RE: [ActiveDir] urgent help needed

2004-07-30 Thread Rutherford, Robert
Is it your only DC?

-Original Message-
From: Alicia Szerenyi [mailto:[EMAIL PROTECTED] 
Sent: 30 July 2004 16:38
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] urgent help needed


Dennis, i appreciate you're help, but the solutions that are suggested in the link you 
gave me wont't work...the last suggestion was to reinstall the operating system, what 
i am trying not to do...

Does anybody have any idea how to solve my problem?

When i try to boot in normal mode there is an error message saying the directory 
service can't be started...then, when i check the integrity of the files with ntdsutil 
some errors occure, the last one being "E:\winnt\ntds\ntds.dit file does not exist"...

it must be possible to create a new empty ntds.dit file...or any other solution!!

Thank you
Alicia


-Mensaje original-
De: Depp, Dennis M. [mailto:[EMAIL PROTECTED]
Enviado el: viernes, 30 de julio de 2004 11:37
Para: [EMAIL PROTECTED]
Asunto: RE: [ActiveDir] urgent help needed


Alicia,

Check out http://support.microsoft.com/default.aspx?scid=kb;en-us;265089, senario 2.

Dennis   

 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alicia Szerenyi
Sent: Friday, July 30, 2004 10:20 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] urgent help needed
Importance: High

Hello, 

> i am having trouble with active directory...the database file ntds.dit
> was erased because of a power failure we had some days ago. The active
> directory was working perfectly until that day, and now windows 2000 
> won't start. The only way we have to access the machine is through DS 
> restore mode.
> 
> We can't uninstall AD because we are not on normal mode...and we don't
> have a back up for that file.
> 
> Is there any way i can create a new empty database to start over? or 
> is there a way to eliminate AD from the server without having to format the drive 
> and install windows 2000?
> 
> Is it possible to create the ntds.dit file and any other needed? 
> Doesn't AD have that functionality?
> 
> We need to have the server working again as soon as possible. We don´t
> mind eliminating anything related to Active Directory, but we don't 
> want to format the drive and re-install de operating system again...
> 
> Please help me
> Thank you very much
> 
> 
> 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


[ActiveDir] OT: Opening ports on the XP firewall

2004-07-29 Thread Rutherford, Robert
Title: OT: Opening ports on the XP firewall






Hi All,


I'm trying to help one of the desktop guys out… and as there are some good scripters in here I thought I'd throw this one out on a line….

Is there a way to script the opening of ports (incoming) on an XP firewall? I know it can be done manually (http://support.microsoft.com/default.aspx?kbid=308127), but we'd like to link it into a startup script.

… I know it's an awful product and if I had my way I'd get SecureClient in. 


… I also know that XP SP2 has a new firewall but we aren't playing with that yet.


BR and Thanks.


Rob


This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Domain Controller Backups

2004-07-29 Thread Rutherford, Robert
Title: Message



had 
this bookmarked... A good reference.
 
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/support/adrecov.mspx#XSLTsection124121120120

  
  -Original Message-From: Edwin
  [mailto:[EMAIL PROTECTED] Sent: 29 July 2004 
  12:32To: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Domain Controller Backups
  
  I have a nightly backup performed 
  on the domain controllers during the overnight hours.  This backup only 
  consists of the System State which is run on both DC’s and is 
  copied to a different server.
   
  Is the System State enough to consider backing
  up?  Will this be enough information to recover from a 
  disaster?
   
   This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Is it possible ? deny domain admins create new user permission

2004-07-29 Thread Rutherford, Robert
Title: Message



This 
would not make any sense at all as a domain admin is the top admin and 
could typically get around most security. It may be possible to frig something 
but you shouldn't even be thinking about it anyway.
 
What 
are your reasons for not allowing the domain admin rights to create accounts? It 
is of course possible to allow another party to create accounts and this is done 
through delegation. 
 
What 
is your admin setup and what are you trying achieve?

  
  -Original Message-From: "Sanz de León, 
  Juan Carlos" [mailto:[EMAIL PROTECTED] Sent: 29 July 2004 
  12:15To: '[EMAIL PROTECTED]'Subject: 
  [ActiveDir] Is it possible ? deny domain admins create new user 
  permission
  
  Dear Gurus,
  We are currently working on a project where we need to deny domain 
  administrators the permission to "create new users".(and assign it to some 
  other group) Is this technically possible ? Has anyone actually done it before 
  ?
  Thanks in advance for your help,
  Juan Carlos Sanz
  
  
   This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] SpyWare

2004-07-29 Thread Rutherford, Robert
Title: Message



I have 
looked at a few products and found AD Aware to be the more successful at
identification out of the few I tested... when trying to identify where the 
p0rn popups were coming from on my work machine :O). I have found it 
safe and simple to use. 
 
A/V 
products will pick up Spyware to a degree but it's still pretty poor in 
general.
 
If you 
have a sizeable environment then it may be worth putting an enterprise solution 
in front of the box. It does of course depend on your environments config, but 
something like Websense may suit... http://www.websense.com/products/resources/wp/EmergingThreats_Spyware.pdf
 
BR
 
Rob
 
 

  
  -Original Message-From: Caple, Andrew 
  [mailto:[EMAIL PROTECTED] Sent: 29 July 2004 
  01:21To: [EMAIL PROTECTED]Subject: 
  [ActiveDir] SpyWare
  Good morning everyone!!!
   
  We have a couple of terminal servers running Windows 2000 SP4 within a 
  Citrix Metaframe XP FR3 enviro. over the past few days and number of spyware 
  pop-ups have been appearing within users sessions.
   
  Does anyone know of any good spyware software that would be safe to 
  install on a server? I've download SpyBot and XoftSpy 3.44 but I wanted to 
  check to see if anyone knows of anything else or if it's "safe" to install 
  this programs.
   
  Thanks for your help,
   
  AndrewThis e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] LSASS.EXE!

2004-07-27 Thread Rutherford, Robert
What started this? Was it after a specific patch?

-Original Message-
From: Jacob Stabl [mailto:[EMAIL PROTECTED] 
Sent: 27 July 2004 15:21
To: [EMAIL PROTECTED]
Subject: [ActiveDir] LSASS.EXE!


Ok I have been having this problem for quite a while and I have been
ignoring it because I thought it was just a freak error.  My main
directory server has been saying "lsass.exe application error" then I
click OK then it says its going restart in 60 seconds.  I have checked
for all the viruses, sasser, blaster and all of the above.  All the
updates have always been up to date, sophos anti virus always runs on
it.  I have no idea what to do next, I am starting to get scared since
it is my main directory server.  

--
Jacob Stabl
Network Engineer
Plain Local Schools
http://eagle.stark.k12.oh.us
Work: 330.492.3500 x.383
Cell: 330.495.7243

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Apply GP to computer account or user account?

2004-07-26 Thread Rutherford, Robert
You can, but it's better practice to split them off into computer and
user policies from an ease of management standpoint. You could do what
you are asking, via putting it at the top of your OU structure and using
ACL'ing. That's not really good practice due to it potentially being a
pain to manage.

It's all down to your design and what you are trying to achieve. How big
is your environment and what is your requirement from GPOs?

BR

Rob

-Original Message-
From: Jared Manhat [mailto:[EMAIL PROTECTED] 
Sent: 26 July 2004 15:52
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Apply GP to computer account or user account?


I see, so you cant just create 1 GPO with BOTH computer settings & user
settings. That sux.

Jared Manhat
Systems Administrator
Accutest Laboratories

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Monday, July 26, 2004 9:21 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Apply GP to computer account or user account?

You'll need to apply your Computer GPO to the OUs that contain your
computer objects and your User GPO to the OUs that contain your user
objects.

Note that the computer settings in the GPO will apply to the computer
and are not affected by user logon and logoff.

Tony
-- Original Message --
Wrom: QHYUCDDJBLVLMHAALPTCXLYRWTQTIPWIGYOK
Reply-To: [EMAIL PROTECTED]
Date:  Mon, 26 Jul 2004 08:42:44 -0400

I have created 2 GP's, one with User software restrictions and the other
with Computer OS configurations. I want them both to be applied when
User's log on. If I attach them both to an OU containing users then will
the computer GP be applied, or do I need to link the Computer GP to an
OU containing computers and the User GP to an OU containing only users?

Thanks

Jared Manhat
Systems Administrator
Accutest Laboratories



 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] OT: SUS 2000 Pro or XP Pro

2004-07-26 Thread Rutherford, Robert
Title: Message



You 
can only install it on 2000/2003 Servers.
 
BR
 
Rob

  
  -Original Message-From: Doug M. Long 
  [mailto:[EMAIL PROTECTED] Sent: 26 July 2004 15:46To: 
  [EMAIL PROTECTED]Subject: [ActiveDir] OT: SUS 2000 Pro 
  or XP Pro 
  
  Wondering what you guys would put SUS on, 
  either 2000 Pro or XP Pro. I am guessing XP, but 
  just wanted to get some 
comments.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Customize Group Permissions

2004-07-23 Thread Rutherford, Robert
Title: Message




Check this out...
 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan 
Print Services\ServersAddPrintDriversData Type: 
REG_DWORDValue: 
 1=restrict this operation 
to Administrators and Print Operators          
                      
0=doesn't
 
BR
 
Rob

  
  -Original Message-From: Jared Manhat 
  [mailto:[EMAIL PROTECTED] Sent: 23 July 2004 13:18To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Customize 
  Group Permissions
  
  I looked at this 
  method and it looks as if it’s only to change the members of the group 
  specified. That’s not what I’m trying to do. I’m trying to give the Power 
  Users group the ability to install printer 
  drivers.
   
  
  Jared 
  Manhat
  Systems 
  Administrator 
  
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Perdue David J 
  Contr InDyne/Enterprise ITSent: Thursday, July 22, 2004 3:56 
  PMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Customize Group 
  Permissions
   
  One thing to be 
  really careful of though.  It will replace the contents of the local 
  group.  The only exception to this is the default local Admin account in 
  the local Administrators group.  That account will stay.  If you are 
  using software, like SMS, that generates it's own local admin account be sure 
  that it is getting left in.
   
  Dave
  
   
  --
  David J. 
  PerdueMCSE 2000, MCSE NT, MCSA, MCP+I Network Security Engineer, 
  InDyne Inc Comm: 
  (805) 606-4597    DSN: 276-4597 
  [EMAIL PROTECTED]-- 
  
   
   
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Brian 
  DesmondSent: Thursday, July 
  22, 2004 11:18 AMTo:
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Customize Group 
  Permissions
  Yes, 
  this is possible. Check out restricted groups in group policy. 
  
   
  
  --Brian 
  Desmond
  [EMAIL PROTECTED]
  Payton on 
  the Web! Http://www.wpcp.org
   
  v:
  773.534.0034 x135
  f:
  773.534.0035
   
   
  
  
  
  
  From: Jared 
  Manhat [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 3:37 
  PMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Customize Group 
  Permissions
   
  I 
  though I read somewhere in 
  the 
  MS Server 2003 Deployment Kit under Designing a Managed 
  Environment that it was possible to modify to local pc's group permissions 
  using GP. Has anyone heard of this?
  What I'm trying 
  to do is assign Install Printer Drivers to Power 
  Users.
  Thanks
  Jared 
  Manhat
  Systems 
  Administrator
  Accutest 
  LaboratoriesThis e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Renaming The Admin Account

2004-07-22 Thread Rutherford, Robert
Well there is... Not much but you may as well. It just makes it that
little bit more difficult for the novice hacker/opportunist shoulder
surfer.

-Original Message-
From: Rocky Habeeb [mailto:[EMAIL PROTECTED] 
Sent: 22 July 2004 16:53
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Renaming The Admin Account


Right!
My point exactly!
So if your policy is to include the Domain Admin in NTFS permissions,
there's no point in renaming your Domain Admin account.

Thanks Tony.

RH





-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tony Murray
Sent: Thursday, July 22, 2004 11:25 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Renaming The Admin Account


The admin tools resolve the SID to the friendly name for you.  In other
words, you're not actually working with the friendly names when viewing
or assigning permissions, but this is how it appears to you.

Tony
-- Original Message --
Wrom: KJVZCMHVIBGDADRZFSQHYUCDDJBLV
Reply-To: [EMAIL PROTECTED]
Date:  Thu, 22 Jul 2004 10:25:14 -0400

People,

OK, I know you guys are the Experts and I know MS says, rename it, but
tell me the answer to these questions please.  Let's say you run NTFS
permissions on your local PCs.  Lets say your standards are (for EVERY
FILE/FOLDER OBJECT ON THE PC): Full Control for Local Admin, Domain
Admin and System. Modify for Everyone (At least where it is not a
security risk). [1]  What is displayed locally to the User (for Admin
accounts) when they look at NTFS permissions on their file/folder
objects? [2]  What do you as the Admin select in the ACL, when you set
new permissions for file/folder objects?

Thanks

RH
-
Rocky Habeeb
Microsoft Systems Administrator
-
James W. Sewall Company
Old Town, Maine
-
207.827.4456
habr @ jws.com
www.jws.com
-


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/







Sent via the WebMail system at mail.activedir.org




List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Renaming The Admin Account

2004-07-22 Thread Rutherford, Robert
I apologise, but your question was not that clear to me. 

1) If you want to stop them seeing an account/permissions then the
de-selecting or denying the 'read permissions' advanced permission
should work.

2) Permissions are typically based on group anyway, thus they wouldn't
see the admin name.

Rob



-Original Message-
From: Rocky Habeeb [mailto:[EMAIL PROTECTED] 
Sent: 22 July 2004 16:19
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Renaming The Admin Account


Rob,

We set permissions on our Users PCs according to Trusted Systems
Services Windows NT Security Guidelines developed for the NSA in 1999.
We run in a moderate to severe lockdown.  We open up NTFS permissions
only as much as is needed for Users to operate.  As such, any User can
open up Windows Explorer and click Security and look at the Security
NTFS permission structure of any file and folder on their PC.  Maybe
they can adjust it, maybe not.  It depends on how we set it.

If we rename the Domain Admin account to "JohnDoe" and then create a
bogus account called "Administrator", obviously, when we go set
permissions on a system, we are not going to select the "Administrator"
account when we actually need the Domain Admin to have Full Control to
that object.  And I'm not going to select "JohnDoe" and grant him Full
Control as that pretty much tells people where the Domain Admin account
is.  So what do you do?

I need DAs to have FC.  What do I select?  How do I keep the User from
immediately seeing where the DA account is.  As far as testing it,
forget it.  Ten years ago, I renamed the DA account on a Windows NT 4.0
domain.  I could not get back in.  I had to rebuild the domain, albeit a
small one of less than 100 Users, from scratch, and I swore I would
never do it again.

Now convince me to do it.

RH



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rutherford,
Robert
Sent: Thursday, July 22, 2004 10:47 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Renaming The Admin Account


1) The easiest way to see would have been to test it - the answer is
they would see the accounts and granted permissions. 2)I'm not sure what
you mean? What is a standard? There isn't really one as it depends on
the environment. A good rule is of course not to give everybody full
control and not to use deny as it complicates things. If you want to be
precise with what you want to achieve and I'm sure we could help.

BR

Rob

-Original Message-
From: Rocky Habeeb [mailto:[EMAIL PROTECTED]
Sent: 22 July 2004 15:25
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Renaming The Admin Account


People,

OK, I know you guys are the Experts and I know MS says, rename it, but
tell me the answer to these questions please.  Let's say you run NTFS
permissions on your local PCs.  Lets say your standards are (for EVERY
FILE/FOLDER OBJECT ON THE PC): Full Control for Local Admin, Domain
Admin and System. Modify for Everyone (At least where it is not a
security risk). [1]  What is displayed locally to the User (for Admin
accounts) when they look at NTFS permissions on their file/folder
objects? [2]  What do you as the Admin select in the ACL, when you set
new permissions for file/folder objects?

Thanks

RH
-
Rocky Habeeb
Microsoft Systems Administrator
-
James W. Sewall Company
Old Town, Maine
-
207.827.4456
habr @ jws.com
www.jws.com
-


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be
privileged. If you have received this e-mail in error please notify the
sender immediately and delete the material from any computer. Unless you
are the intended recipient, you should not copy this e-mail for any
purpose, or disclose its contents to any other person. The MCPS-PRS
Alliance is not responsible for the completeness or accuracy of this
communication as it has been transmitted over a public network. Whilst
the MCPS-PRS Alliance monitors all communications for potential viruses,
we accept no responsibility for any loss or damage caused by this e-mail
and the information it contains. It is the recipient's responsibility to
scan this e-mail and any attachments for viruses. Any e-mails sent to
and from the MCPS-PRS Alliance servers may be monitored for quality
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England
under company number 03444246 whose registered office is at c/o 29-33
Berners Street, London, W1T 3AB.

List info   : http://www.activedir.org

RE: [ActiveDir] AD and WINS

2004-07-22 Thread Rutherford, Robert
I think Server op will do it.

-Original Message-
From: Depp, Dennis M. [mailto:[EMAIL PROTECTED] 
Sent: 22 July 2004 16:04
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD and WINS


I believe access to WINS requires local admin access.   To allow them to
administer WINS, they will have to be a local admin on the box where
WINS is running.

Denny

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rosales, Mario
Sent: Thursday, July 22, 2004 10:51 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] AD and WINS

Is there a way to restrict access to WINS like DNS in Server 2003?

For Example, if we want the DNS admins to Administer the Wins servers,
how do you go about give them access just to WINS administration?

Any help would be appreciate it!

Thanks,
Mario



*** 
 The contents of this communication are intended only for the addressee
and may contain confidential and/or privileged material. If you are not
the intended recipient, please do not read, copy, use or disclose this
communication and notify the sender.  Opinions, conclusions and other
information in this communication that do not relate to the official
business of my company shall be understood as neither given nor endorsed
by it.  

*** 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Renaming The Admin Account

2004-07-22 Thread Rutherford, Robert
1) The easiest way to see would have been to test it - the answer is
they would see the accounts and granted permissions.
2)I'm not sure what you mean? What is a standard? There isn't really one
as it depends on the environment. A good rule is of course not to give
everybody full control and not to use deny as it complicates things. If
you want to be precise with what you want to achieve and I'm sure we
could help.

BR

Rob

-Original Message-
From: Rocky Habeeb [mailto:[EMAIL PROTECTED] 
Sent: 22 July 2004 15:25
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Renaming The Admin Account


People,

OK, I know you guys are the Experts and I know MS says, rename it, but
tell me the answer to these questions please.  Let's say you run NTFS
permissions on your local PCs.  Lets say your standards are (for EVERY
FILE/FOLDER OBJECT ON THE PC): Full Control for Local Admin, Domain
Admin and System. Modify for Everyone (At least where it is not a
security risk). [1]  What is displayed locally to the User (for Admin
accounts) when they look at NTFS permissions on their file/folder
objects? [2]  What do you as the Admin select in the ACL, when you set
new permissions for file/folder objects?

Thanks

RH
-
Rocky Habeeb
Microsoft Systems Administrator
-
James W. Sewall Company
Old Town, Maine
-
207.827.4456
habr @ jws.com
www.jws.com
-


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Summer Maintenance

2004-07-22 Thread Rutherford, Robert
Title: Message



You 
should of course test it anyway, post syprep to ensure.

  
  -Original Message-From: Rutherford, 
  Robert Sent: 22 July 2004 15:07To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer
  Maintenance
  Yep... Sysprep just takes care of the base unique windows side of 
  things.
  

-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Jacob
StablSent: 22 July 2004 14:33To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer
Maintenance
Maybe I am being ignorant but can I use sysprep if I 
have specialized software that I want to have on my master 
image??
 
 
-- Jake 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Wednesday, July 21, 2004 8:09 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer
Maintenance

Please explain the reasoning here. Running newsid does not constitute 
running sysprep.
 
--Brian

  -Original Message- From: Jared Manhat 
  [mailto:[EMAIL PROTECTED] Sent: Wed 7/21/2004 4:00 PM
  To: [EMAIL PROTECTED] Cc: 
  Subject: RE: [ActiveDir] Summer 
Maintenance
  
  Yes, just use 
  Ghost and run Sysinternals NewSID on each pc… BEFORE ADDING IT TO THE 
  DOMAIN.
  http://www.sysinternals.com/ntw2k/source/newsid.shtml
   
  
  Jared 
  Manhat 
  Systems 
  Administrator 
  Accutest 
  Laboratories 
  2235 Route 
  130 
  Dayton, NJ
  08810
  (732) 329-0200 
  x254 
  
  
  
  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Jacob StablSent: Wednesday, July 21, 2004 4:49 
  PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer 
  Maintenance
   
  I have word of 
  using sysprep along with Ghost.  From what I have read sysprep is 
  just do the OS and allows for different configurations.  If I am 
  doing a lab that has special software and the same hardware config, is it 
  not better to just use ghost after the master computer has been 
  configured?
  
   
  -- Jake 
  
   
   
  
  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Robert N. 
  LealiSent: Wednesday, 
  July 21, 2004 9:37 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer 
  Maintenance
  I think you can 
  use Unicast instead of Multicast in the newer versions of Norton 
  ghost.  It goes slower but it won’t bog down the network.  Also, 
  make sure your hop count is set correctly. 
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Steve 
  RochfordSent: Sunday, 
  July 18, 2004 12:13 PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer 
  Maintenance
   
  We tend to do 
  them in blocks of max 30 because it's more manageable (and most rooms 
  don't have more than that many computers!)
   
  I've done it 
  enough times now to know that although we shouldn't have to get involved 
  with boot floppies sometimes things just don't go the way you plan
  :-)
   
  Not sure why 
  Ghost does cause the network problems you describe but I know it does and 
  we just plan round it - making sure no-one's trying to do anything
  important at the same time etc.
   
  Steve
   
  
  
  
  From: 
  Brian Desmond [mailto:[EMAIL PROTECTED] Sent: 16 July 2004 21:31To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer 
  Maintenance
  Things 
  really slow down when multicasting to a load of computers where I am (all 
  Cisco 2900XL series switches with fiber links to a 4005 series backbone 
  switch). The multicast slows to a crawl, as does other network 
  traffic.
   
  
  --Brian 
  Desmond
  [EMAIL PROTECTED]
  Payton 
  on the Web! Http://www.wpcp.org
   
  v: 
  773.534.0034 x135
  f: 
  773.534.0035
   
   
  
  
  
  
  From: 
  Doug M. Long [mailto:[EMAIL PROTECTED] On Behalf Of Doug M. LongSent: Friday, July 16, 2004 1:07 
  PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer 
  Maintenance
   
  
  
  If your
  multicasting, network congestion shouldnt be an issue (assuming that you 
  are putting the same image on all machines), right? Or am I missing
  something here? 
  
   
  
  
  
  From: 
  [EMAIL PROTECTED] on behalf of Brian DesmondSent: Fri 7/16/2004 11:13 
  AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer 
  Maintenance
  
  
  You got it Steve. I don't know if you'

RE: [ActiveDir] Summer Maintenance

2004-07-22 Thread Rutherford, Robert
Title: Message



Yep... 
Sysprep just takes care of the base unique windows side of 
things.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Jacob StablSent: 22 July 2004 
  14:33To: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] Summer Maintenance
  Maybe I am being ignorant but can I use sysprep if I have 
  specialized software that I want to have on my master 
  image??
   
   
  -- Jake 
   
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Brian 
  DesmondSent: Wednesday, July 21, 2004 8:09 PMTo:
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer
  Maintenance
  
  Please explain the reasoning here. Running newsid does not constitute 
  running sysprep.
   
  --Brian
  
-Original Message- From: Jared Manhat 
[mailto:[EMAIL PROTECTED] Sent: Wed 7/21/2004 4:00 PM 
To: [EMAIL PROTECTED] Cc: 
Subject: RE: [ActiveDir] Summer Maintenance

Yes, just use Ghost 
and run Sysinternals NewSID on each pc… BEFORE ADDING IT TO THE
DOMAIN.
http://www.sysinternals.com/ntw2k/source/newsid.shtml
 

Jared 
Manhat 
Systems 
Administrator 
Accutest
Laboratories 
2235 Route 
130 
Dayton, NJ 
08810 
(732) 329-0200 
x254 





From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Jacob StablSent: Wednesday, July 21, 2004 4:49 
PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer
Maintenance
 
I have word of 
using sysprep along with Ghost.  From what I have read sysprep is just 
do the OS and allows for different configurations.  If I am doing a lab 
that has special software and the same hardware config, is it not better to 
just use ghost after the master computer has been 
configured?

 
-- Jake 

 
 



From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Robert N. 
LealiSent: Wednesday, July 
21, 2004 9:37 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer
Maintenance
I think you can use 
Unicast instead of Multicast in the newer versions of Norton ghost.  It 
goes slower but it won’t bog down the network.  Also, make sure your 
hop count is set correctly. 
 




From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Steve RochfordSent: Sunday, July 18, 2004 12:13 
PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer
Maintenance
 
We tend to do them 
in blocks of max 30 because it's more manageable (and most rooms don't have 
more than that many computers!)
 
I've done it enough 
times now to know that although we shouldn't have to get involved with boot 
floppies sometimes things just don't go the way you plan 
:-)
 
Not sure why Ghost 
does cause the network problems you describe but I know it does and we just 
plan round it - making sure no-one's trying to do anything important at the 
same time etc.
 
Steve
 



From: Brian 
Desmond [mailto:[EMAIL PROTECTED] Sent: 16 July 2004 21:31To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer
Maintenance
Things 
really slow down when multicasting to a load of computers where I am (all 
Cisco 2900XL series switches with fiber links to a 4005 series backbone 
switch). The multicast slows to a crawl, as does other network 
traffic.
 

--Brian 
Desmond
[EMAIL PROTECTED]
Payton on 
the Web! Http://www.wpcp.org
 
v:
773.534.0034 x135
f:
773.534.0035
 
 




From: Doug 
M. Long [mailto:[EMAIL PROTECTED] On Behalf Of Doug M. LongSent: Friday, July 16, 2004 1:07 
PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer
Maintenance
 


If your 
multicasting, network congestion shouldnt be an issue (assuming that you are 
putting the same image on all machines), right? Or am I missing something 
here? 

 



From: 
[EMAIL PROTECTED] on behalf of Brian DesmondSent: Fri 7/16/2004 11:13 
AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer
Maintenance


You got it Steve. I don't know if you've ever done 
this before, but be prepared to have a handful of them screw up and need 
reimaging with a floppy disk. Also, don't think of doing em all at once. 100 
- 150 is enough to saturate your network.

 

--Brian

  -Original 
  Message- From: Steve 
  Rochford [mailto:[EMAIL PROTECTED] Sent: Fri 7/16/2004 8:08 AM
  To: 
  [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] Summer 
  Maintenance
  I 
  love comments like  "The result is that as the imaged computers
  arepowered up, the admin will type in each unique computer name and

RE: [ActiveDir] client terminal servers using remote DCs

2004-07-21 Thread Rutherford, Robert
Title: Message



Under [domain]/_sites/[my site]/_tcp I 
see:
2 records 
for _ldap (for the two LOCAL DCs)
 
I would expect to see Kerberos and GC 
(assuming you have a GC in the site) records under this site. Well at least 
Kerberos... hmm. 
 
If you do a ipconfig/ registerdns on 
of the DC's.. do you then see the correct entries? else just try a bounce 
at a convenient time and check again. We could register them 
manually
 
I'm just curious why the DC's are not 
registering correctly. Can you check your other sites and confirm you have 
GC or at least kerberos srv records.
BR
 
Rob
-Original Message-From: Creamer, Mark 
[mailto:[EMAIL PROTECTED] Sent: 21 July 2004 15:28To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] client terminal 
servers using remote DCs

  
  I see 
  srv records in several places in DNS, and I’m not sure I know what you’re 
  referring to…
   
  Under 
  [domain]/_tcp I see:
  2 
  records for _kerberos (for the two remote DCs)
  2 
  records for _kpassword (for the 2 remote DCs)
  4 
  records for _ldap (for each of the 4 DCs, two local, two 
  remote)
  Under 
  [domain]/_sites/[my site]/_tcp I see:
  2 
  records for _ldap (for the two LOCAL DCs)
   
  Does 
  this look like what you’d expect?
   
  
  
  
  
  
  
  From: 
  Rutherford, Robert [mailto:[EMAIL PROTECTED] 
  Sent: Wednesday, July 21, 
  2004 9:38 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] client terminal 
  servers using remote DCs
   
  
  Have you checked your 
  srv records in DNS for the site?
  
   
  
  Rob
  
-Original 
Message-From: Creamer, 
Mark [mailto:[EMAIL PROTECTED] Sent: 21 July 2004 14:25To: 
[EMAIL PROTECTED]Subject: [ActiveDir] client terminal 
servers using remote DCs
I have a terminal 
server “farm” that is in a separate subnet, but in the same site as two DCs. 
The subnet for that farm is correctly defined in AD, associated with the 
same site as the two DCs. We’re noticing that those terminal servers 
frequently authenticate on one of two remote DCs rather than the ones in 
their own site when they log on. Is there something other than the subnet 
definition that we might have missed that would cause this 
behavior?
 
Thanks,
 
Mark 
Creamer
  This e-mail and the information it contains are 
  confidential and may be privileged. If you have received this e-mail in error 
  please notify the sender immediately and delete the material from any 
  computer. Unless you are the intended recipient, you should not copy this 
  e-mail for any purpose, or disclose its contents to any other person. The 
  MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
  communication as it has been transmitted over a public network. Whilst the 
  MCPS-PRS Alliance monitors all communications for potential viruses, we accept 
  no responsibility for any loss or damage caused by this e-mail and the
  information it contains.It is the recipient's responsibility to scan this 
  e-mail and any attachments for viruses. Any e-mails sent to and from the 
  MCPS-PRS Alliance servers may be monitored for quality control and other
  purposes.The MCPS-PRS Alliance Limited is a limited company registered 
  in England under company number 03444246 whose registered office is at c/o 
  29-33 Berners Street, London, W1T 
3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] client terminal servers using remote DCs

2004-07-21 Thread Rutherford, Robert
Title: Message



Have 
you checked your srv records in DNS for the site?
 
Rob

  
  -Original Message-From: Creamer, Mark 
  [mailto:[EMAIL PROTECTED] Sent: 21 July 2004 14:25To: 
  [EMAIL PROTECTED]Subject: [ActiveDir] client terminal 
  servers using remote DCs
  
  I have a terminal 
  server “farm” that is in a separate subnet, but in the same site as two DCs. 
  The subnet for that farm is correctly defined in AD, associated with the same 
  site as the two DCs. We’re noticing that those terminal servers frequently 
  authenticate on one of two remote DCs rather than the ones in their own site 
  when they log on. Is there something other than the subnet definition that we 
  might have missed that would cause this behavior?
   
  Thanks,
   
  Mark 
  CreamerThis e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Renaming the Administrator account

2004-07-21 Thread Rutherford, Robert
Title: Message



2000 
security/authentication revolves around the SID. I have always 
renamed the admin account, on a PC and domain level and have never had an issue. 
I would sensitively ask your 'more' experienced colleague for an example of 
which "other areas may use the “Administrator” username 
explicitly".
 
BR
 
Rob
 
 

-Original Message-From: Edwin 
[mailto:[EMAIL PROTECTED] Sent: 21 July 2004 12:38To: 
[EMAIL PROTECTED]Subject: [ActiveDir] Renaming the
Administrator account

  
  I have always renamed the default 
  Administrator account on every system build I have performed for security 
  reasons.
   
  I did the same on the domain but 
  was then scolded by a more experienced AD Administrator.  The reason 
  given to me was because there are parts of AD that authenticate or use the SID 
  of the administrator account while other areas may use the “Administrator” 
  username explicitly.  If I were to rename the default Administrator
  account then those references that call the username explicitly may 
  fail.
   
  I am still new to AD so I took the 
  above warning with caution and therefore renamed the default user back to its 
  original settings.
   
  I would appreciate anyone’s input 
  on the above.  I would like to rename the Administrator account as part 
  of best practices but if it may cause problems then of course this would not 
  be an option.  However, I have a hard time understanding why renaming the 
  account could cause potential problems.  I would think that any reference 
  to the Administrator account would be made by the SID and if any call to the 
  username itself was made, it would access a database that was populated with 
  the correct information as it was changed.
   
  The only information I have about 
  renaming the account is above.
   
  Thank you all for your 
  responses.
   
  EdwinThis e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] W2K DC replacement

2004-07-21 Thread Rutherford, Robert
Title: Message



As I understand it... You have lost a DC which 
held roles and you want to get them onto another server?
 
If you 
can quickly and get the old DC back then do that and transfer the roles..
else...
 
1) 
Seize the lost roles from one of the other domain controllers 
using NTDSUTIL - http://support.microsoft.com/default.aspx?scid=kb;en-us;255504
2) 
Clean up the old server info, via metadata cleanup. You may also need to
manually go in and delete the old DC object from ADUC, sites and
services, and DNS. I have seen it a couple of time when the object remains for 
some time.. I assume it would eventually go when AD cleans 
up.
 
BR
 
Rob
 

  
  -Original Message-From: Svetlana 
  Kouznetsova [mailto:[EMAIL PROTECTED] Sent: 21 
  July 2004 11:03To: [EMAIL PROTECTED]Subject: 
  [ActiveDir] W2K DC replacement
  
  Hi everybody,
  My question might sound silly, but 
  I guess, it allowed when you desperate. 
  Hope to get your valuable advice. 
  
  We have W2K domain controller, 
  which has been taken off line and needs to be rebuild. Unfortunately, the 
  rebuilt part started before we realised, we need to transfer roles to another 
  machine at least. (we have just 2 DC in that domain)
  We have now new plans – to promote 
  a new W2K box into domain controller instead of the old one, which will return 
  online as a member server, as running vital applications. 
  I know that we’ve done it the 
  wrong way. (please be gentle).  But it’s about too late...So my question 
  is really, in what order should I bring in new W2K server into 
  domain.
  Can I transfer roles into new DC, 
  if the old one off line or should I re-install the old one as domain 
  controller even if for transfer of roles only?
  Do I need to do metadata cleanup, 
  if roles will be transferred or just let AD naturally clear it up, replicating 
  changes?
  Is there any gotchas to watch out 
  for?
  The only DC left is GC server, as 
  the one, that gone, used to have all the rest of roles. 
  Many thanks in advance for any 
  helpful advices.
   
  Lana.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] two ops

2004-07-21 Thread Rutherford, Robert
Are you using outlook?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 21 July 2004 10:16
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] two ops


yeah, also not sure whats going on, honestly dont know where 2 begin,
help 
is appreciated.
rgds
cyrus 

 

Thommes, Michael M. writes: 

> Cyrus, your email address is showing up using our mail server too!  
> Maybe some weird email configuration using "localhost"?
>  
> Mike Thommes
> 
>   -Original Message- 
>   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
>   Sent: Tue 7/20/2004 4:33 AM 
>   To: [EMAIL PROTECTED] 
>   Cc: 
>   Subject: Re: [ActiveDir] two ops
>   
>
> 
>   realy I have no idea how musicrights.co.uk got tagged on my
mail,
>   something interesting to look into.
>   thanks for the help.
>   rgds
>   cyrus
>   
>   
>   
>   
>   Rutherford, Robert writes:
>   
>   > 1) Just go into the boot.ini on the root of your boot
partition and
>   > delete the reference to your old OS. If you are unsure then
post the
>   > contents here and I'll tell you which 1.
>   >
>   > 2) How/Why are you using the domain name musicrights.co.uk? My
company
>   > owns that domain name and we do not use it in any mail system.
>   >
>   > Rob
>   >
>   > -Original Message-
>   > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>   > Sent: 20 July 2004 06:03
>   > To: [EMAIL PROTECTED]
>   > Subject: [ActiveDir] two ops
>   >
>   > 
>   >
>   > greetings, 
>   >
>   > I have formatted the server and re-install window server ops,
now every
>   > time
>   > the server starts or restarts, i'm always propmpted to select
which
>   > "Window
>   > Server" the system will use. I have only one, how  can I
remove this
>   > prompt
>   > to select which window server the system will use. 
>   >
>   > rgds
>   > cyrus 
>   >
>   > List info   : http://www.activedir.org/mail_list.htm
>   > List FAQ: http://www.activedir.org/list_faq.htm
>   > List archive:
>   > http://www.mail-archive.com/activedir%40mail.activedir.org/
>   >
>   > This e-mail and the information it contains are confidential
and may be privileged. If you have received this e-mail in error please
notify the sender immediately and delete the material from any computer.
Unless you are the intended recipient, you should not copy this e-mail
for any purpose, or disclose its contents to any other person.
>   > The MCPS-PRS Alliance is not responsible for the completeness
or accuracy of this communication as it has been transmitted over a
public network. Whilst the MCPS-PRS Alliance monitors all communications
for potential viruses, we accept no responsibility for any loss or
damage caused by this e-mail and the information it contains.
>   > It is the recipient's responsibility to scan this e-mail and
any attachments for viruses. Any
>   > e-mails sent to and from the MCPS-PRS Alliance servers may be
monitored for quality control and other purposes.
>   >
>   > The MCPS-PRS Alliance Limited is a limited company registered
in England under company number 03444246 whose registered office is at
c/o 29-33 Berners Street, London, W1T 3AB.
>   >
>   > List info   : http://www.activedir.org/mail_list.htm
>   > List FAQ: http://www.activedir.org/list_faq.htm
>   > List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>   
>   
>   List info   : http://www.activedir.org/mail_list.htm
>   List FAQ: http://www.activedir.org/list_faq.htm
>   List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>   
>   
>
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other 

RE: [ActiveDir] LastLogOn

2004-07-20 Thread Rutherford, Robert
Title: Message



Oh 
yeh...  that's a good idea. We have it on our servers, but yeh it would 
also work in the clients. I'll look into it.
 
Cheers 
Tim.

  
  -Original Message-From: Tim Foster 
  [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 
  17:06To: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] LastLogOn
  
  BgInfo 
  from
   
  http://www.sysinternals.com/ntw2k/freeware/bginfo.shtml
   
  may 
  help.
   
   
  
  Tim 
  Foster
   
  
  
  
  
  From: Durant, 
  Ryan A [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 11:42 
  AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] 
  LastLogOn
   
  Query every domain 
  controller and store those results in a database.
  The number of domain 
  controllers, amount of users and link speeds will determine how fast you can 
  collect the stats.
  You may only be able 
  to collect once a day or possibly once an hour.
  Have a logon script 
  query the DB for the last logon value and have it pop up on their screen. You 
  could also query a web page to get the values if you didn't want to worry 
  about odbc and sql calls from the client 
machines.
   
  But you have to be a 
  scripter to get this done I believe.
   
  Ryan
   
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Rutherford,
  RobertSent: Tuesday, July 
  20, 2004 6:26 AMTo:
  [EMAIL PROTECTED]Subject: [ActiveDir] 
  LastLogOn
  Dear 
  All, 
  Not in anyway being a 
  scripter…. 
  How would I get the date and time 
  a user last logged on to pop up on their screen at logon? I guess it would be 
  via the 'lastlogon' attribute? Linked into a login 
  script?
  Cheers, 
  
  Rob 
  This e-mail and the information it contains are 
  confidential and may be privileged. If you have received this e-mail in error 
  please notify the sender immediately and delete the material from any 
  computer. Unless you are the intended recipient, you should not copy this 
  e-mail for any purpose, or disclose its contents to any other person. The 
  MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
  communication as it has been transmitted over a public network. Whilst the 
  MCPS-PRS Alliance monitors all communications for potential viruses, we accept 
  no responsibility for any loss or damage caused by this e-mail and the
  information it contains.It is the recipient's responsibility to scan this 
  e-mail and any attachments for viruses. Any e-mails sent to and from the 
  MCPS-PRS Alliance servers may be monitored for quality control and other
  purposes.The MCPS-PRS Alliance Limited is a limited company registered 
  in England under company number 
  03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
  3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] LastLogOn

2004-07-20 Thread Rutherford, Robert
Thanks for the info Tony 

It was a desire rather than a necessity but would have been useful.

BR

Rob

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED] 
Sent: 20 July 2004 16:13
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] LastLogOn


Hi Rob

The lastLogon attribute is not replicated between DCs.  Even if you were
able to script something to do this, you would need to query all the DCs
in the site (or the entire domain if you wanted better accuracy) and
then sort the results.  For most implementations this is simply not
practical.

With Windows 2003 AD things improve slightly with the lastLogonTimeStamp
attribute, which is replicated between DCs in the same domain.  By
default it is only accurate to the nearest week (because of the need to
keep replication traffic down to a respectable level).

I don't know of any good way to achieve what you want to do.

Tony
-- Original Message --
Wrom: CUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDD
Reply-To: [EMAIL PROTECTED]
Date:   Tue, 20 Jul 2004 14:25:59 +0100

Dear All,

Not in anyway being a scripter

How would I get the date and time a user last logged on to pop up on
their screen at logon? I guess it would be via the 'lastlogon'
attribute? Linked into a login script?

Cheers,

Rob
This e-mail and the information it contains are confidential and may be
privileged. If you have received this e-mail in error please notify the
sender immediately and delete the material from any computer. Unless you
are the intended recipient, you should not copy this e-mail for any
purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or
accuracy of this communication as it has been transmitted over a public
network. Whilst the MCPS-PRS Alliance monitors all communications for
potential viruses, we accept no responsibility for any loss or damage
caused by this e-mail and the information it contains. It is the
recipient's responsibility to scan this e-mail and any attachments for
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored
for quality control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England
under company number 03444246 whose registered office is at c/o 29-33
Berners Street, London, W1T 3AB.




 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] IP Address Change

2004-07-20 Thread Rutherford, Robert
Title: Message



A few 
bits from me.. I'm sure someone else can give a more detailed 
explanation..
 
1) If 
possible, get the network guys to add a second IP range to the ethernet port of 
the routers... this way your clients, devices, servers, etc. will still work 
during the swap-over and also have a quick fail-back if 
necessary.
 
2) It 
depends on your environment, but I'd point all DC's dns options to a single DC 
before the move - just to keep things consistent.
 
3) I 
don't feel that you really need to play with the FSMO roles.. I've done it
before on fairly large multi-site domain and had no issues. 
 
Everything else you have stated makes sense.
 
Rob

  
  -Original Message-From: Alex Etin 
  [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 15:33To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] IP Address 
  Change
  
  No, they are in 7 
  different sites. One site has 2 DCs.
   
  The plan I am
  thinking of now is this:
   
  
Network group will change Site’s 
IP/Subnet. 
We Change the site and services 
IP/Subnet info. 
Change the IP on the Domain 
Controller. 
Restart the DC, double check 
that everything replicates ok and DNS Is consistent 

   
  AS for the final 2 in 
  the same site, my idea is to shut one down (transfer the FSMO roles obviously, 
  before changing ip). Change addressing on the remaining one, restart it and 
  check to make sure DNS is consistent. The bring the second one up, change the 
  IP and restart.
   
  Basically change only 
  1 DC at t a time and always wait for replication/DNS for become consistent 
  before touching the next DC.
   
   
  Does this make sense 
  or am I missing something?
   
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Rutherford,
  RobertSent: Tuesday, July 
  20, 2004 10:22 AMTo:
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] IP Address 
  Change
   
  
  1st thing... are they 
  all on one site?
  
-Original 
Message-From:
Alex Etin [mailto:[EMAIL PROTECTED] 
Sent: 20 July 2004
14:56To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] IP Address 
Change
Hello 
Everyone!
 
Our company has 
just acquired another division, and they already have AD infrastructure in 
place. Currently they have about 8 Domain Controllers worldwide. Because 
theirs and our IP addresses overlap, they will be changing their entire IP 
address infrastructure. Can anyone recommend a best practice regarding
changing the IP addresses on all of these domain controllers? Is there a 
particular order? I am especially concerned with _msdcs.gc folder, because 
when I tried this in the lab with just 4 DCs everything broke after IPs have 
changed, and no matter what I did afterwards, the .gc folder would fail to 
appear. (I tried just about everything, even completely wiping the DNS zone 
and recreating it, followed by restarting netlogon, etc). Every DC in the 
lab was set as GC, and I tried setting it on and off, restarting the DC 
afterwards. Still no .gc folder in DNS.
 
Thank you very much 
everyone!
 
