RE: [ActiveDir] AD screw up

[Shawn.Hayes]

Title: Message



Why not just create Sites for you branch 
offices?


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Drew 
GainorSent: Friday, April 16, 2004 12:06 PMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] AD screw 
up

Not knowing what I 
was doing I set up an AD at my company corporate office. I then converted 
everyone over to it along with my Exchange server.

Now I also have a 
couple of branch offices and want to create children.

The mistake I made 
was that I did not set up an Empty Root Domain first. Isetup the corporate 
domain as the first server.

This is what I would 
like to do. Tell me if I am wrong or if you have any other 
suggestions.


Root - 
ADRoot
child - 
corp.ADRoot
child - 
branch1.ADRoot
child - 
branch2.ADRoot

I do not want the 
domains to be internet FQDN.

Drew

RE: [ActiveDir] AD screw up

[Shawn.Hayes]

Title: Message



You can rename the NetBIOS name not the DNS name. It 
doesn't sound like to me you need an empty root. Don't screw up your 
existing domain, especially if Exchange is working in production. Create 
sites for your branch offices and OU's if you want too. Put a GC at each 
branch office, kick back, monitor and patch.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Drew 
GainorSent: Friday, April 16, 2004 1:54 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] AD screw 
up

Ok, 
how about this. I create a new child OU in my existing domain called corp. I 
then move all users and objects from the root domain to the corp child. Then I 
rename the root domain. Does that sound like it will work?

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Salandra, Justin A.Sent: Friday, April 16, 2004 
  10:03 AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] AD screw up
  
  Create the new OU, 
  then right click on the child OU and click Move
  
  -Original 
  Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Drew 
  GainorSent: Friday, April 
  16, 2004 12:41 PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD screw 
  up
  
  
  I don't 
  know where I get these stupid questions from. ok It looks like OU will work 
  ok. I found info at Microsoft http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/scenarios/ou_design_implement_ou_structure.asp
  
  
  
  now my 
  question is - Since I already created an AD containing an OU of what I would 
  like to be a child how can I create the parent to insert the child into. Or is 
  that even possible?
  
-Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin 
A.Sent: Friday, April 16, 
2004 9:18 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] AD screw 
up
You 
could do that, but are you sure you cant accomplish what you want to do 
with just one domain and a detailed OU strcture?

-Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Drew GainorSent: Friday, April 16, 2004 12:06 
PMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] AD screw 
up


Not knowing what I was doing I 
set up an AD at my company corporate office. I then converted everyone over 
to it along with my Exchange server.



Now I also have a couple of 
branch offices and want to create children.



The mistake I made was that I 
did not set up an Empty Root Domain first. Isetup the corporate domain 
as the first server.



This is what I would like to do. 
Tell me if I am wrong or if you have any other 
suggestions.





Root - 
ADRoot

child - 
corp.ADRoot

child - 
branch1.ADRoot

child - 
branch2.ADRoot



I do not want the domains to be 
internet FQDN.



Drew

RE: [ActiveDir] Updating Schema to Windows 2003

[Shawn.Hayes]

Nope, I have one running just as you described. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Wednesday, April 07, 2004 8:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

If the forest prep is done, are there any problems if a child domain is
built as a windows 2003 domain while the rest of the forest is still in
windows 2000?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff
Sent: Tuesday, April 06, 2004 4:02 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

Forest Prep will prepare your forests for the Windows 2003 upgrade.  IT
will also expand your schema at that time.

S


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, April 06, 2004 12:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

I really just want to prepare the forest for windows 2003, I don't need
the domains ready yet.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent
Sent: Tuesday, April 06, 2004 2:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

Also, if you stick in the CD to upgrade a server, it will check the
server and AD type, and will not upgrade until you have performed those
steps.
It
even gives you the steps to perform that you can copy/paste. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff
Sent: Tuesday, April 06, 2004 1:19 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

I am not aware of any KB articles, but here are the steps that were
performed on our upgrade.

The forest and domains are prepared by using the adprep command on the
schema operations master and infrastructure operations master,
respectively.
(25min)
*   At a command prompt, change to the \I386 directory on the
installation media and then type: d:\i386\adprep /forestprep 
*   When prompted, type 'C', and then press ENTER to begin forest
preparation, or type any other key, and then press ENTER to cancel. 
*   After the forest preparation data has replicated throughout the
forest, prepare the domains for Windows Server 2003 as described below.
The domain preparation operation must be performed on the infrastructure
operations master of each domain in the forest. 
(no reboot necessary)

Prepare an Active Directory domain for Windows Server 2003:  (4min)
*   On the domain controller holding the infrastructure operations
master role
*   At a command prompt, change to the \I386 directory on the
installation media, and then type: d:\i386\adprep /domainprep 
*   After the domain preparation data has replicated throughout the
domain, upgrade the domain controller by running Windows Server 2003
Setup (I386\winnt32.exe on the installation media).
(no reboot necessary)
*   Specify Upgrade from menu options
*   Enter Corporate CD Key
*   Update Setup Files from Microsoft
(system reboots)
*   Setup will now prepare the installation
*   Installing Windows
*   Finishing Installation
(system reboots)
o   Total Install Time:  2 hours 10 minutes

Hope this helps.

S

*
Steve Shaff
Active Directory / Exchange Administrator Corillian Corporation
(W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, April 06, 2004 10:13 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Updating Schema to Windows 2003

I have a question, what are the steps to update the schema to Windows
2003?

Is there a q article out there?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: 

RE: [ActiveDir] Updating Schema to Windows 2003

[Shawn.Hayes]

Have you run into issues with Exchange pointing to GC servers in your
subdomains and not being able to resolve recipients in Distribution list
unless the DL are Universal DL?   

We have:

Root Forest Windows 2000 with Exchange 2000 and most user accounts,
Groups, DLs, etc
Subdomain Windows 2003 with Exchange 2003 - mostly for development /
testing, few accounts

Exchange at times used the DC in the Subdomain for GC lookups.  Our DLs
were not Universal so when Exchange would attempt to resolve the
recipients of the DL using the subdomain GC it would not find any
members.at that point messages would die in the Categorizer queue.
MS solution was to convert all mail enabled groups to Universal or
remove the subdomain DC from the Exchange Directory Servers list.
Universal groups will publish all their members in the GCs, but this
philosophy seems to contradict everything I read early on about trying
to avoid the use of Universal Groups because of the increase in
replication between GCs.



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Wednesday, April 07, 2004 9:15 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

One thing I did not mention is that I have Exchange 2003 deployed in my
forest.  What precautions need to be taken for this.  I read the q
article 325379 but that talks about exchange 2000.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, April 07, 2004 8:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

Nope, I have one running just as you described. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Wednesday, April 07, 2004 8:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

If the forest prep is done, are there any problems if a child domain is
built as a windows 2003 domain while the rest of the forest is still in
windows 2000?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff
Sent: Tuesday, April 06, 2004 4:02 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

Forest Prep will prepare your forests for the Windows 2003 upgrade.  IT
will also expand your schema at that time.

S


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, April 06, 2004 12:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

I really just want to prepare the forest for windows 2003, I don't need
the domains ready yet.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent
Sent: Tuesday, April 06, 2004 2:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

Also, if you stick in the CD to upgrade a server, it will check the
server and AD type, and will not upgrade until you have performed those
steps.
It
even gives you the steps to perform that you can copy/paste. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff
Sent: Tuesday, April 06, 2004 1:19 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to Windows 2003

I am not aware of any KB articles, but here are the steps that were
performed on our upgrade.

The forest and domains are prepared by using the adprep command on the
schema operations master and infrastructure operations master,
respectively.
(25min)
*   At a command prompt, change to the \I386 directory on the
installation media and then type: d:\i386\adprep /forestprep 
*   When prompted, type 'C', and then press ENTER to begin forest
preparation, or type any other key, and then press ENTER to cancel. 
*   After the forest preparation data has replicated throughout the
forest, prepare the domains for Windows Server 2003 as described below.
The domain preparation operation must be performed on the infrastructure
operations master of each domain in the forest. 
(no reboot necessary)

Prepare an Active Directory domain for Windows Server 2003:  (4min)
*   On the domain controller holding the infrastructure operations
master role
*   At a command prompt, change to the \I386 directory on the
installation media, and then type: d:\i386\adprep /domainprep 
*   After the domain preparation data has replicated throughout the
domain, upgrade the domain controller by running Windows Server 2003
Setup (I386\winnt32.exe on the installation media).
(no reboot necessary)
*   Specify Upgrade from menu options
*   Enter Corporate CD Key
*   Update Setup Files from Microsoft
(system reboots)
*   Setup will now prepare the installation
*   Installing Windows
*   Finishing Installation
(system reboots)
o   Total Install Time:  2 

RE: [ActiveDir] OT: Server-side address list Public folder

[Shawn.Hayes]

Nope you have a bug or have done something wrong. 
Outlook will view contacts within Address List just as it views Users and 
Distribution Groups.

Youmay have to wait for the address list to be 
'generated' and viewable via Outlook.not sure



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Michael 
WassellSent: Wednesday, April 07, 2004 3:28 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Server-side 
address list  Public folder

Okay. I've answered my own 
question.

I've imported all of the contact's into AD as contact 
objects.I've delegated control of that OU to the managers of the 
department and they will be instructed how to access/update information for the 
objects in AD.

My question now is, I have created an Address list 
server-side, but the contact objects in AD do not display in the Address List on 
the client.

"Previewing" the address list from the server returns the 
correct contact objects, but that doesn't do much good without the client being 
able to view them from Outlook. Is this by design for Outlook? Is 
anyone aware of a fix or a workaround to allow Outlook to view contact objects 
as opposed to only User/Group objects?

TIA!


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Michael 
WassellSent: Wednesday, April 07, 2004 1:22 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Server-side 
address list  Public folder

As a follow up to my own question.

If it is not possible, I suppose I could write 
ascript that automatically exports the contents of the public folder from 
Outlookand store it in a CSV format,import them into the AD 
afterwards using CSVDE as Contact objects in a specific OU and query the OU from 
Exchange server. But I'm hoping someone may have a better idea 
:-)


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Michael 
WassellSent: Wednesday, April 07, 2004 1:11 PMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] OT: Server-side 
address list  Public folder

I'm not sure if this 
is possible or not. I can't seem to find any reference of it 
anywhere.

Would anyone care to 
enlighten me onif it is possible to populate an address list stored 
server-side (similar to GAL) using an LDAP query to query the contents of a 
public folder? I know that it is possible to add a public folder to each 
individual outlook config by opening Properties (of folder) Outlook 
Address Book  Show this folder...

But, I am wondering 
if is possible to remove that process and have it stored on server so users can 
simply address an email and choose the correct contact from their Outlook 
without manually adding the folder to their AB's.

I have played around 
with it a little bit and I have been able to limit an LDAP query within Exchange 
to return only the folder that contains the contacts, but have yet to be able to 
return the contacts stored within that folder.

TIA

RE: [ActiveDir] Exchange 2003 and Firewalls

[Shawn.Hayes]

400+ Outlook clients over a T1.  Have you looked at the bandwidth
utilization?  Sounds like the T1 is saturated to me.  What about subnet
in the remote office?  Is it assigned to the correct site for
authentication? 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, March 23, 2004 2:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange 2003 and Firewalls

No it is a private T1, point to point.

 -Original Message-
From:   [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]  On Behalf Of Rutherford,
Robert
Sent:   Tuesday, March 23, 2004 1:26 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] Exchange 2003 and Firewalls

I take it this is a public T1 over the internet, comms via a VPN?

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: 23 March 2004 17:35
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange 2003 and Firewalls


Physically the two orgs are connected by a T1 Line.

 -Original Message-
From:   [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]  On Behalf Of Rutherford,
Robert
Sent:   Tuesday, March 23, 2004 11:16 AM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] Exchange 2003 and Firewalls

Is this on the same physical site? 

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] 
Sent: 23 March 2004 14:58
To: ActiveDir (E-mail)
Subject: [ActiveDir] Exchange 2003 and Firewalls


I have a facilities that insists on having a very old 3Com Firewall
between our organizations.  On his side of the firewall is has 400 +
outlook clients, on my side I have the Exchange 2003 server and the
Global Catalog Servers.  Clients are taking an extremely long time to
connect to mail and access resources.  None of my other 9 facilities
have this problems and the only thing different is that none of the
others have a firewall between our two organizations.

What ports do they have to open to allow proper communications between
their clients and my servers?


Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any use (including retransmission or copying) of this
information by persons or entities other than the intended recipient is
prohibited.  If you are not the intended recipient of this transmission,
please contact the sender and delete the material from any computer. The
sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited.  If you are not the intended recipient of this
transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the 
completeness or accuracy of this communication as it has been
transmitted over a public network. Any replies to this email may be
monitored by the MCPS-PRS Alliance for quality control and other 
purposes.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Exchange/AD bug or poor design?

[Shawn.Hayes]

Title: Message



If I am not mistaken, 'Changes' to DL 
Memberships happen ona domain controller within AD. That information 
is replicated to the Global Catalog servers as a Read-Only 
Copy.

To be sure Global Catalogs that are queried maintain a 
complete list of Distribution List Members, all DLs must be Universal DLs 
(in a multiple domain environment)
http://support.microsoft.com/default.aspx?scid=kb;en-us;271930
Kills the idea 
that you should limit the amount of Universal Groups in an AD domain / 
forest.


I 
probably missed the point below..



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Ken 
CornetetSent: Thursday, March 18, 2004 1:17 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange/AD bug 
or poor design?

We 
handled it by writing a perl CGI program to do DL management. Our environment is 
fairly simple, though - all users in one domain, DLs in 
another.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Thommes, Michael M.Sent: Thursday, March 18, 
  2004 11:57 AMTo: Active Directory Mailing List 
  (E-mail)Subject: [ActiveDir] Exchange/AD bug or poor 
  design?
  Hi 
  All,
   
  I know that some of you think the Exchange/AD is the best thing since "sliced 
  bread" wink based on past exchanges/rants on this mailing 
  list,and I wonder about the following:
  
  
  In multi-domain environments, 
  the global catalog server that you select may not be in the same domain as 
  Active Directory group objects. Therefore, users cannot update group 
  membership because the local global catalog server has a read-only copy of the 
  group.
  
  from: How 
  to configure a specific GC: http://support.microsoft.com/default.aspx?scid=kb;EN-US;319206
  
  Since an Outlook client can 
  choose any of the available GCs in the enterprise, when a user tries to update 
  a group membership, obviously it's going to fail if connected to a GC that has 
  a read-only copy. So the fixup, according to the KB article,is to 
  specify a particular GC. But by specifying a particular GC, all of a 
  sudden I have lost the redundancy that AD gives me! Catch-22! Is 
  this an Exchange design flaw?How are others handling this 
  problem? TIA!
  Mike 
  Thommes

RE: [ActiveDir] Experiences with DFS.....

[Shawn.Hayes]

Title: Message



Youshould look closely at the product you choose for 
the replication piece, 3rd party is advised, to see it's recommendations 
about .pst files. Some don't like them.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Chris 
FlesherSent: Thursday, March 11, 2004 12:32 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Experiences with 
DFS.

Well, 
to give a little more info, we have 1,000,000+ files on our NAS. This machine is 
accessed pretty hard by ~1,000 users, housing .pst files and eudora data store 
files. If you are saying that each time there is a change in a file, it is 
replicated, would it constantly replicate email data files each time an email 
comes to the user? That could get ugly.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Ayers, DianeSent: Thursday, March 11, 2004 
  10:52 AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Experiences with DFS.
  We looked at a DFS / FRS combo and quickly rejected it based on the 
  problems with FRS. For data replication, FRS is a PoS (to be brutally 
  honest). MS needs to start from scrtach on that one. Any efficient 
  data replication scheme would utilize a block level or some other low 
  levelreplication process and not be based on file level 
  replication. A single change to, say a 10 MB file, should not trigger 
  the replication of the entire 10 MB file.
  
  We're looking at several third party replication tools but the jury is 
  still out on the optimal solution.
  
  Diane
  
-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]On Behalf Of Brent 
WestmorelandSent: Thursday, March 11, 2004 8:25 AMTo: 
[EMAIL PROTECTED]Subject: Re: [ActiveDir] Experiences 
with DFS.
Yes, 
You need to become familiar with the FRS registry settings and the 
staging directory. Try these links to get you started: 
http://www.jsiinc.com/SUBI/tip4100/rh4104.htm 
http://www.jsiinc.com/SUBL/tip5900/rh5973.htm 
Also, 
definitely consider moving your staging directory to a large volume 
follow the instructions in KB291823. 
On Mar 11, 2004, at 11:00 AM, Chris Flesher wrote: 

  We are thinking of using DFS in order to add redundancy to our NAS 
  offerings. My main question is does anyone have experience using DFS to 
  replicate/keep in sync large amounts of info, i.e. 200+GB, between two or 
  more servers? 
  
