RE: [ActiveDir] AD screw up
Title: Message Why not just create Sites for you branch offices? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew GainorSent: Friday, April 16, 2004 12:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] AD screw up Not knowing what I was doing I set up an AD at my company corporate office. I then converted everyone over to it along with my Exchange server. Now I also have a couple of branch offices and want to create children. The mistake I made was that I did not set up an Empty Root Domain first. Isetup the corporate domain as the first server. This is what I would like to do. Tell me if I am wrong or if you have any other suggestions. Root - ADRoot child - corp.ADRoot child - branch1.ADRoot child - branch2.ADRoot I do not want the domains to be internet FQDN. Drew
RE: [ActiveDir] AD screw up
Title: Message You can rename the NetBIOS name not the DNS name. It doesn't sound like to me you need an empty root. Don't screw up your existing domain, especially if Exchange is working in production. Create sites for your branch offices and OU's if you want too. Put a GC at each branch office, kick back, monitor and patch. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew GainorSent: Friday, April 16, 2004 1:54 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD screw up Ok, how about this. I create a new child OU in my existing domain called corp. I then move all users and objects from the root domain to the corp child. Then I rename the root domain. Does that sound like it will work? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.Sent: Friday, April 16, 2004 10:03 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD screw up Create the new OU, then right click on the child OU and click Move -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew GainorSent: Friday, April 16, 2004 12:41 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD screw up I don't know where I get these stupid questions from. ok It looks like OU will work ok. I found info at Microsoft http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/scenarios/ou_design_implement_ou_structure.asp now my question is - Since I already created an AD containing an OU of what I would like to be a child how can I create the parent to insert the child into. Or is that even possible? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.Sent: Friday, April 16, 2004 9:18 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD screw up You could do that, but are you sure you cant accomplish what you want to do with just one domain and a detailed OU strcture? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew GainorSent: Friday, April 16, 2004 12:06 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] AD screw up Not knowing what I was doing I set up an AD at my company corporate office. I then converted everyone over to it along with my Exchange server. Now I also have a couple of branch offices and want to create children. The mistake I made was that I did not set up an Empty Root Domain first. Isetup the corporate domain as the first server. This is what I would like to do. Tell me if I am wrong or if you have any other suggestions. Root - ADRoot child - corp.ADRoot child - branch1.ADRoot child - branch2.ADRoot I do not want the domains to be internet FQDN. Drew
RE: [ActiveDir] Updating Schema to Windows 2003
Nope, I have one running just as you described. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, April 07, 2004 8:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 If the forest prep is done, are there any problems if a child domain is built as a windows 2003 domain while the rest of the forest is still in windows 2000? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Tuesday, April 06, 2004 4:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 Forest Prep will prepare your forests for the Windows 2003 upgrade. IT will also expand your schema at that time. S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Tuesday, April 06, 2004 12:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 I really just want to prepare the forest for windows 2003, I don't need the domains ready yet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent Sent: Tuesday, April 06, 2004 2:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 Also, if you stick in the CD to upgrade a server, it will check the server and AD type, and will not upgrade until you have performed those steps. It even gives you the steps to perform that you can copy/paste. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Tuesday, April 06, 2004 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 I am not aware of any KB articles, but here are the steps that were performed on our upgrade. The forest and domains are prepared by using the adprep command on the schema operations master and infrastructure operations master, respectively. (25min) * At a command prompt, change to the \I386 directory on the installation media and then type: d:\i386\adprep /forestprep * When prompted, type 'C', and then press ENTER to begin forest preparation, or type any other key, and then press ENTER to cancel. * After the forest preparation data has replicated throughout the forest, prepare the domains for Windows Server 2003 as described below. The domain preparation operation must be performed on the infrastructure operations master of each domain in the forest. (no reboot necessary) Prepare an Active Directory domain for Windows Server 2003: (4min) * On the domain controller holding the infrastructure operations master role * At a command prompt, change to the \I386 directory on the installation media, and then type: d:\i386\adprep /domainprep * After the domain preparation data has replicated throughout the domain, upgrade the domain controller by running Windows Server 2003 Setup (I386\winnt32.exe on the installation media). (no reboot necessary) * Specify Upgrade from menu options * Enter Corporate CD Key * Update Setup Files from Microsoft (system reboots) * Setup will now prepare the installation * Installing Windows * Finishing Installation (system reboots) o Total Install Time: 2 hours 10 minutes Hope this helps. S * Steve Shaff Active Directory / Exchange Administrator Corillian Corporation (W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Tuesday, April 06, 2004 10:13 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Updating Schema to Windows 2003 I have a question, what are the steps to update the schema to Windows 2003? Is there a q article out there? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ:
RE: [ActiveDir] Updating Schema to Windows 2003
Have you run into issues with Exchange pointing to GC servers in your subdomains and not being able to resolve recipients in Distribution list unless the DL are Universal DL? We have: Root Forest Windows 2000 with Exchange 2000 and most user accounts, Groups, DLs, etc Subdomain Windows 2003 with Exchange 2003 - mostly for development / testing, few accounts Exchange at times used the DC in the Subdomain for GC lookups. Our DLs were not Universal so when Exchange would attempt to resolve the recipients of the DL using the subdomain GC it would not find any members.at that point messages would die in the Categorizer queue. MS solution was to convert all mail enabled groups to Universal or remove the subdomain DC from the Exchange Directory Servers list. Universal groups will publish all their members in the GCs, but this philosophy seems to contradict everything I read early on about trying to avoid the use of Universal Groups because of the increase in replication between GCs. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, April 07, 2004 9:15 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 One thing I did not mention is that I have Exchange 2003 deployed in my forest. What precautions need to be taken for this. I read the q article 325379 but that talks about exchange 2000. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, April 07, 2004 8:51 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 Nope, I have one running just as you described. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, April 07, 2004 8:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 If the forest prep is done, are there any problems if a child domain is built as a windows 2003 domain while the rest of the forest is still in windows 2000? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Tuesday, April 06, 2004 4:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 Forest Prep will prepare your forests for the Windows 2003 upgrade. IT will also expand your schema at that time. S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Tuesday, April 06, 2004 12:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 I really just want to prepare the forest for windows 2003, I don't need the domains ready yet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent Sent: Tuesday, April 06, 2004 2:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 Also, if you stick in the CD to upgrade a server, it will check the server and AD type, and will not upgrade until you have performed those steps. It even gives you the steps to perform that you can copy/paste. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Tuesday, April 06, 2004 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Updating Schema to Windows 2003 I am not aware of any KB articles, but here are the steps that were performed on our upgrade. The forest and domains are prepared by using the adprep command on the schema operations master and infrastructure operations master, respectively. (25min) * At a command prompt, change to the \I386 directory on the installation media and then type: d:\i386\adprep /forestprep * When prompted, type 'C', and then press ENTER to begin forest preparation, or type any other key, and then press ENTER to cancel. * After the forest preparation data has replicated throughout the forest, prepare the domains for Windows Server 2003 as described below. The domain preparation operation must be performed on the infrastructure operations master of each domain in the forest. (no reboot necessary) Prepare an Active Directory domain for Windows Server 2003: (4min) * On the domain controller holding the infrastructure operations master role * At a command prompt, change to the \I386 directory on the installation media, and then type: d:\i386\adprep /domainprep * After the domain preparation data has replicated throughout the domain, upgrade the domain controller by running Windows Server 2003 Setup (I386\winnt32.exe on the installation media). (no reboot necessary) * Specify Upgrade from menu options * Enter Corporate CD Key * Update Setup Files from Microsoft (system reboots) * Setup will now prepare the installation * Installing Windows * Finishing Installation (system reboots) o Total Install Time: 2
RE: [ActiveDir] OT: Server-side address list Public folder
Nope you have a bug or have done something wrong. Outlook will view contacts within Address List just as it views Users and Distribution Groups. Youmay have to wait for the address list to be 'generated' and viewable via Outlook.not sure From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael WassellSent: Wednesday, April 07, 2004 3:28 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Server-side address list Public folder Okay. I've answered my own question. I've imported all of the contact's into AD as contact objects.I've delegated control of that OU to the managers of the department and they will be instructed how to access/update information for the objects in AD. My question now is, I have created an Address list server-side, but the contact objects in AD do not display in the Address List on the client. "Previewing" the address list from the server returns the correct contact objects, but that doesn't do much good without the client being able to view them from Outlook. Is this by design for Outlook? Is anyone aware of a fix or a workaround to allow Outlook to view contact objects as opposed to only User/Group objects? TIA! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael WassellSent: Wednesday, April 07, 2004 1:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Server-side address list Public folder As a follow up to my own question. If it is not possible, I suppose I could write ascript that automatically exports the contents of the public folder from Outlookand store it in a CSV format,import them into the AD afterwards using CSVDE as Contact objects in a specific OU and query the OU from Exchange server. But I'm hoping someone may have a better idea :-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael WassellSent: Wednesday, April 07, 2004 1:11 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] OT: Server-side address list Public folder I'm not sure if this is possible or not. I can't seem to find any reference of it anywhere. Would anyone care to enlighten me onif it is possible to populate an address list stored server-side (similar to GAL) using an LDAP query to query the contents of a public folder? I know that it is possible to add a public folder to each individual outlook config by opening Properties (of folder) Outlook Address Book Show this folder... But, I am wondering if is possible to remove that process and have it stored on server so users can simply address an email and choose the correct contact from their Outlook without manually adding the folder to their AB's. I have played around with it a little bit and I have been able to limit an LDAP query within Exchange to return only the folder that contains the contacts, but have yet to be able to return the contacts stored within that folder. TIA
RE: [ActiveDir] Exchange 2003 and Firewalls
400+ Outlook clients over a T1. Have you looked at the bandwidth utilization? Sounds like the T1 is saturated to me. What about subnet in the remote office? Is it assigned to the correct site for authentication? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Tuesday, March 23, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange 2003 and Firewalls No it is a private T1, point to point. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, Robert Sent: Tuesday, March 23, 2004 1:26 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Exchange 2003 and Firewalls I take it this is a public T1 over the internet, comms via a VPN? -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: 23 March 2004 17:35 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange 2003 and Firewalls Physically the two orgs are connected by a T1 Line. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, Robert Sent: Tuesday, March 23, 2004 11:16 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Exchange 2003 and Firewalls Is this on the same physical site? -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: 23 March 2004 14:58 To: ActiveDir (E-mail) Subject: [ActiveDir] Exchange 2003 and Firewalls I have a facilities that insists on having a very old 3Com Firewall between our organizations. On his side of the firewall is has 400 + outlook clients, on my side I have the Exchange 2003 server and the Global Catalog Servers. Clients are taking an extremely long time to connect to mail and access resources. None of my other 9 facilities have this problems and the only thing different is that none of the others have a firewall between our two organizations. What ports do they have to open to allow proper communications between their clients and my servers? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any use (including retransmission or copying) of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient of this transmission, please contact the sender and delete the material from any computer. The sender is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Any replies to this email may be monitored by the MCPS-PRS Alliance for quality control and other purposes. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any use (including retransmission or copying) of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient of this transmission, please contact the sender and delete the material from any computer. The sender is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Any replies to this email may be monitored by the MCPS-PRS Alliance for quality control and other purposes. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange/AD bug or poor design?
Title: Message If I am not mistaken, 'Changes' to DL Memberships happen ona domain controller within AD. That information is replicated to the Global Catalog servers as a Read-Only Copy. To be sure Global Catalogs that are queried maintain a complete list of Distribution List Members, all DLs must be Universal DLs (in a multiple domain environment) http://support.microsoft.com/default.aspx?scid=kb;en-us;271930 Kills the idea that you should limit the amount of Universal Groups in an AD domain / forest. I probably missed the point below.. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken CornetetSent: Thursday, March 18, 2004 1:17 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange/AD bug or poor design? We handled it by writing a perl CGI program to do DL management. Our environment is fairly simple, though - all users in one domain, DLs in another. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.Sent: Thursday, March 18, 2004 11:57 AMTo: Active Directory Mailing List (E-mail)Subject: [ActiveDir] Exchange/AD bug or poor design? Hi All, I know that some of you think the Exchange/AD is the best thing since "sliced bread" wink based on past exchanges/rants on this mailing list,and I wonder about the following: In multi-domain environments, the global catalog server that you select may not be in the same domain as Active Directory group objects. Therefore, users cannot update group membership because the local global catalog server has a read-only copy of the group. from: How to configure a specific GC: http://support.microsoft.com/default.aspx?scid=kb;EN-US;319206 Since an Outlook client can choose any of the available GCs in the enterprise, when a user tries to update a group membership, obviously it's going to fail if connected to a GC that has a read-only copy. So the fixup, according to the KB article,is to specify a particular GC. But by specifying a particular GC, all of a sudden I have lost the redundancy that AD gives me! Catch-22! Is this an Exchange design flaw?How are others handling this problem? TIA! Mike Thommes
RE: [ActiveDir] Experiences with DFS.....
