RE: [ActiveDir] Filter out a certain group of users from the GAL
Joe, This worked, thanks. Just as you suggested I should do, I used (!(attr=val)) instead of (!attr=val) and pulled the memberOf check out to the top level along with mailnickname. Cheers, Victor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Saturday, December 23, 2006 7:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Filter out a certain group of users from the GAL A couple of items to look at for all issues like this: Is the group a universal group[1]? Are the users direct members of the group or in the group via nesting? Specifically here I would look at the filter in a cleaner format such as what adfind will give you with the -stats+ and -stats+only switches. Here is your query below against one of my test domains with the guests group specified. (& (mailNickname=*) (| (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com) (! (memberOf=CN=Guests,CN=Builtin,DC=domain,DC=com) ) (objectClass=user) (! (homeMDB=*) ) (! (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=user) (| (homeMDB=*) (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=contact) ) (objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectCategory=CN=ms-Exch-Public-Folder,CN=Schema,CN=Configuration,DC=joe,D C=com) (objectCategory=CN=ms-Exch-Dynamic-Distribution-List,CN=Schema,CN=Configurat ion,DC=joe,DC=com) ) ) The filter is kind of messy. Under the OR (|) block you have 6 main components. The last four (easy ones) 3. Any Contacts 4. Any Dynamic DLs 5. Any Public Folders 6. Any groups All of those tied with the initial mailnickname mean Exchange enabled versions of each. Then the first one says give only user objects that aren't in the group specified and don't have homeMDB and msExchHomeServerName populated. This would be mail enabled users that are NOT in the group you are concerned about. Then the second one says give all users with homeMDB or msExchHomeServerName populated. This would be all mailbox enabled users period. If you want to set it so that if something is in that group, despite the object type, it won't be in the GAL you would want to pull the memberOf check out to the top level along with mailnickname. Maybe something like (& (mailNickname=*) (! (memberOf=CN=Guests,CN=Builtin,DC=domain,DC=com) ) (| (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com) (objectClass=user) (! (homeMDB=*) ) (! (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=user) (| (homeMDB=*) (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=contact) ) (objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectCategory=CN=ms-Exch-Public-Folder,CN=Schema,CN=Configuration,DC=joe,D C=com) (objectCategory=CN=ms-Exch-Dynamic-Distribution-List,CN=Schema,CN=Configurat ion,DC=joe,DC=com) ) ) joe [1] Not important if a single domain forest. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: Wednesday, December 20, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Filter out a certain group of users from the GAL Thanks, this got me closer to the correct query. It sure saved me a lot of tries, trying to get the query right using "(!attr=val)", instead of using (!(attr=val). I however did not get to managed to get it working completely. Even with the (!(attr=val) The query outputs exactly the same. The query below does perhaps look more complex than it in fact is. It is in fact the Default GAL from Exchange as it comes out of the box. I have been trying to filter out a certain group from appearing in this GAL. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, December 19, 2006 8:27 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Filter out a certain group of users from the GAL I didn't look it over completely to see what you are doing but noticed the (!attr=val) and wanted to comment on that specific piece... When making AL filters, Exchange is picky and if you put in a ! you need to do use long form of (!(attr=val)) and not (!attr=val). While AD will not have a problem with the filter, AD isn't interpreting that filter, Exchange i
RE: [ActiveDir] Filter out a certain group of users from the GAL
About it being a universal group, what exactly does this do the query? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Saturday, December 23, 2006 7:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Filter out a certain group of users from the GAL A couple of items to look at for all issues like this: Is the group a universal group[1]? Are the users direct members of the group or in the group via nesting? Specifically here I would look at the filter in a cleaner format such as what adfind will give you with the -stats+ and -stats+only switches. Here is your query below against one of my test domains with the guests group specified. (& (mailNickname=*) (| (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com) (! (memberOf=CN=Guests,CN=Builtin,DC=domain,DC=com) ) (objectClass=user) (! (homeMDB=*) ) (! (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=user) (| (homeMDB=*) (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=contact) ) (objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectCategory=CN=ms-Exch-Public-Folder,CN=Schema,CN=Configuration,DC=joe,D C=com) (objectCategory=CN=ms-Exch-Dynamic-Distribution-List,CN=Schema,CN=Configurat ion,DC=joe,DC=com) ) ) The filter is kind of messy. Under the OR (|) block you have 6 main components. The last four (easy ones) 3. Any Contacts 4. Any Dynamic DLs 5. Any Public Folders 6. Any groups All of those tied with the initial mailnickname mean Exchange enabled versions of each. Then the first one says give only user objects that aren't in the group specified and don't have homeMDB and msExchHomeServerName populated. This would be mail enabled users that are NOT in the group you are concerned about. Then the second one says give all users with homeMDB or msExchHomeServerName populated. This would be all mailbox enabled users period. If you want to set it so that if something is in that group, despite the object type, it won't be in the GAL you would want to pull the memberOf check out to the top level along with mailnickname. Maybe something like (& (mailNickname=*) (! (memberOf=CN=Guests,CN=Builtin,DC=domain,DC=com) ) (| (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com) (objectClass=user) (! (homeMDB=*) ) (! (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=user) (| (homeMDB=*) (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=contact) ) (objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectCategory=CN=ms-Exch-Public-Folder,CN=Schema,CN=Configuration,DC=joe,D C=com) (objectCategory=CN=ms-Exch-Dynamic-Distribution-List,CN=Schema,CN=Configurat ion,DC=joe,DC=com) ) ) joe [1] Not important if a single domain forest. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: Wednesday, December 20, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Filter out a certain group of users from the GAL Thanks, this got me closer to the correct query. It sure saved me a lot of tries, trying to get the query right using "(!attr=val)", instead of using (!(attr=val). I however did not get to managed to get it working completely. Even with the (!(attr=val) The query outputs exactly the same. The query below does perhaps look more complex than it in fact is. It is in fact the Default GAL from Exchange as it comes out of the box. I have been trying to filter out a certain group from appearing in this GAL. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, December 19, 2006 8:27 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Filter out a certain group of users from the GAL I didn't look it over completely to see what you are doing but noticed the (!attr=val) and wanted to comment on that specific piece... When making AL filters, Exchange is picky and if you put in a ! you need to do use long form of (!(attr=val)) and not (!attr=val). While AD will not have a problem with the filter, AD isn't interpreting that filter, Exchange is pulling everything from AD and doing the filtering itself. That is why ESM will show you one result and what you really get
RE: [ActiveDir] Filter out a certain group of users from the GAL
Thanks. The group is indeed a universal group and there are 3 domains in the forest. The users direct members of the group. I will start working on what you said. It sounds a bit complex (that will namely be because I am not all that familiar with ldap queries in general), but that makes it more interesting :-). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Saturday, December 23, 2006 7:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Filter out a certain group of users from the GAL A couple of items to look at for all issues like this: Is the group a universal group[1]? Are the users direct members of the group or in the group via nesting? Specifically here I would look at the filter in a cleaner format such as what adfind will give you with the -stats+ and -stats+only switches. Here is your query below against one of my test domains with the guests group specified. (& (mailNickname=*) (| (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com) (! (memberOf=CN=Guests,CN=Builtin,DC=domain,DC=com) ) (objectClass=user) (! (homeMDB=*) ) (! (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=user) (| (homeMDB=*) (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=contact) ) (objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectCategory=CN=ms-Exch-Public-Folder,CN=Schema,CN=Configuration,DC=joe,D C=com) (objectCategory=CN=ms-Exch-Dynamic-Distribution-List,CN=Schema,CN=Configurat ion,DC=joe,DC=com) ) ) The filter is kind of messy. Under the OR (|) block you have 6 main components. The last four (easy ones) 3. Any Contacts 4. Any Dynamic DLs 5. Any Public Folders 6. Any groups All of those tied with the initial mailnickname mean Exchange enabled versions of each. Then the first one says give only user objects that aren't in the group specified and don't have homeMDB and msExchHomeServerName populated. This would be mail enabled users that are NOT in the group you are concerned about. Then the second one says give all users with homeMDB or msExchHomeServerName populated. This would be all mailbox enabled users period. If you want to set it so that if something is in that group, despite the object type, it won't be in the GAL you would want to pull the memberOf check out to the top level along with mailnickname. Maybe something like (& (mailNickname=*) (! (memberOf=CN=Guests,CN=Builtin,DC=domain,DC=com) ) (| (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com) (objectClass=user) (! (homeMDB=*) ) (! (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=user) (| (homeMDB=*) (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=contact) ) (objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectCategory=CN=ms-Exch-Public-Folder,CN=Schema,CN=Configuration,DC=joe,D C=com) (objectCategory=CN=ms-Exch-Dynamic-Distribution-List,CN=Schema,CN=Configurat ion,DC=joe,DC=com) ) ) joe [1] Not important if a single domain forest. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: Wednesday, December 20, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Filter out a certain group of users from the GAL Thanks, this got me closer to the correct query. It sure saved me a lot of tries, trying to get the query right using "(!attr=val)", instead of using (!(attr=val). I however did not get to managed to get it working completely. Even with the (!(attr=val) The query outputs exactly the same. The query below does perhaps look more complex than it in fact is. It is in fact the Default GAL from Exchange as it comes out of the box. I have been trying to filter out a certain group from appearing in this GAL. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, December 19, 2006 8:27 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Filter out a certain group of users from the GAL I didn't look it over completely to see what you are doing but noticed the (!attr=val) and wanted to comment on that specific piece... When making AL filters, Exchange is picky and if you put in a ! you need to do use long form of (!(attr=val)) and no
RE: [ActiveDir] Filter out a certain group of users from the GAL
Thanks, this got me closer to the correct query. It sure saved me a lot of tries, trying to get the query right using "(!attr=val)", instead of using (!(attr=val). I however did not get to managed to get it working completely. Even with the (!(attr=val) The query outputs exactly the same. The query below does perhaps look more complex than it in fact is. It is in fact the Default GAL from Exchange as it comes out of the box. I have been trying to filter out a certain group from appearing in this GAL. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, December 19, 2006 8:27 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Filter out a certain group of users from the GAL I didn't look it over completely to see what you are doing but noticed the (!attr=val) and wanted to comment on that specific piece... When making AL filters, Exchange is picky and if you put in a ! you need to do use long form of (!(attr=val)) and not (!attr=val). While AD will not have a problem with the filter, AD isn't interpreting that filter, Exchange is pulling everything from AD and doing the filtering itself. That is why ESM will show you one result and what you really get could be something completely different. I once got a crap answer from a Alliance Exchange PSS that someone made up about the RFC standards etc but that "reason" was, as I said, crap. It is just something you have to be aware of when working with those filters. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 19, 2006 11:03 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Filter out a certain group of users from the GAL I have been trying to filter out a certain group of users from the GAL, these users should not appear in the GAL. I have used the "!" sign but it looks simpler than it infact is. This is the Default GAL: (& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(! (homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person) (objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(& (objectCategory=person)(objectClass=contact))(objectCategory=group) (objectCategory=publicFolder) (objectCategory=msExchDynamicDistributionList) )) I want to exclude people who are a member of a group called "XYZ Users" and thought about doing it with: (!memberOf=CN=XYZ Users,OU=XYZ,OU=First,DC=nl,DC=test,DC=gbl) The complete query is now: (& (mailnickname=*) (| (&(objectCategory=person)(!memberOf=CN=XYZ Users,OU=XYZ,OU=First,DC=nl,DC=test,DC=gbl)(objectClass=user)(! (homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person) (objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(& (objectCategory=person)(objectClass=contact))(objectCategory=group) (objectCategory=publicFolder) (objectCategory=msExchDynamicDistributionList) )) The above query outputs exactly the same objects as the first query, the one of the Default GAL. So somehow the group is not being filtered out. Probably just me overlooking something. Cheers, Victor List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] Filter out a certain group of users from the GAL