  As always, thank you for the help. 
  
  Chris Flesher 
  The University of Chicago 
  NSIT/DCS 
  1-773-834-8477 
  
Brent Westmoreland 
BMW Group - Data Center Americas 
Business: 864.989.6567 

[ActiveDir] AD Performance Monitors

[Shawn.Hayes]

Title: AD Performance Monitors






Anyone have a pointer to a good paper about which NTDS counters to monitor and what the accepted thresholds for the counters should be. I have found some info on counters but not thresholds..

Windows 2000 AD.


Thanks in advance..


Shawn 

RE: [ActiveDir] Is this list still active?

[Shawn.Hayes]

Nobody here but us chickens...

Just kidding this is a very active list...very informativelots of
smart people not including myself 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler
Sent: Tuesday, February 03, 2004 10:36 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Is this list still active?

I have a couple of questions, and I really need help!
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Is this list still active?

[Shawn.Hayes]

I thought after the fact that I should have said  Rubber Chickens.
Those monitoring the list for a while would understand 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Craig Cerino
Sent: Tuesday, February 03, 2004 10:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Is this list still active?

I was gonna give a similar smart-arse answer - but I didn't wanna scare
the dude off :) 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, February 03, 2004 10:40 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Is this list still active?

Nobody here but us chickens...

Just kidding this is a very active list...very informativelots of
smart people not including myself 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler
Sent: Tuesday, February 03, 2004 10:36 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Is this list still active?

I have a couple of questions, and I really need help!
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Changing Group Scope

[Shawn.Hayes]

Title: Changing Group Scope






Hello Everyone,


I need help writing a script to change the group scope for all groups in our Domain. See KB article 271930 for an explanation whythis hit me as an oh by the way we forgot to mention...

Robbie Allen,


I have a copy of the AD Cookbook for Windows 2000 and Windows 2003. In this book you have a script that will accomplish what I am trying, page 225. Your script focuses on a single group and I must know the DN. What I am trying to do is run this against the domain and modify all mail enabled groups. I would prefer not having to manually look up DN's etc. 

Any help from anyone is most appreciated.


Thanks in advance,

Shawn

RE: [ActiveDir] Virus software on DC

[Shawn.Hayes]

We run Symantec AV corporate edition and don't exclude any directories.
We haven't had any problems related to AV software.. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Wednesday, December 10, 2003 11:42 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Virus software on DC

 What directories should I not be scanning?

We use the exclusions in this list-

822158 - Virus Scanning Recommendations on a Windows 2000 Domain
Controller:
http://support.microsoft.com/default.aspx?scid=kb;en-us;822158




From: John Parker [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 10, 2003 8:30 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Virus software on DC


We run Trend here.
Never have run into any issues and we are using the realtime
scan.
Just out of curiosity though, I am scanning all except for a few
select dirs/
What directories should I not be scanning?



John Parker, MCSE 
IS Admin. 
Senior Technical Specialist 
Alpha Display Systems. 

Alpha Video 
7711 Computer Ave. 
Edina, MN. 55435 
  
952-896-9898 Local 
800-388-0008 Watts 
952-896-9899 Fax 
612-804-8769 Cell 
952-841-3327 Direct 

[EMAIL PROTECTED] 
Be excellent to each other 
---End of Line--- 


-Original Message-
From: Creamer, Mark [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 10, 2003 10:24 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Virus software on DC



I do, but I exclude the AD files, and I do not have real-time
scanning enabled, just periodic scheduled scans. Does not seem to cause
any problems.

 

mc

-Original Message-
From: Douglas M. Long [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 10, 2003 11:17 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Virus software on DC

 

This may be a dumb question, but do you guys have virus scanning
software on your DCs? I have been confused if the virus scanner slows
the machine down or not. Thanks


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] [Off-Topic] Moving files across volumes with perm s intact

[Shawn.Hayes]

Title: Message



later versions of xcopy will too, if you don't have a 
resource kit

xcopy /? will show you 
how


From: Roger Seielstad 
[mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 
9:24 AMTo: '[EMAIL PROTECTED]'Subject: RE: 
[ActiveDir] [Off-Topic] Moving files across volumes with perm s 
intact

scopy 
or robocopy from the resource kits will do it


-- 
Roger D. Seielstad - 
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. 

  
  -Original Message-From: Oliver Marshall 
  [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 6:15 
  AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
  [Off-Topic] Moving files across volumes with perms intact
  Is it possible to 
  move files and folders across volumes so that the permissions remain the same 
  ? we have a dir tree that contains huge numbers of files and folders, and i 
  need to move them to a new volume. If the perms are reset (which is the norm) 
  then it will take forever to set the perms back again.
  
  Olly

RE: [ActiveDir] Virtual Memory Fragmented

[Shawn.Hayes]

Create a new pagefile specify same size for min and max
Delete current pagefile
Create new pagefile to replace deleted page file and specify same size
for min and max

This is Windows 2000 Enterprise edition, isn't it? 

-Original Message-
From: Steve Shaff [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 17, 2003 4:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Virtual Memory Fragmented

I already have put into place the /3gb switch before this all happened,
as seen below.

Any other ideas?
Thanks,
S

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=Windows Server 2003,
Standard /fastdetect /3gb  /userva=3030
 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of King, Arron S.
Sent: Monday, November 17, 2003 11:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Virtual Memory Fragmented

Here's an article I found  on MS site -
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b329864

This has been talked about quite a bit on the Swynk Exchange list - not
to any great resolution that I can recall...

HTH


=
Arron King
Network  Systems Administrator
Ohio Dominican University
[EMAIL PROTECTED]
V: 614-251-4515
F: 614-252-2650


-Original Message-
From: Steve Shaff [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 2:01 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Virtual Memory Fragmented


Greetings,

I appear to have a problem with my virtual memory being fragmented.
This is on a Windows 2003 Server running Exchange 2003, so needless to
say it is very important that it stays running.  The server rebooted,
but in doing so did not start all of the exchange services, which was
very bad... What are your thoughts in how I can prevent this from
happening? 
This server is running with 3gb of physical ram and 4096 of paging,
there should be no memory problems.

Here is the event log from the server.
Event Type: Error
Event Source:   MSExchangeIS
Event Category: Performance 
Event ID:   9582
Date:   11/16/2003
Time:   3:27:12 AM
User:   N/A
Description:
The virtual memory necessary to run your Exchange server is fragmented
in such a way that normal operation may begin to fail. It is highly
recommended that you restart all Exchange services to correct this
issue. 
For more information, click
http://www.microsoft.com/contentredirect.asp.

Any thoughts or suggestions?

Thanks,
Steve

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Virtual Memory Fragmented

[Shawn.Hayes]

Dump the /3GB switch, it is for Enterprise Edition Only

-Original Message-
From: Steve Shaff [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 17, 2003 5:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Virtual Memory Fragmented

I will give this a try.

No, this is Windows 2003 Standard running Exchange 2003 Enterprise.
Thanks
Steve


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 1:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Virtual Memory Fragmented

Create a new pagefile specify same size for min and max Delete current
pagefile Create new pagefile to replace deleted page file and specify
same size for min and max

This is Windows 2000 Enterprise edition, isn't it? 

-Original Message-
From: Steve Shaff [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 4:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Virtual Memory Fragmented

I already have put into place the /3gb switch before this all happened,
as seen below.

Any other ideas?
Thanks,
S

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=Windows Server 2003,
Standard /fastdetect /3gb  /userva=3030
 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of King, Arron S.
Sent: Monday, November 17, 2003 11:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Virtual Memory Fragmented

Here's an article I found  on MS site -
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b329864

This has been talked about quite a bit on the Swynk Exchange list - not
to any great resolution that I can recall...

HTH


=
Arron King
Network  Systems Administrator
Ohio Dominican University
[EMAIL PROTECTED]
V: 614-251-4515
F: 614-252-2650


-Original Message-
From: Steve Shaff [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 2:01 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Virtual Memory Fragmented


Greetings,

I appear to have a problem with my virtual memory being fragmented.
This is on a Windows 2003 Server running Exchange 2003, so needless to
say it is very important that it stays running.  The server rebooted,
but in doing so did not start all of the exchange services, which was
very bad... What are your thoughts in how I can prevent this from
happening? 
This server is running with 3gb of physical ram and 4096 of paging,
there should be no memory problems.

Here is the event log from the server.
Event Type: Error
Event Source:   MSExchangeIS
Event Category: Performance 
Event ID:   9582
Date:   11/16/2003
Time:   3:27:12 AM
User:   N/A
Description:
The virtual memory necessary to run your Exchange server is fragmented
in such a way that normal operation may begin to fail. It is highly
recommended that you restart all Exchange services to correct this
issue. 
For more information, click
http://www.microsoft.com/contentredirect.asp.

Any thoughts or suggestions?

Thanks,
Steve

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Server Reboot problem after SP4 installation

[Shawn.Hayes]

Jim,

What Veritas product was this driver 
for?

Thanks,

Shawn 



From: Jim Patton [mailto:[EMAIL PROTECTED] 
Sent: Thursday, November 06, 2003 11:40 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Server Reboot 
problem after SP4 installation

I 
finally found the resolution to this problem. It came down toobtaining an 
updatedversion of the Veritas driver, VSP.SYS. 

Jim

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of Jim 
  PattonSent: Friday, September 19, 2003 2:32 PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Server Reboot 
  problem after SP4 installation
  
  Thanks George! I do 
  remember that step during the SP4 installation and elected to overwrite the 
  existing files to preserve the integrity of the SP4 
  installation.
  
  Compaq replaced the 
  CPU on one of the three servers that are affected by this problem and it 
  didnt resolve the problem. Didnt really think it would, but it was the last 
  piece of hardware that could possibly have had something to do with this 
  issue.
  
  At the moment, Im 
  planning to rollback to SP3 on one of the three servers as the next step. 
  However, after reading your message, I think Ill download the drivers youve 
  mentioned and load those in place of the existing files on one server as a 
  test.
  
  Re-building these 
  servers is the absolute last option. 
  
  Thanks for your help 
  and to everyone else that has provided input into this issue. Ill keep the 
  list posted on my progress.
  
  Jim
  
  
  -Original 
  Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of George 
  ArezinaSent: 
  Thursday, September 18, 
  2003 10:30 
  PMTo: 
  [EMAIL PROTECTED]Subject: FW: [ActiveDir] Server Reboot 
  problem after SP4 installation
  
  Jim,
  Heres 
  something you might want to think about regarding your Compaq 
  servers.
  Regards,
  George
  
  
  
  
  
  
  From: Phillip 
  Rabago [mailto:[EMAIL PROTECTED] Sent: Friday, September 
  19, 2003 4:48 
  AMTo: [EMAIL PROTECTED]Cc: Jan Beckman
  
  
  George, 
  a colleague of mine forwarded your message to me. You may want to 
  forward this reply toJim Patton.
  
  
  
  I had a 
  similar incident when upgrading a server (DL380) to SP4. After many 
  attempts by tech support to resolve without rebuilding, they were ready to 
  toss in the towel and suggested to rebuild. We talked a few minutes more 
  and realized that one major step that seemed innocuous at the time, was 
  probably the culprit.
  
  
  
  During 
  SP4 installation you're asked if you want to replace cpqarray.sys (filename 
  may be wrong, but it's close) and another similar file. DON'T replace 
  them. They are the harddrive array drivers. If you replace them 
  you won't be able to boot properly. 
  
  
  
  Anyway, 
  the solution (which isn't sanctioned by them, but was offered as sidebar by a 
  tech who'd happened to have a similar experience) is to download the files 
  from Compaq/HP and then create a floppy with the drivers on it, and use the 
  floppy during Windows 2000 setup. Run Windows 2000 setup, hit F6 to 
  select 3rd party array drivers from the floppy and finish the install. I 
  don't recall the actual install that I ran, but I think I ran the repair 
  rather that the normal install. But the important step is to get the 
  machine to a command prompt and copy the files to their proper 
  location.
  
  
  
  Sorry to 
  be so vague in my description, but I was not feeling well at the time, I 
  didn't take notes, and left as soon as I got the server rebooted and working 
  (and didn't want to think about it again). With any luck, this will 
  reach Jim in time, if he hasn't found this or another solution 
  already.
  
  
  
  BTW, as 
  a side note, I've found that making sure the AV software is turned off AND 
  emptying ALL temp and cache folders, makes the chance of a successful 
  installation nearly 100%. I haven't had a difficult install on any 
  machine in which I've emptied all these folders first.
  
  
  
  
  
  Thanks
  
  Phillip 
  Rabago
  
  
  
  
  -Original 
  Message-From: Jan 
  Beckman Sent: 
  Thursday, September 18, 
  2003 7:17 
  AMTo: Phillip Rabago; Cheryl L. Qualls; 
  James S. Sharp; Rashid Jasim; David Martin; Hal Taberner; Bill Siemsen; Erik 
  S. LasiewskiSubject: FW: 
  [ActiveDir] Server Reboot problem after SP4 installation
  
  I have 
  been monitoring the discussion groups for any problems popping up after 
  installing W2k SP4. Thought I would share this one in case others have these 
  server models.
  
   
  --jan
  
  
  -Original 
  Message-From: George 
  Arezina [mailto:[EMAIL PROTECTED]Sent: Wednesday, September 
  17, 2003 11:21 
  PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Server Reboot 
  problem after SP4 installation
  Jim,
  I could 
  not agree with you more. Most techie support guys fall back on the same 
  answer, "rebuild 

[ActiveDir]

[Shawn.Hayes]

I believe a GPO was modified by someone with the appropriate 'rights',
but that person did not communicate changes were to be made and now we
see some strange issues

Issues are not the point of this question.  Does anyone know of a way to
determine who modified the GPO?

Thanks in advance,
Shawn



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir]

[Shawn.Hayes]

Great, but anything built in to the OS?  Anyway I can point a finger at
a DBA that is poking is hands where they do not belong.  Please don't
ask why they have rightsaarrgghhh 


Shawn


-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 28, 2003 4:46 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] 

FullArmor FAZAM GPO Auditor...  www.fullarmor.com

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 2:26 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] 


I believe a GPO was modified by someone with the appropriate 'rights',
but that person did not communicate changes were to be made and now we
see some strange issues

Issues are not the point of this question.  Does anyone know of a way to
determine who modified the GPO?

Thanks in advance,
Shawn



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir]

[Shawn.Hayes]

File and Object auditing on the Sysvol and Policies directory explicitly
should do the trick???...At least this would show who was making
changes.  At that point I can confront that person..

Sound correct?

Thanks Gil 


Shawn


-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 28, 2003 5:12 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] 

You can set up auditing in AD on the GPOs themselves by setting the
SACLs...
The accesses will show up in the security audit log. You can likewise
set up auditing on the SYSVOL to track changes on the files. Use your
favorite event log collector (e.g., Microsoft's MACS, which is in Beta).
But translating the resulting mess of event log entries into something
meaningful will be a challenge. And you won't be able to tell
specifically what was changed Just that it was changed.

-gil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 3:00 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] 


Great, but anything built in to the OS?  Anyway I can point a finger at
a DBA that is poking is hands where they do not belong.  Please don't
ask why they have rightsaarrgghhh 


Shawn


-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 4:46 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] 

FullArmor FAZAM GPO Auditor...  www.fullarmor.com

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 2:26 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] 


I believe a GPO was modified by someone with the appropriate 'rights',
but that person did not communicate changes were to be made and now we
see some strange issues

Issues are not the point of this question.  Does anyone know of a way to
determine who modified the GPO?

Thanks in advance,
Shawn



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Infrastructure and GC

[Shawn.Hayes]

Title: Message



Rick,
Thanks 
for the input...I appreciate it.

Shawn 

  
  -Original Message-From: Kingslan, Rick 
  T. [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 
  11:27 AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Infrastructure and GC
  Shawn,
  
  You 
  can do it temporarily. Some updates might not be made to references 
  about objects in other domains such. It's not a good thing to do for a 
  long period of time, but it's not a horrific issue, 
either.
  
  
  Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active 
  DirectoryLAN Administration - Windows 2000West 
  Corporation[EMAIL PROTECTED]
  

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 
Wednesday, October 15, 2003 8:21 AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] Infrastructure 
and GC
Any implications from adding a GC role to an 
infrastructure master temporarily? We do have trusts with other 
forests and a sub-domain.


Shawn 

  

[ActiveDir] Windows 2003 AD

[Shawn.Hayes]

Title: Windows 2003 AD






Any issues with having a Windows 2003 child domain below a Windows 2000 root?

RE: [ActiveDir] What is SUS?

[Shawn.Hayes]

And low bandwidth environment 

Shawn



-Original Message-
From: England, Christopher M [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, September 10, 2003 9:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] What is SUS?


SUS is basically WindowsUpdate (or more specifically, Automatic Updates
from XP SP1 or 2000 SP3), but you control what updates go out. You still
use the GPO to dictate how they get the updates, but instead you point
them at one of your servers (with IIS and the SUS server component) for
their patches. You can either just host the 'list' of updates they
should get, and then the clients download them from Microsoft as normal;
or you can 'synchronize' your SUS server with MS and have ALL of the
updates local (this would be most useful in the firewalled environment).

I hope this helps,
Chris

-
Christopher England
Server Administrator
MCSA, Server+, Network+, A+
College Information Technology Office
Indiana University


-Original Message-
From: John Parker [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, September 10, 2003 8:08 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] What is SUS?

Please forgive my naievity...

How is this different from the windows update component in my Group
policy?

And, is this a seperate piece of software?  Or is it included with
Server?

John Parker, MCSE
IS Admin.
Senior Technical Specialist
Digital Display Systems.

Alpha Video
7711 Computer Ave.
Edina, MN. 55435
 
952-896-9898 Local
800-388-0008 Watts
952-896-9899 Fax
612-804-8769 Cell
952-841-3327 Direct

[EMAIL PROTECTED]
Be excellent to each other
---End of Line---


-Original Message-
From: Tim Hines [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 10, 2003 7:26 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] What is SUS?


It stands for Software Update Services.  You can use it to deploy
updates to your clients.  You can setup an internal server that stores
updates that you download from the web.  Your clients will then use this
server to obtain
their updates.   You can find more info about it at
http://www.microsoft.com/windows2000/windowsupdate/sus/
--
Tim Hines, MCSE, MCSA


- Original Message - 
From: John Parker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 10, 2003 8:17 AM
Subject: [ActiveDir] What is SUS?


Hey all..

No flames ok?
I'm covered in jet fuel.

Could someone explain what SUS is?
I thik it is for windows updates, but I am not sure, and if it is
something that would streamline my updates, then I would like to know
more.

Thank you

John Parker, MCSE
IS Admin.
Senior Technical Specialist
Digital Display Systems.

Alpha Video
7711 Computer Ave.
Edina, MN. 55435

952-896-9898 Local
800-388-0008 Watts
952-896-9899 Fax
612-804-8769 Cell
952-841-3327 Direct

[EMAIL PROTECTED]
Be excellent to each other
---End of Line---


-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 09, 2003 8:35 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS Feedback...


William,

We, too, run SUS with great success - much of the warts have already
been mentioned so I won't elaborate.

However, we knew that ther was an issue with users not shutting of their
systems.  What we implemented to resolve this and to insure that updates
did get applied - especially in the case of vulns like MS03-07 and
MS03-26 - we have a script that will do a rolling 'restart' of systems.
Granted, our systems are named in a logical manner for our production
seats, but our staff seats are on their own subnet - so we just reboot
anything between specific IP ranges - and have it spaced out (by
minutes, hours, or days = depending on criticallity) so that the systems
don't overload the DCs and SUS systems, oh yeah - and the network g.

It's been effective for us for a fair amount of time (10 - 12 mos.) and
we are running this in 14 of our remote locations as well as our local
campus WAN with 8 buildings.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of William
Lefkovics
Sent: Tuesday, September 09, 2003 3:33 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] SUS Feedback...

We share the same issues.

But we have laptops that have traveled the country or just get taken
home each night, but haven't been rebooted in weeks.  They just
hibernate on battery power til next time they are opened.

Essentially, we have chosen to not shut off workstations at days' end.
They remain running 24/7.  Updates for antivirus, patches for
applications or OS all happen after hours for desktops.

William

- Original Message -
From: Roger Seielstad [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 09, 2003 11:59 AM
Subject: RE: [ActiveDir] SUS Feedback...


 I've been running SUS SP1 for a week or two 

RE: [ActiveDir] Exchange issue

[Shawn.Hayes]

Title: Message



Just 
to be sure DNS is working correctly.Can you surf the Internet on the 
Exchange server? Are you talking about Exchange 5.5, 2000 or 
2003?


Shawn 

  
  -Original Message-From: John Parker 
  [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 9:15 
  AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
  Exchange issue
  Hey 
  all...
  
  I have recently built an exchange server at home.The server and 
  activedirectory as well as exchange went by the book.I have all of my 
  workstations on the domain and they are working fine.All of the 
  workstations are connecting to the exchange server without a problem.two 
  of the computers have 3rdparty 
  internet mail accounts on them as well.(I hope I am making this 
  clear.)My domain is not registered as of yet because I cannot nail down a 
  static IP.(Cable modem blues)That will change once I have a 
  house.
  
  Now, for the problem.I cannot send mail to 
  anyone that is not in the gal.
  
  Shouldn't I be able to send mail out regardless 
  of whether my domain is reistered?I understand that I will not be able to 
  recieve external mail as far as the exchange server goes, and the internet 
  mail seems to be working fine short of sending.
  
  What am I missing here?
  
  Thanks for the help.
  
  John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems. 

RE: [ActiveDir] Exchange 2000 question

[Shawn.Hayes]

Title: Message



Exchange 2000 System Console under the Information Store look at 
Mailboxes.


Shawn 

  
  -Original Message-From: Rick Reynolds 
  [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 
  1:39 PMTo: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Exchange 2000 question
  How do you display the mailbox size in Active 
  Directory for an exchange 2000 mailbox?
  The admin tools for Exchange 5.5 do not display 
  the size acurately.
  

[ActiveDir] When to seize FSMO roles in a Disaster

[Shawn.Hayes]

Title: When to seize FSMO roles in a Disaster






Background:


A company we consult for has AD implemented in three sites. One Domain, AD is in Native Mode. A DNS and Global Catalog server exist in each site. Site locations are VB, NV and DC. VB is the hub with a leased line T1 to DC and two T1s, load balanced, to NV.

VB is home location and domain controllers in VB hold all FSMO roles. NV is semi-active production, but also established as a Disaster Recovery site in case VB goes boom! (lots of military targets in Hampton Roads). DC is a production site.

Question is:


If something happens in VB, when does it become absolutely necessary to seize FSMO roles in NV? I take it we would have to follow the same procedure in DC??? I understand once the roles are seized the domain controllers that held the roles must not come back up, not an issue.

Shawn Hayes, MCSE

Sr. Network Engineer

Compass Technology Management

Sound Business Sense for IT

www.compass.net

757-226-3328

RE: [ActiveDir] OT: Server Monitoring

[Shawn.Hayes]

Title: Message



use a 
local SMTP engine (IIS SMTP ) and let DNS route the messages out for 
you.


Shawn 

  
  -Original Message-From: Salandra, Justin 
  A. [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 
  8:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] OT: Server Monitoring
  
  I did 
  download the trial and have been using it, but the problem is that when the 
  exchange server goes down, how will it notify me? Someone mentioned using a script, but 
  I am not a scripting person, do you have anything for 
  this?
  
  -Original 
  Message-From: Van Noy, 
  Glen R [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 06, 2003 6:32 
  PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Server 
  Monitoring
  
  We use Servers 
  Alive and let me tell you, for the price, $99.00, it is one of the best values 
  around and does a fantastic job monitoring all types of servers and 
  services. Download the free copy, up to 10 checks, and try it yourself 
  and I guarentee that you will buy it.
  
  glen
  The University 
  of Texas at Dallas
  
  
  -Original Message- From: England, Christopher M 
  [mailto:[EMAIL PROTECTED] Sent: Wed 8/6/2003 4:36 PM To: [EMAIL PROTECTED] 
  Cc: Subject: RE: [ActiveDir] OT: Server 
  Monitoring
  I must say I am using this 
  and I find it more reliable than InsightManager. It emails my phone and my 
  regular email whenever a server isnot pingable (or if a certain service is 
  not running). The checkinterval is 2 minutes on mine, which catches most 
  things quickly enoughfor my needs. I recommend this for a nice and easy 
  (and free, for 10boxes and Shawn stated) Server Update utility.The 
  web page that you can have output is a little tricky to get workingwith 
  the NT service, but it works, and you can download a nice templatefor it 
  as well.Have 
  fun!Chris-Christopher 
  EnglandServer AdministratorMCSA, Server+, Network+, A+College 
  Information Technology OfficeIndiana University-Original 
  Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: 
  Wednesday, August 06, 2003 4:07 PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Server 
  MonitoringHaven't tested and I am not affiliated with this 
  company, but this maybe what you are looking for and it is free for up to 
  10 boxes (excellentprice for non-profits). It doesn't seem to 
  perform MAPI testing but itwill do SMTP testing.http://www.woodstone.nu/salive/Shawn-Original 
  Message-From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]Sent: 
  Tuesday, August 05, 2003 4:35 PMTo: ActiveDir (E-mail)Subject: 
  [ActiveDir] OT: Server MonitoringMmy company is currently looking 
  for a product that will monitor if thee-mail server and other servers are 
  up or down and then notify me bye-mailing my cell phone.Question 
  1) What software do you use? 2) How do you get notified 
  bye-mail if your e-mail server is down?Any help is appreciated, I 
  have already looked at Whats Up Gold andServers Alive.Justin A. 
  Salandra, MCSESenior Network EngineerCatholic Healthcare 
  System212.752.7300 - office917.455.0110 - 
  cell[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]List 
  info : http://www.activedir.org/mail_list.htmList 
  FAQ : http://www.activedir.org/list_faq.htmList 
  archive:http://www.mail-archive.com/activedir%40mail.activedir.org/List 
  info : http://www.activedir.org/mail_list.htmList 
  FAQ : http://www.activedir.org/list_faq.htmList 
  archive:http://www.mail-archive.com/activedir%40mail.activedir.org/List 
  info : http://www.activedir.org/mail_list.htmList 
  FAQ : http://www.activedir.org/list_faq.htmList 
  archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Todd hijacked

[Shawn.Hayes]

Site to Site VPN connection between Firewalls and leave the firewall port 
configuration alone...

Shawn



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 05, 2003 6:15 PM
To: ActiveDir
Subject: Re: [ActiveDir] Todd hijacked


Gil wrote an article on planning site coverage for your dc's.  That should help in 
that area.  AD over firewalls are a big pain. Many different approaches and most are 
not very good, none are perfect.  You were at DEC for the encrpted smtp approach, that 
is severely limited on your AD design and has other drawbacks. Explain more of your 
requirements for more specific input.

--
Sent from my BlackBerry Wireless Handheld



- Original Message -
From: ActiveDir-owner
Sent: 08/05/2003 04:30 PM
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String)

Well we are currently redesigning our Site Topology due to several organizations 
setting up firewalls and thinking they are guarding against Neo and the Matrix Gang.  
One thing we are working with Microsoft on is optimized Hub and Spoke topology by 
creating sites for networks that are behind firewalls.  We want to address a couple of 
things here in the design as well.  Failover DDNS service, Deployment of an Enterprise 
Level Directory Tripwire tool, and Enterprise Directory Monitoring.  What would be 
cool is if there was a directory optimization tool as well.  One that would set DNS 
SRV record Priorities.  I haven't had a chance to look at the latest version of DT to 
see if it is in there yet.

Part of the Firewall configuration is to set a static port.  The question is Is one 
port enough?.  I was reading some Backup Exec Documents and they recommended that 
their application have at least 20 ports open for their DCOM object.  Anyone have 
experience here and what to help a brother out?

Toddler



-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 05, 2003 3:58 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String)


What's up Todd? You have a hankerin' for some chicken?

And I probably should stop wasting everyone's inbox capacity with this silliness... 
Doesn't someone have some AD problems that need fixing?

-gil


-Original Message-
From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 05, 2003 12:31 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String)


Gil, you should give one out for every Enterprise purchase of Netpro Products.

Todd Myrick

-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 05, 2003 3:22 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String)


John,

Stella has put the world-famous Official DEC Screaming Yellow Rubber Chicken in the 
mail, so you should get it by the end of the week or so. When you do get it, be sure 
to give it a good squeeze.

When I spoke at the 2002 AFITC, a general from ACC (I've forgotten his name) told me 
that someone in his office had received one and the noise was driving him crazy. 
Scratch the chicken off the list of how to win friends and influence people.

-gil


-Original Message-
From: Bjelke John A Contr AFRL/VSIO [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 05, 2003 12:01 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String)


Gil, 
I'm not THAT old! Man, next you'll be implying that I built the DARPAnet! 
(and we all know it was Al Gore who's responsible for that!) *grin* Nah, I just have a 
fondness for old, dead languages and remembered seeing that one before. I actually had 
a book mark to a history of computing type doc that had this very example of MUMPS 
code. As for DEC Ottawa, I doubt it, times and budgets being what they are. But I'll 
take the chicken... sounds like cool geek-schwag :^)

 John A. Bjelke 
  Unisys
 505.853.6774
  [EMAIL PROTECTED]
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.



-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 05, 2003 12:01 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String)


Wow John! I'm impressed. Were you at Unisys when MUMPS actually ran on Unisys minis? 
Or did you just get lucky with Google? :)

I'm thinking that your answer deserves a world-famous Official DEC Screaming Yellow 
Rubber Chicken, whose hideous screech is known to strike fear in the hearts of dogs, 
cats, and small children.
 
Are you coming to DEC Ottawa? I can give it to you there, along with your free beer. 
Otherwise, send me your shipping info offlist, and no beer for you.

-gil

-Original Message-
From: Bjelke John A Contr AFRL/VSIO 

RE: [ActiveDir] Users Logged In

[Shawn.Hayes]

Title: Message



srvmgr 
is out of the box an available application Windows 2000 server located in the 
 system32 directory 

srvmgr 
from NT4 will also work. just copy the .exe to your local machine or run 
it from the server, it is up to you.

Shawn 

  
  -Original Message-From: Kitchens Arthur 
  E [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 
  2:36 PMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] Users Logged In
  The version for XP works on all of them I believe (NT 
  4.0,2000,2003). It's on the install cd's in the I386 
  folder adminpak.msi, or available for download from microsoft. I don't have 
  the URL handy, sorry.
  -Original Message- From: 
  Thommes, Michael M. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 29, 2003 12:19 PM To: 
  [EMAIL PROTECTED] 
  Not too late...I believe it is only available under NT 
  4. 
  Mike Thommes 
  -Original Message- From: Free, 
  Bob [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 29, 2003 1:06 PM To: 
  [EMAIL PROTECTED] Subject: RE: [ActiveDir] 
  Users Logged In 
  Not to sound like an absolute n00b or anything, 

  Too late :-] 
  start|run|svrmgr 
  -Original Message- From: 
  Richard Sumilang [mailto:[EMAIL PROTECTED]] 
  Sent: Tuesday, July 29, 2003 10:49 AM To: [EMAIL PROTECTED] Subject: Re: 
  [ActiveDir] Users Logged In 
  Not to sound like an absolute n00b or anything, but where is 
  Server Manager? 
  On Tuesday, July 29, 2003, at 01:06 AM, Milind Patil 
  wrote: 
   You can use the Server Manager for the same.. 
-Original 
  Message-  From: Richard Sumilang [mailto:[EMAIL PROTECTED]] 
   Sent: Tuesday, July 29, 2003 11:59 AM  To: [EMAIL PROTECTED]  
  Subject: [ActiveDir] Users Logged In  
How do I know what users 
  are currently logged in? They are all logging  
  into the domain into active directory but I don't know where to see 
  the  users that are currently 
  logged and which ones aren't. Secondly would  it 
  show if they are idle?   List info : http://www.activedir.org/mail_list.htm  List FAQ : http://www.activedir.org/list_faq.htm  List archive:  http://www.mail-archive.com/activedir%40mail.activedir.org/ 
   List info : http://www.activedir.org/mail_list.htm  List FAQ : http://www.activedir.org/list_faq.htm  List archive:  http://www.mail-archive.com/activedir%40mail.activedir.org/ 

  List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 
  List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 
  
  List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 
  
  List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 
  

RE: [ActiveDir] Users Logged In

[Shawn.Hayes]

I just read the initial thread ..

Server manager is not what you want to use, but will work!

