[ActiveDir] OT: SpecOps GPUPDATE tool
Hi Has anyone used the WoL feature of this tool? If so, can you let me know of any issues that you came across please? We are currently only interested in the Shutdown/WoL feature, and would be interested to know how it obtains the MAC addresses required and the method of transmission of the wake up packet across the subnets - to keep our active network team happy. They had a recent incident with a Ghost server and they're a bit edgy. :) Cheers Danny
RE: [ActiveDir] OT: SpecOps GPUPDATE tool
Including bugs! :) Maybe should have been 2 emails - One here for any problems encountered and one to SpecOps for technical detail. Any users encountered any problems with this tool? :))) Kind regards Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 07 December 2006 14:26 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: SpecOps GPUPDATE tool I would expect specops to provide that info, if I were in your position. neil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny Sent: 07 December 2006 13:54 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: SpecOps GPUPDATE tool Hi Has anyone used the WoL feature of this tool? If so, can you let me know of any issues that you came across please? We are currently only interested in the Shutdown/WoL feature, and would be interested to know how it obtains the MAC addresses required and the method of transmission of the wake up packet across the subnets - to keep our active network team happy. They had a recent incident with a Ghost server and they're a bit edgy. :) Cheers Danny PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. Email has been scanned for viruses by Altman Technologies' email management service http://www.altman.co.uk/emailsystems
RE: [ActiveDir] OT: SpecOps GPUPDATE tool
Hi Neil You were right, they did. It's no good for us as the tool won't work with non-windows DHCP, which I guess is used to retrieve the MAC addresses. Sould have though of this in the first instance, but to quote the parrot sketch, I have a cold. :) All the best Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 07 December 2006 14:26 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: SpecOps GPUPDATE tool I would expect specops to provide that info, if I were in your position. neil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny Sent: 07 December 2006 13:54 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: SpecOps GPUPDATE tool Hi Has anyone used the WoL feature of this tool? If so, can you let me know of any issues that you came across please? We are currently only interested in the Shutdown/WoL feature, and would be interested to know how it obtains the MAC addresses required and the method of transmission of the wake up packet across the subnets - to keep our active network team happy. They had a recent incident with a Ghost server and they're a bit edgy. :) Cheers Danny PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. Email has been scanned for viruses by Altman Technologies' email management service http://www.altman.co.uk/emailsystems
RE: OT - RE: [ActiveDir] W. in hell
Title: Message More annoying, at least to me,are questions that are ON TOPIC but someone didn't take time to look at the archives or google and asking like it was the first time it was asked versus maybe revisitng the previous discussion in new light. Irecently replied to a mail from a few months ago and re-launched a mini-debate. I'd reversed the chronological order while looking for a particular email,forgot tochange it back, spotted a subject I'd only just been reading about.I only noticed the date a wee while later! :))) Danny
RE: [ActiveDir] Weak AD passwords
Title: Message Hi Haven't used it, but one of my colleagues swears it's too good. :)Try Rainbow Tables. Cheers Danny -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, RussSent: 20 March 2006 21:38To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Weak AD passwords Can anyone recommend any tools to find which of our users have weak AD passwords? We used to use L0phtcrack back in the day, but it doesn't appear to be supported any longer? Other than enforcing complex passwords (which we do) and 8 character minimum, we'd like to figure out who uses things like "Password1" or something silly like that. Thanks in advance Email has been scanned for viruses by Altman Technologies' email management service ~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~
RE: [ActiveDir] OT: Higher Education web access
Title: Message We use it here (Glasgow Caledonian) to an extent, without issue. And I believe it's used very successfully and extensively at Strathclyde (much bigger uni than we are). Cheers Danny -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve RochfordSent: 20 June 2006 16:32To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Higher Education web access All you're "taking away" is the limitation of 1 file at a time. (OK, the interface is different but for Windows users it's going to be much more like what they use when they're working with local files) Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul GlennSent: 20 June 2006 14:13To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: Higher Education web access I myself would be more than happy with this scenario. However, when I discuss this with the VP he says we can't take away anything they have now. So that means I have to find a way for them to access their files through some type of web interface (which maybe I can convience him WEBDAV is almost like what they have now) and also be able to publish their own web pages. Paul On 6/20/06, Steve Rochford [EMAIL PROTECTED] wrote: We use webdav and publish instructions for staff/students to just add their home folder as a "my network place" on their home computers. This works well - once you've connected it's just another location that appears in explorer or file dialogues. If you're happy to continue with FTP access to the web folder then that's perfectly possible; I'm assuming you're scripting creation of users so it's just a case of adding an extra bit to create and permission a folder somewhere in the IIS folder for each user. Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul GlennSent: 19 June 2006 21:27To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT: Higher Education web access Hello all,Sorry for the OT, but I'm a bit at a loss on parts of the big move. As I've said in the past, I'm in the process of moving our student population from eDirectory to Active Directory. We've overcome several hurdles up to this point. Our next big one is how to give access to our student's files via a web brower and also a way to host their own web pages. Currently we accomplish this via IUAdmin and apache services. IUAdmin is not ported to the Windows platform and Apache for Windows has a few drawbacks. I was wondering if there are any higher education folks out there that wouldn't mind talking with me about their environment. To help give a better idea of what we do, I offer three web pages: Students can login to the following page and gain access to their files.http://locker.uky.edu The next link shows you some screenshots of what you would see if you logged in as bigtest. http://locker.uky.edu/help.htmThen off course we offer a way for them to publish their own webpages (the first link will show you where I get my signature):http://locker.uky.edu/~pglennThanks for any help even if it's just a pointer to another listservPaul-- ***"I've got a fever and the only prescription is more cowbell."--Christopher Walken*** -- ***"I've got a fever and the only prescription is morecowbell."--Christopher Walken *** Email has been scanned for viruses by Altman Technologies' email management service
RE: [ActiveDir] FRS/DFS woes
Is the DNS configuration of this server pointing to itself for DNS resolution? Are the other server resolving against the same DNS? Cheers Danny The root of the DFS is located on our PDC emulator, which is also a DNS server itself. If I go into the dfs root on the PDC emulator I see the file I copied to the \\domain.com\dfs\software directory, it's just not replicating to any of the other links. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny Sent: Tuesday, June 13, 2006 10:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FRS/DFS woes Where is the root of the DFS located? I seem to remember having problems with DFS replication before, because one of the servers hosting the root had it's DNS incorrectly configured. Ultrasound would report any errors sure enough. After decoding what it all means you'll need a dark room to lie down in for a few hours. :) Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: 13 June 2006 15:31 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] FRS/DFS woes I'm trying to set up a DFS share and having all sorts of issues getting it to work. I've installed Ultrasound and i'm either not sure where to look in it for the answer or it's not giving me the answer. I set up a link with 3 targets in a ring replication topology. 2 of the 3 servers are Win2k3, 1 is Win2k. The only server the file is showing up on is the one that is set up as the master to replicate from. The errors i'm mostly seeing are: The File Replication Service is having trouble enabling replication from CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name campatfs01.ccc.ourdomain.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name campatfs01.ccc.ourdomain.com from this computer. [2] FRS is not running on campatfs01.ccc.ourdomain.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. and Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller \\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration information. I'm thoroughly stumped. Any advice? Name resolution seems to be working reverse and forward between the servers. Thanks in advance ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] FRS/DFS woes
Hi Russ Try pointing the server to itself for DNS resolution. This is the problem I had with one replica in a similar situation and it resolved the problem for me. BTW, It only affected DFS replication, SYSVOL was fine. Cheers Danny No, PDC emulator (which is also the root target) is not pointing to itself for DNS. Other servers are resolving against their local DNS which is replicated from the same DNS as the root target. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny Sent: Thursday, June 15, 2006 8:48 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FRS/DFS woes Is the DNS configuration of this server pointing to itself for DNS resolution? Are the other server resolving against the same DNS? Cheers Danny The root of the DFS is located on our PDC emulator, which is also a DNS server itself. If I go into the dfs root on the PDC emulator I see the file I copied to the \\domain.com\dfs\software directory, it's just not replicating to any of the other links. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny Sent: Tuesday, June 13, 2006 10:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FRS/DFS woes Where is the root of the DFS located? I seem to remember having problems with DFS replication before, because one of the servers hosting the root had it's DNS incorrectly configured. Ultrasound would report any errors sure enough. After decoding what it all means you'll need a dark room to lie down in for a few hours. :) Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: 13 June 2006 15:31 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] FRS/DFS woes I'm trying to set up a DFS share and having all sorts of issues getting it to work. I've installed Ultrasound and i'm either not sure where to look in it for the answer or it's not giving me the answer. I set up a link with 3 targets in a ring replication topology. 2 of the 3 servers are Win2k3, 1 is Win2k. The only server the file is showing up on is the one that is set up as the master to replicate from. The errors i'm mostly seeing are: The File Replication Service is having trouble enabling replication from CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name campatfs01.ccc.ourdomain.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name campatfs01.ccc.ourdomain.com from this computer. [2] FRS is not running on campatfs01.ccc.ourdomain.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. and Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller \\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration information. I'm thoroughly stumped. Any advice? Name resolution seems to be working reverse and forward between the servers. Thanks in advance ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx ~~ This e-mail is confidential, may contain proprietary
RE: [ActiveDir] Group membership question
Title: Message Thank you. Danny -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: 13 June 2006 17:01To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Group membership question No it is a value in an attribute. A child object would be an object that has a group as its parent... I.E. cn=group,ou=someou,dc=dom,dc=com and the child object of cn=somethingelse,cn=group,ou=someou,dc=com,dc=com In the default schema, the only objectclass that can be instantiated as an object under a group is objectClass classStore. You can determine that by looking at the possibleInferiors attribute of the group object. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, DannySent: Tuesday, June 13, 2006 11:34 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Group membership question Sorry if this is a daft question, but I can't find an answer anywhere: Is a User considered a Child object of a Group to which it is a member? Cheers Danny Email has been scanned for viruses by Altman Technologies' email management service
[ActiveDir] Group membership question
Title: Group membership question Sorry if this is a daft question, but I can't find an answer anywhere: Is a User considered a Child object of a Group to which it is a member? Cheers Danny
RE: [ActiveDir] FRS/DFS woes
Where is the root of the DFS located? I seem to remember having problems with DFS replication before, because one of the servers hosting the root had it's DNS incorrectly configured. Ultrasound would report any errors sure enough. After decoding what it all means you'll need a dark room to lie down in for a few hours. :) Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: 13 June 2006 15:31 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] FRS/DFS woes I'm trying to set up a DFS share and having all sorts of issues getting it to work. I've installed Ultrasound and i'm either not sure where to look in it for the answer or it's not giving me the answer. I set up a link with 3 targets in a ring replication topology. 2 of the 3 servers are Win2k3, 1 is Win2k. The only server the file is showing up on is the one that is set up as the master to replicate from. The errors i'm mostly seeing are: The File Replication Service is having trouble enabling replication from CAMPATFS01 to CCVVPLFS01 for d:\communicator using the DNS name campatfs01.ccc.ourdomain.com. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name campatfs01.ccc.ourdomain.com from this computer. [2] FRS is not running on campatfs01.ccc.ourdomain.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. and Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller \\camdhqdc01.ccc.ourdomain.com for FRS replica set configuration information. I'm thoroughly stumped. Any advice? Name resolution seems to be working reverse and forward between the servers. Thanks in advance ~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] sample vbs script
Hi Antonio Here's a link to one of the microsoft script centre repositories. You may want to look at some of the other sections to see how to set passwords, etc. There are lots of other sites out there which will supply more sophisticated scripts, but this is a good start for picking up the building blocks. http://www.microsoft.com/technet/scriptcenter/scripts/ad/users/manage/usmgvb05.mspx Cheers Danny -Original Message- From: [EMAIL PROTECTED] on behalf of Antonio Aranda Sent: Tue 06/06/2006 20:28 To: ActiveDir@mail.activedir.org Cc: Subject: [ActiveDir] sample vbs script Could some one send me a sample vbs script that creates AD user accounts? Thanks Antonio Email has been scanned for viruses by Altman Technologies' email management service http://www.altman.co.uk/emailsystems winmail.dat
[ActiveDir] AD Wish list
Title: AD Wish list Hi I've been asked to contribute to a wish list and was planning on asking for some AD tools - specifically for reporting. I've had a look about, but the prices vary wildly. I know there's no chance of anything that's going to do a great job (Quest) as we're talking ,00's rather than ,000's. :) Trouble is there are a lot of tools out there and often they're doing stuff much of which I can script (or plagiarise :) ), plus the odd extra. Does anyone have good experiences of anything in the ,00's price range that'll report back auditing/stats/security info? All the best Danny