Title: Message Youshould look closely at the product you choose for the replication piece, 3rd party is advised, to see it's recommendations about .pst files. Some don't like them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris FlesherSent: Thursday, March 11, 2004 12:32 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Experiences with DFS. Well, to give a little more info, we have 1,000,000+ files on our NAS. This machine is accessed pretty hard by ~1,000 users, housing .pst files and eudora data store files. If you are saying that each time there is a change in a file, it is replicated, would it constantly replicate email data files each time an email comes to the user? That could get ugly. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ayers, DianeSent: Thursday, March 11, 2004 10:52 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Experiences with DFS. We looked at a DFS / FRS combo and quickly rejected it based on the problems with FRS. For data replication, FRS is a PoS (to be brutally honest). MS needs to start from scrtach on that one. Any efficient data replication scheme would utilize a block level or some other low levelreplication process and not be based on file level replication. A single change to, say a 10 MB file, should not trigger the replication of the entire 10 MB file. We're looking at several third party replication tools but the jury is still out on the optimal solution. Diane -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Brent WestmorelandSent: Thursday, March 11, 2004 8:25 AMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Experiences with DFS. Yes, You need to become familiar with the FRS registry settings and the staging directory. Try these links to get you started: http://www.jsiinc.com/SUBI/tip4100/rh4104.htm http://www.jsiinc.com/SUBL/tip5900/rh5973.htm Also, definitely consider moving your staging directory to a large volume follow the instructions in KB291823. On Mar 11, 2004, at 11:00 AM, Chris Flesher wrote: We are thinking of using DFS in order to add redundancy to our NAS offerings. My main question is does anyone have experience using DFS to replicate/keep in sync large amounts of info, i.e. 200+GB, between two or more servers? As always, thank you for the help. Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477 Brent Westmoreland BMW Group - Data Center Americas Business: 864.989.6567
[ActiveDir] AD Performance Monitors
Title: AD Performance Monitors Anyone have a pointer to a good paper about which NTDS counters to monitor and what the accepted thresholds for the counters should be. I have found some info on counters but not thresholds.. Windows 2000 AD. Thanks in advance.. Shawn
RE: [ActiveDir] Is this list still active?
Nobody here but us chickens... Just kidding this is a very active list...very informativelots of smart people not including myself -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Tuesday, February 03, 2004 10:36 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Is this list still active? I have a couple of questions, and I really need help! List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Is this list still active?
I thought after the fact that I should have said Rubber Chickens. Those monitoring the list for a while would understand -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Cerino Sent: Tuesday, February 03, 2004 10:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Is this list still active? I was gonna give a similar smart-arse answer - but I didn't wanna scare the dude off :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, February 03, 2004 10:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Is this list still active? Nobody here but us chickens... Just kidding this is a very active list...very informativelots of smart people not including myself -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Tuesday, February 03, 2004 10:36 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Is this list still active? I have a couple of questions, and I really need help! List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Changing Group Scope
Title: Changing Group Scope Hello Everyone, I need help writing a script to change the group scope for all groups in our Domain. See KB article 271930 for an explanation whythis hit me as an oh by the way we forgot to mention... Robbie Allen, I have a copy of the AD Cookbook for Windows 2000 and Windows 2003. In this book you have a script that will accomplish what I am trying, page 225. Your script focuses on a single group and I must know the DN. What I am trying to do is run this against the domain and modify all mail enabled groups. I would prefer not having to manually look up DN's etc. Any help from anyone is most appreciated. Thanks in advance, Shawn
RE: [ActiveDir] Virus software on DC
We run Symantec AV corporate edition and don't exclude any directories. We haven't had any problems related to AV software.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Wednesday, December 10, 2003 11:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Virus software on DC What directories should I not be scanning? We use the exclusions in this list- 822158 - Virus Scanning Recommendations on a Windows 2000 Domain Controller: http://support.microsoft.com/default.aspx?scid=kb;en-us;822158 From: John Parker [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 8:30 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Virus software on DC We run Trend here. Never have run into any issues and we are using the realtime scan. Just out of curiosity though, I am scanning all except for a few select dirs/ What directories should I not be scanning? John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 10:24 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Virus software on DC I do, but I exclude the AD files, and I do not have real-time scanning enabled, just periodic scheduled scans. Does not seem to cause any problems. mc -Original Message- From: Douglas M. Long [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 11:17 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Virus software on DC This may be a dumb question, but do you guys have virus scanning software on your DCs? I have been confused if the virus scanner slows the machine down or not. Thanks List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] [Off-Topic] Moving files across volumes with perm s intact
Title: Message later versions of xcopy will too, if you don't have a resource kit xcopy /? will show you how From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 9:24 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] [Off-Topic] Moving files across volumes with perm s intact scopy or robocopy from the resource kits will do it -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 6:15 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] [Off-Topic] Moving files across volumes with perms intact Is it possible to move files and folders across volumes so that the permissions remain the same ? we have a dir tree that contains huge numbers of files and folders, and i need to move them to a new volume. If the perms are reset (which is the norm) then it will take forever to set the perms back again. Olly
RE: [ActiveDir] Virtual Memory Fragmented
Create a new pagefile specify same size for min and max Delete current pagefile Create new pagefile to replace deleted page file and specify same size for min and max This is Windows 2000 Enterprise edition, isn't it? -Original Message- From: Steve Shaff [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 4:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Virtual Memory Fragmented I already have put into place the /3gb switch before this all happened, as seen below. Any other ideas? Thanks, S [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=Windows Server 2003, Standard /fastdetect /3gb /userva=3030 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of King, Arron S. Sent: Monday, November 17, 2003 11:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Virtual Memory Fragmented Here's an article I found on MS site - http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b329864 This has been talked about quite a bit on the Swynk Exchange list - not to any great resolution that I can recall... HTH = Arron King Network Systems Administrator Ohio Dominican University [EMAIL PROTECTED] V: 614-251-4515 F: 614-252-2650 -Original Message- From: Steve Shaff [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 2:01 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Virtual Memory Fragmented Greetings, I appear to have a problem with my virtual memory being fragmented. This is on a Windows 2003 Server running Exchange 2003, so needless to say it is very important that it stays running. The server rebooted, but in doing so did not start all of the exchange services, which was very bad... What are your thoughts in how I can prevent this from happening? This server is running with 3gb of physical ram and 4096 of paging, there should be no memory problems. Here is the event log from the server. Event Type: Error Event Source: MSExchangeIS Event Category: Performance Event ID: 9582 Date: 11/16/2003 Time: 3:27:12 AM User: N/A Description: The virtual memory necessary to run your Exchange server is fragmented in such a way that normal operation may begin to fail. It is highly recommended that you restart all Exchange services to correct this issue. For more information, click http://www.microsoft.com/contentredirect.asp. Any thoughts or suggestions? Thanks, Steve List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Virtual Memory Fragmented
Dump the /3GB switch, it is for Enterprise Edition Only -Original Message- From: Steve Shaff [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 5:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Virtual Memory Fragmented I will give this a try. No, this is Windows 2003 Standard running Exchange 2003 Enterprise. Thanks Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, November 17, 2003 1:52 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Virtual Memory Fragmented Create a new pagefile specify same size for min and max Delete current pagefile Create new pagefile to replace deleted page file and specify same size for min and max This is Windows 2000 Enterprise edition, isn't it? -Original Message- From: Steve Shaff [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 4:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Virtual Memory Fragmented I already have put into place the /3gb switch before this all happened, as seen below. Any other ideas? Thanks, S [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=Windows Server 2003, Standard /fastdetect /3gb /userva=3030 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of King, Arron S. Sent: Monday, November 17, 2003 11:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Virtual Memory Fragmented Here's an article I found on MS site - http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b329864 This has been talked about quite a bit on the Swynk Exchange list - not to any great resolution that I can recall... HTH = Arron King Network Systems Administrator Ohio Dominican University [EMAIL PROTECTED] V: 614-251-4515 F: 614-252-2650 -Original Message- From: Steve Shaff [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 2:01 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Virtual Memory Fragmented Greetings, I appear to have a problem with my virtual memory being fragmented. This is on a Windows 2003 Server running Exchange 2003, so needless to say it is very important that it stays running. The server rebooted, but in doing so did not start all of the exchange services, which was very bad... What are your thoughts in how I can prevent this from happening? This server is running with 3gb of physical ram and 4096 of paging, there should be no memory problems. Here is the event log from the server. Event Type: Error Event Source: MSExchangeIS Event Category: Performance Event ID: 9582 Date: 11/16/2003 Time: 3:27:12 AM User: N/A Description: The virtual memory necessary to run your Exchange server is fragmented in such a way that normal operation may begin to fail. It is highly recommended that you restart all Exchange services to correct this issue. For more information, click http://www.microsoft.com/contentredirect.asp. Any thoughts or suggestions? Thanks, Steve List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Server Reboot problem after SP4 installation
Jim, What Veritas product was this driver for? Thanks, Shawn From: Jim Patton [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2003 11:40 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Server Reboot problem after SP4 installation I finally found the resolution to this problem. It came down toobtaining an updatedversion of the Veritas driver, VSP.SYS. Jim -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Jim PattonSent: Friday, September 19, 2003 2:32 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Server Reboot problem after SP4 installation Thanks George! I do remember that step during the SP4 installation and elected to overwrite the existing files to preserve the integrity of the SP4 installation. Compaq replaced the CPU on one of the three servers that are affected by this problem and it didnt resolve the problem. Didnt really think it would, but it was the last piece of hardware that could possibly have had something to do with this issue. At the moment, Im planning to rollback to SP3 on one of the three servers as the next step. However, after reading your message, I think Ill download the drivers youve mentioned and load those in place of the existing files on one server as a test. Re-building these servers is the absolute last option. Thanks for your help and to everyone else that has provided input into this issue. Ill keep the list posted on my progress. Jim -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of George ArezinaSent: Thursday, September 18, 2003 10:30 PMTo: [EMAIL PROTECTED]Subject: FW: [ActiveDir] Server Reboot problem after SP4 installation Jim, Heres something you might want to think about regarding your Compaq servers. Regards, George From: Phillip Rabago [mailto:[EMAIL PROTECTED] Sent: Friday, September 19, 2003 4:48 AMTo: [EMAIL PROTECTED]Cc: Jan Beckman George, a colleague of mine forwarded your message to me. You may want to forward this reply toJim Patton. I had a similar incident when upgrading a server (DL380) to SP4. After many attempts by tech support to resolve without rebuilding, they were ready to toss in the towel and suggested to rebuild. We talked a few minutes more and realized that one major step that seemed innocuous at the time, was probably the culprit. During SP4 installation you're asked if you want to replace cpqarray.sys (filename may be wrong, but it's close) and another similar file. DON'T replace them. They are the harddrive array drivers. If you replace them you won't be able to boot properly. Anyway, the solution (which isn't sanctioned by them, but was offered as sidebar by a tech who'd happened to have a similar experience) is to download the files from Compaq/HP and then create a floppy with the drivers on it, and use the floppy during Windows 2000 setup. Run Windows 2000 setup, hit F6 to select 3rd party array drivers from the floppy and finish the install. I don't recall the actual install that I ran, but I think I ran the repair rather that the normal install. But the important step is to get the machine to a command prompt and copy the files to their proper location. Sorry to be so vague in my description, but I was not feeling well at the time, I didn't take notes, and left as soon as I got the server rebooted and working (and didn't want to think about it again). With any luck, this will reach Jim in time, if he hasn't found this or another solution already. BTW, as a side note, I've found that making sure the AV software is turned off AND emptying ALL temp and cache folders, makes the chance of a successful installation nearly 100%. I haven't had a difficult install on any machine in which I've emptied all these folders first. Thanks Phillip Rabago -Original Message-From: Jan Beckman Sent: Thursday, September 18, 2003 7:17 AMTo: Phillip Rabago; Cheryl L. Qualls; James S. Sharp; Rashid Jasim; David Martin; Hal Taberner; Bill Siemsen; Erik S. LasiewskiSubject: FW: [ActiveDir] Server Reboot problem after SP4 installation I have been monitoring the discussion groups for any problems popping up after installing W2k SP4. Thought I would share this one in case others have these server models. --jan -Original Message-From: George Arezina [mailto:[EMAIL PROTECTED]Sent: Wednesday, September 17, 2003 11:21 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Server Reboot problem after SP4 installation Jim, I could not agree with you more. Most techie support guys fall back on the same answer, "rebuild
[ActiveDir]
I believe a GPO was modified by someone with the appropriate 'rights', but that person did not communicate changes were to be made and now we see some strange issues Issues are not the point of this question. Does anyone know of a way to determine who modified the GPO? Thanks in advance, Shawn List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir]
Great, but anything built in to the OS? Anyway I can point a finger at a DBA that is poking is hands where they do not belong. Please don't ask why they have rightsaarrgghhh Shawn -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 4:46 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] FullArmor FAZAM GPO Auditor... www.fullarmor.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 2:26 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] I believe a GPO was modified by someone with the appropriate 'rights', but that person did not communicate changes were to be made and now we see some strange issues Issues are not the point of this question. Does anyone know of a way to determine who modified the GPO? Thanks in advance, Shawn List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir]
File and Object auditing on the Sysvol and Policies directory explicitly should do the trick???...At least this would show who was making changes. At that point I can confront that person.. Sound correct? Thanks Gil Shawn -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 5:12 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] You can set up auditing in AD on the GPOs themselves by setting the SACLs... The accesses will show up in the security audit log. You can likewise set up auditing on the SYSVOL to track changes on the files. Use your favorite event log collector (e.g., Microsoft's MACS, which is in Beta). But translating the resulting mess of event log entries into something meaningful will be a challenge. And you won't be able to tell specifically what was changed Just that it was changed. -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 3:00 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Great, but anything built in to the OS? Anyway I can point a finger at a DBA that is poking is hands where they do not belong. Please don't ask why they have rightsaarrgghhh Shawn -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 4:46 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] FullArmor FAZAM GPO Auditor... www.fullarmor.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 2:26 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] I believe a GPO was modified by someone with the appropriate 'rights', but that person did not communicate changes were to be made and now we see some strange issues Issues are not the point of this question. Does anyone know of a way to determine who modified the GPO? Thanks in advance, Shawn List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Infrastructure and GC
Title: Message Rick, Thanks for the input...I appreciate it. Shawn -Original Message-From: Kingslan, Rick T. [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 11:27 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Infrastructure and GC Shawn, You can do it temporarily. Some updates might not be made to references about objects in other domains such. It's not a good thing to do for a long period of time, but it's not a horrific issue, either. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryLAN Administration - Windows 2000West Corporation[EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 8:21 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Infrastructure and GC Any implications from adding a GC role to an infrastructure master temporarily? We do have trusts with other forests and a sub-domain. Shawn
[ActiveDir] Windows 2003 AD
Title: Windows 2003 AD Any issues with having a Windows 2003 child domain below a Windows 2000 root?
