RE: RE : RE: [ActiveDir] SID Deleted users remains in NTS permission.
The issue is that there is no automated service in AD/Windows that reconciles the SIDs in AD with those used to ACL the file system; and AD ACLs are separate and disconnected from the OS ACLs. Imagine deleting a group or user that had permissions on hundreds of computers around your network the OS on each box would have to *know* that the user or group was deleted then scan itself for obsolete SIDs or alternativly some service on the DC could contact each server to scan it for obsolete SIDs. As Deji correctly pointed out this is another example of why you should use groups to do your permissioning... it is also one of the reasons why many administrators choose to disable user accounts rather than just delete them when they become obsolete. Bob From: [EMAIL PROTECTED] on behalf of Yann Sent: Thu 1/4/2007 5:35 AM To: ActiveDir@mail.activedir.org Subject: RE : RE: [ActiveDir] SID Deleted users remains in NTS permission. Thanks for replying. You say that it is normal that the sid still remains in file directory ACLs after the deletion of the corresponding group ?? I always thought that sids *HAVE TO* disapear dynamically on all existing ACLs set on file server. I'm a bit surprise that the system (AD-file server) leave this dirty sid and that there is no synchronisation that updates the link between the AD object and the ACE What is the reason ? could this behavior be altering ? I'd like sid disappears after deletion of the corresponding group in AD in order to not have this dirty SIDs... Thanks. Yann Akomolafe, Deji [EMAIL PROTECTED] a écrit : It's normal. You should be permissioning your resources with groups instead of directly with user accounts. Groups tend to last longer, so you don't have to deal with the horrible SIDs. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) /|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.com - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Yann Sent: Thu 1/4/2007 1:52 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SID Deleted users remains in NTS permission. Hello all Happy new year ! :) AD 2k3 sp1 in FFL mode. When i delete a user or group from AD, and these objects have permissions on ntfs permissions, i usually see their sids remaining in those file directory ACLs. Is this normal ? If not,what could be the reason(s) how to investigate this issue ? Thanks, Yann __ Do You Yahoo!? En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités http://mail.yahoo.fr Yahoo! Mail __ Do You Yahoo!? En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités http://mail.yahoo.fr Yahoo! Mail
RE: [ActiveDir] Microsoft MIIS: Server 2003 AD and MSSQL 2000 integration?
Yes, there is an MS-SQL MA that comes with MIIS Enterprise Edition. http://www.microsoft.com/windowsserversystem/miis2003/evaluation/overview/default.mspx. MIIS may be a little much if this is a one-time import. Configuration is about a day or two depending on your situation. If you need to have on-going sync of those accounts then MIIS would be pretty good solution. Bob From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kasper Sørensen Sent: Thursday, August 25, 2005 7:20 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Microsoft MIIS: Server 2003 AD and MSSQL 2000 integration? Well.. If i buy MIIS, will it then be possible to import users that are stored in a MSSQL 2000 database, to Active Directory 2003? -- Best Regards Kasper Sørensen www.mewe.dk
RE: [ActiveDir] GPO on XP 2000 Pro
Title: RE: [ActiveDir] GPO on XP 2000 Pro Most of what Ive seen is that they first organize by Geo then by organizationally (or the other way round) then further divide the objects by roles like Mobile users, Desktops, service accounts, de-provisioned users etc. I cant image organizing by attribute data like OS. I would think that a system upgrade could potentially cause GPOs to break and youd constantly be filtering ADUC on OS to figure out if you need to move stuff. I suppose scripting it could help From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of RM Sent: Thursday, August 25, 2005 12:03 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO on XP 2000 Pro On Wed, 24 Aug 2005 20:45:07 -0400, [1]Robert Bobel [EMAIL PROTECTED] said: I'm pretty much with Darren on this one. Keeping it organizad over the long term may end up being a lot of trouble especially if the environment of a fairly large size. It's easy when not every Tom, Dick, and Harry can create computer accounts.If your org is really that large, you likely already have OU's that either follow geographic lines or hierarchical lines. Sub OU's would contain servers or workstations. I cringe at the thought of a Fortune 500 with 30,000 computer accounts in one OU. Do companies really run that way? RM
RE: [ActiveDir] GPO on XP 2000 Pro
I'm pretty much with Darren on this one. Keeping it organizad over the long term may end up being a lot of trouble especially if the envionment of a fairly large size. From: [EMAIL PROTECTED] on behalf of RM Sent: Wed 8/24/2005 6:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO on XP 2000 Pro On Wed, 24 Aug 2005 15:47:10 -0700, Darren Mar-Elia [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] said: I suppose its just me but in general I'm opposed to modifying an AD structure strictly to meet a single need such as this. If there are overwhelming business reasons to have those machines there in the first place, then moving them around to accommodate a particular GP problem is probably not a good idea, because, as we all know, there will be a new problem that will come along that will have a different set of requirements. I can think of plenty of reasons to have a different OU for servers and no good reasons to not have this OU. If I were tasked with the job of admin for this environment, creating and populating a servers OU would be one of my first tasks. The second would be installing GPMC on my PC. :-) RM winmail.dat
RE: [ActiveDir] A bad bad thing...Manual push of AD?
Title: RE: [ActiveDir] A bad bad thing...Manual push of AD? Sure, but I should have written, ... one object at a time would be free. A little different from only one object. :) Seems a lot more attractive than going through a drawn out process using ntdsutil with all the potential pitfalls. From: [EMAIL PROTECTED] on behalf of Rick KingslanSent: Thu 8/11/2005 6:07 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] A bad bad thing...Manual push of AD? Best of all for one object it would be free. Huh. Nice to know. Thanks, Bob. Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert BobelSent: Thursday, August 11, 2005 4:34 PMTo: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] A bad bad thing...Manual push of AD? Ok, so sorry in advance for the productplug... Quest hastwo products called Recovery Manager for both AD and for Exchange you could download them and recover the user with the demo license. You would only need to do a Windows backup on a DC where delete has not yet been replicated. This will recover the group memberships etc... Best of all for one object it would be free. Bob From: [EMAIL PROTECTED] on behalf of Grillenmeier, GuidoSent: Thu 8/11/2005 4:50 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] A bad bad thing...Manual push of AD? it'll try - but as the version of the tombstone object will then belower than that of the auth. restored object, the local change on thedeleted object itself will simply be disregarded and the object +attributes restored (read: they will be overwritten by the auth.restored object which have a higher version number).but the main point Brett is also making seems to be ignored in the restof this thread = although we still don't know Shadow Roldan's OSversion, the probability is somewhat high that he's not using Win2003SP1 (maybe not even any non-SP1 Win2003), which means that he has totake special care of the links that the deleted object was linked to(read: mainly the group-memberships he had).Depending on the version of the DC OS, these won't be restored on theunplugged DC (Win2000 won't help you at all, Win2003 would revive thelinks if they were LVR links, Win2003 SP1 will also get the non-LVRlinks back and write them to an ldif file so that you can restore thelinks by importing the ldif file)./Guido-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Rick KingslanSent: Donnerstag, 11. August 2005 22:10To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] A bad bad thing...Manual push of AD?Brett,How is this going to help him get the DC back online that he yanked thecable on? As soon as that system is plugged back in, it's going to reploutthe change, no?Rick-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Brett ShirleySent: Thursday, August 11, 2005 1:54 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] A bad bad thing...Manual push of AD?Well you're lucky that you yanked the network cable in time, now youdon'thave to do a system state restore to get the user back ...Find a DC where the user still exists in a pristine condition, all themailbox details, etc. Reboot the DC in DS Restore mode(DSRM). Usentdsutil.exe to auth restore just that user's object.You may (probably will) also have to restore links to that user, at thispoint it'd be nice if you were running on Win2k3 SP1, but if not it isstill accomplishable.For Win2k3 Sp1, after auth restoring the user, there should be some ldffile(s) that will allow you to restore the links. Simply use ldifde, toapply these files to the appropriate DCs (up to one ldf per domain).For pre this latest generation (which is more likely, because you couldyank the net cable in time), you may have to find the objects that arelinked to the user, and restore them yourself. You can do this byperforming an LDAP operation that deletes and re-sets the links to thatuser.BTW, there is a more extensive KB article you might find useful: http://support.microsoft.com/?kbid=840001Cheers,BrettShThis posting is provided "AS IS" with no warranties, and confers norights.On Thu, 11 Aug 2005, Shadow Roldan wrote: So I did a bad thing, I deleted a user at a different site and marked his mailbox for deletion Immediately recognizing my mistake I *ran* to the server room andyanked the network cable of the dc I was connected to. For now, none of the changes have replicated. I want to bring this machine back online, but I don't want thosechanges to go through How would you make this happen? Thanks guys S List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive:http://www.mail-archive.com/activedir%40mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList
RE: [ActiveDir] A bad bad thing...Manual push of AD?
Title: RE: [ActiveDir] A bad bad thing...Manual push of AD? Ok, so sorry in advance for the productplug... Quest hastwo products called Recovery Manager for both AD and for Exchange you could download them and recover the user with the demo license. You would only need to do a Windows backup on a DC where delete has not yet been replicated. This will recover the group memberships etc... Best of all for one object it would be free. Bob From: [EMAIL PROTECTED] on behalf of Grillenmeier, GuidoSent: Thu 8/11/2005 4:50 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] A bad bad thing...Manual push of AD? it'll try - but as the version of the tombstone object will then belower than that of the auth. restored object, the local change on thedeleted object itself will simply be disregarded and the object +attributes restored (read: they will be overwritten by the auth.restored object which have a higher version number).but the main point Brett is also making seems to be ignored in the restof this thread = although we still don't know Shadow Roldan's OSversion, the probability is somewhat high that he's not using Win2003SP1 (maybe not even any non-SP1 Win2003), which means that he has totake special care of the links that the deleted object was linked to(read: mainly the group-memberships he had).Depending on the version of the DC OS, these won't be restored on theunplugged DC (Win2000 won't help you at all, Win2003 would revive thelinks if they were LVR links, Win2003 SP1 will also get the non-LVRlinks back and write them to an ldif file so that you can restore thelinks by importing the ldif file)./Guido-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Rick KingslanSent: Donnerstag, 11. August 2005 22:10To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] A bad bad thing...Manual push of AD?Brett,How is this going to help him get the DC back online that he yanked thecable on? As soon as that system is plugged back in, it's going to reploutthe change, no?Rick-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Brett ShirleySent: Thursday, August 11, 2005 1:54 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] A bad bad thing...Manual push of AD?Well you're lucky that you yanked the network cable in time, now youdon'thave to do a system state restore to get the user back ...Find a DC where the user still exists in a pristine condition, all themailbox details, etc. Reboot the DC in DS Restore mode(DSRM). Usentdsutil.exe to auth restore just that user's object.You may (probably will) also have to restore links to that user, at thispoint it'd be nice if you were running on Win2k3 SP1, but if not it isstill accomplishable.For Win2k3 Sp1, after auth restoring the user, there should be some ldffile(s) that will allow you to restore the links. Simply use ldifde, toapply these files to the appropriate DCs (up to one ldf per domain).For pre this latest generation (which is more likely, because you couldyank the net cable in time), you may have to find the objects that arelinked to the user, and restore them yourself. You can do this byperforming an LDAP operation that deletes and re-sets the links to thatuser.BTW, there is a more extensive KB article you might find useful: http://support.microsoft.com/?kbid=840001Cheers,BrettShThis posting is provided "AS IS" with no warranties, and confers norights.On Thu, 11 Aug 2005, Shadow Roldan wrote: So I did a bad thing, I deleted a user at a different site and marked his mailbox for deletion Immediately recognizing my mistake I *ran* to the server room andyanked the network cable of the dc I was connected to. For now, none of the changes have replicated. I want to bring this machine back online, but I don't want thosechanges to go through How would you make this happen? Thanks guys S List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive:http://www.mail-archive.com/activedir%40mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive:http://www.mail-archive.com/activedir%40mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive:http://www.mail-archive.com/activedir%40mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: MIIS, ADAM, AD
Nice side benefit is that the license to use MIIS with the Feature Integration pack to sync AD to ADAM is free. http://www.microsoft.com/downloads/details.aspx?familyid=D9143610-C04D-41C4-B7EA-6F56819769D5displaylang=en Bob From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Saturday, July 30, 2005 7:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: MIIS, ADAM, AD Where is this going to be located? Extranet or Intranet? If you are going to be doing some very simple syncing, I would look at writing something myself or maybe implementing one of the lighter syncing tools like SimpleSync or HP's LDSU. If you need to do a lot of transforms or complex translations or connect to lots of different data sources such as SAP, etc, MIIS might be where you want to go. If you spin up MIIS, it ispossible you may need to have a body sitting there maintaining and troubleshooting it due to its complexity plus it is really in flux right now in my opinion in terms of how many things they are looking to change and/or add to it. How is the data in the directory to be used? Is it going to be an auth point for apps or ??? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Friday, July 29, 2005 10:03 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: MIIS, ADAM, AD We have an upcoming project which will require an LDAP directory containing both our internal users, and our extranet users. Currently, our internal users are in one AD domain, the extranet users are in another. The domains are in separate forests, and there are no trusts. My plan is to use ADAM for the central LDAP directory. However, I'm on the horns of an enema, um, I mean dilemma on how to sync ADAM to the two domains. A firstglance would suggest MIIS. However, MIIS looks pretty complicated, and difficult to configure. I'm considering writing my own sync code since the task at hand is relatively straight-forward. Passwords will be a bit of a problem, but not unworkable. We use Psynch to maintain our internal passwords, so I can have it change the ADAM passwords at the same time it changes the internal AD passwords. The extranet users change their password via an existing web app, so having it change the ADAM passwords won't be an issue. Reading about ADAM proxy users leads me to believe they'd be a perfect fit as the object type to use for our internal users (authentication is relayed to AD thus negating the need to sync passwords). However, the ADAM tech ref says proxy users should only be used as a last resort, and to refer to the next section as to why. Unfortunately, the next section doesn't explain why not to use them. Anybody know why proxy user objects are evil? Are there any good MIIS for dummies type documentation around? Any good ADAM and/or MIIS mailing lists?
RE: [ActiveDir] Passwords from SQL
Did you ever notice how the name on the TU-80s looked like the word Tubo; personally I preferred the CVT-240 since it had color. (Not that the ceiling white on gray background of the 240s was bad mind you.) Bob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, June 15, 2005 2:26 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Passwords from SQL Oh I completely agree, hence the sentence Of course free is a question begging term . I expect the password piece is more a function of the application versus the DB anyway. If the application was pointed at SQL Server as written, it would probably do the same thing and set up a password table and compare users logging in to that versus using any integration in the DB product. Additionally, most university and high schools folks I have talked to through the years and certainly it was the case when I was in those places have more time than money. In high school I was the sysadmin for a PDP-11/84 running RSTS/E with 2 RK06 washing machine sized 40MB disk drives and a simple TU-80 for backups. If it didn't come for free from DEC or wasn't included in the service contract with DEC, it didn't matter how much something cost, it was entirely out of our own personal pocket so we spent far more time than money getting things working the way we wanted which including writing system monitors, device drivers, spooler and batch compiler systems, and tons of other systems tools as well as the odd ball VT-220 based video game (pacman, snakes, etc) and a steller Macro Assembler based reverse polish notation graphical calculator (also for the VT-220). Quite honestly, looking back I wouldn't have it any other way, I learned a ton about the internals of systems software by messing with Disk subsystems and writing batch systems. I would absolutely not be the person I am today without all of that hacking experience. Makes me wonder if kids in high school today that have better greater access to far better systems really dig into the guts much to make things better. Instead of seeing better systems down the road maybe we will see crappier systems as people who didn't grow up severely limited by what their systems could do and hacking them to make them better start moving into the positions where they are supposed to produce the next best thing... joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Wednesday, June 15, 2005 2:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Passwords from SQL Free to acquire, yes... However, if you spend enough time in implementing, creating, and supporting some functionality that you would otherwise gain in the paid solution (password syncing?), have you really saved any money? It's not a knock against free software... I use MySQL here and have used it for other personal applications as well... Sometimes free isn't always the best solution... Of course there's always the oft repeated quotes Acquisition costs are only a fraction of TCO Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, June 15, 2005 1:44 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Passwords from SQL When you have next to nothing for a budget, next to nothing is a lot when you can get it for free. :o) Of course free is a question begging term but for any uses I have used MySQL for it has performed admirably. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, June 15, 2005 1:28 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Passwords from SQL I am not sure why, Microsoft sells their products to education institutions for next to nothing. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Freddie Coleman III Sent: Wednesday, June 15, 2005 10:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Passwords from SQL He's probably using MY SQL instead of MS SQL for monetary reasons. Money is always an issue in education fred Hi Jacob, I have a better ID. If you use Microsoft SQL instead of MY SQL then you'll have the option of using Integrated Authentication and use the usernames and passwords that your user's log into AD with. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jacob Stabl Sent: Wednesday, June 15, 2005 8:56 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Passwords from SQL I am running a MySQL server that holds data for a grading program here in the district. Well teachers have the ability to
RE: [ActiveDir] Export user info
Or CSVDE that would put it into a CSV file. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, May 20, 2005 4:30 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Export user info The tool ldifde would be an obvious option and wouldn't require scripting. For users you would want to use (objectcategory=person)(objectclass=user), for contacts you would use (objectcategory=person)(objectclass=contact), for both, objectcategory=person would be sufficient. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 20, 2005 3:47 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Export user info A script doing ldap query for objectclass='contact' and writing that into a database or to a file (using FSO) would be an option - for me. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Jason Benway Sent: Fri 5/20/2005 12:00 PM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Export user info Is there a way to export all the user info (mainly the contact info) into a csv. Incase the ADC replicates old user info from our exchange 55. Thank you jb -- Jason Benway [EMAIL PROTECTED] GHSP 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 Required space inevitably expands to exceed available space... List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD User Export and Import
It is my understanding that you can download the free MIIS Identity Integration Feature Pack for this purpose. http://www.microsoft.com/downloads/details.aspx?FamilyID=d9143610-c04d-41c4-b7ea-6f56819769d5DisplayLang=en http://www.microsoft.com/windowsserversystem/miis2003/techinfo/planning/galsynchstep.mspx Bob From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, February 28, 2005 8:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD User Export and Import Yes, it requires you writing a script to export mailbox enabled users from both forests, then create mail-enabled contacts in the other forest. This could get involved if you have naming collisions.It could take 2 weeks just to work the script out so it doesn't cause more issues than it helps. It depends on what you are starting with. You could look for another third party toolto buy as well, but not sure you would want to do that for 2 weeks. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Santhosh Sivarajan Sent: Monday, February 28, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD User Export and Import Good morning, I have 2 AD 2003 forest with Ex2003. We need to export all the users from one forest and import ito the second Forest as contacts. Unfortunately, IIFP is not an option because we are going to merge both forests in 2 weeks. During this 2 weeks period, we need to sync both GAL. Is there a way I can copy the GAL between the forests and schedule the task? Thanks in advance!
RE: [ActiveDir] email disappearing
I would also check to see if a Forwarder (alternate delivery) was put on the exchange account itself. ADUC Properties of the User Exchange General Tab Delivery Options. Bob From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Morentin Sent: Tuesday, January 18, 2005 3:20 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] email disappearing No filters.no rulesview= messageshmmm PERFORMANCE MATERIALS CORPORATION Dan Morentin Network Administrator 805-482-1722 x231 cell: 818-445-7834 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Schorr Sent: Tuesday, January 18, 2005 12:18 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] email disappearing Check to see if you have a filter applied. -Ben- Ben M. Schorr, MCP, MVP, CNA Operations Coordinator Stockholm/KSG - Honolulu Phone: (808) 535-1500 Mobile: (808) 351-5084 http://www.scgab.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Morentin Sent: Tuesday, January 18, 2005 9:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] email disappearing Yes its delivering to inbox. They come in, but soon disappear. No rules defined. hmmm PERFORMANCE MATERIALS CORPORATION Dan Morentin Network Administrator 805-482-1722 x231 cell: 818-445-7834 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Tuesday, January 18, 2005 11:11 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] email disappearing Tools, email accounts, view/change existing email.. It's on the next page, saying deliver to the following location. Rules can do this to you as well. Be a good idea to check the rules. To troubleshoot, you may want to turn the client off and use OWA to see if it's staying in the inbox. If it's not, it may be a server side rule or a client left on somewhere other than the machine you're currently using. POP clients such as PDA's, Outlook Express, etc are known to do such things. -ajm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Morentin Sent: Tuesday, January 18, 2005 1:44 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] email disappearing Where would I check to see if I was routing mail to pst? PERFORMANCE MATERIALS CORPORATION Dan Morentin Network Administrator 805-482-1722 x231 cell: 818-445-7834 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Morentin Sent: Tuesday, January 18, 2005 09:45 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] email disappearing I think I remember a thread of this subject. Anyway email is leaving the inbox and going? When I leave outlook alone for a while the inbox clears out?? Dont know where they are going, but im used to going through a hundred emails a day.now just a few and they disappearing. Anyone? Ive done some searching on google, but cant seem to get a grip on it. PERFORMANCE MATERIALS CORPORATION Dan Morentin Network Administrator 805-482-1722 x231 cell: 818-445-7834 image001.jpg
RE: [ActiveDir] Command Line Utility
What happened to TREE? Bob From: [EMAIL PROTECTED] on behalf of Steve RochfordSent: Thu 12/23/2004 6:00 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Command Line Utility dir /s dir /s /b Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.Sent: 22 December 2004 20:31To: ActiveDir (E-mail)Subject: [ActiveDir] Command Line Utility Everyone, Do any of you know of a command line utility that would display all file names in a folder and all subfolders of the root folder? TIA Justin
RE: [ActiveDir] Command Line Utility
Pretty pictures, I work best with Prety Pictures... :) TREE C:\directory\ /f Bob From: [EMAIL PROTECTED] on behalf of Salandra, Justin A. Sent: Thu 12/23/2004 11:46 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Command Line Utility On of my Senior VPs wants to see a list of all files and folders within their legal directory. I don't know why but they do. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Rochford Sent: Thursday, December 23, 2004 11:21 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Command Line Utility It's still there but it draws the tree markers - I don't know what Justin's trying to do but if it involves processing the output of the command in any way then dir /s /b is good because you just get raw text to play with Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Bobel Sent: 23 December 2004 15:30 To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Command Line Utility What happened to TREE? Bob From: [EMAIL PROTECTED] on behalf of Steve Rochford Sent: Thu 12/23/2004 6:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Command Line Utility dir /s dir /s /b Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: 22 December 2004 20:31 To: ActiveDir (E-mail) Subject: [ActiveDir] Command Line Utility Everyone, Do any of you know of a command line utility that would display all file names in a folder and all subfolders of the root folder? TIA Justin winmail.dat
RE: [ActiveDir] OT: Virtual Server 2005
Hi Noah, I prefer the sysprep/copy method; although using the differencing disks option is attractive. The oringinal system I'm going to SYSPREP is always mutli-homed. The first NIC I put into Host Only mode so it talk to other Hosts on my system. The second NIC I NAT/Bridge to the external network. I use the second NIC to update the system imediatly before SYSPREP then disable it from within Windows then later after I've built a new image, I can re-enable it if I need to give the server external access. (One important point here, Virtual Servers/PCs appear on the network no differently than a regular server, so they are vulnerable to a virus and the like.) Another funny item to note. A while back I needed to allow VS to access a VMWare workstation image running on the same machine. If you enable the Virtual Server Switch (I think it is called Virtual Networking Services now...) on VMWare's VMNET0 NIC the two Host Only modes were joined. I haven't tried this in the final release version of VS, but I bet it still works. Bob From: [EMAIL PROTECTED] on behalf of Noah Eiger Sent: Fri 11/19/2004 3:24 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Virtual Server 2005 Hello: Is anyone using Virtual Server 2005? I am running a TechNet demo copy and had some questions. Documentation and support has been spotty (e.g., the newsgroup is not up and running yet). Here are a few questions. Any thoughts or pointers to web resources appreciated. - I can't seem to figure out how you would set up a virtual network (using a virtual w2k3 server for dns, dhcp, etc.) and then route that out to the Internet. I guess one would need a virtual router/gateway. I think the virtual DHCP server does this. - Is it possible to setup a virtual network that could also interact with other OS machines (e.g., Linux, MacOS X, etc.). I want to setup a virtual Windows network but also allow other OS machines to access file and directory services and Exchange. - How would you duplicate virtual machines? It seems that once you have built a single W2k3 server and patched it, you could simply copy it and then sysprep it. Any thoughts? Thanks. -- nme winmail.dat
RE: [ActiveDir] Exchange OT:
Title: [ActiveDir] Trusting Domain SIDs Using what method? Bob From: [EMAIL PROTECTED] on behalf of Blair, JamesSent: Sun 10/24/2004 9:11 AMTo: [EMAIL PROTECTED]Subject: Exchange OT: Toto the amazinly diverse audience out there: I am putting together a disaster recovery procedure and was wondering how long it would take to restore mailboxes directly from the database to an aleternate e-mail server. Is there any baselines out there or does anyone have any personal experience? Lets say database is 40GB... James