Use Computer Manager and 'connect to' the machine you would like to
investigate or open Computer Manager on the machine in question.

Expand Shared Folders \ Sessions  and you will see who is actively using
that server.


Computer Manager will show you the same info as Server Manager, but in
an easier to read format with an expandable window..



Shawn



-Original Message-
From: Free, Bob [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 29, 2003 2:47 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Users Logged In


If you are running XP, my copy's from the 2003 ResKit. It should already
be on a 2K box in %windir%\system32

Caveat emptor-

From 2003 RK help

Warning

Using this tool on Active Directory domains or Windows 2000, Windows XP
or Windows Server 2003 computers may cause corruption, or the tool may
refuse to target such domains or computers. Always use the Active
Directory administrative tools for Active Directory domains.

:^)

-Original Message-
From: Richard Sumilang [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 29, 2003 11:15 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Users Logged In


When I go to start, run, svrmgr it says that the program does not 
exist. How do I install it?


On Tuesday, July 29, 2003, at 11:06  AM, Free, Bob wrote:

 Not to sound like an absolute n00b or anything,

 Too late :-]

 start|run|svrmgr

 -Original Message-
 From: Richard Sumilang [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, July 29, 2003 10:49 AM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] Users Logged In


 Not to sound like an absolute n00b or anything, but where is Server 
 Manager?


 On Tuesday, July 29, 2003, at 01:06  AM, Milind Patil wrote:

 You can use the Server Manager for the same..

 -Original Message-
 From: Richard Sumilang [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, July 29, 2003 11:59 AM
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] Users Logged In


 How do I know what users are currently logged in? They are all
logging
 into the domain into active directory but I don't know where to see
 the
 users that are currently logged and which ones aren't. Secondly would
 it show if they are idle?

 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/



 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Quick AD integrated DNS question :)

[Shawn.Hayes]

Title: Message



Would 
think it would decrease traffic in the long run because of users at that end on 
the WAN pipe can retrieve locally cached lookups.


Shawn 

  
  -Original Message-From: Roger Seielstad 
  [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 
  4:20 PMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] Quick AD integrated DNS question :)
  I'd 
  expect it to be minimal, although I don't have a lot of emperical data to 
  prove it.
  
  
  -- 
  Roger D. Seielstad 
  - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. 
  
  

-Original Message-From: Rogers, Brian 
[mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 2:26 
PMTo: '[EMAIL PROTECTED]'Subject: RE: 
[ActiveDir] Quick AD integrated DNS question :)

So what is the 
impact of placing DNS servers at each remote location? 
Significant? Or minimal? (given connections are all greater than 
256k frame)

-Original 
Message-From: Roger 
Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 
2003 1:26 
PMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD 
integrated DNS question :)


I 
believe you are correct. Additionally, though, I don't think DNS replication 
traffic is all that considerable. The worst data hog in DNS is the resolver 
cache, which isn't replicated.




-- 
Roger D. Seielstad 
- MTS MCSE MS-MVP Sr. 
Systems Administrator Inovis 
Inc. 

  -Original 
  Message-From: 
  Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 
  AMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD 
  integrated DNS question :)
  I 
  was looking more along the lines of replication traffic. However 
  since the zone is replicated within ADthere shouldn't be any 
  additional (or if so very minimal) replication traffic between the DNS 
  servers other than the normal AD replication traffic 
  correct?
  
  -Original 
  Message-From: Roger 
  Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 
  AMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD 
  integrated DNS question :)
  
  
  I 
  always configure every DC as a DNS server. I consider that if a location 
  requires a DC, it also requires local DNS.
  
  
  
  
  -- 
  Roger D. 
  Seielstad - MTS MCSE MS-MVP Sr. 
  Systems Administrator Inovis 
  Inc. 
  
-Original 
Message-From: 
Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 
AMTo: 
'[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD 
integrated DNS question :)

  1. 
  When 
  configuring an AD Integrated DNS zone, at least one DC in each site 
  should be running DNS? Or all DCs should be running DNS? 
  Would it matter either way? 
  
  

RE: [ActiveDir] AD Upgrade with bad NetBIOS name

[Shawn.Hayes]

Title: Message



Our 
company Netbios name has a .net extensionfrom previous 
employees...

It has 
caused us no problems with our AD. (Multisite Native 
Mode)


Shawn 

  
  -Original Message-From: Brenden Bryan 
  [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 
  4:51 PMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] AD Upgrade with "bad" NetBIOS name
  Migrate, leave that issue behind.
  

-Original Message-From: Michael B. 
Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 
3:26 PMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] AD Upgrade with "bad" NetBIOS name
I 
think you misunderstand.

The company's netbios name is company.com -- that's the NT4 domain is 
company.com. I'm concerned about doing an AD upgrade with a period in the 
netbios name.

  
  -Original Message-From: Jef Kazimer 
  [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 3:35 
  PMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] AD Upgrade with "bad" NetBIOS name
  
  Why not just 
  use an internal namespace?
  
  I've done it at 
  a few companies use "corp.com" publicly, and 
  "corp.net" internally. The only issue is if you don't own 
  corp.net and may in the future have to get to the external 
  net.
  
  Company.int is 
  available. J 
  You can use "company.com" externally and "company.int" for your internal 
  network.
  
  This would 
  provide you a migration path and a separation of internal and external 
  namespaces.
  
  Jef
  
  
  
  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. 
  SmithSent: Thursday, 
  June 26, 
  2003 1:53 
  PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Upgrade 
  with "bad" NetBIOS name
  
  
  Actually, that IS 
  their real name. They are a "dot com" that has succeeded and is still 
  around.
  
-Original 
Message-From: 
Raymond McClinnis [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 
2003 2:34 
PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Upgrade 
with "bad" NetBIOS name
I don't know 
that it's such a bad thing... Most or all of the TechNet examples 
will be personalized for their environment...J

But 
Seriously, I'd consider migrating to a domain that has their real name 
in it, if not entirely for esthetic 
reasons.

But that's 
just me...




Thanks,

Raymond 
McClinnis 
Network 
Administrator
Provident 
Credit Union

-Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B. 
SmithSent: Thursday, 
June 26, 
2003 11:05 
AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] AD Upgrade 
with "bad" NetBIOS name


I've just 
retained a client whose NT4 domain name is company.com -- yes, their 
netbios domain name.



I'm seriously 
concerned about upgrading them to AD. Do I have any worries? I've never 
seen this one before, and it isn't covered in any of the whitepapers 
I've quickly perused.



Thanks.


  ---APPLEBEE'S INTERNATIONAL, INC. 
  CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be 
  contained in this message or any attachments. This information is strictly 
  confidential and may be subject to attorney-client privilege. This message is 
  intended only for the use of the named addressee. If you are not the intended 
  recipient of this message, unauthorized forwarding, printing, copying, 
  distribution, or using such information is strictly prohibited and may be 
  unlawful. If you have received this in error, you should kindly notify the 
  sender by reply e-mail and immediately destroy this message. Unauthorized 
  interception of this e-mail is a violation of federal criminal law. Applebee's 
  International, Inc. reserves the right to monitor and review the content of 
  all messages sent to and from this e-mail address. Messages sent to or from 
  this e-mail address may be stored on the Applebee's International, Inc. e-mail 
  system.

[ActiveDir] OT: Link to Windows 2000 Service Pack 4

[Shawn.Hayes]

http://download.microsoft.com/download/e/6/a/e6a04295-d2a8-40d0-a0c5-241
bfecd095e/w2ksp4_en.exe
 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4

[Shawn.Hayes]

Title: Message



Yes


Shawn 

  
  -Original Message-From: Leeuwen van, JWJ 
  (Joost) [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 
  25, 2003 8:44 AMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: Link to 
  Windows 2000 Service Pack 4
  Is this the final version or a leaked one? 
  Joost 
-Original 
  Message-  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
   Sent: Wednesday, June 25, 2003 2:39 PM 
   To: [EMAIL PROTECTED]   http://download.microsoft.com/download/e/6/a/e6a04295-d2a8-40d 
   0-a0c5-241  
  bfecd095e/w2ksp4_en.exeList info : http://www.activedir.org/mail_list.htm  List FAQ : http://www.activedir.org/list_faq.htm  List archive:  http://www.mail-archive.com/activedir%40mail.activedir.org/ 

  De informatie opgenomen 
  in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de 
  geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht 
  de inhoud niet te gebruiken en de afzender direct te informeren door het 
  bericht te retourneren. 
  The information 
  contained in this message may be confidential and is intended to be 
  exclusively for the addressee. Should you receive this message 
  unintentionally, please do not use the contents herein and notify the 
  sender immediately by return e-mail.

RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4

[Shawn.Hayes]

Sounds like the boys with Beta and Premier access are pissed we PUBLIC
only individuals can obtain this software at the same time or before
them.

Like any other software from MS, use at your own discretion and test,
test, test before production. 

Enjoy or don't it is up to you.





-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 25, 2003 2:26 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4


Add to that the fact that you could void certain warranties and
contracts you have with Microsoft (support etc) if a box you have STB on
you while you're running an app/service pack etc that your class of
service has not yet been made privy to 

-Original Message-
From: Rod Trent [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 25, 2003 2:15 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4

You should also note, that service packs have been yanked after being
released to Premier customers that have had to be retooled before public
release.  So, its really not a good idea to apply a service pack in a
production environment that doesn't yet have full public support.  If
you have problems with a pre-public release, you are SOL.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin Tuip
Sent: Wednesday, June 25, 2003 1:59 PM
To: [EMAIL PROTECTED]

So who is going to get 'slapped' ?


Martin 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent
Sent: Wednesday, June 25, 2003 7:54 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4

Win2k SP4 was released to Premier customers this morning.   Those are
the
links you are seeing.  Public availability is June 30th.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Wednesday, June 25, 2003 1:16 PM
To: [EMAIL PROTECTED]

Rick,

The RC1 that we got the other day had NO warnings - standard EULA.  So,
I wouldn't base the reality of release or beta on 'big warnings'.
That's not always the case.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Reynolds
Sent: Wednesday, June 25, 2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4

http://download.microsoft.com/download/e/6/a/e6a04295-d2a8-40d0-a0c5-241
bfec
d095e/w2ksp4_en.exe

I am downloading now, I will let you know what Microsoft Says in the
install. Beta stuff has big warnings.. of course so does the regular
patches to.


From: Leeuwen van, JWJ (Joost) [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT:  Link to Windows 2000 Service Pack 4
Date: Wed, 25 Jun 2003 14:44:17 +0200
MIME-Version: 1.0
Received: from mail.activedir.org ([64.245.160.7]) by
mc9-f39.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 25
Jun 2003 07:40:41 -0700
Received: from RELAY02.rabobank.nl [145.72.69.21] by mail.activedir.org
with ESMTP  (SMTPD32-7.07) id A972E0600F0; Wed, 25 Jun 2003 08:45:38
-0400
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
Message-ID:
[EMAIL PROTECTED]
Return-Receipt-To: Leeuwen van, JWJ (Joost)
[EMAIL PROTECTED]
X-WSS-ID: 12E747131949507-01-01
X-WSS-ID: 12E746331337517-01-01
Precedence: bulk
Sender: [EMAIL PROTECTED]
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 25 Jun 2003 14:40:42.0040 (UTC)
FILETIME=[C0C4EB80:01C33B27]

Is this the final version or a leaked one?

Joost

 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]  
Sent:
Wednesday, June 25, 2003 2:39 PM   To: [EMAIL PROTECTED]  

http://download.microsoft.com/download/e/6/a/e6a04295-d2a8-40d
  0-a0c5-241
  bfecd095e/w2ksp4_en.exe
 
 
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 


De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de
afzender direct te informeren door het bericht te retourneren.

The information contained in this message may be confidential and is
intended to be exclusively for the addressee. Should you receive this
message unintentionally, please do not use the contents herein and
notify the sender immediately by return e-mail.

_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail

List 

RE: [ActiveDir] Domain Local Group

[Shawn.Hayes]

AS long as you are in Native Mode.  In mixed mode they are the same as
NT 4 domain controller based local groups




-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 18, 2003 9:11 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Domain Local Group


They can be used to assign permissions to any object within the domain
in which it exists.

In NT4 terms, it's the rough equivilent of making an identical local
group on each box throughout the domain.

--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.


 -Original Message-
 From: Jennifer Fountain [mailto:[EMAIL PROTECTED]
 Sent: Monday, June 16, 2003 11:54 AM
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] Domain Local Group
 
 
 What exactly can they be used for?  Can I create a DLG and
 add global groups and assign permissions?  Can I assign 
 sql2000 permissons
 
 According to this article, I should be able to... Or am I
 reading it wrong? 
 http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/modcore
/html/deconWindowsNTSQLServerLogins.asp

I created a dlg and assigned it to a db and it didn't work.  I am in
mixed mode.  Does that affect it? Sp2 affect it?

Thanks for any info
Jenn
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] WinPE and RIS

[Shawn.Hayes]

Title: Message



Anyone 
know where to obtain WinPE? It is hard for me to 
find
Shawn 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  Sent: Saturday, May 31, 2003 11:49 AMTo: 
  [EMAIL PROTECTED]Subject: Re: [ActiveDir] WinPE and 
  RIS
  PE is for the situations where a floppy can't cut it, easier way to get a 
  base OS with decent driver support, the ability to format and partition drives 
  and run winnt32.exe--Sent from my 
  BlackBerry Wireless Handheld
  
  
   - Original Message - From: 
  ActiveDir-owner Sent: 05/31/2003 05:58 AM 
  To: [EMAIL PROTECTED] Subject: [ActiveDir] 
  WinPE and RIS
  Hey 
  all,
  
  This 
  may not be a question for this group, but I don't know where I can ask this 
  question.
  
  My 
  question is:
  Why 
  using a RIS for installing WinPE?
  Either I don't see why WinPE is used for, or I'm missing something 
  here...
  
  
  
  *
  Dit e-mail bericht inclusief eventuele 
  ingesloten bestanden kan informatie bevatten die vertrouwelijk is en/of 
  beschermd door intellectuele eigendomsrechten. Dit bericht is uitsluitend 
  bestemd voor de geadresseerde(n). Elk gebruik van de informatie vervat in dit 
  bericht (waaronder de volledige of gedeeltelijke reproductie of verspreiding 
  onder elke vorm) door andere personen dan de geadresseerde(n) is verboden. 
  Indien u dit bericht per vergissing heeft ontvangen, gelieve de afzender 
  hiervan te verwittigen en dit bericht te verwijderen. 
  This e-mail and any attachment thereto may 
  contain information which is confidential and/or protected by intellectual 
  property rights and are intended for the sole use of the addressees. Any use 
  of the information contained herein (including but not limited to total or 
  partial reproduction or distribution in any form) by other persons than the 
  addressees is prohibited. If you have received this e-mail in error, please 
  notify the sender and delete its contents. 
  *

RE: [ActiveDir] AD Backup

[Shawn.Hayes]

Yeah, I wish

Welcome to MD could I take your order please?

Could I get a mail system to go and hold the spam...





-Original Message-
From: Andy David [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 28, 2003 8:06 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD Backup


So does McDonalds.
 

-Original Message-
From: David Precht [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 28, 2003 6:10 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD Backup

nah... but they do make almost everything 
--- Rick Kingslan [EMAIL PROTECTED] wrote:
 But, David - why not :
 
 http://www.smallwonders.com/activedirsolutions.htm
 
 Or, as suggested here in the past, do you get
 kickbacks from Sunbelt??
 
 Rick Kingslan  MCSE, MCSA, MCT
 Microsoft MVP - Active Directory
 Associate Expert
 Expert Zone - www.microsoft.com/windowsxp/expertzone
  
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On
 Behalf Of David Precht
 Sent: Tuesday, May 27, 2003 7:04 AM
 To: [EMAIL PROTECTED]
 
 http://www.sunbelt-software.com/product.cfm?id=785
 Active Administrator
 
 --- zhaohu [EMAIL PROTECTED] wrote:
  does anyone konw what is the best way to backup
 and resume AD? thanks
  very much:)
  
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:

http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


--
The information contained in this email message is privileged and
confidential information intended only for the use of the individual or
entity to whom it is addressed.  If the reader of this message is not
the intended recipient, you are hereby notified that any dissemination,
distribution or copy of this message is strictly prohibited.  If you
have received this email in error, please immediately notify Veronis
Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email
([EMAIL PROTECTED]) and delete the message.  Thank you.