-Alex
 
  This e-mail and the information it contains are 
  confidential and may be privileged. If you have received this e-mail in error 
  please notify the sender immediately and delete the material from any 
  computer. Unless you are the intended recipient, you should not copy this 
  e-mail for any purpose, or disclose its contents to any other person. The 
  MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
  communication as it has been transmitted over a public network. Whilst the 
  MCPS-PRS Alliance monitors all communications for potential viruses, we accept 
  no responsibility for any loss or damage caused by this e-mail and the
  information it contains.It is the recipient's responsibility to scan this 
  e-mail and any attachments for viruses. Any e-mails sent to and from the 
  MCPS-PRS Alliance servers may be monitored for quality control and other
  purposes.The MCPS-PRS Alliance Limited is a limited company registered 
  in England under company number 
  03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
  3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's respons

RE: [ActiveDir] IP Address Change

2004-07-20 Thread Rutherford, Robert
Title: Message



1st 
thing... are they all on one site?

  
  -Original Message-From: Alex Etin 
  [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 14:56To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] IP Address 
  Change
  
  Hello 
  Everyone!
   
  Our company has just 
  acquired another division, and they already have AD infrastructure in place. 
  Currently they have about 8 Domain Controllers worldwide. Because theirs and 
  our IP addresses overlap, they will be changing their entire IP address
  infrastructure. Can anyone recommend a best practice regarding changing the IP 
  addresses on all of these domain controllers? Is there a particular order? I 
  am especially concerned with _msdcs.gc folder, because when I tried this in 
  the lab with just 4 DCs everything broke after IPs have changed, and no matter 
  what I did afterwards, the .gc folder would fail to appear. (I tried just 
  about everything, even completely wiping the DNS zone and recreating it,
  followed by restarting netlogon, etc). Every DC in the lab was set as GC, and 
  I tried setting it on and off, restarting the DC afterwards. Still no .gc 
  folder in DNS.
   
  Thank you very much 
  everyone!
   
  -Alex
   This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


[ActiveDir] LastLogOn

2004-07-20 Thread Rutherford, Robert
Title: LastLogOn






Dear All,


Not in anyway being a scripter….


How would I get the date and time a user last logged on to pop up on their screen at logon? I guess it would be via the 'lastlogon' attribute? Linked into a login script?

Cheers,


Rob


This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] two ops

2004-07-20 Thread Rutherford, Robert
Boot.ini is likely to be in the root of your c:\ drive. Please note that
it is a hidden file. You will need to show hidden files:- into explorer
- tools - folder options.

Rob

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 20 July 2004 10:59
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] two ops


did not find boot.ini to edit, i did a search,
i only have selection of unchecking option to display list of operating 
system, maybe i mist something,
on the default operating system once click it still shows 2 operating
system 
of the same kind, i realy want to get rid one of this coz, it does not
work 
when i choose it during boot up.
rgds
cyrus 


Brian Desmond writes: 

> Open My computer properties (windows key + pause), goto the advanced 
> tab, hit the startup/recovery options, then edit the boot.ini form
that dialog and remove he line you don't want..
>  
> --Brian
> 
>   -Original Message- 
>   From: cyrus [mailto:cyrus] 
>   Sent: Tue 7/20/2004 12:02 AM 
>   To: [EMAIL PROTECTED] 
>   Cc: 
>   Subject: [ActiveDir] two ops
>   
>
> 
> 
>   greetings,
>   
>   I have formatted the server and re-install window server ops,
now every time
>   the server starts or restarts, i'm always propmpted to select
which "Window
>   Server" the system will use. I have only one, how  can I remove
this prompt
>   to select which window server the system will use.
>   
>   rgds
>   cyrus
>   
>   List info   : http://www.activedir.org/mail_list.htm
>   List FAQ: http://www.activedir.org/list_faq.htm
>   List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> 
 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] two ops

2004-07-20 Thread Rutherford, Robert
1) Just go into the boot.ini on the root of your boot partition and
delete the reference to your old OS. If you are unsure then post the
contents here and I'll tell you which 1.

2) How/Why are you using the domain name musicrights.co.uk? My company
owns that domain name and we do not use it in any mail system.

Rob

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 20 July 2004 06:03
To: [EMAIL PROTECTED]
Subject: [ActiveDir] two ops



greetings, 

I have formatted the server and re-install window server ops, now every
time 
the server starts or restarts, i'm always propmpted to select which
"Window 
Server" the system will use. I have only one, how  can I remove this
prompt 
to select which window server the system will use. 

rgds
cyrus 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] site coverage

2004-07-19 Thread Rutherford, Robert
Go in the object properties and see which one was created first?

BR

Rob

-Original Message-
From: Carr, Jonathan (OFT) [mailto:[EMAIL PROTECTED] 
Sent: 19 July 2004 15:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] site coverage


Is this the very first site in the AD ??   If so how do I find it?  I
was not around when this was first built. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Monday, July 19, 2004 9:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] site coverage

Rob's right about this.  The DCs in the first site will automatically
publish site-specific DNS SRV records for the DC-less site.  If you
don't want all of the DCs in the first site to provide cover for the
second site you can control the behaviour on a per-DC basis through the
AutoSiteCoverage registry value.

For a thorough explanation of this (and more), see the excellent article
by Gil Kirkpatrick below.

http://www.netpro.com/forum/files/authentication_topology.pdf

Tony
-- Original Message --
Wrom: XOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUIVOTQNQEMSF
Reply-To: [EMAIL PROTECTED]
Date:   Mon, 19 Jul 2004 14:33:30 +0100

The DC in your first site would automatically cover that site if you
don't specifically move another DC into it.
 
BR
 
Rob
 
-Original Message-
Wrom: DULHPQQWOYIYZUNNYCGP
[mailto:[EMAIL PROTECTED] 
Sent: 19 July 2004 14:21
To: [EMAIL PROTECTED]
Subject: [ActiveDir] site coverage


Hi there;
Got a question
 
have one site with DC's assigned to it.  I need to make another
site (GPO reasons) with subnets assigned to it.  I want to assign the
same DC's to this site as the first one.  Is this do able or not ??
 
 
thanks
Jon
This e-mail and the information it contains are confidential and may be
privileged. If you have received this e-mail in error please notify the
sender immediately and delete the material from any computer. Unless you
are the intended recipient, you should not copy this e-mail for any
purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or
accuracy of this communication as it has been transmitted over a public
network. Whilst the MCPS-PRS Alliance monitors all communications for
potential viruses, we accept no responsibility for any loss or damage
caused by this e-mail and the information it contains. It is the
recipient's responsibility to scan this e-mail and any attachments for
viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may
be monitored for quality control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England
under company number 03444246 whose registered office is at c/o 29-33
Berners Street, London, W1T 3AB.




 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] dcpromo replication

2004-07-16 Thread Rutherford, Robert
Yes

-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED] 
Sent: 16 July 2004 14:22
To: [EMAIL PROTECTED]
Subject: [ActiveDir] dcpromo replication 


can anyone confirm the mechanism by which dcpromo being run discovers
the source of domain information on the initial dc promotion.

i know we doing this unattended you can hardcode a source into the
script file but how does it find a source when left to its own devices
??

q223757 tells us "the closest domain controller from the domain being
replicated will be selected. " - is this by site defintion ?


GT

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] DC selection for source of dcpromo

2004-07-16 Thread Rutherford, Robert
I'm not 100% sure what you are asking

DNS details where and who the relevant DC's are via SRV records, which
servers are GC's, who is the PDC Emulator, etc. 

This is how a server being Dcpromo'd knows who holds DC roles.

BR

Rob

-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED] 
Sent: 16 July 2004 13:54
To: [EMAIL PROTECTED]
Subject: [ActiveDir] DC selection for source of dcpromo


can anyone confirm the mechanism by which dcpromo being run discovers
the source of domain information.

i know we doing this unattended you can hardcode a source into the
script file but how does it find a source when left to its own devices
??

GT

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Brian Desmond's Posts

2004-07-15 Thread Rutherford, Robert
Title: Message



Must 
be on my side then.. Thanks, I'll investigate.

  
  -Original Message-From: joe 
  [mailto:[EMAIL PROTECTED] Sent: 15 July 2004 
  17:53To: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] Brian Desmond's Posts
  I am not having any issues opening 
  them...
   
  They show  as valid and trusted... 
  
   
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, 
  RobertSent: Thursday, July 15, 2004 12:13 PMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Brian Desmond's 
  Posts
  
  Am I the only person who can't open Brian Desmond's 
  mails due to PKI issues I guess? This e-mail and the 
  information it contains are confidential and may be privileged. If you have 
  received this e-mail in error please notify the sender immediately and delete 
  the material from any computer. Unless you are the intended recipient, you 
  should not copy this e-mail for any purpose, or disclose its contents to any 
  other person. The MCPS-PRS Alliance is not responsible for the 
  completeness or accuracy of this communication as it has been transmitted over 
  a public network. Whilst the MCPS-PRS Alliance monitors all communications for 
  potential viruses, we accept no responsibility for any loss or damage caused 
  by this e-mail and the information it contains.It is the recipient's
  responsibility to scan this e-mail and any attachments for viruses. Any
  e-mails sent to and from the MCPS-PRS Alliance servers may be monitored 
  for quality control and other purposes.The MCPS-PRS Alliance Limited 
  is a limited company registered in England under company number 03444246 whose 
  registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] OT: Active Directory Browser History Files

2004-07-15 Thread Rutherford, Robert
Title: Message



Websense is also a good product which I have used for many years. It will 
work with Checkpoint firewalls directly or you can hook it into a proxy, i.e. 
ISA, Squid, etc. I personally prefer it to SurfControl, but that is just my 
opinion.
 
Try 
them out.

  
  -Original Message-From: Creamer, Mark 
  [mailto:[EMAIL PROTECTED] Sent: 15 July 2004 17:49To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Active 
  Directory Browser History Files
  
  In my 
  opinion, you need an acceptable use policy, and you need to have all the users 
  agree to it. You then need a product like surfCONTROL. They have versions for 
  various proxy servers as well as firewalls
   
  
  
  
  
  
  
  From: Edwin 
  [mailto:[EMAIL PROTECTED] Sent: Thursday, July 15, 2004 10:44 
  AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] OT: Active Directory 
  Browser History Files
   
  In our domain we use roaming 
  profiles.  What I would like to know is if there is an easy way to
  monitor the web sites that end users are looking at while at their 
  workstations.  We have users that are going to site that may offend
  others and this needs to be addressed.
   
  I am aware of reviewing the 
  Firewall logs but I was hoping that there would be an easier way since all the 
  machines are connected to the domain.
   
  Thank you all for your 
  replies.
   
  Edwin 
This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Active Dir And DHCP

2004-07-15 Thread Rutherford, Robert
Title: Message



I 
prefer to use the DHCPEXIM tool... I think it's an easier process 
:-
 
http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp
 
Basically it take care of the process for 
you.
 
Rob

  
  -Original Message-From: Tim Foster 
  [mailto:[EMAIL PROTECTED] Sent: 14 July 2004 
  17:50To: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] Active Dir And DHCP
  
  Yes I have 
  successfully done this.  Here is the step-by-step from KB130642 (I am 
  copying it in here for ref – I know you have it).  I found this to be 
  relatively straightforward (and, my reasons were the same as yours…a dying 
  server).  The only issue was a reluctance on the part of the ‘new’ dhcp 
  server to authorize…this step is not in given below but needs to done in 
  addition to the reconcile.
   
  From the Source DHCP 
  Server
  
To 
prevent DHCP from starting after the database has been transferred, disable 
the DHCP Server service by using the Services tool in Control Panel:


  Click 
  Start, point to 
  Settings, click 
  Control 
  Panel, and then double-click Services. 

  In the 
  Services box, click 
  Microsoft 
  DHCP Server, click Startup, and then 
  click Disabled under 
  Startup 
  Type. 
Stop the 
DHCP Server service by using the net stop dhcpserver command 
at a command prompt. 
Copy the 
DHCP folder tree (%SystemRoot%\system32\Dhcp) to the destination DHCP
server, and then save it to the C:\Temp\Dhcp 
folder. 
  From the Destination DHCP
  Server
  
If you 
have not already installed the DHCP Server software, install the DHCP Server 
service from the Services tab in the Network tool in Control 
Panel. 
Stop the 
DHCP Server service. 
If you 
are running Windows NT 4.0 or later, skip to step 4.WARNING: In Windows NT 
3.5, copying the System.mdb file from one computer to another can cause 
problems.If you are running Windows NT 3.51, rename the 
C:\Temp\DHCP\System.mdb file to 
C:\Temp\DHCP\System.src. 
Delete 
all of the contents of the %systemroot%\system32\dhcp folder, including its 
subfolders. 
Copy the 
DHCP directory tree from the C:\Temp\DHCP folder to the 
%SystemRoot%\system32\DHCP folder to replace the existing DHCP 
folder. 
Use 
Registry Editor (Regedt32.exe) to view the following registry 
key: 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Configuration 
  
  
Click 
the Configuration key, and then click Restore on the
Registry 
menu. 
When you 
are prompted for the file name, choose 
%SystemRoot%\System32\Dhcp\Backup\Dhcpcfg. 
When you 
are prompted to restore over the existing key, click Yes.NOTE: 
If you receive the following error message 
  Registry 
  editor could not accomplish the requested operation. 
  
  refer to 
  the following Microsoft Knowledge Base articles to determine the help 
  determine the cause of the error: 
  139600 
  Registry Editor Save Key Saves Key on Wrong Computer 
  
  158294 
  Registry Editor Could Not Accomplish the Requested Operation 
  
  
Quit 
Registry Editor, start the DHCP service, and then start the DHCP Manager 
tool. 
Double-click a scope to view the 
Active Leases dialog box. Click Reconcile to
synchronize the database with the registry, and then repeat this procedure 
until you have performed it on all of the scopes. 

  Tim 
  Foster
   
  
  
  
  
  From: Mike 
  Hogenauer [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 14, 2004 10:50 
  AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Active Dir And 
  DHCP
   
  Has anyone
  successfully moved and active DHCP scope from one Domain controller to another 
  on a production network? 
   
  I have 3 Domain 
  controllers all running AD 2000 and one really wants to die soon but it’s 
  running all my DHCP scopes and I want to move the scope to one of my other 
  DC’s. Also on of my other DC’s is running DHCP but doesn’t have any scopes 
  defined.  
  I’ve read http://support.microsoft.com/default.aspx?kbid=130642
   
  Just wondering if 
  anyone has done this and want to look out for? 
   
  Thanks in advance 
  
   
  Mike 
  
   
   
   This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information i

RE: [ActiveDir] Possibly OT: Flash Media Detection

2004-07-14 Thread Rutherford, Robert
Title: Message



As far 
as I can remember.. not really
 
I'd 
need to have a play as it's been a while since I've played around with such 
things A few things I would look at:
 
1) Set 
policy so that users can only see specific drives and not map others. This isn't 
the greatest method as it can be bypassed but will stop the 
average user :-
 
The gpo is:USER\Administrative Templates\Windows 
Components\Windows Explorer\Prevent access to drives from My 
Computer
2) If you are using XP then :- http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
2) http://www.protect-me.com/dl/
3) 
Could disable USB in the h/w profile
4) 
Disable USB in BIOS and password protect it
 
Admin 
rights are of course a factor and you'd need to test the majority of the options 
above with your users rights on their machines.
 
BR
 
Rob

-Original Message-From: 
DL.ActiveDirectory [mailto:[EMAIL PROTECTED] Sent: 
13 July 2004 23:05To: [EMAIL PROTECTED]Subject: 
[ActiveDir] Possibly OT: Flash Media Detection

  Hello,
  Is there a group policy 
  restricting use of flash media (USB drives, 
  iPods, camera cards, etc.) and/or any third party 
  detection tools for use in a network environment?
  Thank you,
  Mitchell D. Lawrence
  Director, 
  Network Administrator
  IT&S 
  Department
  North Bay 
  Hospital
  1711 W. 
  Wheeler Ave
  Aransas 
  Pass, TX 78336
  ph: (361) 
  758-0580
  fx: (361) 
  758-0581
  pg: (361) 
  270-0421
  [EMAIL PROTECTED]
  [EMAIL PROTECTED] (home)
  **< 
  Good | Cheap | Fast > (Pick Two)**
  This email and any files transmitted with it may contain PRIVILEGED 
  and/or CONFIDENTIAL information and may only be read and/or used by the
  intended recipient. If you are not the intended recipient of this email and/or 
  any attachments, please be advised that you have received this email in error 
  and that any use, dissemination, distribution, forwarding, printing, or
  copying of this email and/or any attached files is strictly prohibited. If you 
  have received this email and/or any attachments in error, please reply or 
  contact the sender explaining that you have received this email 
  and/or any attachments in error and that you have purged this email and/or any 
  attachments from your system.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Domain Controller Question

2004-07-13 Thread Rutherford, Robert
;o)

Our mail filtering product blew up and they had no resilience built in..
The support guys have been playing about all day and I 'think' it's OK
now.

Cheers Joe.

R

-Original Message-
From: joe [mailto:[EMAIL PROTECTED] 
Sent: 13 July 2004 15:51
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Domain Controller Question


Oh yeah, I am officially scared now...



BTW, look at the end of this message, it looks like your guys' eventsync
went a little crazy tacking on the disclaimer there... I counted like 23
occurrences. 


> Whilst the MCPS-PRS Alliance monitors all communications for potential
viruses, 
> we accept no responsibility for any loss or damage caused by this 
> e-mail
and 
> the information it contains.

Such as full mailboxes from this disclaimer. :o)



 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rutherford,
Robert
Sent: Tuesday, July 13, 2004 6:03 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Domain Controller Question

As always and pitched at the perfect level 

Many hours/days of sweat and tears have been saved thanks to everyone's
input on here.

Hey, I love you guys  :O)

'He Says', grinning inanely, while readjusting his Joeware thong and
stroking the picture of Dean sat beside his monitor.



-Original Message-
From: Dean Wells [mailto:[EMAIL PROTECTED]
Sent: 13 July 2004 02:07
To: Send - AD mailing list
Subject: RE: [ActiveDir] Domain Controller Question
Importance: High


For those of you that don't always read the more lengthy, complex
replies ... read this one, it's simple (and to some, its content may
even seem
obvious) but, IMHO, it's brilliantly put!

Joe's post manages to succinctly address the "whys" of an incredibly
complex topic ... with all due respect, FANTASTIC job Joe, just great!

Deano

--
Dean Wells
MSEtechnology
* Tel: +1 (954) 501-4307
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, July 12, 2004 9:22 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Domain Controller Question

This issue with this is at that is opens more attack vectors on the DC.
Normally the only vectors you have are 

1. Anyone with physical access
2. Any services that expose remotely exploitable holes.


With 1, you can put compensating controls into place such as locking the
DC into a room or locking the cabinet or something like that. However,
any person who has physical access (there has to be someone) that isn't
a domain/ent admin is still a danger. 

With 2, you compensate by not running any services that are not
explicitely required for authenticating/authorizing people and keeping
the system well patched. However any new remote non-authenticated
exploit is still a serious danger.

When you allow users to TS into the machine you now allow any additional
vectors that require local desktop for privilege escalation, PLUS,
unless you have specially built a load to harden against local users
like that you probably have numerous other security issues in terms of
what users can get access to. 

I go by the basic tenet that I am not the smartest person in the
universe when making decisions around security. In that I mean that even
though I may not know of a hole or exploit or how to crack a given
system, it doesn't mean someone else doesn't. Basically I can say
something is unsafe but I can't with certainty declare something
irrefutably safe. 

Recall that DCs are KDCs. No one in the business of running KDCs whether
they be on UNIX, Windows, VMS, or other think it is a good idea to let
normal users anywhere near them. It is the heart of the security of your
network. 


On top of that, DCs sometimes have to be rebooted for various
replication issues, etc. Normally this is something that is transparent
to the user as they don't need a DC all of the time and even if they
needed one while the one was down, they would find another and use it.
This obviously goes away if you have the users using files on a DC,
using printers on a DC, or most definitely have them TSing into a DC. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jennifer
Fountain
Sent: Monday, July 12, 2004 5:58 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Domain Controller Question

Gotta strange question for you.  Powers to be asked if I would install a
"backup" domain controller on a local terminal server and if I would
have a problem with it.  They do not see an issue with it.  So,
basically users would log into a terminal server that is a DC.  Can you
share your opinion? Also, they also said that we can you have a domain
controller sit there doing nothing just waiting for the "primary"
controller to fail (not in a cluster configuration)?  Does anyone know
anyth

RE: [ActiveDir] Active Directory Monitoring Tools

2004-07-13 Thread Rutherford, Robert
Title: Message



Try 
Quest or Netpro... I haven't used MOM yet but I think that does it 2 
now.
 
Rob
 

-Original Message-From: Ellis, 
Debbie [mailto:[EMAIL PROTECTED] Sent: 13 July 2004 
14:16To: [EMAIL PROTECTED]Subject: [ActiveDir] 
Active Directory Monitoring Tools

  
  My company is looking to purchase 
  a tool that will monitor Active Directory and send an email when there are 
  critical errors.  What are your 
  recommendations?This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Domain Controller Question

2004-07-13 Thread Rutherford, Robert
As always and pitched at the perfect level 

Many hours/days of sweat and tears have been saved thanks to everyone's
input on here.

Hey, I love you guys  :O)

'He Says', grinning inanely, while readjusting his Joeware thong and
stroking the picture of Dean sat beside his monitor.



-Original Message-
From: Dean Wells [mailto:[EMAIL PROTECTED] 
Sent: 13 July 2004 02:07
To: Send - AD mailing list
Subject: RE: [ActiveDir] Domain Controller Question
Importance: High


For those of you that don't always read the more lengthy, complex
replies ... read this one, it's simple (and to some, its content may
even seem
obvious) but, IMHO, it's brilliantly put!

Joe's post manages to succinctly address the "whys" of an incredibly
complex topic ... with all due respect, FANTASTIC job Joe, just great!

Deano

--
Dean Wells
MSEtechnology
* Tel: +1 (954) 501-4307
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, July 12, 2004 9:22 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Domain Controller Question

This issue with this is at that is opens more attack vectors on the DC.
Normally the only vectors you have are 

1. Anyone with physical access
2. Any services that expose remotely exploitable holes.


With 1, you can put compensating controls into place such as locking the
DC into a room or locking the cabinet or something like that. However,
any person who has physical access (there has to be someone) that isn't
a domain/ent admin is still a danger. 

With 2, you compensate by not running any services that are not
explicitely required for authenticating/authorizing people and keeping
the system well patched. However any new remote non-authenticated
exploit is still a serious danger.

When you allow users to TS into the machine you now allow any additional
vectors that require local desktop for privilege escalation, PLUS,
unless you have specially built a load to harden against local users
like that you probably have numerous other security issues in terms of
what users can get access to. 

I go by the basic tenet that I am not the smartest person in the
universe when making decisions around security. In that I mean that even
though I may not know of a hole or exploit or how to crack a given
system, it doesn't mean someone else doesn't. Basically I can say
something is unsafe but I can't with certainty declare something
irrefutably safe. 

Recall that DCs are KDCs. No one in the business of running KDCs whether
they be on UNIX, Windows, VMS, or other think it is a good idea to let
normal users anywhere near them. It is the heart of the security of your
network. 


On top of that, DCs sometimes have to be rebooted for various
replication issues, etc. Normally this is something that is transparent
to the user as they don't need a DC all of the time and even if they
needed one while the one was down, they would find another and use it.
This obviously goes away if you have the users using files on a DC,
using printers on a DC, or most definitely have them TSing into a DC. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jennifer
Fountain
Sent: Monday, July 12, 2004 5:58 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Domain Controller Question

Gotta strange question for you.  Powers to be asked if I would install a
"backup" domain controller on a local terminal server and if I would
have a problem with it.  They do not see an issue with it.  So,
basically users would log into a terminal server that is a DC.  Can you
share your opinion? Also, they also said that we can you have a domain
controller sit there doing nothing just waiting for the "primary"
controller to fail (not in a cluster configuration)?  Does anyone know
anything about this configuration?  Can you share?

Thanks in advance!


Kind Regards,

Jennifer Fountain
R&B Inc
3400 E Walnut Street
Colmar, PA  18915

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has 

[ActiveDir] FW: FindGrp funnies....

2004-07-13 Thread Rutherford, Robert
Title: FW: FindGrp funnies






Tis OK… Showgrps did the job.


BR


Rob


 -Original Message-

From:   Rutherford, Robert  

Sent:   13 July 2004 12:33

To: '[EMAIL PROTECTED]'

Subject:    FindGrp funnies


Morning, Evening, Afternoon All,


Typing findgrp domain\username isn't working and pumping 'Finding global groups: Unknown Error: 234' back to me. 


Any ideas? I've never used it and just curious why I'm getting the error as I can't find anything via a google search.


Thanks,


Rob


This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unles

RE: [ActiveDir] Domain Controller Question

2004-07-12 Thread Rutherford, Robert
Running TS on a Domain Controller is generally not a good idea, mainly
down to security issues and possible performance degradation. It will
run but I would not consider it myself, i.e. some app's need to run with
elevated privileges and I wouldn't want this on a DC. I'm sure someone
else will jump in here and give some more defined reasoning.

I'd always advise having at least 2 DC's. It just saves a lot of hassle
and gives you some peace-of-mind when in a system failure scenario, i.e.
You lose your single DC, all your users come in and can't login or
access any resources - you have to rebuild your DC, get AD back up and
working, while users are screaming at you... Get at least 2 DC's. 

You can make other servers DC's If you are running tight, I.e. SQL,
Exchange, file/print, etc.

Of course your hand may be twisted on all of the above if you only have
10 users or so. 

BR

Rob

-Original Message-
From: Jennifer Fountain [mailto:[EMAIL PROTECTED] 
Sent: 12 July 2004 10:58
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Domain Controller Question


Gotta strange question for you.  Powers to be asked if I would install a
"backup" domain controller on a local terminal server and if I would
have a problem with it.  They do not see an issue with it.  So,
basically users would log into a terminal server that is a DC.  Can you
share your opinion?  Also, they also said that we can you have a domain
controller sit there doing nothing just waiting for the "primary"
controller to fail (not in a cluster configuration)?  Does anyone know
anything about this configuration?  Can you share?

Thanks in advance!


Kind Regards,

Jennifer Fountain
R&B Inc
3400 E Walnut Street
Colmar, PA  18915

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Help needed for ADR

2004-07-09 Thread Rutherford, Robert
Yes, AD could help if you had 2K/2K3 servers then you could use
something like DFS to replicate the data. Do you have any MS servers?

Does the folder contain files/folders which are edited from both sides?

With Windows2000 pro box ... If you don't want to use a 3rd party tool,
then you'll have to use scheduler or something to copy or robocopy.

Rob

-Original Message-
From: Sumit Kumar Laad [mailto:[EMAIL PROTECTED] 
Sent: 09 July 2004 11:36
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Help needed for ADR


hey Rob,
Thans for a lovely response...
The remote computer is also has windows 2000 professional edition. I
found many third party applications but i am bound to use a windows
utility. the concept is that the net speed being slow its not so
easy to work with that folder on shareso better have a copy of that
folder on local computer which keeps on synchronising with the original
folder at regular intervals of time. plzz let me know if active
direcotry would help

regards
sumit

> If the machine in the other location is a 2000/2003 server then you 
> can use offline file replication.. Use something like 
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/data
> ce
>
nter/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ
> /2003/datacenter/proddocs/en-us/csc_setup_computer.asp as a starter.
>
> There are also many 3rd party apps which will perform the 
> function..just search the internet. You could of also schedule a batch

> file to run to copy.
>
> You have many options.
>
> BR
>
> Rob
>
> -Original Message-
> From: Sumit Kumar Laad [mailto:[EMAIL PROTECTED]
> Sent: 09 July 2004 08:10
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] Help needed for ADR
>
>
> hi friends,
>   I am a windows 2000 Professional edition user. I want a script that 
> can detect any change in one of my local directories and can perform 
> the corresponding operation on the remote computer kept in San Diego. 
> The folder on the remote computer has been mapped as a Drive on my 
> computer. Can Active directory replication be of some help? If so, 
> where to get it from? Kindly consider it urgent. Any help will be 
> greatly appreciated.
>
> regards
> sumit
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> This e-mail and the information it contains are confidential and may 
> be privileged. If you have received this e-mail in error please notify

> the sender immediately and delete the material from any computer. 
> Unless you are the intended recipient, you should not copy this e-mail

> for any purpose, or disclose its contents to any other person. The 
> MCPS-PRS Alliance is not responsible for the completeness or accuracy 
> of this communication as it has been transmitted over a public 
> network. Whilst the MCPS-PRS Alliance monitors all communications for 
> potential viruses, we accept no responsibility for any loss or damage 
> caused by this e-mail and the information it contains. It is the 
> recipient's responsibility to scan this e-mail and any attachments for

> viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers 
> may be monitored for quality control and other purposes.
>
> The MCPS-PRS Alliance Limited is a limited company registered in 
> England under company number 03444246 whose registered office is at 
> c/o 29-33 Berners Street, London, W1T 3AB.
>
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.ac

RE: [ActiveDir] Help needed for ADR

2004-07-09 Thread Rutherford, Robert
If the machine in the other location is a 2000/2003 server then you can
use offline file replication.. Use something like
http://www.microsoft.com/resources/documentation/WindowsServ/2003/datace
nter/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ
/2003/datacenter/proddocs/en-us/csc_setup_computer.asp as a starter.

There are also many 3rd party apps which will perform the function..just
search the internet. You could of also schedule a batch file to run to
copy.

You have many options.

BR

Rob

-Original Message-
From: Sumit Kumar Laad [mailto:[EMAIL PROTECTED] 
Sent: 09 July 2004 08:10
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Help needed for ADR


hi friends,
  I am a windows 2000 Professional edition user. I want a script that
can detect any change in one of my local directories and can perform the
corresponding operation on the remote computer kept in San Diego. The
folder on the remote computer has been mapped as a Drive on my computer.
Can Active directory replication be of some help? If so, where to get it
from? Kindly consider it urgent. Any help will be greatly appreciated.

regards
sumit
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Disk Defragmenting

2004-07-08 Thread Rutherford, Robert
Title: Message



It's 
safe.. I'd just recommend doing it in a quiet period.
 
BR
 
Rob

  
  -Original Message-From: Edwin
  [mailto:[EMAIL PROTECTED] Sent: 08 July 2004 
  13:51To: Active DirectorySubject: [ActiveDir] Disk
  Defragmenting
  
  Would someone please be able to 
  verify if defragmenting a disk is safe on a domain 
  controller?
   
  I want to install and use
  Diskkeeper but would like to get some assurance of its use before its 
  implementation.
   
  Thank you in advance for your 
  replies.
   
  EdwinThis e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] OT: DNS not resolving mail.yahoo.com

2004-07-06 Thread Rutherford, Robert
Is your AD dns resolving other addresses?
Has it been working?

Rob

-Original Message-
From: Douglas M. Long [mailto:[EMAIL PROTECTED] 
Sent: 06 July 2004 15:44
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: DNS not resolving mail.yahoo.com


OK,

My DNS server (AD integrated) is not resolving mail.yahoo.com
(nor finding yahoo's MX record), and I have no clue as how to fix this.
It doesnt seem to be a connectivity problem because our BIND DNS server
resolves the addresses fine. Any ideas on how to fix this??? Any help is
very very much appreciated
:)

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Windows XP and a Winlogon.exe Error

2004-07-06 Thread Rutherford, Robert
Try it with the LAN cable disconnected... Seen a few similar errors when
this has an effect.

BR

Rob

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: 06 July 2004 15:23
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows XP and a Winlogon.exe Error


Tried that and it did not work.  The computer still goes to the blueish
screen right before the dialog box pops up with "setting up network
connections" and so on to a blue screen with the error message that
appears in the q article.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Quatro Info
Sent: Tuesday, July 06, 2004 10:14 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows XP and a Winlogon.exe Error

Cant you try and set it back in the last known good configuration?...F8
at start up?

Gr Jorre

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Namens Salandra, Justin A.
Verzonden: dinsdag 6 juli 2004 16:00
Aan: [EMAIL PROTECTED]
Onderwerp: [ActiveDir] Windows XP and a Winlogon.exe Error

I have a laptop that is having a problem described in this Q Article.
http://support.microsoft.com/?kbid=318666

I cannot get the laptop to boot in any mode.  How can I get XP SP1a
installed if I cannot boot into the system?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] SYSVOl - replication

2004-07-06 Thread Rutherford, Robert
Title: Message



Does a 
dcdiag give any clues? EventLog?
 
You 
could try a restore... if the DC is just a DC and you have more, then I'd just 
go for a DCPROMO down and then up again.

  
  -Original Message-From: Tashildar, 
  Dinesh (Cognizant) [mailto:[EMAIL PROTECTED] Sent: 06 July 
  2004 07:47To: [EMAIL PROTECTED]Subject:
  [ActiveDir] SYSVOl - replication
  Suddenly one of my Domain controllers 
  SYSVOL folder has become empty. Now I can only view \SYSVOL\domainname.com 
  folder without any files. As well Netlogon share is missing.
  Any thought, why this has happened ? And 
  how to slove this issue? 
  Thanks in advance. 
  Regards, Dinesh Tashildar Cognizant Technology Solutions India Pvt. Ltd. Tel : 91-20-4062600 Extn : 3119 
  Vnet : 23119 
This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Exporting Workstation Information

2004-07-05 Thread Rutherford, Robert
Csvde does though...

Rob

-Original Message-
From: Sean Johnson [mailto:[EMAIL PROTECTED] 
Sent: 05 July 2004 12:10
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Exporting Workstation Information


I would reccomend using the ldifde utility. It doesn't put the data into
CSV, but it is in a text file format, and quite easy to parse.

You might also want to look at this link:

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.
com:80/support/kb/articles/Q237/6/77.ASP&NoWebContent=1
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Exporting Workstation Information

2004-07-05 Thread Rutherford, Robert
Title: Message



It 
would be possible, whatever you want to export. What exactly do you want to 
export?
 
Rob

  
  -Original Message-From: Caple, Andrew 
  [mailto:[EMAIL PROTECTED] Sent: 05 July 2004 
  08:39To: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Exporting Workstation Information
  Greetings 
  everyone,
   
  I'm 
  trying to export some data from AD into a CSV file - 
  our AD structure has 26 OU's, each OU breaks down to look 
  like:
   
  Site 
  name
      
  Groups
      
  Legacy Workstations
      
  Printers
      
  Servers
      
  Users
      
  Workstations
   
  Is it possible to 
  export all the data that's contained in the Workstation area (within all the 
  OU's) into a single CSV file? (Apart from right clicking on each OU and
  selecting "Export List").
   
  Thanks for your help.
   
  Regards, Andrew
  
  
   
  Andrew 
  Caple
   
  
  
  Infrastructure 
  Engineer 
  
  
  
  Phone: +61 3 9861 
  5425
  
  
  Facsimile: +61 3 9861 
  5510
  
  [EMAIL PROTECTED]
  
  
  


  

  
  105 Camberwell Road, Hawthorn 
East, Vic 
  3123
  
  
  
  
   
   
  
  
   
  
   
   This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: RES: [ActiveDir] SYSVOL W2K3

2004-07-01 Thread Rutherford, Robert
Or just stop and start the FRS service

-Original Message-
From: Carr, Jonathan (OFT) [mailto:[EMAIL PROTECTED] 
Sent: 01 July 2004 16:42
To: [EMAIL PROTECTED]
Subject: RE: RES: [ActiveDir] SYSVOL W2K3


Reboot the server 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: Thursday, July 01, 2004 11:22 AM
To: [EMAIL PROTECTED]
Subject: Re: RES: [ActiveDir] SYSVOL W2K3

Elton Gouvêa Pimentel wrote:

> This is not the first server in the domain. I have waited for more 
> than 2 days and the sysvol share still has not been created.
> 
> Any other ideas ?
> 
Did Your FRS is working properly among other servers?  Are DNS entries proper for this 
servers and its replication partners?


-- 
Tomasz Onyszko [MVP]
[EMAIL PROTECTED]
http://www.w2k.pl
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] windows repair and reinstallation

2004-07-01 Thread Rutherford, Robert
Huh?! Hold on before you rebuild.

Which services do not stop?
What are the symptoms on the server?

BR

Rob

-Original Message-
From: Roseta Radfar [mailto:[EMAIL PROTECTED] 
Sent: 01 July 2004 11:21
To: [EMAIL PROTECTED]
Subject: [ActiveDir] windows repair and reinstallation


hello,
 
i have problem with my windows. some services does not stop and 
 
can I reinstall windows 2000 server without any problem?
 
do you think this will solve my problem. i am tired of getting to know where the 
probelm is!(it is not virus for sure) i run a program to search for any cookie or  
it found some thing in registery and ... and i deleted it. so may be if i reinstall 
windows 2000 server , it will solve my problem but can i do that with no problem?
 
thanks for any advice in advance.
roseta
.+-wi0-+YbmPi0-+bÚf.+-j!0j!orØyØIV+v*
This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.


RE: [ActiveDir] 3rd Party AD Management

2004-06-28 Thread Rutherford, Robert
Title: Message



What 
do you want to achieve George? What do you want to get out of the 
tools?
 
BR
 
Rob

  
  -Original Message-From: Peter Johnson 
  [mailto:[EMAIL PROTECTED] Sent: 28 June 2004 16:34To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] 3rd Party AD 
  Management
  
  Well I have used 
  NetIQ Security Administration Suite. I’m not sure of the pricing but I can 
  recommend the product. It works really well in an AD environment covering all 
  sorts of functionality such as distributed, delegated administration, 
  enforcement of corporate standards etc. Offers a granular admin model with a 
  far easier implementation than native AD tools
   
  Regards
  Peter 
  Johnson
   
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of George 
  ArezinaSent: 27 June 2004 
  23:27To: 
  [EMAIL PROTECTED]Subject: [ActiveDir] 3rd Party AD
  Management
   
  Hi folks,
  Does anyone know or can anyone 
  recommend any third party active directory management tools, please try to 
  include a price range. 
  Cheers,
  George
   
   This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Effects on Exchange on the move from Mixed to Nat ive

2004-06-28 Thread Rutherford, Robert
Title: Message



Ahh 
very...
 
Cheers

  
  -Original Message-From: Mulnick, Al 
  [mailto:[EMAIL PROTECTED] Sent: 28 June 2004 
  16:05To: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] Effects on Exchange on the move from Mixed to Nat 
  ive
  On Exchange?  Exchange likes native mode. In fact, 
  if you'd been following the recommendations, you'd have put Exchange in a 
  native mode domain already to allow for USG's.  Doesn't seem to affect 
  you, but it's one comforting factor :)
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, 
  RobertSent: Monday, June 28, 2004 10:55 AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Effects on
  Exchange on the move from Mixed to Native
  
  Hi All, 
  Coming from a domino background 
  I'm about to move a domain here to native mode. 
  I've performed it before a few time but not with Exchange2000 in the equation. 
  Is their any effect?
  BR 
  Rob This e-mail and the information 
  it contains are confidential and may be privileged. If you have received this 
  e-mail in error please notify the sender immediately and delete the material 
  from any computer. Unless you are the intended recipient, you should not copy 
  this e-mail for any purpose, or disclose its contents to any other person. 
  The MCPS-PRS Alliance is not responsible for the completeness or accuracy 
  of this communication as it has been transmitted over a public network. Whilst 
  the MCPS-PRS Alliance monitors all communications for potential viruses, we 
  accept no responsibility for any loss or damage caused by this e-mail and the 
  information it contains.It is the recipient's responsibility to scan this 
  e-mail and any attachments for viruses. Any e-mails sent to and from the 
  MCPS-PRS Alliance servers may be monitored for quality control and other
  purposes.The MCPS-PRS Alliance Limited is a limited company registered 
  in England under company number 03444246 whose registered office is at c/o 
  29-33 Berners Street, London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Effects on Exchange on the move from Mixed to Native

2004-06-28 Thread Rutherford, Robert
Title: Message



there 
even.

  
  -Original Message-From: Rutherford, 
  Robert Sent: 28 June 2004 15:55To: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Effects on
  Exchange on the move from Mixed to Native
  Hi All, 
  Coming from a domino background…. 
  I'm about to move a domain here to native mode. 
  I've performed it before a few time but not with Exchange2000 in the equation. 
  Is their any effect?
  BR 
  Rob This e-mail and the information 
  it contains are confidential and may be privileged. If you have received this 
  e-mail in error please notify the sender immediately and delete the material 
  from any computer. Unless you are the intended recipient, you should not copy 
  this e-mail for any purpose, or disclose its contents to any other person. 
  The MCPS-PRS Alliance is not responsible for the completeness or accuracy 
  of this communication as it has been transmitted over a public network. Whilst 
  the MCPS-PRS Alliance monitors all communications for potential viruses, we 
  accept no responsibility for any loss or damage caused by this e-mail and the 
  information it contains.It is the recipient's responsibility to scan this 
  e-mail and any attachments for viruses. Any e-mails sent to and from the 
  MCPS-PRS Alliance servers may be monitored for quality control and other
  purposes.The MCPS-PRS Alliance Limited is a limited company registered 
  in England under company number 03444246 whose registered office is at c/o 
  29-33 Berners Street, London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


[ActiveDir] Effects on Exchange on the move from Mixed to Native

2004-06-28 Thread Rutherford, Robert
Title: Effects on Exchange on the move from Mixed to Native






Hi All,


Coming from a domino background….


I'm about to move a domain here to native mode. I've performed it before a few time but not with Exchange2000 in the equation. Is their any effect?

BR


Rob


This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Non DR migration of AD

2004-06-10 Thread Rutherford, Robert
Bring up a new DC..
Take it off the production domain and into the lab... Seize the roles?
You will have to do some clean up but it's the easiest way if it's not
going to be linked to your production domain.

Rob

-Original Message-
From: Glenn Corbett [mailto:[EMAIL PROTECTED] 
Sent: 10 June 2004 16:00
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Non DR migration of AD


All,

We are in the process of constructing a Lab to mimic the production AD
system as closely as possible.  Doing a full DR into this environment is
certainly an option, however we have been looking into simply migrating
the AD "structure" and using this as a test bed to cleanup AD (OU's,
objects, permissions, policies etc).

Is anyone aware of tools or procedures to get the major AD configuration
components into a lab using an approach that can be scripted / automated
? (we may want to do this every few months or so). For example, we have
used LDIFDE to extract the OU structure, users and groups and
re-imported these into the test lab.  By and large this has worked very
well (took some tweaking of the LDIFDE commands to resolve some
constraint violations etc), however items such as OU security and
policies is causing a bit more of a headache.

Any thoughts ?

TIA

Glenn


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Software packagers

2004-06-09 Thread Rutherford, Robert
Title: Message



Depends on how many packages you are going to package and how regularly? 
I found the Wininstall LE (free with W2K) does the job most of the time 
needs tweaking every now and again but no real pain.
 
Many 
people specialise in this area and will be able to be more helpful I'm 
sure.
 
BR
 
Rob

  
  -Original Message-From: Christine Easton 
  [mailto:[EMAIL PROTECTED] Sent: 09 June 2004 
  15:50To: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Software packagers
  Hello,
   
  I'm going to start 
  evaluating software packagers to create software installations for 
  distribution using Active Directory.  Can I get some recommendations on 
  some?  Like Winnstall, Installshield, etc.  How easy are they to get 
  up and running?  Any gottcha's with making packages?
   
  Thanks
   
  -ChristineThis e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] strange thing...

2004-06-09 Thread Rutherford, Robert
Just clarifying It appears that you are saying ... when you first
designate the rights that members of the technician group can add wks to
the domain and the next day they cannot? 

Are the rights still set on the next day as you defined them on the
first day? Or are the reverting back?


-Original Message-
From: Bruyere, Michel [mailto:[EMAIL PROTECTED] 
Sent: 09 June 2004 15:37
To: [EMAIL PROTECTED]
Subject: [ActiveDir] strange thing...


Hi all, 
It's my first post here. I've been referred here and
been told that you guys were the "real gurus" of AD. I have a strange
thing happening and I would like to have your thoughts about it. 

Here is the situation, I created a group called "technicians" and I gave
the user right "add station to the domain to it. I then added the
technician group to the computers OU and set the following:

List contents
Read all properties
Read permissions
Create computer objects
Delete computer objects



The problem is that when I set these, everything works fine. But the
next day when a tech (member of the technician group) tries to join a
computer to the domain he has an access denied. To fix the issue
temporarily, I gave the group the perms (create all childs object and
delete all childs object). 

I tried to remove the inheritance of the perms on this ou but it didn't
help.



I can't see why this is happening.

Thanks


Michel Bruyere
Network/systems administrator
CompTIA A+, Network+
The quickest way to find something
is to start looking for something else.
:-)



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] OT: Compaq Servers

2004-06-09 Thread Rutherford, Robert
Title: Message



MS and 
HP working hand in hand to shaft the customer base well they also do it 
with loads of other vendors also, i.e. Veritas.
 
Rob

  
  -Original Message-From: Rick Kingslan 
  [mailto:[EMAIL PROTECTED] Sent: 09 June 2004 02:02To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Compaq 
  Servers
  Sadly, HP/Compaq flat pissed me off with orphaning all of 
  my '2nd gen' systems to Windows 2000, unless I don't want to use SmartStart 
  for anything other than coasters.  So, I really have no need for the 6.0 
  stuff that they keep sending me that DOES support Windows Server 2003, but not 
  my still quite useful but somewhat dinosaur-ish (according to HP/Compaq, I 
  suppose)
   
  To me - dumb 
  move.  But, I'm sure that they had a great reason for it.  Like, not 
  having any interest in customers who weren't buying brand new machines for 
  Windows Server 2003
   
  Rick Kingslan  MCSE, MCSA, MCT, 
  CISSPMicrosoft MVP:Windows Server / Directory ServicesWindows 
  Server / Rights ManagementWindows Security (Affiliate)Associate
  ExpertExpert Zone - www.microsoft.com/windowsxp/expertzoneWebLog - 
  www.msmvps.com/willhack4food  
  
  
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Kitchens
  Arthur ESent: Tuesday, June 08, 2004 9:38 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Compaq 
  Servers
  
  I believe RDP is free. The smartstart cd *is* free and you 
  could build a master image with that then distribute/implement with any of the 
  methods/tools previously mentioned in this thread. You can also get a 30 day 
  eval license for the altiris deployment server (what utilizes the RDP tool 
  set) so I don't see any money invovled with exploration of that either.  
  It may also be the case the one of the Insight Manager flavors would be useful 
  for you. At least one (4.something) was free by download a few weeks 
  ago.  Just my 2 cents. 
  -Original Message- From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
  On Behalf Of Rutherford, Robert Sent: Tuesday, June 
  08, 2004 10:30 AM To: 
  [EMAIL PROTECTED] Subject: RE: [ActiveDir] 
  OT: Compaq Servers 
  I've spied the RDP tool before and it does look like a quality 
  system, but can't really warrant the £££. If I remember it was 
  expensive.
  **drifts off to dreamland** 
  Oh how I wish HP would provide me with a simple and free 
  tool... Or a good old gui based front end to produce a script. 
  **wakes to reality** 
  Thud! 
  -Original Message- From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
  Sent: 08 June 2004 15:09 To: 
  [EMAIL PROTECTED] Cc: 
  [EMAIL PROTECTED] Subject: RE: [ActiveDir] 
  OT: Compaq Servers 
  You can use also our tool RemoteDeploymentPackage (http://h18013.www1.hp.com/products/servers/management/rdp.html).
  RDP offers templates to deploy,image and re-deploy 
  servers-images and also additional software. RDP is based on Altiris 
  solution
  > I used Ghost to distribute Sysprep'd  images either 
  by Multicast or IP > connections on DL380's.  
  After the first build, each server was up and > 
  ready to run DCPromo within 10-15 minutes including the time to load 
  > the image over 100BaseT.  You can save a lot 
  of time with the > Sysprep.inf file for many of the 
  tedious settings, but I found running > DCPromo 
  from the sysprep.inf to be hit and miss because of network > configuration, so I opted > to do that 
  manually. > >   _ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] 
  On Behalf Of Rutherford, > Robert > Sent: Tuesday, June 8, 2004 9:26 AM > 
  To: [EMAIL PROTECTED] > Subject: RE: 
  [ActiveDir] OT: Compaq Servers > > > Thanks Roger, > > ADS does look sxy.problem is that 
  we are still mainly W2K :O( > > > -Original Message- 
  > From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
  > Sent: 08 June 2004 14:16 > 
  To: [EMAIL PROTECTED] > Subject: RE: 
  [ActiveDir] OT: Compaq Servers > > > Have you considered something like 
  the Automated Deployment System? > Its part of the 
  Dynamic Systems Initiative and its geared towards this > kind of deployment. Its also more or less free. > http://www.microsoft.com/windowsserver2003/technologies/management/ads/defau 
  > lt.mspx > <http://www.microsoft.com/windowsserver2003/technologies/management/ads/defa 
  > ult.mspx> > 
  > Roger > 
  ---------- 
  > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis 
  Inc. > > 
  > >   _ 
  > > From: Rutherford, Robert 
  > [mailto:[EMAIL PROTECTED]] 
  > Sent: Tuesday, June 08, 2004 8:42 AM > To: [EMAIL PROTECTED] > 
  Subject: [ActiveDir] OT: Compaq Servers > 
  > > >

RE: [ActiveDir] DNS Question

2004-06-08 Thread Rutherford, Robert
Have you got an old invalid share mapped? This will cause both issues
you mention.

-Original Message-
From: John Parker [mailto:[EMAIL PROTECTED] 
Sent: 08 June 2004 15:51
To: [EMAIL PROTECTED]
Subject: [ActiveDir] DNS Question


Hey all.

I am running win2k fully spacked on a win2k active directory domain. I
have one machine... (Mine) that has the following issue

When I go to save a document and I click the Drop down to select a
location, My system takes up to 30 seconds to display the tree. And when
using my browser, it takes roughly the same amount of time When I type
in a URL.

I have gone through my settings but cannot find anything obviously amis.

Thank you in advance.

John Parker, MCSE 
IS Admin. 
Senior Technical Specialist 
Alpha Display Systems. 
---End of Line---



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] OT: Compaq Servers

2004-06-08 Thread Rutherford, Robert
I've spied the RDP tool before and it does look like a quality system, but can't 
really warrant the £££. If I remember it was expensive.

**drifts off to dreamland**

Oh how I wish HP would provide me with a simple and free tool... Or a good old gui 
based front end to produce a script.

**wakes to reality**

Thud!

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 08 June 2004 15:09
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Compaq Servers


You can use also our tool RemoteDeploymentPackage 
(http://h18013.www1.hp.com/products/servers/management/rdp.html).
RDP offers templates to deploy,image and re-deploy servers-images and also additional 
software. RDP is based on Altiris solution

> I used Ghost to distribute Sysprep'd  images either by Multicast or IP
> connections on DL380's.  After the first build, each server was up and
> ready to run DCPromo within 10-15 minutes including the time to load 
> the image over 100BaseT.  You can save a lot of time with the 
> Sysprep.inf file for many of the tedious settings, but I found running
> DCPromo from the sysprep.inf to be hit and miss because of network 
> configuration, so I opted
> to do that manually.
>
>   _
>
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, 
> Robert
> Sent: Tuesday, June 8, 2004 9:26 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] OT: Compaq Servers
>
>
> Thanks Roger,
>
> ADS does look sxy.problem is that we are still mainly W2K :O(
>
>
> -Original Message-
> From: Roger Seielstad [mailto:[EMAIL PROTECTED]
> Sent: 08 June 2004 14:16
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] OT: Compaq Servers
>
>
> Have you considered something like the Automated Deployment System? 
> Its part of the Dynamic Systems Initiative and its geared towards this
> kind of deployment. Its also more or less free.
> http://www.microsoft.com/windowsserver2003/technologies/management/ads/defau
> lt.mspx
> <http://www.microsoft.com/windowsserver2003/technologies/management/ads/defa
> ult.mspx>
>
> Roger
> ----------
> Roger D. Seielstad - MTS MCSE MS-MVP
> Sr. Systems Administrator
> Inovis Inc.
>
>
>
>   _
>
> From: Rutherford, Robert 
> [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 08, 2004 8:42 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] OT: Compaq Servers
>
>
>
> I'm sorry this is off topic but just thought I'd throw it out to see 
> if I get a bite
>
> It must be that time of year again.. a large number of new servers
> coming in.I don't want to, or have anyone else build numerours 
> DL360's/380's .. All with more or less the same spec and o/s build. 
> Has anyone ever actually got the things to work with the scripting 
> toolkit?
>
> TIA
>
> Rob
>
>
> This e-mail and the information it contains are confidential and may 
> be privileged. If you have received this e-mail in error please notify
> the sender immediately and delete the material from any computer. 
> Unless you are the intended recipient, you should not copy this e-mail
> for any purpose, or
> disclose its contents to any other person.
> The MCPS-PRS Alliance is not responsible for the completeness or accuracy
> of
> this communication as it has been transmitted over a public network.
> Whilst
> the MCPS-PRS Alliance monitors all communications for potential viruses,
> we
> accept no responsibility for any loss or damage caused by this e-mail and
> the information it contains.
> It is the recipient's responsibility to scan this e-mail and any
> attachments
> for viruses. Any
> e-mails sent to and from the MCPS-PRS Alliance servers may be monitored
> for
> quality control and other purposes.
>
> The MCPS-PRS Alliance Limited is a limited company registered in 
> England under company number 03444246 whose registered office is at 
> c/o 29-33 Berners Street, London, W1T 3AB.
>
>
>
> This e-mail and the information it contains are confidential and may 
> be privileged. If you have received this e-mail in error please notify
> the sender immediately and delete the material from any computer. 
> Unless you are the intended recipient, you should not copy this e-mail
> for any purpose, or
> disclose its contents to any other person.
> The MCPS-PRS Alliance is not responsible for the completeness or accuracy
> of
> this communication as it has been transmitted over a public network.
> Whilst
> the MCPS-PRS Alliance monitors all communications for potential viruses,
> we
> accept no responsibility for any loss or damage c

RE: [ActiveDir] OT: Compaq Servers

2004-06-08 Thread Rutherford, Robert
Title: Message



Thanks 
Roger,
 
ADS 
does look sxy.problem is that we are still mainly W2K 
:O(
 

  
  -Original Message-From: Roger Seielstad 
  [mailto:[EMAIL PROTECTED] Sent: 08 June 2004 
  14:16To: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] OT: Compaq Servers
  Have you considered something like the Automated 
  Deployment System? Its part of the Dynamic Systems Initiative and its geared 
  towards this kind of deployment. Its also more or less 
  free.
  http://www.microsoft.com/windowsserver2003/technologies/management/ads/default.mspx
   
  Roger
  -- 
  Roger D. Seielstad 
  - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. 
  
   
  


From: Rutherford, Robert 
[mailto:[EMAIL PROTECTED] Sent: Tuesday, 
June 08, 2004 8:42 AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] OT: Compaq
Servers

I'm sorry this is off topic but just thought I'd 
throw it out to see if I get a bite…. 
It must be that time of year again…… a large 
number of new servers coming in.I don't want to, or have anyone else build 
numerours DL360's/380's .. All with more or less the same spec and o/s
build. Has anyone ever actually got the things to work with the scripting 
toolkit? 
TIA 
Rob This e-mail and the
information it contains are confidential and may be privileged. If you have 
received this e-mail in error please notify the sender immediately and
delete the material from any computer. Unless you are the intended 
recipient, you should not copy this e-mail for any purpose, or disclose its 
contents to any other person. The MCPS-PRS Alliance is not responsible 
for the completeness or accuracy of this communication as it has been
transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all 
communications for potential viruses, we accept no responsibility for any 
loss or damage caused by this e-mail and the information it contains.It 
is the recipient's responsibility to scan this e-mail and any attachments 
for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers 
may be monitored for quality control and other purposes.The MCPS-PRS 
Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, 
London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


[ActiveDir] OT: Compaq Servers

2004-06-08 Thread Rutherford, Robert
Title: OT: Compaq Servers






I'm sorry this is off topic but just thought I'd throw it out to see if I get a bite….


It must be that time of year again…… a large number of new servers coming in.I don't want to, or have anyone else build numerours DL360's/380's .. All with more or less the same spec and o/s build. Has anyone ever actually got the things to work with the scripting toolkit? 

TIA


Rob


This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Replication Monitor error

2004-06-04 Thread Rutherford, Robert
Title: Message



Is the new server the only DC 
in the new site? If so then make sure it's a GC or at least has access to a GC 
in the same site.
 
Anything in the event log of 
either box? Can you do the usual ... dcdiag and post.
 
BR
 
Rob

  
  -Original Message-From: Nathan Casey 
  [mailto:[EMAIL PROTECTED] Sent: 03 June 2004 
  20:00To: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Replication Monitor error
  I am getting an error when trying to 
  add a "monitored Server" to Active Directory Replication Monitor.AD
  config:Empty ROOT with 2 Dc'sProduction domain with 3 
  DC'scurrently all DC’s are in same site.I installed a new DC 
  in a new site in the production domain. I can monitorthe new server
  from replication monitor on any other DC in the productiondomain. 
  When I try to monitor the server in replication monitor from a DC inthe 
  root domain I get the following error:"The Server could not be contacted 
  or you had insufficient permissions toread the status of the 
  server."I can monitor any other production domain DC with replication 
  monitor fromthe root DC'sfrom the root DC's I can ping by name the 
  new DCnslookup resolves the new DC name
   
  All replication appears to function 
  correctly.
   
  Any insight would be 
  appreciated.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Moving Roaming profiles

2004-06-03 Thread Rutherford, Robert
I heard that you can copy the bulk over, i.e. CD or something and the
replication will work it out.

Anyone know if this is true?

-Original Message-
From: Jason Benway [mailto:[EMAIL PROTECTED] 
Sent: 03 June 2004 16:22
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Moving Roaming profiles


I thought about using DFS for my apps installed by GPO, also. But I have
almost a Gig of applications and I was under the impression that DFS did
not replicate large amounts of data very well, even if it doesn't change
often?

jb 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Thursday, June 03, 2004 11:16 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Moving Roaming profiles

I'm in the process of drawing a DFS tree for just that reason -
eliminate the server name dependencies for shares. The only thing I see
myself replicating is a small set of apps that are installed via GPO.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

> -Original Message-
> From: Ayers, Diane [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 03, 2004 10:39 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Moving Roaming profiles
> 
> It seems that outside of the FRS / replication issues, using DFS would
> be a good way of virtualizing the storage location of the profiles.  
> If you used a DFS root to designate your storage location and you 
> needed to migrate/replace this location, you could update the DFS root

> without having to modify any user attributes.  Basically make the 
> management of the profile data a backroom thing.
> 
> Using FRS would make the whole setup somewhat ugly.
> 
> Diane
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Steve Patrick
> Sent: Wednesday, June 02, 2004 9:15 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [ActiveDir] Moving Roaming profiles
> 
> It is indeed  NOT a good thing.
> 
> I would not do this.
> 
> FRS is not meant to replicate this type of dynamic data (profiles) you
> may experience data loss or perhaps FRS breakdowns (depending on size,

> number of files, and amount of change per file).
> Clarification on the data loss - this would not be due to FRS or 
> 'corrupt'
> files, but rather the natural way FRS works - which is on a last 
> writer wins basis.
> 
> my .02
> 
> -steve
> 
> 
> - Original Message -
> From: "Malachi Burke" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, June 02, 2004 8:16 PM
> Subject: [ActiveDir] Moving Roaming profiles
> 
> 
> > I want to move roaming profiles from our regular share into a DFS
> > folder.  The setup is straightforward.  Two DC's, DFS replicate to
> each
> > other, highly available roaming profiles.  A sanity check
> that this is
> > indeed a good thing would be nice.
> >
> > I am also a bit concerned about DFS because the documentation is so
> > verbose (i.e. makes my brain hurt figuring it all out).
> Scenario: DC1
> > and DC2 both are hosting DFS root \\testroot\root.  They are hosting
> > their own corresponding file shares (say \\DC1\root and \\DC2\root).
> Am
> > I right in expecting that EITHER DC1 or DC2 can go offline, and
> > \\testroot\root will still be available?
> >
> > Lastly, moving the profiles looks like you have to muck
> with ownership
> > and permissions.  I was able to brute-force move one this way (by
> > forcefully claiming ownership and subsequent permission of
> the entire
> > profile tree), but a more graceful method would be appreciated.
> >
> > Malachi
> >
> > List info   : http://www.activedir.org/mail_list.htm
> > List FAQ: http://www.activedir.org/list_faq.htm
> > List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or 

RE: [ActiveDir] MACS

2004-06-03 Thread Rutherford, Robert
Thanks Guys.

-Original Message-
From: Eric Fleischman [mailto:[EMAIL PROTECTED] 
Sent: 02 June 2004 17:23
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MACS


I just checked with the PM to see if it aligns with my understanding. At
this point no decision has been made. It's still TBD.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Friday, May 28, 2004 11:11 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MACS

It was announced at TechEd (although its second-hand information from
one of our PMs; I wasn't at that session.)

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Friday, May 28, 2004 11:44 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MACS

Where did you hear that? Last I heard in the beta group it was to be
included in the next 2K/2003 SP's but I am not as well connected as
you are :-]

Maybe ~eric can answer  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Friday, May 28, 2004 11:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MACS

And, as I understand it, it is not going to be a free download or
Resource Kit component any more. MSFT is going to charge for it.

-gil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Friday, May 28, 2004 11:19 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] MACS

>Anyone know where MS are with MACS now?

MACS is now called The Microsoft Windows Audit Collection Services (ACS)


Release Candidate 1 became available to beta testers at the end of
April.

ACS Release Candiate changes include:
1) Simplified and updated database schema
2) Updated communcations protocol
3) Complete support for SSL/TLS authentication
4) Improved performance & scalability
5) Improved setup experience
6) Improved security (on Windows XP and Windows Server 2003, ACS runs as
NetworkService)
7) Improved manageability
8) Database included
9) Many quality & stability improvements
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rutherford,
Robert
Sent: Friday, May 28, 2004 6:04 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] MACS


Anyone know where MS are with MACS now?

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] FRS errors

2004-06-02 Thread Rutherford, Robert
Can you please run a dcdiag and netdiag and post please.

Thanks

Rob

-Original Message-
From: Svetlana Kouznetsova [mailto:[EMAIL PROTECTED] 
Sent: 02 June 2004 10:14
To: [EMAIL PROTECTED]
Subject: [ActiveDir] FRS errors


Guys, please, can you help -  FRS errors:

Two W2K DCs, one has got directory "geos2", which supposed to replicate
to another DC for redundancy purposes. 
The "master" copy is on - DC1,  replica - DC2.
The replication doesn't work with following error messages: 

On DC1 (ZEUS):

Once a day -  event id 13508:
The File Replication Service is having trouble enabling replication from
MERCURY to ZEUS for d:\public\geos2 using the DNS name MERCURY FRS will
keep retrying. 
 Following are some of the reasons you would see this warning.  
 [1] FRS can not correctly resolve the DNS name MERCURY from this
computer. 
 [2] FRS is not running on MERCURY. 
 [3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.  
 This event log message will appear once per connection, After the
problem is fixed you will see another event log message indicating that
the connection has been established. 
*No expected messages about problem fixed. 

AFTER RESTART frs - event id 13567:
File Replication Service has detected and suppressed an average of 15 or
more file updates every hour for the last 3 hours because the updates
did not change the contents of the file. The tracking records in FRS
debug logs will have the filename and event time for the suppressed
updates. The tracking records have the date and time followed by :T: as
their prefix.  
Updates that do not change the content of the file are suppressed to
prevent unnecessary replication traffic. Following are common examples
of updates that do not change the contents of the file.  
 [1] Overwriting a file with a copy of the same file. 
 [2] Setting the same ACLs on a file multiple times. 
 [3] Restoring an identical copy of the file over an existing one.  
Suppression of updates can be disabled by running regedit.  
Click on Start, Run and type regedit.  
Expand HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Services, NtFrs,
Parameters, and create or update the value "Suppress Identical Updates
To Files" to 0 (Default is 1) to force identical updates to replicate. 

On DC2 (MERCURY):

Once a day - event id 13562:
Following is the summary of warnings and errors encountered by File
Replication Service while polling the Domain Controller MERCURY  for FRS
replica set configuration information.  
 The nTFRSSubscriber object
cn=dfs|geos2,cn=dfs,cn=652103c0-3567-45e2-89d6-3773e36c8e9d,cn=dfs
volumes,cn=ntfrs subscriptions,cn=mercury,ou=domain
controllers,dc=ulib,dc=ox,dc=ac,dc=uk has a invalid value for the
attribute frsMemberReference. 
The File Replication Service is having trouble enabling replication from
MERCURY to ZEUS for d:\public\geos2 using the DNS name MERCURY. FRS will
keep retrying. 
 Following are some of the reasons you would see this warning.  
 [1] FRS can not correctly resolve the DNS name MERCURY from this
computer. 
 [2] FRS is not running on MERCURY. 
 [3] The topology information in the Active Directory for this replica
has not yet replicated to all the Domain Controllers.  
 This event log message will appear once per connection, After the
problem is fixed you will see another event log message indicating that
the connection has been established. 

The same "one-off" event id 13567 after restarting frs

DNS tested and seems to be fine and replmon show no AD replication
problems, FRS service is running on both DC. Permissions on directories
set up to Everyone- full control. 
I don't suppose netdom.exe would be a relevant fix for that, as it's not
like - AD related, right? In fact it would be useful to know, if this is
affecting AD replication in any ways at all, as my initial problem was -
W2K3 domain controller didn't not replicate outbound after dcpromo
["FATAL kerberos error on W2K3 server" thread]. So I've demoted it back
to member server and trying to clean up event logs on W2K DC's

Many many thanks in advance for any suggestions
Lana





List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the informa

RE: [ActiveDir] New User Templates

2004-06-02 Thread Rutherford, Robert
Just create a user you want to act as a template Copy them each time
and this will take all the settings you'd require.

I'd recommend linking login script and profile setting into a GPO if you
can.. Cleaner than adding to each individual user. 

BR

Rob

-Original Message-
From: Christine Easton [mailto:[EMAIL PROTECTED] 
Sent: 01 June 2004 23:30
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] New User Templates


Is there a way in ad 2k to create templates for new user creataion. By
OU for group membership, loginscript and profile settings? I know there
was a way in NT 4.0?

Thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir]

2004-06-01 Thread Rutherford, Robert
They look like useful tools. I could do with something like that for my
lab. 

SimpleSync is pretty expensive for my needs.. Anyone know of an el
cheapo product that will perform the same function?

TIA

Rob

-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
Sent: 01 June 2004 15:50
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]


Different domains or different forests? That's a key piece of info.

Different domains within a forest means its already done for you - all
the info is in AD already.

Different forests means a directory sync tool - MIIS from Microsoft,
SimpleSync from CPS systems, and any of a half dozen others that can do
it.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

> -Original Message-
> From: Pyron [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 31, 2004 7:52 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir]
> 
> All windows 2000 and windows 2003 servers. Running on active
> directory with 
> different domains.
> 
> At 10:12 PM 5/31/2004, you wrote:
> 
> >Are you only running AD or do you have Sun, AIX , Unix etc?
> >
> >-Original Message-
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED] On Behalf Of Pyron
> >Sent: Monday, May 31, 2004 4:02 PM
> >To: [EMAIL PROTECTED]
> >Subject: [ActiveDir]
> >
> >Is there a way to centralize username and passwords on a server farm 
> >with different active directory domain trees?
> >
> >thanks
> >
> >
> >List info   : http://www.activedir.org/mail_list.htm
> >List FAQ: http://www.activedir.org/list_faq.htm
> >List archive: 
> >http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
> >
> >List info   : http://www.activedir.org/mail_list.htm
> >List FAQ: http://www.activedir.org/list_faq.htm
> >List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Sysvol Damaged

2004-06-01 Thread Rutherford, Robert
Title: Message



sorry.. nslookup ... It was a heavy bank holiday weekend 
;O)

  
  -Original Message-From: Rutherford, 
  Robert Sent: 01 June 2004 12:17To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
  Damaged
  Is 
  the DNS on that machine pointed locally for resolution?
   
  What 
  do you get if you type DNS?
   
  

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 01 
June 2004 11:49To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged
Hello Folks,
This particular server(Windows 2000) isnt replicating out, SYSVOL is 
not shared even if I share manually, when i restart Server, it gets 
unshared. The NTDS Connection objects were also not created, and so i have 
done that manually and i get event id 13562 Source NTFRS
 
Following is the summary of warnings and errors encountered by File 
Replication Service while polling the Domain Controller 
SONYDC.riyadh.afg.com for FRS replica set configuration information.
  The nTDSConnection object cn=afgdc02,cn=ntds
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
is conflicting with cn=66dbe7ca-284e-4ccd-8fe7-d273ced34d1e,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
Using cn=afgdc02,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
 
The nTDSConnection object cn=afgdc1,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
is conflicting with cn=5d5bb30b-9ff5-4c61-b003-1bf2b4a14957,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
Using cn=afgdc1,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
 
The nTDSConnection object 
cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
is conflicting with cn=riy04-dc01,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
Using cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
 
The nTDSConnection object 
cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
is conflicting with cn=safisulaidc1,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
Using cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
 
I cant even demote this server, i get error "Directory Service failed to replicate off changes made
locally. The DSA Operation is unable to proceed because of a DNS lookup 
failure"
 
Already, last time i have done DCPROMO /FORCE 
REMOVAL and done META CLEANUP + ADSIEDIT and
promoted it again with new hostname, but without 
success.
 
I am afraid, if I use DCPROMO /FORCE REMOVAL and done META CLEANUP + 
ADSIEDIT and promoted it again it will be the same behaviour. If any one 
culd help me in isolating the problem, it will be very helpful. 

 
I can send dcdiag and netdiag if anyone is willing to have a close 
look at the problem.
 
Thanks for your time.
Regards, Mohammed Athif Khaleel 
Asst.Network 
Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
Moble.: +966-509774015 
Email: 
[EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
Web: http://alfaisaliah.com 

  
  -Original Message-From: Carlos 
  Magalhaes [mailto:[EMAIL PROTECTED] Sent: Tuesday, 1 June 
  2004 1:06 PMTo: [EMAIL PROTECTED]Subject: 
  RE: [ActiveDir] Sysvol Damaged
  Hmmm, have you checked to see if your machines are 
  replicating correctly? What ver of Windows Server are you 
  running?
   
  
  
  ADSI or System.DirectoryServices programming? - http://groups.yahoo.com/group/adsianddirectoryservices 
  
  Carlos Magalhaes Directory Services Programming 
  MVP
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of 
  Rutherford, RobertSent: Tuesday, June 01, 2004 10:53
  AMTo: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] Sysvol Damaged
  
  Start again... dcpromo the box down.. flush all the event logs ... 
  dcpromo her up again  start posting the results back if you are still 
  having issues.
   
  Rob
  

-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 
30 May 2004 10:30To: 
[EMAIL P

RE: [ActiveDir] Sysvol Damaged

2004-06-01 Thread Rutherford, Robert
Title: Message



Is the 
DNS on that machine pointed locally for resolution?
 
What 
do you get if you type DNS?
 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 01 
  June 2004 11:49To: [EMAIL PROTECTED]Subject: 
  RE: [ActiveDir] Sysvol Damaged
  Hello Folks,
  This particular server(Windows 2000) isnt replicating out, SYSVOL is 
  not shared even if I share manually, when i restart Server, it gets unshared. 
  The NTDS Connection objects were also not created, and so i have done that 
  manually and i get event id 13562 Source NTFRS
   
  Following is the summary of warnings and errors encountered by File 
  Replication Service while polling the Domain Controller SONYDC.riyadh.afg.com 
  for FRS replica set configuration information.   The
  nTDSConnection object cn=afgdc02,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=66dbe7ca-284e-4ccd-8fe7-d273ced34d1e,cn=ntds
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=afgdc02,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object cn=afgdc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=5d5bb30b-9ff5-4c61-b003-1bf2b4a14957,cn=ntds
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=afgdc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object 
  cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=riy04-dc01,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object 
  cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=safisulaidc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  I 
  cant even demote this server, i get error "Directory 
  Service failed to replicate off changes made locally. The DSA Operation is 
  unable to proceed because of a DNS lookup 
  failure"
   
  Already, last time i have done DCPROMO /FORCE REMOVAL 
  and done META CLEANUP + ADSIEDIT and promoted it again with 
  new hostname, but without success.
   
  I 
  am afraid, if I use DCPROMO /FORCE REMOVAL and done META CLEANUP + ADSIEDIT 
  and promoted it again it will be the same behaviour. If any one culd help me 
  in isolating the problem, it will be very helpful. 
   
  I 
  can send dcdiag and netdiag if anyone is willing to have a close look at the 
  problem.
   
  Thanks for your time.
  Regards, Mohammed Athif Khaleel 
  Asst.Network 
  Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
  Moble.: +966-509774015 
  Email:
  [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
  Web: 
  http://alfaisaliah.com 

  

-Original Message-From: Carlos 
Magalhaes [mailto:[EMAIL PROTECTED] Sent: Tuesday, 1 June 2004 
1:06 PMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] Sysvol Damaged
Hmmm, have you checked to see if your machines are 
replicating correctly? What ver of Windows Server are you 
running?
 


ADSI or System.DirectoryServices programming? - http://groups.yahoo.com/group/adsianddirectoryservices 

Carlos Magalhaes Directory Services Programming 
MVP


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, 
RobertSent: Tuesday, June 01, 2004 10:53 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged

Start again... dcpromo the box down.. flush all the event logs ... 
dcpromo her up again  start posting the results back if you are still 
having issues.
 
Rob

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 30 
  May 2004 10:30To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
  Damaged
  I have done this and when i restart the Server, 
  again, SYSVOL is unshared automatically. This DC still has those good 
  files from running DC but it doesnt hookup..
  Regards, 
  Mohammed Athif 
  Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology 
  Tel.: 
  +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EMAIL PROTECTED] "S

RE: [ActiveDir] Protecting Domain Data in Forest

2004-06-01 Thread Rutherford, Robert
Title: Message



A 
personal firewall may also fit requirements.. I have used Checkpoint 
secureClient to fulfill a similar requirement.

  
  -Original Message-From: Rutherford, 
  Robert Sent: 01 June 2004 10:52To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Protecting 
  Domain Data in Forest
  You 
  need a separate forest then really.
   
  or
   
  You 
  could DMZ the box off behind a firewall with an appropriate 
  rulebase.
   
  BR,
   
  Rob
   
  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  Sent: 01 June 2004 10:45To: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Protecting Domain 
  Data in Forest
  I 
have a very strange delemma here... One of our domains has a server with sensitive data.  The IT 
director of this domain has decided that some of the information contained 
on this server cannot be seen by anyone from the other domains ( even
including the Enterprise Admins in our forest ).  This server must also 
remain connected to it's domain and available for non-protected data, SMS 
hotfixes...  Is this even possible to do? My boss has also stated that he does not want a 
seperate forest and domain for this server because of the extra upkeep. 
 Although, an extra password to encrypt data for the users would be 
allowable.  Are there any products that could get this done?  Has 
anyone else ran into this problem? Thanks, Jonathan 
This e-mail and the information it 
  contains are confidential and may be privileged. If you have received this 
  e-mail in error please notify the sender immediately and delete the material 
  from any computer. Unless you are the intended recipient, you should not copy 
  this e-mail for any purpose, or disclose its contents to any other person. 
  The MCPS-PRS Alliance is not responsible for the completeness or accuracy 
  of this communication as it has been transmitted over a public network. Whilst 
  the MCPS-PRS Alliance monitors all communications for potential viruses, we 
  accept no responsibility for any loss or damage caused by this e-mail and the 
  information it contains.It is the recipient's responsibility to scan this 
  e-mail and any attachments for viruses. Any e-mails sent to and from the 
  MCPS-PRS Alliance servers may be monitored for quality control and other
  purposes.The MCPS-PRS Alliance Limited is a limited company registered 
  in England under company number 03444246 whose registered office is at c/o 
  29-33 Berners Street, London, W1T 3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Protecting Domain Data in Forest

2004-06-01 Thread Rutherford, Robert
Title: Message



You 
need a separate forest then really.
 
or
 
You 
could DMZ the box off behind a firewall with an appropriate 
rulebase.
 
BR,
 
Rob
 

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 01 June 2004 10:45To: 
[EMAIL PROTECTED]Subject: [ActiveDir] Protecting Domain 
Data in Forest
I have 
  a very strange delemma here... One 
  of our domains has a server with sensitive data.  The IT director of this 
  domain has decided that some of the information contained on this server
  cannot be seen by anyone from the other domains ( even including the 
  Enterprise Admins in our forest ).  This server must also remain 
  connected to it's domain and available for non-protected data, SMS hotfixes... 
   Is this even possible to do? My boss has also stated that he does not want a seperate forest and 
  domain for this server because of the extra upkeep.  Although, an extra 
  password to encrypt data for the users would be allowable.  Are there any 
  products that could get this done?  Has anyone else ran into this
  problem? Thanks, 
  Jonathan 
This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Sysvol Damaged

2004-06-01 Thread Rutherford, Robert
Title: Message



Start 
again... dcpromo the box down.. flush all the event logs ... dcpromo her up 
again  start posting the results back if you are still having 
issues.
 
Rob

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 30 May 
  2004 10:30To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Sysvol Damaged
  I 
  have done this and when i restart the Server, again, SYSVOL is unshared
  automatically. This DC still has those good files from running DC but it
  doesnt hookup..
  Regards, Mohammed Athif Khaleel 
  Asst.Network 
  Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
  Moble.: +966-509774015 
  Email:
  [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
  Web: 
  http://alfaisaliah.com 

  

-Original Message-From: MAI ANH TUAN 
[mailto:[EMAIL PROTECTED] Sent: Sunday, 30 May 2004 12:21
PMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Sysvol Damaged


If you  don't have a backup, Just 
manual copy the sysvol folder from other DC, share it and restart NetLogon 
Service.
  - 
  This email and any files transmitted with it are 
  confidential and intended solely for the use of the individual or entity to 
  whom/which they are addressed. If you have received this email in error please 
  notify the system manager at the following email address: 
  [EMAIL PROTECTED] . Please note that any 
  views or opinions presented in this email are solely those of the author and 
  do not necessarily represent those of Al Faisaliah Group. Internet 
  communications cannot be guaranteed to be secure or error-free as information 
  could be intercepted, corrupted, lost, arrive late or contain viruses. The 
  sender therefore does not accept liability for any errors or omissions in the 
  context of this message, which arise as a result of Internet transmission. 
  Finally, the recipient should check this email and any attachments for the 
  presence of viruses. Al Faisaliah Group accepts no liability for any damage 
  caused by any virus ! transmitted by this email. 
  - 
  This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] PTR records - why?

2004-06-01 Thread Rutherford, Robert
You don't specifically need pointers...as far as I can remember it is
just good practice.

I do find it useful from an admin persepctive at times, i.e. resolving
an IP back to an IP in a troubleshooting scenario (at times).

You aren't going to lose anything by creating them.

Rob

-Original Message-
From: Jan Wilson [mailto:[EMAIL PROTECTED] 
Sent: 30 May 2004 02:22
To: [EMAIL PROTECTED]
Subject: [ActiveDir] PTR records - why?


We have a Windows 2000 forest with  multiple child domains. No web
servers. No remote hosted mail servers. No external access. (That I know
about at least!) Our DNS is integrated to active directory. Fellow
administrators are adamant we should create reverse lookup zones for all
our subnets. This would assist name resolution for our NT4 workstations
they claim. Stuff and nonsense I claim. Is there any reason to use PTR
records on an AD domain? 
Thanks!


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir]

2004-06-01 Thread Rutherford, Robert
What exactly are you trying to achieve?

-Original Message-
From: Pyron [mailto:[EMAIL PROTECTED] 
Sent: 31 May 2004 15:02
To: [EMAIL PROTECTED]
Subject: [ActiveDir]


Is there a way to centralize username and passwords on a server farm
with different active directory domain trees?

thanks


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Probable GPO issue

2004-05-28 Thread Rutherford, Robert
Seems like it could be down to an MS patch as the new machines are
patched to the 'nth' degree while the old ones typically only had
critical patches. I investigate further.

-Original Message-----
From: Rutherford, Robert 
Sent: 28 May 2004 15:43
To: '[EMAIL PROTECTED]'
Subject: Probable GPO issue


Hello,

I'm having a strange one here

We have just deployed a large batch of new pc's into the enterprise. The
users do not have access to the file associate option within explorer as
it is greyed out. I can't think or see of any policy change which would
have such an effect?

Old machines are fine and have exactly the same GPO's applied... I
suspect they must have had some registry tattoos left from a previous
deployment or something. I have compared the two different registries
and they seem identical in the hklm\sw\ms\windows\cv\policies\ and
hk_cu.

They have exactly the same permissions on the old boxes as the new.

Any ideas out there?
This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


[ActiveDir] MACS

2004-05-28 Thread Rutherford, Robert

Anyone know where MS are with MACS now?
This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Manual DC removal & EventID

2004-05-27 Thread Rutherford, Robert
Go in sites and services and delete any server objects relating to the
deleted server.

BR

Rob

-Original Message-
From: J0mb [mailto:[EMAIL PROTECTED] 
Sent: 27 May 2004 15:53
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Manual DC removal & EventID


Good morning,

Some days ago i had to manually remove a dead Win2000 DC from our
network, according to Q216498 and
http://www.winnetmag.com/Article/ArticleID/13414/13414.html.

Removal semeed ok. Today i got the following event in my log. I believe
it's an expected warning, however i'd just want to make sure that
there's nothing to be concerned about.

Thanks all

Alex


Event Type: Information
Event Source:   NTDS KCC
Event Category: (1)
Event ID:   1272
Date:   27/05/2004
Time:   10.59.52
User:   N/A
Computer:   RMD01
Description:
No nTDSConnection object exists for inbound replication from server
CN="NTDS Settings DEL:b02867ed-f892-474b-b7bc-a1c15399333b",CN="RMD02
DEL:b0c96017-b5ab-4145-84e8-f6c7d2970db5",CN=Servers,CN=Acs-SG,CN=Sites,
CN=C
onfiguration,DC=acs,DC=local at address
b02867ed-f892-474b-b7bc-a1c15399333b._msdcs.acs.local.  The partition
CN=Schema,CN=Configuration,DC=acs,DC=local is no longer replicated from
it.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Terminal Services for administration????

2004-05-27 Thread Rutherford, Robert
Tend to use TS on an everyday level... and also Dameware for
emergencies.

-Original Message-
From: Douglas M. Long [mailto:[EMAIL PROTECTED] 
Sent: 27 May 2004 14:37
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Terminal Services for administration


Does everyone use terminal services for remote administration of all
their DCs, Fileservers, Exchange Servers, or is there something else you
like better?

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company 
number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Test Lab Creation

2004-05-26 Thread Rutherford, Robert
Title: Message



Thanks 
for that info Ken... I'm actually using Vmware for part of the 
lab.
 
Sorry 
but I forgot to mention the most important part of that Q.
 
I want 
a way to regularly synch / update the test lab, in terms of OUs, GPOs, objects 
etc. I think it's going to have to be a manual porcess but was just curious to 
see if there were any gems out there.

  
  -Original Message-From: Adams, Kenneth W 
  (Ken) [mailto:[EMAIL PROTECTED] Sent: 26 May 2004 
  12:36To: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] Test Lab Creation
  I've 
  seen some neat things being done with one or a very few machines using
  Microsoft's Virtual PC or VMWare to simulate many machines.  You could 
  take a few, well configured PCs to emulate your domain while keeping those PCs 
  on an isolated network.
   
  Check out Microsoft's Virtual PC or VMWare to see if they could meet 
  your requirements.
   
  FYI, 
  a well configured PC is one with at least a 1GHz processor and a minimum of 1 
  GB of RAM.  You don't need a network card if you only want the machines 
  to communicate within one PC host.
  Kenneth W. (Ken) Adams, MCSA, MCSE 
  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Rutherford, RobertSent: Wednesday, May 26, 2004 
  7:30 AMTo: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Test Lab Creation
  Hi 
  Guys,
   
  Thinking. any experiences out there on the 
  below?
   
  I'd 
  like to have a testlab to directly match my production AD in terms of OUs, 
  GPOs, Objects, etc, etc. The thing is that I'd like the test domain to be 
  phyically separate from my production environement.
   
  Any 
  ideas on how or tools that would enable me This e-mail 
  and the information it contains are confidential and may be privileged. If you 
  have received this e-mail in error please notify the sender immediately and 
  delete the material from any computer. Unless you are the intended recipient, 
  you should not copy this e-mail for any purpose, or disclose its contents to 
  any other person. The MCPS-PRS Alliance is not responsible for the
  completeness or accuracy of this communication as it has been transmitted over 
  a public network. Whilst the MCPS-PRS Alliance monitors all communications for 
  potential viruses, we accept no responsibility for any loss or damage caused 
  by this e-mail and the information it contains.It is the recipient's
  responsibility to scan this e-mail and any attachments for viruses. Any
  e-mails sent to and from the MCPS-PRS Alliance servers may be monitored 
  for quality control and other purposes.The MCPS-PRS Alliance Limited 
  is a limited company registered in England under company number 03444246 whose 
  registered office is at c/o 29-33 Berners Street, London, W1T 
3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


[ActiveDir] Test Lab Creation

2004-05-26 Thread Rutherford, Robert
Title: Message



Hi 
Guys,
 
Thinking. any experiences out there on the
below?
 
I'd 
like to have a testlab to directly match my production AD in terms of OUs, GPOs, 
Objects, etc, etc. The thing is that I'd like the test domain to be phyically 
separate from my production environement.
 
Any 
ideas on how or tools that would enable me This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.


RE: [ActiveDir] Sysvol Damaged

2004-05-26 Thread Rutherford, Robert
Title: Message



Are 
all your other DC's still running clean? If so then I'd suggest a DCpromo down 
and then up again.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 May 
  2004 11:27To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Sysvol Damaged
  Yes i did restart FRS before DCDIAG
  Regards, Mohammed Athif Khaleel 
  Asst.Network 
  Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
  Moble.: +966-509774015 
  Email:
  [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
  Web: 
  http://alfaisaliah.com 

  

-Original Message-From: Rutherford, 
Robert [mailto:[EMAIL PROTECTED] Sent: 
Wednesday, 26 May 2004 12:50 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged
Did you restart the FRS service before running the below 
dcdiag?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 
  May 2004 10:13To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
  Damaged
  Domain membership test . . . . . . : 
  FailedSONYDC failed test kccevent  
  Starting test: 
  frssysvol Error: No 
  record of File Replication System, SYSVOL 
  started. The Active 
  Directory may be prevented from 
  starting. There are 
  errors after the SYSVOL has been 
  shared. The SYSVOL can 
  prevent the AD from 
  starting. 
  . SONYDC passed test 
  frssysvol  Starting test: 
  kccevent An Warning 
  Event occured.  EventID: 
  0x84F1    
  Time Generated: 05/26/2004   
  11:55:32    
  (Event String could not be 
  retrieved) An Warning 
  Event occured.  EventID: 
  0x84F1    
  Time Generated: 05/26/2004   
  11:55:56    
  (Event String could not be retrieved)
  Regards, 
  Mohammed Athif 
  Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology 
  Tel.: 
  +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EMAIL PROTECTED] "Save Internet, Keep all 
  the systems patched" Web: http://alfaisaliah.com 
  
  

-Original Message-From:
Rutherford, Robert [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 26 May 2004 11:30 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
Damaged
restart the File Replication Service and run your dcdiag 
again. Any change?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  Sent: 26 May 2004 09:20To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
  Damaged
  Guyz still the SYSVOL is not shared?? how do i troubleshoot 
  this critical problem
  Regards, 
  Mohammed 
  Athif Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology
  Tel.: 
  +966-1-461-0077 x.209 Moble.: +966-509774015 Email: 
  [EMAIL PROTECTED] "Save Internet, Keep all the systems 
  patched" Web: http://alfaisaliah.com 
  
  

-Original Message-From: 
Mohammed Athif Khaleel Sent: Monday, 24 May 2004 5:05 
PMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] Sysvol Damaged
Also, I get these erros in NETDIAG...Oops I shuld 
have posted that in previous mail... 
LDAP test. . . . . . . . . . . . . : Passed 
    [WARNING] Failed to query SPN 
registration on DC 'RIY04-DC01.riyadh.afg.com'.     [WARNING] Failed to query SPN registration 
on DC 'mega-dc1.riyadh.afg.com'.     [WARNING] Failed to query SPN registration 
on DC 'safisulaidc1.riyadh.afg.com'. 
Regards, Athif 
-Original Message- From: Mohammed Athif Khaleel Sent: 
Monday, 24 May 2004 4:49 PM To: 
[EMAIL PROTECTED] Subject: RE: 
[ActiveDir] Sysvol Damaged 
Roger, Yes, the box is pointing to a correct dc 
which is actually the PDC running very well and healthy SYSVOL
structure. I have been waiting for more than a week for replication 
to happen but still the same, even the sysvol folder is not shared. 
I am attaching dcdiag log, I really dont know if i can attach
dcdiag.txt. Appologies if thatz not allowed..
    TIA, Athif -Original Message- From: 
Rutherford, Robert [mailto:[EMAIL PROTECTED]] 
Sent: Monday, 24 May 2004 3:54 PM 
To: [EMAIL PROTECTED] 
Subject: RE: [ActiveDir] Sysvol Damaged 

 

RE: [ActiveDir] Sysvol Damaged

2004-05-26 Thread Rutherford, Robert
Title: Message



Did 
you restart the FRS service before running the below dcdiag?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 May 
  2004 10:13To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Sysvol Damaged
  Domain membership test . . . . . . : FailedSONYDC 
  failed test kccevent  Starting test: 
  frssysvol Error: No record 
  of File Replication System, SYSVOL 
  started. The Active
  Directory may be prevented from 
  starting. There are errors 
  after the SYSVOL has been 
  shared. The SYSVOL can 
  prevent the AD from 
  starting. 
  . SONYDC passed test 
  frssysvol  Starting test: 
  kccevent An Warning Event 
  occured.  EventID: 
  0x84F1    
  Time Generated: 05/26/2004   
  11:55:32    
  (Event String could not be 
  retrieved) An Warning 
  Event occured.  EventID: 
  0x84F1    
  Time Generated: 05/26/2004   
  11:55:56    
  (Event String could not be retrieved)
  Regards, Mohammed Athif Khaleel 
  Asst.Network 
  Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
  Moble.: +966-509774015 
  Email:
  [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
  Web: 
  http://alfaisaliah.com 

  

-Original Message-From: Rutherford, 
Robert [mailto:[EMAIL PROTECTED] Sent: 
Wednesday, 26 May 2004 11:30 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged
restart the File Replication Service and run your dcdiag again. 
Any change?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 
  May 2004 09:20To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
  Damaged
  Guyz still the SYSVOL is not shared?? how do i troubleshoot this 
  critical problem
  Regards, 
  Mohammed Athif 
  Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology 
  Tel.: 
  +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EMAIL PROTECTED] "Save Internet, Keep all 
  the systems patched" Web: http://alfaisaliah.com 
  
  

-Original Message-From: Mohammed 
Athif Khaleel Sent: Monday, 24 May 2004 5:05 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
Damaged
Also, I get these erros in NETDIAG...Oops I shuld have 
posted that in previous mail... 
LDAP test. . . . . . . . . . . . . : Passed 
    [WARNING] Failed to query SPN 
registration on DC 'RIY04-DC01.riyadh.afg.com'.     [WARNING] Failed to query SPN registration on 
DC 'mega-dc1.riyadh.afg.com'.     
[WARNING] Failed to query SPN registration on DC 
'safisulaidc1.riyadh.afg.com'. 
Regards, Athif 
-Original Message- From: 
Mohammed Athif Khaleel Sent: Monday, 24 May 2004 
4:49 PM To: [EMAIL PROTECTED] 
Subject: RE: [ActiveDir] Sysvol Damaged 
Roger, Yes, the box is pointing to a correct dc which is 
actually the PDC running very well and healthy SYSVOL structure. I have 
been waiting for more than a week for replication to happen but still 
the same, even the sysvol folder is not shared. I am attaching dcdiag 
log, I really dont know if i can attach dcdiag.txt. Appologies if thatz 
not allowed..
TIA, Athif -----Original Message- From: 
Rutherford, Robert [mailto:[EMAIL PROTECTED]] 
Sent: Monday, 24 May 2004 3:54 PM 
To: [EMAIL PROTECTED] 
Subject: RE: [ActiveDir] Sysvol Damaged

Can you also run a dcdiag and see if it runs clean? If 
it doesn't then paste the results here. Rob 
-Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
Sent: 24 May 2004 13:39 To: [EMAIL PROTECTED] Subject: 
RE: [ActiveDir] Sysvol Damaged 
Is the box pointing to a known good DNS server
(preferably to DC's in a known good site)? How 
long are you waiting for replication to happen? I generally like to let 
them spin overnight if at all possible before worrying about whether its 
working correctly.
-- 
Roger D. Seielstad - MTS MCSE MS-MVP 
Sr. Systems Administrator Inovis Inc. 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Monday, May 24, 2004 4:45 AM 
To: [EMAIL PROTECTED] 
Subject: [ActiveDir] Sysvol Damaged 

Hi Folks, I am having a problem 
with one of my Additonal Domain Controller, which is recently promoted. 
Actually,this is a newly promoted ADC via a wan link. I had to demote it 
first using dcpromo/force

RE: [ActiveDir] Sysvol Damaged

2004-05-26 Thread Rutherford, Robert
Title: Message



I 
assume you have not disabled the KCC..
 
Delete 
the manual objects and then kick off the KCC and it should work out the best 
paths. This can be done via replmon or sites and services. Unless you have a 
large complex site structure then I would just use the KCC as it does a 
pretty good job and you shouldn't really have a need to or be creating manual 
links.
 
The 
other thing is to be patient. AD is a slow moving monster and left will 
typically sort out a majority of issues if left over time, i.e. a good few
hours.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 May 
  2004 09:48To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Sysvol Damaged
  I 
  will try to run DCDAIG now,. Actually, i thought ther might be problem with 
  the missing NTDS CONNECTION OBJECTS and so I have manually added those. Now 
  when i restart NTFRS, i see i see event id 13562 Source NTFRS, Description, 
  Following is the summary of warnings and errors 
  encountered by File Replication Service while polling the Domain Controller 
  SONYDC.riyadh.afg.com for FRS replica set configuration 
  information. 
  How do i avoid these errors, shuld I delete those 
  which ihave created manually?? if they are not generated automatically 
  then when i add that manually, why is that confilcting?? The 
  nTDSConnection object cn=afgdc02,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=66dbe7ca-284e-4ccd-8fe7-d273ced34d1e,cn=ntds
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=afgdc02,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object cn=afgdc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=5d5bb30b-9ff5-4c61-b003-1bf2b4a14957,cn=ntds
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=afgdc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object cn=mega-dc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=09bcc2f0-8984-4e8a-9915-f1e3d801fffc,cn=ntds
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=mega-dc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object 
  cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=riy04-dc01,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=553ba716-0067-44d1-ac81-b72e28ad19ed,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object 
  cn=dfbc1a17-09a5-4ad6-b0c1-f7eeac21f802,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=ryd_dc3,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=dfbc1a17-09a5-4ad6-b0c1-f7eeac21f802,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
  The nTDSConnection object 
  cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com 
  is conflicting with cn=safisulaidc1,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com. 
  Using cn=98059d2e-3e14-481b-a421-f27b5badbbe6,cn=ntds 
  settings,cn=sonydc,cn=servers,cn=riyadhsite,cn=sites,cn=configuration,dc=afg,dc=com
   
   
  Regards, Mohammed Athif Khaleel 
  Asst.Network 
  Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
  Moble.: +966-509774015 
  Email:
  [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
  Web: 
  http://alfaisaliah.com 

  

-Original Message-From: Rutherford, 
Robert [mailto:[EMAIL PROTECTED] Sent: 
Wednesday, 26 May 2004 11:30 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged
restart the File Replication Service and run your dcdiag again. 
Any change?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 
  May 2004 09:20To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol 
  Damaged
  Guyz still the SYSVOL is not shared?? how do i troubleshoot this 
  critical problem
  Regards, 
  Mohammed Athif 
  Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology 
  Tel.: 
  +966-1-461-0077 x.209 Moble.: +966-50977401

RE: [ActiveDir] Sysvol Damaged

2004-05-26 Thread Rutherford, Robert
Title: Message



restart the File Replication Service and run your dcdiag again. Any 
change?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 May 
  2004 09:20To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Sysvol Damaged
  Guyz still the SYSVOL is not shared?? how do i troubleshoot this 
  critical problem
  Regards, Mohammed Athif Khaleel 
  Asst.Network 
  Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 
  Moble.: +966-509774015 
  Email:
  [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
  Web: 
  http://alfaisaliah.com 

  

-Original Message-From: Mohammed Athif 
Khaleel Sent: Monday, 24 May 2004 5:05 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Sysvol
Damaged
Also, I get these erros in NETDIAG...Oops I shuld have 
posted that in previous mail... 
LDAP test. . . . . . . . . . . . . : Passed     [WARNING] Failed to query SPN registration on DC 
'RIY04-DC01.riyadh.afg.com'.     
[WARNING] Failed to query SPN registration on DC 
'mega-dc1.riyadh.afg.com'.     
[WARNING] Failed to query SPN registration on DC 
'safisulaidc1.riyadh.afg.com'. 
Regards, Athif 
-Original Message- From: 
Mohammed Athif Khaleel Sent: Monday, 24 May 2004 
4:49 PM To: [EMAIL PROTECTED] 
Subject: RE: [ActiveDir] Sysvol Damaged 
Roger, Yes, the box is pointing to a correct dc which is 
actually the PDC running very well and healthy SYSVOL structure. I have been 
waiting for more than a week for replication to happen but still the same, 
even the sysvol folder is not shared. I am attaching dcdiag log, I really 
dont know if i can attach dcdiag.txt. Appologies if thatz not 
allowed..
TIA, Athif -----Original Message- From: Rutherford, 
Robert [mailto:[EMAIL PROTECTED]] 
Sent: Monday, 24 May 2004 3:54 PM To: [EMAIL PROTECTED] Subject: RE: 
[ActiveDir] Sysvol Damaged 
Can you also run a dcdiag and see if it runs clean? If it 
doesn't then paste the results here. Rob 
-Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
Sent: 24 May 2004 13:39 To: 
[EMAIL PROTECTED] Subject: RE: 
[ActiveDir] Sysvol Damaged 
Is the box pointing to a known good DNS server (preferably 
to DC's in a known good site)? How long are you 
waiting for replication to happen? I generally like to let them spin
overnight if at all possible before worrying about whether its working
correctly.
-- 
Roger D. Seielstad - MTS MCSE MS-MVP 
Sr. Systems Administrator Inovis Inc. 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Monday, May 24, 2004 4:45 AM To: [EMAIL PROTECTED] Subject: 
[ActiveDir] Sysvol Damaged 
Hi Folks, I am having a problem with 
one of my Additonal Domain Controller, which is recently promoted. 
Actually,this is a newly promoted ADC via a wan link. I had to demote it 
first using dcpromo/forceremoval as it had problem and it was screwed.( http://support.microsoft.com/default.aspx?kbid=332199 
) Also, i had to delete netlogon.chg file in system root as it was corrupted 
and then after the reboot the system created the file 
succesfully..
I later used ADSIEDIT to clear the metabase succesfully. Now 
in this DC is fresly promoted as a new Additonal Domain controller againt 
thru the WAN Link, Now, I cant see anything id domain.com in sysvol and itz 
not shared too. Also, i had to delete netlogon.chg file in system root as it 
was corrupted and then after the reboot the system created the file 
succesfully..
How do rebuild the sysvol strucuture, Do I need to use "D2" 
"D4" Burflags.. I am afraid because I have more that 5 ADC in this site and 
2-3 are connected via WAN Link. Or shuld I manually copy the sysvol 
structure from the GOOD SYSVOL STRUCUTE on another DC and try to restart 
NTFRS, like, I am really running out of ideas.
Can any one help me on this issue. 
Regards, Mohammed Athif Khaleel 
Asst.Network Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 Moble.:
+966-509774015 Email: [EMAIL PROTECTED]
"Save Internet, Keep all the systems patched" 
Web: http://alfaisaliah.com 
  
  - 
  This email and any files transmitted with it are 
  confidential and intended solely for the use of the individual or entity to 
  whom/which they are addressed. If you have received this email in error please 
  notify the system manager at the following email address: 
  [EMAIL PROTECTED] . Please note that any 
  views or opinions presented in this email are solely those of the author and 
  do not necessarily represent those of 

RE: [ActiveDir] Sysvol Damaged

2004-05-24 Thread Rutherford, Robert
Title: Message



Can 
you also run a dcdiag and see if it runs clean? If it doesn't then paste the 
results here.
 
Rob

  
  -Original Message-From: Roger Seielstad 
  [mailto:[EMAIL PROTECTED] Sent: 24 May 2004 
  13:39To: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] Sysvol Damaged
  Is the box pointing to a known good DNS server
  (preferably to DC's in a known good site)?
   
  How long are you waiting for replication to happen? I 
  generally like to let them spin overnight if at all possible before worrying 
  about whether its working correctly.
   
  -- 
  Roger D. Seielstad 
  - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. 
  
   
  


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] Sent: Monday, May 24, 2004 4:45 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
Sysvol Damaged

Hi Folks, I am having a problem with one of my 
Additonal Domain Controller, which is recently promoted. 
Actually,this is a newly 
promoted ADC via a wan link. I had to demote it first using dcpromo/forceremoval as it had problem and it was
screwed.( http://support.microsoft.com/default.aspx?kbid=332199 ) Also, i had to delete netlogon.chg file 
in system root as it was corrupted and then after the reboot the system 
created the file succesfully..
I later used ADSIEDIT to clear 
the metabase succesfully. Now in this DC is fresly promoted as a new
Additonal Domain controller againt thru the WAN Link, Now, I cant see
anything id domain.com in sysvol and itz not shared too. Also, i had to 
delete netlogon.chg file in system root as it was corrupted and then after 
the reboot the system created the file succesfully..
How do rebuild the sysvol 
strucuture, Do I need to use "D2" "D4" Burflags.. I am afraid because I have 
more that 5 ADC in this site and 2-3 are connected via WAN Link. Or shuld I 
manually copy the sysvol structure from the GOOD SYSVOL STRUCUTE on another 
DC and try to restart NTFRS, like, I am really running out of 
ideas.
Can any one help me on this 
issue. Regards, Mohammed Athif Khaleel Asst.Network Engineer AlFaisaliah 
Group Information Technology Tel.: 
+966-1-461-0077 x.209 Moble.:
+966-509774015 
Email: [EMAIL PROTECTED] 
"Save Internet, Keep all the 
systems patched" Web: 
http://alfaisaliah.com 
- 
This email and any files transmitted with 
it are confidential and intended solely for the use of the individual or 
entity to whom/which they are addressed. If you have received this email in 
error please notify the system manager at the following email address:
[EMAIL PROTECTED] . 
Please note that any views or opinions presented in this email are solely 
those of the author and do not necessarily represent those of Al Faisaliah 
Group. Internet communications cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, arrive late 
or contain viruses. The sender therefore does not accept liability for any 
errors or omissions in the context of this message, which arise as a result 
of Internet transmission.  Finally, the recipient should check this 
email and any attachments for the presence of viruses. Al Faisaliah Group 
accepts no liability for any damage caused by any virus transmitted by this 
email. 
- 
The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.


RE: [ActiveDir] Two Questions

2004-05-21 Thread Rutherford, Robert
Title: Message



Oh 
OK.. didn't realise you were on publics. 
 
The 
only thing to watch is that your DC's register correctly.. which they usually 
do. I have performed many range changes and it's straight forward from the AD 
side. I always prefer to physically bounce a DC after changing it's IP but
that's about it.
 
BR
 
Rob

  
  -Original Message-From: John Parker 
  [mailto:[EMAIL PROTECTED] Sent: 21 May 2004 16:48To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Two 
  Questions
  
  Thanks Robert 
  for your reply.
   
  We are 
  rolling over to a new ISP and have been wanting to get my workstations off of 
  public IP’s.  
  
  For security 
  reasons.
  That’s the 
  reason for the NAT.
   
  I only have 
  two DC’s
   
  John Parker, MCSE 
  
  IS Admin. 
  Senior Technical Specialist 
  
  Alpha Display Systems. 
  
  Alpha Video 
  7711 Computer Ave. 
  Edina, MN. 55435 
    
  
  952-896-9898 Local 
  800-388-0008 Watts 
  952-896-9899 Fax 
  612-804-8769 Cell 
  952-841-3327 Direct 
  
  [EMAIL PROTECTED] 
  "Be excellent to each other"
  
  ---End of Line---
   
  -----Original 
  Message-From: 
  Rutherford, Robert 
  [mailto:[EMAIL PROTECTED]Sent: Friday, May 21, 2004 8:53
  AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Two 
  Questions
   
  1) No problems.
  2) When you say u are incorporating NAT.. 
  for what reason? Purely for internet access? Why do you need to change your 
  internal range to use NAT?
   
   Chnaging your range isn't really 
  too much of an issue... you just need to make sure you plan it out first, i.e. 
  making sure DC's register correctly, getting DHCP over, blah, blah. 
  
   
  BR
   
  Rob
  -Original 
  Message-From: John 
  Parker [mailto:[EMAIL PROTECTED] Sent: 21 May 2004 13:22To: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Two 
  Questions
  Hello again out 
  there!
   
  1) I 
  am replacing our 10/100 card on my AD box with gigabit.  Other than
  setting the IP info to match the what it was on the 10/100 card,  is 
  there anything else I need to do/watch out for to ensure safe and uniterrupted 
  communication once I set the card up?
   
  2)  On the same system, in a couple 
  months we are rolling over to a new ISP and incorporating NAT.  Any
  recommended ways of doing this?  I am hitting the books and touching the 
  world on this one, just curious if there are any white papers on this?  
  What is the best way to NAT the Network?  Are there any AD issues with 
  the change in our Class C? etc.
  Any 
  input would be appreciated.
   
   
  Thank you again.
   
   
   
  John Parker,
  MCSEIS 
  Admin.Senior Technical 
  SpecialistAlpha Display 
  Systems. Alpha 
  Video
   
  The 
  information transmitted is intended only for the person or entityto which 
  it is addressed and may contain confidential and/orprivileged material. 
  Any use (including retransmission or copying)of this information by
  persons or entities other than the intendedrecipient is prohibited. If you 
  are not the intended recipient of thistransmission, please contact the 
  sender and delete the materialfrom any computer. The sender is not
  responsible for the completeness or accuracy of this communication as it 
  has beentransmitted over a public network. Any replies to this email may 
  bemonitored by the MCPS-PRS Alliance for quality control and other
  purposes.The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.


RE: [ActiveDir] Two Questions

2004-05-21 Thread Rutherford, Robert
Title: Message



1) No 
problems.
2) 
When you say u are incorporating NAT.. for what reason? Purely for internet 
access? Why do you need to change your internal range to use 
NAT?
 
 Chnaging your range isn't really too much of an issue... you just 
need to make sure you plan it out first, i.e. making sure DC's register 
correctly, getting DHCP over, blah, blah. 
 
BR
 
Rob

  
  -Original Message-From: John Parker 
  [mailto:[EMAIL PROTECTED] Sent: 21 May 2004 13:22To: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Two 
  Questions
  Hello again out 
  there!
   
  1) I am replacing 
  our 10/100 card on my AD box with gigabit.  Other than setting the IP 
  info to match the what it was on the 10/100 card,  is there anything 
  else I need to do/watch out for to ensure safe and uniterrupted communication 
  once I set the card up?
   
  2)  On the 
  same system, in a couple months we are rolling over to a new ISP and 
  incorporating NAT.  Any recommended ways of doing this?  I am
  hitting the books and touching the world on this one, just curious if there 
  are any white papers on this?  What is the best way to NAT the 
  Network?  Are there any AD issues with the change in our Class 
  C? etc.
  Any input would be 
  appreciated.
   
   
  Thank you 
  again.
   
   
   
  John Parker, MCSEIS Admin.Senior Technical 
  SpecialistAlpha 
  Display Systems. Alpha Video
  
 The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.


RE: [ActiveDir] a good software for cache on windows 2000

2004-05-21 Thread Rutherford, Robert
Title: Message



It has 
as many third parties use it as a back end...
 
http://www.acmeconsulting.it/pagine/opensource/squid/squidnt25.htm

  
  -Original Message-From: Roger Seielstad 
  [mailto:[EMAIL PROTECTED] Sent: 21 May 2004 
  14:01To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] a good software for cache on windows 2000
  I doubt its possible - Squid's not been ported to Windows 
  from what I can find. See my other post for more detaisl..
   
  -- 
  Roger D. Seielstad 
  - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. 
  
   
  


From: Roseta Radfar 
[mailto:[EMAIL PROTECTED] Sent: Friday, May 21, 2004 4:08 
AMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] a good software for cache on windows 2000

do you think that is possible to do? is it a good idea to do that? put 
Squid on win 2000 with transparent proxy i mena? if I will have any problem 
when doing that do you think you can help me?
 
thanks for your advice.
roseta
 

  -Original Message- From: Roger 
  Seielstad [mailto:[EMAIL PROTECTED] Sent: Thu 
  5/20/2004 5:56 PM To: [EMAIL PROTECTED] 
  Cc: Subject: RE: [ActiveDir] a good software for 
  cache on windows 2000
  Web content, it would seem.
   
  -- 
  Roger D. 
  Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator 
  Inovis 
  Inc. 
   
  


From: Eric Fleischman 
[mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 
10:11 AMTo: [EMAIL PROTECTED]Subject: 
RE: [ActiveDir] a good software for cache on windows 
2000


Iâm not clear 
on this thread I donât think.
Are we talking 
about web content caching or authenticating caching? That hasnât been 
spelled out, and I assumed web content caching, but was not 
sure.
 
~Eric
 
 




From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Roger 
SeielstadSent: 
Thursday, May 20, 2004 9:04 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] a good 
software for cache on windows 2000
 
Personal 
preference for secure, fast cache only proxy is Squid, but it only runs 
on Unix. I run an OpenBSD/Squid cache combo at home to speed up my 
access.
 
Transparent 
proxying is kinda hard - you need to put the box inline with the 
firewall or router - generally in a bridged NIC config - which Windows 
traditionally doesn't do too well.

 
-- 
Roger D. 
Seielstad - MTS MCSE MS-MVP Sr. Systems 
Administrator Inovis 
Inc. 

 

   
  
  
  
  From: 
  Roseta Radfar [mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 9:51 
  AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] a good 
  software for cache on windows 2000
  
  a cach for a speed increase and a strong 
  one!
  

-Original Message- From: Roger Seielstad 
[mailto:[EMAIL PROTECTED] Sent: Thu 5/20/2004 4:08 PM 
To: 
[EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] a good 
software for cache on windows 2000
What, exactly, are you trying to 
accomplish?Straight proxy caching for a speed increase, or 
are you also looking to doauthenticated 
proxying?Roger--Roger 
D. Seielstad - MTS MCSE MS-MVPSr. Systems 
AdministratorInovis Inc.> -Original 
Message-> From: Roseta Radfar [mailto:[EMAIL PROTECTED]]> 
Sent: Thursday, May 20, 2004 4:42 AM> To: 
[EMAIL PROTECTED]> Subject: [ActiveDir] a good 
software for cache on windows 2000>> 
hi,> > any one can give me the name of a good 
cache software that> works with transparent proxy and can be 
used on windows 2000> server. any good that you may have used 
and know that is a good one.> > > 
thanks in advance.> roseta> .+-wi0-+YbmPi0-+bÚf.+-j! 
> 0j!orØyØIV+v*>List info   : http://www.activedir.org/mail_list.htmList 
FAQ    : http://www.activedir.org/list_faq.htmList 
archive: http://www.mail-archive.com/activedir%40mail.activedir.org/The informati

RE: [ActiveDir] a good software for cache on windows 2000

2004-05-21 Thread Rutherford, Robert
Title: Message



Winproxy will transparent proxy, cache, port map etc... most things you 
could need from a proxy app.
 
 I would go for Squid personally but you did specify you wanted a 
W2K platform.
 
Rob

  
  -Original Message-From: Roger Seielstad 
  [mailto:[EMAIL PROTECTED] Sent: 21 May 2004 
  13:32To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] a good software for cache on windows 2000
  I'm as much a fan of Windows 2k/2k3 as most other people, 
  but there's no way I'd run Windows 2000 as a transparent proxy in an ISP 
  setting.
   
  First, the software just isn't there for it (at least not 
  that I've found, but I haven't looked deeply enough at it). And the software's 
  the easy part.
   
  I haven't looked at RRAS in WIn2k3 yet, but I don't 
  recall Win2k having the necessary abilities included to be able to create a 
  transparent proxy.
   
  Just to make sure we're clear here - a transparent proxy 
  is one which intercepts web connections, with no configuration on the client 
  end. That's not an easy task. There are two ways to do it - as a router, or as 
  a bridge. The real difference is how the box handles other traffic. 
  Personally, the router style config is easier but carries the downside that 
  the box has to do more. 
   
  Basically all outbound traffic destined for port 80 has 
  to be redirected (its actually NAT'ed) to the proxy server. I know that IPF 
  and PF on OpenBSD (IPF has been ported to other Unix systems as well) 
   both have that capability.
   
  As I mentioned, I've used Squid on OpenBSD for it. Here's 
  a FAQ on how it works, which might help you along the 
path:
  http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
   
  Brief digging hasn't found anything similar for Windows, 
  although it might exist.
   
  Roger
  -- 
  Roger D. Seielstad 
  - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. 
  
   
  


From: Roseta Radfar 
[mailto:[EMAIL PROTECTED] Sent: Friday, May 21, 2004 3:57 
AMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] a good software for cache on windows 2000

yes i need it for web content. 
do you think transparent proxy will  will work on windows 
2000?  do you think  it can work without so much difficulty and 
working correctly?because i want to run it for an ISP.

  -Original Message- From: Roger 
  Seielstad [mailto:[EMAIL PROTECTED] Sent: Thu 
  5/20/2004 5:56 PM To: [EMAIL PROTECTED] 
  Cc: Subject: RE: [ActiveDir] a good software for 
  cache on windows 2000
  Web content, it would seem.
   
  -- 
  Roger D. 
  Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator 
  Inovis 
  Inc. 
   
  


From: Eric Fleischman 
[mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 
10:11 AMTo: [EMAIL PROTECTED]Subject: 
RE: [ActiveDir] a good software for cache on windows 
2000


Iâm not clear 
on this thread I donât think.
Are we talking 
about web content caching or authenticating caching? That hasnât been 
spelled out, and I assumed web content caching, but was not 
sure.
 
~Eric
 
 




From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Roger 
SeielstadSent: 
Thursday, May 20, 2004 9:04 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] a good 
software for cache on windows 2000
 
Personal 
preference for secure, fast cache only proxy is Squid, but it only runs 
on Unix. I run an OpenBSD/Squid cache combo at home to speed up my 
access.
 
Transparent 
proxying is kinda hard - you need to put the box inline with the 
firewall or router - generally in a bridged NIC config - which Windows 
traditionally doesn't do too well.

 
-- 
Roger D. 
Seielstad - MTS MCSE MS-MVP Sr. Systems 
Administrator Inovis 
Inc. 

 

   
  
  
  
  From: 
  Roseta Radfar [mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 9:51 
  AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] a good 
  software for cache on windows 2000
  
  a cach for a speed increase and a strong 
  one!
  

-Original Message- From: Roger Seielstad 
[mailto:[EMAIL PROTECTED] Sent: Thu 5/20/2004 

RE: [ActiveDir] Slow or non existent drive mappings

2004-05-21 Thread Rutherford, Robert
Title: Message



I take 
it it's the machine, i.e. the user logs on at another machine they don't get the 
issue?
 
Are 
you getting anything showing up in the event log to give any hint of the
problem?
 
Rob

  
  -Original Message-From: John Parker 
  [mailto:[EMAIL PROTECTED] Sent: 21 May 2004 13:10To: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Slow or non
  existent drive mappings
  Greets to all on this beautifully gloomy Friday!
   
  We have a small 
  (100 users) Win2K AD. Fully patched, Spacked etc.
   
  I have one XP user 
  who's network drive mappings do not show up consistently.  Sometimes 
  partial, other none at all.  if the user logs out and logs back in,
  (Sometimes more than once) They will map properly.
   
  Anyone seen 
  this?
   
  The mapping is 
  done via a logon script on the AD server.
   
  Thanks in 
  advance.
   
  John Parker, MCSEIS Admin.Senior Technical 
  SpecialistAlpha 
  Display Systems. Alpha VideoThe information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.


RE: [ActiveDir] how many domain controllers ?

2004-05-21 Thread Rutherford, Robert
Eg.. May last company .. 25 sites globally. 

HQ with 700 users - 3 DCs
Every other site 20-50 users - 1 DC

-Original Message-
From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] 
Sent: 21 May 2004 11:36
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] how many domain controllers ?


as few as possible

just roughly: depending on how you define small, medium, large, this
would translate to none for small, 1 for medium and usually no more than
2-3 for large (mainly depends on other services using the DCs/GCs, such
as Exchange).  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Maple
Sent: Freitag, 21. Mai 2004 12:28
To: [EMAIL PROTECTED]
Subject: [ActiveDir] how many domain controllers ?

Does anyone have a view about how many servers in a domain should be
domain controllers.  Should it be all of them - or only a few on each
site ?


Mike.



--
Releasing funds to keep business flowing...

Last year alone, Xchanging helped the London Market release 75 million
pounds of redundant claim reserves.

During 2003, Xchanging's Enhanced Claims Review team, validated 439
million pounds of non-moving London Market claims.

To find out more about the Enhanced Claims Review service, talk to Sara
Frost on 020 7327 5701 or visit our website www.xchanging.com

--



-
THE INFORMATION IN THIS E-MAIL AND IN ANY ATTACHMENTS IS CONFIDENTIAL

AND MAY BE PRIVILEGED OR OTHERWISE PROTECTED FROM DISCLOSURE. 
IF YOU ARE NOT THE INTENDED RECIPIENT AND HAVE RECEIVED IT IN ERROR YOU
ARE ON NOTICE OF ITS STATUS. 
PLEASE NOTIFY THE SENDER IMMEDIATELY BY RETURN EMAIL AND THEN DELETE
THIS EMAIL AND ANY ATTACHMENT FROM YOUR SYSTEM. 
YOU MUST NOT RETAIN, COPY OR USE THIS E-MAIL OR ANY ATTACHMENT FOR ANY
PURPOSE, NOR DISCLOSE ALL OR ANY PART OF ITS CONTENTS TO ANY OTHER
PERSON: 

TO DO SO COULD BE A BREACH OF CONFIDENCE

EMAIL MAY BE SUSCEPTIBLE TO DATA CORRUPTION, INTERCEPTION AND
UNAUTHORISED AMENDMENT, 
AND WE DO NOT ACCEPT LIABILITY FOR ANY SUCH CORRUPTION, INTERCEPTION OR
AMENDMENT OR THE CONSEQUENCES THEREOF. 

WE MAY MONITOR THE CONTENT OF EMAILS SENT AND RECEIVED VIA OUR NETWORK
FOR VIRUSES OR UNAUTHORISED USE AND FOR OTHER LAWFUL BUSINESS PURPOSES. 
WE DO NOT ACCEPT RESPONSIBILITY FOR ANY LOSS OR DAMAGE ARISING FROM A
VIRUS IN ANY EMAIL OR ATTACHMENT.

---
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] how many domain controllers ?

2004-05-21 Thread Rutherford, Robert
How many users to you have? It shouldn't be all your servers, unless you
only have 2.

-Original Message-
From: Mike Maple [mailto:[EMAIL PROTECTED] 
Sent: 21 May 2004 11:28
To: [EMAIL PROTECTED]
Subject: [ActiveDir] how many domain controllers ?


Does anyone have a view about how many servers in a domain should be
domain controllers.  Should it be all of them - or only a few on each
site ?


Mike.



--
Releasing funds to keep business flowing...

Last year alone, Xchanging helped the London Market release 75 million
pounds of redundant claim reserves.

During 2003, Xchanging's Enhanced Claims Review team, validated 439
million pounds of non-moving London Market claims.

To find out more about the Enhanced Claims Review service, talk to Sara
Frost on 020 7327 5701 or visit our website www.xchanging.com

--



-
THE INFORMATION IN THIS E-MAIL AND IN ANY ATTACHMENTS IS CONFIDENTIAL

AND MAY BE PRIVILEGED OR OTHERWISE PROTECTED FROM DISCLOSURE. 
IF YOU ARE NOT THE INTENDED RECIPIENT AND HAVE RECEIVED IT IN ERROR YOU
ARE ON NOTICE OF ITS STATUS. 
PLEASE NOTIFY THE SENDER IMMEDIATELY BY RETURN EMAIL AND THEN DELETE
THIS EMAIL AND ANY ATTACHMENT FROM YOUR SYSTEM. 
YOU MUST NOT RETAIN, COPY OR USE THIS E-MAIL OR ANY ATTACHMENT FOR ANY
PURPOSE, NOR DISCLOSE ALL OR ANY PART OF ITS CONTENTS TO ANY OTHER
PERSON: 

TO DO SO COULD BE A BREACH OF CONFIDENCE

EMAIL MAY BE SUSCEPTIBLE TO DATA CORRUPTION, INTERCEPTION AND
UNAUTHORISED AMENDMENT, 
AND WE DO NOT ACCEPT LIABILITY FOR ANY SUCH CORRUPTION, INTERCEPTION OR
AMENDMENT OR THE CONSEQUENCES THEREOF. 

WE MAY MONITOR THE CONTENT OF EMAILS SENT AND RECEIVED VIA OUR NETWORK
FOR VIRUSES OR UNAUTHORISED USE AND FOR OTHER LAWFUL BUSINESS PURPOSES. 
WE DO NOT ACCEPT RESPONSIBILITY FOR ANY LOSS OR DAMAGE ARISING FROM A
VIRUS IN ANY EMAIL OR ATTACHMENT.

---
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] a good software for cache on windows 2000

2004-05-20 Thread Rutherford, Robert
If I remember.. Winproxy will do almost anything you could want on a
proxy front. It's also relatively cheap.

http://www.winproxy.com

BR,

Rob

-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
Sent: 20 May 2004 13:39
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] a good software for cache on windows 2000


What, exactly, are you trying to accomplish?

Straight proxy caching for a speed increase, or are you also looking to
do authenticated proxying?

Roger
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
 

> -Original Message-
> From: Roseta Radfar [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 20, 2004 4:42 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] a good software for cache on windows 2000
> 
> hi,
>  
> any one can give me the name of a good cache software that
> works with transparent proxy and can be used on windows 2000 
> server. any good that you may have used and know that is a good one.
>  
>  
> thanks in advance.
> roseta

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] a good software for cache on windows 2000

2004-05-20 Thread Rutherford, Robert

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes

RE: [ActiveDir] a good software for cache on windows 2000

2004-05-20 Thread Rutherford, Robert

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purpose

RE: [ActiveDir] OT : File/Folder/Storage Reporting

2004-05-19 Thread Rutherford, Robert
Title: Message



Ooh 
just checked and it does..
 
That'll do.
 
Thanks

  
  -Original Message-From: Rutherford, 
  Robert Sent: 19 May 2004 16:46To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT : 
  File/Folder/Storage Reporting
  Yeh 
  I've used it before... I don't think it does file age, duplicate finding etc? 
  Its probably more that side of things I'm looking for.
   
  Thanks Larry
  

-Original Message-From: Passo, Larry 
[mailto:[EMAIL PROTECTED] Sent: 19 May 2004 
16:13To: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] OT : File/Folder/Storage Reporting

Treesize Pro will 
do almost everything
 
http://www.jam-software.com/treesize/
 




From: 
    Rutherford, Robert [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 19, 
2004 2:59 AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] OT : 
File/Folder/Storage Reporting
 

Hi 
All,

 

Well I'm at that 
stage again - reviewing backup and data storage. I'm hunting for duplicate 
files, old unmodified files, greediest user, 
etc.

 

I'm basically 
looking for some software that can report such things in one package. 
any experiences or 
recommendations?

 

Thanks in
advance.

 

Rob
The information transmitted is intended only for 
the person or entityto which it is addressed and may contain 
confidential and/orprivileged material. Any use (including 
retransmission or copying)of this information by persons or entities 
other than the intendedrecipient is prohibited. If you are not the
intended recipient of thistransmission, please contact the sender and 
delete the materialfrom any computer. The sender is not responsible for 
the completeness or accuracy of this communication as it has 
beentransmitted over a public network. Any replies to this email may 
bemonitored by the MCPS-PRS Alliance for quality control and other
purposes.The
  information transmitted is intended only for the person or entityto which 
  it is addressed and may contain confidential and/orprivileged material. 
  Any use (including retransmission or copying)of this information by
  persons or entities other than the intendedrecipient is prohibited. If you 
  are not the intended recipient of thistransmission, please contact the 
  sender and delete the materialfrom any computer. The sender is not
  responsible for the completeness or accuracy of this communication as it 
  has beentransmitted over a public network. Any replies to this email may 
  bemonitored by the MCPS-PRS Alliance for quality control and other
  purposes. The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.


RE: [ActiveDir] OT : File/Folder/Storage Reporting

2004-05-19 Thread Rutherford, Robert
Title: Message



Yeh 
I've used it before... I don't think it does file age, duplicate finding etc? 
Its probably more that side of things I'm looking for.
 
Thanks 
Larry

  
  -Original Message-From: Passo, Larry 
  [mailto:[EMAIL PROTECTED] Sent: 19 May 2004 
  16:13To: [EMAIL PROTECTED]Subject: RE:
  [ActiveDir] OT : File/Folder/Storage Reporting
  
  Treesize Pro will do 
  almost everything
   
  http://www.jam-software.com/treesize/
   
  
  
  
  
  From: 
  Rutherford, Robert [mailto:[EMAIL PROTECTED] 
  Sent: Wednesday, May 19, 
  2004 2:59 AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] OT : 
  File/Folder/Storage Reporting
   
  
  Hi 
  All,
  
   
  
  Well I'm at that 
  stage again - reviewing backup and data storage. I'm hunting for duplicate 
  files, old unmodified files, greediest user, 
  etc.
  
   
  
  I'm basically looking 
  for some software that can report such things in one package. any 
  experiences or recommendations?
  
   
  
  Thanks in 
  advance.
  
   
  
  Rob
  The information transmitted is intended only for 
  the person or entityto which it is addressed and may contain confidential 
  and/orprivileged material. Any use (including retransmission or 
  copying)of this information by persons or entities other than the 
  intendedrecipient is prohibited. If you are not the intended recipient of 
  thistransmission, please contact the sender and delete the 
  materialfrom any computer. The sender is not responsible for the 
  completeness or accuracy of this communication as it has 
  beentransmitted over a public network. Any replies to this email may
  bemonitored by the MCPS-PRS Alliance for quality control and other
  purposes.The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.


RE: [ActiveDir] dns issues

2004-05-19 Thread Rutherford, Robert
Title: Message



Can 
you see SRV records for the old server in DNS? They usually hang around.. if you 
do then delete them.
 
Are 
you multi-site?
 

-Original Message-From: Eric 
Fleischman [mailto:[EMAIL PROTECTED] Sent: 19 May 2004 
13:09To: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] dns issues

  
  I’d probably 
  recommend a few action items here:
  1)   
  On 
  DC,  perform a dcdiag /v and netdiag /v as well; look for failure and be 
  sure to clear them up
  2)   
  On 
  client, point to same place that DC is pointed for 
  DNS
  3)   
  If all 
  else fails, a userenv log and network trace of client boot (trace taken from a 
  second machine that is on a little hub with affected client) should show us 
  what client is waiting on during bootup
   
  A few 
  questions:
  1) Are client and DC 
  on same subnet?
  2) Where are client 
  and DC pointed for DNS (primary and secondary would be 
  great)
  3) What is 
  connectivity between client and dc (same subnet, across a wan, 
  etc.)
   
  Hope this is a 
  helpful start!
  ~Eric
   
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Kern, 
  TomSent: Wednesday, May 19, 
  2004 5:20 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] dns 
  issues
   
  
  i bounced the server, srv records are all there. the 
  old server is not in dhcp and an nslookup in safe mode shows me there is
  connectivity to dns server and all the prpoer srv reords are 
  enumerated.
  
  i hahdn't hpought of ms04-011. what are some other 
  symptoms?
  
  thanks
  

-Original Message- From: deji Agba 
[mailto:[EMAIL PROTECTED] Sent: Wed 5/19/2004 3:04 AM 
To: [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] dns 
issues


More likely DNS 
than WINS. Trying bouncing the new Server, then restart netlogon on 
it (in case the MS04-011 is 
hurting you), then 
check DNS for the relevant SRV records. I know you said you looked in 
DHCP, but I have to ask if you made sure that the dead DC is no listed as a 
DNS server in your DHCP scopes. And, after the client have connected in 
"Safe Mode", what does nslookup 
say?



 

Lastly, anything 
in eventlog (on both server and clients?

 

Sincerely,Dèjì Akómöláfé, 
MCSE MCSA
MCP+I

Microsoft MVP 
- Directory Services

www.readymaids.com - we know 
ITwww.akomolafe.comDo you now realize that Today is 
the Tomorrow you were worried about Yesterday?  
-anon

 



From: 
Mulnick, AlSent: Tue 
5/18/2004 2:30 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] dns 
issues
WINS?  -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Kern, TomSent: Tuesday, May 18, 2004 5:17 PMTo: ActiveDir (E-mail)Subject: [ActiveDir] dns issues I had my primary fsmo role holder(pdc,infra,rid) go down. It was also a dnsserver(ad intergrated). i ran ntdutil and removed the server from AD. I alsohad another dns server running. I transfered all the fsmo roles to this server. Now however, i have a ton of what i think are dns issuses. I have clientswho are stuck at "applying security settings" and never logon(however, theycan when in safe mode with networking).also, i tried to join a workstation to my domain and it gave me a "connotcontact domain" error.the clients are all pointing to the new dns server via dhcp.there are no errors in the dns log or in directory services log.this is a child domain and the zone was delegated from the root. what gives?thanksList info   : http://www.activedir.org/mail_list.htmList FAQ    : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/List info   : http://www.activedir.org/mail_list.htmList FAQ    : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/The information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.


[ActiveDir] OT : File/Folder/Storage Reporting

2004-05-19 Thread Rutherford, Robert
Title: Message



Hi All,
 
Well I'm at that stage again - reviewing backup and data storage. I'm 
hunting for duplicate files, old unmodified files, greediest user, 
etc.
 
I'm basically looking for some software that can report such things in 
one package. any experiences or recommendations?
 
Thanks in advance.
 
RobThe information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.


RE: [ActiveDir] Group Policy Security Templates:

2004-05-18 Thread Rutherford, Robert
Title: Message



**snip**
. I suppose 
what I am asking is if I set this value to 1 does this only allow one login or 
one users cached profile infinitely however subject to other settings eg.
password age etc.
**snip**
 
It will allow 
one cached profile indefinitely and the password will not 
expire.
 
BR,
 
Rob

  
  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] Sent: 18 May 2004 
  08:34To: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Group Policy Security Templates:
  
  All,
   
  We are in the process of testing 
  security templates on a new windows 2003 domain model and there is one
  attribute I am having trouble putting a value on. The particular node is the 
  Windows Settings/Security Settings/Local Policies/Security Options/Interactive 
  Login/Number of previous logins to cache (In case a domain controller is
  unavailable). I have a template for workstations and this value is set to 0 
  logins. For laptops I have another template and this is the one I am having 
  trouble with I am unsure what value to put on 
  this.
   
  We have numerous users who are at 
  our remote sites on laptops and they do not log onto the domain for weeks at a 
  time...this would however never exceed a 30 day period. What would you advise 
  I set this value to. I suppose what I am asking is if I set this value to 1 
  does this only allow one login or one users cached profile infinitely however 
  subject to other settings eg. password age etc.
   
  Thanks.
   
  JamesThe information transmitted is intended only for the person or entityto which it is addressed and may contain confidential and/orprivileged material. Any use (including retransmission or copying)of this information by persons or entities other than the intendedrecipient is prohibited.  If you are not the intended recipient of thistransmission, please contact the sender and delete the materialfrom any computer. The sender is not responsible for the completeness or accuracy of this communication as it has beentransmitted over a public network. Any replies to this email may bemonitored by the MCPS-PRS Alliance for quality control and other purposes.


  1   2   >