RE: re[2]: [ActiveDir] Getting computer name from a username
Hi Shane Have a look at PsLoggedOn from Sysinternals. It may be what your looking for. Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shane De Jager Sent: 01 December 2005 11:08 To: ActiveDir@mail.activedir.org Subject: re[2]: [ActiveDir] Getting computer name from a username nt\currentversion\winlogon /v defaultusername Thats not exactly what I was looking for. I have no idea what the computer name the user has logged onto. Can you get this from his username? -- Shane De Jager Technical Developer INTERGAGE High-performance, updateable Web sites Switchboard +44 (0)845 456 1022 == www.intergage.co.uk [EMAIL PROTECTED] Are you aware of our referral scheme? Learn how you could profit personally from passing us leads. Click here to pass a referral: www.intergage.co.uk/referrals List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VBSCRIPT ADSI IADs Get Method
Title: Message Hi Steve From Jorge's code, once you have sObjDN you can bind to it with "LDAP://" sObjDN, then do what youneed toeach account from there.Seems efficient enough. :) Cheers Danny -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve RochfordSent: 01 December 2005 11:09To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] _vbscript_ ADSI IADs Get Method I've done this kind of thing but (as Jeremy has said) it seems really inefficient to have to make all those calls. As an example, suppose I have a list of students whose accounts I want to deactivate. I'll get that as a list of sAMAccountNames (because the student ID number is used for their username). I now need to query active directory to get the distinguishedname and then bind to that object to do things to it. For some purposes I know I can use getobject("WinNT://domain/samaccountname") but that isn't always suitable. What I want is something which allows me to specify the sAMAccountName in the LDAP: string. As a complete aside, is there a reason for the odd capitalisation which always seems to be used for sAMAccountName? SAMAccountName would seem much better? Steve -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: 30 November 2005 20:14To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] _vbscript_ ADSI IADs Get Method It is possible... you only have to do it another way... query AD for the object that matches a certain sAMAccountName --- sDomainDNSW2Kx = "ADCORP.LAN" ssAMAccountName = "JORGE" Set oConnection = CreateObject("ADODB.Connection")Set oCommand = CreateObject("ADODB.Command")oConnection.Provider = "ADsDSOObject"oConnection.Open "ADs Provider" Set oCommand.ActiveConnection = oConnectionsQuery = "SELECT DistinguishedName FROM 'LDAP://" sDomainDNSW2Kx "' WHERE sAMAccountName = '" ssAMAccountName "'"oCommand.CommandText = sQuerySet oResults = oCommand.ExecutesObjDN = oResults.Fields("DistinguishedName") --- cheers, Jorge From: [EMAIL PROTECTED] on behalf of Burkes, Jeremy [Contractor]Sent: Wed 11/30/2005 9:05 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] _vbscript_ ADSI IADs Get Method Nevermind, just found the answer to my own question, and it is no, must use the persons CN, no other attributes are accepted, good to know. Thanks for the potential help. Jeremy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burkes, Jeremy [Contractor]Sent: Wednesday, November 30, 2005 3:02 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] _vbscript_ ADSI IADs Get Method Everyone, I am trying to write a _vbscript_ to connect to a user account using the samaccountname attribute to update some info. Is this even possible and if so can someone provide a code sample, I would think it would look something like this for Test in the Microsoft domain: LDAP://sAMAccountName=Test, OU=Users,DC=Microsoft,DC=COM or LDAP://sAMAccountName=Test,CN=Users,DC=Microsoft,DC=COM Then again, maybe this is not even possible. If not should I use ADO instead even though I am returning 1 record with each query, seems inefficient way to me when I can just use an ADSI pointer. Jeremy --Jeremy BurkesSystem Analyst/MIS SPHQ[EMAIL PROTECTED]PH: 202-764-1270 Fax: 202-764-1503 Email has been scanned for viruses by Altman Technologies' email management service
RE: [ActiveDir] FSMO role transfer
Hi I have to agree with Joe. Most of the time we (my colleagues and I :) ) are dealing with the mundane, which scripting makes interesting. :) Also, a previous poster mentioned career $'s being linked to scripting. Correct me if I'm wrong, but I think the point being made was that the process of learning something like scripting forces you to think about what's actually going on under the bonnet - reading far more technical articles than you may possibley have otherwise (well for me anyway :) ). That move up the curve is what opens door's to $'s not scripting in itself (not for me though! :) ). Cheers Danny joe, I can't believe you said this. Rarely are admins ever really doing hard admin type thinking/troubleshooting work constantly except for the folks who take on escalations from lower level admins. I stopped reading after this. Sorry. But I've got to cool down first. I've no argument with anything above this line and I concur and understand. BUT This is flat out wrong. Sorry. YMYMYM RH ___- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of joe Sent: Thursday, December 01, 