RE: [ActiveDir] DNS DOCUMENTATION
That is generally not a good idea. Google: split brain DNS this should give you a good start. Chuck Robinson, MCSE: Messaging, VCP, Senior Solutions Consultant EMC Microsoft Practice tel 732-321-3644 xt.45, mobile 973-865-0394, fax 732-321-6855 email:[EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan Sent: Friday, September 01, 2006 10:42 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DNS DOCUMENTATION HI, I have one of my client that has AD integrated DNS. The internet domain is the same that the AD domain. (domain.com) They have ns1 and ns2 to handle the internet domain, meaning mx, www, A ,etc records for domain.com, those are the external DNS servers. And they also have several internal dns servers for AD. The thing is I am able to query ns1 and ns2 from outside the office and find out everything for the domain, global catalogs, DC, etc Is this the correct way to do it? Anybody knows a good white paper or similar that deals with AD integrated DNS, internal and external dns, etc? Thanks Rezuma
RE: [ActiveDir] Ammunition, please!
The following article might help. http://www.insurancejournal.com/news/national/2006/06/20/69691.htm Chuck Robinson, MCSE: Messaging, VCP, Senior Solutions Consultant EMC Microsoft Practice tel 732-321-3644 xt.45, mobile 973-865-0394, fax 732-321-6855 email:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Wednesday, June 28, 2006 10:29 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Ammunition, please! I am being asked to install a single server in a remote location (about 20 miles from here, 20 users) that will be a DC for our entire network, running DHCP and DNS, acting as a file server and print server for this remote location. And, this server will be in an unlocked rack in a semi-public area where literally anyone could gain physical access to the box. At the very least, the 20 employees will be walking past it every day. There are many red flags about this scenario. I can think of a few. But, what I need is documentation from an *external* source that tells management just how bad an idea this is. After all, they won't believe me, but they might believe an expert. At the very least, I would want the rack in which this server is placed to be locked 24/7. Better would be a locked room. All help welcomed with many thanks. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: RE: [ActiveDir] FYI: W2K3 SP1 VMWARE issue
Title: FYI: W2K3 SP1 VMWARE issue The standalone server is in a workgroup. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Wednesday, March 22, 2006 5:11 PM To: ActiveDir@mail.activedir.org Subject: RE: RE: [ActiveDir] FYI: W2K3 SP1 VMWARE issue Is the stand alone server a member of the domain? I have had issues non vmware related where I could not promote a server to become a DC if it was a member of the domain I had to remove it first then promote it this was post sp1. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Robinson, Chuck Sent: 22 March 2006 16:50 To: ActiveDir@mail.activedir.org Subject: [Norton AntiSpam] RE: [ActiveDir] FYI: W2K3 SP1 VMWARE issue Resend: I would like to add, Can anyone from Microsoft on this list speak to what changed in Windows 2003 SP1 that would cause this symptom? Chuck From: Robinson, Chuck Sent: Friday, March 10, 2006 6:22 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] FYI: W2K3 SP1 VMWARE issue Sorry to revive this one from the archives, but it's been haunting me. I've experienced the same issue when trying to promote a standalone W2K3 SP1 server to a domain controller. In an attempt to further uncover the root cause of this nuisance I would like to add the following. This problem seems to affect Windows Server 2003 SP1 VM's running on VMware Workstation and ESX, even though ESX doesn't use shared folders (haven't tested on GSX). If the VMware Tools Shared Folders component is installed on a VM running on ESX (not default VMware Tools installation on ESX hosted VM's) the issue still raises its ugly head. Also, a Windows Server 2003 (no SP1) standalone server with the Shared Folders option installed does not experience this symptom. So, the question is what changed in Windows Server 2003 SP1 that is causing this symptom/problem? And is it Shared Folders or something in Windows Server 2003 SP1 that is incompatible with Shared Folders. Regards, Chuck From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, January 17, 2006 11:16 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] FYI: W2K3 SP1 VMWARE issue Hi Everyone, As you all may know a few months ago I posted two issues with Vmware and W2K3SP1 DCs. The issues described are: * Adding additional W2K3SP1 DCs to the forest * Creating trusts from a W2K3SP1 forest to another forest (does not matter which OS) Both the issues are described here: http://blogs.dirteam.com/blogs/jorge/archive/2005/11/14/60.aspx http://blogs.dirteam.com/blogs/jorge/archive/2005/12/18/297.aspx http://www.activedir.org/article.aspx?aid=75 This time a was setting up an environment with a w2k forest and a w2k3 sp1 forest. When setting up the trust I received the error we discussed a while ago (see articles above). A few days ago someone posted which component caused this issue. The component in error seems to be the Shared Folder component from Vmware (at least in Vmware Workstation). This time instead of changing the password of the administrator account, I deinstalled the Shared Folder component and rebooted the DC. After that I was able to create the trust without any problem. So, the Shared Folder component from Vmware does seem to be the root cause of this. Cheers, Jorge Met vriendelijke groet / Kind regards, Jorge de Almeida Pinto Infrastructure Consultant BLOG http://blogs.dirteam.com/blogs/jorge/default.aspx __ LogicaCMG Nederland B.V. (BU SD/AT) Division Industry, Distribution and Transport (IDT) Kennedyplein 248, 5611 ZT, Eindhoven . Postbus 7089 5605 JB Eindhoven ( Tel : +31-(0)40-29.57.777 2 Fax : +31-(0)40-29.57.709 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : [EMAIL PROTECTED] http://www.logicacmg.com/ - Solutions that matter - This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: [ActiveDir] FYI: W2K3 SP1 VMWARE issue
Title: FYI: W2K3 SP1 VMWARE issue Resend: I would like to add, Can anyone from Microsoft on this list speak to what changed in Windows 2003 SP1 that would cause this symptom? Chuck From: Robinson, Chuck Sent: Friday, March 10, 2006 6:22 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] FYI: W2K3 SP1 VMWARE issue Sorry to revive this one from the archives, but it's been haunting me. I've experienced the same issue when trying to promote a standalone W2K3 SP1 server to a domain controller. In an attempt to further uncover the root cause of this nuisance I would like to add the following. This problem seems to affect Windows Server 2003 SP1 VM's running on VMware Workstation and ESX, even though ESX doesn't use shared folders (haven't tested on GSX). If the VMware Tools Shared Folders component is installed on a VM running on ESX (not default VMware Tools installation on ESX hosted VM's) the issue still raises its ugly head. Also, a Windows Server 2003 (no SP1) standalone server with the Shared Folders option installed does not experience this symptom. So, the question is what changed in Windows Server 2003 SP1 that is causing this symptom/problem? And is it Shared Folders or something in Windows Server 2003 SP1 that is incompatible with Shared Folders. Regards, Chuck From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, January 17, 2006 11:16 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] FYI: W2K3 SP1 VMWARE issue Hi Everyone, As you all may know a few months ago I posted two issues with Vmware and W2K3SP1 DCs. The issues described are: * Adding additional W2K3SP1 DCs to the forest * Creating trusts from a W2K3SP1 forest to another forest (does not matter which OS) Both the issues are described here: http://blogs.dirteam.com/blogs/jorge/archive/2005/11/14/60.aspx http://blogs.dirteam.com/blogs/jorge/archive/2005/12/18/297.aspx http://www.activedir.org/article.aspx?aid=75 This time a was setting up an environment with a w2k forest and a w2k3 sp1 forest. When setting up the trust I received the error we discussed a while ago (see articles above). A few days ago someone posted which component caused this issue. The component in error seems to be the Shared Folder component from Vmware (at least in Vmware Workstation). This time instead of changing the password of the administrator account, I deinstalled the Shared Folder component and rebooted the DC. After that I was able to create the trust without any problem. So, the Shared Folder component from Vmware does seem to be the root cause of this. Cheers, Jorge Met vriendelijke groet / Kind regards, Jorge de Almeida Pinto Infrastructure Consultant BLOG http://blogs.dirteam.com/blogs/jorge/default.aspx __ LogicaCMG Nederland B.V. (BU SD/AT) Division Industry, Distribution and Transport (IDT) Kennedyplein 248, 5611 ZT, Eindhoven . Postbus 7089 5605 JB Eindhoven ( Tel : +31-(0)40-29.57.777 2 Fax : +31-(0)40-29.57.709 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : [EMAIL PROTECTED] http://www.logicacmg.com/ - Solutions that matter - This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: [ActiveDir] FYI: W2K3 SP1 VMWARE issue
Title: FYI: W2K3 SP1 VMWARE issue Sorry to revive this one from the archives, but it's been haunting me. I've experienced the same issue when trying to promote a standalone W2K3 SP1 server to a domain controller. In an attempt to further uncover the root cause of this nuisance I would like to add the following. This problem seems to affect Windows Server 2003 SP1 VM's running on VMware Workstation and ESX, even though ESX doesn't use shared folders (haven't tested on GSX). If the VMware Tools Shared Folders component is installed on a VM running on ESX (not default VMware Tools installation on ESX hosted VM's) the issue still raises its ugly head. Also, a Windows Server 2003 (no SP1) standalone server with the Shared Folders option installed does not experience this symptom. So, the question is what changed in Windows Server 2003 SP1 that is causing this symptom/problem? And is it Shared Folders or something in Windows Server 2003 SP1 that is incompatible with Shared Folders. Regards, Chuck From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, January 17, 2006 11:16 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] FYI: W2K3 SP1 VMWARE issue Hi Everyone, As you all may know a few months ago I posted two issues with Vmware and W2K3SP1 DCs. The issues described are: * Adding additional W2K3SP1 DCs to the forest * Creating trusts from a W2K3SP1 forest to another forest (does not matter which OS) Both the issues are described here: http://blogs.dirteam.com/blogs/jorge/archive/2005/11/14/60.aspx http://blogs.dirteam.com/blogs/jorge/archive/2005/12/18/297.aspx http://www.activedir.org/article.aspx?aid=75 This time a was setting up an environment with a w2k forest and a w2k3 sp1 forest. When setting up the trust I received the error we discussed a while ago (see articles above). A few days ago someone posted which component caused this issue. The component in error seems to be the Shared Folder component from Vmware (at least in Vmware Workstation). This time instead of changing the password of the administrator account, I deinstalled the Shared Folder component and rebooted the DC. After that I was able to create the trust without any problem. So, the Shared Folder component from Vmware does seem to be the root cause of this. Cheers, Jorge Met vriendelijke groet / Kind regards, Jorge de Almeida Pinto Infrastructure Consultant BLOG http://blogs.dirteam.com/blogs/jorge/default.aspx __ LogicaCMG Nederland B.V. (BU SD/AT) Division Industry, Distribution and Transport (IDT) Kennedyplein 248, 5611 ZT, Eindhoven . Postbus 7089 5605 JB Eindhoven ( Tel : +31-(0)40-29.57.777 2 Fax : +31-(0)40-29.57.709 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : [EMAIL PROTECTED] http://www.logicacmg.com/ - Solutions that matter - This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: [ActiveDir] FYI: W2K3 SP1 VMWARE issue
Yes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Friday, March 10, 2006 6:42 PM To: ActiveDir.org Subject: Re: [ActiveDir] FYI: W2K3 SP1 VMWARE issue Chuck, Is it still an issue in 2.5.2? Mark -Original Message- From: Robinson, Chuck [EMAIL PROTECTED] Date: Fri, 10 Mar 2006 18:21:38 To:ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FYI: W2K3 SP1 VMWARE issue Sorry to revive this one from the archives, but it's been haunting me. I've experienced the same issue when trying to promote a standalone W2K3 SP1 server to a domain controller. In an attempt to further uncover the root cause of this nuisance I would like to add the following. This problem seems to affect Windows Server 2003 SP1 VM's running on VMware Workstation and ESX, even though ESX doesn't use shared folders (haven't tested on GSX). If the VMware Tools Shared Folders component is installed on a VM running on ESX (not default VMware Tools installation on ESX hosted VM's) the issue still raises its ugly head. Also, a Windows Server 2003 (no SP1) standalone server with the Shared Folders option installed does not experience this symptom. So, the question is what changed in Windows Server 2003 SP1 that is causing this symptom/problem? And is it Shared Folders or something in Windows Server 2003 SP1 that is incompatible with Shared Folders. Regards, Chuck From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, January 17, 2006 11:16 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] FYI: W2K3 SP1 VMWARE issue Hi Everyone, As you all may know a few months ago I posted two issues with Vmware and W2K3SP1 DCs. The issues described are: * Adding additional W2K3SP1 DCs to the forest * Creating trusts from a W2K3SP1 forest to another forest (does not matter which OS) Both the issues are described here: http://blogs.dirteam.com/blogs/jorge/archive/2005/11/14/60.aspx http://blogs.dirteam.com/blogs/jorge/archive/2005/12/18/297.aspx http://www.activedir.org/article.aspx?aid=75 This time a was setting up an environment with a w2k forest and a w2k3 sp1 forest. When setting up the trust I received the error we discussed a while ago (see articles above). A few days ago someone posted which component caused this issue. The component in error seems to be the Shared Folder component from Vmware (at least in Vmware Workstation). This time instead of changing the password of the administrator account, I deinstalled the Shared Folder component and rebooted the DC. After that I was able to create the trust without any problem. So, the Shared Folder component from Vmware does seem to be the root cause of this. Cheers, Jorge Met vriendelijke groet / Kind regards, Jorge de Almeida Pinto Infrastructure Consultant BLOG agrave; http://blogs.dirteam.com/blogs/jorge/default.aspx __ LogicaCMG Nederland B.V. (BU SD/AT) Division Industry, Distribution and Transport (IDT) Kennedyplein 248, 5611 ZT, Eindhoven . Postbus 7089 5605 JB Eindhoven ( Tel: +31-(0)40-29.57.777 2 Fax : +31-(0)40-29.57.709 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : [EMAIL PROTECTED] http://www.logicacmg.com/ - Solutions that matter - This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Gauging AD experience
Internosis is now EMC Microsoft Practice. Doug, contact me offline if you are considering this option. [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Wednesday, January 18, 2006 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Gauging AD experience Hiring on with an IT services company that does large Windows projects would probably be the best way to develop the experience you're looking for. That way you get exposure to many different environments, requirements, people, and projects. HP, Internosis, LogicaCMG, and Microsoft Consulting Servicesare some examples, and there are tens or hundreds of others. Some smaller consulting companies like Oxford Computer Group focus on IdM projects and will sometimes get pulled into AD projects in an advisory capacity. From a career standpoint, I would look more to the broader IdM technologies. AD expertise is rapidly becoming comoditized, and inlarger enterprise environments, AD is but one component of the IdM and security infrastructure. Moving forward, MIIS and ADFS are going to take center stage in the WIndows environment, and AD is going to be pushed more into the background. AD will still be a critical component, and there will always be a need for architects who can design large AD infrastructures. ButAD won't be where the action is. -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Wednesday, January 18, 2006 9:49 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Gauging AD experience I am trying to figure out how one gauges their AD experience. For example, I have designed, implemented and maintained an AD/Exchange environment of 5000 users with 1000 workstations from the ground up, alone. The environment is only 3 sites, with little complexity. I now work for a company maintaining a directory of about 150 users and 150 workstations. And the more local AD people I talk to, the more confident I am that I know quite a bit about AD compared to them (only talking about the people I have metnot generalizing the entire industry). Although I am not a guru like some on this list, I would like to get myself to the place where I can say yeah, I can design your 50,000 user / 15 site infrastructure. Or is that even possible? Is a project of that size several directory experts working together? I honestly believe that I could perform such a task, but knowing that I would make some mistakes that a VERY experienced person would not. So, I guess my question is: How do I get to where I want to be? Consult? Try to get a job with the biggest company I can? There may be no real answer, but I thought it was worth asking because I have been thinking about it for a couple of months and dont know where to start to move forward, and this is the only place I know that has people that I consider AD gurus (or gods even)
RE: [ActiveDir] OT: Gauging AD experience
Last week, http://www.emc.com/news/emc_releases/showRelease.jsp?id=3796 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Wednesday, January 18, 2006 1:53 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Gauging AD experience Yikes, I missed that one! When did that happen? -g From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robinson, Chuck Sent: Wednesday, January 18, 2006 11:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Gauging AD experience Internosis is now EMC Microsoft Practice. Doug, contact me offline if you are considering this option. [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Wednesday, January 18, 2006 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Gauging AD experience Hiring on with an IT services company that does large Windows projects would probably be the best way to develop the experience you're looking for. That way you get exposure to many different environments, requirements, people, and projects. HP, Internosis, LogicaCMG, and Microsoft Consulting Servicesare some examples, and there are tens or hundreds of others. Some smaller consulting companies like Oxford Computer Group focus on IdM projects and will sometimes get pulled into AD projects in an advisory capacity. From a career standpoint, I would look more to the broader IdM technologies. AD expertise is rapidly becoming comoditized, and inlarger enterprise environments, AD is but one component of the IdM and security infrastructure. Moving forward, MIIS and ADFS are going to take center stage in the WIndows environment, and AD is going to be pushed more into the background. AD will still be a critical component, and there will always be a need for architects who can design large AD infrastructures. ButAD won't be where the action is. -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Wednesday, January 18, 2006 9:49 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Gauging AD experience I am trying to figure out how one gauges their AD experience. For example, I have designed, implemented and maintained an AD/Exchange environment of 5000 users with 1000 workstations from the ground up, alone. The environment is only 3 sites, with little complexity. I now work for a company maintaining a directory of about 150 users and 150 workstations. And the more local AD people I talk to, the more confident I am that I know quite a bit about AD compared to them (only talking about the people I have metnot generalizing the entire industry). Although I am not a guru like some on this list, I would like to get myself to the place where I can say yeah, I can design your 50,000 user / 15 site infrastructure. Or is that even possible? Is a project of that size several directory experts working together? I honestly believe that I could perform such a task, but knowing that I would make some mistakes that a VERY experienced person would not. So, I guess my question is: How do I get to where I want to be? Consult? Try to get a job with the biggest company I can? There may be no real answer, but I thought it was worth asking because I have been thinking about it for a couple of months and dont know where to start to move forward, and this is the only place I know that has people that I consider AD gurus (or gods even)
RE: [ActiveDir] Open Another User's Registry File
Open Regedit, set your focus to HKLM, use Load Hive from the File Menu. Be sure to unload the hive when you are done. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Monday, June 27, 2005 9:49 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Open Another User's Registry File Is it possible to open another users ntuser.dat file for editing? I would like to be able to edit some per-user settings for specific users, but when I try to open it using regedt or regedt32, I am asked if I want to add the information in the file to the registry, which I do not want to do. This is on a Windows 2000 Server machine. I appreciate any help, _ Daniel DeStefano
RE: [ActiveDir] Citrix and AD migrations
Charlie, Two things: 1: Your Citrix servers should now use the same DNS servers as AD. 2: TS Profiles don't get translated using ADMT only User Profiles. The file/directory part of the profile can be accessed after the migration using SID History (assuming your doing this). However the Registry portion of the profile(NTUser.dat) cannot use SID history. You can fake this out by specifying the TS Profile as the User Profile before the migration. ADMT with then translate the whole profile, at that point you should return the User Profile back to it's original state. Hope this helps. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Tuesday, December 21, 2004 9:37 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Citrix and AD migrations I'm conducting an NT 4 to 2003 AD migration and I'm having a bit of an issue with my Citrix setup. Background: I have about 40 remote sites and a Citrix farm that is located with our central IT staff. We are about 20% through the migration which does not include any of the central servers (we do have servers at most of our remote sites) or the Citrix farm. We are using the ADMTv2 tool to migration the users, groups, workstations and servers. Problem: Our Citrix profiles path don't seem to be working very well after we conduct the migration. We were having an issue with a number of our applications and we discovered that if we copied our Terminal Services Profile Home Folder to our Profile Home Folder location most of the apps then work correctly. However, I don't think that the profile stuff is functioning correctly. I have deleted one users Citrix Profile and what usually happens is when the user logs into Citrix it automatically creates a new profile for them. This doesn't seem to be happening, however they are still able to use Citrix. If this user still has her old profile then she receives an error when she tries to run the application. Has anyone seen this type of issue when conducting the migration of Citrix users? Thanks, Charlie List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir]OT: Terminal Service and 2003
It comes with Windows Server 2003 and XP. Chuck From: [EMAIL PROTECTED] on behalf of Cothern Jeff D. Team EITC Sent: Thu 10/7/2004 9:47 PM To: [EMAIL PROTECTED] Subject: [ActiveDir]OT: Terminal Service and 2003 I am trying to find a way to ensure that a user logs out of the terminal service session before they log off their local kiosk machine. There is an icon that shows up when you terminal service in under start settings called windows security. This provides the interface that you normally get when you hit ctrl alt del. I am unable to click and drag or create short cut from it. I would like to put this on the desktop if at all possible. Does any one have any suggestions. OR Someone told me there used to me a utility called logoff.exe in the resource kit. I can find reference for NT 4.0 but nothing in windows 2003 environment. Anyone ever hear of it and if it still exists. Jeff winmail.dat
RE: [ActiveDir] Corrupt profiles after w2k3 upgrade?
Sometimes Anti-Virus SW will cause the Event ID: 1000. Check with your AV manufacturer. Try setting AV services to Manual, reboot, logon/logoff. See if that clears up the ID: 1000's Chuck From: [EMAIL PROTECTED] on behalf of Alex Fontana Sent: Thu 9/16/2004 1:31 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Corrupt profiles after w2k3 upgrade? Hello all, we've had a few calls this week (more this week than last) about folks' profiles being corrupt, i.e: they are having a new profile created when they log on. User bob now has bob.domain or in some instances even bob.domain.00, etc. I've looked at a few machines and notice no noticeable change, the user still has Full Control access on the old profile folder, so it doesn't appear to be a permissions issue. The only change is that we upgraded our first domain controller to WIndows 2003, however the schema has been extended for about 3 weeks now. This is the only questionable event I've found on the machines that have experienced this issue. Event ID: 1000 Source: USERENV Data: Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator. Anyone have any clue as to what may be causing these new profiles to be created all of a sudden? FYI: these are mainly Windows 2000 Laptops running SP3 or SP4. -Alex. winmail.dat
RE: [ActiveDir] Site topology mappers
ADMAP From: [EMAIL PROTECTED] on behalf of Deuby, Sean P Sent: Thu 7/29/2004 3:52 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Site topology mappers I'm a firm believer in the maxim a picture's worth a thousand words. Can anyone recommend a tool that maps out a graphical representation of one's AD site topology? Standalone is best, but if you love one that's part of a bigger package that's worthwhile knowing too. Thanks, Sean winmail.dat
RE: [ActiveDir] Proxy Server
DHCP Scope Options? -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Tue 7/8/2003 3:29 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [ActiveDir] Proxy Server Oh wait, hmmm that's only good for IE. Is there a way to do it regardless of their browser? On Tuesday, July 8, 2003, at 12:05 PM, [EMAIL PROTECTED] wrote: Using GPO: User Configuration Windows Settings -Connection -Proxy Settings You can use IEAK for similar thing, but why do more work, eh? Enjoy. Sincerely, Dj Akmlf, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Richard Sumilang Sent: Tue 7/8/2003 11:47 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Proxy Server I'm running DHCP from my Windows 2000 Server for all my clients on the network and I just recently setup a proxy server on another computer. How can I apply the proxy server's information without having to walk to everyones computer? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat
RE: [ActiveDir] Proxy Server
Check out KB http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b252898 I haven't used this feature, thought it could be relevant. -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Tue 7/8/2003 4:49 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [ActiveDir] Proxy Server How so? 072 World Wide Web Servers? On Tuesday, July 8, 2003, at 01:04 PM, Robinson, Chuck wrote: DHCP Scope Options? -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Tue 7/8/2003 3:29 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [ActiveDir] Proxy Server Oh wait, hmmm that's only good for IE. Is there a way to do it regardless of their browser? On Tuesday, July 8, 2003, at 12:05 PM, [EMAIL PROTECTED] wrote: Using GPO: User Configuration Windows Settings -Connection -Proxy Settings You can use IEAK for similar thing, but why do more work, eh? Enjoy. Sincerely, Dj Akmlf, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Richard Sumilang Sent: Tue 7/8/2003 11:47 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Proxy Server I'm running DHCP from my Windows 2000 Server for all my clients on the network and I just recently setup a proxy server on another computer. How can I apply the proxy server's information without having to walk to everyones computer? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat
[ActiveDir] Has anyone ever seen this file?
SYSVOL\fully_qualified_domain_name\Policies\{Policy_Guid}\Adm\GptTmpl.tmp