==

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Program that gives folder rights

[Shawn.Hayes]

Showacls resource kit utility  pipe to a text file

Cacls  pipe to a text file

Xcacls  pipe to a text file

-Original Message-
From: Burns, Clyde [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 21, 2003 2:57 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Program that gives folder rights


Security Explorer from www.smallwonders.com might be something you want
to look at. They have a demo on the site you can download after filling
out a marketing survey.

Clyde Burns

-Original Message-
From: Jennifer Fountain [mailto:[EMAIL PROTECTED]
Sent: Friday, March 21, 2003 2:45 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Program that gives folder rights


Does anyone know of a tool that will display security (file) rights for
multiple folders?



Thank you
Jenn Fountain

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Remove a Local Security Template

[Shawn.Hayes]

Title: Message



I 
opened the security template xx.inf and made a batch file 
to undo or remove additions and modifications made by the 
template.

Thanks 
to everyone for the responses



  
  -Original Message-From: Rick Kingslan 
  [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2003 9:14 
  PMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Remove a Local Security Template
  Folks,
  
  Don't forget - security templates make more than just changes to 
  registry. You can affect group memberships via the restricted groups, 
  permission on services, permissions on registry, added registry entries, 
  permissions on NTFS, blah, blah, blah.
  
  Oh, 
  and if you implemented any of the 10 or so suggested TCP/IP registry settings 
  to further secure TCP/IP, those aren't reversed either.
  
  None 
  of this is going to be affected by simply purging a .SDB and log file and 
  refreshing the 'current' settings. As these were additions TO the 
  current, the current doesn't know anything about them. The only way to 
  reverse them is to track your changes with a change control 
  procedure.
  
  Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - 
  Active DirectoryAssociate ExpertExpert Zone - 
  www.microsoft.com/windowsxp/expertzone
  
  
  


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Friday, March 07, 2003 3:42 
PMTo: [EMAIL PROTECTED]

What about the registry changes the original template applied? 
I don't think this would get it Thanks though

  
  -Original Message-From: John 
  Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED] Sent: 
  Friday, March 07, 2003 3:26 PMTo: 
  [EMAIL PROTECTED]Subject: Re: [ActiveDir] Remove a 
  Local Security TemplateYou can delete the security.sdb file out of 
  \\Winnt\security\database directory. You then run secedit /refreshpolicy 
  {policy type}. We had good luck using this on Win2000 workstations 
  to flush a local policy that had been created on them. 
  
  


  [EMAIL PROTECTED] Sent by: 
[EMAIL PROTECTED] 
03/07/2003 01:49 PM 

  
  

  Please respond 
  to[EMAIL PROTECTED]
  

  
  

  To
[EMAIL PROTECTED] 
  

  cc

  

  Subject
[ActiveDir] Remove 
  a Local Security Template

  
  

Does anyone know of a way to remove a Local Security 
  Template and return the box to "Gold"? (W2K server) 
  Shawn Hayes, MCSE Network 
  Engineer Compass Technology Management 
  Sound Business Sense 
  for IT www.compass.net 757.226.3328 
  

[ActiveDir] Remove a Local Security Template

[Shawn.Hayes]

Title: Remove a Local Security Template






Does anyone know of a way to remove a Local Security Template and return the box to Gold? (W2K server)


Shawn Hayes, MCSE

Network Engineer

Compass Technology Management

Sound Business Sense for IT

www.compass.net

757.226.3328

RE: [ActiveDir] Remove a Local Security Template

[Shawn.Hayes]

Title: Message



What 
about the registry changes the original template applied? I don't think 
this would get it Thanks though

  
  -Original Message-From: John 
  Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED] Sent: Friday, 
  March 07, 2003 3:26 PMTo: 
  [EMAIL PROTECTED]Subject: Re: [ActiveDir] Remove a Local 
  Security TemplateYou can 
  delete the security.sdb file out of \\Winnt\security\database directory. You 
  then run secedit /refreshpolicy {policy type}. We had good luck using 
  this on Win2000 workstations to flush a local policy that had been created on 
  them. 
  


  [EMAIL PROTECTED] Sent by: 
[EMAIL PROTECTED] 
03/07/2003 01:49 PM 

  
  

  Please respond 
  to[EMAIL PROTECTED]
  

  
  

  To
[EMAIL PROTECTED] 
  

  cc

  

  Subject
[ActiveDir] Remove a 
  Local Security Template

  
  

Does anyone know of a way to remove a Local Security Template and 
  return the box to "Gold"? (W2K server) 
  Shawn Hayes, MCSE 
  Network Engineer Compass Technology 
  Management Sound Business Sense for IT www.compass.net 
  757.226.3328 
  

RE: RE: [ActiveDir] Issue with loging

[Shawn.Hayes]

Fault tolerance will come from multiple domain controllers in the same
domain

-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
Sent: Friday, February 14, 2003 2:07 PM
To: '[EMAIL PROTECTED]'
Subject: RE: RE: [ActiveDir] Issue with loging


That's not how it works. You can only be authenticated by a DC in the
domain in which your account exists. Parent (or any other domain, for
that matter) domains in the forest cannot authenticate for other
domains.

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: Brahim Bouchaiba [mailto:[EMAIL PROTECTED]]
 Sent: Friday, February 14, 2003 9:41 AM
 To: [EMAIL PROTECTED]
 Subject: Re: RE: [ActiveDir] Issue with loging
 
 
 Sorry ,but I'm still confused .There is an automatic trust between the

 parent DC and the child DC .So if the child went down and the parent 
 DC is up ,users from the child DC should be able to logon to the 
 parent ???otherwise where is the fault tolerance.
 
 
 
 
 
 
 
 [EMAIL PROTECTED] writes:
 That's a misunderstanding - the parent domain's DCs (or DC
 in any other
 domain) will only know parts of the attributes of the other
 domains in a
 forest. These are stored in the Global Catalog (stores a partial 
 attribute set).  This is good to query for data in AD, but not for
 logon. The PW
 of a
 user and other things (like Domain Local Group memberships) are only 
 stored on the DC of the domain a user belongs to - thus at least
 one DC of the
 domain where you want to logon needs to be available.
 
 /Guido
 
 -Original Message-
 From: Brahim Bouchaiba [mailto:[EMAIL PROTECTED]]
 Sent: Montag, 10. Februar 2003 20:55
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] Issue with loging
 
 
 Hello
 We thinking about migrating to the active directory ,So I
 set up lab test
 for it.I have one issue so far .I have one parent domain and
 it's child
 .To
 test the fault tolerance i brought the child domain down
 .Then I tried to
 login to the parent domain with one of the user name from the child 
 domain.So far i can't .According to microsoft the parent
 domain should
 know
 about all the users and their credentials on it's child
 domain.But it's
 not
 working fro me.Any help will be great .thanks
 
 
 Brahim Bouchaiba
 Network administrator
 Information technology
 617-7359720
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: OWA was unable to get your inbox

[Shawn.Hayes]

I think the answer to your problem is spelled out in the bottom of a
Budweiser Light :-)

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] 
Sent: Friday, February 07, 2003 3:28 PM
To: ActiveDir (E-mail)
Subject: [ActiveDir] OT: OWA was unable to get your inbox
Importance: High


Hello everyone,

I truly hate this error message.

According to MS this problem should not exist, but it does.  I have
users that get created in AD and then get replicated by the ADC from
Exchange 2000 SP3 CD to Exchange 5.5 SP4.  Some time passes once the
user account is created and suddenly the users permissions in Exchange
are changed from the role of user to Custom and the mailbox owner box is
unchecked.  Now what I have noticed is that once I fix it, by clicking
Mailbox Owner in the
exchange properties, it usually goes away.   When this problem happens
the
user can't access Outlook or OWA.  Once fixed they should go back, well
I have a user that couldn't get into either and I checked the properties
and there it is, Mailbox Owner is unchecked on this newly created
account. About a day old.  I check the box and now the user can access
Outlook with
no problems, but OWA gets the following error.   OWA is unable to get
your
inbox.

I have checked on the TechNet site and on the Internet for help on this.
I have looked at Q248081 and made the change to the registry key
ProfileMemMaxSize to a value of 0x4000.  I have stopped and started IIS.
I have tried typing in the exchange alias, the full e-mail address and
the users first and last name in the logon box of the
http://servername.mydomain.com/exchange
http://servername.mydomain.com/exchange  site.  I type in the user
name and password, I even tried specifying the domain and all I get is
this error.  So the error is not an ambiguous name, it is not a proxy
issue since I don't connect over a proxy server.  I simply don't know
the answer to this.  Can someone please help me.  

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
914.681.8117 office
646.483.3325 cell
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Active Directory - Windows Server 2003

[Shawn.Hayes]

yes

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] 
Sent: Monday, January 27, 2003 1:58 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Active Directory - Windows Server 2003


Is windows 2003 Windows .NET??

 -Original Message-
From:   Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] 
Sent:   Monday, January 27, 2003 12:05 PM
To: '[EMAIL PROTECTED]'
Subject:RE: [ActiveDir] Active Directory - Windows Server 2003

I've been running it in a lab environment for several months. The AD in
WS2K3 is fundamentally as it was in W2K, with some notable improvements
in the KCC (reduced computation needed for topology calculation),
replication (value replication instead of attribute replication for
certain attributes), and multi-forest support (cross forest trust). A
nice security improvement is that anonymous users by default have no
access and therefore can't mount DOS attacks on AD. Supposedly the
overall performance of AD has been improved, but I haven't assessed
that. There are improvements in some of the AD-related admin tools as
well.

Summary: notable but not revolutionary improvements. The upgrade path is
fairly low friction, so I'd feel pretty comfortable starting deployment
of WS2K3 when it ships.

-gil


-Original Message-
From: Clifford Airhart [mailto:[EMAIL PROTECTED]] 
Sent: Monday, January 27, 2003 9:43 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Active Directory - Windows Server 2003


Hello Everyone!

With the new version of Windows Server 2003 there's a new version of
Active Directory. It seems to have some more features than the
Windows2000 Active Directory. Windows Server 2003 is due to be released
in April. Has anyone tested, implemented, or researched this version and
found it much better than Windows2000 version? 


Thanks in advance your advice and input!

Cliff Airhart 
Answer Financial Inc. 
Senior Systems Administrator - Server Support / eBusiness
[EMAIL PROTECTED] 818.644.4225 We answer to you.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Minimum permission to Monitor AD

[Shawn.Hayes]

Title: Minimum permission to Monitor AD






Does anyone know what the minimum permissions an account would need to successfully monitor AD replication using Replmon or any application for that matter?

Shawn Hayes, MCSE

Network Engineer

Compass Technology Management

Sound Business Sense for IT

www.compass.net

757.226.3328

RE: [ActiveDir] Protocols Required

[Shawn.Hayes]

And the two Exchange servers are in the same Windows site and Exchange
site?

-Original Message-
From: Andy David [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 09, 2003 11:31 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Protocols Required


So after you moved their mailboxes no one was able to access their
mailboxes w/o recreating their Outlook profile to point to the new
server? 
Im missing something here.


-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 09, 2003 10:23 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Protocols Required


I know that, I just want to know if that request for the change still
occurs over port 135, I had a site that did not have outlook
automatically reconfigure after 3 weeks of the old server being up.  DNS
was right and so was WINS.

 -Original Message-
From:   Andy David [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, January 09, 2003 9:42 AM
To: '[EMAIL PROTECTED]'
Subject:RE: [ActiveDir] Protocols Required

You need to leave the first server up in order for mapi to work its
magic.

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 09, 2003 9:28 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Protocols Required


When you move a mailbox to another server, Outlook will automatically
change the server defined in the local profile.

 -Original Message-
From:   Rick Kingslan [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, January 09, 2003 9:25 AM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] Protocols Required

Justin,

I'm not sure what you mean by 'reconfiguring the server in the local
profile'?  The requirement *is* to communicate over port 135.  Outlook
cannot just arbitrarilly decide to communicate over another port to
support this - hence it cannot automatically reconfigure itself.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone





 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of 
 Salandra, Justin A.
 Sent: Thursday, January 09, 2003 8:00 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] Protocols Required
 
 
 What would prevent Mapi Outlook clients from automatically
 reconfiguring the server in the local profile?
 
 Justin A. Salandra, MCSE
 Senior Network Engineer
 Catholic Healthcare System
 914.681.8117 office
 646.483.3325 cell
 [EMAIL PROTECTED]
 
 
  -Original Message-
 From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, January 09, 2003 9:01 AM
 To:   '[EMAIL PROTECTED]'
 Subject:  RE: [ActiveDir] Protocols Required
 
 No. Something needs to point it to the correct ports.
 
 --
 Roger D. Seielstad - MCSE
 Sr. Systems Administrator
 Inovis - Formerly Harbinger and Extricity
 Atlanta, GA
 
 
  -Original Message-
  From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, January 08, 2003 3:26 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] Protocols Required
  
  
  Would Outlook 2000 still function if port 135 is bocked? Meaning 
  that the user can still use outlook for outlook will never
  automatically reconfigure
  itself?
  
   -Original Message-
  From:   Roger Seielstad [mailto:[EMAIL PROTECTED]] 
  Sent:   Wednesday, January 08, 2003 3:25 PM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] Protocols Required
  
  Needs RPC end point mapper (135) and then the ports for DS and IS. 
  Seeing as those default to being randomly assigned, you're in 
  trouble.
  
  Read the FAQ on how to assign static ports to the services.
  
  --
  Roger D. Seielstad - MCSE
  Sr. Systems Administrator
  Inovis - Formerly Harbinger and Extricity
  Atlanta, GA
  
  
   -Original Message-
   From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, January 08, 2003 3:18 PM
   To: '[EMAIL PROTECTED]'
   Subject: RE: [ActiveDir] Protocols Required
   
   
   Sorry, I need to know about outlook 2000 and exchange 5.5 
   communications
   
-Original Message-
   From: Weston Rogers [mailto:[EMAIL PROTECTED]] 
   Sent: Wednesday, January 08, 2003 3:08 PM
   To:   [EMAIL PROTECTED]
   Subject:  RE: [ActiveDir] Protocols Required
   
   Maybe this will help?
   
   http://support.microsoft.com/default.aspx?scid=kb;en-us;278339
   
   -Original Message-
   From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, January 08, 2003 2:49 PM
   To: ActiveDir (E-mail)
   Subject: [ActiveDir] Protocols Required
   Importance: High
   
   
   Hello everyone,
   
   I really need some help on this subject.
   
   Does everyone here know that when you move a mailbox in
 exchange to
   another mailbox in the same organization 

RE: [ActiveDir] Protocols Required

[Shawn.Hayes]

Outlook will send a request from a high port on the local machine to
port 135 on the Exchange server.  The Exchange server will listen on
Port 135 and respond on some high port.

TCP/IP communication

-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 09, 2003 11:35 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Protocols Required


You don't seem to be listening.

The RPC endpoint mapper, which is what runs on port 135, is an initial
connection point for ALL RPC traffic. That's the port used to negotiate
the actual connections. All MAPI connections are RPC. What do you think
the answer is?

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, January 09, 2003 9:46 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] Protocols Required
 
 
 Right, so does outlook still communicate over port 135 to
 change the server
 
  -Original Message-
 From: Carey, Greg [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, January 09, 2003 9:34 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] Protocols Required
 
 With the caveat that the old mail store remains up until the client 
 connects.
 
 -Original Message-
 From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, January 09, 2003 9:28 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] Protocols Required
 
 
 When you move a mailbox to another server, Outlook will
 automatically change
 the server defined in the local profile.
 
  -Original Message-
 From: Rick Kingslan [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, January 09, 2003 9:25 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] Protocols Required
 
 Justin,
 
 I'm not sure what you mean by 'reconfiguring the server in the local 
 profile'?  The requirement *is* to communicate over port 135.  Outlook

 cannot just arbitrarilly decide to communicate over another port to 
 support this - hence it cannot automatically reconfigure itself.
 
 Rick Kingslan  MCSE, MCSA, MCT
 Microsoft MVP - Active Directory
 Associate Expert
 Expert Zone - www.microsoft.com/windowsxp/expertzone
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]] On Behalf Of 
  Salandra, Justin A.
  Sent: Thursday, January 09, 2003 8:00 AM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] Protocols Required
  
  
  What would prevent Mapi Outlook clients from automatically
  reconfiguring the server in the local profile?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Roger Seielstad [mailto:[EMAIL PROTECTED]] 
  Sent:   Thursday, January 09, 2003 9:01 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] Protocols Required
  
  No. Something needs to point it to the correct ports.
  