2005 9:52 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FSMO role transfer Wow I feel heat directed at me :o) A non-scripting admin can not survive very well if at all in a large org unless the org is willing to spend a lot of money for extra admins to cover the overhead of wading through the GUI. Take my last ops position as an example. Three people handling a Fortune 5 AD. Couldn't feasibly done with the GUI. How long does it take you to enter 100 new subnets? What if you need to expire 8,000 users a day until you have expired all 200,000 users? Is that real admin work or is it clerk work if you are simply clicking on something in a GUI? If I were a manager of a business, I would rather pay a contractor or other service $10 or $15 an hour to click buttons for something like that than pay $40,$60,$100, $150 an hour to someone who is supposed to keep things running. So back to the 100 subnets question. How long in Sites and Services? Hours? What are the chances of a mistake? High? Now you write a script to do it, how long? Maybe hours to write it and then seconds to minutes to run for ever after? Chances of a mistake? Low for entry, also severely reduced for supplied data if script has sanity checks in it? Also once in script form it is that much easier to say put on a web site and delegate to others to do by entering basic answers to basic questions in a form. Don't create 100 subnets in small org? What other items do you do that are no-brainer work that could be scripted. If you didn't have that workload how much other work could you get done? Rarely are admins ever really doing hard admin type thinking/troubleshooting work constantly except for the folks who take on escalations from lower level admins. Possibly this is different in the SBS world and there is no repetitive work being done that isn't better served by a script, I don't have that experience, I would expect however that there is quite a bit that could be scripted or else Susan wouldn't have the I would rather see something safe from MS than a script from someone in the backroom attitude. A saying I have used here in the past that I always used at work is that you can't be too busy cutting down trees to sharpen your axe. It applies both to training and scripting. If you are too busy to do nothing but the work in front of you, you will never see the edge of the forest as you get slower and slower at doing what you are doing. At some point you have to step back and spend some time to make yourself more informed or more efficient. The more time you spend getting more efficient, the more time you have to keep yourself informed and get even more efficient. Finally scripting requires understanding of how things are working, using the GUI doesn't. Trying to script processes forces a person to learn more about the product they are supporting and could very likely get them to learn enough that the next time they encounter a failure, they fully or at least more fully troubleshoot versus changing things in the GUI until it works. If you look at an admin making $35k a year versus one making $60k a year versus one making $80k a year versus one making $150k a year versus one making over $240k a year you are probably not looking at a raise in salary because someone knows the GUI better than the others. If you see someone who rose through those salary ranks in say 5 years, it isn't because they knew the GUI keyboard shortcuts. Understanding scripting makes you more valuable both because you can operate more efficiently and because you tend to have a better grasp of how things work because you are forced to learn the details which are covered by the GUI. Not only that, you can troubleshoot better because you have more options to you. I recently ran into an issue where
RE: [ActiveDir] Latency in Group membership
Title: Message Hi We only have one siteand a mesh topology. Replication is hourly, but even when we update group membership then force replication the latency still exsists. All the DC's are on Gig links! Cheers Danny -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, CharlesSent: 13 July 2005 15:31To: 'ActiveDir@mail.activedir.org'Subject: RE: [ActiveDir] Latency in Group membership Just curious, how often are you replicating between your sites?And what does your topology look like. We have noticed this type of issue when we make the changes on one of our DCs that doesn't directly replicate to the one that is being authenticated to. So we had to wait one hour for one set of replications to take place and then another 3 for the other set. (We have a really slow link with a DC at one end so we had to do the longer replication time.) Charlie -Original Message-From: McCann, Danny [mailto:[EMAIL PROTECTED]Sent: Wednesday, July 13, 2005 9:18 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Latency in Group membership Hi There are no apps running on the DC's. The event logs are clean, butthere is the occasionaldirectory replication problem (every few days), a single object with "directory busy, will try again later", which willthen succeed on the next replication. Butthey pass all the DCDiag tests. Cheers Danny -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: 13 July 2005 13:18To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Latency in Group membership What apps are running on the DC's? Have you checked to be sure that replication is functioning correctly? Event logs clean? Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, DannySent: Wednesday, July 13, 2005 4:33 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Latency in Group membership Hi Recently our domain has began to show some latency in resolving group membership. Ie When someone is newly added to a group for access to a particular resource it's now taking much longer than was the norm to resolve that security. It's taking anything from 30mins to the next day to resolve itself. Logging off and back on again to clear the kerberos ticket doesn't (usually) solve the problem. I've tested AD and monitored some NTDS performance counters and everything appears to be fine. Network performance is good and there's no great loading on any of the DC's. I'd be grateful if anyone could help me out with some guidance on where to look next. Thanks Danny
