RE: [ActiveDir] Please help me
Return Receipt Your RE: [ActiveDir] Please help me document: wasSudhir Kaushal/GIS/CSC received by: at:12/11/2006 02:24:56 PM ZE5B List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] Sudhir Kaushal/GIS/CSC is out of the office.
I will be out of the office starting 09/18/2006 and will not return until 09/25/2006. I will respond to your message when I return. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Date Modification not same on the folder and subfolder level
Hi All, On my file server, why do i get different modified dates for users main folder and subfolders and even the files in the subfolders. My concern is even if a user has changed or modified a file on any specific date, the parent folder should show me the latest modified date. Or if we have N number of files modified on different dates, then what should be the date on the parent folder ? Thanks in advance. Regards, Sudhir Kaushal Systems Engineer (GIS) MCS Wintel India Computer Sciences Corporation Hello - + 91 120 2582323 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
Re: [ActiveDir] Show the EmployeeID field within ADUC
Return Receipt Your Re: [ActiveDir] Show the EmployeeID field within ADUC document : was Sudhir Kaushal/GIS/CSC received by: at: 07/20/2006 08:07:47 PM ZE5B List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Windows 2003 sp1 DNS problem
Return Receipt Your [ActiveDir] Windows 2003 sp1 DNS problem document : was Sudhir Kaushal/GIS/CSC received by: at: 06/30/2006 09:07:25 AM GDT List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Is there a way to force users to logon to domain?
Return Receipt Your RE: [ActiveDir] Is there a way to force users to logon to document domain? : was Sudhir Kaushal/GIS/CSC received by: at: 05/18/2006 11:03:46 AM GDT List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] OT: Virus' Where are they?
Return Receipt Your [ActiveDir] OT: Virus' Where are they? document : was Sudhir Kaushal/GIS/CSC received by: at: 03/16/2006 09:23:33 AM GMT List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] OT: Software purchase assistance
Return Receipt Your [ActiveDir] OT: Software purchase assistance document : was Sudhir Kaushal/GIS/CSC received by: at: 02/08/2006 11:13:58 AM GMT List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Problem with IE security Policies GP
Hi, My users connect through ICA session to couple of Citrix desktop servers ( all windows 2000 ). The profiles they are using are mandatory. In those profiles the IE security settings for Internet Zones\Navigate subframes across different domain are set to "Prompt". I want this settings to be changed from "Prompt" to "Enable". My DC's are 2003. I edited the GP associated with the effected users OU and configured this particular settings and set it to "enable", However the users are still getting the older IE settings. I dont know where i am going wrong.. Any help would be appreciated. Regards, Sudhir This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
[ActiveDir] search option for file and folders dont work
Hi, My search options for files and folders dont work in 2000. Though it works very well when opened from Windows Explorer. Any pointers to the probable reasons are appreciated. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
[ActiveDir] Sudhir Kaushal/GIS/CSC is out of the office.
I will be out of the office starting 12/01/2005 and will not return until 12/05/2005. I will respond to your message when I return. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] User accounts getting locked out..
Hi All,
I am facing one strange issue. All of
sudden my user accounts are getting locked out in certain OU's. The event
logs says
Event Id - 675, AUDIT FAILURE, Security,
Mon Nov 14 12:50:57 2005, NT AUTHORITY\SYSTEM, Pre-authentication failed:
User Name: xyz User ID: %{xyz}
Service Name: krbtgt/domain name Pre-Authentication Type:
0x2 Failure Code: 0x18 Client Address: IP address.
Event Id - 644, AUDIT SUCCESS, Security, Mon Nov 14 12:50:56 2005,
NT AUTHORITY\SYSTEM, User Account Locked Out: Target
Account Name: xyz Target Account ID: %{xyz}
Caller Machine Name: Name of the machine Caller User Name:
Name of the DC Caller Domain: Domain Name Caller
Logon ID: (0x0,0x3E7)
They also get clear after some time
automatically. One reason which i figure out is that it could be
related to the system time of the client machine with the system time of
DC ( Related to failure of Kerberos ticket ) . Any other pointers???
Thanks in Advance.
Regards,
Sudhir Kaushal
Systems Engineer (GIS)
Computer Sciences Corporation.
India - + 91
120 2582323 Ext. 2649
Denmark - + 45
70100024 Ext. 2649
“You never win Silver, You
lose Gold”
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
RE: [ActiveDir] moving DHCP Server to another machine
Yes i took the fresh backup and restore on the target server successfully. However the dhcp.mdb size remains same... :-( Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. @hampshire.pnn.police.uk> Sent by: ActiveDir-owner 11/08/2005 07:43 PM Please respond to ActiveDir To: cc: Subject: RE: [ActiveDir] moving DHCP Server to another machine Have you looked at. http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/3ee35f7b-6b5a-4942-b1cb-9f7462989039.mspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir Kaushal Sent: 08 November 2005 13:53 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] moving DHCP Server to another machine Thanks for the response. I have gone through some of the microsoft documents. The tool dhcpexim works for 2000 whereas my source and target servers are 2003. For 2003 the procedure mentioned in the link http://support.microsoft.com/kb/325473 says to use netsh import and export commands. They also have mentioned that its moves both the database as well as configuration. When i used this command, as per my understanding it perfectly moves the configuration of the DHCP on the target server and i am able to see all the scopes and the Addresses leases. However my dhcp.mdb database size on the target server remains default 1032 kb . Where as the the db size on the source server is bigger then this. May i know why is this happening? Or is there any other process also to be followed ? Thanks.. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. "CHIANESE, DAVID" @phlyins.com> Sent by: ActiveDir-owner 11/08/2005 06:22 PM Please respond to ActiveDir To: cc: Subject: RE: [ActiveDir] moving DHCP Server to another machine http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp Try the above link. We just migrated 2 DHCP servers with this micosoft utility. Regards, Dave Chianese From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir Kaushal Sent: Tuesday, November 08, 2005 7:31 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] moving DHCP Server to another machine Hi, I need to move my DHCP Server ( 2003 ) to another machine ( 2003 ). I did the configuration export by giving the netsh dhcp server export command and am able to import the DHCP configuration on the Target Server. The concern is that Is this process completes the whole move. What about the DHCP Database ? how to move it or is there any tested process to move the configuration and db to another server.? Thanks in Advance. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail
RE: [ActiveDir] moving DHCP Server to another machine
Thanks for the response. I have gone through some of the microsoft documents. The tool dhcpexim works for 2000 whereas my source and target servers are 2003. For 2003 the procedure mentioned in the link http://support.microsoft.com/kb/325473 says to use netsh import and export commands. They also have mentioned that its moves both the database as well as configuration. When i used this command, as per my understanding it perfectly moves the configuration of the DHCP on the target server and i am able to see all the scopes and the Addresses leases. However my dhcp.mdb database size on the target server remains default 1032 kb . Where as the the db size on the source server is bigger then this. May i know why is this happening? Or is there any other process also to be followed ? Thanks.. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. "CHIANESE, DAVID" @phlyins.com> Sent by: ActiveDir-owner 11/08/2005 06:22 PM Please respond to ActiveDir To: cc: Subject: RE: [ActiveDir] moving DHCP Server to another machine http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp Try the above link. We just migrated 2 DHCP servers with this micosoft utility. Regards, Dave Chianese From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir Kaushal Sent: Tuesday, November 08, 2005 7:31 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] moving DHCP Server to another machine Hi, I need to move my DHCP Server ( 2003 ) to another machine ( 2003 ). I did the configuration export by giving the netsh dhcp server export command and am able to import the DHCP configuration on the Target Server. The concern is that Is this process completes the whole move. What about the DHCP Database ? how to move it or is there any tested process to move the configuration and db to another server.? Thanks in Advance. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
[ActiveDir] moving DHCP Server to another machine
Hi, I need to move my DHCP Server ( 2003 ) to another machine ( 2003 ). I did the configuration export by giving the netsh dhcp server export command and am able to import the DHCP configuration on the Target Server. The concern is that Is this process completes the whole move. What about the DHCP Database ? how to move it or is there any tested process to move the configuration and db to another server.? Thanks in Advance. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
[ActiveDir] Sudhir Kaushal/GIS/CSC is out of the office.
I will be out of the office starting 10/31/2005 and will not return until 11/04/2005. I will respond to your message when I return. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Sudhir Kaushal/GIS/CSC is out of the office.
I will be out of the office starting 10/20/2005 and will not return until 10/24/2005. I will respond to your message when I return. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP Query Fails
Hi Al, I did the following configurations in the OE directory services.. like 1. LDAP server name - I tried by giving both domain name and the server name ( ldap://ldap.server name) 2. I changed the search base also. Like ou=abc,dc=def,dc=com 3. kept the port to 389 for ldap search. After doing all this, when i find ppl by giving the browser address (ldap://ldap.server name) i get following error " Specified Directory service could not be reached. The service may be temporarily unavailable or the server name may be incorrect" :-( I am not using any kind of Proxy to connect to the internet. Do we have to do some configurations on the Domain Controller also ? This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. "Al Mulnick" @hotmail.com> Sent by: ActiveDir-owner 10/10/2005 09:34 PM Please respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject: RE: [ActiveDir] LDAP Query Fails Outlook Express (OE) and Search for People use the same WAB provider IIRC. When you open ldap://servername you're really making a call to use WAB.EXE which is the same address book that OE uses to search for users. I notice though, that if you specify a server to contact, that you get that pre-filled in vs. if you open it in search or via OE. Interesting IE uses the following key to control what it uses for the ldap url: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Contacts\Address Book\Protocols\ldap\shell\open\command So my thinking was that you needed to properly specify the directory on the client. It may just be permissions related however, as utilizing the ldap url to open a DC for search provides null credentials by default. Check your security logs (if auditing) to see if this is the case. Note: I notice as I looked at this in my test environment that I had no notification in the event logs. I didn't look at it long enough to see if I had the audit settings perfected, so it's possible I missed something. However, a network trace shows the attempt and an error indicating that I need to first bind. That's not really correct, because I do bind, but I bind anonymously. It should be telling me to allow anonymous bind in order to search etc. If it helps, ldap url syntax is defined in RFC 2255. Al >From: Sudhir Kaushal <[EMAIL PROTECTED]> >Reply-To: ActiveDir@mail.activedir.org >To: ActiveDir@mail.activedir.org >Subject: RE: [ActiveDir] LDAP Query Fails >Date: Mon, 10 Oct 2005 10:07:57 -0400 > >Hi Mulnick, > >I get the same error when i give ldap://domainname. Yes i am using IE. >Sorry i didnt get what u mean to ask by " How are your directory >settings in OE configured exactly? > >Regards, >Sudhir > > > >This is a PRIVATE message. If you are not the intended recipient, please >delete without copying and kindly advise us by e-mail of the mistake in >delivery. NOTE: Regardless of content, this e-mail shall not operate to >bind CSC to any order or other contract unless pursuant to explicit >written agreement or government initiative expressly permitting the use of >e-mail for such purpose. > > > > > > >"Al Mulnick" >@hotmail.com> >Sent by: ActiveDir-owner >10/10/2005 10:01 AM >Please respond to ActiveDir > > To: ActiveDir@mail.activedir.org > cc: > Subject: RE: [ActiveDir] LDAP Query Fails > > >What happens if you specify ldap://domainname ? Just out of curiousity. > >Using IE or some other browser? > >IE relies on OE IIRC to handle LDAP searches. How are your directory >settings in OE configured exactly? > > > > > > >From: Sudhir Kaushal <[EMAIL PROTECTED]> > >Reply-To: ActiveDir@mail.activedir.org > >To: ActiveDir@mail.activedir.org > >Subject: [ActiveDir] LDAP Query Fails > >Date: Mon, 10 Oct 2005 07:37:57 -0400 > > > >Hi All, > > > >Whenever I do LDAP search for any user in AD through browser, (ldap://DC > >server IP ) it gives me error " An error accured while performing the > >search. Your computer, ISP or the specifi
RE: [ActiveDir] LDAP Query Fails
Hi Mulnick, I get the same error when i give ldap://domainname. Yes i am using IE. Sorry i didnt get what u mean to ask by " How are your directory settings in OE configured exactly? Regards, Sudhir This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. "Al Mulnick" @hotmail.com> Sent by: ActiveDir-owner 10/10/2005 10:01 AM Please respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject: RE: [ActiveDir] LDAP Query Fails What happens if you specify ldap://domainname ? Just out of curiousity. Using IE or some other browser? IE relies on OE IIRC to handle LDAP searches. How are your directory settings in OE configured exactly? >From: Sudhir Kaushal <[EMAIL PROTECTED]> >Reply-To: ActiveDir@mail.activedir.org >To: ActiveDir@mail.activedir.org >Subject: [ActiveDir] LDAP Query Fails >Date: Mon, 10 Oct 2005 07:37:57 -0400 > >Hi All, > >Whenever I do LDAP search for any user in AD through browser, (ldap://DC >server IP ) it gives me error " An error accured while performing the >search. Your computer, ISP or the specified directory services may be >disconnected. Check ur connections and try again. Operations Error " > >I have tried this even locally on the DC, still it gives the same error. >Though it is working very well with LDAP browser ( Softerra ) and using >the Search -> Find ppl from Start Menu. > >Any Help!! > >Regards, >Sudhir > > > > > >This is a PRIVATE message. If you are not the intended recipient, please >delete without copying and kindly advise us by e-mail of the mistake in >delivery. NOTE: Regardless of content, this e-mail shall not operate to >bind CSC to any order or other contract unless pursuant to explicit >written agreement or government initiative expressly permitting the use of >e-mail for such purpose. > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] LDAP Query Fails
Hi All, Whenever I do LDAP search for any user in AD through browser, (ldap://DC server IP ) it gives me error " An error accured while performing the search. Your computer, ISP or the specified directory services may be disconnected. Check ur connections and try again. Operations Error " I have tried this even locally on the DC, still it gives the same error. Though it is working very well with LDAP browser ( Softerra ) and using the Search -> Find ppl from Start Menu. Any Help!! Regards, Sudhir This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
[ActiveDir] vbscript to read a remote file
Hi All, My requirement is to read some characters from a . txt file located on remote machine and write them in another text file on a local machine from where i will run the script. I have a script which do all this on a local machine ( read some text from one file and write to another ). However i am not getting how to fetch the text data from remote machine.. I have some idea that i have to use WSHControllers object to run a script on the remote machine and fetch the data. Any pointers in that direction would be appreciated. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
Fw: [ActiveDir] Security Group Policy Not Applying
Hi All, One small query in this regard.. The problem i was facing because of one domain local group added in the restricted group in the default domain controller policy. Can we have global group defined in the restricted groups in the default domain controller policy instead of domain local group ?? Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. - Forwarded by Sudhir Kaushal/GIS/CSC on 09/14/2005 11:11 AM - Sudhir Kaushal/GIS/CSC @CSC Sent by: ActiveDir-owner 09/14/2005 10:36 AM Please respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject: RE: [ActiveDir] Security Group Policy Not Applying Hi All, Thanks to everyone for guiding me to the solution. It was because of the restricted group policy on the DC's to control the domain group membership. I removed it and updated the GP.and it worked. Have a nice day... :-) Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. "Darren Mar-Elia" @quest.com> Sent by: ActiveDir-owner 09/13/2005 10:29 PM Please respond to ActiveDir To: cc: Subject: RE: [ActiveDir] Security Group Policy Not Applying Unless you are entering the group as free text (i.e. just typing it in). Couple of points here. Using restricted group policy on DCs to control domain group membership is bad news. I would simply avoid it. This particular error indicates that you are trying to add a group to a domain local group that is from another domain, and that this is not allowed--at least not on a domain local group. I would go into the Restricted Groups policies that are applying to your DCs (either linked to the Domain Controllers OU or to the Domain) and figure which policy is doing this. You can also run rsop.msc on the DC in question to see which GPO is delivering the winning restricted groups policy. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 13, 2005 6:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security Group Policy Not Applying It sounds like a restricted groups policy being attempted wrong.But, from what I've seen, it won't even let you try that. John Sudhir Kaushal <[EMAIL PROTECTED] m> To Sent by: ActiveDir@mail.activedir.org [EMAIL PROTECTED] cc ail.activedir.org Subject RE: [ActiveDir] Security Group 09/13/2005 07:39 Policy Not Applying AM Please respond to
RE: [ActiveDir] Security Group Policy Not Applying
Hi All, Thanks to everyone for guiding me to the solution. It was because of the restricted group policy on the DC's to control the domain group membership. I removed it and updated the GP.and it worked. Have a nice day... :-) Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. "Darren Mar-Elia" @quest.com> Sent by: ActiveDir-owner 09/13/2005 10:29 PM Please respond to ActiveDir To: cc: Subject: RE: [ActiveDir] Security Group Policy Not Applying Unless you are entering the group as free text (i.e. just typing it in). Couple of points here. Using restricted group policy on DCs to control domain group membership is bad news. I would simply avoid it. This particular error indicates that you are trying to add a group to a domain local group that is from another domain, and that this is not allowed--at least not on a domain local group. I would go into the Restricted Groups policies that are applying to your DCs (either linked to the Domain Controllers OU or to the Domain) and figure which policy is doing this. You can also run rsop.msc on the DC in question to see which GPO is delivering the winning restricted groups policy. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 13, 2005 6:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security Group Policy Not Applying It sounds like a restricted groups policy being attempted wrong.But, from what I've seen, it won't even let you try that. John Sudhir Kaushal <[EMAIL PROTECTED] m> To Sent by: ActiveDir@mail.activedir.org [EMAIL PROTECTED] cc ail.activedir.org Subject RE: [ActiveDir] Security Group 09/13/2005 07:39 Policy Not Applying AM Please respond to [EMAIL PROTECTED] tivedir.org Thanks for the response.. However i have already checked this and all the related policies in win2003 are not defined in my case.. :-( Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. @readymaids.com> To: Sent by:
RE: [ActiveDir] Security Group Policy Not Applying
Thanks for the response.. However i
have already checked this and all the related policies in win2003 are not
defined in my case.. :-(
Regards,
Sudhir Kaushal
Systems Engineer (GIS)
Computer Sciences Corporation.
India - + 91 120 2582323 Ext. 2649
Denmark - + 45 70100024 Ext. 2649
“You never win Silver, You
lose Gold”
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
@readymaids.com>
Sent by: ActiveDir-owner
09/13/2005 06:00 PM
Please respond to ActiveDir
To:
cc:
Subject:
RE: [ActiveDir] Security Group Policy
Not Applying
http://www.eventid.net/display.asp?eventid=1202&eventno=348&source=SceCli&pha
se=1
Look at the 0x4b8 section.
HTH
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Sudhir Kaushal
Sent: Tue 9/13/2005 5:10 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Security Group Policy Not Applying
Hi all
I'm having an issue with ONE of my DC's (Win2003) not applying a group
policy
object.
in the event viewer of the DC's i'm getting this errors after every 5 min
Event id: 1202
"Security policies were propagated with warning.
0x4b8 : An extended error has occurred."
When I drill down to the clients winlogon.log file i see the following
entry
Error 0 to send the control flag 1 over to server.
Make a local copy of
\\domain.dom\sysvol\domain.dom\Policies\{31B2F340-0160-11D2-945F-00C04FB984F9
}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt0.dom.
This is not the last GPO.
The log file also specifies:
Warning 2 - The system cannnot find the file specified.
cannot find the remote desktop users.
Configure the remote desktop users.
add \group name
Error 8520 - A local group cannot have another cross domain local group
as
member.
Has anyone ever seen this error and/or know what the solution is.
Regards,
Sudhir Kaushal
Systems Engineer (GIS)
Computer Sciences Corporation.
India - + 91 120 2582323 Ext. 2649
Denmark - + 45 70100024 Ext. 2649
"You never win Silver, You lose Gold"
-
---
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind
CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for
such purpose.
-
---
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Security Group Policy Not Applying
Hi all
I'm having an issue with ONE of my DC's (Win2003) not applying a group
policy object.
in the event viewer of the DC's i'm getting this errors after every 5 min
Event id: 1202
"Security policies were propagated with warning.
0x4b8 : An extended error has occurred."
When I drill down to the clients winlogon.log file i see the following
entry
Error 0 to send the control flag 1 over to server.
Make a local copy of \\domain.dom\sysvol\domain.dom\Policies\{31B2F340-0160-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows
NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt0.dom.
This is not the last GPO.
The log file also specifies:
Warning 2 - The system
cannnot find the file specified.
cannot find the remote
desktop users.
Configure the remote desktop
users.
add \group
name
Error 8520 - A local group
cannot have another cross domain local group as member.
Has anyone ever seen this
error and/or know what the solution
is.
Regards,
Sudhir Kaushal
Systems Engineer (GIS)
Computer Sciences Corporation.
India - + 91 120 2582323 Ext. 2649
Denmark - + 45 70100024 Ext. 2649
“You never win Silver, You
lose Gold”
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
RE: [ActiveDir] Transfer GPO between domains
Return Receipt Your RE: [ActiveDir] Transfer GPO between domains document : was Sudhir Kaushal/GIS/CSC received by: at: 09/06/2005 05:43:14 PM ZE5B List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] export to csv
Return Receipt Your RE: [ActiveDir] export to csv document : was Sudhir Kaushal/GIS/CSC received by: at: 08/22/2005 03:49:48 PM ZE5B List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Permissions to start and stop the services
Hi, I have a user who wants to start and stop one perticular application service on the server, whenever he wishes from his desktop. I cant give him any special rights. The O.S is Windows 2000. I am not clear how i can do this. Like using security templates and give him the permissions to start or stop the service, or setting some policy. Please suggest. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 "You never win Silver, You lose Gold" This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
[ActiveDir] Password policy in NT 4.0 PDC
Hi, Would like to know that, in NT4.0 PDC when we apply user policy for password change, does it get apply on service accounts also ? If NO, why ? Can anyone throw some light on this. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 "You never win Silver, You lose Gold" This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
[ActiveDir] password policy in NT4 PDC
Hi, Would like to know that, in NT4.0 PDC when we apply user policy for password change, does it get apply on service accounts also ? If NO, why ? Can anyone throw some light on this. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 "You never win Silver, You lose Gold" This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
RE: [ActiveDir] Computer Migration Issues with ADMT
Title: RE: [ActiveDir] Computer Migration Issues with ADMT Hi Santosh, It is true that account is created but the machines just dont reboot. In my case i tried even changing the time from 1 min to 5 min. But the machines just dont reboot. Even after rebooting the machines manually, the domain name remained the same. After checking the logs on c:\temp on the clients machine i found this error "failed to change the domain affiliation (hr=8007054b), the specified domain does not exist or could not be contacted" . Because of this i concluded that account creation on the Target domain is may be because of ADMT agent, which gets properly installed on the client machine and do the necessary changes, but client is not able to contact the Target domain and hence dont reboot on their own. The other most common error i have seen in the logs is that "hr=800706fb The security database on the server does not have a computer account for this workstation trust relationship". Again I guess this is related with the Administrative permission in the domain. Santosh what error you are getting in the logs? Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message-From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED]Sent: Thursday, February 05, 2004 7:31 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Computer Migration Issues with ADMT Yes. you are right mike. I don’t think it is due to name resolution problem. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Celone, MikeSent: Thursday, February 05, 2004 7:38 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Computer Migration Issues with ADMT So your saying that the machines won't reboot because they can't resolve the target domain? This can't be true because all the machines I tried it on join to the target domain (I see the account created) but just don't reboot. After I reboot them manually they log into the new domain without any issues. Why would the machine have to resolve the target domain to reboot anyways? Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406 From: Sudhir Kaushal [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 1:29 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Computer Migration Issues with ADMT Hi Santosh, I had this problem while migrating the computer accounts and the things i concluded are as follows: This error is because the ADMT agent on the source domain clients is not able to resolve the target domain. I tried first creating static WINS record of the target domain in the source domain WINS server. Though MIcrosoft dont recommend it. It didn't worked out for me, may be for the simple fact that WINS resolution is not supported when ur target Win2K domain is using DNS for the name resolution. I was migrating from NT 4.0 to Win2K. If you r using DNS in the source domain and if it doesn't have resource record of Target domain, then create it. so that ADMT agent should be able to resolve the Target domain name from the source domain DNS. Like "Targetdomain.com" . If u r using only WINS in the source domain, then make sure that u have the WINS record of the target domain in the source domain WINS server. If u r using DHCP then u can make all ur source domain clients to use DNS of Target domain by making the configuration for DNS in DHCP . So that ADMT agent could able to resolve the target domain name from Target domain DNS server only. For me the first one worked out. I hope it works for u too. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 05, 2004 4:18 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Computer Migration Issues with ADMT I remember someone posted a message here 3 or 4 weeks ago with an ADMT and computer migration question. I have the same problem in the lab. After the computer migration, it won't restart automatically. I have to manually restart the computer. Does anyone remember that question? If you still have a copy of that email thread could you forward it to me? Thanks, Santhosh List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Computer Migration Issues with ADMT
Title: RE: [ActiveDir] Computer Migration Issues with ADMT Hi Santosh, I had this problem while migrating the computer accounts and the things i concluded are as follows: This error is because the ADMT agent on the source domain clients is not able to resolve the target domain. I tried first creating static WINS record of the target domain in the source domain WINS server. Though MIcrosoft dont recommend it. It didn't worked out for me, may be for the simple fact that WINS resolution is not supported when ur target Win2K domain is using DNS for the name resolution. I was migrating from NT 4.0 to Win2K. If you r using DNS in the source domain and if it doesn't have resource record of Target domain, then create it. so that ADMT agent should be able to resolve the Target domain name from the source domain DNS. Like "Targetdomain.com" . If u r using only WINS in the source domain, then make sure that u have the WINS record of the target domain in the source domain WINS server. If u r using DHCP then u can make all ur source domain clients to use DNS of Target domain by making the configuration for DNS in DHCP . So that ADMT agent could able to resolve the target domain name from Target domain DNS server only. For me the first one worked out. I hope it works for u too. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message- From: Santhosh Sivarajan [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 05, 2004 4:18 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Computer Migration Issues with ADMT I remember someone posted a message here 3 or 4 weeks ago with an ADMT and computer migration question. I have the same problem in the lab. After the computer migration, it won't restart automatically. I have to manually restart the computer. Does anyone remember that question? If you still have a copy of that email thread could you forward it to me? Thanks, Santhosh List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Native Mode
Title: Native Mode Thanks to all for clearing my doubt. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message-From: Simon Geary [mailto:[EMAIL PROTECTED]Sent: Wednesday, January 28, 2004 3:44 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Native Mode Yes, you can have NT clients in native mode. (But no NT BDC's) -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Sudhir KaushalSent: 27 January 2004 12:22To: [EMAIL PROTECTED]Subject: [ActiveDir] Native Mode Hi All, I would like to thanks to all the members of this forum who helped me to carry out my Migration from NT 4.0 to Win2K successfully. Just wanted to clear one doubt. Is native mode related only to domain controllers? Can we have NT 4.0 clients in Native Mode? Or do we need everything to be in Win2K including domain controllers and clients? Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126
[ActiveDir] Native Mode
Title: Native Mode Hi All, I would like to thanks to all the members of this forum who helped me to carry out my Migration from NT 4.0 to Win2K successfully. Just wanted to clear one doubt. Is native mode related only to domain controllers? Can we have NT 4.0 clients in Native Mode? Or do we need everything to be in Win2K including domain controllers and clients? Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126
RE: [ActiveDir] Upgrade to Win2k
Title: RE: [ActiveDir] Upgrade to Win2k Hi Tony, Are u talking about the DNS server. coz on my DNS both the service were running DNS as well as DHCP client, but still PTR didnt get updated. Though A records were updated. Any Idea? Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Friday, January 23, 2004 5:40 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Upgrade to Win2k Hi Sudhir You wrote: > Do u really need DHCP service running ( even though u don't DHCP server in ur domain ) to get the PTR records dynamically updated. The DHCP client service is necessary for dynamic DNS (DDNS) registrations. If the DHCP client service is not running then the machine will not be able to dynamically register its A and PTR records. This is independent of whether or not you have DHCP on your network. Tony -- Original Message -- Wrom: FXISHJEXXIMQZUIVOTQNQEMSFDULHPQQWOY Reply-To: [EMAIL PROTECTED] Date: Fri, 23 Jan 2004 17:24:54 +0530 Thanks Roger for the method. I am sure this will work. But since my domain controller would contain DNS as well as User and Server Accounts, I guess I have to change the steps a bit. 1. Build a new BDC. Get all the user and computer accounts replicated. 2. Configure the DNS with the secondary zones pointing to PDC primary zones ( As u suggested ) 3. Get the zone transferred. Change the secondary zones to primary on BDC. 4. Promote the BDC to PDC. ( Put the actual PDC offline ) 5. Upgrade it to Win2k. 6. Run the DCpromo. 7. Give the DNS domain name abc.net This should create the srv records under the zone abc.net and do the dynamic updates. Do u really need DHCP service running ( even though u don't DHCP server in ur domain ) to get the PTR records dynamically updated. Thanks for the steps. I would test them and let u all know. Regards Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message- Wrom: IYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWL Sent: Thursday, January 22, 2004 7:07 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Upgrade to Win2k Since it seems like you want all the abc.net domain, I'd do the following: 1. Build the new AD domain controller with the DNS service installed (but don't run DCPromo yet) 2. Configure the Win2k box to be a secondary for abc.net from the NT4 box 3. Wait for the Win2k box to replicate (probably <1 minute, but I give it 20 just in case) 4. Force another pull of the zone (because you can never be too paranoid) 5. Change the zone on the Win2k box to be Standard Primary 6. Change the zone on the NT4 box to be a secondary (I think you need to delete and recreate it to make that change under NT4) - you might need to change the zone settings on Win2k to allow for zone transfers 7. Ensure the NT4 box is pulling the seconday properly 8. Enable dynamic updates on the zone in Win2k 9. Set the Win2k box to use itself for DNS 10. Run DCPromo That's basically what I've done in the past with great success. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- Wrom: SZLKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNS Sent: Thursday, January 22, 2004 8:20 AM To: '[EMAIL PROTECTED]' Subject: FW: [ActiveDir] Upgrade to Win2k Hi Rick, Thanks for the reply. The problem I am facing here in upgrade is as follows: I have NT 4 DNS configured with 2 zones say abc.net and abc.com on the pdc. I have lot of records like mx, cname and A records of clients in abc.net zone and my clients also access the application on those machines through browser by giving address http://www.clients.egain.net <http://www.clients.egain.net/> . My domain name is "test" . Now while configuring active directory, Scenario 1# If I give new DNS domain name "test.local", it created new zone in DNS as "test.local" with all the srv records in it. The problem with this configuration is when I join new client to the domain " test.local" or "test", I cant add the host record dynamically to the abc.net zone. The machine name will also change to "name.test.local" whereas I want it to be "name.abc.net" . Scenario 2# If i give new DNS domain name "abc.net" . It gives me the error " wizard cannot configure DNS for domain abc.net. However the DNS service was successfully installed. DNS zone already exists." . This way no srv records are created. Please help me what would be the right approach. Regards, Sudhir Kaushal Syste
RE: [ActiveDir] Upgrade to Win2k
Title: Message
Thanks
Roger for the method. I am sure this will work. But since my domain controller
would contain DNS as well as User and Server Accounts, I guess I have to
change the steps a bit.
1.
Build a new BDC. Get all the user and computer accounts replicated.
2.
Configure the DNS with the secondary zones pointing to PDC primary zones ( As u
suggested )
3. Get
the zone transferred. Change the secondary zones to primary on BDC.
4.
Promote the BDC to PDC. ( Put the actual PDC offline )
5.
Upgrade it to Win2k.
6. Run
the DCpromo.
7.
Give the DNS domain name abc.net
This
should create the srv records under the zone abc.net and do the dynamic
updates.
Do u
really need DHCP service running ( even though u don't DHCP server in ur domain
) to get the PTR records dynamically updated.
Thanks
for the steps. I would test them and let u all know.
Regards
Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607,
Ext-126
-Original Message-From: Roger Seielstad
[mailto:[EMAIL PROTECTED]Sent: Thursday, January 22, 2004
7:07 PMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Upgrade to Win2k
Since it seems like you want all the abc.net domain, I'd do the
following:
1.
Build the new AD domain controller with the DNS service installed (but don't
run DCPromo yet)
2.
Configure the Win2k box to be a secondary for abc.net from the NT4
box
3.
Wait for the Win2k box to replicate (probably <1 minute, but I give it 20
just in case)
4.
Force another pull of the zone (because you can never be too
paranoid)
5.
Change the zone on the Win2k box to be Standard Primary
6.
Change the zone on the NT4 box to be a secondary (I think you need to delete
and recreate it to make that change under NT4) - you might need to change the
zone settings on Win2k to allow for zone transfers
7.
Ensure the NT4 box is pulling the seconday properly
8.
Enable dynamic updates on the zone in Win2k
9.
Set the Win2k box to use itself for DNS
10.
Run DCPromo
That's basically what I've done in the past with great
success.
--
Roger D. Seielstad
- MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
-Original Message-From: Sudhir Kaushal
[mailto:[EMAIL PROTECTED] Sent: Thursday, January 22, 2004 8:20
AMTo: '[EMAIL PROTECTED]'Subject: FW:
[ActiveDir] Upgrade to Win2k
Hi
Rick,
Thanks for the reply. The problem I am facing here in upgrade is as
follows:
I
have NT 4 DNS configured with 2 zones say abc.net
and abc.com on the pdc. I have lot of records like mx, cname and A records
of clients in abc.net zone and my clients also access the application on
those machines through browser by giving address http://www.clients.egain.net. My
domain name is "test" .
Now while configuring active directory,
Scenario 1#
If
I give new DNS domain name "test.local", it created new zone in DNS as
"test.local" with all the srv records in it.
The problem with this configuration is when I join new client to the
domain " test.local" or "test", I cant add the host record
dynamically to the abc.net zone. The machine name will also change to
"name.test.local" whereas I want it to be "name.abc.net"
.
Scenario 2#
If
i give new DNS domain name "abc.net" . It gives me the error " wizard cannot
configure DNS for domain abc.net. However the DNS service was successfully
installed. DNS zone already exists." . This way no srv records are created.
Please help me what would be the right approach.
Regards,
Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd.
Hello - (+91
20) 4222812, (+91 20) 4228607, Ext-126
-Original Message-From: Rick Kingslan
[mailto:[EMAIL PROTECTED]Sent: Thursday, January 22, 2004 5:55
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Upgrade to Win2k
The SRV records are essential - AD will not work
without it as it advertises the existence and where specific services can be
obtained - LDAP, GC, Kerberos, to name but a few. Regardless of how
simple or how complex, the state of DNS must be similar in that a very
specific format of what is available (SRV records and the services that they
indicate) as well as the format (_msdcs, _sites, _udp,
_tcp).
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP -
Active DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzoneWebLog -
www.msmvps.com/wil
FW: [ActiveDir] Upgrade to Win2k
Title: Upgrade to Win2k Hi Rick, Thanks for the reply. The problem I am facing here in upgrade is as follows: I have NT 4 DNS configured with 2 zones say abc.net and abc.com on the pdc. I have lot of records like mx, cname and A records of clients in abc.net zone and my clients also access the application on those machines through browser by giving address http://www.clients.egain.net. My domain name is "test" . Now while configuring active directory, Scenario 1# If I give new DNS domain name "test.local", it created new zone in DNS as "test.local" with all the srv records in it. The problem with this configuration is when I join new client to the domain " test.local" or "test", I cant add the host record dynamically to the abc.net zone. The machine name will also change to "name.test.local" whereas I want it to be "name.abc.net" . Scenario 2# If i give new DNS domain name "abc.net" . It gives me the error " wizard cannot configure DNS for domain abc.net. However the DNS service was successfully installed. DNS zone already exists." . This way no srv records are created. Please help me what would be the right approach. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED]Sent: Thursday, January 22, 2004 5:55 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Upgrade to Win2k The SRV records are essential - AD will not work without it as it advertises the existence and where specific services can be obtained - LDAP, GC, Kerberos, to name but a few. Regardless of how simple or how complex, the state of DNS must be similar in that a very specific format of what is available (SRV records and the services that they indicate) as well as the format (_msdcs, _sites, _udp, _tcp). Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzoneWebLog - www.msmvps.com/willhack4food From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir KaushalSent: Wednesday, January 21, 2004 10:35 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Upgrade to Win2k Hi Deji, Thanks for the link. I have gone through it. In the scenario mentioned in it, it stresses more on restructuring the domain name rather then keeping the same configurations. I guess I do have to change my NETBIOS domain name with interest of the zone names already configured in NT 4.0 DNS while giving the new DNS domain name in active directory. I will give it a shot in my test lab. One thing I would like to ask is that do I really need srv records coz I am having just single domain model with single site and at the max 2 domain controllers. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED]Sent: Wednesday, January 21, 2004 10:33 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Upgrade to Win2k http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookintr.asp Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Sudhir KaushalSent: Tue 1/20/2004 8:37 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Upgrade to Win2k I have to upgrade my network from NT 4.0 to Win2k. My current scenario is: 1. PDC with DNS ( having 2 zones: secondary abc.com and primary abc.net ) 2. Domain Name is Test. 3. 2 BDC. Plan is 1. Install fresh BDC, Configure the DNS on it by configuring the same zones. While creating the zones i would copy the records from the DNS files on PDC and past it into the dns files on the BDC This way i will have my DNS Zones configured with all the records in that 2. promote the BDC to PDC 3. Upgrade to win2k along with ADS 4. What shall i give as "New DNS Domain Name" in order to retain the same setting. I dont want to change the name of the current domain 5. When i will join a new client where his A record would be created dynamically? In test.local zone or abc.net zone ? As all my clients has to be part of abc.net zone. These clients are being accessed by outside world. Would appreciate if someone can guide me on this or can refer me some good artical on how to upgrade the NT 4 DNS to Win2K DNS keeping the current configurations intact. Or do i have to give the new DNS domain name according to dns zone like abc.net. to get the srv records created under the abc.net zone and whenever new client joins in, its A record would get created in abc.net Thanks in Advance. Regards, Sudhir Kaushal
RE: [ActiveDir] DNS Zone Migration
Title: RE: [ActiveDir] DNS Zone Migration Santosh, you can also copy the dns zone files from ur NT system and copy them to win2003 server. While configuring zones on win2003 server, configure the primary zone as u have on NT 4 server and assign the copied zone file as it dns file. You can see all the records as it is. This will escape you from replication of DNS. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 22, 2004 6:41 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DNS Zone Migration Santhosh, I don't see any problems with doing the process as you've outlined. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Santhosh Sivarajan Sent: Wednesday, January 21, 2004 5:07 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS Zone Migration Hi all, I need help to finalize a DNS design. Here is the scenario. NT 4.0 PDC is holding a DNS zone called Mydomain.com. Unfortunately, I have to use the same Mydomain.com for Windows 2003 AD domain. It is a parallel migration. What is the best way to migrate Mydomain.com to new Windows 2003 machine? I am thinking about the following option: 1: Create a secondary zone for Mydomain.com on Windows 2003 machine pointing NT 4.0 PDC as the primary; Change it to the Primary 2: Delete the zone on NT4.0 PDC and create a secondary zone for Mydomain.com pointing Windows 2003 as the primary Do you see any problems with this? Are there any best practices for doing this? Thanks in Advance! Santhosh List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Upgrade to Win2k
Title: Upgrade to Win2k Hi Deji, Thanks for the link. I have gone through it. In the scenario mentioned in it, it stresses more on restructuring the domain name rather then keeping the same configurations. I guess I do have to change my NETBIOS domain name with interest of the zone names already configured in NT 4.0 DNS while giving the new DNS domain name in active directory. I will give it a shot in my test lab. One thing I would like to ask is that do I really need srv records coz I am having just single domain model with single site and at the max 2 domain controllers. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED]Sent: Wednesday, January 21, 2004 10:33 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Upgrade to Win2k http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookintr.asp Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Sudhir KaushalSent: Tue 1/20/2004 8:37 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Upgrade to Win2k I have to upgrade my network from NT 4.0 to Win2k. My current scenario is: 1. PDC with DNS ( having 2 zones: secondary abc.com and primary abc.net ) 2. Domain Name is Test. 3. 2 BDC. Plan is 1. Install fresh BDC, Configure the DNS on it by configuring the same zones. While creating the zones i would copy the records from the DNS files on PDC and past it into the dns files on the BDC This way i will have my DNS Zones configured with all the records in that 2. promote the BDC to PDC 3. Upgrade to win2k along with ADS 4. What shall i give as "New DNS Domain Name" in order to retain the same setting. I dont want to change the name of the current domain 5. When i will join a new client where his A record would be created dynamically? In test.local zone or abc.net zone ? As all my clients has to be part of abc.net zone. These clients are being accessed by outside world. Would appreciate if someone can guide me on this or can refer me some good artical on how to upgrade the NT 4 DNS to Win2K DNS keeping the current configurations intact. Or do i have to give the new DNS domain name according to dns zone like abc.net. to get the srv records created under the abc.net zone and whenever new client joins in, its A record would get created in abc.net Thanks in Advance. Regards, Sudhir Kaushal
[ActiveDir] Upgrade to Win2k
Title: Upgrade to Win2k I have to upgrade my network from NT 4.0 to Win2k. My current scenario is: 1. PDC with DNS ( having 2 zones: secondary abc.com and primary abc.net ) 2. Domain Name is Test. 3. 2 BDC. Plan is 1. Install fresh BDC, Configure the DNS on it by configuring the same zones. While creating the zones i would copy the records from the DNS files on PDC and past it into the dns files on the BDC. This way i will have my DNS Zones configured with all the records in that. 2. promote the BDC to PDC 3. Upgrade to win2k along with ADS 4. What shall i give as "New DNS Domain Name" in order to retain the same setting. I dont want to change the name of the current domain 5. When i will join a new client where his A record would be created dynamically? In test.local zone or abc.net zone ? As all my clients has to be part of abc.net zone. These clients are being accessed by outside world. Would appreciate if someone can guide me on this or can refer me some good artical on how to upgrade the NT 4 DNS to Win2K DNS keeping the current configurations intact. Or do i have to give the new DNS domain name according to dns zone like abc.net. to get the srv records created under the abc.net zone and whenever new client joins in, its A record would get created in abc.net Thanks in Advance. Regards, Sudhir Kaushal
RE: [ActiveDir] Computer Account migration using ADMT 2
Title: Computer Account migration using ADMT 2 Thanks Russ for the reply.. Finally i got what the problem was.. It was looking for either netbios entry of target domain in the source domain Wins database or DNS entry in souce domain.. After making the resource record of Target domain in the source domain DNS, everything went smoothly.. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message-From: Rimmerman, Russ [mailto:[EMAIL PROTECTED]Sent: Saturday, January 10, 2004 8:33 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Computer Account migration using ADMT 2 Not sure why you're having problems, but we use Quest Fastlane Migrator and it works great for doing this... -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Sudhir KaushalSent: Friday, January 09, 2004 10:21 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Computer Account migration using ADMT 2 Hi All, Request you all to help me on this. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message-From: Sudhir Kaushal [mailto:[EMAIL PROTECTED]Sent: Friday, January 09, 2004 6:12 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Computer Account migration using ADMT 2 Hi All, I am trying to migrate computer accounts using ADMT 2. I could see the account completely migrated in the target domain without any errors, but the machine which i am migrating is not restarting to make the change in effect. For the domain name to be changed from the source domain to target domain, the machine has to restart. Where i am going wrong ? Please Help. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~
RE: [ActiveDir] Computer Account migration using ADMT 2
Title: Computer Account migration using ADMT 2 Hi All, Request you all to help me on this. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126 -Original Message-From: Sudhir Kaushal [mailto:[EMAIL PROTECTED]Sent: Friday, January 09, 2004 6:12 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Computer Account migration using ADMT 2 Hi All, I am trying to migrate computer accounts using ADMT 2. I could see the account completely migrated in the target domain without any errors, but the machine which i am migrating is not restarting to make the change in effect. For the domain name to be changed from the source domain to target domain, the machine has to restart. Where i am going wrong ? Please Help. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126
[ActiveDir] Computer Account migration using ADMT 2
Title: Computer Account migration using ADMT 2 Hi All, I am trying to migrate computer accounts using ADMT 2. I could see the account completely migrated in the target domain without any errors, but the machine which i am migrating is not restarting to make the change in effect. For the domain name to be changed from the source domain to target domain, the machine has to restart. Where i am going wrong ? Please Help. Regards, Sudhir Kaushal Systems Administrator ( Hosted Team ) eGain Communications Pvt. Ltd. Hello - (+91 20) 4222812, (+91 20) 4228607, Ext-126