  --
  Roger D. Seielstad - MCSE
  Sr. Systems Administrator
  Inovis - Formerly Harbinger and Extricity
  Atlanta, GA
  
  
   -Original Message-
   From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, January 08, 2003 3:26 PM
   To: '[EMAIL PROTECTED]'
   Subject: RE: [ActiveDir] Protocols Required
   
   
   Would Outlook 2000 still function if port 135 is bocked? Meaning 
   that the user can still use outlook for outlook will never
   automatically reconfigure
   itself?
   
-Original Message-
   From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
   Sent: Wednesday, January 08, 2003 3:25 PM
   To:   '[EMAIL PROTECTED]'
   Subject:  RE: [ActiveDir] Protocols Required
   
   Needs RPC end point mapper (135) and then the ports for DS and IS.

   Seeing as those default to being randomly assigned, you're in 
   trouble.
   
   Read the FAQ on how to assign static ports to the services.
   
   --
   Roger D. Seielstad - MCSE
   Sr. Systems Administrator
   Inovis - Formerly Harbinger and Extricity
   Atlanta, GA
   
   
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 08, 2003 3:18 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Protocols Required


Sorry, I need to know about outlook 2000 and exchange 5.5 
communications

 -Original Message-
From:   Weston Rogers [mailto:[EMAIL PROTECTED]] 
Sent:   Wednesday, January 08, 2003 3:08 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] Protocols Required

Maybe this will help?

http://support.microsoft.com/default.aspx?scid=kb;en-us;278339

-Original Message-

RE: [ActiveDir] Protocols Required

[Shawn.Hayes]

As I understand it, Outlook MAPI calls are RPC based and of course if
you are using POP3 port 110

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 08, 2003 3:18 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Protocols Required


Sorry, I need to know about outlook 2000 and exchange 5.5 communications

 -Original Message-
From:   Weston Rogers [mailto:[EMAIL PROTECTED]] 
Sent:   Wednesday, January 08, 2003 3:08 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] Protocols Required

Maybe this will help?

http://support.microsoft.com/default.aspx?scid=kb;en-us;278339

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 08, 2003 2:49 PM
To: ActiveDir (E-mail)
Subject: [ActiveDir] Protocols Required
Importance: High


Hello everyone,

I really need some help on this subject.

Does everyone here know that when you move a mailbox in exchange to
another mailbox in the same organization the outlook 2000 client
automatically reconfigures the mail server setting on the profile to
allow the client to contact the correct mail server where that mailbox
now resides.  My question is what are the protocols needed by the client
in order for that to occur and the ports associated with them.  I
believe it is NetBIOS Broadcast calls and RPC but I am not sure.  Also
what protocols and ports are needed in order to have proper
communication between client and server when it comes to exchange.
Thanks for your help.



Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
914.681.8117 office
646.483.3325 cell
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD Lab

[Shawn.Hayes]

Title: Message



did 
you make this box a GC server?

  
  -Original Message-From: Garello, Kenneth 
  [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 4:36 
  PMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] AD Lab
  
  Have you set that 
  server as a GC?
  
  -Original 
  Message-From: Don 
  Murawski (Lenox) [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 3:09 
  PMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] AD 
  Lab
  
  
  Has anyone setup a AD Lab and had 
  Global Catalog problems?
  
  I installed aBDCon the 
  productionnetwork, disconnectit from the production and connected 
  it to the lab network.
  
  Seize the FSMO 
  roles.
  
  I'm able to join the domain 
  but,I'm receiving"Unable toestablishconnection with a 
  GC.
  
  
  
  Any suggestion would be 
  great.
  
  
  

RE: [ActiveDir] AD attributes

[Shawn.Hayes]

Title: Message



ADSIEdit - 

User Display 
Names:
Configuration container
 
DisplaySpecifiers
 
CN=409
 
CN-user-Display
 
createDialog - specify your display 
value
we use 
%sn,%givenNameequates to Last, 
First

Contact Display 
names:
 Configuration container
 
DisplaySpecifiers
 
CN=409
 
CN-Contact-Display 
createDialog 

  
  -Original Message-From: John 
  Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]] Sent: Friday, 
  December 20, 2002 9:17 AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] AD 
  attributesI am trying to 
  change the way accounts in AD are displayed after creation. Currently the 
  display name automatically uses the First,Initial, Last name. I am trying to 
  set the property to make it use the logon name by default and am having some 
  problems. I can make it use only the first name or only the last name, but 
  have not figured out how to make it use the logon name. I am making my changes 
  uses ADSI Edit and modifying the createdialog attribute. I tried adding the 
  samrename key under HKLM/System/CCS/Services/MSDSS/Parameters, but this did 
  not work. I know there is an AD guru on this list that can answer this. 
  Thanks
  


  
John Hicks | 
KEMET Electronics Corporation | Network EngineerPhone: 
864-228-4473 | E-mail: [EMAIL PROTECTED] | AOL IM: ipaq1978[ Mailing: 2835 KEMET Way Simpsonville, SC 29681 USA 
]

RE: [ActiveDir] AD attributes

[Shawn.Hayes]

Title: Message



oops I 
read the thread and you already know this

  
  -Original Message-From: Hayes, Shawn 
  Sent: Friday, December 20, 2002 9:40 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD 
  attributes
  ADSIEdit - 
  
  User Display 
  Names:
  Configuration container
   
  DisplaySpecifiers
   
  CN=409
   
  CN-user-Display
   
  createDialog - specify your 
  display value
  we use 
  %sn,%givenNameequates to Last, 
  First
  
  Contact Display 
  names:
   Configuration container 
   
  DisplaySpecifiers
   
  CN=409
   
  CN-Contact-Display 
  createDialog 
  

-Original Message-From: John 
Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]] Sent: Friday, 
December 20, 2002 9:17 AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] AD 
attributesI am trying 
to change the way accounts in AD are displayed after creation. Currently the 
display name automatically uses the First,Initial, Last name. I am trying to 
set the property to make it use the logon name by default and am having some 
problems. I can make it use only the first name or only the last name, but 
have not figured out how to make it use the logon name. I am making my 
changes uses ADSI Edit and modifying the createdialog attribute. I tried 
adding the samrename key under HKLM/System/CCS/Services/MSDSS/Parameters, 
but this did not work. I know there is an AD guru on this list that can 
answer this. Thanks

  
  

  John Hicks 
  | KEMET Electronics 
  Corporation | Network EngineerPhone: 864-228-4473 | 
  E-mail: [EMAIL PROTECTED] | AOL IM: ipaq1978[ Mailing: 2835 KEMET Way Simpsonville, SC 29681 USA ]

RE: [ActiveDir] Root domain naming

[Shawn.Hayes]

Title: Message



That 
is the only reason I have heard that may make it worth the extra $10 bucks a 
year to register your name. Wouldn't this have also been the case if you 
merged with a company with the same NetBIOS name in NT 4.0? What is the 
probability of this happening? 

  
  -Original Message-From: Hutchins, Mike 
  [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 
  12:12 PMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Root domain naming
  If 
  you ever (never say never) merge with someone else and they have the same 
  forest name, you are hosified... We used root01.org and registered it. No ns 
  records for it anywhere. no conflicts..
  

-Original Message-From: Brad Martin 
[mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 
10:10 AMTo: Active Directory Mailing ListSubject: 
[ActiveDir] Root domain naming

Im in the middle of having an 
argument with the IT manager about the top-level domain name for our new 
A.D. deployment. The manager wants to use a nonstandard name for the 
domain (ie. Dc1.domain.gd) for the root domain. My position, which 
Ive read a number of places, is that we should use a standard, registered, 
name for the root. The managers contention is that this domain will 
never be live on the Net and so we can do whatever we want. As I said, 
Ive always read that you should use a registered name as your root, even if 
you arent going to be live, but there are never reasons given why this is 
good. What reasons should I go back to my manager 
with?

Brad 
Martin

RE: [ActiveDir] Little Questions

[Shawn.Hayes]

We use Norton Antivirus for Gateways version 2.something.  They have a
newer version 3.0 that will allow spam filtering by sender name and/or
spam lists(Spam lists by subscription $$$ from Mail Abuse Prevention
systems, L.L.C).  I also use this product to block attachments :-)

-Original Message-
From: Dave Kinnamon [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 17, 2002 2:45 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Little Questions


Shawn,

Any recommendations on a SMTP getway scanner (hardware or software) ?


Dave K.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 17, 2002 12:29 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Little Questions


Exchange Antivirus on both mail servers if your Exchange antivirus
product is scanning the information store (your on Exchange 5.5 I
believe).  You need coverage on your Exchange servers for internal
messaging (messages not originating from the Internet).  

There are two virus scanning API's for Exchange 5.5, MAPI and VAPI. VAPI
will scan message as they enter the information store and MAPI will scan
messages as the user accesses them in the information store. Choose a
product that will scan using either or a combination of both interfaces.

We use a SMTP gateway scanner to scan mail as it enters the company.
This box forwards mail to our Exchange Organization.  

-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 17, 2002 10:30 AM
To: ActiveDir (E-mail)
Subject: [ActiveDir] Little Questions


Hello everyone,

I have some little questions.

If you have two exchange servers do you need to have Exchange Antivirus
on both or just the server with the Internet Mail Connector on it?

Having a Exchange server in a forest root and an exchange server in a
child domain, the exchange server in the child domain requires what kind
of admin access?  Does the server need to utilize the admin account from
the child domain or the forest root?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
914.681.8117 office
646.483.3325 cell
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Native Mode ?

[Shawn.Hayes]

Title: Message



mike 
is wrong, neither need to be in native mode

  
  -Original Message-From: Hutchins, Mike 
  [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 
  11:31 AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Native Mode ?
  The 
  domain with E2K in it must be Native, yes. The forest need not 
  be.
  

-Original Message-From: Don Murawski 
(Lenox) [mailto:[EMAIL PROTECTED]] Sent: Thursday, 
December 12, 2002 9:27 AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] Native Mode 
?
In the testing 
stages of migrating from Exchange 5.5 to 2000.
Do you HAVE to 
be in native mode in AD before migrating?

Thanks,

Don L Murawski
Sr. Network Administrator - MCSE 
4.0, 2000
WorldTravel BTI
1055 Lenox Park Blvd
Suite 420
Atlanta, GA 30319
Phone: (404) 923-9468
Fax: (404) 
949-6710
Cell: (678) 
549-1264

RE: [ActiveDir] Native Mode ?

[Shawn.Hayes]

Title: Message



We 
have a native mode Exchange Organization in a mixed mode 
domain.

  
  -Original Message-From: Salandra, Justin 
  A. [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 
  2002 2:34 PMTo: '[EMAIL PROTECTED]'Subject: 
  RE: [ActiveDir] Native Mode ?
  
  You 
  cant go to native mode Exchange 2k unless you are in native mode in win 2k, 
  at least that is what I heard.
  
  -Original 
  Message-From: Craig 
  Cerino [mailto:[EMAIL PROTECTED]]Sent: Thursday, December 12, 2002 12:11 
  PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Native Mode 
  ?
  
  No you 
  do not
  Native 
  Exchange 2K and Native Win2K are two different things 
  buddy.
  
  Do your 
  upgrade - go to NATIVE Exchange 
  mode - - then when youre finished bringing all your PDC up to AD go NATIVE on 
  AD
  
  -Original 
  Message-From: Don 
  Murawski (Lenox) [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 11:27 
  AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Native Mode 
  ?
  
  In the 
  testing stages of migrating from Exchange 5.5 to 2000.
  Do you 
  HAVE to be in native mode in AD before migrating?
  
  Thanks,
  
  Don L 
  Murawski
  Sr. 
  Network Administrator - MCSE 4.0, 2000
  WorldTravel 
  BTI
  1055 
  Lenox Park Blvd
  Suite 
  420
  Atlanta, GA 
  30319
  Phone: 
  (404) 923-9468
  Fax: 
  (404) 949-6710
  Cell: 
  (678) 549-1264
  

RE: [ActiveDir] AD upgrade DNS namespace questions.

[Shawn.Hayes]

I have done 5 enterprise sized production installations/implementations
of AD and have always used the .local dns suffix.  AD's DNS does not
need to be globally routable.

Example:
NetBIOS domain name of  ThanksBill
DNS domain name of  ThanksBill.local

Internal DNS (unregistered DNS) and External DNS (your registered DNS
name) are then maintained in separate zones (Internal never to be
replicated outside your network).  My internal clients are assigned the
internal zone as the primary DNS suffix through DHCP (done manually for
static IPs) and I add the external DNS zone as an alternate search
suffix.  Intranet sites are registered in the non registered zone
intranet.thanksbill.local and internet sites are registered in the
registered DNS zone  www.thanksbill.com 

If you were hosting your own registered DNS zone and maintained it on
you internal network letting TCP and UDP port 53 pass through your PIX
this setup would keep the AD DNS and Registered DNS zones separate.a
good thing indeed.  I would never recommend allowing any traffic to pass
into your internal network, this was just an example.  I would host my
registered DNS in a perimeter zone (DMZ for those of use not in Korea)
and maintain my MX and Internet records separate from my internal DNS
servers.

I am sure others have a more articulate explanation, but I think you are
on the right track.



-Original Message-
From: Jim Busick [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, December 05, 2002 2:32 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] AD upgrade DNS namespace questions.


We are planning to upgrade our single NT domain to AD and I want to make
sure I understand about how we will name the domain. Currently our NT
domain name is SSD_DOMAIN0 (yeah, I know. I was handed it) and our
registered domain name is santee.k12.ca.us. We are NAT'd behind a PIX
and using 10. private address and only need our website and Exchange
(5.5) visable to the internet. As I understand it, when I run the Win2k
upgrade I will be asked for the FQDN, I assume that I should use
santee.k12.ca.us, right. If I do, how will this affect our downlevel (we
still have W9x) clients. I've read that I shouldn't use your registered
DNS name for the AD, something like ssd.santee.k12.ca.us. Any advice on
this subject would be appreciated.

TIA
Jim Busick
Database Network Analyst MCSE
Santee School District
Santee, CA 92071

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] System State

[Shawn.Hayes]

On Domain Controllers as I understand it. 

-Original Message-
From: Carlos Magalhaes [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, November 20, 2002 4:10 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] System State


Is it true that you cant restore from a system state back up that is
older than 60 days.

 

Regards,

Carlos Magalhaes

 

 



-
This email and any files transmitted are
confidential and intended solely for the
use of the individual or entity to which
they are addressed, whose privacy
should be respected.  Any views or
opinions are solely those of the author
and do not necessarily represent those
of the Trencor Group, or any of its
representatives, unless specifically
stated.  

Email transmission cannot be guaranteed
to be secure, error free or without virus
contamination.  The sender therefore
accepts no liability for any errors or
omissions in the contents of this message,
nor for any virus infection that might result
from opening this message.  Trencor is not
responsible in the event of any third party
interception of this email.   

If you have received this email in error please notify
[EMAIL PROTECTED]   For more information about
Trencor, visit www.trencor.net http://www.trencor.net
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADC and Exch 5.5

[Shawn.Hayes]

Domain Level Policies regulate containers, but you can't apply a GPO
directly to a container.

-Original Message-
From: Andries Thijssen [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, November 19, 2002 8:31 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADC and Exch 5.5


One I can think of: by default you cannot put any group policies on a
container. Don't know whether that can be changed as well.

Andries

-Original Message-
From: Andy Grafton [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, November 19, 2002 1:49 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] ADC and Exch 5.5


Rick the question is also... why wouldn't you?

If you step back and look...

There's a nice object called Users which you kinda need and has Users in
it anyhow.  Why not use it to house OUs to help you organise other
users?

Its not enabled by default, so would one go to the trouble of making a
[very simple] Schema change to make it happen, rather than just making a
different OU?  Who knows?

There's no accounting for mindset, and perhaps the schema change was
done by someone else before this administrator took over, so they're not
aware that it can't be done?

I've had to point out more than once to budding admins that a) the
Users don't *have* to be in the Users container and b) that the users
they can't find actually reside somewhere down the tree in
\\department\nightmareAdminsFromHell\users.  Its not a chore to get them
to understand, but the point is that they needed to be told.

Seems that placement is a matter of opinion, so my question would be...
Are there any technical reasons why you shouldn't create OUs under the
Users container?

All the best,

Andy
(Just made some pretty dumb workarounds in AD for a customer, but if
thats how they want it...)

- Original Message -
From: Rick Kingslan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, November 19, 2002 4:11 AM
Subject: RE: [ActiveDir] ADC and Exch 5.5


 Yep - sure did, Karen.  And, as Linton points out, you *CAN* do it
 Question is, as we all seem to agree, why *WOULD* you?  :-)

 Rick

  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]] On Behalf Of Dryden,
  Karen
  Sent: Monday, November 18, 2002 9:07 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] ADC and Exch 5.5
 
 
  Sorry, I wasn't really thinking about the OU in particular since we
  wouldn't want to create OUs under the User container either, but his

  note did say:
 
    All W2K user accounts are placed in multiple OUs that
reside in
 the Users container
 
  -Original Message-
  From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
  Sent: Monday, November 18, 2002 9:04 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] ADC and Exch 5.5
 
 
  Linton,
 
  Yep - I've seen this.  However - For the record - I'm with you.
  Why, truly, would you want to?
 
  Thanks much!
 
  Rick Kingslan  MCSE, MCSA, MCT
  Microsoft MVP - Active Directory
  Associate Expert
  Expert Zone - www.microsoft.com/windowsxp/expertzone
 
 
 
 
 
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:[EMAIL PROTECTED]] On Behalf Of Linton
   Smith (WBTQ)
   Sent: Monday, November 18, 2002 7:56 PM
   To: '[EMAIL PROTECTED]'
   Subject: RE: [ActiveDir] ADC and Exch 5.5
  
  
   Hi Rick,
  
   A schema update allows this.  See Q224377.  Not sure why
  I'd bother,
   however.
  
   Linton
  
   -Original Message-
   From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
   Sent: Monday, November 18, 2002 8:49 PM
   To: [EMAIL PROTECTED]
   Subject: RE: [ActiveDir] ADC and Exch 5.5
  
  
   Nope - that's not the point.  The Users Container is just that - a
   container.  It's not an AD Object, per se.  You cannot create OUs 
   under it.
  
   If I'm mistaken, please tell me how.  I'm able to err - and
  quick to
   admit it.
  
   Rick Kingslan  MCSE, MCSA, MCT
   Microsoft MVP - Active Directory
   Associate Expert
   Expert Zone - www.microsoft.com/windowsxp/expertzone
  
  
  
  
  
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
   Dryden, Karen
Sent: Monday, November 18, 2002 7:44 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADC and Exch 5.5
   
   
If your sub-OUs already reside under the users container
  and ALL of
your mailboxes (or user objects) are in those OUs, the CA
  will match
them up, not create new OUs.  At least that's the way it
  works here.
   
-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 18, 2002 7:40 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADC and Exch 5.5
   
   
Dave, Justin -
   
Hold the show here for just a second.  Let me see if I
understand what you're stating here.  You're going to CREATE OUs
*under* the USERS Container?
   
Or, if the CA is created in one scenario, OUs will be created
*under* the USERS container?

[ActiveDir] Disabled Computer Accounts

[Shawn.Hayes]

Title: Disabled Computer Accounts






I have disabled computer accounts in the computers container. Can anyone tell me how, without manually disabling them they became disabled. We upgraded an NT4 domain this past weekend and I thought it peculiar that I see disabled computer accounts.

Shawn Hayes MCSE_2000, MCSE_NT4

Network Engineer

Compass Technology Management

Sound Business Sense for IT

www.compass.net

757.226.3328

[ActiveDir] LDAP Queries

[Shawn.Hayes]

Title: LDAP Queries






I am looking for some good references for writing LDAP queries to access AD. Any suggestions?

RE: [ActiveDir] netbios domain name / dns domain name

[Shawn.Hayes]

Gets confusing when your host name and your NetBIOS names for the same
machine are different.  Wins resolves NetBIOSDNS for host names (of
course you can add STATIC entries in WINS for the host name and an alias
in DNS for the NetBIOS name, but why would you?)  I am with Justin on
this one, keep them the same for ease of management. 

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Thursday, November 14, 2002 4:28 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] netbios domain name / dns domain name


I like to keep them the same name

 -Original Message-
From:   Graham Turner [mailto:gturner;ipcomputers.demon.co.uk] 
Sent:   Thursday, November 14, 2002 4:16 PM
To: [EMAIL PROTECTED]
Subject:[ActiveDir] netbios domain name / dns domain name

I know MS tell us that is a supported configuration whereby the
downlevel NetBIOS name is different from the leftmost label of the fully
qualified dns name however there seems to be the odd instance of issue
when this is not the case.

Would be glad for other people's views / experiences on this.

GT


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Exchange install

[Shawn.Hayes]

Title: Message



No it 
does not, but it is recommended because Exchange Enterprise gives you clustering 
capabilities which you can not utilize with regular server.

  
  -Original Message-From: Parker, Edward 
  [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 13, 2002 
  12:30 PMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] OT: Exchange install
  Not 
  to install Exchange Server
  
  Exchange Enterprise Server requires Adv 
Server
  

-Original Message-From: Sheri Brown 
[mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 13, 2002 
11:26 AMTo: [EMAIL PROTECTED]Subject: 
[ActiveDir] OT: Exchange install
Do you have to 
have Windows 2000 Advanced Server to install Exchange?

Sheri L. Brown, Systems 
Administrator
CSD Headquarters -- Technology 
Department
102 North Krohn Place
Sioux Falls, SD 57103
(605) 367-5760 ext 3202 

[EMAIL PROTECTED]

RE: [ActiveDir] Logging Logins...

[Shawn.Hayes]

Turn on Auditing for successful logons

-Original Message-
From: Rick Coloccia [mailto:coloccia;geneseo.edu] 
Sent: Wednesday, November 13, 2002 2:29 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Logging Logins...


Hi Everyone-

I'm hoping someone has a suggestion for me: I want to log every time 
someone authenticates against my ad and from what machine (ip address  
name) they authenticated from.

Any suggestions? I don't really know where or how to start pursuing
this...

Thanks!

-Rick

--
Rick Coloccia
Network Analyst
SUNY Geneseo
119 South Hall
1 College Circle
Geneseo, NY 14454
Voice: (585) 245-5577
Fax:(585) 245-5579

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Exchange -1018 Error

[Shawn.Hayes]

8.5 and Exchange 2000

-Original Message-
From: Andy David [mailto:DavidA;veronissuhler.com] 
Sent: Tuesday, November 12, 2002 12:47 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: Exchange -1018 Error


What version are using? I run differential file backups every weekday
along with full Exchange backups in the same job w/o issue.


-Original Message-
From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net] 
Sent: Tuesday, November 12, 2002 10:05 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Exchange -1018 Error


What backup product are you using?  Backup Exec gave us this problem. We
had to set up a separate backup job for Exchange specifying a Full
backup and commit logs.  When Exchange was part of a differential
backup, even though the Exchange portion of the backup job was specified
as a full backup and commit logs, the logs were not committed.

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Tuesday, November 12, 2002 10:01 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: Exchange -1018 Error


This is the wiered thing, all users are working fine and no one is
having any problems.  The only thing that is not working correctly is
that the full backups of the server are not committing the logs to the
database.

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Tuesday, November 12, 2002 9:37 AM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] OT: Exchange -1018 Error

Justin,

I want to go on record as saying that no, SP3 did NOT cause these errors
- at least in my experience with our farm of Exchange 2k servers and
Exchange 5.5 servers.

The only time that we have seen this has been due to a severe corruption
of the database (specifically .edb) and a restore to another system and
reset of profiles on the user end was the quickest way to resolve.

However, I am with Roger - we may be smart folks who give good advice,
but I have believe you have a number of folks greatly impacted by this
outage.  Why would one spend money with PSS (or get the advice for free,
even) then wait to implement the fix.  This, given the fact that every
one of the error messages led to the same conclusion and fix?

I'd get your most recent GOOD backup and start restoring.  Your users
are going to appreciate it.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone





 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
 Salandra, Justin A.
 Sent: Tuesday, November 12, 2002 8:25 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] OT: Exchange -1018 Error
 
 
 David I have already looked at these but thank you
 
  -Original Message-
 From: David N. Precht [mailto:discussions;entrysecurity.com] 
 Sent: Tuesday, November 12, 2002 9:19 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] OT: Exchange -1018 Error
 
 http://www.eventid.net/display.asp?eventid=116source=
 http://www.eventid.net/display.asp?eventid=118source=
 http://www.eventid.net/display.asp?eventid=200source=
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, 
 Justin A.
 Sent: Tuesday, November 12, 2002 08:59
 To: ActiveDir (E-mail)
 Subject: [ActiveDir] OT: Exchange -1018 Error
 
 
 Hello everyone,
 
 I know this is off topic but you guys and girls always give good 
 advice.
 
 I have been getting event Ids 116, 118 and 200 a lot in my application

 log.
 
 The chain of events went like this
 
 I installed SP3 for W2K
 The next day the Exchange Database went through some type of 
 conversion and logged Event ID 174 hundreds of times 
 (Table/Column/Index
 Definintions) On that same day one of my Hard Drives in my
 RAID 5 Config failed, I replaced it 3 days later Since then 
 every time the online maintenance on the exchange database 
 ran it logged a Database Page Cache error (Event ID 116 and 
 118 and 200) And now ArcServe cannot backup the database 
 fully and commit the logs to the database so I now have 500 
 log files in my mdbdata directory.
 
 MS Support wants me to restore from the day the HD failed after I 
 rename the mdbdata directory and create a new one.
 Then they want me to copy in all the log files and wait for 
 the log files to replay into the database.  The only other 
 option is to do a eseutil or build a new server and migrate 
 everyone over.
 
 Have any of you done what MS is recommending?  Do any of you feel that

 this is the way to go?  Does anyone know what would of caused these 
 errors, was it SP3 or was it the HD Failure?
 
 Any help is appreciated
 
 
 Justin A. Salandra, MCSE
 Senior Network Engineer
 Catholic Healthcare System
 914.681.8117 office
 646.483.3325 cell
 [EMAIL PROTECTED] mailto:jasalandra;chcsnet.org
 
 List info   : http://www.activedir.org/mail_list.htm
 

RE: [ActiveDir] OT: Exchange -1018 Error

[Shawn.Hayes]

Roger, I don't think you read the last message completely.  Exchange was
set to do a Full backup and Flush the logs, but that job specification
was part of a file system differential job.

-Original Message-
From: Roger Seielstad [mailto:roger.seielstad;inovis.com] 
Sent: Tuesday, November 12, 2002 12:51 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: Exchange -1018 Error


That is correct - logs don't get flushed unless you do a full backup,
not a differential.

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net]
 Sent: Tuesday, November 12, 2002 10:05 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] OT: Exchange -1018 Error
 
 
 What backup product are you using?  Backup Exec gave us this problem. 
 We had to set up a separate backup job for Exchange specifying a Full 
 backup and commit logs.  When Exchange was part of a differential 
 backup, even though the Exchange portion of the backup job was 
 specified as a full backup and commit logs, the logs were not 
 committed.
 
 -Original Message-
 From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org]
 Sent: Tuesday, November 12, 2002 10:01 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] OT: Exchange -1018 Error
 
 
 This is the wiered thing, all users are working fine and no one is 
 having any problems.  The only thing that is not working correctly is 
 that the full backups of the server are not committing the logs to the

 database.
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Tuesday, November 12, 2002 9:37 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] OT: Exchange -1018 Error
 
 Justin,
 
 I want to go on record as saying that no, SP3 did NOT cause
 these errors
 - at least in my experience with our farm of Exchange 2k servers and
 Exchange 5.5 servers.
 
 The only time that we have seen this has been due to a severe
 corruption
 of the database (specifically .edb) and a restore to another 
 system and
 reset of profiles on the user end was the quickest way to resolve.
 
 However, I am with Roger - we may be smart folks who give good advice,

 but I have believe you have a number of folks greatly impacted by this

 outage.  Why would one spend money with PSS (or get the advice for 
 free,
 even) then wait to implement the fix.  This, given the fact that every

 one of the error messages led to the same conclusion and fix?
 
 I'd get your most recent GOOD backup and start restoring.  Your users 
 are going to appreciate it.
 
 Rick Kingslan  MCSE, MCSA, MCT
 Microsoft MVP - Active Directory
 Associate Expert
 Expert Zone - www.microsoft.com/windowsxp/expertzone
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Salandra, Justin A.
  Sent: Tuesday, November 12, 2002 8:25 AM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] OT: Exchange -1018 Error
  
  
  David I have already looked at these but thank you
  
   -Original Message-
  From:   David N. Precht [mailto:discussions;entrysecurity.com] 
  Sent:   Tuesday, November 12, 2002 9:19 AM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] OT: Exchange -1018 Error
  
  http://www.eventid.net/display.asp?eventid=116source=
  http://www.eventid.net/display.asp?eventid=118source=
  http://www.eventid.net/display.asp?eventid=200source=
  
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, 
  Justin A.
  Sent: Tuesday, November 12, 2002 08:59
  To: ActiveDir (E-mail)
  Subject: [ActiveDir] OT: Exchange -1018 Error
  
  
  Hello everyone,
  
  I know this is off topic but you guys and girls always give good 
  advice.
  
  I have been getting event Ids 116, 118 and 200 a lot in my 
  application log.
  
  The chain of events went like this
  
  I installed SP3 for W2K
  The next day the Exchange Database went through some type of 
  conversion and logged Event ID 174 hundreds of times 
  (Table/Column/Index
  Definintions) On that same day one of my Hard Drives in my
  RAID 5 Config failed, I replaced it 3 days later Since then 
  every time the online maintenance on the exchange database 
  ran it logged a Database Page Cache error (Event ID 116 and 
  118 and 200) And now ArcServe cannot backup the database 
  fully and commit the logs to the database so I now have 500 
  log files in my mdbdata directory.
  
  MS Support wants me to restore from the day the HD failed after I 
  rename the mdbdata directory and create a new one.
  Then they want me to copy in all the log files and wait for 
  the log files to replay into the database.  The only other 
  option is to do a eseutil or build a new server and migrate 
  everyone over.
  
  Have any of 

RE: [ActiveDir] Question about Active Directory

[Shawn.Hayes]

Diane did this server have any FSMOs you had to move or was it a Global
Catalog Server?

-Original Message-
From: Ayers, Diane [mailto:DMA8;pge.com] 
Sent: Tuesday, November 12, 2002 2:58 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Question about Active Directory


Very early in our AD deployment we had one server reporting AD
corruption. The other servers were OK.  We simply demoted the server,
waited for replication so that the server was removed from AD and
re-promoted the server. At this point it got a new copy of the database
and problem solved. Not that this would work for everyone due to band
width, etc, but seemed to work for us.

Diane

-Original Message-
From: Tim HInes [mailto:nupe009;carolina.rr.com]
Sent: Tuesday, November 12, 2002 11:42 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Question about Active Directory


Yes it can.  It is sometimes possible to repair it with ntdsutil or
esentutl.

see http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q315131 and
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q305500


Tim Hines, MCSA, MCSE (2000  NT4)
MVP - Active Directory




- Original Message -
From: Eric [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, November 12, 2002 2:29 PM
Subject: [ActiveDir] Question about Active Directory


Can AD become corrupted?  If so, can it be fixed with anything other
than restoring from backup?

Eric Etheredge, MCDBA
Systems Manager
Office of the Standing Trustee
Walter O'Cheskey, Trustee
Lubbock, Texas
Trustee's Website:  www.ch13-12westtex.org
Case Information Website:  www.trustee13.com


This transmission may contain information that is privileged,
confidential and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic
or hard copy format. Thank you.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Remove DC from Domain

[Shawn.Hayes]

Use Ntdsutil and remove all references from DNS

-Original Message-
From: Garello, Kenneth [mailto:KGarello;worcester.edu] 
Sent: Thursday, October 31, 2002 1:21 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Remove DC from Domain


Is there a proper way of removing a DC from a domain?

Since I have done it improperly, I have computers left in the Domain
controller group that do not exist anymore.


Thanks,

Ken

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Compaq Servers

[Shawn.Hayes]

Insight Manager if the Insight Agents are loaded on the server

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Wednesday, October 30, 2002 10:53 AM
To: ActiveDir (E-mail)
Subject: [ActiveDir] OT: Compaq Servers


Does anyone know how to retrieve a Serial Number from a Compaq server
remotely



Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
914.681.8117 office
646.483.3325 cell
[EMAIL PROTECTED] mailto:jasalandra;chcsnet.org 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Compaq Servers

[Shawn.Hayes]

A person will have to walk over to the server to read the Serial Number
of the tag.

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Wednesday, October 30, 2002 11:04 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT: Compaq Servers


That is not loaded

 -Original Message-
From:   [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net] 
Sent:   Wednesday, October 30, 2002 10:58 AM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] OT:  Compaq Servers

Insight Manager if the Insight Agents are loaded on the server

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Wednesday, October 30, 2002 10:53 AM
To: ActiveDir (E-mail)
Subject: [ActiveDir] OT: Compaq Servers


Does anyone know how to retrieve a Serial Number from a Compaq server
remotely



Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
914.681.8117 office
646.483.3325 cell
[EMAIL PROTECTED] mailto:jasalandra;chcsnet.org 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] RAID configuration on DC's

[Shawn.Hayes]

It has been my experience that if your controller fails and you replace
the controller with the same controller or a newer controller from the
same manufacturer (Compaq of course) then you will not loose your RAID 5
configuration.  Compaq creates backward compatibility in their RAID
controllers to give the user community an upgrade or technology refresh
path.  Newer controllers can include Advanced Data Guard which enables
the Array to function with two dead drives.  You are not sacrificing any
recovery options and it is foolish to think so.

-Original Message-
From: Roger Seielstad [mailto:roger.seielstad;inovis.com] 
Sent: Tuesday, October 22, 2002 8:13 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] RAID configuration on DC's


But you sacrifice all your recovery options.

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net]
 Sent: Friday, October 18, 2002 2:02 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] RAID configuration on DC's
 
 
 And to add to this, if separate logical drives is all your looking for

 you can create one RAID 5 Array and create 3 logical drives within 
 that array.  You will only sacrifice one disk to the array instead
 of three.
 
 -Original Message-
 From: Hayes, Shawn
 Sent: Friday, October 18, 2002 1:56 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] RAID configuration on DC's
 
 
 Performance gains will be minimal due to the single channel RAID 
 controller.  The idea to really increase performance is to have 
 separate arrays on separate RAID channels.  You will have separate 
 logical drives, but throughput to the arrays will be limited to a 
 single channel.
 
 -Original Message-
 From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org]
 Sent: Friday, October 18, 2002 12:35 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] RAID configuration on DC's
 
 
 The SYSVOL is the folder that contains the NTDS.DIT so they
 would end up
 on the same ARRAY.
 
 I would do
 
 ARRAY 1 OS and Page File
 ARRAY 2 Transaction Logs
 ARRAY 3 SYSVOL and NTDS.DIT
 
 Justin A. Salandra, MCSE
 Senior Network Engineer
 Catholic Healthcare System
 914.681.8117 office
 646.483.3325 cell
 [EMAIL PROTECTED]
 
 
  -Original Message-
 From: Devan Pala [mailto:dpala;hotmail.com] 
 Sent: Friday, October 18, 2002 12:31 PM
 To:   [EMAIL PROTECTED]
 Subject:  [ActiveDir] RAID configuration on DC's
 
 Hello all,
 
 I have the option to either build our site domain controllers/ global
 catalog servers with the following configurations:
 
 Array 1 (RAID 1): OS, SYSVOL  Page File
 Array 2 (RAID 1): Transaction Logs
 Array 3 (RAID 1): Database (NTDS.DIT)
 
 OR
 
 Array 1 (RAID 1): OS, SYSVOL  Page File
 Array 2 (RAID 5): Transaction Logs  Database (NTDS.DIT) Either 
 On-line spare or nothing
 
 Currently, I'm more swayed towards the first configuration only to see

 the benefits of segregating the Logs from the Database.
 
 I will be interested in viewing some of your comments.
 
 BTW, the server will have 2GB of RAM and a high-end array controller. 
 There is only SCSI channel on this particular server though.
 
 Rgds,
 
 
 
 
 
 
 
 
 
 
 
 
 _
 Choose an Internet access plan right for you -- try MSN!
 http://resourcecenter.msn.com/access/plans/default.asp
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Service Packs for Windows 2000

[Shawn.Hayes]

Rick,

You are referring to IE5.5 and this discussion is about IE5.  This link
about how to tell what version of IE you have list a version of IE 5.01
SP3 that is only obtainable with Windows SP3.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q164539

Shawn

-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net] 
Sent: Tuesday, October 22, 2002 9:38 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Service Packs for Windows 2000


Roger,

I agree wholeheartedly.  I do, however, believe that if true, it will be
on SP4 and later.  We had a requirement for a series of fixes be
deployed to our production systems for a client application.  These
fixes were specifically IE 5.5, and were not included in SP3.  I haven't
yet determined if the fixes were past the 'freeze' point on SP3 or not.
(For reference, see Q323759)

Sadly, it seems that IE and Windows are developed by radical factions
within Microsoft that just don't get along - and worse - don't seem to
work too well together.

I hope that I'm wrong on this

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Roger Seielstad
 Sent: Tuesday, October 22, 2002 7:19 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] Service Packs for Windows 2000
 
 
 That's a good thing, if true. IE5 ships installed with Win2k,
 so the Win2k Updates should include that.
 
 --
 Roger D. Seielstad - MCSE
 Sr. Systems Administrator
 Inovis - Formerly Harbinger and Extricity
 Atlanta, GA
 
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net]
  Sent: Monday, October 21, 2002 5:17 PM
  To: [EMAIL PROTECTED]
  Subject: [ActiveDir] Service Packs for Windows 2000
  
  
  Did I read this or just imagine it?
  
  Service Packs and Security Updates for IE 5 will be included with 
  Windows 2000 Service Packs starting with SP3.
  
  
  Shawn Hayes MCSE_2000, MCSE_NT4
  Network Engineer
  Compass Technology Management 
  Sound Business Sense for IT 
  www.compass.net http://www.compass.net  
  757.226.3328 
  
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] RAID configuration on DC's

[Shawn.Hayes]

A three disk RAID 1  - news to me can you send me some literature about it?  Would 
this be a mirror with a spare?  Later threads cleared this up, you’re more than a 
couple of days late.  A Mirrored set requires two drives to setup but will run on one 
if one disk in the mirror fails.

-Original Message-
From: Roger Seielstad [mailto:roger.seielstad;inovis.com] 
Sent: Tuesday, October 22, 2002 8:03 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] RAID configuration on DC's


BZZZ. Thanks for playing.

RAID1 exists with one or more drives. Each additional drive functions as a mirror. 
There are 3 disk RAID1's, as well. RAID1 with 1 drive = a 2 disk RAID1 with a failed 
drive. No difference.

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net]
 Sent: Friday, October 18, 2002 2:35 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] RAID configuration on DC's
 
 
 Not at a hardware level RAID.  Two and only Two drives
 
 -Original Message-
 From: Robert Moir [mailto:rim;LutonSFC.ac.uk]
 Sent: Friday, October 18, 2002 2:37 PM
 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] RAID configuration on DC's
 
 
 Far as I know, Raid 1 can exist with only one drive too.
 
   -Original Message- 
   From: MHR(Michael Ross) [mailto:mhr;panduit.com] 
   Sent: Fri 18/10/2002 18:30 
   To: '[EMAIL PROTECTED]' 
   Cc: 
   Subject: RE: [ActiveDir] RAID configuration on DC's
   
   
 
   Personally, Id do all RAID5. 
   I think 100% uptime (RAID5 can exist with 1 failed
 disk) is better than the small performance gain you get from RAID1 
 
 
   -Original Message- 
   From: Devan Pala [mailto:dpala;hotmail.com] 
   Sent: Friday, October 18, 2002 11:31 AM 
   To: [EMAIL PROTECTED] 
   Subject: [ActiveDir] RAID configuration on DC's
 
 
   Hello all,
 
   I have the option to either build our site domain
 controllers/ global 
   catalog servers with the following configurations: 
 
   Array 1 (RAID 1): OS, SYSVOL  Page File 
   Array 2 (RAID 1): Transaction Logs 
   Array 3 (RAID 1): Database (NTDS.DIT)
 
   OR
 
   Array 1 (RAID 1): OS, SYSVOL  Page File 
   Array 2 (RAID 5): Transaction Logs  Database (NTDS.DIT) 
   Either On-line spare or nothing
 
   Currently, I'm more swayed towards the first
 configuration only to see the 
   benefits of segregating the Logs from the Database. 
 
   I will be interested in viewing some of your comments.
 
   BTW, the server will have 2GB of RAM and a high-end
 array controller. There is only SCSI channel on this 
 particular server though.
 
   Rgds,
 
 
 
 
 
 
 
 
 
 
 
 
   
 _ 
   Choose an Internet access plan right for you -- try MSN! 
   http://resourcecenter.msn.com/access/plans/default.asp
 
   List info   : http://www.activedir.org/mail_list.htm 
   List FAQ: http://www.activedir.org/list_faq.htm 
   List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/ 
 
 
 .+wí»«íºƒY驲Pí»«íºƒr.+j j巊ory慐IVì ¶+v*
 
 .+-wȆi0g-í¼´íºº+Yb騲mPi큅0씅-í¼´íºº+bڪf.+-j!  0j!臊orà¿£yØ«I䚊V+v*
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
.+-Šwè†Ûiÿü0Á§-Š÷Šº+ƒùšŠYb²Øm˜¸¬´P†Ûiÿü0Á§-Š÷Šº+ƒùb²×Úªf.+-j·!Š÷¡¶Úÿ
0™¨¥j·!Š÷œ¢oÚrدyØ«ãIšŠVœ¶+Þv*è®

RE: [ActiveDir] RAID Configuration on DC's Part 3

[Shawn.Hayes]

Please explain how you will gain any performance increases when all three of your 
arrays exist on the same SCSI channel. Seems to me you have a single pipe leading to 
and from multiple arrays.  It is not hard to figure where the bottle neck will be.

-Original Message-
From: Devan Pala [mailto:dpala;hotmail.com] 
Sent: Monday, October 21, 2002 4:15 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] RAID Configuration on DC's Part 3


Hi,

Thanks for all your replies earlier.

Yes, it is true that the server only has 6 drive bays. The array controller 
has 2 internal and 2 external ports but I can only use one internally since 
the 6 drive bays only terminate to one SCSI port. (in this particular 
server). Reason for buying the high-end controller is due to standards and a 
proven track record in production.

Reason for not upgrading the chassis is primarily cost especially in the 
branch offices, the root and hub-site controllers are and will be configured 
entirely different, dual array controllers, quad-xeon processors etc. The 
whole nine yards.

The database has been sized and definitely over-engineered for the approx. 
2500 users spread over 15 sites in the Americas and Europe.

I do understand that read performance for the database will be greater under 
a Raid 5 (stripe set with parity) config. but that means combining the Logs 
as well. Therefore, in order to gain both performance and recovery benefits 
from segregating the OS, Logs and Database to their own spindle sets makes 
sense over a simple Raid 1 and Raid 5 config. (just as my mate Linton put 
it). So I'm going with three Raid 1 arrays.

Cheers,

_
Broadband? Dial-up? Get reliable MSN Internet Access. 
http://resourcecenter.msn.com/access/plans/default.asp

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Service Packs for Windows 2000

[Shawn.Hayes]

Title: Service Packs for Windows 2000






Did I read this or just imagine it? 


Service Packs and Security Updates for IE 5 will be included with Windows 2000 Service Packs starting with SP3.



Shawn Hayes MCSE_2000, MCSE_NT4

Network Engineer

Compass Technology Management

Sound Business Sense for IT

www.compass.net

757.226.3328

RE: [ActiveDir] RAID configuration on DC's

[Shawn.Hayes]

Not at a hardware level RAID.  Two and only Two drives

-Original Message-
From: Robert Moir [mailto:rim;LutonSFC.ac.uk] 
Sent: Friday, October 18, 2002 2:37 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] RAID configuration on DC's


Far as I know, Raid 1 can exist with only one drive too.

-Original Message- 
From: MHR(Michael Ross) [mailto:mhr;panduit.com] 
Sent: Fri 18/10/2002 18:30 
To: '[EMAIL PROTECTED]' 
Cc: 
Subject: RE: [ActiveDir] RAID configuration on DC's



Personally, Id do all RAID5. 
I think 100% uptime (RAID5 can exist with 1 failed disk) is better than the 
small performance gain you get from RAID1 


-Original Message- 
From: Devan Pala [mailto:dpala;hotmail.com] 
Sent: Friday, October 18, 2002 11:31 AM 
To: [EMAIL PROTECTED] 
Subject: [ActiveDir] RAID configuration on DC's 


Hello all, 

I have the option to either build our site domain controllers/ global 
catalog servers with the following configurations: 

Array 1 (RAID 1): OS, SYSVOL  Page File 
Array 2 (RAID 1): Transaction Logs 
Array 3 (RAID 1): Database (NTDS.DIT) 

OR 

Array 1 (RAID 1): OS, SYSVOL  Page File 
Array 2 (RAID 5): Transaction Logs  Database (NTDS.DIT) 
Either On-line spare or nothing 

Currently, I'm more swayed towards the first configuration only to see the 
benefits of segregating the Logs from the Database. 

I will be interested in viewing some of your comments. 

BTW, the server will have 2GB of RAM and a high-end array controller. There is 
only SCSI channel on this particular server though.

Rgds, 












_ 
Choose an Internet access plan right for you -- try MSN! 
http://resourcecenter.msn.com/access/plans/default.asp 

List info   : http://www.activedir.org/mail_list.htm 
List FAQ: http://www.activedir.org/list_faq.htm 
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 

.+wí»«íºƒY驲Pí»«íºƒr.+j j巊ory慐IVì ¶+v*
â²Ø§~ˆm¶ŸÿÃrدyØ«¢¸?™¨¥–+-†Ù‹ŠËE
m¶ŸÿÃrدyØ«¢¸?–+-}ª¡¶bâ²Ö«r¯zm§ÿðà 
šŠV«r¯yÊý§-Š÷Š¾4™¨¥iËb½çb®Šà

RE: [ActiveDir] Admin Account Trouble

[Shawn.Hayes]

The by default the administrator account can not be locked out, but
there is a utility called passprop from the NT 4 resource kit that will
allow you to set the admin account up so it can be locked out


*

PASSPROP [/complex] [/simple] [/adminlockout] [/noadminlockout]

/complexForce passwords to be complex, requiring
passwords
to be a mix of upper and lowercase letters and
numbers or symbols.

/simple Allow passwords to be simple.

/adminlockout   Allow the Administrator account to be locked
out.
The Administrator account can still log on
interactively on domain controllers.

/noadminlockout Don't allow the administrator account to be
locked
out.


***


-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 23, 2002 9:59 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Admin Account Trouble


I was just replying to the statement of it can't happen. I just don't
want folks on the list to see that --- then if they come across it start
bombarding you with emails stating Rick - you said the administrator
account couldn't get locked out

I haven't asked this list for help on this issue mainly because this
type of situation is not supposed to happen. I know it's my cross the
carry so I didn't want to weigh the group down.



-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 23, 2002 9:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Admin Account Trouble

Craig,

I don't doubt you that you've seen it.  I can only tell you from MY
experience and my education.  I, to this day have not seen it - but do
not doubt YOU that you've seen it.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of Craig Cerino
 Sent: Monday, September 23, 2002 7:36 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] Admin Account Trouble
 
 
 Rick -- that's what I thought but I am here to tell you the built in
 administrator account can ABSOLUTELY become locked out. 
 
 I see it all the time. One of our smaller separate networks
 (built in) Administrator account gets locked out all the time. 
 
 It's actually pretty weird and I've been working for a while
 now trying to figure out WHY this is happening.
 
 Craig
 
 
 
 
 
 -Original Message-
 From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
 Sent: Friday, September 20, 2002 8:48 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] Admin Account Trouble
 
 Craig,
 
 Can't happen - the Administrator account can't be locked out.
  Which, if you think about it is the reason that it's 
 attacked over any other potential admin equivalent account.  
 If the account 'Rick' is an admin equiv but has a lockout of 
 3 attempts, I may as well go after the Administrator who 
 won't lockout even though I'm going after it with a full 
 onslaught brute force dictionary attack with my mongo 
 dictionary with all possible replacement text.  By open of 
 business Monday the administrator account has taken on 
 millions of password attempts.
 
 Yeah, it's kind of a small problem.
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]] On Behalf Of
 Craig Cerino
  Sent: Friday, September 20, 2002 12:16 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] Admin Account Trouble
  
  
  I REALLY don't mean to be insulting -- but is it locked out?
  
  -Original Message-
  From: Michael Payne [mailto:[EMAIL PROTECTED]]
  Sent: Friday, September 20, 2002 12:43 PM
  To: [EMAIL PROTECTED]
  Subject: [ActiveDir] Admin Account Trouble
  
  Hello Everyone,
  
  My administrator account (Windows 2000 server) can not access the 
  group policies for the Domain\ Domain Controller. I can not install 
  software nor does the hardware wizard respond. Any ideas or 
  suggestions? I would appreciate any advice.
  
  Thanks in advance,
  
  
  Mike
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: