and 4 corporations on this wire, and they might get a bit testy if their computers stopped working all of a sudden! -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Delete Uninstall directories?
Hi, folks, We're running low on disk space on the C: drive on one of our main Windows 2000 webservers. Can the C:\WINNT\*uninstall* directories be safely deleted, as long as we know we won't ever be rolling back to pre-patch levels? If we can do that, we'll be very much in the clear. Thanks in advance, knowledgeable colleagues. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Delete Uninstall directories?
OK. Simple Google search shows you can, indeed, delete those directories. I'm going to save them off to disk just in case. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Monday, February 20, 2006 12:05 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Delete Uninstall directories? Hi, folks, We're running low on disk space on the C: drive on one of our main Windows 2000 webservers. Can the C:\WINNT\*uninstall* directories be safely deleted, as long as we know we won't ever be rolling back to pre-patch levels? If we can do that, we'll be very much in the clear. Thanks in advance, knowledgeable colleagues. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Delete Uninstall directories?
Title: RE: [ActiveDir] Delete Uninstall directories? Thanks, Chris. I've done that myself on this particular server. Just for grins, can anybody tell me what is the minimum MB pagefile you have to keep on C: for a pointer? I try to never go below 20 MB pagefile on C:, but I can't remember where I got that information. --Larry WahlersConcordia TechnologiesThe Lutheran Church - Missouri Synodmailto:[EMAIL PROTECTED]direct office line: (314) 996-1876 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pohlschneider, ChrisSent: Monday, February 20, 2006 12:47 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Delete Uninstall directories? I am not for sure on that question, but just throwing out that you can movethe pagefile to another partition to free up some space as well. That hasworked well for me in the past with this dilemma.-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]]On Behalf Of Larry WahlersSent: Monday, February 20, 2006 1:05 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Delete Uninstall directories?Hi, folks,We're running low on disk space on the C: drive on one of our mainWindows 2000 webservers. Can the C:\WINNT\*uninstall* directories besafely deleted, as long as we know we won't ever be rolling back topre-patch levels? If we can do that, we'll be very much in the clear.Thanks in advance, knowledgeable colleagues.--Larry WahlersConcordia TechnologiesThe Lutheran Church - Missouri Synodmailto:[EMAIL PROTECTED]direct office line: (314) 996-1876List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Migrate domain to separate forest
Susan Bradley wrote: As a newsgrouper/listserver person who gets massive amounts of OOO...can I respectfully say that has to be the stupidest reason for network design in my personal opinion. And Gil Kirkpatrick wrote: Someone needs to do a cost-benefit analysis. I would guess that 2 forests = 1.6x the operations costs more or less. I agree with both of you. You're preaching to the choir here! And, since I'm in the Church biz, I've heard that homily many times, too. I'm a tech, so even though my opinion is respected in our IT department, and my bosses agree wholeheartedly with me, over the years we have had to become almost entirely customer-driven or have all our services outsourced elsewhere. It has already happened with two of our six organizations, and it's about to happen with a third one. This particular org is one of the three that remain. So, I do what I'm told so tomorrow won't see me being walked out the door like so many of my colleagues in the past few years. Our goal here is obviously to show this particular organization how incredibly expensive it will be for them to be in their own forest just so they can have their OoO going to the internet. But, with all the other autonomy they want, it may happen, anyway. Now, to complicate matters, many years ago when I first installed Exchange 5.5 for 5 of our organizations (one had left by then), this organization got their very own Exchange 5.5 server, too. And, I enabled OoO to the internet, mostly because back then, 95% of email was good and only 5% was bad. But, this particular org had only climbed on board with their Exchange server because it was the end of the fiscal year, they had a few grand to spend or lose it, so they got Exchange. Except, they didn't have enough money or microcomputer resources to switch to Exchange, so that server gathered dust for years. Just last June they decided they wanted Exchange, so I convinced them to just format the Exchange 5.5 server and go directly to Exchange 2003. Out of Office was not going to the Internet, because when I upgraded everybody to Exchange 2003, I decided in this day and age of spam and viruses that it was a very bad idea. Management agreed with me. Now, we have two remaining Exchange 5.5 servers, for two of the other orgs. These folks will lose their OoO to the internet, and some of them will raise such a stink that we'll be forced to turn it back on, anyway, thus negating all the work of taking this other org to their own forest. Whew. This is way too long, so everybody have a nice cup of coffee on me - I'll ftp 'em to you! (At least I'll have job security for a really long time, with all this thrashing about.) -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD computer accounts being removed
Gary wrote: I'm in a position where I'm making the big decisions, doing the big work and also doing all the little details (I'm it) including daily problems. Zero training/learning time, zero anything except get to the next fire. Boy, does that sound familiar... -- Larry List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Migrate domain to separate forest
Thanks for your reply, Gil. You wrote: Just out of curiosity, why do they think they want their own forest? Because they want to have their out-of-office replies go to the internet, and our security policy won't let 'em do it because it affects everybody else, too! In any case, there's no way that I'm aware of to carve off a domain and make it a new forest root... I think you'll have to create the forest and migrate the users and resources. That's what I thought. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Migrate domain to separate forest
Hello, colleagues, One of our organizations is in their own domain, a child domain of our root. They want to be in their own forest. Are there tools to migrate them to their own separate forest, or will I need to build the forest first, presumably with 2 new DC's, and then make all their servers join the new forest? And, of course, they have about 140 users. Thanks, folks. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Migrate domain to separate forest
Title: [ActiveDir] Migrate domain to separate forest Many thanks, Jorge. And I hear congratulations on your MVP status are in order. Congrats! --Larry WahlersConcordia TechnologiesThe Lutheran Church - Missouri Synodmailto:[EMAIL PROTECTED]direct office line: (314) 996-1876 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Tuesday, January 17, 2006 1:27 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Migrate domain to separate forest If they need their own forest you need to create it first. But even before you create it, design it. First setup what the requirement should be and then design it to meet the requirements. Migration high level steps are:* Make sure the AD has been configured (sites, subnets, replication, OUs, GPOs, delegations, DNS, WINS, DHCP, etc.) * Setup name resolution (WINS or DNS) between source and target domain/forest * Setup trusts (if an external trust is configured and sidhistory is used, disable sid filtering) * Install and configure migration tooling* Migrate groups, user accounts with passwords and group memberships (with sidhistory)* Migrate clients from the source domain to the target domain, translate security on the client, and translate profiles (at this moment users start logging on with their new AD account on the migrated clients that have been migrated previously to the w2k3 domain)* Migrate mailboxes if needed* Migrate servers to the new domain or migrate data to new servers* Translate security (Re-ACL) of the data from source security principals to target security principals (replace the security descriptors from the old domain with the security descriptors from the new domain )* Cleanup temporary configurations* Cleanup sidhistory (recommended!). sIDHistory is used to access resources while those resources still have security descriptors from the old domain. As soon as all data (file, folders, mailboxes, etc.) have been re-ACL-ed sIDHistory can be cleaned. Sidhistory should only be used temporary for migration purposes!* Remove trusts* Decommission old domain(s) For more info on migrating to an AD domain also see: http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/default.mspx ADMTv3 has been out for a while, so be sure to use that version. (http://www.microsoft.com/downloads/details.aspx?familyid=6F86937B-533A-466D-A8E8-AFF85AD3D212displaylang=en) If you have exchange you need to setup the target Exchange organization and perform an inter-org migration Cheers, jorge From: [EMAIL PROTECTED] on behalf of Larry WahlersSent: Tue 2006-01-17 19:28To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Migrate domain to separate forest Hello, colleagues,One of our organizations is in their own domain, a child domain of ourroot. They want to be in their own forest. Are there tools to migratethem to their own separate forest, or will I need to build the forestfirst, presumably with 2 new DC's, and then make all their servers jointhe new forest? And, of course, they have about 140 users.Thanks, folks.--Larry WahlersConcordia TechnologiesThe Lutheran Church - Missouri Synodmailto:[EMAIL PROTECTED]direct office line: (314) 996-1876List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] FSMO role transfer [going further OT...]
Lots of great stuff posted here, including a salary schedule that, for us folks in non-profits, would be enough for me to retire right now! What happens here, especially lately, is the person who was hired so I can offload stuff like printers, FAX servers, etc., so I can concentrate on our several email servers, gets laid off, so I get to do all that stuff again. Then, the fellow who was our AD/Windows Server guru quits of his own accord, and presto, I'm the new AD/Windows Server guy. Of course, I get a whopping zero percent pay increase to go with all this increased workload. I asked management to double it, and they did. Somehow, the figure did not increase. But, at least I'm becoming more and more valuable to the company. Unless we outsource everything or go bankrupt, that is. --Larry
RE: [ActiveDir] Recommendations for a DOD wipe of a RAID Array?
If you don't want the drives anymore, you could just do an Office Space* on them! *Take them out back and clobber 'em with a nice big sledgehammer. If you break the platter, nobody's going to get data off of it. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/