RE: [ActiveDir] Latency in Group membership
Title: Message Hi We do have the odd user whois member of a large number of groups (~20). How many is too many? Looks like a lot of investigative work required then. Oh well, coffee on and sleeves rolled up! Cheers Danny -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: 14 July 2005 04:36To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Latency in Group membership You need to determine what your replication latency is. If the group membership is set on an authenticating DC, you will get it is in your token unless there are other issues like having way too many group memberships or something else that causes a kerberos issue. So again, look at how long your latency is for making a chance and seeing it on all DCs. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, DannySent: Wednesday, July 13, 2005 10:18 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Latency in Group membership Hi There are no apps running on the DC's. The event logs are clean, butthere is the occasionaldirectory replication problem (every few days), a single object with "directory busy, will try again later", which willthen succeed on the next replication. Butthey pass all the DCDiag tests. Cheers Danny -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: 13 July 2005 13:18To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Latency in Group membership What apps are running on the DC's? Have you checked to be sure that replication is functioning correctly? Event logs clean? Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, DannySent: Wednesday, July 13, 2005 4:33 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Latency in Group membership Hi Recently our domain has began to show some latency in resolving group membership. Ie When someone is newly added to a group for access to a particular resource it's now taking much longer than was the norm to resolve that security. It's taking anything from 30mins to the next day to resolve itself. Logging off and back on again to clear the kerberos ticket doesn't (usually) solve the problem. I've tested AD and monitored some NTDS performance counters and everything appears to be fine. Network performance is good and there's no great loading on any of the DC's. I'd be grateful if anyone could help me out with some guidance on where to look next. Thanks Danny
RE: [ActiveDir] Latency in Group membership
Hi That's a highly likely explanation. Some re-organisation of the groups/membership required then. We're due a spring clean anyway. :) Is an offline Metadata cleanup worthwhile performing? Thanks to all for the advice. Much appreciated! Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: 14 July 2005 10:33 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Latency in Group membership My gut says that it is not a member of a lot of groups, but more a group with too many memberships ... If you have too many values for a group (the official soft limit is 5000), then you can get write conflict, or version store issues, that can cause the group membership change to not be applied because of a timing issue or resource issues, that may be temporary. Replication continues to try, and eventually succeeds. This could be an explanation. Cheers, BrettSh [msft] SDE On Thu, 14 Jul 2005, McCann, Danny wrote: Hi We do have the odd user who is member of a large number of groups (~20). How many is too many? Looks like a lot of investigative work required then. Oh well, coffee on and sleeves rolled up! Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: 14 July 2005 04:36 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Latency in Group membership You need to determine what your replication latency is. If the group membership is set on an authenticating DC, you will get it is in your token unless there are other issues like having way too many group memberships or something else that causes a kerberos issue. So again, look at how long your latency is for making a chance and seeing it on all DCs. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny Sent: Wednesday, July 13, 2005 10:18 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Latency in Group membership Hi There are no apps running on the DC's. The event logs are clean, but there is the occasional directory replication problem (every few days), a single object with directory busy, will try again later, which will then succeed on the next replication. But they pass all the DCDiag tests. Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: 13 July 2005 13:18 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Latency in Group membership What apps are running on the DC's? Have you checked to be sure that replication is functioning correctly? Event logs clean? Al _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, Danny Sent: Wednesday, July 13, 2005 4:33 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Latency in Group membership Hi Recently our domain has began to show some latency in resolving group membership. Ie When someone is newly added to a group for access to a particular resource it's now taking much longer than was the norm to resolve that security. It's taking anything from 30mins to the next day to resolve itself. Logging off and back on again to clear the kerberos ticket doesn't (usually) solve the problem. I've tested AD and monitored some NTDS performance counters and everything appears to be fine. Network performance is good and there's no great loading on any of the DC's. I'd be grateful if anyone could help me out with some guidance on where to look next. Thanks Danny List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DFS Client for Mac and UNIX
A while back our Mac guy asked Apple if they could engineer a DFS client and they said they would look into it - same problem as yourself. I don't know what came of it, or if he found an alternative solution, but I'll find out and let you know if anything useful came out of it. He's on holiday at the moment though :). Cheers Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) Sent: 14 July 2005 11:51 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DFS Client for Mac and UNIX Hey All, Been a while... Got a problem. I am being tasked to work on an automated provisioning system for network resources. Obviously AD will be the security provider HUB. I would also like to be able to use DFS as the HUB for access to shared network data. The problem is that we have a large contingency of Mac's and possibly some Linux / UNIX. I have been searching, and it looks like it might be possible to use SAMBA as a DFS client. Does anyone here have any experience or suggestions on how best to allow alternative clients access to DFS shares? Thanks in Advance, Todd Myrick List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Latency in Group membership
Title: Latency in Group membership Hi Recently our domain has began to show some latency in resolving group membership. Ie When someone is newly added to a group for access to a particular resource it's now taking much longer than was the norm to resolve that security. It's taking anything from 30mins to the next day to resolve itself. Logging off and back on again to clear the kerberos ticket doesn't (usually) solve the problem. I've tested AD and monitored some NTDS performance counters and everything appears to be fine. Network performance is good and there's no great loading on any of the DC's. I'd be grateful if anyone could help me out with some guidance on where to look next. Thanks Danny
RE: [ActiveDir] Latency in Group membership
Title: Message Hi There are no apps running on the DC's. The event logs are clean, butthere is the occasionaldirectory replication problem (every few days), a single object with "directory busy, will try again later", which willthen succeed on the next replication. Butthey pass all the DCDiag tests. Cheers Danny -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: 13 July 2005 13:18To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Latency in Group membership What apps are running on the DC's? Have you checked to be sure that replication is functioning correctly? Event logs clean? Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, DannySent: Wednesday, July 13, 2005 4:33 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Latency in Group membership Hi Recently our domain has began to show some latency in resolving group membership. Ie When someone is newly added to a group for access to a particular resource it's now taking much longer than was the norm to resolve that security. It's taking anything from 30mins to the next day to resolve itself. Logging off and back on again to clear the kerberos ticket doesn't (usually) solve the problem. I've tested AD and monitored some NTDS performance counters and everything appears to be fine. Network performance is good and there's no great loading on any of the DC's. I'd be grateful if anyone could help me out with some guidance on where to look next. Thanks Danny
RE: [ActiveDir] Book recommendations please
Title: Message Thanks folks Much appreciated. Danny -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: 11 January 2005 14:46To: 'ActiveDir@mail.activedir.org'Subject: RE: [ActiveDir] Book recommendations please Yep. It comes from acronym Mash Until No Good (mostly). Kb 314649 is the one you're looking for. They call it 'mangled' in that one. al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe PochedleySent: Tuesday, January 11, 2005 9:38 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Book recommendations please Is "munged" the technical term? :) I'm looking to do a Exch 2003 upgrade soon myself, so I was just curious as this is something I was just starting to look into. Thanks for the pointers. Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 11, 2005 8:56 AMTo: 'ActiveDir@mail.activedir.org'Subject: RE: [ActiveDir] Book recommendations please Just in case it's hard to find: http://www.microsoft.com/exchange/library http://www.microsoft.com/ad I will say you'll find the upgrade information for Exchange a little easier to find. You'll also find the upgrade to AD 2003 a little easier to do. Strange how that works out :) One caution: Look for the information on munged attributes or attribute collisions when upgrading your AD Forest to 2003. Since you have Exchange 2000, it will be important to you. I believe it was in the readme, but it's pretty well documented out there. Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert RutherfordSent: Tuesday, January 11, 2005 6:20 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Book recommendations please I would say that the MS site has all the info you need for both tasks. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McCann, DannySent: 11 January 2005 10:41To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Book recommendations please Hi I'm looking for some recommendations for books to buy regarding movng from AD 2000 to AD 2003 and Exchange 2000 to Exchange 2003. Cheers Danny ===Scanned for virus infection by Messagelabs===
[ActiveDir] Book recommendations please
Title: Book recommendations please Hi I'm looking for some recommendations for books to buy regarding movng from AD 2000 to AD 2003 and Exchange 2000 to Exchange 2003. Cheers Danny
RE: [ActiveDir] SUMMARY: Mixed network PC and Mac - AD or XServe
- Can XServe volumes be managed by Active Directory? That is, can you add and XServe as a member server of an AD domain? Yes, you can use the active directory plugin in 10.3.3 to add xserves to an active directory domain, and some creative vi'ing on the /etc/smb.conf file to manage authentication via kerberos. - Would love to hear real-world experiences with the new AD Plug-in for 10.3.3. The 10.3.3 plugin is not bad, but the 10.3.4(due to be released the end of this week) goes a little bit farther. There is still an issue gaining a kerberos ticket if you have a particular set of circumstances, but apple has been notified of the issue and is currently working on the problem. - I consider some services like RIS to be pretty essential to speeding deployment and recovery in a Windows environment. Are there similar applications or services that require OD for Macs? Check out netboot for this purpose, it doesn't have any direct hooks into OD and isn't required to do your imaging. http://docs.info.apple.com/article.html?artnum=107912 And download System Imaging Administration Hi I attended a demo of all of the above today and everything ran very smoothly. Only issue was that they claimed to be able to map AD user account home directories, by mounting them as share points on the desktop, but coundn't demonstrate this as one of the scripts needed some work. Aparently :) Apple are also looking into a method of accessing DFS from the Mac. Cheers Danny winmail.dat
RE: [ActiveDir] Last Logon Script
Rick Do you know of any resolution to the problem of obtaining the User.LastLogoff date/time in Windows 2000/2003? It only works for NT4 domains. Cheers Danny Tim, In Windows 2000, that's a bit of a toughie - as the information is not stored in a replicated attribute. What this means (you, I think know) is that you have to query each DC to determine this information. In Windows Server 2003, this changed - a timestamp attribute is now replicated - but it's not guaranteed to be accurate any closer than a week, as I understand it. But, it's better than the unreliable nature of what is currently in place. As an example of what you could do (credit to Rod Trent for this code): On Error Resume Next Dim User Dim UserName Dim UserDomain UserDomain = InputBox(Enter the name of the domain:) UserName = InputBox(Enter the name of the user:) Set User = GetObject(WinNT:// UserDomain / UserName ,user) MsgBox The last time UserName logged on was: vbCRLf vbCRLf User.LastLogin Note that this code does not take into account the fact taht you need to parse through and query all DC that the user could have authenticated against. But, the code DOES work - however, if the user you are looking for has not authenticated against the DC that is queried then the user (for all you know) has never logged on. :-/ Good luck! Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Forcing Group Policies
Richard One of our guys was working on a similar problem, in that, Group Policy was being received inconsistantly. I asked this morning and this is the solution he told me he came up with: ...the problem seemed to be solved for most by deleting the %systemroot%\system32\grouppolicy folder on the local box, this should then be recreated the next time the system boots and logs in. Hope this helps. Cheers Danny -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: 18 July 2003 08:18 To: [EMAIL PROTECTED] Subject: [ActiveDir] Forcing Group Policies Is there a such thing as forcing group policies to hit a specific computer on the network? For some reason not all computers on the network receive the group policy i created and it's a pretty small network of only about 30 users all running Windows 2000 and 2 Windows 2000 Server machines. Has anyone ever had this awkward problem? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Server consolidation, was RE: [ActiveDir] any software that woulddo this?
Hi everyone This is my first post! Where's the champagne...? :) I noticed NetIQ supply a Server Consolidation tool for NT to 2000. Anyone any idea of the cost of this product (Jason :) ) and/or any other tools which would do the job. Also, if anyone has any previous experience of using these tools, I'd appreciate your views of them. Regards Danny McCann Glasgow Caledonian Uni. NetIQ had a products that does this for the file system and the AD. The first tool, called File Security Administrator, includes many different reports to show where a user or group has access to files, directories, and shares. http://www.netiq.com/products/fsa/default.asp http://www.netiq.com/products/dsa/default.asp Jason Sherry Product Manager - Administration Products NetIQ - mission critical software for e-business [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/