RE: [ActiveDir] What is SUS?
And low bandwidth environment Shawn -Original Message- From: England, Christopher M [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 9:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] What is SUS? SUS is basically WindowsUpdate (or more specifically, Automatic Updates from XP SP1 or 2000 SP3), but you control what updates go out. You still use the GPO to dictate how they get the updates, but instead you point them at one of your servers (with IIS and the SUS server component) for their patches. You can either just host the 'list' of updates they should get, and then the clients download them from Microsoft as normal; or you can 'synchronize' your SUS server with MS and have ALL of the updates local (this would be most useful in the firewalled environment). I hope this helps, Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University -Original Message- From: John Parker [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 8:08 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] What is SUS? Please forgive my naievity... How is this different from the windows update component in my Group policy? And, is this a seperate piece of software? Or is it included with Server? John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Tim Hines [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 7:26 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] What is SUS? It stands for Software Update Services. You can use it to deploy updates to your clients. You can setup an internal server that stores updates that you download from the web. Your clients will then use this server to obtain their updates. You can find more info about it at http://www.microsoft.com/windows2000/windowsupdate/sus/ -- Tim Hines, MCSE, MCSA - Original Message - From: John Parker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 8:17 AM Subject: [ActiveDir] What is SUS? Hey all.. No flames ok? I'm covered in jet fuel. Could someone explain what SUS is? I thik it is for windows updates, but I am not sure, and if it is something that would streamline my updates, then I would like to know more. Thank you John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 8:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SUS Feedback... William, We, too, run SUS with great success - much of the warts have already been mentioned so I won't elaborate. However, we knew that ther was an issue with users not shutting of their systems. What we implemented to resolve this and to insure that updates did get applied - especially in the case of vulns like MS03-07 and MS03-26 - we have a script that will do a rolling 'restart' of systems. Granted, our systems are named in a logical manner for our production seats, but our staff seats are on their own subnet - so we just reboot anything between specific IP ranges - and have it spaced out (by minutes, hours, or days = depending on criticallity) so that the systems don't overload the DCs and SUS systems, oh yeah - and the network g. It's been effective for us for a fair amount of time (10 - 12 mos.) and we are running this in 14 of our remote locations as well as our local campus WAN with 8 buildings. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Lefkovics Sent: Tuesday, September 09, 2003 3:33 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] SUS Feedback... We share the same issues. But we have laptops that have traveled the country or just get taken home each night, but haven't been rebooted in weeks. They just hibernate on battery power til next time they are opened. Essentially, we have chosen to not shut off workstations at days' end. They remain running 24/7. Updates for antivirus, patches for applications or OS all happen after hours for desktops. William - Original Message - From: Roger Seielstad [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 11:59 AM Subject: RE: [ActiveDir] SUS Feedback... I've been running SUS SP1 for a week or two
RE: [ActiveDir] Exchange issue
Title: Message Just to be sure DNS is working correctly.Can you surf the Internet on the Exchange server? Are you talking about Exchange 5.5, 2000 or 2003? Shawn -Original Message-From: John Parker [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 9:15 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange issue Hey all... I have recently built an exchange server at home.The server and activedirectory as well as exchange went by the book.I have all of my workstations on the domain and they are working fine.All of the workstations are connecting to the exchange server without a problem.two of the computers have 3rdparty internet mail accounts on them as well.(I hope I am making this clear.)My domain is not registered as of yet because I cannot nail down a static IP.(Cable modem blues)That will change once I have a house. Now, for the problem.I cannot send mail to anyone that is not in the gal. Shouldn't I be able to send mail out regardless of whether my domain is reistered?I understand that I will not be able to recieve external mail as far as the exchange server goes, and the internet mail seems to be working fine short of sending. What am I missing here? Thanks for the help. John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems.
RE: [ActiveDir] Exchange 2000 question
Title: Message Exchange 2000 System Console under the Information Store look at Mailboxes. Shawn -Original Message-From: Rick Reynolds [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 1:39 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange 2000 question How do you display the mailbox size in Active Directory for an exchange 2000 mailbox? The admin tools for Exchange 5.5 do not display the size acurately.
[ActiveDir] When to seize FSMO roles in a Disaster
Title: When to seize FSMO roles in a Disaster Background: A company we consult for has AD implemented in three sites. One Domain, AD is in Native Mode. A DNS and Global Catalog server exist in each site. Site locations are VB, NV and DC. VB is the hub with a leased line T1 to DC and two T1s, load balanced, to NV. VB is home location and domain controllers in VB hold all FSMO roles. NV is semi-active production, but also established as a Disaster Recovery site in case VB goes boom! (lots of military targets in Hampton Roads). DC is a production site. Question is: If something happens in VB, when does it become absolutely necessary to seize FSMO roles in NV? I take it we would have to follow the same procedure in DC??? I understand once the roles are seized the domain controllers that held the roles must not come back up, not an issue. Shawn Hayes, MCSE Sr. Network Engineer Compass Technology Management Sound Business Sense for IT www.compass.net 757-226-3328
RE: [ActiveDir] OT: Server Monitoring
Title: Message use a local SMTP engine (IIS SMTP ) and let DNS route the messages out for you. Shawn -Original Message-From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 8:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: Server Monitoring I did download the trial and have been using it, but the problem is that when the exchange server goes down, how will it notify me? Someone mentioned using a script, but I am not a scripting person, do you have anything for this? -Original Message-From: Van Noy, Glen R [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 06, 2003 6:32 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Server Monitoring We use Servers Alive and let me tell you, for the price, $99.00, it is one of the best values around and does a fantastic job monitoring all types of servers and services. Download the free copy, up to 10 checks, and try it yourself and I guarentee that you will buy it. glen The University of Texas at Dallas -Original Message- From: England, Christopher M [mailto:[EMAIL PROTECTED] Sent: Wed 8/6/2003 4:36 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] OT: Server Monitoring I must say I am using this and I find it more reliable than InsightManager. It emails my phone and my regular email whenever a server isnot pingable (or if a certain service is not running). The checkinterval is 2 minutes on mine, which catches most things quickly enoughfor my needs. I recommend this for a nice and easy (and free, for 10boxes and Shawn stated) Server Update utility.The web page that you can have output is a little tricky to get workingwith the NT service, but it works, and you can download a nice templatefor it as well.Have fun!Chris-Christopher EnglandServer AdministratorMCSA, Server+, Network+, A+College Information Technology OfficeIndiana University-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 06, 2003 4:07 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Server MonitoringHaven't tested and I am not affiliated with this company, but this maybe what you are looking for and it is free for up to 10 boxes (excellentprice for non-profits). It doesn't seem to perform MAPI testing but itwill do SMTP testing.http://www.woodstone.nu/salive/Shawn-Original Message-From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]Sent: Tuesday, August 05, 2003 4:35 PMTo: ActiveDir (E-mail)Subject: [ActiveDir] OT: Server MonitoringMmy company is currently looking for a product that will monitor if thee-mail server and other servers are up or down and then notify me bye-mailing my cell phone.Question 1) What software do you use? 2) How do you get notified bye-mail if your e-mail server is down?Any help is appreciated, I have already looked at Whats Up Gold andServers Alive.Justin A. Salandra, MCSESenior Network EngineerCatholic Healthcare System212.752.7300 - office917.455.0110 - cell[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]List info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive:http://www.mail-archive.com/activedir%40mail.activedir.org/List info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive:http://www.mail-archive.com/activedir%40mail.activedir.org/List info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Todd hijacked
Site to Site VPN connection between Firewalls and leave the firewall port configuration alone... Shawn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 6:15 PM To: ActiveDir Subject: Re: [ActiveDir] Todd hijacked Gil wrote an article on planning site coverage for your dc's. That should help in that area. AD over firewalls are a big pain. Many different approaches and most are not very good, none are perfect. You were at DEC for the encrpted smtp approach, that is severely limited on your AD design and has other drawbacks. Explain more of your requirements for more specific input. -- Sent from my BlackBerry Wireless Handheld - Original Message - From: ActiveDir-owner Sent: 08/05/2003 04:30 PM To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) Well we are currently redesigning our Site Topology due to several organizations setting up firewalls and thinking they are guarding against Neo and the Matrix Gang. One thing we are working with Microsoft on is optimized Hub and Spoke topology by creating sites for networks that are behind firewalls. We want to address a couple of things here in the design as well. Failover DDNS service, Deployment of an Enterprise Level Directory Tripwire tool, and Enterprise Directory Monitoring. What would be cool is if there was a directory optimization tool as well. One that would set DNS SRV record Priorities. I haven't had a chance to look at the latest version of DT to see if it is in there yet. Part of the Firewall configuration is to set a static port. The question is Is one port enough?. I was reading some Backup Exec Documents and they recommended that their application have at least 20 ports open for their DCOM object. Anyone have experience here and what to help a brother out? Toddler -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 3:58 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) What's up Todd? You have a hankerin' for some chicken? And I probably should stop wasting everyone's inbox capacity with this silliness... Doesn't someone have some AD problems that need fixing? -gil -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 12:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) Gil, you should give one out for every Enterprise purchase of Netpro Products. Todd Myrick -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 3:22 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) John, Stella has put the world-famous Official DEC Screaming Yellow Rubber Chicken in the mail, so you should get it by the end of the week or so. When you do get it, be sure to give it a good squeeze. When I spoke at the 2002 AFITC, a general from ACC (I've forgotten his name) told me that someone in his office had received one and the noise was driving him crazy. Scratch the chicken off the list of how to win friends and influence people. -gil -Original Message- From: Bjelke John A Contr AFRL/VSIO [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 12:01 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) Gil, I'm not THAT old! Man, next you'll be implying that I built the DARPAnet! (and we all know it was Al Gore who's responsible for that!) *grin* Nah, I just have a fondness for old, dead languages and remembered seeing that one before. I actually had a book mark to a history of computing type doc that had this very example of MUMPS code. As for DEC Ottawa, I doubt it, times and budgets being what they are. But I'll take the chicken... sounds like cool geek-schwag :^) John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam. -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 12:01 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String) Wow John! I'm impressed. Were you at Unisys when MUMPS actually ran on Unisys minis? Or did you just get lucky with Google? :) I'm thinking that your answer deserves a world-famous Official DEC Screaming Yellow Rubber Chicken, whose hideous screech is known to strike fear in the hearts of dogs, cats, and small children. Are you coming to DEC Ottawa? I can give it to you there, along with your free beer. Otherwise, send me your shipping info offlist, and no beer for you. -gil -Original Message- From: Bjelke John A Contr AFRL/VSIO
RE: [ActiveDir] Users Logged In
Title: Message srvmgr is out of the box an available application Windows 2000 server located in the system32 directory srvmgr from NT4 will also work. just copy the .exe to your local machine or run it from the server, it is up to you. Shawn -Original Message-From: Kitchens Arthur E [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 2:36 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Users Logged In The version for XP works on all of them I believe (NT 4.0,2000,2003). It's on the install cd's in the I386 folder adminpak.msi, or available for download from microsoft. I don't have the URL handy, sorry. -Original Message- From: Thommes, Michael M. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 29, 2003 12:19 PM To: [EMAIL PROTECTED] Not too late...I believe it is only available under NT 4. Mike Thommes -Original Message- From: Free, Bob [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 29, 2003 1:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Users Logged In Not to sound like an absolute n00b or anything, Too late :-] start|run|svrmgr -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 29, 2003 10:49 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Users Logged In Not to sound like an absolute n00b or anything, but where is Server Manager? On Tuesday, July 29, 2003, at 01:06 AM, Milind Patil wrote: You can use the Server Manager for the same.. -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 29, 2003 11:59 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Users Logged In How do I know what users are currently logged in? They are all logging into the domain into active directory but I don't know where to see the users that are currently logged and which ones aren't. Secondly would it show if they are idle? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Users Logged In
I just read the initial thread .. Server manager is not what you want to use, but will work! Use Computer Manager and 'connect to' the machine you would like to investigate or open Computer Manager on the machine in question. Expand Shared Folders \ Sessions and you will see who is actively using that server. Computer Manager will show you the same info as Server Manager, but in an easier to read format with an expandable window.. Shawn -Original Message- From: Free, Bob [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 2:47 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Users Logged In If you are running XP, my copy's from the 2003 ResKit. It should already be on a 2K box in %windir%\system32 Caveat emptor- From 2003 RK help Warning Using this tool on Active Directory domains or Windows 2000, Windows XP or Windows Server 2003 computers may cause corruption, or the tool may refuse to target such domains or computers. Always use the Active Directory administrative tools for Active Directory domains. :^) -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 11:15 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Users Logged In When I go to start, run, svrmgr it says that the program does not exist. How do I install it? On Tuesday, July 29, 2003, at 11:06 AM, Free, Bob wrote: Not to sound like an absolute n00b or anything, Too late :-] start|run|svrmgr -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 10:49 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Users Logged In Not to sound like an absolute n00b or anything, but where is Server Manager? On Tuesday, July 29, 2003, at 01:06 AM, Milind Patil wrote: You can use the Server Manager for the same.. -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 11:59 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Users Logged In How do I know what users are currently logged in? They are all logging into the domain into active directory but I don't know where to see the users that are currently logged and which ones aren't. Secondly would it show if they are idle? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Would think it would decrease traffic in the long run because of users at that end on the WAN pipe can retrieve locally cached lookups. Shawn -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:20 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I'd expect it to be minimal, although I don't have a lot of emperical data to prove it. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 2:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) So what is the impact of placing DNS servers at each remote location? Significant? Or minimal? (given connections are all greater than 256k frame) -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I believe you are correct. Additionally, though, I don't think DNS replication traffic is all that considerable. The worst data hog in DNS is the resolver cache, which isn't replicated. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] AD Upgrade with bad NetBIOS name
Title: Message Our company Netbios name has a .net extensionfrom previous employees... It has caused us no problems with our AD. (Multisite Native Mode) Shawn -Original Message-From: Brenden Bryan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 4:51 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] AD Upgrade with "bad" NetBIOS name Migrate, leave that issue behind. -Original Message-From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 3:26 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Upgrade with "bad" NetBIOS name I think you misunderstand. The company's netbios name is company.com -- that's the NT4 domain is company.com. I'm concerned about doing an AD upgrade with a period in the netbios name. -Original Message-From: Jef Kazimer [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 3:35 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Upgrade with "bad" NetBIOS name Why not just use an internal namespace? I've done it at a few companies use "corp.com" publicly, and "corp.net" internally. The only issue is if you don't own corp.net and may in the future have to get to the external net. Company.int is available. J You can use "company.com" externally and "company.int" for your internal network. This would provide you a migration path and a separation of internal and external namespaces. Jef From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Thursday, June 26, 2003 1:53 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Upgrade with "bad" NetBIOS name Actually, that IS their real name. They are a "dot com" that has succeeded and is still around. -Original Message-From: Raymond McClinnis [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 2:34 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Upgrade with "bad" NetBIOS name I don't know that it's such a bad thing... Most or all of the TechNet examples will be personalized for their environment...J But Seriously, I'd consider migrating to a domain that has their real name in it, if not entirely for esthetic reasons. But that's just me... Thanks, Raymond McClinnis Network Administrator Provident Credit Union -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Thursday, June 26, 2003 11:05 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] AD Upgrade with "bad" NetBIOS name I've just retained a client whose NT4 domain name is company.com -- yes, their netbios domain name. I'm seriously concerned about upgrading them to AD. Do I have any worries? I've never seen this one before, and it isn't covered in any of the whitepapers I've quickly perused. Thanks. ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.
[ActiveDir] OT: Link to Windows 2000 Service Pack 4
http://download.microsoft.com/download/e/6/a/e6a04295-d2a8-40d0-a0c5-241 bfecd095e/w2ksp4_en.exe List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4
Title: Message Yes Shawn -Original Message-From: Leeuwen van, JWJ (Joost) [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 8:44 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4 Is this the final version or a leaked one? Joost -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 25, 2003 2:39 PM To: [EMAIL PROTECTED] http://download.microsoft.com/download/e/6/a/e6a04295-d2a8-40d 0-a0c5-241 bfecd095e/w2ksp4_en.exeList info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail.
RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4
Sounds like the boys with Beta and Premier access are pissed we PUBLIC only individuals can obtain this software at the same time or before them. Like any other software from MS, use at your own discretion and test, test, test before production. Enjoy or don't it is up to you. -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 2:26 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4 Add to that the fact that you could void certain warranties and contracts you have with Microsoft (support etc) if a box you have STB on you while you're running an app/service pack etc that your class of service has not yet been made privy to -Original Message- From: Rod Trent [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4 You should also note, that service packs have been yanked after being released to Premier customers that have had to be retooled before public release. So, its really not a good idea to apply a service pack in a production environment that doesn't yet have full public support. If you have problems with a pre-public release, you are SOL. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Tuip Sent: Wednesday, June 25, 2003 1:59 PM To: [EMAIL PROTECTED] So who is going to get 'slapped' ? Martin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent Sent: Wednesday, June 25, 2003 7:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4 Win2k SP4 was released to Premier customers this morning. Those are the links you are seeing. Public availability is June 30th. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Wednesday, June 25, 2003 1:16 PM To: [EMAIL PROTECTED] Rick, The RC1 that we got the other day had NO warnings - standard EULA. So, I wouldn't base the reality of release or beta on 'big warnings'. That's not always the case. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Reynolds Sent: Wednesday, June 25, 2003 10:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4 http://download.microsoft.com/download/e/6/a/e6a04295-d2a8-40d0-a0c5-241 bfec d095e/w2ksp4_en.exe I am downloading now, I will let you know what Microsoft Says in the install. Beta stuff has big warnings.. of course so does the regular patches to. From: Leeuwen van, JWJ (Joost) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Link to Windows 2000 Service Pack 4 Date: Wed, 25 Jun 2003 14:44:17 +0200 MIME-Version: 1.0 Received: from mail.activedir.org ([64.245.160.7]) by mc9-f39.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 25 Jun 2003 07:40:41 -0700 Received: from RELAY02.rabobank.nl [145.72.69.21] by mail.activedir.org with ESMTP (SMTPD32-7.07) id A972E0600F0; Wed, 25 Jun 2003 08:45:38 -0400 X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP Message-ID: [EMAIL PROTECTED] Return-Receipt-To: Leeuwen van, JWJ (Joost) [EMAIL PROTECTED] X-WSS-ID: 12E747131949507-01-01 X-WSS-ID: 12E746331337517-01-01 Precedence: bulk Sender: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 25 Jun 2003 14:40:42.0040 (UTC) FILETIME=[C0C4EB80:01C33B27] Is this the final version or a leaked one? Joost -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 2:39 PM To: [EMAIL PROTECTED] http://download.microsoft.com/download/e/6/a/e6a04295-d2a8-40d 0-a0c5-241 bfecd095e/w2ksp4_en.exe List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List
RE: [ActiveDir] Domain Local Group
AS long as you are in Native Mode. In mixed mode they are the same as NT 4 domain controller based local groups -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 9:11 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Domain Local Group They can be used to assign permissions to any object within the domain in which it exists. In NT4 terms, it's the rough equivilent of making an identical local group on each box throughout the domain. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Jennifer Fountain [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2003 11:54 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Domain Local Group What exactly can they be used for? Can I create a DLG and add global groups and assign permissions? Can I assign sql2000 permissons According to this article, I should be able to... Or am I reading it wrong? http://msdn.microsoft.com/library/default.asp?url=/library/en- us/modcore /html/deconWindowsNTSQLServerLogins.asp I created a dlg and assigned it to a db and it didn't work. I am in mixed mode. Does that affect it? Sp2 affect it? Thanks for any info Jenn List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] WinPE and RIS
Title: Message Anyone know where to obtain WinPE? It is hard for me to find Shawn -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, May 31, 2003 11:49 AMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] WinPE and RIS PE is for the situations where a floppy can't cut it, easier way to get a base OS with decent driver support, the ability to format and partition drives and run winnt32.exe--Sent from my BlackBerry Wireless Handheld - Original Message - From: ActiveDir-owner Sent: 05/31/2003 05:58 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] WinPE and RIS Hey all, This may not be a question for this group, but I don't know where I can ask this question. My question is: Why using a RIS for installing WinPE? Either I don't see why WinPE is used for, or I'm missing something here... * Dit e-mail bericht inclusief eventuele ingesloten bestanden kan informatie bevatten die vertrouwelijk is en/of beschermd door intellectuele eigendomsrechten. Dit bericht is uitsluitend bestemd voor de geadresseerde(n). Elk gebruik van de informatie vervat in dit bericht (waaronder de volledige of gedeeltelijke reproductie of verspreiding onder elke vorm) door andere personen dan de geadresseerde(n) is verboden. Indien u dit bericht per vergissing heeft ontvangen, gelieve de afzender hiervan te verwittigen en dit bericht te verwijderen. This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the addressees. Any use of the information contained herein (including but not limited to total or partial reproduction or distribution in any form) by other persons than the addressees is prohibited. If you have received this e-mail in error, please notify the sender and delete its contents. *
RE: [ActiveDir] AD Backup
Yeah, I wish Welcome to MD could I take your order please? Could I get a mail system to go and hold the spam... -Original Message- From: Andy David [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 8:06 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Backup So does McDonalds. -Original Message- From: David Precht [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 6:10 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Backup nah... but they do make almost everything --- Rick Kingslan [EMAIL PROTECTED] wrote: But, David - why not : http://www.smallwonders.com/activedirsolutions.htm Or, as suggested here in the past, do you get kickbacks from Sunbelt?? Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Precht Sent: Tuesday, May 27, 2003 7:04 AM To: [EMAIL PROTECTED] http://www.sunbelt-software.com/product.cfm?id=785 Active Administrator --- zhaohu [EMAIL PROTECTED] wrote: does anyone konw what is the best way to backup and resume AD? thanks very much:) List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Program that gives folder rights
Showacls resource kit utility pipe to a text file Cacls pipe to a text file Xcacls pipe to a text file -Original Message- From: Burns, Clyde [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2003 2:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Program that gives folder rights Security Explorer from www.smallwonders.com might be something you want to look at. They have a demo on the site you can download after filling out a marketing survey. Clyde Burns -Original Message- From: Jennifer Fountain [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2003 2:45 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Program that gives folder rights Does anyone know of a tool that will display security (file) rights for multiple folders? Thank you Jenn Fountain List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Remove a Local Security Template
Title: Message I opened the security template xx.inf and made a batch file to undo or remove additions and modifications made by the template. Thanks to everyone for the responses -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2003 9:14 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Remove a Local Security Template Folks, Don't forget - security templates make more than just changes to registry. You can affect group memberships via the restricted groups, permission on services, permissions on registry, added registry entries, permissions on NTFS, blah, blah, blah. Oh, and if you implemented any of the 10 or so suggested TCP/IP registry settings to further secure TCP/IP, those aren't reversed either. None of this is going to be affected by simply purging a .SDB and log file and refreshing the 'current' settings. As these were additions TO the current, the current doesn't know anything about them. The only way to reverse them is to track your changes with a change control procedure. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Friday, March 07, 2003 3:42 PMTo: [EMAIL PROTECTED] What about the registry changes the original template applied? I don't think this would get it Thanks though -Original Message-From: John Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2003 3:26 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Remove a Local Security TemplateYou can delete the security.sdb file out of \\Winnt\security\database directory. You then run secedit /refreshpolicy {policy type}. We had good luck using this on Win2000 workstations to flush a local policy that had been created on them. [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/07/2003 01:49 PM Please respond to[EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject [ActiveDir] Remove a Local Security Template Does anyone know of a way to remove a Local Security Template and return the box to "Gold"? (W2K server) Shawn Hayes, MCSE Network Engineer Compass Technology Management Sound Business Sense for IT www.compass.net 757.226.3328
[ActiveDir] Remove a Local Security Template
Title: Remove a Local Security Template Does anyone know of a way to remove a Local Security Template and return the box to Gold? (W2K server) Shawn Hayes, MCSE Network Engineer Compass Technology Management Sound Business Sense for IT www.compass.net 757.226.3328
RE: [ActiveDir] Remove a Local Security Template
Title: Message What about the registry changes the original template applied? I don't think this would get it Thanks though -Original Message-From: John Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2003 3:26 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Remove a Local Security TemplateYou can delete the security.sdb file out of \\Winnt\security\database directory. You then run secedit /refreshpolicy {policy type}. We had good luck using this on Win2000 workstations to flush a local policy that had been created on them. [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/07/2003 01:49 PM Please respond to[EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject [ActiveDir] Remove a Local Security Template Does anyone know of a way to remove a Local Security Template and return the box to "Gold"? (W2K server) Shawn Hayes, MCSE Network Engineer Compass Technology Management Sound Business Sense for IT www.compass.net 757.226.3328
RE: RE: [ActiveDir] Issue with loging
Fault tolerance will come from multiple domain controllers in the same domain -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 2:07 PM To: '[EMAIL PROTECTED]' Subject: RE: RE: [ActiveDir] Issue with loging That's not how it works. You can only be authenticated by a DC in the domain in which your account exists. Parent (or any other domain, for that matter) domains in the forest cannot authenticate for other domains. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Brahim Bouchaiba [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 9:41 AM To: [EMAIL PROTECTED] Subject: Re: RE: [ActiveDir] Issue with loging Sorry ,but I'm still confused .There is an automatic trust between the parent DC and the child DC .So if the child went down and the parent DC is up ,users from the child DC should be able to logon to the parent ???otherwise where is the fault tolerance. [EMAIL PROTECTED] writes: That's a misunderstanding - the parent domain's DCs (or DC in any other domain) will only know parts of the attributes of the other domains in a forest. These are stored in the Global Catalog (stores a partial attribute set). This is good to query for data in AD, but not for logon. The PW of a user and other things (like Domain Local Group memberships) are only stored on the DC of the domain a user belongs to - thus at least one DC of the domain where you want to logon needs to be available. /Guido -Original Message- From: Brahim Bouchaiba [mailto:[EMAIL PROTECTED]] Sent: Montag, 10. Februar 2003 20:55 To: [EMAIL PROTECTED] Subject: [ActiveDir] Issue with loging Hello We thinking about migrating to the active directory ,So I set up lab test for it.I have one issue so far .I have one parent domain and it's child .To test the fault tolerance i brought the child domain down .Then I tried to login to the parent domain with one of the user name from the child domain.So far i can't .According to microsoft the parent domain should know about all the users and their credentials on it's child domain.But it's not working fro me.Any help will be great .thanks Brahim Bouchaiba Network administrator Information technology 617-7359720 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: OWA was unable to get your inbox
I think the answer to your problem is spelled out in the bottom of a Budweiser Light :-) -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, February 07, 2003 3:28 PM To: ActiveDir (E-mail) Subject: [ActiveDir] OT: OWA was unable to get your inbox Importance: High Hello everyone, I truly hate this error message. According to MS this problem should not exist, but it does. I have users that get created in AD and then get replicated by the ADC from Exchange 2000 SP3 CD to Exchange 5.5 SP4. Some time passes once the user account is created and suddenly the users permissions in Exchange are changed from the role of user to Custom and the mailbox owner box is unchecked. Now what I have noticed is that once I fix it, by clicking Mailbox Owner in the exchange properties, it usually goes away. When this problem happens the user can't access Outlook or OWA. Once fixed they should go back, well I have a user that couldn't get into either and I checked the properties and there it is, Mailbox Owner is unchecked on this newly created account. About a day old. I check the box and now the user can access Outlook with no problems, but OWA gets the following error. OWA is unable to get your inbox. I have checked on the TechNet site and on the Internet for help on this. I have looked at Q248081 and made the change to the registry key ProfileMemMaxSize to a value of 0x4000. I have stopped and started IIS. I have tried typing in the exchange alias, the full e-mail address and the users first and last name in the logon box of the http://servername.mydomain.com/exchange http://servername.mydomain.com/exchange site. I type in the user name and password, I even tried specifying the domain and all I get is this error. So the error is not an ambiguous name, it is not a proxy issue since I don't connect over a proxy server. I simply don't know the answer to this. Can someone please help me. Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory - Windows Server 2003
yes -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 1:58 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Active Directory - Windows Server 2003 Is windows 2003 Windows .NET?? -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 12:05 PM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] Active Directory - Windows Server 2003 I've been running it in a lab environment for several months. The AD in WS2K3 is fundamentally as it was in W2K, with some notable improvements in the KCC (reduced computation needed for topology calculation), replication (value replication instead of attribute replication for certain attributes), and multi-forest support (cross forest trust). A nice security improvement is that anonymous users by default have no access and therefore can't mount DOS attacks on AD. Supposedly the overall performance of AD has been improved, but I haven't assessed that. There are improvements in some of the AD-related admin tools as well. Summary: notable but not revolutionary improvements. The upgrade path is fairly low friction, so I'd feel pretty comfortable starting deployment of WS2K3 when it ships. -gil -Original Message- From: Clifford Airhart [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 9:43 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory - Windows Server 2003 Hello Everyone! With the new version of Windows Server 2003 there's a new version of Active Directory. It seems to have some more features than the Windows2000 Active Directory. Windows Server 2003 is due to be released in April. Has anyone tested, implemented, or researched this version and found it much better than Windows2000 version? Thanks in advance your advice and input! Cliff Airhart Answer Financial Inc. Senior Systems Administrator - Server Support / eBusiness [EMAIL PROTECTED] 818.644.4225 We answer to you. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Minimum permission to Monitor AD
Title: Minimum permission to Monitor AD Does anyone know what the minimum permissions an account would need to successfully monitor AD replication using Replmon or any application for that matter? Shawn Hayes, MCSE Network Engineer Compass Technology Management Sound Business Sense for IT www.compass.net 757.226.3328
RE: [ActiveDir] Protocols Required
And the two Exchange servers are in the same Windows site and Exchange site? -Original Message- From: Andy David [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 11:31 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required So after you moved their mailboxes no one was able to access their mailboxes w/o recreating their Outlook profile to point to the new server? Im missing something here. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 10:23 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required I know that, I just want to know if that request for the change still occurs over port 135, I had a site that did not have outlook automatically reconfigure after 3 weeks of the old server being up. DNS was right and so was WINS. -Original Message- From: Andy David [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:42 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] Protocols Required You need to leave the first server up in order for mapi to work its magic. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:28 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required When you move a mailbox to another server, Outlook will automatically change the server defined in the local profile. -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:25 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Protocols Required Justin, I'm not sure what you mean by 'reconfiguring the server in the local profile'? The requirement *is* to communicate over port 135. Outlook cannot just arbitrarilly decide to communicate over another port to support this - hence it cannot automatically reconfigure itself. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Salandra, Justin A. Sent: Thursday, January 09, 2003 8:00 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required What would prevent Mapi Outlook clients from automatically reconfiguring the server in the local profile? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:01 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required No. Something needs to point it to the correct ports. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 3:26 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required Would Outlook 2000 still function if port 135 is bocked? Meaning that the user can still use outlook for outlook will never automatically reconfigure itself? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 3:25 PM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] Protocols Required Needs RPC end point mapper (135) and then the ports for DS and IS. Seeing as those default to being randomly assigned, you're in trouble. Read the FAQ on how to assign static ports to the services. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 3:18 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required Sorry, I need to know about outlook 2000 and exchange 5.5 communications -Original Message- From: Weston Rogers [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 3:08 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Protocols Required Maybe this will help? http://support.microsoft.com/default.aspx?scid=kb;en-us;278339 -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 2:49 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Protocols Required Importance: High Hello everyone, I really need some help on this subject. Does everyone here know that when you move a mailbox in exchange to another mailbox in the same organization
RE: [ActiveDir] Protocols Required
Outlook will send a request from a high port on the local machine to port 135 on the Exchange server. The Exchange server will listen on Port 135 and respond on some high port. TCP/IP communication -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 11:35 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required You don't seem to be listening. The RPC endpoint mapper, which is what runs on port 135, is an initial connection point for ALL RPC traffic. That's the port used to negotiate the actual connections. All MAPI connections are RPC. What do you think the answer is? -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:46 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required Right, so does outlook still communicate over port 135 to change the server -Original Message- From: Carey, Greg [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:34 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Protocols Required With the caveat that the old mail store remains up until the client connects. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:28 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required When you move a mailbox to another server, Outlook will automatically change the server defined in the local profile. -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:25 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Protocols Required Justin, I'm not sure what you mean by 'reconfiguring the server in the local profile'? The requirement *is* to communicate over port 135. Outlook cannot just arbitrarilly decide to communicate over another port to support this - hence it cannot automatically reconfigure itself. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Salandra, Justin A. Sent: Thursday, January 09, 2003 8:00 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required What would prevent Mapi Outlook clients from automatically reconfiguring the server in the local profile? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 9:01 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] Protocols Required No. Something needs to point it to the correct ports. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 3:26 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required Would Outlook 2000 still function if port 135 is bocked? Meaning that the user can still use outlook for outlook will never automatically reconfigure itself? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 3:25 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required Needs RPC end point mapper (135) and then the ports for DS and IS. Seeing as those default to being randomly assigned, you're in trouble. Read the FAQ on how to assign static ports to the services. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 3:18 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required Sorry, I need to know about outlook 2000 and exchange 5.5 communications -Original Message- From: Weston Rogers [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 3:08 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Protocols Required Maybe this will help? http://support.microsoft.com/default.aspx?scid=kb;en-us;278339 -Original Message-
RE: [ActiveDir] Protocols Required
As I understand it, Outlook MAPI calls are RPC based and of course if you are using POP3 port 110 -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 3:18 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Protocols Required Sorry, I need to know about outlook 2000 and exchange 5.5 communications -Original Message- From: Weston Rogers [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 3:08 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] Protocols Required Maybe this will help? http://support.microsoft.com/default.aspx?scid=kb;en-us;278339 -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 2:49 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Protocols Required Importance: High Hello everyone, I really need some help on this subject. Does everyone here know that when you move a mailbox in exchange to another mailbox in the same organization the outlook 2000 client automatically reconfigures the mail server setting on the profile to allow the client to contact the correct mail server where that mailbox now resides. My question is what are the protocols needed by the client in order for that to occur and the ports associated with them. I believe it is NetBIOS Broadcast calls and RPC but I am not sure. Also what protocols and ports are needed in order to have proper communication between client and server when it comes to exchange. Thanks for your help. Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Lab
Title: Message did you make this box a GC server? -Original Message-From: Garello, Kenneth [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 4:36 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] AD Lab Have you set that server as a GC? -Original Message-From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 3:09 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] AD Lab Has anyone setup a AD Lab and had Global Catalog problems? I installed aBDCon the productionnetwork, disconnectit from the production and connected it to the lab network. Seize the FSMO roles. I'm able to join the domain but,I'm receiving"Unable toestablishconnection with a GC. Any suggestion would be great.
RE: [ActiveDir] AD attributes
Title: Message ADSIEdit - User Display Names: Configuration container DisplaySpecifiers CN=409 CN-user-Display createDialog - specify your display value we use %sn,%givenNameequates to Last, First Contact Display names: Configuration container DisplaySpecifiers CN=409 CN-Contact-Display createDialog -Original Message-From: John Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 9:17 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] AD attributesI am trying to change the way accounts in AD are displayed after creation. Currently the display name automatically uses the First,Initial, Last name. I am trying to set the property to make it use the logon name by default and am having some problems. I can make it use only the first name or only the last name, but have not figured out how to make it use the logon name. I am making my changes uses ADSI Edit and modifying the createdialog attribute. I tried adding the samrename key under HKLM/System/CCS/Services/MSDSS/Parameters, but this did not work. I know there is an AD guru on this list that can answer this. Thanks John Hicks | KEMET Electronics Corporation | Network EngineerPhone: 864-228-4473 | E-mail: [EMAIL PROTECTED] | AOL IM: ipaq1978[ Mailing: 2835 KEMET Way Simpsonville, SC 29681 USA ]
RE: [ActiveDir] AD attributes
Title: Message oops I read the thread and you already know this -Original Message-From: Hayes, Shawn Sent: Friday, December 20, 2002 9:40 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD attributes ADSIEdit - User Display Names: Configuration container DisplaySpecifiers CN=409 CN-user-Display createDialog - specify your display value we use %sn,%givenNameequates to Last, First Contact Display names: Configuration container DisplaySpecifiers CN=409 CN-Contact-Display createDialog -Original Message-From: John Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 9:17 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] AD attributesI am trying to change the way accounts in AD are displayed after creation. Currently the display name automatically uses the First,Initial, Last name. I am trying to set the property to make it use the logon name by default and am having some problems. I can make it use only the first name or only the last name, but have not figured out how to make it use the logon name. I am making my changes uses ADSI Edit and modifying the createdialog attribute. I tried adding the samrename key under HKLM/System/CCS/Services/MSDSS/Parameters, but this did not work. I know there is an AD guru on this list that can answer this. Thanks John Hicks | KEMET Electronics Corporation | Network EngineerPhone: 864-228-4473 | E-mail: [EMAIL PROTECTED] | AOL IM: ipaq1978[ Mailing: 2835 KEMET Way Simpsonville, SC 29681 USA ]
RE: [ActiveDir] Root domain naming
Title: Message That is the only reason I have heard that may make it worth the extra $10 bucks a year to register your name. Wouldn't this have also been the case if you merged with a company with the same NetBIOS name in NT 4.0? What is the probability of this happening? -Original Message-From: Hutchins, Mike [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 12:12 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Root domain naming If you ever (never say never) merge with someone else and they have the same forest name, you are hosified... We used root01.org and registered it. No ns records for it anywhere. no conflicts.. -Original Message-From: Brad Martin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 10:10 AMTo: Active Directory Mailing ListSubject: [ActiveDir] Root domain naming Im in the middle of having an argument with the IT manager about the top-level domain name for our new A.D. deployment. The manager wants to use a nonstandard name for the domain (ie. Dc1.domain.gd) for the root domain. My position, which Ive read a number of places, is that we should use a standard, registered, name for the root. The managers contention is that this domain will never be live on the Net and so we can do whatever we want. As I said, Ive always read that you should use a registered name as your root, even if you arent going to be live, but there are never reasons given why this is good. What reasons should I go back to my manager with? Brad Martin
RE: [ActiveDir] Little Questions
We use Norton Antivirus for Gateways version 2.something. They have a newer version 3.0 that will allow spam filtering by sender name and/or spam lists(Spam lists by subscription $$$ from Mail Abuse Prevention systems, L.L.C). I also use this product to block attachments :-) -Original Message- From: Dave Kinnamon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 2:45 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Little Questions Shawn, Any recommendations on a SMTP getway scanner (hardware or software) ? Dave K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 12:29 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Little Questions Exchange Antivirus on both mail servers if your Exchange antivirus product is scanning the information store (your on Exchange 5.5 I believe). You need coverage on your Exchange servers for internal messaging (messages not originating from the Internet). There are two virus scanning API's for Exchange 5.5, MAPI and VAPI. VAPI will scan message as they enter the information store and MAPI will scan messages as the user accesses them in the information store. Choose a product that will scan using either or a combination of both interfaces. We use a SMTP gateway scanner to scan mail as it enters the company. This box forwards mail to our Exchange Organization. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 10:30 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Little Questions Hello everyone, I have some little questions. If you have two exchange servers do you need to have Exchange Antivirus on both or just the server with the Internet Mail Connector on it? Having a Exchange server in a forest root and an exchange server in a child domain, the exchange server in the child domain requires what kind of admin access? Does the server need to utilize the admin account from the child domain or the forest root? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Native Mode ?
Title: Message mike is wrong, neither need to be in native mode -Original Message-From: Hutchins, Mike [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 11:31 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Native Mode ? The domain with E2K in it must be Native, yes. The forest need not be. -Original Message-From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 9:27 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Native Mode ? In the testing stages of migrating from Exchange 5.5 to 2000. Do you HAVE to be in native mode in AD before migrating? Thanks, Don L Murawski Sr. Network Administrator - MCSE 4.0, 2000 WorldTravel BTI 1055 Lenox Park Blvd Suite 420 Atlanta, GA 30319 Phone: (404) 923-9468 Fax: (404) 949-6710 Cell: (678) 549-1264
RE: [ActiveDir] Native Mode ?
Title: Message We have a native mode Exchange Organization in a mixed mode domain. -Original Message-From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 2:34 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Native Mode ? You cant go to native mode Exchange 2k unless you are in native mode in win 2k, at least that is what I heard. -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED]]Sent: Thursday, December 12, 2002 12:11 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Native Mode ? No you do not Native Exchange 2K and Native Win2K are two different things buddy. Do your upgrade - go to NATIVE Exchange mode - - then when youre finished bringing all your PDC up to AD go NATIVE on AD -Original Message-From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 11:27 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Native Mode ? In the testing stages of migrating from Exchange 5.5 to 2000. Do you HAVE to be in native mode in AD before migrating? Thanks, Don L Murawski Sr. Network Administrator - MCSE 4.0, 2000 WorldTravel BTI 1055 Lenox Park Blvd Suite 420 Atlanta, GA 30319 Phone: (404) 923-9468 Fax: (404) 949-6710 Cell: (678) 549-1264
RE: [ActiveDir] AD upgrade DNS namespace questions.
I have done 5 enterprise sized production installations/implementations of AD and have always used the .local dns suffix. AD's DNS does not need to be globally routable. Example: NetBIOS domain name of ThanksBill DNS domain name of ThanksBill.local Internal DNS (unregistered DNS) and External DNS (your registered DNS name) are then maintained in separate zones (Internal never to be replicated outside your network). My internal clients are assigned the internal zone as the primary DNS suffix through DHCP (done manually for static IPs) and I add the external DNS zone as an alternate search suffix. Intranet sites are registered in the non registered zone intranet.thanksbill.local and internet sites are registered in the registered DNS zone www.thanksbill.com If you were hosting your own registered DNS zone and maintained it on you internal network letting TCP and UDP port 53 pass through your PIX this setup would keep the AD DNS and Registered DNS zones separate.a good thing indeed. I would never recommend allowing any traffic to pass into your internal network, this was just an example. I would host my registered DNS in a perimeter zone (DMZ for those of use not in Korea) and maintain my MX and Internet records separate from my internal DNS servers. I am sure others have a more articulate explanation, but I think you are on the right track. -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 05, 2002 2:32 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] AD upgrade DNS namespace questions. We are planning to upgrade our single NT domain to AD and I want to make sure I understand about how we will name the domain. Currently our NT domain name is SSD_DOMAIN0 (yeah, I know. I was handed it) and our registered domain name is santee.k12.ca.us. We are NAT'd behind a PIX and using 10. private address and only need our website and Exchange (5.5) visable to the internet. As I understand it, when I run the Win2k upgrade I will be asked for the FQDN, I assume that I should use santee.k12.ca.us, right. If I do, how will this affect our downlevel (we still have W9x) clients. I've read that I shouldn't use your registered DNS name for the AD, something like ssd.santee.k12.ca.us. Any advice on this subject would be appreciated. TIA Jim Busick Database Network Analyst MCSE Santee School District Santee, CA 92071 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] System State
On Domain Controllers as I understand it. -Original Message- From: Carlos Magalhaes [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 4:10 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] System State Is it true that you cant restore from a system state back up that is older than 60 days. Regards, Carlos Magalhaes - This email and any files transmitted are confidential and intended solely for the use of the individual or entity to which they are addressed, whose privacy should be respected. Any views or opinions are solely those of the author and do not necessarily represent those of the Trencor Group, or any of its representatives, unless specifically stated. Email transmission cannot be guaranteed to be secure, error free or without virus contamination. The sender therefore accepts no liability for any errors or omissions in the contents of this message, nor for any virus infection that might result from opening this message. Trencor is not responsible in the event of any third party interception of this email. If you have received this email in error please notify [EMAIL PROTECTED] For more information about Trencor, visit www.trencor.net http://www.trencor.net List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADC and Exch 5.5
Domain Level Policies regulate containers, but you can't apply a GPO directly to a container. -Original Message- From: Andries Thijssen [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 8:31 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADC and Exch 5.5 One I can think of: by default you cannot put any group policies on a container. Don't know whether that can be changed as well. Andries -Original Message- From: Andy Grafton [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 1:49 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADC and Exch 5.5 Rick the question is also... why wouldn't you? If you step back and look... There's a nice object called Users which you kinda need and has Users in it anyhow. Why not use it to house OUs to help you organise other users? Its not enabled by default, so would one go to the trouble of making a [very simple] Schema change to make it happen, rather than just making a different OU? Who knows? There's no accounting for mindset, and perhaps the schema change was done by someone else before this administrator took over, so they're not aware that it can't be done? I've had to point out more than once to budding admins that a) the Users don't *have* to be in the Users container and b) that the users they can't find actually reside somewhere down the tree in \\department\nightmareAdminsFromHell\users. Its not a chore to get them to understand, but the point is that they needed to be told. Seems that placement is a matter of opinion, so my question would be... Are there any technical reasons why you shouldn't create OUs under the Users container? All the best, Andy (Just made some pretty dumb workarounds in AD for a customer, but if thats how they want it...) - Original Message - From: Rick Kingslan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 19, 2002 4:11 AM Subject: RE: [ActiveDir] ADC and Exch 5.5 Yep - sure did, Karen. And, as Linton points out, you *CAN* do it Question is, as we all seem to agree, why *WOULD* you? :-) Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dryden, Karen Sent: Monday, November 18, 2002 9:07 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADC and Exch 5.5 Sorry, I wasn't really thinking about the OU in particular since we wouldn't want to create OUs under the User container either, but his note did say: All W2K user accounts are placed in multiple OUs that reside in the Users container -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 9:04 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADC and Exch 5.5 Linton, Yep - I've seen this. However - For the record - I'm with you. Why, truly, would you want to? Thanks much! Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Linton Smith (WBTQ) Sent: Monday, November 18, 2002 7:56 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADC and Exch 5.5 Hi Rick, A schema update allows this. See Q224377. Not sure why I'd bother, however. Linton -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 8:49 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADC and Exch 5.5 Nope - that's not the point. The Users Container is just that - a container. It's not an AD Object, per se. You cannot create OUs under it. If I'm mistaken, please tell me how. I'm able to err - and quick to admit it. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dryden, Karen Sent: Monday, November 18, 2002 7:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADC and Exch 5.5 If your sub-OUs already reside under the users container and ALL of your mailboxes (or user objects) are in those OUs, the CA will match them up, not create new OUs. At least that's the way it works here. -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 7:40 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADC and Exch 5.5 Dave, Justin - Hold the show here for just a second. Let me see if I understand what you're stating here. You're going to CREATE OUs *under* the USERS Container? Or, if the CA is created in one scenario, OUs will be created *under* the USERS container?
[ActiveDir] Disabled Computer Accounts
Title: Disabled Computer Accounts I have disabled computer accounts in the computers container. Can anyone tell me how, without manually disabling them they became disabled. We upgraded an NT4 domain this past weekend and I thought it peculiar that I see disabled computer accounts. Shawn Hayes MCSE_2000, MCSE_NT4 Network Engineer Compass Technology Management Sound Business Sense for IT www.compass.net 757.226.3328
[ActiveDir] LDAP Queries
Title: LDAP Queries I am looking for some good references for writing LDAP queries to access AD. Any suggestions?
RE: [ActiveDir] netbios domain name / dns domain name
Gets confusing when your host name and your NetBIOS names for the same machine are different. Wins resolves NetBIOSDNS for host names (of course you can add STATIC entries in WINS for the host name and an alias in DNS for the NetBIOS name, but why would you?) I am with Justin on this one, keep them the same for ease of management. -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Thursday, November 14, 2002 4:28 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] netbios domain name / dns domain name I like to keep them the same name -Original Message- From: Graham Turner [mailto:gturner;ipcomputers.demon.co.uk] Sent: Thursday, November 14, 2002 4:16 PM To: [EMAIL PROTECTED] Subject:[ActiveDir] netbios domain name / dns domain name I know MS tell us that is a supported configuration whereby the downlevel NetBIOS name is different from the leftmost label of the fully qualified dns name however there seems to be the odd instance of issue when this is not the case. Would be glad for other people's views / experiences on this. GT List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Exchange install
Title: Message No it does not, but it is recommended because Exchange Enterprise gives you clustering capabilities which you can not utilize with regular server. -Original Message-From: Parker, Edward [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 13, 2002 12:30 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: Exchange install Not to install Exchange Server Exchange Enterprise Server requires Adv Server -Original Message-From: Sheri Brown [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 13, 2002 11:26 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] OT: Exchange install Do you have to have Windows 2000 Advanced Server to install Exchange? Sheri L. Brown, Systems Administrator CSD Headquarters -- Technology Department 102 North Krohn Place Sioux Falls, SD 57103 (605) 367-5760 ext 3202 [EMAIL PROTECTED]
RE: [ActiveDir] Logging Logins...
Turn on Auditing for successful logons -Original Message- From: Rick Coloccia [mailto:coloccia;geneseo.edu] Sent: Wednesday, November 13, 2002 2:29 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Logging Logins... Hi Everyone- I'm hoping someone has a suggestion for me: I want to log every time someone authenticates against my ad and from what machine (ip address name) they authenticated from. Any suggestions? I don't really know where or how to start pursuing this... Thanks! -Rick -- Rick Coloccia Network Analyst SUNY Geneseo 119 South Hall 1 College Circle Geneseo, NY 14454 Voice: (585) 245-5577 Fax:(585) 245-5579 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Exchange -1018 Error
8.5 and Exchange 2000 -Original Message- From: Andy David [mailto:DavidA;veronissuhler.com] Sent: Tuesday, November 12, 2002 12:47 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: Exchange -1018 Error What version are using? I run differential file backups every weekday along with full Exchange backups in the same job w/o issue. -Original Message- From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net] Sent: Tuesday, November 12, 2002 10:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Exchange -1018 Error What backup product are you using? Backup Exec gave us this problem. We had to set up a separate backup job for Exchange specifying a Full backup and commit logs. When Exchange was part of a differential backup, even though the Exchange portion of the backup job was specified as a full backup and commit logs, the logs were not committed. -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Tuesday, November 12, 2002 10:01 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: Exchange -1018 Error This is the wiered thing, all users are working fine and no one is having any problems. The only thing that is not working correctly is that the full backups of the server are not committing the logs to the database. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Tuesday, November 12, 2002 9:37 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] OT: Exchange -1018 Error Justin, I want to go on record as saying that no, SP3 did NOT cause these errors - at least in my experience with our farm of Exchange 2k servers and Exchange 5.5 servers. The only time that we have seen this has been due to a severe corruption of the database (specifically .edb) and a restore to another system and reset of profiles on the user end was the quickest way to resolve. However, I am with Roger - we may be smart folks who give good advice, but I have believe you have a number of folks greatly impacted by this outage. Why would one spend money with PSS (or get the advice for free, even) then wait to implement the fix. This, given the fact that every one of the error messages led to the same conclusion and fix? I'd get your most recent GOOD backup and start restoring. Your users are going to appreciate it. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Tuesday, November 12, 2002 8:25 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: Exchange -1018 Error David I have already looked at these but thank you -Original Message- From: David N. Precht [mailto:discussions;entrysecurity.com] Sent: Tuesday, November 12, 2002 9:19 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Exchange -1018 Error http://www.eventid.net/display.asp?eventid=116source= http://www.eventid.net/display.asp?eventid=118source= http://www.eventid.net/display.asp?eventid=200source= -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Tuesday, November 12, 2002 08:59 To: ActiveDir (E-mail) Subject: [ActiveDir] OT: Exchange -1018 Error Hello everyone, I know this is off topic but you guys and girls always give good advice. I have been getting event Ids 116, 118 and 200 a lot in my application log. The chain of events went like this I installed SP3 for W2K The next day the Exchange Database went through some type of conversion and logged Event ID 174 hundreds of times (Table/Column/Index Definintions) On that same day one of my Hard Drives in my RAID 5 Config failed, I replaced it 3 days later Since then every time the online maintenance on the exchange database ran it logged a Database Page Cache error (Event ID 116 and 118 and 200) And now ArcServe cannot backup the database fully and commit the logs to the database so I now have 500 log files in my mdbdata directory. MS Support wants me to restore from the day the HD failed after I rename the mdbdata directory and create a new one. Then they want me to copy in all the log files and wait for the log files to replay into the database. The only other option is to do a eseutil or build a new server and migrate everyone over. Have any of you done what MS is recommending? Do any of you feel that this is the way to go? Does anyone know what would of caused these errors, was it SP3 or was it the HD Failure? Any help is appreciated Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:jasalandra;chcsnet.org List info : http://www.activedir.org/mail_list.htm
RE: [ActiveDir] OT: Exchange -1018 Error
Roger, I don't think you read the last message completely. Exchange was set to do a Full backup and Flush the logs, but that job specification was part of a file system differential job. -Original Message- From: Roger Seielstad [mailto:roger.seielstad;inovis.com] Sent: Tuesday, November 12, 2002 12:51 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: Exchange -1018 Error That is correct - logs don't get flushed unless you do a full backup, not a differential. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net] Sent: Tuesday, November 12, 2002 10:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Exchange -1018 Error What backup product are you using? Backup Exec gave us this problem. We had to set up a separate backup job for Exchange specifying a Full backup and commit logs. When Exchange was part of a differential backup, even though the Exchange portion of the backup job was specified as a full backup and commit logs, the logs were not committed. -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Tuesday, November 12, 2002 10:01 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: Exchange -1018 Error This is the wiered thing, all users are working fine and no one is having any problems. The only thing that is not working correctly is that the full backups of the server are not committing the logs to the database. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Tuesday, November 12, 2002 9:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Exchange -1018 Error Justin, I want to go on record as saying that no, SP3 did NOT cause these errors - at least in my experience with our farm of Exchange 2k servers and Exchange 5.5 servers. The only time that we have seen this has been due to a severe corruption of the database (specifically .edb) and a restore to another system and reset of profiles on the user end was the quickest way to resolve. However, I am with Roger - we may be smart folks who give good advice, but I have believe you have a number of folks greatly impacted by this outage. Why would one spend money with PSS (or get the advice for free, even) then wait to implement the fix. This, given the fact that every one of the error messages led to the same conclusion and fix? I'd get your most recent GOOD backup and start restoring. Your users are going to appreciate it. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Tuesday, November 12, 2002 8:25 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: Exchange -1018 Error David I have already looked at these but thank you -Original Message- From: David N. Precht [mailto:discussions;entrysecurity.com] Sent: Tuesday, November 12, 2002 9:19 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] OT: Exchange -1018 Error http://www.eventid.net/display.asp?eventid=116source= http://www.eventid.net/display.asp?eventid=118source= http://www.eventid.net/display.asp?eventid=200source= -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Tuesday, November 12, 2002 08:59 To: ActiveDir (E-mail) Subject: [ActiveDir] OT: Exchange -1018 Error Hello everyone, I know this is off topic but you guys and girls always give good advice. I have been getting event Ids 116, 118 and 200 a lot in my application log. The chain of events went like this I installed SP3 for W2K The next day the Exchange Database went through some type of conversion and logged Event ID 174 hundreds of times (Table/Column/Index Definintions) On that same day one of my Hard Drives in my RAID 5 Config failed, I replaced it 3 days later Since then every time the online maintenance on the exchange database ran it logged a Database Page Cache error (Event ID 116 and 118 and 200) And now ArcServe cannot backup the database fully and commit the logs to the database so I now have 500 log files in my mdbdata directory. MS Support wants me to restore from the day the HD failed after I rename the mdbdata directory and create a new one. Then they want me to copy in all the log files and wait for the log files to replay into the database. The only other option is to do a eseutil or build a new server and migrate everyone over. Have any of
RE: [ActiveDir] Question about Active Directory
Diane did this server have any FSMOs you had to move or was it a Global Catalog Server? -Original Message- From: Ayers, Diane [mailto:DMA8;pge.com] Sent: Tuesday, November 12, 2002 2:58 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Question about Active Directory Very early in our AD deployment we had one server reporting AD corruption. The other servers were OK. We simply demoted the server, waited for replication so that the server was removed from AD and re-promoted the server. At this point it got a new copy of the database and problem solved. Not that this would work for everyone due to band width, etc, but seemed to work for us. Diane -Original Message- From: Tim HInes [mailto:nupe009;carolina.rr.com] Sent: Tuesday, November 12, 2002 11:42 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Question about Active Directory Yes it can. It is sometimes possible to repair it with ntdsutil or esentutl. see http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q315131 and http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q305500 Tim Hines, MCSA, MCSE (2000 NT4) MVP - Active Directory - Original Message - From: Eric [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 12, 2002 2:29 PM Subject: [ActiveDir] Question about Active Directory Can AD become corrupted? If so, can it be fixed with anything other than restoring from backup? Eric Etheredge, MCDBA Systems Manager Office of the Standing Trustee Walter O'Cheskey, Trustee Lubbock, Texas Trustee's Website: www.ch13-12westtex.org Case Information Website: www.trustee13.com This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Remove DC from Domain
Use Ntdsutil and remove all references from DNS -Original Message- From: Garello, Kenneth [mailto:KGarello;worcester.edu] Sent: Thursday, October 31, 2002 1:21 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Remove DC from Domain Is there a proper way of removing a DC from a domain? Since I have done it improperly, I have computers left in the Domain controller group that do not exist anymore. Thanks, Ken List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Compaq Servers
Insight Manager if the Insight Agents are loaded on the server -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Wednesday, October 30, 2002 10:53 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT: Compaq Servers Does anyone know how to retrieve a Serial Number from a Compaq server remotely Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:jasalandra;chcsnet.org List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Compaq Servers
A person will have to walk over to the server to read the Serial Number of the tag. -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Wednesday, October 30, 2002 11:04 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: Compaq Servers That is not loaded -Original Message- From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net] Sent: Wednesday, October 30, 2002 10:58 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] OT: Compaq Servers Insight Manager if the Insight Agents are loaded on the server -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Wednesday, October 30, 2002 10:53 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT: Compaq Servers Does anyone know how to retrieve a Serial Number from a Compaq server remotely Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:jasalandra;chcsnet.org List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RAID configuration on DC's
It has been my experience that if your controller fails and you replace the controller with the same controller or a newer controller from the same manufacturer (Compaq of course) then you will not loose your RAID 5 configuration. Compaq creates backward compatibility in their RAID controllers to give the user community an upgrade or technology refresh path. Newer controllers can include Advanced Data Guard which enables the Array to function with two dead drives. You are not sacrificing any recovery options and it is foolish to think so. -Original Message- From: Roger Seielstad [mailto:roger.seielstad;inovis.com] Sent: Tuesday, October 22, 2002 8:13 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] RAID configuration on DC's But you sacrifice all your recovery options. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net] Sent: Friday, October 18, 2002 2:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RAID configuration on DC's And to add to this, if separate logical drives is all your looking for you can create one RAID 5 Array and create 3 logical drives within that array. You will only sacrifice one disk to the array instead of three. -Original Message- From: Hayes, Shawn Sent: Friday, October 18, 2002 1:56 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RAID configuration on DC's Performance gains will be minimal due to the single channel RAID controller. The idea to really increase performance is to have separate arrays on separate RAID channels. You will have separate logical drives, but throughput to the arrays will be limited to a single channel. -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 18, 2002 12:35 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] RAID configuration on DC's The SYSVOL is the folder that contains the NTDS.DIT so they would end up on the same ARRAY. I would do ARRAY 1 OS and Page File ARRAY 2 Transaction Logs ARRAY 3 SYSVOL and NTDS.DIT Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Devan Pala [mailto:dpala;hotmail.com] Sent: Friday, October 18, 2002 12:31 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] RAID configuration on DC's Hello all, I have the option to either build our site domain controllers/ global catalog servers with the following configurations: Array 1 (RAID 1): OS, SYSVOL Page File Array 2 (RAID 1): Transaction Logs Array 3 (RAID 1): Database (NTDS.DIT) OR Array 1 (RAID 1): OS, SYSVOL Page File Array 2 (RAID 5): Transaction Logs Database (NTDS.DIT) Either On-line spare or nothing Currently, I'm more swayed towards the first configuration only to see the benefits of segregating the Logs from the Database. I will be interested in viewing some of your comments. BTW, the server will have 2GB of RAM and a high-end array controller. There is only SCSI channel on this particular server though. Rgds, _ Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Service Packs for Windows 2000
Rick, You are referring to IE5.5 and this discussion is about IE5. This link about how to tell what version of IE you have list a version of IE 5.01 SP3 that is only obtainable with Windows SP3. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q164539 Shawn -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Tuesday, October 22, 2002 9:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Service Packs for Windows 2000 Roger, I agree wholeheartedly. I do, however, believe that if true, it will be on SP4 and later. We had a requirement for a series of fixes be deployed to our production systems for a client application. These fixes were specifically IE 5.5, and were not included in SP3. I haven't yet determined if the fixes were past the 'freeze' point on SP3 or not. (For reference, see Q323759) Sadly, it seems that IE and Windows are developed by radical factions within Microsoft that just don't get along - and worse - don't seem to work too well together. I hope that I'm wrong on this Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Roger Seielstad Sent: Tuesday, October 22, 2002 7:19 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Service Packs for Windows 2000 That's a good thing, if true. IE5 ships installed with Win2k, so the Win2k Updates should include that. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net] Sent: Monday, October 21, 2002 5:17 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Service Packs for Windows 2000 Did I read this or just imagine it? Service Packs and Security Updates for IE 5 will be included with Windows 2000 Service Packs starting with SP3. Shawn Hayes MCSE_2000, MCSE_NT4 Network Engineer Compass Technology Management Sound Business Sense for IT www.compass.net http://www.compass.net 757.226.3328 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RAID configuration on DC's
A three disk RAID 1 - news to me can you send me some literature about it? Would this be a mirror with a spare? Later threads cleared this up, youâre more than a couple of days late. A Mirrored set requires two drives to setup but will run on one if one disk in the mirror fails. -Original Message- From: Roger Seielstad [mailto:roger.seielstad;inovis.com] Sent: Tuesday, October 22, 2002 8:03 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] RAID configuration on DC's BZZZ. Thanks for playing. RAID1 exists with one or more drives. Each additional drive functions as a mirror. There are 3 disk RAID1's, as well. RAID1 with 1 drive = a 2 disk RAID1 with a failed drive. No difference. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net] Sent: Friday, October 18, 2002 2:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RAID configuration on DC's Not at a hardware level RAID. Two and only Two drives -Original Message- From: Robert Moir [mailto:rim;LutonSFC.ac.uk] Sent: Friday, October 18, 2002 2:37 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] RAID configuration on DC's Far as I know, Raid 1 can exist with only one drive too. -Original Message- From: MHR(Michael Ross) [mailto:mhr;panduit.com] Sent: Fri 18/10/2002 18:30 To: '[EMAIL PROTECTED]' Cc: Subject: RE: [ActiveDir] RAID configuration on DC's Personally, Id do all RAID5. I think 100% uptime (RAID5 can exist with 1 failed disk) is better than the small performance gain you get from RAID1 -Original Message- From: Devan Pala [mailto:dpala;hotmail.com] Sent: Friday, October 18, 2002 11:31 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] RAID configuration on DC's Hello all, I have the option to either build our site domain controllers/ global catalog servers with the following configurations: Array 1 (RAID 1): OS, SYSVOL Page File Array 2 (RAID 1): Transaction Logs Array 3 (RAID 1): Database (NTDS.DIT) OR Array 1 (RAID 1): OS, SYSVOL Page File Array 2 (RAID 5): Transaction Logs Database (NTDS.DIT) Either On-line spare or nothing Currently, I'm more swayed towards the first configuration only to see the benefits of segregating the Logs from the Database. I will be interested in viewing some of your comments. BTW, the server will have 2GB of RAM and a high-end array controller. There is only SCSI channel on this particular server though. Rgds, _ Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ .+wí»«íºY驲Pí»«íºr.+j jå·oryæ IVì ¶+v* .+-wÈi0g-í¼´íºº+Yb騲mPií 0ì -í¼´íºº+bï²Úªf.+-j! 0j!èorà¿£yØ«IäV+v* List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ .+-wèÛiÿü0Á§-÷º+ùYb²Øm¸¬´PÛiÿü0Á§-÷º+ùb²×Úªf.+-j·!÷¡¶Úÿ 0¨¥j·!÷¢oÚrدyØ«ãIV¶+Þv*è®
RE: [ActiveDir] RAID Configuration on DC's Part 3
Please explain how you will gain any performance increases when all three of your arrays exist on the same SCSI channel. Seems to me you have a single pipe leading to and from multiple arrays. It is not hard to figure where the bottle neck will be. -Original Message- From: Devan Pala [mailto:dpala;hotmail.com] Sent: Monday, October 21, 2002 4:15 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] RAID Configuration on DC's Part 3 Hi, Thanks for all your replies earlier. Yes, it is true that the server only has 6 drive bays. The array controller has 2 internal and 2 external ports but I can only use one internally since the 6 drive bays only terminate to one SCSI port. (in this particular server). Reason for buying the high-end controller is due to standards and a proven track record in production. Reason for not upgrading the chassis is primarily cost especially in the branch offices, the root and hub-site controllers are and will be configured entirely different, dual array controllers, quad-xeon processors etc. The whole nine yards. The database has been sized and definitely over-engineered for the approx. 2500 users spread over 15 sites in the Americas and Europe. I do understand that read performance for the database will be greater under a Raid 5 (stripe set with parity) config. but that means combining the Logs as well. Therefore, in order to gain both performance and recovery benefits from segregating the OS, Logs and Database to their own spindle sets makes sense over a simple Raid 1 and Raid 5 config. (just as my mate Linton put it). So I'm going with three Raid 1 arrays. Cheers, _ Broadband? Dial-up? Get reliable MSN Internet Access. http://resourcecenter.msn.com/access/plans/default.asp List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Service Packs for Windows 2000
Title: Service Packs for Windows 2000 Did I read this or just imagine it? Service Packs and Security Updates for IE 5 will be included with Windows 2000 Service Packs starting with SP3. Shawn Hayes MCSE_2000, MCSE_NT4 Network Engineer Compass Technology Management Sound Business Sense for IT www.compass.net 757.226.3328
RE: [ActiveDir] RAID configuration on DC's
Not at a hardware level RAID. Two and only Two drives -Original Message- From: Robert Moir [mailto:rim;LutonSFC.ac.uk] Sent: Friday, October 18, 2002 2:37 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] RAID configuration on DC's Far as I know, Raid 1 can exist with only one drive too. -Original Message- From: MHR(Michael Ross) [mailto:mhr;panduit.com] Sent: Fri 18/10/2002 18:30 To: '[EMAIL PROTECTED]' Cc: Subject: RE: [ActiveDir] RAID configuration on DC's Personally, Id do all RAID5. I think 100% uptime (RAID5 can exist with 1 failed disk) is better than the small performance gain you get from RAID1 -Original Message- From: Devan Pala [mailto:dpala;hotmail.com] Sent: Friday, October 18, 2002 11:31 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] RAID configuration on DC's Hello all, I have the option to either build our site domain controllers/ global catalog servers with the following configurations: Array 1 (RAID 1): OS, SYSVOL Page File Array 2 (RAID 1): Transaction Logs Array 3 (RAID 1): Database (NTDS.DIT) OR Array 1 (RAID 1): OS, SYSVOL Page File Array 2 (RAID 5): Transaction Logs Database (NTDS.DIT) Either On-line spare or nothing Currently, I'm more swayed towards the first configuration only to see the benefits of segregating the Logs from the Database. I will be interested in viewing some of your comments. BTW, the server will have 2GB of RAM and a high-end array controller. There is only SCSI channel on this particular server though. Rgds, _ Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ .+wí»«íºY驲Pí»«íºr.+j jå·oryæ IVì ¶+v* â²Ø§~m¶ÿÃrدyØ«¢¸?¨¥+-ÙËEm¶ÿÃrدyØ«¢¸?+-}ª¡¶bâ²Ö«r¯zm§ÿðà V«r¯yÊý§-÷¾4¨¥iËb½çb®à
RE: [ActiveDir] Admin Account Trouble
The by default the administrator account can not be locked out, but there is a utility called passprop from the NT 4 resource kit that will allow you to set the admin account up so it can be locked out * PASSPROP [/complex] [/simple] [/adminlockout] [/noadminlockout] /complexForce passwords to be complex, requiring passwords to be a mix of upper and lowercase letters and numbers or symbols. /simple Allow passwords to be simple. /adminlockout Allow the Administrator account to be locked out. The Administrator account can still log on interactively on domain controllers. /noadminlockout Don't allow the administrator account to be locked out. *** -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 9:59 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Admin Account Trouble I was just replying to the statement of it can't happen. I just don't want folks on the list to see that --- then if they come across it start bombarding you with emails stating Rick - you said the administrator account couldn't get locked out I haven't asked this list for help on this issue mainly because this type of situation is not supposed to happen. I know it's my cross the carry so I didn't want to weigh the group down. -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 9:45 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Admin Account Trouble Craig, I don't doubt you that you've seen it. I can only tell you from MY experience and my education. I, to this day have not seen it - but do not doubt YOU that you've seen it. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Craig Cerino Sent: Monday, September 23, 2002 7:36 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Admin Account Trouble Rick -- that's what I thought but I am here to tell you the built in administrator account can ABSOLUTELY become locked out. I see it all the time. One of our smaller separate networks (built in) Administrator account gets locked out all the time. It's actually pretty weird and I've been working for a while now trying to figure out WHY this is happening. Craig -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 8:48 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Admin Account Trouble Craig, Can't happen - the Administrator account can't be locked out. Which, if you think about it is the reason that it's attacked over any other potential admin equivalent account. If the account 'Rick' is an admin equiv but has a lockout of 3 attempts, I may as well go after the Administrator who won't lockout even though I'm going after it with a full onslaught brute force dictionary attack with my mongo dictionary with all possible replacement text. By open of business Monday the administrator account has taken on millions of password attempts. Yeah, it's kind of a small problem. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Craig Cerino Sent: Friday, September 20, 2002 12:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Admin Account Trouble I REALLY don't mean to be insulting -- but is it locked out? -Original Message- From: Michael Payne [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 12:43 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Admin Account Trouble Hello Everyone, My administrator account (Windows 2000 server) can not access the group policies for the Domain\ Domain Controller. I can not install software nor does the hardware wizard respond. Any ideas or suggestions? I would appreciate any advice. Thanks in advance, Mike List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: