from:"Rutherford, Robert"

Title: Message

This
can probably be done via group or local policy ... it depends what you want
to achieve.
Please
post.

-Original Message-From: Chris Flesher
[mailto:[EMAIL PROTECTED] Sent: 22 March 2004
18:57To: [EMAIL PROTECTED]Subject:
[ActiveDir] OT: Web Admin not member of Administrators group on local machine
- is this possible???
I have a
stand-alone 2003 server with IIS running on it. I don't want the web
administrator to be in the local administrators group. However, some of the
things that need to be done in order to administer IIS require administrator
or delegation. Is there a white paper that explains what priveleges are needed
up to giving the person administrator rights? Does someone know by experience
how to do this?
Thanks in advance.
This group is always extremely helpful.
Chris Flesher
The University of Chicago
NSIT/DCS
1-773-834-8477
The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] AD disaster recovery

Sometimes it will moan about being the same name. If this is the case
then you simply remove the object via NTDSUTIL and also double check
that it removed the servers object from the AD It's no big deal.

Sorry I can't help on the Exchange side.

-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED] 
Sent: 22 March 2004 19:22
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD disaster recovery

my steps are as follows-
i have a laptop with AD on it on site. I plan on taking the laptop to
the recovery site and forcing a transfer of FSMO roles(as this is
something i don't want to gracefully do here and botch my network. Then
i plan on installing another win 2k server and running dcpromo on it.
This server will have the same name as my dc back on site. I don't need
to restore the system state as the dc back on site is only a dc and has
some home dirs on it. i will only restore the home dirs. My question
was, will AD complain about bring up a server with the same name? should
I delete this server from the domain controllers OU or run ntdsutil and
expunge any entry in AD for this server? This server back on site held
all three fsmo roles for the domain.

Finally, and i know this is off topic and i apologize but i haven't
gotten any response from the exchange-admin list server, but does anyone
know of any good documentation on restoring an active/passive exchange
2k clustered server to a non clustered box. Is it just deleting the
virtual server object with adsiedit and then doing a fresh install of
exchange(making sure the server has the same name as the virtual server
and the legacy dn of the admin group is identical) and just restore the
info store?

Thanks and sorry for being so damn wordy.

-Original Message-
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Monday, March 22, 2004 12:15 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] AD disaster recovery

I would guess that you'll still have to remove the previuosly existing
DC's regardless but it's hard to tell what steps you're planning
exactly.  

al 

-Original Message-
From: Kern, Tom [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 22, 2004 9:51 AM
To: ActiveDir (E-mail)
Subject: [ActiveDir] AD disaster recovery

We're doing a DR test run of AD. We go to another location and try to
restore our network from tape backup(Veritas 8.6). Each time we've run
into serious issues when restoring AD to different hardware(this is all
our DR site provides) and have never been able to get up and running. So
this time, I want to put AD on a laptop, give it a few days to replicate
with our network, then take the laptop with me to the DR site, force a
transfer of all the FSMO roles, and restore that way. Also, for the
other DC's, I just want to set up new domain controllers with the same
names and not restore the system state, i,e; AD. Just app specfic stuff
and home directories. Does anyone see a problem with this? Will I run
into issues with GUID's not matching or USN's? We are also planning on
restoring an Exchange 2k server. Any help or advice, war stories,  would
be greatly appreciated. Thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Making a test Network, 3 w2k srvs

Title: Message



?
 
What 
do you mean that Exchange2000 will not let you install? Are you not getting an 
error or reason thrown up by the install?

  
  -Original Message-From: Jon Holstrom 
  [mailto:[EMAIL PROTECTED] Sent: 23 March 2004 
  09:30To: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Making a test Network, 3 w2k srvs
  Hello,I have 3 W2K Srv,server 1  
  AD, DHCP, DNSserver 2  CAserver 3  Exchange 2000all 
  three on 10 mb hub.server 3  has two nics,one for 
  local,one for internetI can't get Exchange 2000 to let me install 
  with this setup.I can add one more test server if need be,But not sure 
  what would be the best way.Iam just out to see how all this can 
  work,Thanks for any & all help 
everyone.The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] Exchange 2003 and Firewalls

Is this on the same physical site? 

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: 23 March 2004 14:58
To: ActiveDir (E-mail)
Subject: [ActiveDir] Exchange 2003 and Firewalls

I have a facilities that insists on having a very old 3Com Firewall
between our organizations.  On his side of the firewall is has 400 +
outlook clients, on my side I have the Exchange 2003 server and the
Global Catalog Servers.  Clients are taking an extremely long time to
connect to mail and access resources.  None of my other 9 facilities
have this problems and the only thing different is that none of the
others have a firewall between our two organizations.

What ports do they have to open to allow proper communications between
their clients and my servers?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Exchange 2003 and Firewalls

I take it this is a public T1 over the internet, comms via a VPN?

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: 23 March 2004 17:35
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange 2003 and Firewalls

Physically the two orgs are connected by a T1 Line.

 -Original Message-
From:   [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]  On Behalf Of Rutherford,
Robert
Sent:   Tuesday, March 23, 2004 11:16 AM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] Exchange 2003 and Firewalls

Is this on the same physical site? 

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: 23 March 2004 14:58
To: ActiveDir (E-mail)
Subject: [ActiveDir] Exchange 2003 and Firewalls

I have a facilities that insists on having a very old 3Com Firewall
between our organizations.  On his side of the firewall is has 400 +
outlook clients, on my side I have the Exchange 2003 server and the
Global Catalog Servers.  Clients are taking an extremely long time to
connect to mail and access resources.  None of my other 9 facilities
have this problems and the only thing different is that none of the
others have a firewall between our two organizations.

What ports do they have to open to allow proper communications between
their clients and my servers?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any use (including retransmission or copying) of this
information by persons or entities other than the intended recipient is
prohibited.  If you are not the intended recipient of this transmission,
please contact the sender and delete the material from any computer. The
sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Exchange 2003 and Firewalls

It wont be a port issue as you wouldn't gain connectivity at all... If
it is a very old firewall then chances are that it may be causing
issues Will they drop it for a testing period to see if it makes a
difference? If it is for their benefit, i.e. their clients then they
may? At least that way you could say it's their firewall and they need
to update it to gain performance?

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: 23 March 2004 19:01
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange 2003 and Firewalls


No it is a private T1, point to point.

 -Original Message-
From:   [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]  On Behalf Of Rutherford,
Robert
Sent:   Tuesday, March 23, 2004 1:26 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] Exchange 2003 and Firewalls

I take it this is a public T1 over the internet, comms via a VPN?

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: 23 March 2004 17:35
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange 2003 and Firewalls


Physically the two orgs are connected by a T1 Line.

 -Original Message-
From:   [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]  On Behalf Of Rutherford,
Robert
Sent:   Tuesday, March 23, 2004 11:16 AM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] Exchange 2003 and Firewalls

Is this on the same physical site? 

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: 23 March 2004 14:58
To: ActiveDir (E-mail)
Subject: [ActiveDir] Exchange 2003 and Firewalls


I have a facilities that insists on having a very old 3Com Firewall
between our organizations.  On his side of the firewall is has 400 +
outlook clients, on my side I have the Exchange 2003 server and the
Global Catalog Servers.  Clients are taking an extremely long time to
connect to mail and access resources.  None of my other 9 facilities
have this problems and the only thing different is that none of the
others have a firewall between our two organizations.

What ports do they have to open to allow proper communications between
their clients and my servers?


Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any use (including retransmission or copying) of this
information by persons or entities other than the intended recipient is
prohibited.  If you are not the intended recipient of this transmission,
please contact the sender and delete the material from any computer. The
sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any use (including retransmission or copying) of this
information by persons or entities other than the intended recipient is
prohibited.  If you are not the intended recipient of this transmission,
please contact the sender and delete the material from any computer. The
sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not r

RE: [ActiveDir] Dialup add-in for ADUC

It's only supported on server.

-Original Message-
From: Steve Shaff [mailto:[EMAIL PROTECTED] 
Sent: 23 March 2004 20:41
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Dialup add-in for ADUC

Does anyone know where I can find the add-in for dial-in privileges?  I
have them on the actual DCs, but not on my desktop.  Even though, I
installed the admin pack from the DC.

Thanks,
Steve

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Linking other GPO objects to Domain Controllers

It's common practice to add other GPO links to the DC OU.

-Original Message-
From: Devan Pala [mailto:[EMAIL PROTECTED] 
Sent: 24 March 2004 15:44
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Linking other GPO objects to Domain Controllers

Hi all,

Question:

Has anyone experienced issues or know of any 'gotchas' with linking
other 
GPO objects to the Domain Controllers OU in addition to the Default
Domain 
Controllers Policy.

Rationale:

I would like to have a GPO ready that essentially has Windows Update
enabled 
for deploying approved updates from a central SUS server. When an update
is 
available, tested and if required, the GPO is linked to the Domain 
Controllers OU and available for install depending on each DC's
detection 
cycle and configured parameters.

Why not modify the Default Domain Controllers Policy?

At least this way, I will have complete control of when updates are
pushed 
and importantly, if I would like to retract the updates unlinking this 
'other' GPO is easier and I believe safer than changing configuration 
settings on the Default Domain Controllers Policy.

Another nice feature would be that the by unlinking this policy the
update 
would also be removed from the Windows Update folder on each client (the

DC).

Your thoughts, suggestions and comments are as always, appreciated.

Thanks,
Devan.

_
Find a broadband plan that fits. Great local deals on high-speed
Internet 
access. 
https://broadband.msn.com/?pgmarket=en-us/go/onm00200360ave/direct/01/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Recover a Domain

Title: Message



In a 
nutshell yes.. I'd go to the Microsoft site and pull down one of their
procedures... sorry I can list one off now.

  
  -Original Message-From: Salandra, Justin 
  [mailto:[EMAIL PROTECTED] Sent: 24 March 2004 
  17:01To: ActivedirSubject: [ActiveDir] Recover a
  Domain
  I have a question for everyone.  If you have 
  a child domain and for some reason you lose every domain controller in the 
  domain, and you have a spare server that you install the OS on, how would you 
  go about getting the domain back up and running.
   
  Do you install the OS
  Restore the System State
  Perform an authoritative restore of the
  database
  sieze all FSOM roles
   
  Please let me know, thanks
   
  Justin A. Salandra, MCSESenior Network 
  EngineerCatholic Healthcare System212.752.7300 - 
  office917.455.0110 - cell[EMAIL PROTECTED]The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] New to AD

2004-03-29 Thread Rutherford, Robert

A good place to start ...

http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/conf
eat/grppolsc.mspx

-Original Message-
From: Pyron [mailto:[EMAIL PROTECTED] 
Sent: 29 March 2004 13:37
To: [EMAIL PROTECTED]
Subject: [ActiveDir] New to AD

Hi!

I am new to AD. I am planning to setup an Internet cafe with 24 
workstations and 1 server. All workstations are member of the server's 
domain. Now is this possible to put a policy or something to workstation

users so that they can do anything they want to the computer but not
modify 
critical settings (just like the guest account in XP Pro) and after
reboot 
or a specified refresh time, all of the settings will return to the
default 
settings specified by the administrator?

Thanks

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Windows 2003 and Windows 98 issue

2004-03-31 Thread Rutherford, Robert

Title: Message

Are
you using the domain name when using your login name, i.e.
domain\username?

-Original Message-From: Peter Johnson
[mailto:[EMAIL PROTECTED] Sent: 31 March 2004 15:21To:
[EMAIL PROTECTED]Subject: [ActiveDir] Windows 2003 and
Windows 98 issue

Hi all and greetings from darkest
South Africa.
This is my first query to the
guru’s on the list. This is my scenario.
I have a native mode Windows 2000
forest that I’m upgrading to Windows 2003. It’s a single domain forest and
this is what I’ve done so far.
1 ) Run adprep /forestrpep to
upgrade the schema.
2.) Run adprep /domainprep to
prepare the domain.
3.) Installed Windows 2003 server
as domain member. This is not the first 2003 server in the
domain.
4.) DCPROMO the new Windows 2003
server.
The moment step 4 happens none of
my Windows 98 machines can login to the domain. I get an error message that
The password is incorrect or access to logon server has been denied.

After reading through the sparse
documentation I installed the DSCLIENT2003 that I got from PSS as well as IE
6.0 SP1 and turned on NTLMV2 authentication and turned off SMB signing on the
DC’s. None of these steps made any difference. The moment I demoted the
Windows 2003 DC to a member server the problem disappeared. I’ve not gone any
further with the process since then,
Do any of you guys have any ideas?
I’m accelerating the process to upgrade the Win98 machines to XP but I don’t
want the issue to hold up my domain upgrade. Any help is greatly appreciated.

Peter Johnson
The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] Domain clients hangs before logon, multiple issues

2004-04-02 Thread Rutherford, Robert

I've seen this a couple of times

Once was down to a computer based GPO gone awry... I suggest moving the
suspect PC to a test OU or something to ensure they don't get any
policies and test.

The second was due to the fact that I had installed a couple of DC's
with an additional Gbit Nic and did not use the inbuilts. This led to
the inbuilts getting 169 addresses and then publishing these to DNS. You
may want to check that.

BR,

Rob

-Original Message-
From: Peter Johnson [mailto:[EMAIL PROTECTED] 
Sent: 02 April 2004 11:57
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Domain clients hangs before logon, multiple
issues


This could be a switch issue. I had an issue with a customer very
similar to this and it turned out to be a bad port on a switch. Very
much out of left field but have you tried changing the ports on the
switch slash hub that the DC's are plugged into?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of J0mb
Sent: 02 April 2004 10:32
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Domain clients hangs before logon, multiple
issues

 
> you don't say, unless i missed it, if you're using dhcp?

We don't

> if so, and any kind of personal firewalls, could just not be
> getting an iptrying and trying...we've seen this with 
> checkpoint.  i would also guess that ipsec, or any kind of 
> packet filtering would do the same, if not configured right.  
> pulling the patch and logging in with cached credentials 
> seemed to fix that every time.  we finally came up with a 
> script that would turn it off upon login.

There are different routed subnet where the problem occurred. The
network guys sweared there's no routing or firewall issue...

> 
> have also seen this when the media type for the nic was set
> wrong...auto select seems to work best for us, at least.

Yes, but the issue appeared on several machines at the same moment. The
hardware is in many cases different. how can i explain that?
 
> on laptopsthe synaptics touch pad driver can make a box
> hang forever...pulling it out, or possibly getting the newest 
> will fix it...but, you don't mention laptops either.

All desktop machines...


> just some things to ponder...

Thank you|

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Photos in Active Directory

2004-04-06 Thread Rutherford, Robert

It all depends on how large your organisation is I guess, how many
sites, WAN links, etc. I wouldn't really recommend it as you really want
to keep your AD as small as possible for replication and performance
reasons.

What benefit will you get out of having users photo's in the user
object? 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 05 April 2004 22:40
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Photos in Active Directory


Hi all,

We're in the middle of desiging our Active Directory (Server 2003) and
our security group just came up with the idea that it would be great to
include a photo of the user in each user object.  I know this CAN be
done but I'm looking for information that would tell me whether it
SHOULD or SHOULD NOT be done.  Any references anyone can think of or,
better yet, personal experience with this?


Thanks,
Mike
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] failed to locate a DC...

2004-04-06 Thread Rutherford, Robert

Title: Message

It
looks to me like this a brand new domain? If not then I
would suggest a DCPROMO down and up again. I'd also uninstall DNS and let the
DCPROMO wizard install it.
If
it's not a new domain and it's live in production then please come back and
we'll take it further.
BR
Rob

-Original Message-From: Lara Adianto
[mailto:[EMAIL PROTECTED] Sent: 06 April 2004
11:16To: [EMAIL PROTECTED]Subject:
[ActiveDir] failed to locate a DC...
Hello,
I have been struggling with this problem for almost a day, and hope to
get a hand through this mailing list.
The problem is that I can't make a windows2000 prof. client to join a w2k
domain.
I'm using a win2k server as the DNS and AD server.
When I tried to add the client to the domain, the following message box
popped up:
The following error occurred valiedating the name 'my.domain.com'
This condition may be caused by a DNS lookup problem. For more
information about troubleshooting common DNS lookup problems, please see the
following Microsoft Web site: http://go.microsoft.com/fwlink/?LinkId=5171
Believe it or not, I have followed every single step stated in the link
to resolve the problem of 'error during domain join'
Then...I used some tools to find the DC in my win2k server:
%NLTEST /DSGETDC:my.domain.com
DcGetDcName failed: status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
%NETDIAG /TEST:DSGETDC /D:my.domain.com
-- snip --
Domain membership test...:failed
[WARNING]: The system volume has not been completely replicated to the
local machine. This machine is not working properly as a DC.
---
DC discovery test.: failed
Find DC in domain 'my.domain': [FATAL] Cannot Find DC in domain
'my.domain'. [ERROR_NO_SUCH_DOMAIN]
I was thinking to dcpromo my AD, and restart everything from the
beginning.
Well, maybe my DNS and AD setup are not correct or they are somehow
corrupted.
But dcpromo also failed to find a DC !! It says: Failed
finding a suitable domain controller for the domain "The specified domain
either doesn't exist or could not be contacted"
I tried to delete my DNS record as well. It seems to be deleted, but when
I closed the window and opened it again, the record was still there. Was it
deleted ?
Now I'm really2 stucked.
Please help me,
lara
ps: btw, pinging the machine does
work
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit-
Guy de Maupassant
-

RE: [ActiveDir] failed to locate a DC...

2004-04-06 Thread Rutherford, Robert

Title: Message

Sorry,
I meant if it is a new domain which wouldn't take much time to rebuild then
DCPROMO it down and then up again.

-Original Message-From: Rutherford,
Robert Sent: 06 April 2004 12:34To:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] failed to
locate a DC...
It
looks to me like this a brand new domain? If not then I
would suggest a DCPROMO down and up again. I'd also uninstall DNS and let the
DCPROMO wizard install it.
If
it's not a new domain and it's live in production then please come back and
we'll take it further.
BR
Rob

-Original Message-From: Lara Adianto
[mailto:[EMAIL PROTECTED] Sent: 06 April 2004
11:16To: [EMAIL PROTECTED]Subject:
[ActiveDir] failed to locate a DC...
Hello,
I have been struggling with this problem for almost a day, and hope to
get a hand through this mailing list.
The problem is that I can't make a windows2000 prof. client to join a
w2k domain.
I'm using a win2k server as the DNS and AD server.
When I tried to add the client to the domain, the following message box
popped up:
The following error occurred valiedating the name 'my.domain.com'
This condition may be caused by a DNS lookup problem. For more
information about troubleshooting common DNS lookup problems, please see the
following Microsoft Web site: http://go.microsoft.com/fwlink/?LinkId=5171
Believe it or not, I have followed every single step stated in the link
to resolve the problem of 'error during domain join'
Then...I used some tools to find the DC in my win2k server:
%NLTEST /DSGETDC:my.domain.com
DcGetDcName failed: status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
%NETDIAG /TEST:DSGETDC /D:my.domain.com
-- snip --
Domain membership test...:failed
[WARNING]: The system volume has not been completely replicated to the
local machine. This machine is not working properly as a DC.
---
DC discovery test.: failed
Find DC in domain 'my.domain': [FATAL] Cannot Find DC in domain
'my.domain'. [ERROR_NO_SUCH_DOMAIN]
I was thinking to dcpromo my AD, and restart everything from the
beginning.
Well, maybe my DNS and AD setup are not correct or they are
somehow corrupted.
But dcpromo also failed to find a DC !! It says: Failed
finding a suitable domain controller for the domain "The
specified domain either doesn't exist or could not be contacted"
I tried to delete my DNS record as well. It seems to be deleted, but
when I closed the window and opened it again, the record was still there.
Was it deleted ?
Now I'm really2 stucked.
Please help me,
lara
ps: btw, pinging the machine does
work
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on
croit- Guy de Maupassant
-

Do you Yahoo!?Yahoo!
Small Business $15K Web Design Giveaway - Enter
todayThe information transmitted is intended only for
the person or entityto which it is addressed and may contain confidential
and/orprivileged material. Any use (including retransmission or
copying)of this information by persons or entities other than the
intendedrecipient is prohibited. If you are not the intended recipient of
thistransmission, please contact the sender and delete the
materialfrom any computer. The sender is not responsible for the
completeness or accuracy of this communication as it has
beentransmitted over a public network. Any replies to this email may
bemonitored by the MCPS-PRS Alliance for quality control and other
purposes. The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] Renaming a site

2004-04-07 Thread Rutherford, Robert

Title: Message



Nope

  
  -Original Message-From: Gayoso, Ray 
  [mailto:[EMAIL PROTECTED] Sent: 07 April 2004 16:48To: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Renaming a
  site
  I need to rename a site… I know the process is 
  simple… Are there any technical issues I need to be concerned about? 
  
   
  The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] Wlan & AD Security

2004-04-14 Thread Rutherford, Robert

I haven't read the MS doc on securing 802.11 networks, but using a VPN
is the your safest bet.. May also be worth using 2-factor authentication
in this scenario.

What system would authenticate you? W2k, firewall, etc?

-Original Message-
From: Chris Blair [mailto:[EMAIL PROTECTED] 
Sent: 12 April 2004 14:47
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Wlan & AD Security

This maybe slightly Off Topic, Sorry. I am looking to deploy wireless
access points for our users to access our AD. I am currently reading the
white paper from Microsoft named "Enterprise Deployment of Secure 802.11
Networks Using Microsoft Windows". Has anyone else implemented this? I
have also read about putting the AP's outside of the network and using
VPN to access any AD related resources. Sounds easier, but is it as
secure? Does anyone else have any other solutions?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Office2003 Rollout

2004-04-16 Thread Rutherford, Robert

On previous versions of office there was an ORK (Office Resource Kit) and this 
basically allowed you to create your own .mst via a Wizard, one option being an 
upgrade. 

Someone else can probably verify if there is a new ORK for 2003.

BR

Rob

-Original Message-
From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] 
Sent: 16 April 2004 12:34
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Office2003 Rollout



What happens if the user already has Office 2000 or XP?  Is it automatically upgraded?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Elton Gouvêa Pimentel
Sent: Friday, April 16, 2004 6:10 AM
To: [EMAIL PROTECTED]
Subject: RES: [ActiveDir] Office2003 Rollout


You can do it by group policy. The first thing to do is to generate a .mst from the 
.msi from Office. The .mst is the modification file that contains your customized 
installation. If you do not have a customized installation you can use only the .msi 
file that is shipped with Office package. Afther that you have to create a group 
policy. This group policy can be done by user or machine. You have to identify which 
one is better for you. The final step is to create a group on your AD and add machines 
or users into this group. Afther that you have to apply the policy to this group. It 
is recommended that you add only few machines or users every day, so you will not have 
traffic problems on your network. We have done an rollup into about 1000 machines and 
it worked just fine.

Hope it helps

Elton Pimentel.


-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de Rick Kingslan Enviada em: Friday, April 16, 2004 
2:13 AM
Para: [EMAIL PROTECTED]
Assunto: RE: [ActiveDir] Office2003 Rollout


Unless you've got a method that is going to abide by BITS or a Drizzle technology, as 
few as 20-25 desktops at a time on 100Mbps switched networks will be absolutely 
drowned.  If you want to do it this way, you can - just make sure that you understand 
your network will literally be brought to its knees while the O2k3 package(s) attempt 
to deploy on the totally saturated network.

This is typically a CLM (career limiting move) in most Production environments..

Rick Kingslan  MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Thursday, April 15, 2004 11:54 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Office2003 Rollout

Group Policy will do it

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of GARY SMITH
Sent: Thursday, April 15, 2004 12:16 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Office2003 Rollout

I have to roll out Office 2003 onto around 350 desktops. Any great in site into the 
best approach here. I have been looking at some third party applications in 
particularly Altiris, but I was wondering if it could be

done through Group Policy / Software deployment. All desktops are W2K.

Gary Smith


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

~~
This e-mail is confidential, may contain proprietary information of the Cooper Cameron 
Corporation and its operating Divisions and may be confidential or privileged.

This e-mail should be read, copied, disseminated and/or used only by the addressee. If 
you have received this message in error please delete it, together with any 
attachments, from your system. ~~
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any co

RE: [ActiveDir] Using a non-standard TLD in your domain name?

Title: Message

To be
honest I don't think you gain or lose anything buy using a non-standard TLD.

For
Security? It's like saying if I use a different domain name then that will be
more secure? It's not less or more secure.

-Original Message-From: Celone, Mike
[mailto:[EMAIL PROTECTED] Sent: 12 May 2004
13:39To: '[EMAIL PROTECTED]'Subject:
[ActiveDir] Using a non-standard TLD in your domain name?
We are reviewing
designs for our global AD environment and one suggestion what so use a
non-standard TLD for our domain instead of the usual .com, org, net,
etc. One group is arguing that using a non-standard TLD is better
for security. Can someone expand on this. When they were asked to
they simply said they heard it from a consultant. Are there any
applications that will be expecting a normal TLD and may not work with a
non-standard TLD? What are the pros/cons of using a
non-standard TLD?
Mike Celone
Systems
Specialist
Radio Frequency
Systems
v 203-630-3311 x1031
f 203-634-2027
m 203-537-2406
The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] DisableDHCPMediaSense question

Title: Message



Different software installed on different servers?
Different Patch 
levels?
Different Hardware/NICs?
 
Something being added to the server/s must be making the changes... Is 
there a common theme among the afflicted?

  
  -Original Message-From: Yakir, Ronen 
  [mailto:[EMAIL PROTECTED] Sent: 12 May 2004 13:47To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] 
  DisableDHCPMediaSense question
  Hi
   
  I 
  know that.
   
  The 
  thing is, that it does not always exist - why?
   
   Ronen
  

-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Wednesday, May 12, 2004 3:36 
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] DisableDHCPMediaSense question
This registry key had to be implemented in Windows 2000 clusters to 
avoid the problem described in this article http://support.microsoft.com/?id=254651
The default setting has changed for Windows Server 2003 so it is set 
to 1 by default.

  
  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Yakir, 
  RonenSent: 12 May 2004 13:21To: 
  [EMAIL PROTECTED]Subject: [ActiveDir] 
  DisableDHCPMediaSense question
  Hi
   
  During 
  a  troubleshooting of a customer case we have encountered this
  problem:
   
  In 
  windows 2003, MS claims this value is set to 1 by default, so when 
  you unplug your network cable, you do not lose the tcpip settings 
  (ipconfig wont reply with media disconnected).
   
  However, 
  looking at several windows 2003 machines, some had this value (under
  services\tcpip\parameters) set, some  do not have 
  it.
   
  Does 
  anybody know what is the logics behind this value being exist or 
  not?
   
  Thanks
   
   
  Ronen 
  YakirThe information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] Reccomendations Please

Title: Message

I'll
second that Great tool... Easy to setup and config.Used it for the last
year or so at my last place of work, after a recommendation from Joe
actually.

-Original Message-From: joe
[mailto:[EMAIL PROTECTED] Sent: 12 May 2004 13:57To:
[EMAIL PROTECTED]Subject: RE: [ActiveDir]
Reccomendations Please
I would recommend you look at hostmon from
ks-soft.
http://www.ks-soft.com/hostmon.eng/index.htm
Very affordable, the developer is extremely responsive.
You don't really need to use the remote agents, you can do things from a
centralized host if you like. Nice reports and graphs and
such.
joe

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
HarveySent: Wednesday, May 12, 2004 1:07 AMTo:
[EMAIL PROTECTED]Subject: [ActiveDir] Reccomendations
Please

Hello All
This may be off topic so please forgive me if it is
but I thought I might get some usefull suggestions from the other list
members.
Due to a serious shortfall in staffing and
increasingly complexity and growth my challenge is to find something we can
use in a Windows 2000 AD domain to do some remote monitoring of servers for
the basics like disk space, memory and the like (basic system checks and
monitoring, nothing too deep just the facts and that’s it really) and if it
did event traps it would also be usefull but not neccesary, we are dealing
with 140 sites and some 300 servers but would be looking at something that
handled a core of 50 servers to start. We really do not know where to
start and being completely honest we just don’t have the time and staff to dig
into this, patch management is eating us alive as it is so ANY suggestions
anyone can give us or reccomendations would be great.
Oh and if anyone knows anything which is freeware
or low cost that would be even better, as usual the need is now and the budget
is nil as usual. So suggestions please all would be much
appreciated.
Thanks in Advance all.
John
Harvey Network Administrator Brisbane Catholic
Education Phone +61 7 3840 0588 Mobile +61 0418 189
689 email: [EMAIL PROTECTED]

**
This e-mail (including all attachments) is intended solely for the
named addressee/s and may contain confidential information. If you
have received this e-mail in error please inform the sender and delete
it from your computer system and destroy any copies.

This e-mail is subject to copyright. Any unauthorised disclosure,
modification or distribution is expressly prohibited.

Unless explicitly attributed, the opinions expressed in this e-mail do
not necessarily represent the official position or opinions of
Brisbane Catholic Education.

Brisbane Catholic Education gives no warranties that this e-mail is
free from computer viruses or other defects. Except for
responsibilities implied by law that cannot be excluded, Brisbane
Catholic Education, its employees and agents will not be responsible
for any loss, damage or consequence arising from this e-mail.
The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] AD Replication

Is the machine resolving correctly, i.e. do an nslookup to ensure it can connect and 
resolve from your DNS server/s.

If so then do a dcdiag (part of the support tools on the W2K disk) and then paste the 
results to here.

BR,

Rob

-Original Message-
From: Elton Gouvêa Pimentel [mailto:[EMAIL PROTECTED] 
Sent: 12 May 2004 15:48
To: [EMAIL PROTECTED]
Subject: [ActiveDir] AD Replication
Importance: High


After running the Status Report on one of my servers I have found the folloeing error :

 Directory Partition: DC=grupomagnesita

  Partner Name: **DELETED SERVER #23
   Partner GUID: D271B00C-3C58-41A7-89AA-8BDBE1CA5E3E
   Last Attempted Replication: 5/12/2004 10:46:07 AM (local)
   Last Successful Replication: 4/28/2004 5:08:13 PM (local)
   Number of Failures:  330
   Failure Reason Error Code:  8524
   Failure Description: The DSA operation is unable to proceed because of 
a DNS lookup failure.
   Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC,DRS_PER_SYNC
   USN of Last Property Updated:  1844895
   USN of Last Object Updated:  1844895
   Transport: 
I am also did not like to have the following objects :
   Directory Partition: DC=grupomagnesita

  Partner Name: **DELETED SERVER #1
   Partner GUID: 1E78703D-BB56-4B46-8543-E686A19C6256
   USN:  2887160

  Partner Name: **DELETED SERVER #2
   Partner GUID: 1E8A9C55-D7CD-4165-B6F6-F4E64E275B3C
   USN:  930034

  Partner Name: **DELETED SERVER #3
   Partner GUID: 208797D8-D997-4B0F-9A70-E512D4D21C32
   USN:  1647173

  Partner Name: **DELETED SERVER #4
   Partner GUID: 247D5197-111A-4498-90DD-7A39F67EAE5C
   USN:  375753

Does anybody have a clue how to sort this out 

Thanks,

Elton Pimentel.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD Replication

Title: Message



Go 
into sites and services and check under your servers containers if you have some 
old objects hanging about... if so then delete them.

  
  -Original Message-From: Elton Gouvêa 
  Pimentel [mailto:[EMAIL PROTECTED] Sent: 12 May 2004
  17:35To: [EMAIL PROTECTED]Subject: RES:
  [ActiveDir] AD Replication
  By 
  using NTDSUTIL I wasn´t capable of "seeing" the deleted servers. How should I 
  procced when using ADSI 
   
  Thanks,
  Elton Pimentel. 
  

-Mensagem original-De: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] Em nome de 
[EMAIL PROTECTED]Enviada em: Wednesday, May 12, 2004 
11:58 AMPara: [EMAIL PROTECTED]Assunto: RE: 
[ActiveDir] AD Replication
These might be those servers which you have 
removed for some reason or which are not existing now. You can use ADSIEDIT or NTDSUTIL to delete these objects 
permanently and itz always recommended to delete Orphaned 
Objects.
Good Luck, Athif 
-Original Message- From: Elton Gouvêa Pimentel [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 12 May 2004 
5:48 PM To: 
[EMAIL PROTECTED] Subject: 
[ActiveDir] AD Replication Importance: 
High 
After running the Status Report on one of my 
servers I have found the folloeing error : 
 Directory Partition: 
DC=grupomagnesita 
  Partner Name: 
**DELETED SERVER #23    
Partner GUID: D271B00C-3C58-41A7-89AA-8BDBE1CA5E3E    
Last Attempted Replication: 5/12/2004 10:46:07 AM (local)    
Last Successful Replication: 4/28/2004 5:08:13 PM (local)    
Number of Failures:  330    
Failure Reason Error Code:  8524    
Failure Description: The DSA operation is unable to proceed because of a DNS 
lookup failure.    
Synchronization Flags: DRS_WRIT_REP,DRS_INIT_SYNC,DRS_PER_SYNC
   
USN of Last Property Updated:  1844895    
USN of Last Object Updated:  1844895    
Transport: I am also did not like to have 
the following objects :    
Directory Partition: DC=grupomagnesita 
  Partner Name: 
**DELETED SERVER #1    
Partner GUID: 1E78703D-BB56-4B46-8543-E686A19C6256    
USN:  2887160 
  Partner Name: 
**DELETED SERVER #2    
Partner GUID: 1E8A9C55-D7CD-4165-B6F6-F4E64E275B3C    
USN:  930034 
  Partner Name: 
**DELETED SERVER #3    
Partner GUID: 208797D8-D997-4B0F-9A70-E512D4D21C32    
USN:  1647173 
  Partner Name: 
**DELETED SERVER #4    
Partner GUID: 247D5197-111A-4498-90DD-7A39F67EAE5C    
USN:  375753 
Does anybody have a clue how to sort this out 
 
Thanks, 
Elton Pimentel. 
- 
This email and any files transmitted with 
it are confidential and intended solely for the use of the individual or 
entity to whom/which they are addressed. If you have received this email in 
error please notify the system manager at the following email address:
[EMAIL PROTECTED] . 
Please note that any views or opinions presented in this email are solely 
those of the author and do not necessarily represent those of Al Faisaliah 
Group. Internet communications cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, arrive late 
or contain viruses. The sender therefore does not accept liability for any 
errors or omissions in the context of this message, which arise as a result 
of Internet transmission.  Finally, the recipient should check this 
email and any attachments for the presence of viruses. Al Faisaliah Group 
accepts no liability for any damage caused by any virus transmitted by this 
email. 
- 
The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] DNS settings

Title: Message



It's 
either got to be WINS or Hosts files while using the standard W2K VPN dial-up. I 
don't think WINS is a bad solution to be honest unless you want to dig into 
your pocket.
 
 If you use a 3rd party, i.e. Checkpoint, then their technology 
allows for overlay of your DNS setting post connection. I mentioned IPass
earlier and they can do a similar thing with their client, i.e. push on your 
internal DNS server post connection to an IPass ISP.
 
 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Rick ReynoldsSent: 11 May 2004 
  08:14To: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] DNS settings 
  I 
  have always pushed lmhosts and hosts files to the 
  machines...
   
  
-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]On Behalf Of Carlos
MagalhaesSent: Monday, May 10, 2004 11:38 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 


Nope that’s what 
gets me, and its happening to ALL the laptops, (they are the only machines 
using third party dialers)
 
AGRRR – there must 
be an answer :P
 
CM
 




From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie KaiserSent: Monday, May 10, 2004 8:30
PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] DNS settings 

 

Is there 
any hard coding of DNS settings on the laptop's network connection 
properties? This will override any server-assigned DNS 
settings...

 

 
**Charlie 
KaiserMCSE, 
CCNASystems 
EngineerEssex Credit / 
Brickwalk510 595 
5083**

  -Original 
  Message-From: Carlos 
  Magalhaes [mailto:[EMAIL PROTECTED] Sent: Monday, May 10, 2004 11:15 
  AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 
  
  Hey 
  Al,
   
  Yeah all the 
  settings are suppose to be set via the ISP , most ISP's run DHCP so yes 
  the settings should be set. The weird thing is that only the DNS settings 
  are being forced to our network, the user gets a valid third party IP 
  address and default gateway, just not a DNS setting, that's what made me 
  think it might be something on our network.
   
  We done run WINS 
  just DNS.
   
  Thank you and 
  Keep well!
   
  CM
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Monday, May 10, 2004 4:31 
  PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] DNS settings 
  
   
  Trying to
  remember exactly, but wouldn't they get their DNS settings from the ISP 
  upon connection either through their software locally or from their RRAS 
  server?
   
  Al
   
  
  
  
  From: 
  Carlos Magalhaes [mailto:[EMAIL PROTECTED] Sent: Monday, May 10, 2004 9:41 
  AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] DNS settings 
  
  Hey 
  all,
   
  I have a weird issue; all our 
  laptop users have their own third part dial up's (RRAS and RAS) for their 
  convenience. When the users dial up to their third party ISP's (all users) 
  they obtain an IP address from the ISP but their DNS settings are being 
  forced to the networks internal DNS servers, remembering that this is a 
  PPP connection.  This causes havoc on their dial ups. I have had a 
  look at the DNS settings the GPO and even the DHCP server. I don't see 
  anything that would force a PPP connection to use the internal DNS
  servers. The settings are not hard coded into the PPP connections IP
  settings.
   
  Anyone have an idea of what 
  this is or maybe I over looked something.
  Thanks!
   
  Carlos 
  The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] DNS settings

Title: Message



Sorry 
I think I have lost track here somewhere... I probably didn't read your problem 
correctly.
 
I 
would actually think that it is better for them to resolve to your internal DNS 
servers. I have seen loads of issues with people trying to get it to work the 
other way round. The only thing is that do your internal DNS servers forward 
out? If they did then you would probably be in an ok 
situation?
 
I'd 
still like to find out how your machines are getting their DNS entries though?? 
Strange.
 
 

-Original Message-From: Carlos 
Magalhaes [mailto:[EMAIL PROTECTED] Sent: 11 May 2004 
09:14To: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] DNS settings 

  
  We haven’t and still 
  don’t use WINS , this network only uses DNS. 
   
  The problem I am 
  having is that the user logged onto our network can work fine DNS is working 
  etc. The user dialed up to their own ISP’s are being forced to our internal 
  DNS servers, they still get a valid IP addy from the ISP they just are
  “forced” to use ours…
   
   
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Rutherford,
  RobertSent: Tuesday, May 11, 
  2004 9:56 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 
  
   
  
  It's either got to be 
  WINS or Hosts files while using the standard W2K VPN dial-up. I don't think 
  WINS is a bad solution to be honest unless you want to dig into your
  pocket.
  
   
  
   If you use a 
  3rd party, i.e. Checkpoint, then their technology allows for overlay of your 
  DNS setting post connection. I mentioned IPass earlier and they can do a
  similar thing with their client, i.e. push on your internal DNS server post 
  connection to an IPass ISP.
  
   
  
   
  
-Original 
Message-From:
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rick ReynoldsSent: 11 May 2004 08:14To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 


I have always 
pushed lmhosts and hosts files to the 
machines...

 
-Original 
  Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of Carlos 
  MagalhaesSent: Monday, 
  May 10, 2004 11:38 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 
  
  Nope that’s what 
  gets me, and its happening to ALL the laptops, (they are the only machines 
  using third party dialers)
   
  AGRRR – there 
  must be an answer :P
   
  CM
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Charlie 
  KaiserSent: Monday, May 
  10, 2004 8:30 PMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] DNS settings 
  
   
  
  Is 
  there any hard coding of DNS settings on the laptop's network connection 
  properties? This will override any server-assigned DNS 
  settings...
  
   
  
   
  **Charlie 
  KaiserMCSE, 
  CCNASystems 
  EngineerEssex Credit / 
  Brickwalk510 595 
  5083**
  
-Original 
Message-From: 
Carlos Magalhaes [mailto:[EMAIL PROTECTED] Sent: Monday, May 10, 2004 11:15 
AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS 
settings 
Hey 
Al,
 
Yeah all the 
settings are suppose to be set via the ISP , most ISP's run DHCP so yes 
the settings should be set. The weird thing is that only the DNS
settings are being forced to our network, the user gets a valid third 
party IP address and default gateway, just not a DNS setting, that's 
what made me think it might be something on our 
network.
 
We done run 
WINS just DNS.
 
Thank you and 
Keep well!
 
CM
 




From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, 
AlSent: Monday, May 
10, 2004 4:31 PMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] DNS 
settings 
 
Trying to 
remember exactly, but wouldn't they get their DNS settings from the ISP 
upon connection either through their software locally or from their RRAS 
server?
 
Al
 



From: 
Carlos Magalhaes [mailto:[EMAIL PROTECTED] Sent: Monday, May 10, 2004 9:41 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] DNS settings 

Hey 
all,
 
I have a weird issue; all 
our laptop users have their own third part dial up's (RRAS and RAS) for 
their convenience. When the users dial up to their third party ISP's 
(all users) they obtain an IP address from the ISP but their DNS
settings are

RE: [ActiveDir] (OT) DNS settings

Title: Message



I take 
it that you also use DHCP in your internal networks, i.e. you don't assign
static IP's to your internal NIC's? As a test could you just disable the 
internal NIC and try the dialup again?
 
Are 
all the machine exactly the same, i.e. same model with same 
NIC's?
 
Sorry 
if I seem to be shooting all over the place but we will home in 
eventually.

  
  -Original Message-From: Carlos Magalhaes 
  [mailto:[EMAIL PROTECTED] Sent: 11 May 2004 13:11To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 
  
  
  DHCP Enabled. . . . . 
  . . . . . . : Yes
  Autoconfiguration 
  Enabled . . . . : Yes
  IP Address. . . . . . 
  . . . . . . :  196.2.45.82
  Subnet Mask . . . . . 
  . . . . . . : 
  Default Gateway . . . 
  . . . . . . : 
  DHCP Server . . . . . 
  . . . . . . : 
  DNS Servers . . . . . 
  . . . . . . : 
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Rutherford,
  RobertSent: Tuesday, May 11, 
  2004 12:05 PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 
  
   
  
  For some reason I 
  thought you were using a VPN to connect I'm an idiot and should have read 
  the detail.
  
   
  
  Can you humour me and 
  just post an IPCONFIG /ALL dump from a troubled client.. just type local 
  DNS in place of your internal IP range if 
  required.
  
   
  
  Thanks,
  
   
  
  Rob
  
-Original 
Message-From: Carlos 
Magalhaes [mailto:[EMAIL PROTECTED] Sent: 11 May 2004 10:03To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 

Hey 
Robert,
 
Ok there is nothing 
wrong with the internal DNS at all, they can resolve everything they want 
when logged onto the network.
 
Their problem is 
when they go home and are off the network they use their own third party ISP 
accounts with the default windows dialer to create a 56k Dial up PPP
connection to a third party ISP. This is for their own email and internet 
usage. At this stage (when they dial up) they are not connected to us in any 
way what so ever.
 
What I am finding 
strange is that the ISP usually assigns them a valid IP, DNS and gateway 
from the ISP’s DHCP server. The weird thing here is that they are assigned a 
valid IP and gateway but the DNS servers for that PPP connection is using 
our internal DNS server address. Which causes a nightmare when they try to 
resolve names while connected to the ISP. 
 
As you can see the 
ISP can not resolve names cause its trying to use the DNS settings of our 
internal network….
 
That’s what I don’t 
get and I don’t get why its doing this either L
 
Thanks for your 
time.
 




From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, 
RobertSent: Tuesday, May 
11, 2004 10:53 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 

 

Sorry I think I 
have lost track here somewhere... I probably didn't read your problem
correctly.

 

I would actually 
think that it is better for them to resolve to your internal DNS servers. I 
have seen loads of issues with people trying to get it to work the other way 
round. The only thing is that do your internal DNS servers forward out? If 
they did then you would probably be in an ok 
situation?

 

I'd still like to 
find out how your machines are getting their DNS entries though?? 
Strange.

 

 

-Original 
Message-From: Carlos 
Magalhaes [mailto:[EMAIL PROTECTED] Sent: 11 May 2004 09:14To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 

We haven’t and 
  still don’t use WINS , this network only uses DNS. 
  
   
  The problem I am 
  having is that the user logged onto our network can work fine DNS is
  working etc. The user dialed up to their own ISP’s are being forced to our 
  internal DNS servers, they still get a valid IP addy from the ISP they 
  just are “forced” to use ours…
   
   
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, 
  RobertSent: Tuesday, May 
  11, 2004 9:56 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 
  
   
  
  It's either got 
  to be WINS or Hosts files while using the standard W2K VPN dial-up. I 
  don't think WINS is a bad solution to be honest unless you want to dig 
  into your pocket.
  
   
  
   If you use 
  a 3rd party, i.e. Checkpoint, then their technology allows for overlay of 
  your DNS setting post connection. I mentioned IPass earlier and they can 
  do a similar thing with their client, i.e. push on your internal DNS
  server post connection to an IPass ISP.

RE: [ActiveDir] DNS settings

Title: Message



Good 
call
 
If 
that doesn't work then why don't u add some external DNS entries statically to 
the PPP adapt and see if they stick.

  
  -Original Message-From: Charlie Kaiser 
  [mailto:[EMAIL PROTECTED] Sent: 11 May 2004 
  14:26To: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] DNS settings 
  How about this...
  Perhaps your ISP's DHCP is not providing DNS, and the laptop is using 
  it's last known good DNS entries. Try doing an ipconfig /release, then
  ipconfig /all to verify the release, maybe even do a registry search for the 
  internal DNS address, then, dial up and see what settings you get from the 
  ISP...
   
   
  **Charlie KaiserMCSE, 
  CCNASystems EngineerEssex Credit / Brickwalk510 595 
  5083**
  

-Original Message-From: Carlos 
Magalhaes [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 11, 
2004 5:11 AMTo: [EMAIL PROTECTED]Subject: 
RE: [ActiveDir] DNS settings 

DHCP Enabled. . . . 
. . . . . . . : Yes
Autoconfiguration 
Enabled . . . . : Yes
IP Address. . . . . 
. . . . . . . :  196.2.45.82
Subnet Mask . . . . 
. . . . . . . : 
Default Gateway . . 
. . . . . . . : 
DHCP Server . . . . 
. . . . . . . : 
DNS Servers . . . . 
. . . . . . . : 
 




From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, 
RobertSent: Tuesday, May 
11, 2004 12:05 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 

 

For some reason I 
thought you were using a VPN to connect I'm an idiot and should have 
read the detail.

 

Can you humour me 
and just post an IPCONFIG /ALL dump from a troubled client.. just type 
local DNS in place of your internal IP range if 
required.

 

Thanks,

 

Rob
-Original 
  Message-From: Carlos 
  Magalhaes [mailto:[EMAIL PROTECTED] Sent: 11 May 2004 10:03To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 
  
  Hey 
  Robert,
   
  Ok there is 
  nothing wrong with the internal DNS at all, they can resolve everything 
  they want when logged onto the network.
   
  Their problem is 
  when they go home and are off the network they use their own third party 
  ISP accounts with the default windows dialer to create a 56k Dial up PPP 
  connection to a third party ISP. This is for their own email and internet 
  usage. At this stage (when they dial up) they are not connected to us in 
  any way what so ever.
   
  What I am finding 
  strange is that the ISP usually assigns them a valid IP, DNS and gateway 
  from the ISP's DHCP server. The weird thing here is that they are assigned 
  a valid IP and gateway but the DNS servers for that PPP connection is 
  using our internal DNS server address. Which causes a nightmare when they 
  try to resolve names while connected to the ISP. 
  
   
  As you can see 
  the ISP can not resolve names cause its trying to use the DNS settings of 
  our internal network
   
  That's what I 
  don't get and I don't get why its doing this either L
   
  Thanks for your 
  time.
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, 
  RobertSent: Tuesday, May 
  11, 2004 10:53 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 
  
   
  
  Sorry I think I 
  have lost track here somewhere... I probably didn't read your problem 
  correctly.
  
   
  
  I would actually 
  think that it is better for them to resolve to your internal DNS servers. 
  I have seen loads of issues with people trying to get it to work the other 
  way round. The only thing is that do your internal DNS servers forward 
  out? If they did then you would probably be in an ok 
  situation?
  
   
  
  I'd still like to 
  find out how your machines are getting their DNS entries though?? 
  Strange.
  
   
  
   
  
  -Original 
  Message-From: Carlos 
  Magalhaes [mailto:[EMAIL PROTECTED] Sent: 11 May 2004 09:14To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 
  
  
We haven't and 
still don't use WINS , this network only uses DNS. 

 
The problem I 
am having is that the user logged onto our network can work fine DNS is 
working etc. The user dialed up to their own ISP's are being forced to 
our internal DNS servers, they still get a valid IP addy from the ISP 
they just are "forced" to use ours...
 
 
 




From: 
[

RE: [ActiveDir] DFS

Title: Message

You
can install a DFS root on a DC or member server.
It
should work fine, in terms of splitting down a server and distributing the data
over a number of other servers. I'm assuming you only want to use DFS to make a
central share access hierarchy?
I
would not use the replication side of it though as it's inherently flawed...
well it was on 2000 and have read it hasn't changed that significantly on 2k3.
If you do want to use the replication then I would only use it for read only
data, i.e. Application distribution points.
BR,
Rob

-Original Message-From: Jennifer
Fountain [mailto:[EMAIL PROTECTED] Sent: 11 May 2004
14:47To: [EMAIL PROTECTED]Subject:
[ActiveDir] DFSSensitivity: Private
Does anyone here use DFS? If so, do you use
it for load balancing? Did you install it on a DC? It's own
server? We are looking into breaking our one huge file server (1 tb of
space) into 4 smaller servers (more manageable and wanted to look into
DFS. We do have NT/95 clients but that should not stop me because I can
install the AD client on them.
Thanks for any info!
Kind Regards,
Jennifer Fountain R&B Inc 3400 E Walnut
Street Colmar, PA 18915
The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] DNS settings

Title: Message

Id be
tempted to setup a reservation in DHCP internally and set different DNS settings
(whatever u like) to a test machine ipconfig/release and renew... see if it
obtains the new settings or still holds the old settings.

-Original Message-From: Rich Milburn
[mailto:[EMAIL PROTECTED] Sent: 11 May 2004
15:30To: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] DNS settings

So… XP is holding
onto the old IP address now that you’re on W2k3 AD, but didn’t do it before –
is that accurate?
Does right-clicking
on the dial connection systray icon and choosing repair fix the problem as
well? That’s at least friendlier than ipconfig but obviously not the end
solution…
h

Rich
Milburn
MCSE, Microsoft MVP
- Directory Services
Sr Network Analyst,
Field Platform Development
Applebee's
International, Inc.
4551 W. 107th
St
Overland Park, KS
66207
913-967-2819

From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Carlos
MagalhaesSent: Tuesday, May
11, 2004 8:31 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings

I tried that and it
seems to work. The problem though is I cant expect the users to do this every
time they want to use their connections, there must be something that is going
wacky here.
Don’t you
agree?
CM

From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Patrick - IT
DepartmentSent: Tuesday, May
11, 2004 3:23 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings

Maybe trying some actions from the cmd
line would help such as:
IPCONFIG /release [adapter] Release the IP address for the specified adapter. IPCONFIG /renew [adapter] Renew the IP address for the specified adapter. IPCONFIG /flushdns Purge the DNS Resolver cache. IPCONFIG /registerdns Refresh all DHCP leases and re-register DNS names.
IPCONFIG /displaydns
Display the contents of the DNS Resolver Cache
-Original
Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Roger SeielstadSent: Tuesday, May 11, 2004 8:36
AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings

The
problem is that the mobile users are dialed up to the Internet, say just to
surf, and they are holding onto their internal DNS settings.
Since
its systemic, I'm wondering if its not either a driver issue or a policy
issue, but I can't think of a single good reason for either of those to cause
this issue.
-- Roger D. Seielstad -
MTS MCSE MS-MVP
Sr. Systems
Administrator
Inovis
Inc.

From: Rutherford, Robert
[mailto:[EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 4:53
AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings

Sorry I
think I have lost track here somewhere... I probably didn't read your problem
correctly.
I would
actually think that it is better for them to resolve to your internal DNS
servers. I have seen loads of issues with people trying to get it to work the
other way round. The only thing is that do your internal DNS servers forward
out? If they did then you would probably be in an ok
situation?
I'd
still like to find out how your machines are getting their DNS entries
though?? Strange.
-Original
Message-From: Carlos
Magalhaes [mailto:[EMAIL PROTECTED] Sent: 11 May 2004 09:14To:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings

We
haven’t and still don’t use WINS , this network only uses DNS.

The
problem I am having is that the user logged onto our network can work fine DNS
is working etc. The user dialed up to their own ISP’s are being forced to our
internal DNS servers, they still get a valid IP addy from the ISP they just
are “forced” to use ours…

From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Rutherford,
RobertSent: Tuesday, May 11,
2004 9:56 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings

It's
either got to be WINS or Hosts files while using the standard W2K VPN dial-up.
I don't think WINS is a bad solution to be honest unless you want to dig
into your pocket.
If
you use a 3rd party, i.e. Checkpoint, then their technology allows for overlay
of your DNS setting post connection. I mentioned IPass earlier and they can do
a similar thing with their client, i.e. push on your internal DNS server post
connection to an IPass ISP.

-Original
Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Rick
ReynoldsSent: 11 May 2004
08:14To:
[EMAIL PROTECTED]Su

RE: [ActiveDir] DNS issues?

2004-05-13 Thread Rutherford, Robert

Title: Message

Sounds
like you are allowing DNS above your encrypt rule on your firewall... check it.
May also be worth setting up no NAT between your local lans.
BR,
Rob

-Original Message-From: Todd L. Graham
[mailto:[EMAIL PROTECTED] Sent: 13 May 2004 13:30To:
[EMAIL PROTECTED]Subject: [ActiveDir] DNS issues?

I
have a problem with my DNS over the WAN and VPN. Here is the
issue. For some reason DNS will not resolve names over the WAN, or
VPN. I can only connect to resources by IP address. This problem
started when I upgraded my network in January. We switched to a Cisco IP
phone system along with all Cisco gear (VPN concentrator, PIX firewall,
switches, routers…lots of money spent). We also upgraded our network at
the same time from W2k to Server 2003. We have a Point to Point T
between our sights and a T1 for internet access here. We have about 30
people who VPN into the network on the VPN concentrator. Our AD (I
actually run all IT for 3 companies, same owners) is one Root domain with 3
child domains 1 for each company. All common resources and user accounts
are in the root. Computer accounts and private resources are in each child
domain. The child domains share nothing. Due to the phone system we have
several V-LAN’s one for voice, VPN, Guest, and computer
network.
When
I am at the other location I can’t browse the network, or attach to mapped
drives from my logon script (they don’t even appear). I can only attach
to resources if I create a new mapped drive by IP address. When I do an
IP config I get all the right DNS servers listed. I can only ping them
by IP address. The same situation happens when I VPN from home. We
had DNS only on the network. My Cisco vendor told me it’s not their
gear. I added WINS to see if this would help…it did not. Any suggestions
on what I could have configured incorrectly? Could it be the Cisco
routers?
Thank
you for the help!
Todd
Graham
IT Manager
Urell Inc.
617-600-9355
[EMAIL PROTECTED]
The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] DNS settings

2004-05-10 Thread Rutherford, Robert

Title: Message

Correct. The DNS settings are set by the ISP. I think the only thing you
could do with RRAS would be to use WINS and I'm sure you can set
this.

-Original Message-From: Mulnick, Al
[mailto:[EMAIL PROTECTED] Sent: 10 May 2004
15:31To: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] DNS settings
Trying to remember exactly, but wouldn't they get their
DNS settings from the ISP upon connection either through their software
locally or from their RRAS server?
Al

From: Carlos Magalhaes
[mailto:[EMAIL PROTECTED] Sent: Monday, May 10, 2004 9:41
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir]
DNS settings

Hey
all,
I have a weird issue; all our
laptop users have their own third part dial up's (RRAS and RAS) for their
convenience. When the users dial up to their third party ISP's (all users)
they obtain an IP address from the ISP but their DNS settings are being forced
to the networks internal DNS servers, remembering that this is a PPP
connection. This causes havoc on their dial ups. I have had a look at
the DNS settings the GPO and even the DHCP server. I don't see anything that
would force a PPP connection to use the internal DNS servers. The settings are
not hard coded into the PPP connections IP
settings.
Anyone have an idea of what this
is or maybe I over looked something.
Thanks!
Carlos
The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] DNS settings

2004-05-10 Thread Rutherford, Robert

Title: Message



Have 
you ever thought about something like IPASS? I don't know whether it's suitable 
for your environment.. it depends what you requirements for access 
are.

  
  -Original Message-From: Rutherford, 
  Robert Sent: 10 May 2004 15:54To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS settings 
  
  Correct. The DNS settings are set by the ISP. I think the only thing 
  you could do with RRAS would be to use WINS and I'm sure you can set 
  this.
  

-Original Message-From: Mulnick, Al 
[mailto:[EMAIL PROTECTED] Sent: 10 May 2004 
15:31To: '[EMAIL PROTECTED]'Subject: RE: 
[ActiveDir] DNS settings 
Trying to remember exactly, but wouldn't they get their 
DNS settings from the ISP upon connection either through their software 
locally or from their RRAS server?
 
Al


From: Carlos Magalhaes 
[mailto:[EMAIL PROTECTED] Sent: Monday, May 10, 2004 9:41 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
DNS settings 


Hey 
all,
 
I have a weird issue; all our 
laptop users have their own third part dial up's (RRAS and RAS) for their 
convenience. When the users dial up to their third party ISP's (all users) 
they obtain an IP address from the ISP but their DNS settings are being 
forced to the networks internal DNS servers, remembering that this is a PPP 
connection.  This causes havoc on their dial ups. I have had a look at 
the DNS settings the GPO and even the DHCP server. I don't see anything that 
would force a PPP connection to use the internal DNS servers. The settings 
are not hard coded into the PPP connections IP 
settings.
 
Anyone have an idea of what this 
is or maybe I over looked something.
Thanks!
 
Carlos 
The information 
  transmitted is intended only for the person or entityto which it is
  addressed and may contain confidential and/orprivileged material. Any use 
  (including retransmission or copying)of this information by persons or 
  entities other than the intendedrecipient is prohibited. If you are not 
  the intended recipient of thistransmission, please contact the sender and 
  delete the materialfrom any computer. The sender is not responsible for 
  the completeness or accuracy of this communication as it has 
  beentransmitted over a public network. Any replies to this email may
  bemonitored by the MCPS-PRS Alliance for quality control and other
  purposes. The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

[ActiveDir] OT: Performance Monitor Counters

2004-05-05 Thread Rutherford, Robert

Hi Guys,

OT I know .. Just a quick one though..

Has anyone seen it where you do not have the option to add Memory or
Processor counters to perfmon on a server? Basically they are not
available for selection.

All other machines are fine and have the option, servers and wks.

Strange? Any ideas?

Thanks in Advance.

Rob
The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Storage of AD passwords???

2004-04-29 Thread Rutherford, Robert

In the SAM with MD5 is my memory serves. I'll need to check that.

-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
Sent: 29 April 2004 15:03
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Storage of AD passwords???

Funny - had that same question come up the other day from my security
guy.

Roger
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.

> -Original Message-
> From: Douglas M. Long [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 29, 2004 9:33 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] Storage of AD passwords???
> 
> I have been looking for how Active Directory stores
> passwords, and have had
> no luck. Does anyone know what format the password is stored 
> (eg crypt,
> md5)? Also, what is the password attribute (is it userPassword)? TYIA
> 
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Storage of AD passwords???

2004-04-29 Thread Rutherford, Robert

MD5 and LANMAN Hashes

-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
Sent: 29 April 2004 16:16
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Storage of AD passwords???


The issue isn't understanding the standards. We've got that part more
than covered. We're just trying to find what hash type is used to store
the passwords in AD.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

> -Original Message-
> From: Lou Vega [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 29, 2004 10:49 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Storage of AD passwords???
> 
> This link (http://csrc.nist.gov/CryptoToolkit/tkhash.html)
> will provide
> further information regarding the FIBS PUB 180-2 and SHA-256 
> standard. The
> PDF file at that location may provide you with the information you're
> looking for.
> 
> Just FYI - FIPS = Federal Information Processing Standards.
> 
> r/
> Lou
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Roger Seielstad
> Sent: Thursday, April 29, 2004 10:31 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Storage of AD passwords???
> 
> That really doesn't cover the specifics.
> 
> We're wondering what type and strength of encryption is used.
> We've got an
> RFP from a customer who's security requirements require the 
> use of some
> asinine level of crypto for password storage[1], and we can't 
> find a single
> instance of an OS that uses that leve, so we're thinking 
> they're not even
> meeting their own requirements there...
> 
> Roger
> --
> Roger D. Seielstad - MTS MCSE MS-MVP
> Sr. Systems Administrator
> Inovis Inc.
> 
> [1] "Password hash must use the SHA-256 standard: compliant
> with FIPS PUB
> 180-2"
>  
> 
> > -Original Message-
> > From: Mulnick, Al [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, April 29, 2004 10:16 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [ActiveDir] Storage of AD passwords???
> > 
> > Here's some background information
> > 
> > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&th
> readm=uNoVmrCr
> > AHA.1552%40tkmsftngp04&rnum=6&prev=/groups%3Fq%3Dmicrosoft%252
> > 0active%2520di 
> > rectory%2520%2522password%2520storage%2522%26hl%3Den%26lr%3D%2
> > 6ie%3DUTF-8%26
> > oe%3DUTF-8%26sa%3DN%26tab%3Dwg
> > 
> > -Original Message-
> > From: Roger Seielstad [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, April 29, 2004 10:03 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [ActiveDir] Storage of AD passwords???
> > 
> > Funny - had that same question come up the other day from my
> > security guy.
> > 
> > Roger
> > --
> > Roger D. Seielstad - MTS MCSE MS-MVP
> > Sr. Systems Administrator
> > Inovis Inc.
> >  
> > 
> > > -Original Message-
> > > From: Douglas M. Long [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, April 29, 2004 9:33 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: [ActiveDir] Storage of AD passwords???
> > > 
> > > I have been looking for how Active Directory stores
> passwords, and
> > > have had no luck. Does anyone know what format the password
> > is stored
> > > (eg crypt, md5)? Also, what is the password attribute (is it
> > > userPassword)? TYIA
> > > 
> > > 
> > > List info   : http://www.activedir.org/mail_list.htm
> > > List FAQ: http://www.activedir.org/list_faq.htm
> > > List archive:
> > > http://www.mail-archive.com/activedir%40mail.activedir.org/
> > > 
> > List info   : http://www.activedir.org/mail_list.htm
> > List FAQ: http://www.activedir.org/list_faq.htm
> > List archive:
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
> > List info   : http://www.activedir.org/mail_list.htm
> > List FAQ: http://www.activedir.org/list_faq.htm
> > List archive: 
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
> > 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the materi

RE: [ActiveDir] Cached Domain Credential logon expiry for Win2k/X P

2004-05-05 Thread Rutherford, Robert

Title: Message



Yeh I 
second that.. I have an old laptop I dig out occasionally at home which has been 
off the network for 18 months or so. I do however think you need to reset the 
computer account if you take it back into the network? Can't remember for
sure.

  
  -Original Message-From: Celone, Mike 
  [mailto:[EMAIL PROTECTED] Sent: 05 May 2004 
  17:03To: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] Cached Domain Credential logon expiry for Win2k/X 
  P
  I'm by no means an authoritative source on this but we 
  had a machine that was packed away for almost 8 months and the domain 
  credentials of users whom logged onto that machine were still cached.  I 
  don't think that they do expire.  I think you can only set how 
  many distinct credentials to cache.
   
  
  
  Mike Celone
  Systems 
  Specialist
  Radio Frequency 
  Systems
  v 203-630-3311 x1031 
  f 203-634-2027
  m 
  203-537-2406  
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 05, 2004 11:47 
  AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
  Cached Domain Credential logon expiry for Win2k/XP
  
  Does anyone know how long cached credentials for 
  domain logons are valid on Win2K/XP machines?  Is there even an expiry 
  date?  A concern was raised by our desktop OS group that cached 
  credentials for domain logons may expire for laptop users who spend 
  considerable time away from the office, leaving them unable to access the 
  workstation.  In My life as a road warrior, I never had this happen to 
  me, but I was never way from a network connection (VPN or otherwise) for more 
  than 2 weeks.
  I have been searching for a definitive answer in 
  terms of a KB article or some other "authoritative source" ( I guess my trust 
  me response was not authoritative enough), but have been unable to find
  one.
  David Frost Directory Engineering, Messaging, 
  Directories and PKI Engineering Services Industry Canada The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] DFS

2004-05-18 Thread Rutherford, Robert

In my opinion... DFS will do the job for you. I've used it and it's fine
for what you wish to achieve... Take the plunge.

-Original Message-
From: Jennifer Fountain [mailto:[EMAIL PROTECTED] 
Sent: 18 May 2004 02:16
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS

The primary goal is to have 2+ servers and have the customer only see
one.  Replication is only an added benefit if it works ok.  I do have
another question - how many on the list use dfs?  In a situation with 2+
servers, is this something you would recommend?  Unfortunately, the day
I treaded happened.  Our file server died and the last good backup
occurred on weds.  So now, the motivation to make smaller servers has
increased. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Wednesday, May 12, 2004 3:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS

There are two distinct issues here - having multiple instances of the
same data for redundancy/fault tolerance, and splitting the data among 4
servers for a type of load balancing.  I think the latter was the
primary goal, is that right Jennifer?  You just don't want 1 tb on a
single server?  Yes with DFS you can just split it up and have your 250
GB on each. That keeps you from having all 1000 GB of your files go away
if one server dies, and you'll probably get better response times for
your file access.  You can set certain folders to replicate but not
replicate the whole thing of course, and those folders you designate as
having multiple sources and you'll achieve true load balancing and
redundancy for that 20 Mb or so.  The main concern, as I understand it,
with the replicated folders is if people are liable to modify the same
files on different servers at the same time or before replication occurs
if it's not immediate.  Some data lends itself well to redundancy
(frequently used CD images etc) and some things don't do as well - home
directories for sure, and departmental directories depending on how
they're used.  At least that's my opinion from how I've understood it.

Rich Milburn
MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field
Platform Development Applebee's International, Inc. 4551 W. 107th St
Overland Park, KS 66207 913-967-2819

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jennifer
Fountain
Sent: Tuesday, May 11, 2004 4:05 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DFS

I was only thinking about replication between two servers and the data
would be small. Maybe 20 mb here and there - as files are updated. 

Kind Regards,

Jennifer Fountain
R&B Inc
3400 E Walnut Street
Colmar, PA  18915 

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Bruce
> Clingaman
> Sent: Tuesday, May 11, 2004 4:12 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] DFS
> 
> 
> 1 TB is too much for DFS to replicate between two servers, not to
> mention four. The replication (FRS) in DFS is flawed.
> Have you looked into shadow copy or a utility like Robocopy? 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer
> Fountain
> Sent: Tuesday, May 11, 2004 1:45 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] DFS
> 
> The main objective to to remove the single point of failure I have now

> - one big file server.  If this goes down, we are SOL.  From what I
> read/tested, DFS will allow you to point a single folder to shares on 
> different physical locations.
> (basically, the user sees one server but in reality I have four)
> 
> Replication is also something I could take advantage of; However, can
> you schedule replication in DFS?
> 
> Kind Regards,
> 
> Jennifer Fountain
> R&B Inc
> 3400 E Walnut Street
> Colmar, PA  18915
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of
> Depp, Dennis
> > M.
> > Sent: Tuesday, May 11, 2004 1:59 PM
> > To: Salandra, Justin A.; [EMAIL PROTECTED]
> > Subject: RE: [ActiveDir] DFS
> > 
> > Justin,
> > 
> > I don't think this is correct.  With DFS, I can set up different
> > subfolders to point to different physical locations.  These
> physical
> > locations can be setup a redundant pairs, but this is not required.
> > 
> > Denny
> > 
> > -Original Message-
> > From: "Salandra, Justin A." <[EMAIL PROTECTED]>
> > Sent: 5/11/04 1:41:37 PM
> > To: "[EMAIL PROTECTED]"
> <[EMAIL PROTECTED]>
> > Subject: RE: [ActiveDir] DFS
> > 
> > Having a DFS structure would mean that you would have 4 serv

RE: [ActiveDir] Group Policy Security Templates:

2004-05-18 Thread Rutherford, Robert

Title: Message

**snip**
. I suppose
what I am asking is if I set this value to 1 does this only allow one login or
one users cached profile infinitely however subject to other settings eg.
password age etc.
**snip**
It will allow
one cached profile indefinitely and the password will not
expire.
BR,
Rob

-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Sent: 18 May 2004
08:34To: [EMAIL PROTECTED]Subject:
[ActiveDir] Group Policy Security Templates:

All,
We are in the process of testing
security templates on a new windows 2003 domain model and there is one
attribute I am having trouble putting a value on. The particular node is the
Windows Settings/Security Settings/Local Policies/Security Options/Interactive
Login/Number of previous logins to cache (In case a domain controller is
unavailable). I have a template for workstations and this value is set to 0
logins. For laptops I have another template and this is the one I am having
trouble with I am unsure what value to put on
this.
We have numerous users who are at
our remote sites on laptops and they do not log onto the domain for weeks at a
time...this would however never exceed a 30 day period. What would you advise
I set this value to. I suppose what I am asking is if I set this value to 1
does this only allow one login or one users cached profile infinitely however
subject to other settings eg. password age etc.
Thanks.
JamesThe information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

[ActiveDir] OT : File/Folder/Storage Reporting

Title: Message



Hi All,
 
Well I'm at that stage again - reviewing backup and data storage. I'm 
hunting for duplicate files, old unmodified files, greediest user, 
etc.
 
I'm basically looking for some software that can report such things in 
one package. any experiences or recommendations?
 
Thanks in advance.
 
RobThe information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] dns issues

Title: Message



Can 
you see SRV records for the old server in DNS? They usually hang around.. if you 
do then delete them.
 
Are 
you multi-site?
 

-Original Message-From: Eric 
Fleischman [mailto:[EMAIL PROTECTED] Sent: 19 May 2004 
13:09To: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] dns issues

  
  Id probably 
  recommend a few action items here:
  1)   
  On 
  DC,  perform a dcdiag /v and netdiag /v as well; look for failure and be 
  sure to clear them up
  2)   
  On 
  client, point to same place that DC is pointed for 
  DNS
  3)   
  If all 
  else fails, a userenv log and network trace of client boot (trace taken from a 
  second machine that is on a little hub with affected client) should show us 
  what client is waiting on during bootup
   
  A few 
  questions:
  1) Are client and DC 
  on same subnet?
  2) Where are client 
  and DC pointed for DNS (primary and secondary would be 
  great)
  3) What is 
  connectivity between client and dc (same subnet, across a wan, 
  etc.)
   
  Hope this is a 
  helpful start!
  ~Eric
   
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Kern, 
  TomSent: Wednesday, May 19, 
  2004 5:20 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] dns 
  issues
   
  
  i bounced the server, srv records are all there. the 
  old server is not in dhcp and an nslookup in safe mode shows me there is
  connectivity to dns server and all the prpoer srv reords are 
  enumerated.
  
  i hahdn't hpought of ms04-011. what are some other 
  symptoms?
  
  thanks
  

-Original Message- From: deji Agba 
[mailto:[EMAIL PROTECTED] Sent: Wed 5/19/2004 3:04 AM 
To: [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] dns 
issues


More likely DNS 
than WINS. Trying bouncing the new Server, then restart netlogon on 
it (in case the MS04-011 is 
hurting you), then 
check DNS for the relevant SRV records. I know you said you looked in 
DHCP, but I have to ask if you made sure that the dead DC is no listed as a 
DNS server in your DHCP scopes. And, after the client have connected in 
"Safe Mode", what does nslookup 
say?



 

Lastly, anything 
in eventlog (on both server and clients?

 

Sincerely,Dèjì Akómöláfé, 
MCSE MCSA
MCP+I

Microsoft MVP 
- Directory Services

www.readymaids.com - we know 
ITwww.akomolafe.comDo you now realize that Today is 
the Tomorrow you were worried about Yesterday?  
-anon

 



From: 
Mulnick, AlSent: Tue 
5/18/2004 2:30 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] dns 
issues
WINS?  -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Kern, TomSent: Tuesday, May 18, 2004 5:17 PMTo: ActiveDir (E-mail)Subject: [ActiveDir] dns issues I had my primary fsmo role holder(pdc,infra,rid) go down. It was also a dnsserver(ad intergrated). i ran ntdutil and removed the server from AD. I alsohad another dns server running. I transfered all the fsmo roles to this server. Now however, i have a ton of what i think are dns issuses. I have clientswho are stuck at "applying security settings" and never logon(however, theycan when in safe mode with networking).also, i tried to join a workstation to my domain and it gave me a "connotcontact domain" error.the clients are all pointing to the new dns server via dhcp.there are no errors in the dns log or in directory services log.this is a child domain and the zone was delegated from the root. what gives?thanksList info   : http://www.activedir.org/mail_list.htmList FAQ    : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/List info   : http://www.activedir.org/mail_list.htmList FAQ    : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] OT : File/Folder/Storage Reporting

Title: Message

Yeh
I've used it before... I don't think it does file age, duplicate finding etc?
Its probably more that side of things I'm looking for.
Thanks
Larry

-Original Message-From: Passo, Larry
[mailto:[EMAIL PROTECTED] Sent: 19 May 2004
16:13To: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] OT : File/Folder/Storage Reporting

Treesize Pro will do
almost everything
http://www.jam-software.com/treesize/

From:
Rutherford, Robert [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 19,
2004 2:59 AMTo:
[EMAIL PROTECTED]Subject: [ActiveDir] OT :
File/Folder/Storage Reporting

Hi
All,

Well I'm at that
stage again - reviewing backup and data storage. I'm hunting for duplicate
files, old unmodified files, greediest user,
etc.

I'm basically looking
for some software that can report such things in one package. any
experiences or recommendations?

Thanks in
advance.

Rob
The information transmitted is intended only for
the person or entityto which it is addressed and may contain confidential
and/orprivileged material. Any use (including retransmission or
copying)of this information by persons or entities other than the
intendedrecipient is prohibited. If you are not the intended recipient of
thistransmission, please contact the sender and delete the
materialfrom any computer. The sender is not responsible for the
completeness or accuracy of this communication as it has
beentransmitted over a public network. Any replies to this email may
bemonitored by the MCPS-PRS Alliance for quality control and other
purposes.The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] OT : File/Folder/Storage Reporting

Title: Message



Ooh 
just checked and it does..
 
That'll do.
 
Thanks

  
  -Original Message-From: Rutherford, 
  Robert Sent: 19 May 2004 16:46To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT : 
  File/Folder/Storage Reporting
  Yeh 
  I've used it before... I don't think it does file age, duplicate finding etc? 
  Its probably more that side of things I'm looking for.
   
  Thanks Larry
  

-Original Message-From: Passo, Larry 
[mailto:[EMAIL PROTECTED] Sent: 19 May 2004 
16:13To: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] OT : File/Folder/Storage Reporting

Treesize Pro will 
do almost everything
 
http://www.jam-software.com/treesize/
 




From: 
    Rutherford, Robert [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 19, 
2004 2:59 AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] OT : 
File/Folder/Storage Reporting
 

Hi 
All,

 

Well I'm at that 
stage again - reviewing backup and data storage. I'm hunting for duplicate 
files, old unmodified files, greediest user, 
etc.

 

I'm basically 
looking for some software that can report such things in one package. 
any experiences or 
recommendations?

 

Thanks in
advance.

 

Rob
The information transmitted is intended only for 
the person or entityto which it is addressed and may contain 
confidential and/orprivileged material. Any use (including 
retransmission or copying)of this information by persons or entities 
other than the intendedrecipient is prohibited. If you are not the
intended recipient of thistransmission, please contact the sender and 
delete the materialfrom any computer. The sender is not responsible for 
the completeness or accuracy of this communication as it has 
beentransmitted over a public network. Any replies to this email may 
bemonitored by the MCPS-PRS Alliance for quality control and other
purposes.The
  information transmitted is intended only for the person or entityto which 
  it is addressed and may contain confidential and/orprivileged material. 
  Any use (including retransmission or copying)of this information by
  persons or entities other than the intendedrecipient is prohibited. If you 
  are not the intended recipient of thistransmission, please contact the 
  sender and delete the materialfrom any computer. The sender is not
  responsible for the completeness or accuracy of this communication as it 
  has beentransmitted over a public network. Any replies to this email may 
  bemonitored by the MCPS-PRS Alliance for quality control and other
  purposes. The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] a good software for cache on windows 2000

2004-05-20 Thread Rutherford, Robert


The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purpose

RE: [ActiveDir] a good software for cache on windows 2000

2004-05-20 Thread Rutherford, Robert


The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes

RE: [ActiveDir] a good software for cache on windows 2000

2004-05-20 Thread Rutherford, Robert

If I remember.. Winproxy will do almost anything you could want on a
proxy front. It's also relatively cheap.

http://www.winproxy.com

BR,

Rob

-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
Sent: 20 May 2004 13:39
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] a good software for cache on windows 2000


What, exactly, are you trying to accomplish?

Straight proxy caching for a speed increase, or are you also looking to
do authenticated proxying?

Roger
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

> -Original Message-
> From: Roseta Radfar [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 20, 2004 4:42 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] a good software for cache on windows 2000
> 
> hi,
>  
> any one can give me the name of a good cache software that
> works with transparent proxy and can be used on windows 2000 
> server. any good that you may have used and know that is a good one.
>  
>  
> thanks in advance.
> roseta

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] how many domain controllers ?

How many users to you have? It shouldn't be all your servers, unless you
only have 2.

-Original Message-
From: Mike Maple [mailto:[EMAIL PROTECTED] 
Sent: 21 May 2004 11:28
To: [EMAIL PROTECTED]
Subject: [ActiveDir] how many domain controllers ?

Does anyone have a view about how many servers in a domain should be
domain controllers.  Should it be all of them - or only a few on each
site ?

Mike.

--
Releasing funds to keep business flowing...

Last year alone, Xchanging helped the London Market release 75 million
pounds of redundant claim reserves.

During 2003, Xchanging's Enhanced Claims Review team, validated 439
million pounds of non-moving London Market claims.

To find out more about the Enhanced Claims Review service, talk to Sara
Frost on 020 7327 5701 or visit our website www.xchanging.com

--

-
THE INFORMATION IN THIS E-MAIL AND IN ANY ATTACHMENTS IS CONFIDENTIAL

AND MAY BE PRIVILEGED OR OTHERWISE PROTECTED FROM DISCLOSURE. 
IF YOU ARE NOT THE INTENDED RECIPIENT AND HAVE RECEIVED IT IN ERROR YOU
ARE ON NOTICE OF ITS STATUS. 
PLEASE NOTIFY THE SENDER IMMEDIATELY BY RETURN EMAIL AND THEN DELETE
THIS EMAIL AND ANY ATTACHMENT FROM YOUR SYSTEM. 
YOU MUST NOT RETAIN, COPY OR USE THIS E-MAIL OR ANY ATTACHMENT FOR ANY
PURPOSE, NOR DISCLOSE ALL OR ANY PART OF ITS CONTENTS TO ANY OTHER
PERSON: 

TO DO SO COULD BE A BREACH OF CONFIDENCE

EMAIL MAY BE SUSCEPTIBLE TO DATA CORRUPTION, INTERCEPTION AND
UNAUTHORISED AMENDMENT, 
AND WE DO NOT ACCEPT LIABILITY FOR ANY SUCH CORRUPTION, INTERCEPTION OR
AMENDMENT OR THE CONSEQUENCES THEREOF. 

WE MAY MONITOR THE CONTENT OF EMAILS SENT AND RECEIVED VIA OUR NETWORK
FOR VIRUSES OR UNAUTHORISED USE AND FOR OTHER LAWFUL BUSINESS PURPOSES. 
WE DO NOT ACCEPT RESPONSIBILITY FOR ANY LOSS OR DAMAGE ARISING FROM A
VIRUS IN ANY EMAIL OR ATTACHMENT.

---
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] how many domain controllers ?

Eg.. May last company .. 25 sites globally. 

HQ with 700 users - 3 DCs
Every other site 20-50 users - 1 DC

-Original Message-
From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] 
Sent: 21 May 2004 11:36
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] how many domain controllers ?

as few as possible

just roughly: depending on how you define small, medium, large, this
would translate to none for small, 1 for medium and usually no more than
2-3 for large (mainly depends on other services using the DCs/GCs, such
as Exchange).  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Maple
Sent: Freitag, 21. Mai 2004 12:28
To: [EMAIL PROTECTED]
Subject: [ActiveDir] how many domain controllers ?

Does anyone have a view about how many servers in a domain should be
domain controllers.  Should it be all of them - or only a few on each
site ?

Mike.

--
Releasing funds to keep business flowing...

Last year alone, Xchanging helped the London Market release 75 million
pounds of redundant claim reserves.

During 2003, Xchanging's Enhanced Claims Review team, validated 439
million pounds of non-moving London Market claims.

To find out more about the Enhanced Claims Review service, talk to Sara
Frost on 020 7327 5701 or visit our website www.xchanging.com

--

-
THE INFORMATION IN THIS E-MAIL AND IN ANY ATTACHMENTS IS CONFIDENTIAL

AND MAY BE PRIVILEGED OR OTHERWISE PROTECTED FROM DISCLOSURE. 
IF YOU ARE NOT THE INTENDED RECIPIENT AND HAVE RECEIVED IT IN ERROR YOU
ARE ON NOTICE OF ITS STATUS. 
PLEASE NOTIFY THE SENDER IMMEDIATELY BY RETURN EMAIL AND THEN DELETE
THIS EMAIL AND ANY ATTACHMENT FROM YOUR SYSTEM. 
YOU MUST NOT RETAIN, COPY OR USE THIS E-MAIL OR ANY ATTACHMENT FOR ANY
PURPOSE, NOR DISCLOSE ALL OR ANY PART OF ITS CONTENTS TO ANY OTHER
PERSON: 

TO DO SO COULD BE A BREACH OF CONFIDENCE

EMAIL MAY BE SUSCEPTIBLE TO DATA CORRUPTION, INTERCEPTION AND
UNAUTHORISED AMENDMENT, 
AND WE DO NOT ACCEPT LIABILITY FOR ANY SUCH CORRUPTION, INTERCEPTION OR
AMENDMENT OR THE CONSEQUENCES THEREOF. 

WE MAY MONITOR THE CONTENT OF EMAILS SENT AND RECEIVED VIA OUR NETWORK
FOR VIRUSES OR UNAUTHORISED USE AND FOR OTHER LAWFUL BUSINESS PURPOSES. 
WE DO NOT ACCEPT RESPONSIBILITY FOR ANY LOSS OR DAMAGE ARISING FROM A
VIRUS IN ANY EMAIL OR ATTACHMENT.

---
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Slow or non existent drive mappings

Title: Message

I take
it it's the machine, i.e. the user logs on at another machine they don't get the
issue?
Are
you getting anything showing up in the event log to give any hint of the
problem?
Rob

-Original Message-From: John Parker
[mailto:[EMAIL PROTECTED] Sent: 21 May 2004 13:10To:
[EMAIL PROTECTED]Subject: [ActiveDir] Slow or non
existent drive mappings
Greets to all on this beautifully gloomy Friday!
We have a small
(100 users) Win2K AD. Fully patched, Spacked etc.
I have one XP user
who's network drive mappings do not show up consistently. Sometimes
partial, other none at all. if the user logs out and logs back in,
(Sometimes more than once) They will map properly.
Anyone seen
this?
The mapping is
done via a logon script on the AD server.
Thanks in
advance.
John Parker, MCSEIS Admin.Senior Technical
SpecialistAlpha
Display Systems. Alpha VideoThe information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] a good software for cache on windows 2000

Title: Message



Winproxy will transparent proxy, cache, port map etc... most things you 
could need from a proxy app.
 
 I would go for Squid personally but you did specify you wanted a 
W2K platform.
 
Rob

  
  -Original Message-From: Roger Seielstad 
  [mailto:[EMAIL PROTECTED] Sent: 21 May 2004 
  13:32To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] a good software for cache on windows 2000
  I'm as much a fan of Windows 2k/2k3 as most other people, 
  but there's no way I'd run Windows 2000 as a transparent proxy in an ISP 
  setting.
   
  First, the software just isn't there for it (at least not 
  that I've found, but I haven't looked deeply enough at it). And the software's 
  the easy part.
   
  I haven't looked at RRAS in WIn2k3 yet, but I don't 
  recall Win2k having the necessary abilities included to be able to create a 
  transparent proxy.
   
  Just to make sure we're clear here - a transparent proxy 
  is one which intercepts web connections, with no configuration on the client 
  end. That's not an easy task. There are two ways to do it - as a router, or as 
  a bridge. The real difference is how the box handles other traffic. 
  Personally, the router style config is easier but carries the downside that 
  the box has to do more. 
   
  Basically all outbound traffic destined for port 80 has 
  to be redirected (its actually NAT'ed) to the proxy server. I know that IPF 
  and PF on OpenBSD (IPF has been ported to other Unix systems as well) 
   both have that capability.
   
  As I mentioned, I've used Squid on OpenBSD for it. Here's 
  a FAQ on how it works, which might help you along the 
path:
  http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
   
  Brief digging hasn't found anything similar for Windows, 
  although it might exist.
   
  Roger
  -- 
  Roger D. Seielstad 
  - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. 
  
   
  


From: Roseta Radfar 
[mailto:[EMAIL PROTECTED] Sent: Friday, May 21, 2004 3:57 
AMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] a good software for cache on windows 2000

yes i need it for web content. 
do you think transparent proxy will  will work on windows 
2000?  do you think  it can work without so much difficulty and 
working correctly?because i want to run it for an ISP.

  -Original Message- From: Roger 
  Seielstad [mailto:[EMAIL PROTECTED] Sent: Thu 
  5/20/2004 5:56 PM To: [EMAIL PROTECTED] 
  Cc: Subject: RE: [ActiveDir] a good software for 
  cache on windows 2000
  Web content, it would seem.
   
  -- 
  Roger D. 
  Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator 
  Inovis 
  Inc. 
   
  


From: Eric Fleischman 
[mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 
10:11 AMTo: [EMAIL PROTECTED]Subject: 
RE: [ActiveDir] a good software for cache on windows 
2000


Iâm not clear 
on this thread I donât think.
Are we talking 
about web content caching or authenticating caching? That hasnât been 
spelled out, and I assumed web content caching, but was not 
sure.
 
~Eric
 
 




From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Roger 
SeielstadSent: 
Thursday, May 20, 2004 9:04 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] a good 
software for cache on windows 2000
 
Personal 
preference for secure, fast cache only proxy is Squid, but it only runs 
on Unix. I run an OpenBSD/Squid cache combo at home to speed up my 
access.
 
Transparent 
proxying is kinda hard - you need to put the box inline with the 
firewall or router - generally in a bridged NIC config - which Windows 
traditionally doesn't do too well.

 
-- 
Roger D. 
Seielstad - MTS MCSE MS-MVP Sr. Systems 
Administrator Inovis 
Inc. 

 

   
  
  
  
  From: 
  Roseta Radfar [mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 9:51 
  AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] a good 
  software for cache on windows 2000
  
  a cach for a speed increase and a strong 
  one!
  

-Original Message- From: Roger Seielstad 
[mailto:[EMAIL PROTECTED] Sent: Thu 5/20/2004

RE: [ActiveDir] a good software for cache on windows 2000

Title: Message



It has 
as many third parties use it as a back end...
 
http://www.acmeconsulting.it/pagine/opensource/squid/squidnt25.htm

  
  -Original Message-From: Roger Seielstad 
  [mailto:[EMAIL PROTECTED] Sent: 21 May 2004 
  14:01To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] a good software for cache on windows 2000
  I doubt its possible - Squid's not been ported to Windows 
  from what I can find. See my other post for more detaisl..
   
  -- 
  Roger D. Seielstad 
  - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. 
  
   
  


From: Roseta Radfar 
[mailto:[EMAIL PROTECTED] Sent: Friday, May 21, 2004 4:08 
AMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] a good software for cache on windows 2000

do you think that is possible to do? is it a good idea to do that? put 
Squid on win 2000 with transparent proxy i mena? if I will have any problem 
when doing that do you think you can help me?
 
thanks for your advice.
roseta
 

  -Original Message- From: Roger 
  Seielstad [mailto:[EMAIL PROTECTED] Sent: Thu 
  5/20/2004 5:56 PM To: [EMAIL PROTECTED] 
  Cc: Subject: RE: [ActiveDir] a good software for 
  cache on windows 2000
  Web content, it would seem.
   
  -- 
  Roger D. 
  Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator 
  Inovis 
  Inc. 
   
  


From: Eric Fleischman 
[mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 
10:11 AMTo: [EMAIL PROTECTED]Subject: 
RE: [ActiveDir] a good software for cache on windows 
2000


Iâm not clear 
on this thread I donât think.
Are we talking 
about web content caching or authenticating caching? That hasnât been 
spelled out, and I assumed web content caching, but was not 
sure.
 
~Eric
 
 




From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Roger 
SeielstadSent: 
Thursday, May 20, 2004 9:04 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] a good 
software for cache on windows 2000
 
Personal 
preference for secure, fast cache only proxy is Squid, but it only runs 
on Unix. I run an OpenBSD/Squid cache combo at home to speed up my 
access.
 
Transparent 
proxying is kinda hard - you need to put the box inline with the 
firewall or router - generally in a bridged NIC config - which Windows 
traditionally doesn't do too well.

 
-- 
Roger D. 
Seielstad - MTS MCSE MS-MVP Sr. Systems 
Administrator Inovis 
Inc. 

 

   
  
  
  
  From: 
  Roseta Radfar [mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 9:51 
  AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] a good 
  software for cache on windows 2000
  
  a cach for a speed increase and a strong 
  one!
  

-Original Message- From: Roger Seielstad 
[mailto:[EMAIL PROTECTED] Sent: Thu 5/20/2004 4:08 PM 
To: 
[EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] a good 
software for cache on windows 2000
What, exactly, are you trying to 
accomplish?Straight proxy caching for a speed increase, or 
are you also looking to doauthenticated 
proxying?Roger--Roger 
D. Seielstad - MTS MCSE MS-MVPSr. Systems 
AdministratorInovis Inc.> -Original 
Message-> From: Roseta Radfar [mailto:[EMAIL PROTECTED]]> 
Sent: Thursday, May 20, 2004 4:42 AM> To: 
[EMAIL PROTECTED]> Subject: [ActiveDir] a good 
software for cache on windows 2000>> 
hi,> > any one can give me the name of a good 
cache software that> works with transparent proxy and can be 
used on windows 2000> server. any good that you may have used 
and know that is a good one.> > > 
thanks in advance.> roseta> .+-wi0-+YbmPi0-+bÚf.+-j! 
> 0j!orØyØIV+v*>List info   : http://www.activedir.org/mail_list.htmList 
FAQ    : http://www.activedir.org/list_faq.htmList 
archive: http://www.mail-archive.com/activedir%40mail.activedir.org/The informati

RE: [ActiveDir] Two Questions

Title: Message

1) No
problems.
2)
When you say u are incorporating NAT.. for what reason? Purely for internet
access? Why do you need to change your internal range to use
NAT?
Chnaging your range isn't really too much of an issue... you just
need to make sure you plan it out first, i.e. making sure DC's register
correctly, getting DHCP over, blah, blah.
BR
Rob

-Original Message-From: John Parker
[mailto:[EMAIL PROTECTED] Sent: 21 May 2004 13:22To:
[EMAIL PROTECTED]Subject: [ActiveDir] Two
Questions
Hello again out
there!
1) I am replacing
our 10/100 card on my AD box with gigabit. Other than setting the IP
info to match the what it was on the 10/100 card, is there anything
else I need to do/watch out for to ensure safe and uniterrupted communication
once I set the card up?
2) On the
same system, in a couple months we are rolling over to a new ISP and
incorporating NAT. Any recommended ways of doing this? I am
hitting the books and touching the world on this one, just curious if there
are any white papers on this? What is the best way to NAT the
Network? Are there any AD issues with the change in our Class
C? etc.
Any input would be
appreciated.
Thank you
again.
John Parker, MCSEIS Admin.Senior Technical
SpecialistAlpha
Display Systems. Alpha Video

The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] Two Questions

Title: Message

Oh
OK.. didn't realise you were on publics.
The
only thing to watch is that your DC's register correctly.. which they usually
do. I have performed many range changes and it's straight forward from the AD
side. I always prefer to physically bounce a DC after changing it's IP but
that's about it.
BR
Rob

-Original Message-From: John Parker
[mailto:[EMAIL PROTECTED] Sent: 21 May 2004 16:48To:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Two
Questions

Thanks Robert
for your reply.
We are
rolling over to a new ISP and have been wanting to get my workstations off of
public IP’s.

For security
reasons.
That’s the
reason for the NAT.
I only have
two DC’s
John Parker, MCSE

IS Admin.
Senior Technical Specialist

Alpha Display Systems.

Alpha Video
7711 Computer Ave.
Edina, MN. 55435

952-896-9898 Local
800-388-0008 Watts
952-896-9899 Fax
612-804-8769 Cell
952-841-3327 Direct

[EMAIL PROTECTED]
"Be excellent to each other"

---End of Line---
-----Original
Message-From:
Rutherford, Robert
[mailto:[EMAIL PROTECTED]Sent: Friday, May 21, 2004 8:53
AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Two
Questions
1) No problems.
2) When you say u are incorporating NAT..
for what reason? Purely for internet access? Why do you need to change your
internal range to use NAT?
Chnaging your range isn't really
too much of an issue... you just need to make sure you plan it out first, i.e.
making sure DC's register correctly, getting DHCP over, blah, blah.

BR
Rob
-Original
Message-From: John
Parker [mailto:[EMAIL PROTECTED] Sent: 21 May 2004 13:22To:
[EMAIL PROTECTED]Subject: [ActiveDir] Two
Questions
Hello again out
there!
1) I
am replacing our 10/100 card on my AD box with gigabit. Other than
setting the IP info to match the what it was on the 10/100 card, is
there anything else I need to do/watch out for to ensure safe and uniterrupted
communication once I set the card up?
2) On the same system, in a couple
months we are rolling over to a new ISP and incorporating NAT. Any
recommended ways of doing this? I am hitting the books and touching the
world on this one, just curious if there are any white papers on this?
What is the best way to NAT the Network? Are there any AD issues with
the change in our Class C? etc.
Any
input would be appreciated.
Thank you again.
John Parker,
MCSEIS
Admin.Senior Technical
SpecialistAlpha Display
Systems. Alpha
Video
The
information transmitted is intended only for the person or entityto which
it is addressed and may contain confidential and/orprivileged material.
Any use (including retransmission or copying)of this information by
persons or entities other than the intendedrecipient is prohibited. If you
are not the intended recipient of thistransmission, please contact the
sender and delete the materialfrom any computer. The sender is not
responsible for the completeness or accuracy of this communication as it
has beentransmitted over a public network. Any replies to this email may
bemonitored by the MCPS-PRS Alliance for quality control and other
purposes.The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited. If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] Sysvol Damaged

2004-05-24 Thread Rutherford, Robert

Title: Message



Can 
you also run a dcdiag and see if it runs clean? If it doesn't then paste the 
results here.
 
Rob

  
  -Original Message-From: Roger Seielstad 
  [mailto:[EMAIL PROTECTED] Sent: 24 May 2004 
  13:39To: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] Sysvol Damaged
  Is the box pointing to a known good DNS server
  (preferably to DC's in a known good site)?
   
  How long are you waiting for replication to happen? I 
  generally like to let them spin overnight if at all possible before worrying 
  about whether its working correctly.
   
  -- 
  Roger D. Seielstad 
  - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. 
  
   
  


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] Sent: Monday, May 24, 2004 4:45 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
Sysvol Damaged

Hi Folks, I am having a problem with one of my 
Additonal Domain Controller, which is recently promoted. 
Actually,this is a newly 
promoted ADC via a wan link. I had to demote it first using dcpromo/forceremoval as it had problem and it was
screwed.( http://support.microsoft.com/default.aspx?kbid=332199 ) Also, i had to delete netlogon.chg file 
in system root as it was corrupted and then after the reboot the system 
created the file succesfully..
I later used ADSIEDIT to clear 
the metabase succesfully. Now in this DC is fresly promoted as a new
Additonal Domain controller againt thru the WAN Link, Now, I cant see
anything id domain.com in sysvol and itz not shared too. Also, i had to 
delete netlogon.chg file in system root as it was corrupted and then after 
the reboot the system created the file succesfully..
How do rebuild the sysvol 
strucuture, Do I need to use "D2" "D4" Burflags.. I am afraid because I have 
more that 5 ADC in this site and 2-3 are connected via WAN Link. Or shuld I 
manually copy the sysvol structure from the GOOD SYSVOL STRUCUTE on another 
DC and try to restart NTFRS, like, I am really running out of 
ideas.
Can any one help me on this 
issue. Regards, Mohammed Athif Khaleel Asst.Network Engineer AlFaisaliah 
Group Information Technology Tel.: 
+966-1-461-0077 x.209 Moble.:
+966-509774015 
Email: [EMAIL PROTECTED] 
"Save Internet, Keep all the 
systems patched" Web: 
http://alfaisaliah.com 
- 
This email and any files transmitted with 
it are confidential and intended solely for the use of the individual or 
entity to whom/which they are addressed. If you have received this email in 
error please notify the system manager at the following email address:
[EMAIL PROTECTED] . 
Please note that any views or opinions presented in this email are solely 
those of the author and do not necessarily represent those of Al Faisaliah 
Group. Internet communications cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, arrive late 
or contain viruses. The sender therefore does not accept liability for any 
errors or omissions in the context of this message, which arise as a result 
of Internet transmission.  Finally, the recipient should check this 
email and any attachments for the presence of viruses. Al Faisaliah Group 
accepts no liability for any damage caused by any virus transmitted by this 
email. 
- 
The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.

RE: [ActiveDir] Sysvol Damaged

Title: Message



restart the File Replication Service and run your dcdiag again. Any 
change?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 May 
  2004 09:20To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Sysvol Damaged
  Guyz still the SYSVOL is not shared?? how do i troubleshoot this 
  critical problem
  Regards, Mohammed Athif Khaleel 
  Asst.Network 
  Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
  Moble.: +966-509774015 
  Email:
  [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
  Web: 
  http://alfaisaliah.com 

  

-Original Message-From: Mohammed Athif 
Khaleel Sent: Monday, 24 May 2004 5:05 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged
Also, I get these erros in NETDIAG...Oops I shuld have 
posted that in previous mail... 
LDAP test. . . . . . . . . . . . . : Passed     [WARNING] Failed to query SPN registration on DC 
'RIY04-DC01.riyadh.afg.com'.     
[WARNING] Failed to query SPN registration on DC 
'mega-dc1.riyadh.afg.com'.     
[WARNING] Failed to query SPN registration on DC 
'safisulaidc1.riyadh.afg.com'. 
Regards, Athif 
-Original Message- From: 
Mohammed Athif Khaleel Sent: Monday, 24 May 2004 
4:49 PM To: [EMAIL PROTECTED] 
Subject: RE: [ActiveDir] Sysvol Damaged 
Roger, Yes, the box is pointing to a correct dc which is 
actually the PDC running very well and healthy SYSVOL structure. I have been 
waiting for more than a week for replication to happen but still the same, 
even the sysvol folder is not shared. I am attaching dcdiag log, I really 
dont know if i can attach dcdiag.txt. Appologies if thatz not 
allowed..
TIA, Athif -----Original Message- From: Rutherford, 
Robert [mailto:[EMAIL PROTECTED]] 
Sent: Monday, 24 May 2004 3:54 PM To: [EMAIL PROTECTED] Subject: RE: 
[ActiveDir] Sysvol Damaged 
Can you also run a dcdiag and see if it runs clean? If it 
doesn't then paste the results here. Rob 
-Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
Sent: 24 May 2004 13:39 To: 
[EMAIL PROTECTED] Subject: RE: 
[ActiveDir] Sysvol Damaged 
Is the box pointing to a known good DNS server (preferably 
to DC's in a known good site)? How long are you 
waiting for replication to happen? I generally like to let them spin
overnight if at all possible before worrying about whether its working
correctly.
-- 
Roger D. Seielstad - MTS MCSE MS-MVP 
Sr. Systems Administrator Inovis Inc. 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Monday, May 24, 2004 4:45 AM To: [EMAIL PROTECTED] Subject: 
[ActiveDir] Sysvol Damaged 
Hi Folks, I am having a problem with 
one of my Additonal Domain Controller, which is recently promoted. 
Actually,this is a newly promoted ADC via a wan link. I had to demote it 
first using dcpromo/forceremoval as it had problem and it was screwed.( http://support.microsoft.com/default.aspx?kbid=332199 
) Also, i had to delete netlogon.chg file in system root as it was corrupted 
and then after the reboot the system created the file 
succesfully..
I later used ADSIEDIT to clear the metabase succesfully. Now 
in this DC is fresly promoted as a new Additonal Domain controller againt 
thru the WAN Link, Now, I cant see anything id domain.com in sysvol and itz 
not shared too. Also, i had to delete netlogon.chg file in system root as it 
was corrupted and then after the reboot the system created the file 
succesfully..
How do rebuild the sysvol strucuture, Do I need to use "D2" 
"D4" Burflags.. I am afraid because I have more that 5 ADC in this site and 
2-3 are connected via WAN Link. Or shuld I manually copy the sysvol 
structure from the GOOD SYSVOL STRUCUTE on another DC and try to restart 
NTFRS, like, I am really running out of ideas.
Can any one help me on this issue. 
Regards, Mohammed Athif Khaleel 
Asst.Network Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 Moble.:
+966-509774015 Email: [EMAIL PROTECTED]
"Save Internet, Keep all the systems patched" 
Web: http://alfaisaliah.com 
  
  - 
  This email and any files transmitted with it are 
  confidential and intended solely for the use of the individual or entity to 
  whom/which they are addressed. If you have received this email in error please 
  notify the system manager at the following email address: 
  [EMAIL PROTECTED] . Please note that any 
  views or opinions presented in this email are solely those of the author and 
  do not necessarily represent those of

RE: [ActiveDir] Sysvol Damaged

Title: Message



I 
assume you have not disabled the KCC..
 
Delete 
the manual objects and then kick off the KCC and it should work out the best 
paths. This can be done via replmon or sites and services. Unless you have a 
large complex site structure then I would just use the KCC as it does a 
pretty good job and you shouldn't really have a need to or be creating manual 
links.
 
The 
other thing is to be patient. AD is a slow moving monster and left will 
typically sort out a majority of issues if left over time, i.e. a good few
hours.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 May 
  2004 09:48To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Sysvol Damaged
  I 
  will try to run DCDAIG now,. Actually, i thought ther might be problem with 
  the missing NTDS CONNECTION OBJECTS and so I have manually added those. Now 
  when i restart NTFRS, i see i see event id 13562 Source NTFRS, Description, 
  Following is the summary of warnings and errors 
  encountered by File Replication Service while polling the Domain Controller 
  SONYDC.riyadh.afg.com for FRS replica set configuration 
  information. 
  How do i avoid these errors, shuld I delete those 
  which ihave created manually?? if they are not generated automatically 
  then when i add that manually, why is that confilcting?? The 
  nTDSConnection object cn=afgdc02,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=66dbe7ca-284e-4ccd-8fe7-d273ced34d1e,cn=ntds
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=afgdc02,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object cn=afgdc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=5d5bb30b-9ff5-4c61-b003-1bf2b4a14957,cn=ntds
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=afgdc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object cn=mega-dc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=09bcc2f0-8984-4e8a-9915-f1e3d801fffc,cn=ntds
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=mega-dc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object 
  cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=riy04-dc01,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object 
  cn=dfbc1a17-09a5-4ad6-b0c1-f7eeac21f802,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=ryd_dc3,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=dfbc1a17-09a5-4ad6-b0c1-f7eeac21f802,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object 
  cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=safisulaidc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
   
  Regards, Mohammed Athif Khaleel 
  Asst.Network 
  Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
  Moble.: +966-509774015 
  Email:
  [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
  Web: 
  http://alfaisaliah.com 

  

-Original Message-From: Rutherford, 
Robert [mailto:[EMAIL PROTECTED] Sent: 
Wednesday, 26 May 2004 11:30 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged
restart the File Replication Service and run your dcdiag again. 
Any change?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 
  May 2004 09:20To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
  Damaged
  Guyz still the SYSVOL is not shared?? how do i troubleshoot this 
  critical problem
  Regards, 
  Mohammed Athif 
  Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology 
  Tel.: 
  +966-1-461-0077 x.209 Moble.: +966-50977401

RE: [ActiveDir] Sysvol Damaged

Title: Message



Did 
you restart the FRS service before running the below dcdiag?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 May 
  2004 10:13To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Sysvol Damaged
  Domain membership test . . . . . . : FailedSONYDC 
  failed test kccevent  Starting test: 
  frssysvol Error: No record 
  of File Replication System, SYSVOL 
  started. The Active
  Directory may be prevented from 
  starting. There are errors 
  after the SYSVOL has been 
  shared. The SYSVOL can 
  prevent the AD from 
  starting. 
  . SONYDC passed test 
  frssysvol  Starting test: 
  kccevent An Warning Event 
  occured.  EventID: 
  0x84F1    
  Time Generated: 05/26/2004   
  11:55:32    
  (Event String could not be 
  retrieved) An Warning 
  Event occured.  EventID: 
  0x84F1    
  Time Generated: 05/26/2004   
  11:55:56    
  (Event String could not be retrieved)
  Regards, Mohammed Athif Khaleel 
  Asst.Network 
  Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
  Moble.: +966-509774015 
  Email:
  [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
  Web: 
  http://alfaisaliah.com 

  

-Original Message-From: Rutherford, 
Robert [mailto:[EMAIL PROTECTED] Sent: 
Wednesday, 26 May 2004 11:30 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged
restart the File Replication Service and run your dcdiag again. 
Any change?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 
  May 2004 09:20To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
  Damaged
  Guyz still the SYSVOL is not shared?? how do i troubleshoot this 
  critical problem
  Regards, 
  Mohammed Athif 
  Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology 
  Tel.: 
  +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EMAIL PROTECTED] "Save Internet, Keep all 
  the systems patched" Web: http://alfaisaliah.com 
  
  

-Original Message-From: Mohammed 
Athif Khaleel Sent: Monday, 24 May 2004 5:05 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
Damaged
Also, I get these erros in NETDIAG...Oops I shuld have 
posted that in previous mail... 
LDAP test. . . . . . . . . . . . . : Passed 
    [WARNING] Failed to query SPN 
registration on DC 'RIY04-DC01.riyadh.afg.com'.     [WARNING] Failed to query SPN registration on 
DC 'mega-dc1.riyadh.afg.com'.     
[WARNING] Failed to query SPN registration on DC 
'safisulaidc1.riyadh.afg.com'. 
Regards, Athif 
-Original Message- From: 
Mohammed Athif Khaleel Sent: Monday, 24 May 2004 
4:49 PM To: [EMAIL PROTECTED] 
Subject: RE: [ActiveDir] Sysvol Damaged 
Roger, Yes, the box is pointing to a correct dc which is 
actually the PDC running very well and healthy SYSVOL structure. I have 
been waiting for more than a week for replication to happen but still 
the same, even the sysvol folder is not shared. I am attaching dcdiag 
log, I really dont know if i can attach dcdiag.txt. Appologies if thatz 
not allowed..
TIA, Athif -----Original Message- From: 
Rutherford, Robert [mailto:[EMAIL PROTECTED]] 
Sent: Monday, 24 May 2004 3:54 PM 
To: [EMAIL PROTECTED] 
Subject: RE: [ActiveDir] Sysvol Damaged

Can you also run a dcdiag and see if it runs clean? If 
it doesn't then paste the results here. Rob 
-Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
Sent: 24 May 2004 13:39 To: [EMAIL PROTECTED] Subject: 
RE: [ActiveDir] Sysvol Damaged 
Is the box pointing to a known good DNS server
(preferably to DC's in a known good site)? How 
long are you waiting for replication to happen? I generally like to let 
them spin overnight if at all possible before worrying about whether its 
working correctly.
-- 
Roger D. Seielstad - MTS MCSE MS-MVP 
Sr. Systems Administrator Inovis Inc. 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Monday, May 24, 2004 4:45 AM 
To: [EMAIL PROTECTED] 
Subject: [ActiveDir] Sysvol Damaged 

Hi Folks, I am having a problem 
with one of my Additonal Domain Controller, which is recently promoted. 
Actually,this is a newly promoted ADC via a wan link. I had to demote it 
first using dcpromo/force

RE: [ActiveDir] Sysvol Damaged

Title: Message



Are 
all your other DC's still running clean? If so then I'd suggest a DCpromo down 
and then up again.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 May 
  2004 11:27To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Sysvol Damaged
  Yes i did restart FRS before DCDIAG
  Regards, Mohammed Athif Khaleel 
  Asst.Network 
  Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
  Moble.: +966-509774015 
  Email:
  [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
  Web: 
  http://alfaisaliah.com 

  

-Original Message-From: Rutherford, 
Robert [mailto:[EMAIL PROTECTED] Sent: 
Wednesday, 26 May 2004 12:50 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged
Did you restart the FRS service before running the below 
dcdiag?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 
  May 2004 10:13To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
  Damaged
  Domain membership test . . . . . . : 
  FailedSONYDC failed test kccevent  
  Starting test: 
  frssysvol Error: No 
  record of File Replication System, SYSVOL 
  started. The Active 
  Directory may be prevented from 
  starting. There are 
  errors after the SYSVOL has been 
  shared. The SYSVOL can 
  prevent the AD from 
  starting. 
  . SONYDC passed test 
  frssysvol  Starting test: 
  kccevent An Warning 
  Event occured.  EventID: 
  0x84F1    
  Time Generated: 05/26/2004   
  11:55:32    
  (Event String could not be 
  retrieved) An Warning 
  Event occured.  EventID: 
  0x84F1    
  Time Generated: 05/26/2004   
  11:55:56    
  (Event String could not be retrieved)
  Regards, 
  Mohammed Athif 
  Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology 
  Tel.: 
  +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EMAIL PROTECTED] "Save Internet, Keep all 
  the systems patched" Web: http://alfaisaliah.com 
  
  

-Original Message-From:
Rutherford, Robert [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 26 May 2004 11:30 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
Damaged
restart the File Replication Service and run your dcdiag 
again. Any change?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  Sent: 26 May 2004 09:20To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
  Damaged
  Guyz still the SYSVOL is not shared?? how do i troubleshoot 
  this critical problem
  Regards, 
  Mohammed 
  Athif Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology
  Tel.: 
  +966-1-461-0077 x.209 Moble.: +966-509774015 Email: 
  [EMAIL PROTECTED] "Save Internet, Keep all the systems 
  patched" Web: http://alfaisaliah.com 
  
  

-Original Message-From: 
Mohammed Athif Khaleel Sent: Monday, 24 May 2004 5:05 
PMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] Sysvol Damaged
Also, I get these erros in NETDIAG...Oops I shuld 
have posted that in previous mail... 
LDAP test. . . . . . . . . . . . . : Passed 
    [WARNING] Failed to query SPN 
registration on DC 'RIY04-DC01.riyadh.afg.com'.     [WARNING] Failed to query SPN registration 
on DC 'mega-dc1.riyadh.afg.com'.     [WARNING] Failed to query SPN registration 
on DC 'safisulaidc1.riyadh.afg.com'. 
Regards, Athif 
-Original Message- From: Mohammed Athif Khaleel Sent: 
Monday, 24 May 2004 4:49 PM To: 
[EMAIL PROTECTED] Subject: RE: 
[ActiveDir] Sysvol Damaged 
Roger, Yes, the box is pointing to a correct dc 
which is actually the PDC running very well and healthy SYSVOL
structure. I have been waiting for more than a week for replication 
to happen but still the same, even the sysvol folder is not shared. 
I am attaching dcdiag log, I really dont know if i can attach
dcdiag.txt. Appologies if thatz not allowed..
    TIA, Athif -Original Message- From: 
Rutherford, Robert [mailto:[EMAIL PROTECTED]] 
Sent: Monday, 24 May 2004 3:54 PM 
To: [EMAIL PROTECTED] 
Subject: RE: [ActiveDir] Sysvol Damaged

[ActiveDir] Test Lab Creation

Title: Message



Hi 
Guys,
 
Thinking. any experiences out there on the
below?
 
I'd 
like to have a testlab to directly match my production AD in terms of OUs, GPOs, 
Objects, etc, etc. The thing is that I'd like the test domain to be phyically 
separate from my production environement.
 
Any 
ideas on how or tools that would enable me This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] Test Lab Creation

Title: Message

Thanks
for that info Ken... I'm actually using Vmware for part of the
lab.
Sorry
but I forgot to mention the most important part of that Q.
I want
a way to regularly synch / update the test lab, in terms of OUs, GPOs, objects
etc. I think it's going to have to be a manual porcess but was just curious to
see if there were any gems out there.

-Original Message-From: Adams, Kenneth W
(Ken) [mailto:[EMAIL PROTECTED] Sent: 26 May 2004
12:36To: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Test Lab Creation
I've
seen some neat things being done with one or a very few machines using
Microsoft's Virtual PC or VMWare to simulate many machines. You could
take a few, well configured PCs to emulate your domain while keeping those PCs
on an isolated network.
Check out Microsoft's Virtual PC or VMWare to see if they could meet
your requirements.
FYI,
a well configured PC is one with at least a 1GHz processor and a minimum of 1
GB of RAM. You don't need a network card if you only want the machines
to communicate within one PC host.
Kenneth W. (Ken) Adams, MCSA, MCSE

-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Rutherford, RobertSent: Wednesday, May 26, 2004
7:30 AMTo: [EMAIL PROTECTED]Subject:
[ActiveDir] Test Lab Creation
Hi
Guys,
Thinking. any experiences out there on the
below?
I'd
like to have a testlab to directly match my production AD in terms of OUs,
GPOs, Objects, etc, etc. The thing is that I'd like the test domain to be
phyically separate from my production environement.
Any
ideas on how or tools that would enable me This e-mail
and the information it contains are confidential and may be privileged. If you
have received this e-mail in error please notify the sender immediately and
delete the material from any computer. Unless you are the intended recipient,
you should not copy this e-mail for any purpose, or disclose its contents to
any other person. The MCPS-PRS Alliance is not responsible for the
completeness or accuracy of this communication as it has been transmitted over
a public network. Whilst the MCPS-PRS Alliance monitors all communications for
potential viruses, we accept no responsibility for any loss or damage caused
by this e-mail and the information it contains.It is the recipient's
responsibility to scan this e-mail and any attachments for viruses. Any
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored
for quality control and other purposes.The MCPS-PRS Alliance Limited
is a limited company registered in England under company number 03444246 whose
registered office is at c/o 29-33 Berners Street, London, W1T
3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] Terminal Services for administration????

2004-05-27 Thread Rutherford, Robert

Tend to use TS on an everyday level... and also Dameware for
emergencies.

-Original Message-
From: Douglas M. Long [mailto:[EMAIL PROTECTED] 
Sent: 27 May 2004 14:37
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Terminal Services for administration

Does everyone use terminal services for remote administration of all
their DCs, Fileservers, Exchange Servers, or is there something else you
like better?

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Manual DC removal & EventID

2004-05-27 Thread Rutherford, Robert

Go in sites and services and delete any server objects relating to the
deleted server.

BR

Rob

-Original Message-
From: J0mb [mailto:[EMAIL PROTECTED] 
Sent: 27 May 2004 15:53
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Manual DC removal & EventID


Good morning,

Some days ago i had to manually remove a dead Win2000 DC from our
network, according to Q216498 and
http://www.winnetmag.com/Article/ArticleID/13414/13414.html.

Removal semeed ok. Today i got the following event in my log. I believe
it's an expected warning, however i'd just want to make sure that
there's nothing to be concerned about.

Thanks all

Alex


Event Type: Information
Event Source:   NTDS KCC
Event Category: (1)
Event ID:   1272
Date:   27/05/2004
Time:   10.59.52
User:   N/A
Computer:   RMD01
Description:
No nTDSConnection object exists for inbound replication from server
CN="NTDS Settings DEL:b02867ed-f892-474b-b7bc-a1c15399333b",CN="RMD02
DEL:b0c96017-b5ab-4145-84e8-f6c7d2970db5",CN=Servers,CN=Acs-SG,CN=Sites,
CN=C
onfiguration,DC=acs,DC=local at address
b02867ed-f892-474b-b7bc-a1c15399333b._msdcs.acs.local.  The partition
CN=Schema,CN=Configuration,DC=acs,DC=local is no longer replicated from
it.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] MACS

2004-05-28 Thread Rutherford, Robert


Anyone know where MS are with MACS now?
This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Probable GPO issue

2004-05-28 Thread Rutherford, Robert

Seems like it could be down to an MS patch as the new machines are
patched to the 'nth' degree while the old ones typically only had
critical patches. I investigate further.

-Original Message-----
From: Rutherford, Robert 
Sent: 28 May 2004 15:43
To: '[EMAIL PROTECTED]'
Subject: Probable GPO issue

Hello,

I'm having a strange one here

We have just deployed a large batch of new pc's into the enterprise. The
users do not have access to the file associate option within explorer as
it is greyed out. I can't think or see of any policy change which would
have such an effect?

Old machines are fine and have exactly the same GPO's applied... I
suspect they must have had some registry tattoos left from a previous
deployment or something. I have compared the two different registries
and they seem identical in the hklm\sw\ms\windows\cv\policies\ and
hk_cu.

They have exactly the same permissions on the old boxes as the new.

Any ideas out there?
This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir]

What exactly are you trying to achieve?

-Original Message-
From: Pyron [mailto:[EMAIL PROTECTED] 
Sent: 31 May 2004 15:02
To: [EMAIL PROTECTED]
Subject: [ActiveDir]

Is there a way to centralize username and passwords on a server farm
with different active directory domain trees?

thanks

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] PTR records - why?

You don't specifically need pointers...as far as I can remember it is
just good practice.

I do find it useful from an admin persepctive at times, i.e. resolving
an IP back to an IP in a troubleshooting scenario (at times).

You aren't going to lose anything by creating them.

Rob

-Original Message-
From: Jan Wilson [mailto:[EMAIL PROTECTED] 
Sent: 30 May 2004 02:22
To: [EMAIL PROTECTED]
Subject: [ActiveDir] PTR records - why?


We have a Windows 2000 forest with  multiple child domains. No web
servers. No remote hosted mail servers. No external access. (That I know
about at least!) Our DNS is integrated to active directory. Fellow
administrators are adamant we should create reverse lookup zones for all
our subnets. This would assist name resolution for our NT4 workstations
they claim. Stuff and nonsense I claim. Is there any reason to use PTR
records on an AD domain? 
Thanks!


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Sysvol Damaged

Title: Message

Start
again... dcpromo the box down.. flush all the event logs ... dcpromo her up
again start posting the results back if you are still having
issues.
Rob

-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 30 May
2004 10:30To: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Sysvol Damaged
I
have done this and when i restart the Server, again, SYSVOL is unshared
automatically. This DC still has those good files from running DC but it
doesnt hookup..
Regards, Mohammed Athif Khaleel
Asst.Network
Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209
Moble.: +966-509774015
Email:
[EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
Web:
http://alfaisaliah.com

-Original Message-From: MAI ANH TUAN
[mailto:[EMAIL PROTECTED] Sent: Sunday, 30 May 2004 12:21
PMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Sysvol Damaged

If you don't have a backup, Just
manual copy the sysvol folder from other DC, share it and restart NetLogon
Service.
-
This email and any files transmitted with it are
confidential and intended solely for the use of the individual or entity to
whom/which they are addressed. If you have received this email in error please
notify the system manager at the following email address:
[EMAIL PROTECTED] . Please note that any
views or opinions presented in this email are solely those of the author and
do not necessarily represent those of Al Faisaliah Group. Internet
communications cannot be guaranteed to be secure or error-free as information
could be intercepted, corrupted, lost, arrive late or contain viruses. The
sender therefore does not accept liability for any errors or omissions in the
context of this message, which arise as a result of Internet transmission.
Finally, the recipient should check this email and any attachments for the
presence of viruses. Al Faisaliah Group accepts no liability for any damage
caused by any virus ! transmitted by this email.
-
This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] Protecting Domain Data in Forest

Title: Message

You
need a separate forest then really.
or
You
could DMZ the box off behind a firewall with an appropriate
rulebase.
BR,
Rob

RE: [ActiveDir] Protecting Domain Data in Forest

Title: Message

A
personal firewall may also fit requirements.. I have used Checkpoint
secureClient to fulfill a similar requirement.

-Original Message-From: Rutherford,
Robert Sent: 01 June 2004 10:52To:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Protecting
Domain Data in Forest
You
need a separate forest then really.
or
You
could DMZ the box off behind a firewall with an appropriate
rulebase.
BR,
Rob

-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 01 June 2004 10:45To:
[EMAIL PROTECTED]Subject: [ActiveDir] Protecting Domain
Data in Forest
I
have a very strange delemma here... One of our domains has a server with sensitive data. The IT
director of this domain has decided that some of the information contained
on this server cannot be seen by anyone from the other domains ( even
including the Enterprise Admins in our forest ). This server must also
remain connected to it's domain and available for non-protected data, SMS
hotfixes... Is this even possible to do? My boss has also stated that he does not want a
seperate forest and domain for this server because of the extra upkeep.
Although, an extra password to encrypt data for the users would be
allowable. Are there any products that could get this done? Has
anyone else ran into this problem? Thanks, Jonathan
This e-mail and the information it
contains are confidential and may be privileged. If you have received this
e-mail in error please notify the sender immediately and delete the material
from any computer. Unless you are the intended recipient, you should not copy
this e-mail for any purpose, or disclose its contents to any other person.
The MCPS-PRS Alliance is not responsible for the completeness or accuracy
of this communication as it has been transmitted over a public network. Whilst
the MCPS-PRS Alliance monitors all communications for potential viruses, we
accept no responsibility for any loss or damage caused by this e-mail and the
information it contains.It is the recipient's responsibility to scan this
e-mail and any attachments for viruses. Any e-mails sent to and from the
MCPS-PRS Alliance servers may be monitored for quality control and other
purposes.The MCPS-PRS Alliance Limited is a limited company registered
in England under company number 03444246 whose registered office is at c/o
29-33 Berners Street, London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] Sysvol Damaged

Title: Message



Is the 
DNS on that machine pointed locally for resolution?
 
What 
do you get if you type DNS?
 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 01 
  June 2004 11:49To: [EMAIL PROTECTED]Subject: 
  RE: [ActiveDir] Sysvol Damaged
  Hello Folks,
  This particular server(Windows 2000) isnt replicating out, SYSVOL is 
  not shared even if I share manually, when i restart Server, it gets unshared. 
  The NTDS Connection objects were also not created, and so i have done that 
  manually and i get event id 13562 Source NTFRS
   
  Following is the summary of warnings and errors encountered by File 
  Replication Service while polling the Domain Controller SONYDC.riyadh.afg.com 
  for FRS replica set configuration information.   The
  nTDSConnection object cn=afgdc02,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=66dbe7ca-284e-4ccd-8fe7-d273ced34d1e,cn=ntds
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=afgdc02,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object cn=afgdc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=5d5bb30b-9ff5-4c61-b003-1bf2b4a14957,cn=ntds
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=afgdc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object 
  cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=riy04-dc01,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object 
  cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=safisulaidc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  I 
  cant even demote this server, i get error "Directory 
  Service failed to replicate off changes made locally. The DSA Operation is 
  unable to proceed because of a DNS lookup 
  failure"
   
  Already, last time i have done DCPROMO /FORCE REMOVAL 
  and done META CLEANUP + ADSIEDIT and promoted it again with 
  new hostname, but without success.
   
  I 
  am afraid, if I use DCPROMO /FORCE REMOVAL and done META CLEANUP + ADSIEDIT 
  and promoted it again it will be the same behaviour. If any one culd help me 
  in isolating the problem, it will be very helpful. 
   
  I 
  can send dcdiag and netdiag if anyone is willing to have a close look at the 
  problem.
   
  Thanks for your time.
  Regards, Mohammed Athif Khaleel 
  Asst.Network 
  Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
  Moble.: +966-509774015 
  Email:
  [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
  Web: 
  http://alfaisaliah.com 

  

-Original Message-From: Carlos 
Magalhaes [mailto:[EMAIL PROTECTED] Sent: Tuesday, 1 June 2004 
1:06 PMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] Sysvol Damaged
Hmmm, have you checked to see if your machines are 
replicating correctly? What ver of Windows Server are you 
running?
 


ADSI or System.DirectoryServices programming? - http://groups.yahoo.com/group/adsianddirectoryservices 

Carlos Magalhaes Directory Services Programming 
MVP


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, 
RobertSent: Tuesday, June 01, 2004 10:53 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged

Start again... dcpromo the box down.. flush all the event logs ... 
dcpromo her up again  start posting the results back if you are still 
having issues.
 
Rob

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 30 
  May 2004 10:30To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
  Damaged
  I have done this and when i restart the Server, 
  again, SYSVOL is unshared automatically. This DC still has those good 
  files from running DC but it doesnt hookup..
  Regards, 
  Mohammed Athif 
  Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology 
  Tel.: 
  +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EMAIL PROTECTED] "S

RE: [ActiveDir] Sysvol Damaged

Title: Message



sorry.. nslookup ... It was a heavy bank holiday weekend 
;O)

  
  -Original Message-From: Rutherford, 
  Robert Sent: 01 June 2004 12:17To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
  Damaged
  Is 
  the DNS on that machine pointed locally for resolution?
   
  What 
  do you get if you type DNS?
   
  

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 01 
June 2004 11:49To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged
Hello Folks,
This particular server(Windows 2000) isnt replicating out, SYSVOL is 
not shared even if I share manually, when i restart Server, it gets 
unshared. The NTDS Connection objects were also not created, and so i have 
done that manually and i get event id 13562 Source NTFRS
 
Following is the summary of warnings and errors encountered by File 
Replication Service while polling the Domain Controller 
SONYDC.riyadh.afg.com for FRS replica set configuration information.
  The nTDSConnection object cn=afgdc02,cn=ntds
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
is conflicting with cn=66dbe7ca-284e-4ccd-8fe7-d273ced34d1e,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
Using cn=afgdc02,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
 
The nTDSConnection object cn=afgdc1,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
is conflicting with cn=5d5bb30b-9ff5-4c61-b003-1bf2b4a14957,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
Using cn=afgdc1,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
 
The nTDSConnection object 
cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
is conflicting with cn=riy04-dc01,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
Using cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
 
The nTDSConnection object 
cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
is conflicting with cn=safisulaidc1,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
Using cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
 
I cant even demote this server, i get error "Directory Service failed to replicate off changes made
locally. The DSA Operation is unable to proceed because of a DNS lookup 
failure"
 
Already, last time i have done DCPROMO /FORCE 
REMOVAL and done META CLEANUP + ADSIEDIT and
promoted it again with new hostname, but without 
success.
 
I am afraid, if I use DCPROMO /FORCE REMOVAL and done META CLEANUP + 
ADSIEDIT and promoted it again it will be the same behaviour. If any one 
culd help me in isolating the problem, it will be very helpful. 

 
I can send dcdiag and netdiag if anyone is willing to have a close 
look at the problem.
 
Thanks for your time.
Regards, Mohammed Athif Khaleel 
Asst.Network 
Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
Moble.: +966-509774015 
Email: 
[EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
Web: http://alfaisaliah.com 

  
  -Original Message-From: Carlos 
  Magalhaes [mailto:[EMAIL PROTECTED] Sent: Tuesday, 1 June 
  2004 1:06 PMTo: [EMAIL PROTECTED]Subject: 
  RE: [ActiveDir] Sysvol Damaged
  Hmmm, have you checked to see if your machines are 
  replicating correctly? What ver of Windows Server are you 
  running?
   
  
  
  ADSI or System.DirectoryServices programming? - http://groups.yahoo.com/group/adsianddirectoryservices 
  
  Carlos Magalhaes Directory Services Programming 
  MVP
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of 
  Rutherford, RobertSent: Tuesday, June 01, 2004 10:53
  AMTo: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] Sysvol Damaged
  
  Start again... dcpromo the box down.. flush all the event logs ... 
  dcpromo her up again  start posting the results back if you are still 
  having issues.
   
  Rob
  

-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 
30 May 2004 10:30To: 
[EMAIL P

RE: [ActiveDir]

They look like useful tools. I could do with something like that for my
lab. 

SimpleSync is pretty expensive for my needs.. Anyone know of an el
cheapo product that will perform the same function?

TIA

Rob

-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
Sent: 01 June 2004 15:50
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]

Different domains or different forests? That's a key piece of info.

Different domains within a forest means its already done for you - all
the info is in AD already.

Different forests means a directory sync tool - MIIS from Microsoft,
SimpleSync from CPS systems, and any of a half dozen others that can do
it.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.

> -Original Message-
> From: Pyron [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 31, 2004 7:52 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir]
> 
> All windows 2000 and windows 2003 servers. Running on active
> directory with 
> different domains.
> 
> At 10:12 PM 5/31/2004, you wrote:
> 
> >Are you only running AD or do you have Sun, AIX , Unix etc?
> >
> >-Original Message-
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED] On Behalf Of Pyron
> >Sent: Monday, May 31, 2004 4:02 PM
> >To: [EMAIL PROTECTED]
> >Subject: [ActiveDir]
> >
> >Is there a way to centralize username and passwords on a server farm 
> >with different active directory domain trees?
> >
> >thanks
> >
> >
> >List info   : http://www.activedir.org/mail_list.htm
> >List FAQ: http://www.activedir.org/list_faq.htm
> >List archive: 
> >http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
> >
> >List info   : http://www.activedir.org/mail_list.htm
> >List FAQ: http://www.activedir.org/list_faq.htm
> >List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] New User Templates

2004-06-02 Thread Rutherford, Robert

Just create a user you want to act as a template Copy them each time
and this will take all the settings you'd require.

I'd recommend linking login script and profile setting into a GPO if you
can.. Cleaner than adding to each individual user. 

BR

Rob

-Original Message-
From: Christine Easton [mailto:[EMAIL PROTECTED] 
Sent: 01 June 2004 23:30
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] New User Templates


Is there a way in ad 2k to create templates for new user creataion. By
OU for group membership, loginscript and profile settings? I know there
was a way in NT 4.0?

Thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] FRS errors

2004-06-02 Thread Rutherford, Robert

Can you please run a dcdiag and netdiag and post please.

Thanks

Rob

-Original Message-
From: Svetlana Kouznetsova [mailto:[EMAIL PROTECTED] 
Sent: 02 June 2004 10:14
To: [EMAIL PROTECTED]
Subject: [ActiveDir] FRS errors

Guys, please, can you help -  FRS errors:

Two W2K DCs, one has got directory "geos2", which supposed to replicate
to another DC for redundancy purposes. 
The "master" copy is on - DC1,  replica - DC2.
The replication doesn't work with following error messages: 

On DC1 (ZEUS):

Once a day -  event id 13508:
The File Replication Service is having trouble enabling replication from
MERCURY to ZEUS for d:\public\geos2 using the DNS name MERCURY FRS will
keep retrying. 
 Following are some of the reasons you would see this warning.  
 [1] FRS can not correctly resolve the DNS name MERCURY from this
computer. 
 [2] FRS is not running on MERCURY. 
 [3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.  
 This event log message will appear once per connection, After the
problem is fixed you will see another event log message indicating that
the connection has been established. 
*No expected messages about problem fixed. 

AFTER RESTART frs - event id 13567:
File Replication Service has detected and suppressed an average of 15 or
more file updates every hour for the last 3 hours because the updates
did not change the contents of the file. The tracking records in FRS
debug logs will have the filename and event time for the suppressed
updates. The tracking records have the date and time followed by :T: as
their prefix.  
Updates that do not change the content of the file are suppressed to
prevent unnecessary replication traffic. Following are common examples
of updates that do not change the contents of the file.  
 [1] Overwriting a file with a copy of the same file. 
 [2] Setting the same ACLs on a file multiple times. 
 [3] Restoring an identical copy of the file over an existing one.  
Suppression of updates can be disabled by running regedit.  
Click on Start, Run and type regedit.  
Expand HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Services, NtFrs,
Parameters, and create or update the value "Suppress Identical Updates
To Files" to 0 (Default is 1) to force identical updates to replicate. 

On DC2 (MERCURY):

Once a day - event id 13562:
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller MERCURY  for FRS
replica set configuration information.  
 The nTFRSSubscriber object
cn=dfs|geos2,cn=dfs,cn=652103c0-3567-45e2-89d6-3773e36c8e9d,cn=dfs
volumes,cn=ntfrs subscriptions,cn=mercury,ou=domain
controllers,dc=ulib,dc=ox,dc=ac,dc=uk has a invalid value for the
attribute frsMemberReference. 
The File Replication Service is having trouble enabling replication from
MERCURY to ZEUS for d:\public\geos2 using the DNS name MERCURY. FRS will
keep retrying. 
 Following are some of the reasons you would see this warning.  
 [1] FRS can not correctly resolve the DNS name MERCURY from this
computer. 
 [2] FRS is not running on MERCURY. 
 [3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.  
 This event log message will appear once per connection, After the
problem is fixed you will see another event log message indicating that
the connection has been established. 

The same "one-off" event id 13567 after restarting frs

DNS tested and seems to be fine and replmon show no AD replication
problems, FRS service is running on both DC. Permissions on directories
set up to Everyone- full control. 
I don't suppose netdom.exe would be a relevant fix for that, as it's not
like - AD related, right? In fact it would be useful to know, if this is
affecting AD replication in any ways at all, as my initial problem was -
W2K3 domain controller didn't not replicate outbound after dcpromo
["FATAL kerberos error on W2K3 server" thread]. So I've demoted it back
to member server and trying to clean up event logs on W2K DC's

Many many thanks in advance for any suggestions
Lana

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the informa

RE: [ActiveDir] MACS

2004-06-03 Thread Rutherford, Robert

Thanks Guys.

-Original Message-
From: Eric Fleischman [mailto:[EMAIL PROTECTED] 
Sent: 02 June 2004 17:23
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MACS

I just checked with the PM to see if it aligns with my understanding. At
this point no decision has been made. It's still TBD.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Friday, May 28, 2004 11:11 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MACS

It was announced at TechEd (although its second-hand information from
one of our PMs; I wasn't at that session.)

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Friday, May 28, 2004 11:44 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MACS

Where did you hear that? Last I heard in the beta group it was to be
included in the next 2K/2003 SP's but I am not as well connected as
you are :-]

Maybe ~eric can answer  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Friday, May 28, 2004 11:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MACS

And, as I understand it, it is not going to be a free download or
Resource Kit component any more. MSFT is going to charge for it.

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Friday, May 28, 2004 11:19 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MACS

>Anyone know where MS are with MACS now?

MACS is now called The Microsoft Windows Audit Collection Services (ACS)

Release Candidate 1 became available to beta testers at the end of
April.

ACS Release Candiate changes include:
1) Simplified and updated database schema
2) Updated communcations protocol
3) Complete support for SSL/TLS authentication
4) Improved performance & scalability
5) Improved setup experience
6) Improved security (on Windows XP and Windows Server 2003, ACS runs as
NetworkService)
7) Improved manageability
8) Database included
9) Many quality & stability improvements

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rutherford,
Robert
Sent: Friday, May 28, 2004 6:04 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] MACS

Anyone know where MS are with MACS now?

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Moving Roaming profiles

2004-06-03 Thread Rutherford, Robert

I heard that you can copy the bulk over, i.e. CD or something and the
replication will work it out.

Anyone know if this is true?

-Original Message-
From: Jason Benway [mailto:[EMAIL PROTECTED] 
Sent: 03 June 2004 16:22
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Moving Roaming profiles


I thought about using DFS for my apps installed by GPO, also. But I have
almost a Gig of applications and I was under the impression that DFS did
not replicate large amounts of data very well, even if it doesn't change
often?

jb 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Thursday, June 03, 2004 11:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Moving Roaming profiles

I'm in the process of drawing a DFS tree for just that reason -
eliminate the server name dependencies for shares. The only thing I see
myself replicating is a small set of apps that are installed via GPO.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

> -Original Message-
> From: Ayers, Diane [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 03, 2004 10:39 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Moving Roaming profiles
> 
> It seems that outside of the FRS / replication issues, using DFS would
> be a good way of virtualizing the storage location of the profiles.  
> If you used a DFS root to designate your storage location and you 
> needed to migrate/replace this location, you could update the DFS root

> without having to modify any user attributes.  Basically make the 
> management of the profile data a backroom thing.
> 
> Using FRS would make the whole setup somewhat ugly.
> 
> Diane
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Steve Patrick
> Sent: Wednesday, June 02, 2004 9:15 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [ActiveDir] Moving Roaming profiles
> 
> It is indeed  NOT a good thing.
> 
> I would not do this.
> 
> FRS is not meant to replicate this type of dynamic data (profiles) you
> may experience data loss or perhaps FRS breakdowns (depending on size,

> number of files, and amount of change per file).
> Clarification on the data loss - this would not be due to FRS or 
> 'corrupt'
> files, but rather the natural way FRS works - which is on a last 
> writer wins basis.
> 
> my .02
> 
> -steve
> 
> 
> - Original Message -
> From: "Malachi Burke" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, June 02, 2004 8:16 PM
> Subject: [ActiveDir] Moving Roaming profiles
> 
> 
> > I want to move roaming profiles from our regular share into a DFS
> > folder.  The setup is straightforward.  Two DC's, DFS replicate to
> each
> > other, highly available roaming profiles.  A sanity check
> that this is
> > indeed a good thing would be nice.
> >
> > I am also a bit concerned about DFS because the documentation is so
> > verbose (i.e. makes my brain hurt figuring it all out).
> Scenario: DC1
> > and DC2 both are hosting DFS root \\testroot\root.  They are hosting
> > their own corresponding file shares (say \\DC1\root and \\DC2\root).
> Am
> > I right in expecting that EITHER DC1 or DC2 can go offline, and
> > \\testroot\root will still be available?
> >
> > Lastly, moving the profiles looks like you have to muck
> with ownership
> > and permissions.  I was able to brute-force move one this way (by
> > forcefully claiming ownership and subsequent permission of
> the entire
> > profile tree), but a more graceful method would be appreciated.
> >
> > Malachi
> >
> > List info   : http://www.activedir.org/mail_list.htm
> > List FAQ: http://www.activedir.org/list_faq.htm
> > List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or

RE: [ActiveDir] Replication Monitor error

2004-06-04 Thread Rutherford, Robert

Title: Message

Is the new server the only DC
in the new site? If so then make sure it's a GC or at least has access to a GC
in the same site.
Anything in the event log of
either box? Can you do the usual ... dcdiag and post.
BR
Rob

-Original Message-From: Nathan Casey
[mailto:[EMAIL PROTECTED] Sent: 03 June 2004
20:00To: [EMAIL PROTECTED]Subject:
[ActiveDir] Replication Monitor error
I am getting an error when trying to
add a "monitored Server" to Active Directory Replication Monitor.AD
config:Empty ROOT with 2 Dc'sProduction domain with 3
DC'scurrently all DC’s are in same site.I installed a new DC
in a new site in the production domain. I can monitorthe new server
from replication monitor on any other DC in the productiondomain.
When I try to monitor the server in replication monitor from a DC inthe
root domain I get the following error:"The Server could not be contacted
or you had insufficient permissions toread the status of the
server."I can monitor any other production domain DC with replication
monitor fromthe root DC'sfrom the root DC's I can ping by name the
new DCnslookup resolves the new DC name
All replication appears to function
correctly.
Any insight would be
appreciated.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

[ActiveDir] OT: Compaq Servers

Title: OT: Compaq Servers






I'm sorry this is off topic but just thought I'd throw it out to see if I get a bite….


It must be that time of year again…… a large number of new servers coming in.I don't want to, or have anyone else build numerours DL360's/380's .. All with more or less the same spec and o/s build. Has anyone ever actually got the things to work with the scripting toolkit? 

TIA


Rob


This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] OT: Compaq Servers

Title: Message



Thanks 
Roger,
 
ADS 
does look sxy.problem is that we are still mainly W2K 
:O(
 

  
  -Original Message-From: Roger Seielstad 
  [mailto:[EMAIL PROTECTED] Sent: 08 June 2004 
  14:16To: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] OT: Compaq Servers
  Have you considered something like the Automated 
  Deployment System? Its part of the Dynamic Systems Initiative and its geared 
  towards this kind of deployment. Its also more or less 
  free.
  http://www.microsoft.com/windowsserver2003/technologies/management/ads/default.mspx
   
  Roger
  -- 
  Roger D. Seielstad 
  - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. 
  
   
  


From: Rutherford, Robert 
[mailto:[EMAIL PROTECTED] Sent: Tuesday, 
June 08, 2004 8:42 AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] OT: Compaq
Servers

I'm sorry this is off topic but just thought I'd 
throw it out to see if I get a bite…. 
It must be that time of year again…… a large 
number of new servers coming in.I don't want to, or have anyone else build 
numerours DL360's/380's .. All with more or less the same spec and o/s
build. Has anyone ever actually got the things to work with the scripting 
toolkit? 
TIA 
Rob This e-mail and the
information it contains are confidential and may be privileged. If you have 
received this e-mail in error please notify the sender immediately and
delete the material from any computer. Unless you are the intended 
recipient, you should not copy this e-mail for any purpose, or disclose its 
contents to any other person. The MCPS-PRS Alliance is not responsible 
for the completeness or accuracy of this communication as it has been
transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all 
communications for potential viruses, we accept no responsibility for any 
loss or damage caused by this e-mail and the information it contains.It 
is the recipient's responsibility to scan this e-mail and any attachments 
for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers 
may be monitored for quality control and other purposes.The MCPS-PRS 
Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, 
London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] OT: Compaq Servers

I've spied the RDP tool before and it does look like a quality system, but can't 
really warrant the £££. If I remember it was expensive.

**drifts off to dreamland**

Oh how I wish HP would provide me with a simple and free tool... Or a good old gui 
based front end to produce a script.

**wakes to reality**

Thud!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 08 June 2004 15:09
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Compaq Servers


You can use also our tool RemoteDeploymentPackage 
(http://h18013.www1.hp.com/products/servers/management/rdp.html).
RDP offers templates to deploy,image and re-deploy servers-images and also additional 
software. RDP is based on Altiris solution

> I used Ghost to distribute Sysprep'd  images either by Multicast or IP
> connections on DL380's.  After the first build, each server was up and
> ready to run DCPromo within 10-15 minutes including the time to load 
> the image over 100BaseT.  You can save a lot of time with the 
> Sysprep.inf file for many of the tedious settings, but I found running
> DCPromo from the sysprep.inf to be hit and miss because of network 
> configuration, so I opted
> to do that manually.
>
>   _
>
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, 
> Robert
> Sent: Tuesday, June 8, 2004 9:26 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] OT: Compaq Servers
>
>
> Thanks Roger,
>
> ADS does look sxy.problem is that we are still mainly W2K :O(
>
>
> -Original Message-
> From: Roger Seielstad [mailto:[EMAIL PROTECTED]
> Sent: 08 June 2004 14:16
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] OT: Compaq Servers
>
>
> Have you considered something like the Automated Deployment System? 
> Its part of the Dynamic Systems Initiative and its geared towards this
> kind of deployment. Its also more or less free.
> http://www.microsoft.com/windowsserver2003/technologies/management/ads/defau
> lt.mspx
> <http://www.microsoft.com/windowsserver2003/technologies/management/ads/defa
> ult.mspx>
>
> Roger
> ----------
> Roger D. Seielstad - MTS MCSE MS-MVP
> Sr. Systems Administrator
> Inovis Inc.
>
>
>
>   _
>
> From: Rutherford, Robert 
> [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 08, 2004 8:42 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] OT: Compaq Servers
>
>
>
> I'm sorry this is off topic but just thought I'd throw it out to see 
> if I get a bite
>
> It must be that time of year again.. a large number of new servers
> coming in.I don't want to, or have anyone else build numerours 
> DL360's/380's .. All with more or less the same spec and o/s build. 
> Has anyone ever actually got the things to work with the scripting 
> toolkit?
>
> TIA
>
> Rob
>
>
> This e-mail and the information it contains are confidential and may 
> be privileged. If you have received this e-mail in error please notify
> the sender immediately and delete the material from any computer. 
> Unless you are the intended recipient, you should not copy this e-mail
> for any purpose, or
> disclose its contents to any other person.
> The MCPS-PRS Alliance is not responsible for the completeness or accuracy
> of
> this communication as it has been transmitted over a public network.
> Whilst
> the MCPS-PRS Alliance monitors all communications for potential viruses,
> we
> accept no responsibility for any loss or damage caused by this e-mail and
> the information it contains.
> It is the recipient's responsibility to scan this e-mail and any
> attachments
> for viruses. Any
> e-mails sent to and from the MCPS-PRS Alliance servers may be monitored
> for
> quality control and other purposes.
>
> The MCPS-PRS Alliance Limited is a limited company registered in 
> England under company number 03444246 whose registered office is at 
> c/o 29-33 Berners Street, London, W1T 3AB.
>
>
>
> This e-mail and the information it contains are confidential and may 
> be privileged. If you have received this e-mail in error please notify
> the sender immediately and delete the material from any computer. 
> Unless you are the intended recipient, you should not copy this e-mail
> for any purpose, or
> disclose its contents to any other person.
> The MCPS-PRS Alliance is not responsible for the completeness or accuracy
> of
> this communication as it has been transmitted over a public network.
> Whilst
> the MCPS-PRS Alliance monitors all communications for potential viruses,
> we
> accept no responsibility for any loss or damage c

RE: [ActiveDir] DNS Question

Have you got an old invalid share mapped? This will cause both issues
you mention.

-Original Message-
From: John Parker [mailto:[EMAIL PROTECTED] 
Sent: 08 June 2004 15:51
To: [EMAIL PROTECTED]
Subject: [ActiveDir] DNS Question

Hey all.

I am running win2k fully spacked on a win2k active directory domain. I
have one machine... (Mine) that has the following issue

When I go to save a document and I click the Drop down to select a
location, My system takes up to 30 seconds to display the tree. And when
using my browser, it takes roughly the same amount of time When I type
in a URL.

I have gone through my settings but cannot find anything obviously amis.

Thank you in advance.

John Parker, MCSE 
IS Admin. 
Senior Technical Specialist 
Alpha Display Systems. 
---End of Line---

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Compaq Servers

2004-06-09 Thread Rutherford, Robert

Title: Message



MS and 
HP working hand in hand to shaft the customer base well they also do it 
with loads of other vendors also, i.e. Veritas.
 
Rob

  
  -Original Message-From: Rick Kingslan 
  [mailto:[EMAIL PROTECTED] Sent: 09 June 2004 02:02To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Compaq 
  Servers
  Sadly, HP/Compaq flat pissed me off with orphaning all of 
  my '2nd gen' systems to Windows 2000, unless I don't want to use SmartStart 
  for anything other than coasters.  So, I really have no need for the 6.0 
  stuff that they keep sending me that DOES support Windows Server 2003, but not 
  my still quite useful but somewhat dinosaur-ish (according to HP/Compaq, I 
  suppose)
   
  To me - dumb 
  move.  But, I'm sure that they had a great reason for it.  Like, not 
  having any interest in customers who weren't buying brand new machines for 
  Windows Server 2003
   
  Rick Kingslan  MCSE, MCSA, MCT, 
  CISSPMicrosoft MVP:Windows Server / Directory ServicesWindows 
  Server / Rights ManagementWindows Security (Affiliate)Associate
  ExpertExpert Zone - www.microsoft.com/windowsxp/expertzoneWebLog - 
  www.msmvps.com/willhack4food  
  
  
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Kitchens
  Arthur ESent: Tuesday, June 08, 2004 9:38 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Compaq 
  Servers
  
  I believe RDP is free. The smartstart cd *is* free and you 
  could build a master image with that then distribute/implement with any of the 
  methods/tools previously mentioned in this thread. You can also get a 30 day 
  eval license for the altiris deployment server (what utilizes the RDP tool 
  set) so I don't see any money invovled with exploration of that either.  
  It may also be the case the one of the Insight Manager flavors would be useful 
  for you. At least one (4.something) was free by download a few weeks 
  ago.  Just my 2 cents. 
  -Original Message- From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
  On Behalf Of Rutherford, Robert Sent: Tuesday, June 
  08, 2004 10:30 AM To: 
  [EMAIL PROTECTED] Subject: RE: [ActiveDir] 
  OT: Compaq Servers 
  I've spied the RDP tool before and it does look like a quality 
  system, but can't really warrant the £££. If I remember it was 
  expensive.
  **drifts off to dreamland** 
  Oh how I wish HP would provide me with a simple and free 
  tool... Or a good old gui based front end to produce a script. 
  **wakes to reality** 
  Thud! 
  -Original Message- From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
  Sent: 08 June 2004 15:09 To: 
  [EMAIL PROTECTED] Cc: 
  [EMAIL PROTECTED] Subject: RE: [ActiveDir] 
  OT: Compaq Servers 
  You can use also our tool RemoteDeploymentPackage (http://h18013.www1.hp.com/products/servers/management/rdp.html).
  RDP offers templates to deploy,image and re-deploy 
  servers-images and also additional software. RDP is based on Altiris 
  solution
  > I used Ghost to distribute Sysprep'd  images either 
  by Multicast or IP > connections on DL380's.  
  After the first build, each server was up and > 
  ready to run DCPromo within 10-15 minutes including the time to load 
  > the image over 100BaseT.  You can save a lot 
  of time with the > Sysprep.inf file for many of the 
  tedious settings, but I found running > DCPromo 
  from the sysprep.inf to be hit and miss because of network > configuration, so I opted > to do that 
  manually. > >   _ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] 
  On Behalf Of Rutherford, > Robert > Sent: Tuesday, June 8, 2004 9:26 AM > 
  To: [EMAIL PROTECTED] > Subject: RE: 
  [ActiveDir] OT: Compaq Servers > > > Thanks Roger, > > ADS does look sxy.problem is that 
  we are still mainly W2K :O( > > > -Original Message- 
  > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
  > Sent: 08 June 2004 14:16 > 
  To: [EMAIL PROTECTED] > Subject: RE: 
  [ActiveDir] OT: Compaq Servers > > > Have you considered something like 
  the Automated Deployment System? > Its part of the 
  Dynamic Systems Initiative and its geared towards this > kind of deployment. Its also more or less free. > http://www.microsoft.com/windowsserver2003/technologies/management/ads/defau 
  > lt.mspx > <http://www.microsoft.com/windowsserver2003/technologies/management/ads/defa 
  > ult.mspx> > 
  > Roger > 
  ---------- 
  > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis 
  Inc. > > 
  > >   _ 
  > > From: Rutherford, Robert 
  > [mailto:[EMAIL PROTECTED]] 
  > Sent: Tuesday, June 08, 2004 8:42 AM > To: [EMAIL PROTECTED] > 
  Subject: [ActiveDir] OT: Compaq Servers > 
  > > >

RE: [ActiveDir] strange thing...

2004-06-09 Thread Rutherford, Robert

Just clarifying It appears that you are saying ... when you first
designate the rights that members of the technician group can add wks to
the domain and the next day they cannot? 

Are the rights still set on the next day as you defined them on the
first day? Or are the reverting back?


-Original Message-
From: Bruyere, Michel [mailto:[EMAIL PROTECTED] 
Sent: 09 June 2004 15:37
To: [EMAIL PROTECTED]
Subject: [ActiveDir] strange thing...


Hi all, 
It's my first post here. I've been referred here and
been told that you guys were the "real gurus" of AD. I have a strange
thing happening and I would like to have your thoughts about it. 

Here is the situation, I created a group called "technicians" and I gave
the user right "add station to the domain to it. I then added the
technician group to the computers OU and set the following:

List contents
Read all properties
Read permissions
Create computer objects
Delete computer objects



The problem is that when I set these, everything works fine. But the
next day when a tech (member of the technician group) tries to join a
computer to the domain he has an access denied. To fix the issue
temporarily, I gave the group the perms (create all childs object and
delete all childs object). 

I tried to remove the inheritance of the perms on this ou but it didn't
help.



I can't see why this is happening.

Thanks


Michel Bruyere
Network/systems administrator
CompTIA A+, Network+
The quickest way to find something
is to start looking for something else.
:-)



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Software packagers

2004-06-09 Thread Rutherford, Robert

Title: Message



Depends on how many packages you are going to package and how regularly? 
I found the Wininstall LE (free with W2K) does the job most of the time 
needs tweaking every now and again but no real pain.
 
Many 
people specialise in this area and will be able to be more helpful I'm 
sure.
 
BR
 
Rob

  
  -Original Message-From: Christine Easton 
  [mailto:[EMAIL PROTECTED] Sent: 09 June 2004 
  15:50To: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Software packagers
  Hello,
   
  I'm going to start 
  evaluating software packagers to create software installations for 
  distribution using Active Directory.  Can I get some recommendations on 
  some?  Like Winnstall, Installshield, etc.  How easy are they to get 
  up and running?  Any gottcha's with making packages?
   
  Thanks
   
  -ChristineThis e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] Non DR migration of AD

2004-06-10 Thread Rutherford, Robert

Bring up a new DC..
Take it off the production domain and into the lab... Seize the roles?
You will have to do some clean up but it's the easiest way if it's not
going to be linked to your production domain.

Rob

-Original Message-
From: Glenn Corbett [mailto:[EMAIL PROTECTED] 
Sent: 10 June 2004 16:00
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Non DR migration of AD


All,

We are in the process of constructing a Lab to mimic the production AD
system as closely as possible.  Doing a full DR into this environment is
certainly an option, however we have been looking into simply migrating
the AD "structure" and using this as a test bed to cleanup AD (OU's,
objects, permissions, policies etc).

Is anyone aware of tools or procedures to get the major AD configuration
components into a lab using an approach that can be scripted / automated
? (we may want to do this every few months or so). For example, we have
used LDIFDE to extract the OU structure, users and groups and
re-imported these into the test lab.  By and large this has worked very
well (took some tweaking of the LDIFDE commands to resolve some
constraint violations etc), however items such as OU security and
policies is causing a bit more of a headache.

Any thoughts ?

TIA

Glenn


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Effects on Exchange on the move from Mixed to Native

Title: Effects on Exchange on the move from Mixed to Native






Hi All,


Coming from a domino background….


I'm about to move a domain here to native mode. I've performed it before a few time but not with Exchange2000 in the equation. Is their any effect?

BR


Rob


This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] Effects on Exchange on the move from Mixed to Native

Title: Message

there
even.

-Original Message-From: Rutherford,
Robert Sent: 28 June 2004 15:55To:
[EMAIL PROTECTED]Subject: [ActiveDir] Effects on
Exchange on the move from Mixed to Native
Hi All,
Coming from a domino background….
I'm about to move a domain here to native mode.
I've performed it before a few time but not with Exchange2000 in the equation.
Is their any effect?
BR
Rob This e-mail and the information
it contains are confidential and may be privileged. If you have received this
e-mail in error please notify the sender immediately and delete the material
from any computer. Unless you are the intended recipient, you should not copy
this e-mail for any purpose, or disclose its contents to any other person.
The MCPS-PRS Alliance is not responsible for the completeness or accuracy
of this communication as it has been transmitted over a public network. Whilst
the MCPS-PRS Alliance monitors all communications for potential viruses, we
accept no responsibility for any loss or damage caused by this e-mail and the
information it contains.It is the recipient's responsibility to scan this
e-mail and any attachments for viruses. Any e-mails sent to and from the
MCPS-PRS Alliance servers may be monitored for quality control and other
purposes.The MCPS-PRS Alliance Limited is a limited company registered
in England under company number 03444246 whose registered office is at c/o
29-33 Berners Street, London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] Effects on Exchange on the move from Mixed to Nat ive

Title: Message



Ahh 
very...
 
Cheers

  
  -Original Message-From: Mulnick, Al 
  [mailto:[EMAIL PROTECTED] Sent: 28 June 2004 
  16:05To: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] Effects on Exchange on the move from Mixed to Nat 
  ive
  On Exchange?  Exchange likes native mode. In fact, 
  if you'd been following the recommendations, you'd have put Exchange in a 
  native mode domain already to allow for USG's.  Doesn't seem to affect 
  you, but it's one comforting factor :)
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, 
  RobertSent: Monday, June 28, 2004 10:55 AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Effects on
  Exchange on the move from Mixed to Native
  
  Hi All, 
  Coming from a domino background 
  I'm about to move a domain here to native mode. 
  I've performed it before a few time but not with Exchange2000 in the equation. 
  Is their any effect?
  BR 
  Rob This e-mail and the information 
  it contains are confidential and may be privileged. If you have received this 
  e-mail in error please notify the sender immediately and delete the material 
  from any computer. Unless you are the intended recipient, you should not copy 
  this e-mail for any purpose, or disclose its contents to any other person. 
  The MCPS-PRS Alliance is not responsible for the completeness or accuracy 
  of this communication as it has been transmitted over a public network. Whilst 
  the MCPS-PRS Alliance monitors all communications for potential viruses, we 
  accept no responsibility for any loss or damage caused by this e-mail and the 
  information it contains.It is the recipient's responsibility to scan this 
  e-mail and any attachments for viruses. Any e-mails sent to and from the 
  MCPS-PRS Alliance servers may be monitored for quality control and other
  purposes.The MCPS-PRS Alliance Limited is a limited company registered 
  in England under company number 03444246 whose registered office is at c/o 
  29-33 Berners Street, London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] 3rd Party AD Management