I have been trying to filter out a certain group of users from the GAL, these users should not appear in the GAL. I have used the "!" sign but it looks simpler than it infact is. This is the Default GAL: (& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(! (homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person) (objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(& (objectCategory=person)(objectClass=contact))(objectCategory=group) (objectCategory=publicFolder) (objectCategory=msExchDynamicDistributionList) )) I want to exclude people who are a member of a group called "XYZ Users" and thought about doing it with: (!memberOf=CN=XYZ Users,OU=XYZ,OU=First,DC=nl,DC=test,DC=gbl) The complete query is now: (& (mailnickname=*) (| (&(objectCategory=person)(!memberOf=CN=XYZ Users,OU=XYZ,OU=First,DC=nl,DC=test,DC=gbl)(objectClass=user)(! (homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person) (objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(& (objectCategory=person)(objectClass=contact))(objectCategory=group) (objectCategory=publicFolder) (objectCategory=msExchDynamicDistributionList) )) The above query outputs exactly the same objects as the first query, the one of the Default GAL. So somehow the group is not being filtered out. Probably just me overlooking something. Cheers, Victor List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Exchange 2003 management tasks overview
Thanks man, great idea! Lots of tasks in there. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: maandag 27 november 2006 22:33 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Exchange 2003 management tasks overview You could do worse than the Exchange Server Cookbook. It's got most of the common management and support tasks. There is no spreadsheet showing all the tasksbut there is an index :-) http://www.oreilly.com/catalog/exchangeckbk/ Tony -- Original Message -- From: "Victor W." <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date: Mon, 27 Nov 2006 21:40:32 +0100 I am looking for an overview with all Exchange 2003 management/support tasks in it. Something like a large Excel sheet for instance. So far I have looked in the Exchange Administration Guide and the Operation Guide and there is a lot in there, like tasks and checklists and so on. I would have to go through the entire document and pick here and there some tasks out of there, the tasks have not really been summed up nicely. Is there something like an already made overview out there. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] Exchange 2003 management tasks overview
I am looking for an overview with all Exchange 2003 management/support tasks in it. Something like a large Excel sheet for instance. So far I have looked in the Exchange Administration Guide and the Operation Guide and there is a lot in there, like tasks and checklists and so on. I would have to go through the entire document and pick here and there some tasks out of there, the tasks have not really been summed up nicely. Is there something like an already made overview out there. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system
I just found the document describing this. I was looking for the information in the compatibility guide. It was mentioned however in the installation guide. http://www.vmware.com/pdf/vi3_installation_guide.pdf page 25 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: zondag 26 november 2006 1:53 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system Thanks for that. Today I was told by somebody that VMWARE ESX is only officially supported on sytems with at least 2 physical CPU's. Has anybody heard this before? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chadwick, David Sent: vrijdag 24 november 2006 8:34 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system Hi Victor, ESX is licensed per CPU socket, so from that point of view a single quad-core CPU is half the ESX licensing price of two dual-core CPUs. Just something else to consider... Cheers, David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: Friday, 24 November 2006 09:15 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system I am not sure if I interpreted you correctly. After reading your reply again I now think you would go with the single quad because even with one quad, cpu resources would not be an issue. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: donderdag 23 november 2006 0:00 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system You mean that it is in fact overkill. I have thought about this and I know that it probably is. 2 Dual Cores will be probably overkill as well. Both options probably being overkill, with one quad, we at least have the option to add another one later in case this may be necessary and one quad will be cheaper than 2 Duals. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: woensdag 22 november 2006 19:41 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system A pair of quad cores is a lot of horsepower for testing. I suspect you will run out of disk i/o perf and memory long before you encounter the need for a second quad core chip given the scenarios you've described. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 8:55 AM To: activedir@mail.activedir.org Subject: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system I posted this on the VMWARE forum as well but I am very interested in the opinion of the people who post to this list and there must be some people with hands on experience with ESX and DC's and Exchange 2007 running on VM's on top of ESX 3.0.1. I am interested in the following: We will be buying a Dell PowerEdge 2900 with either 1 Quad Core processor at 2,33 GHz or 2 Dual Core processors at 2,33 GHz. We will be using this machine in a test lab only and will be testing mainly Exchange 2007 and simulating AD issues. We would like to deploy ESX 3.0.1 (or the newest versionwith several Exchange 2007 VM's and several W2K3 R2 Domain Controller VM's on it. We are doubting between the following configurations, both DELL 2900's. We will unfortunately only be buying one system so we definately need to make the right choice. As I said we want to buy a system with either 2 Dual Cores or 1 Quad Core, see here under: - 1 Quad Core 2.33 GHz Processor, Xeon 5345 - 2 Dual Core 2.33 GHz Processors, Xeon 5140 Both systems will have 8 GB of 667 MHz RAM to start with. We have contacted Dell and we were told that the 5345 Xeon will be available in January at the latest. We dont really care about the price at this moment. The first thing that comes to mind when making a choice, to me is the fact that if one Quad would not be enough, we could always plug in another one :-) at a later time. Any suggestions are greatly appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ Li
RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system
Thanks for that. Today I was told by somebody that VMWARE ESX is only officially supported on sytems with at least 2 physical CPU's. Has anybody heard this before? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chadwick, David Sent: vrijdag 24 november 2006 8:34 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system Hi Victor, ESX is licensed per CPU socket, so from that point of view a single quad-core CPU is half the ESX licensing price of two dual-core CPUs. Just something else to consider... Cheers, David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: Friday, 24 November 2006 09:15 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system I am not sure if I interpreted you correctly. After reading your reply again I now think you would go with the single quad because even with one quad, cpu resources would not be an issue. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: donderdag 23 november 2006 0:00 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system You mean that it is in fact overkill. I have thought about this and I know that it probably is. 2 Dual Cores will be probably overkill as well. Both options probably being overkill, with one quad, we at least have the option to add another one later in case this may be necessary and one quad will be cheaper than 2 Duals. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: woensdag 22 november 2006 19:41 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system A pair of quad cores is a lot of horsepower for testing. I suspect you will run out of disk i/o perf and memory long before you encounter the need for a second quad core chip given the scenarios you've described. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 8:55 AM To: activedir@mail.activedir.org Subject: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system I posted this on the VMWARE forum as well but I am very interested in the opinion of the people who post to this list and there must be some people with hands on experience with ESX and DC's and Exchange 2007 running on VM's on top of ESX 3.0.1. I am interested in the following: We will be buying a Dell PowerEdge 2900 with either 1 Quad Core processor at 2,33 GHz or 2 Dual Core processors at 2,33 GHz. We will be using this machine in a test lab only and will be testing mainly Exchange 2007 and simulating AD issues. We would like to deploy ESX 3.0.1 (or the newest versionwith several Exchange 2007 VM's and several W2K3 R2 Domain Controller VM's on it. We are doubting between the following configurations, both DELL 2900's. We will unfortunately only be buying one system so we definately need to make the right choice. As I said we want to buy a system with either 2 Dual Cores or 1 Quad Core, see here under: - 1 Quad Core 2.33 GHz Processor, Xeon 5345 - 2 Dual Core 2.33 GHz Processors, Xeon 5140 Both systems will have 8 GB of 667 MHz RAM to start with. We have contacted Dell and we were told that the 5345 Xeon will be available in January at the latest. We dont really care about the price at this moment. The first thing that comes to mind when making a choice, to me is the fact that if one Quad would not be enough, we could always plug in another one :-) at a later time. Any suggestions are greatly appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ ** Information contained in this e-mail, including accompanying documents, is intended for use of the addressee only. If you are not the intended recipient, please notify the sender as soon as possible and delete the e-mail. If you are n
RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system
I am not sure if I interpreted you correctly. After reading your reply again I now think you would go with the single quad because even with one quad, cpu resources would not be an issue. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: donderdag 23 november 2006 0:00 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system You mean that it is in fact overkill. I have thought about this and I know that it probably is. 2 Dual Cores will be probably overkill as well. Both options probably being overkill, with one quad, we at least have the option to add another one later in case this may be necessary and one quad will be cheaper than 2 Duals. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: woensdag 22 november 2006 19:41 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system A pair of quad cores is a lot of horsepower for testing. I suspect you will run out of disk i/o perf and memory long before you encounter the need for a second quad core chip given the scenarios you've described. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 8:55 AM To: activedir@mail.activedir.org Subject: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system I posted this on the VMWARE forum as well but I am very interested in the opinion of the people who post to this list and there must be some people with hands on experience with ESX and DC's and Exchange 2007 running on VM's on top of ESX 3.0.1. I am interested in the following: We will be buying a Dell PowerEdge 2900 with either 1 Quad Core processor at 2,33 GHz or 2 Dual Core processors at 2,33 GHz. We will be using this machine in a test lab only and will be testing mainly Exchange 2007 and simulating AD issues. We would like to deploy ESX 3.0.1 (or the newest versionwith several Exchange 2007 VM's and several W2K3 R2 Domain Controller VM's on it. We are doubting between the following configurations, both DELL 2900's. We will unfortunately only be buying one system so we definately need to make the right choice. As I said we want to buy a system with either 2 Dual Cores or 1 Quad Core, see here under: - 1 Quad Core 2.33 GHz Processor, Xeon 5345 - 2 Dual Core 2.33 GHz Processors, Xeon 5140 Both systems will have 8 GB of 667 MHz RAM to start with. We have contacted Dell and we were told that the 5345 Xeon will be available in January at the latest. We dont really care about the price at this moment. The first thing that comes to mind when making a choice, to me is the fact that if one Quad would not be enough, we could always plug in another one :-) at a later time. Any suggestions are greatly appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system
I believe the amount of L2 cache is 4mb on a Dual Core and 2x4mb on a Quad Core. Thanks for pointing me to the benchmark from Dell, I will indeed talk to our TAM about it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wells, James Arthur Sent: woensdag 22 november 2006 16:42 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system We're struggling with the same questions right now - one difference is the large amount of L2 cache on the Dual-core option for the 2900. At any rate...there was an internal benchmark regarding dual vs. quad cores with ESX 3 recently made available by Dell, but I'm not sure on its availability - ask your Dell TAM. As far as price goes -- today, there's a big price difference between a single quad or two dual core CPUs, for the ESX licensing. But there's a strong rumor that EMC/VMWare will begin charging their licensing per CORE in Q1 2007. So that puts you back to square one on your decision, if true. But if buying today, the quad will be cheaper on ESX licensing by 50%... --James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 8:55 AM To: activedir@mail.activedir.org Subject: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system I posted this on the VMWARE forum as well but I am very interested in the opinion of the people who post to this list and there must be some people with hands on experience with ESX and DC's and Exchange 2007 running on VM's on top of ESX 3.0.1. I am interested in the following: We will be buying a Dell PowerEdge 2900 with either 1 Quad Core processor at 2,33 GHz or 2 Dual Core processors at 2,33 GHz. We will be using this machine in a test lab only and will be testing mainly Exchange 2007 and simulating AD issues. We would like to deploy ESX 3.0.1 (or the newest versionwith several Exchange 2007 VM's and several W2K3 R2 Domain Controller VM's on it. We are doubting between the following configurations, both DELL 2900's. We will unfortunately only be buying one system so we definately need to make the right choice. As I said we want to buy a system with either 2 Dual Cores or 1 Quad Core, see here under: - 1 Quad Core 2.33 GHz Processor, Xeon 5345 - 2 Dual Core 2.33 GHz Processors, Xeon 5140 Both systems will have 8 GB of 667 MHz RAM to start with. We have contacted Dell and we were told that the 5345 Xeon will be available in January at the latest. We dont really care about the price at this moment. The first thing that comes to mind when making a choice, to me is the fact that if one Quad would not be enough, we could always plug in another one :-) at a later time. Any suggestions are greatly appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system
You mean that it is in fact overkill. I have thought about this and I know that it probably is. 2 Dual Cores will be probably overkill as well. Both options probably being overkill, with one quad, we at least have the option to add another one later in case this may be necessary and one quad will be cheaper than 2 Duals. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: woensdag 22 november 2006 19:41 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system A pair of quad cores is a lot of horsepower for testing. I suspect you will run out of disk i/o perf and memory long before you encounter the need for a second quad core chip given the scenarios you've described. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 8:55 AM To: activedir@mail.activedir.org Subject: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system I posted this on the VMWARE forum as well but I am very interested in the opinion of the people who post to this list and there must be some people with hands on experience with ESX and DC's and Exchange 2007 running on VM's on top of ESX 3.0.1. I am interested in the following: We will be buying a Dell PowerEdge 2900 with either 1 Quad Core processor at 2,33 GHz or 2 Dual Core processors at 2,33 GHz. We will be using this machine in a test lab only and will be testing mainly Exchange 2007 and simulating AD issues. We would like to deploy ESX 3.0.1 (or the newest versionwith several Exchange 2007 VM's and several W2K3 R2 Domain Controller VM's on it. We are doubting between the following configurations, both DELL 2900's. We will unfortunately only be buying one system so we definately need to make the right choice. As I said we want to buy a system with either 2 Dual Cores or 1 Quad Core, see here under: - 1 Quad Core 2.33 GHz Processor, Xeon 5345 - 2 Dual Core 2.33 GHz Processors, Xeon 5140 Both systems will have 8 GB of 667 MHz RAM to start with. We have contacted Dell and we were told that the 5345 Xeon will be available in January at the latest. We dont really care about the price at this moment. The first thing that comes to mind when making a choice, to me is the fact that if one Quad would not be enough, we could always plug in another one :-) at a later time. Any suggestions are greatly appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system
Was thinking along that line as well. The system will probably be fast enough with one quad but we also have the option to add another quad later. I read somewhere however that dual cores are able to access more/make better use of system RAM. When I read those kind of things I get the feeling that Quad is not always better than Dual and that makes me wonder and it puzzles me. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: woensdag 22 november 2006 20:11 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system It's a test environment? Knowing that you won't be testing performance related issues in this configuration, I'd opt for the expandability. My $0.04 worth anyway. On 11/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: I posted this on the VMWARE forum as well but I am very interested in the opinion of the people who post to this list and there must be some people with hands on experience with ESX and DC's and Exchange 2007 running on VM's on top of ESX 3.0.1. I am interested in the following: We will be buying a Dell PowerEdge 2900 with either 1 Quad Core processor at 2,33 GHz or 2 Dual Core processors at 2,33 GHz. We will be using this machine in a test lab only and will be testing mainly Exchange 2007 and simulating AD issues. We would like to deploy ESX 3.0.1 (or the newest versionwith several Exchange 2007 VM's and several W2K3 R2 Domain Controller VM's on it. We are doubting between the following configurations, both DELL 2900's. We will unfortunately only be buying one system so we definitely need to make the right choice. As I said we want to buy a system with either 2 Dual Cores or 1 Quad Core, see here under: - 1 Quad Core 2.33 GHz Processor, Xeon 5345 - 2 Dual Core 2.33 GHz Processors, Xeon 5140 Both systems will have 8 GB of 667 MHz RAM to start with. We have contacted Dell and we were told that the 5345 Xeon will be available in January at the latest. We dont really care about the price at this moment. The first thing that comes to mind when making a choice, to me is the fact that if one Quad would not be enough, we could always plug in another one :-) at a later time. Any suggestions are greatly appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] OT: Exchange 2007 and W2K3 R2 DC's on ESX - Optimal lab system
I posted this on the VMWARE forum as well but I am very interested in the opinion of the people who post to this list and there must be some people with hands on experience with ESX and DC's and Exchange 2007 running on VM's on top of ESX 3.0.1. I am interested in the following: We will be buying a Dell PowerEdge 2900 with either 1 Quad Core processor at 2,33 GHz or 2 Dual Core processors at 2,33 GHz. We will be using this machine in a test lab only and will be testing mainly Exchange 2007 and simulating AD issues. We would like to deploy ESX 3.0.1 (or the newest versionwith several Exchange 2007 VM's and several W2K3 R2 Domain Controller VM's on it. We are doubting between the following configurations, both DELL 2900's. We will unfortunately only be buying one system so we definately need to make the right choice. As I said we want to buy a system with either 2 Dual Cores or 1 Quad Core, see here under: - 1 Quad Core 2.33 GHz Processor, Xeon 5345 - 2 Dual Core 2.33 GHz Processors, Xeon 5140 Both systems will have 8 GB of 667 MHz RAM to start with. We have contacted Dell and we were told that the 5345 Xeon will be available in January at the latest. We dont really care about the price at this moment. The first thing that comes to mind when making a choice, to me is the fact that if one Quad would not be enough, we could always plug in another one :-) at a later time. Any suggestions are greatly appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Exchange --NDR--
can you post the relevant portion of the smtp protocol log here? can you successfully send mail via a telnet session when you connect to each of the mx records for the domain in question? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Technical SupportSent: dinsdag 7 november 2006 20:38To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange --NDR-- When I query the other domain for MX record it shows me correct information. Sometimes I feel problem with my SMTP but not very confident on this. But on the other hand I think problem is at other end or probably my domain is in bad list (How I can verify if so?). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, November 06, 2006 10:25 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Exchange --NDR-- Ravi; When you say your MX record looks "fine" what and how are you specifically checking the MX record? Is this an established MX record, any other history, might be helpfull as well. I have seen this before but need more information before going forward. Brent EadsEmployee Technology Solutions, Inc.The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect.Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. "Technical Support" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 11/06/2006 10:14 AM Please respond toActiveDir@mail.activedir.org To cc Subject [ActiveDir] Exchange --NDR-- Hi, I am sending mail @XYZ.COM and here is the error I am getting. When id to Email ID Verification and MX Record lookup it works fine for xyz.com. Also I am not facing this problem with any other mail id. I am able to send mails to other clients/vendors. Here is the NDR I am getting. --- Your message did not reach some or all of the intended recipients. Subject: Updated: Undelivered Sent: 11/6/2006 6:58 PM The following recipient(s) could not be reached: [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator.[EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. [EMAIL PROTECTED] on 11/6/2006 9:08 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. --- Please suggest what the possible reason is for the same. Do I need to change something from my end (a new connector) or get something changed at remote (Client) end? Thanks!!! Ravi Dogra Message scanned by TrendMicro Message scanned by TrendMicro
RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC
I must have been sleeping, normally I check the list every day but I have just now spotted your earlier reply. I will follow your advise and troubleshoot further with nspitool. Thanks Cheers, Victor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: vrijdag 13 oktober 2006 0:38 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC Yep there should have been a resonse on the list near to this previous one from me on that. Basically I don't know of any docs outlining what exactly you should see and it will vary based on the services the DC is running so the best thing to do is compare two DCs running the same service set. If there is no delta but there is an issue, then you want nspitool to verify they are both responding properly. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: Thursday, October 12, 2006 11:31 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC Thanks for that, nice. In the mean time I got RPCDump working, I send the output to the list a week ago or so. Still hoping somebody can have quick look at it :-) Cheers, Victor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: donderdag 12 oktober 2006 1:16 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC That's it! -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Wednesday, October 11, 2006 7:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC >I can't for the life of me recall the name at the moment. NSPItool.exe ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, October 10, 2006 3:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC The only other way I know to test if NSPI is working is to actually send NSPI calls to the GC. There is a little unsupported command line tool out there than can do that but I can't for the life of me recall the name at the moment. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, September 27, 2006 7:48 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC I was misinformed, the rev of the DC is W2K, not W2K3 SP1. So that clears up why Exchange is complaining about the GC needing a reboot since it wasn't rebooted after it had been made a GC. Interesting tool, RPC Dump, unfortunately I didnt get it to work just yet. It gave me an error: The NTVDM CPU has encountered an illegal instruction, when I choose Ignore the Command.com or Cmd.exe starts using 100% cpu. Out of curiosity; is there another way to check if the "MS NT Directory NSP Interface" is listed? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: zaterdag 23 september 2006 2:52 To: ActiveDir@mail.activedir.org Subject: RE: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC What is the rev of the DC? Using RPC Dump do you see "MS NT Directory NSP Interface" interfaces listed? joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of victor- [EMAIL PROTECTED] Sent: Friday, September 22, 2006 11:07 AM To: ActiveDir@mail.activedir.org Subject: Re: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC Yeah, I thought so, thanks for the info. The damn thing is that Exchange still throws event 9176: Event ID 9176 from MSExchangeSA occurred 1 times (NSPI Proxy can contact Global Catalog "servername" but it does not support the NSPI service. After a Domain Controller is promoted to a Global Catalog, the Global Catalog must be rebooted to support MAPI Clients. Reboot "servernamerio" as soon as possible. - Oorspronkelijk bericht - Van: joe <[EMAIL PROTECTED]> Datum: vrijdag, september 22, 2006 4:38 pm Onderwerp: RE: [ActiveDir] OT: Exchange in environment - rebo
RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC
Thanks for that, nice. In the mean time I got RPCDump working, I send the output to the list a week ago or so. Still hoping somebody can have quick look at it :-) Cheers, Victor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: donderdag 12 oktober 2006 1:16 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC That's it! -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Wednesday, October 11, 2006 7:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC >I can't for the life of me recall the name at the moment. NSPItool.exe ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, October 10, 2006 3:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC The only other way I know to test if NSPI is working is to actually send NSPI calls to the GC. There is a little unsupported command line tool out there than can do that but I can't for the life of me recall the name at the moment. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, September 27, 2006 7:48 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC I was misinformed, the rev of the DC is W2K, not W2K3 SP1. So that clears up why Exchange is complaining about the GC needing a reboot since it wasn't rebooted after it had been made a GC. Interesting tool, RPC Dump, unfortunately I didnt get it to work just yet. It gave me an error: The NTVDM CPU has encountered an illegal instruction, when I choose Ignore the Command.com or Cmd.exe starts using 100% cpu. Out of curiosity; is there another way to check if the "MS NT Directory NSP Interface" is listed? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: zaterdag 23 september 2006 2:52 To: ActiveDir@mail.activedir.org Subject: RE: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC What is the rev of the DC? Using RPC Dump do you see "MS NT Directory NSP Interface" interfaces listed? joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of victor- [EMAIL PROTECTED] Sent: Friday, September 22, 2006 11:07 AM To: ActiveDir@mail.activedir.org Subject: Re: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC Yeah, I thought so, thanks for the info. The damn thing is that Exchange still throws event 9176: Event ID 9176 from MSExchangeSA occurred 1 times (NSPI Proxy can contact Global Catalog "servername" but it does not support the NSPI service. After a Domain Controller is promoted to a Global Catalog, the Global Catalog must be rebooted to support MAPI Clients. Reboot "servernamerio" as soon as possible. - Oorspronkelijk bericht - Van: joe <[EMAIL PROTECTED]> Datum: vrijdag, september 22, 2006 4:38 pm Onderwerp: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC > This is no longer necessary with current revs of AD. It was necessary > previously to get the NSPI functionality to fire up. Now it does that > automagically. > > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of victor- > [EMAIL PROTECTED]: Friday, September 22, 2006 10:31 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] OT: Exchange in environment - reboot necessary > after a DC has been made a GC > > A question came up wether or not a reboot is really necessary after a > DC has been made GC and Exchange would need to use this GC. > > I have worked in a pretty large environment (at least to my standards > :- )). Where DC's did not get rebooted afther having been made GC's. > The > AD admins simply waited until event 1119 appeared. > > I have read the following article which indicates a reboot is > necessary if you have Exchange in the environment. > > http://support.microsoft.com/kb/304403/ > > But is this really still necessary with Exchange 2003 SP2 and Windows > 2003 SP1? > > Cheers, > > > Victor > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List arch
RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC
I have been spending a little more time on this. RPC Dump wouldnt run before and gave me an error (see earlier post). I now managed to get it working. To summarize it all: Exchange 2003 SP2 throws an error in the Eventlog (Event ID 9176) which seems to indicate that the GC it is contacting doesnt support the NSPI service. According to the information in that same Event ID this would be due to the fact that the DC had not been rebooted after it having been made a GC. I ran RPC Dump on the GC in question and have enclosed the output (I took everything but NSP). By the way, this GC is a root DC which is on W2K. Is NSP listed the way it should be? Cheers and thanks, Victor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: zaterdag 23 september 2006 2:52 To: ActiveDir@mail.activedir.org Subject: RE: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC What is the rev of the DC? Using RPC Dump do you see "MS NT Directory NSP Interface" interfaces listed? joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of victor- [EMAIL PROTECTED] Sent: Friday, September 22, 2006 11:07 AM To: ActiveDir@mail.activedir.org Subject: Re: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC Yeah, I thought so, thanks for the info. The damn thing is that Exchange still throws event 9176: Event ID 9176 from MSExchangeSA occurred 1 times (NSPI Proxy can contact Global Catalog "servername" but it does not support the NSPI service. After a Domain Controller is promoted to a Global Catalog, the Global Catalog must be rebooted to support MAPI Clients. Reboot "servernamerio" as soon as possible. - Oorspronkelijk bericht - Van: joe <[EMAIL PROTECTED]> Datum: vrijdag, september 22, 2006 4:38 pm Onderwerp: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC > This is no longer necessary with current revs of AD. It was necessary > previously to get the NSPI functionality to fire up. Now it does that > automagically. > > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of victor- > [EMAIL PROTECTED]: Friday, September 22, 2006 10:31 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] OT: Exchange in environment - reboot necessary > after a DC has been made a GC > > A question came up wether or not a reboot is really necessary after a > DC has been made GC and Exchange would need to use this GC. > > I have worked in a pretty large environment (at least to my standards > :- )). Where DC's did not get rebooted afther having been made GC's. > The > AD admins simply waited until event 1119 appeared. > > I have read the following article which indicates a reboot is > necessary if you have Exchange in the environment. > > http://support.microsoft.com/kb/304403/ > > But is this really still necessary with Exchange 2003 SP2 and Windows > 2003 SP1? > > Cheers, > > > Victor > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx Querying Endpoint Mapper Database... 62 registered endpoints found. ProtSeq:ncacn_http Endpoint:1029 NetOpt: Annotation:MS NT Directory NSP Interface IsListening:NOT_PINGED StringBinding:ncacn_http:10.34.0.4[1029] UUID:f5cc5a18-4264-101a-8c59-08002b2f8426 ComTimeOutValue:RPC_C_BINDING_MIN_TIMEOUT VersMajor 56 VersMinor 0 ProtSeq:ncadg_ip_udp Endpoint:1028 NetOpt: Annotation:MS NT Directory NSP Interface IsListening:NOT_PINGED StringBinding:ncadg_ip_udp:10.34.0.4[1028] UUID:f5cc5a18-4264-101a-8c59-08002b2f8426 ComTimeOutValue:RPC_C_BINDING_MIN_TIMEOUT VersMajor 56 VersMinor 0 ProtSeq:ncalrpc Endpoint:NTDS_LPC NetOpt: Annotation:MS NT Directory NSP Interface IsListening:NOT_PINGED StringBinding:ncalrpc:[NTDS_LPC] UUID:f5cc5a18-4264-101a-8c59-08002b2f8426 ComTimeOutValue:RPC_C_BINDING_MIN_TIMEOUT VersMajor 56 VersMinor 0 ProtSeq:ncalrpc Endpoint:LRPC0190.0001 NetOpt: Annotation:MS NT Directory NSP Interface IsListening:NOT_PINGED StringBinding:ncalrpc:[LRPC0190.0001] UUID:f5cc5a18-4264-101
RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC
I was misinformed, the rev of the DC is W2K, not W2K3 SP1. So that clears up why Exchange is complaining about the GC needing a reboot since it wasn't rebooted after it had been made a GC. Interesting tool, RPC Dump, unfortunately I didnt get it to work just yet. It gave me an error: The NTVDM CPU has encountered an illegal instruction, when I choose Ignore the Command.com or Cmd.exe starts using 100% cpu. Out of curiosity; is there another way to check if the "MS NT Directory NSP Interface" is listed? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: zaterdag 23 september 2006 2:52 To: ActiveDir@mail.activedir.org Subject: RE: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC What is the rev of the DC? Using RPC Dump do you see "MS NT Directory NSP Interface" interfaces listed? joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of victor- [EMAIL PROTECTED] Sent: Friday, September 22, 2006 11:07 AM To: ActiveDir@mail.activedir.org Subject: Re: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC Yeah, I thought so, thanks for the info. The damn thing is that Exchange still throws event 9176: Event ID 9176 from MSExchangeSA occurred 1 times (NSPI Proxy can contact Global Catalog "servername" but it does not support the NSPI service. After a Domain Controller is promoted to a Global Catalog, the Global Catalog must be rebooted to support MAPI Clients. Reboot "servernamerio" as soon as possible. - Oorspronkelijk bericht - Van: joe <[EMAIL PROTECTED]> Datum: vrijdag, september 22, 2006 4:38 pm Onderwerp: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC > This is no longer necessary with current revs of AD. It was necessary > previously to get the NSPI functionality to fire up. Now it does that > automagically. > > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of victor- > [EMAIL PROTECTED]: Friday, September 22, 2006 10:31 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] OT: Exchange in environment - reboot necessary > after a DC has been made a GC > > A question came up wether or not a reboot is really necessary after a > DC has been made GC and Exchange would need to use this GC. > > I have worked in a pretty large environment (at least to my standards > :- )). Where DC's did not get rebooted afther having been made GC's. > The > AD admins simply waited until event 1119 appeared. > > I have read the following article which indicates a reboot is > necessary if you have Exchange in the environment. > > http://support.microsoft.com/kb/304403/ > > But is this really still necessary with Exchange 2003 SP2 and Windows > 2003 SP1? > > Cheers, > > > Victor > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC
Yeah, I thought so, thanks for the info. The damn thing is that Exchange still throws event 9176: Event ID 9176 from MSExchangeSA occurred 1 times (NSPI Proxy can contact Global Catalog "servername" but it does not support the NSPI service. After a Domain Controller is promoted to a Global Catalog, the Global Catalog must be rebooted to support MAPI Clients. Reboot "servernamerio" as soon as possible. - Oorspronkelijk bericht - Van: joe <[EMAIL PROTECTED]> Datum: vrijdag, september 22, 2006 4:38 pm Onderwerp: RE: [ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC > This is no longer necessary with current revs of AD. It was necessary > previously to get the NSPI functionality to fire up. Now it does that > automagically. > > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of victor- > [EMAIL PROTECTED]: Friday, September 22, 2006 10:31 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] OT: Exchange in environment - reboot > necessary after a > DC has been made a GC > > A question came up wether or not a reboot is really necessary > after a > DC has been made GC and Exchange would need to use this GC. > > I have worked in a pretty large environment (at least to my > standards :- > )). Where DC's did not get rebooted afther having been made GC's. > The > AD admins simply waited until event 1119 appeared. > > I have read the following article which indicates a reboot is > necessary > if you have Exchange in the environment. > > http://support.microsoft.com/kb/304403/ > > But is this really still necessary with Exchange 2003 SP2 and > Windows > 2003 SP1? > > Cheers, > > > Victor > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] OT: Exchange in environment - reboot necessary after a DC has been made a GC
A question came up wether or not a reboot is really necessary after a DC has been made GC and Exchange would need to use this GC. I have worked in a pretty large environment (at least to my standards :- )). Where DC's did not get rebooted afther having been made GC's. The AD admins simply waited until event 1119 appeared. I have read the following article which indicates a reboot is necessary if you have Exchange in the environment. http://support.microsoft.com/kb/304403/ But is this really still necessary with Exchange 2003 SP2 and Windows 2003 SP1? Cheers, Victor List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] RPC Over HTTPS Problem....
Take a look at this as well and verify you have set everything up as it should: http://msexchange.me.uk/rpchttpsproblems.htm Cheers, Victor - Oorspronkelijk bericht - Van: Ravi Dogra <[EMAIL PROTECTED]> Datum: zaterdag, september 16, 2006 0:59 am Onderwerp: [ActiveDir] RPC Over HTTPS Problem > Hi, > > I am facing a weird problem here is some required information. > > Frontend - Backend Structure. > Exchange with SP2 on Win2k3 SP1 on all Servers. > FE1 and BE1 is on a different site, > BE2 is on my Site. > Configured RPC Over Https on Frontend Server. OWA (SSL) is working > fine. > Now here is the situation:- > I have configured my client for RPC over Https. When client machine > tries to establish connection with my Exchange Server it prompts me > for User Name and Password. > > When i am providing my credentials it is not accepting and keeps me > prompting for same. > > Also while doing this when i use Ctrl + Right click on Outlook > icon on > rightside of taskbar and then selecting connection it never shows me > established. It remains on Connecting and tries to connect my BE2 > server where my mailbox resides. > > What could be the possible reason for this? If any other information > is required please let me know. > > > -- > Ravi Dogra > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool
Mathieu, It works like a charm :-) Nice work! Cheers, Victor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: woensdag 30 augustus 2006 22:15 To: Victor W. Cc: ActiveDir@mail.activedir.org Subject: Re[4]: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool Hello Victor, sorry. Here is the working for the Root folder: On Error Resume Next set olApp = CreateObject("Outlook.Application") set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6).Parent set temp5 = inbox.folders.add("Added by vbscript",6) Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Wednesday, August 30, 2006, 8:01:50 PM, you wrote: VW> Thanks for this Mathieu, the script which creates the folder under VW> the inbox works good. VW> To create it in the root must be a little more complex because this VW> doesnt work yet. VW> When I fire up the script it prompts me with the following error: VW> Error: Object doesnt support this property or method: VW> 'olApp.GetNamespace(...).Folder' VW> Code: 800A01B6 VW> Can you point me in the right direction to solve this? VW> Cheers, VW> Victor VW> -Original Message- VW> From: [EMAIL PROTECTED] VW> [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu VW> CHATEAU VW> Sent: maandag 28 augustus 2006 11:26 VW> To: [EMAIL PROTECTED] VW> Cc: ActiveDir@mail.activedir.org VW> Subject: Re[2]: [ActiveDir] Add folder with quota to existing VW> mailboxes - via scripting or tool VW> this script goes through outlook. VW> Each user need to fire this script (or fire it via logon script). VW> for the Root Folder, change: VW> set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6) VW> to VW> set inbox = olApp.GetNamespace("MAPI").Folder("Personal Folder") VW> (should do the trick but i didn't test it yet) VW> Regards, VW> Mathieu CHATEAU VW> http://lordoftheping.blogspot.com VW> Monday, August 28, 2006, 11:00:14 AM, you wrote: vwpn>> Thanks Brian and Mathieu, vwpn>> I will tell a little bit more about the background of this. The vwpn>> customer has asked for a folder called "private" to be created in vwpn>> the root of every users mailbox and if possible set a quota to vwpn>> this VW> folder. vwpn>> After this has been done, the customer wants to instruct his vwpn>> users to use only this folder only as their personal/private vwpn>> email folder and move everything that the users sees as being vwpn>> private, to the private folder. From that moment on, all other vwpn>> folders in the users mailboxes are no longer considered as private/personal. vwpn>> I do have some additional questions: vwpn>> - how would the script look if the requirement would be to create vwpn>> the folder in the root. vwpn>> - The way the script is set up now, do I have to set up which vwpn>> users this script will apply to, I mean will it now apply to all vwpn>> users in the entire domain which are mailbox enabled? vwpn>> - Is there any way that I can specify which users this script has vwpn>> to be applied to, I mean can I run it against all mailbox enabled vwpn>> users in a specific OU? vwpn>> - vwpn>> - vwpn>> -- vwpn>> --- vwpn>> Re[2]: [ActiveDir] Add folder with quota to existing mailboxes - vwpn>> via scripting or tool vwpn>> From: Mathieu CHATEAU <[EMAIL PROTECTED]> vwpn>> Date: Mon, 28 Aug 2006 00:24:47 +0200 vwpn>> - vwpn>> - vwpn>> -- vwpn>> vwpn>> Hello Victor, vwpn>> If the folder already exist, it will simply do nothing, except vwpn>> going into errors.. vwpn>> need to add a on error resume next or test if the folder exist before. vwpn>> will create in the inbox, as a subfolder vwpn>> I don't see your goal with this folder...except if you turn vwpn>> special rights on it. vwpn>> may ask them to put it [private] in the subject instead (it will vwpn>> work for the sent folders) vwpn>> Regards, vwpn>> Mathieu CHATEAU vwpn>> http://lordoftheping.blogspot.com vwpn>> Sunday, August 27, 2006, 10:26:59 PM, you wrote: vwpn>> Thanks Mathieu, nice. vwpn>> Does this create a folder in the root of the mailbox? vwpn>> vwpn>> Access all mailboxes you say, that sounds logical. I know that vwpn>> domain admins indeed dont actually have the full mailbox access vwpn>> (they have some denies). vwpn>> What if a
RE: Re[2]: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool
Thanks for this Mathieu, the script which creates the folder under the inbox works good. To create it in the root must be a little more complex because this doesnt work yet. When I fire up the script it prompts me with the following error: Error: Object doesnt support this property or method: 'olApp.GetNamespace(...).Folder' Code: 800A01B6 Can you point me in the right direction to solve this? Cheers, Victor -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mathieu CHATEAU Sent: maandag 28 augustus 2006 11:26 To: [EMAIL PROTECTED] Cc: ActiveDir@mail.activedir.org Subject: Re[2]: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool this script goes through outlook. Each user need to fire this script (or fire it via logon script). for the Root Folder, change: set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6) to set inbox = olApp.GetNamespace("MAPI").Folder("Personal Folder") (should do the trick but i didn't test it yet) Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Monday, August 28, 2006, 11:00:14 AM, you wrote: vwpn> Thanks Brian and Mathieu, vwpn> I will tell a little bit more about the background of this. The vwpn> customer has asked for a folder called "private" to be created in vwpn> the root of every users mailbox and if possible set a quota to this folder. vwpn> After this has been done, the customer wants to instruct his users vwpn> to use only this folder only as their personal/private email vwpn> folder and move everything that the users sees as being private, vwpn> to the private folder. From that moment on, all other folders in vwpn> the users mailboxes are no longer considered as private/personal. vwpn> I do have some additional questions: vwpn> - how would the script look if the requirement would be to create vwpn> the folder in the root. vwpn> - The way the script is set up now, do I have to set up which vwpn> users this script will apply to, I mean will it now apply to all vwpn> users in the entire domain which are mailbox enabled? vwpn> - Is there any way that I can specify which users this script has vwpn> to be applied to, I mean can I run it against all mailbox enabled vwpn> users in a specific OU? vwpn> -- vwpn> -- vwpn> --- vwpn> Re[2]: [ActiveDir] Add folder with quota to existing mailboxes - vwpn> via scripting or tool vwpn> From: Mathieu CHATEAU <[EMAIL PROTECTED]> vwpn> Date: Mon, 28 Aug 2006 00:24:47 +0200 vwpn> -- vwpn> -- vwpn> vwpn> Hello Victor, vwpn> If the folder already exist, it will simply do nothing, except vwpn> going into errors.. vwpn> need to add a on error resume next or test if the folder exist before. vwpn> will create in the inbox, as a subfolder vwpn> I don't see your goal with this folder...except if you turn vwpn> special rights on it. vwpn> may ask them to put it [private] in the subject instead (it will vwpn> work for the sent folders) vwpn> Regards, vwpn> Mathieu CHATEAU vwpn> http://lordoftheping.blogspot.com vwpn> Sunday, August 27, 2006, 10:26:59 PM, you wrote: vwpn> Thanks Mathieu, nice. vwpn> Does this create a folder in the root of the mailbox? vwpn> vwpn> Access all mailboxes you say, that sounds logical. I know that vwpn> domain admins indeed dont actually have the full mailbox access vwpn> (they have some denies). vwpn> What if a user already has the folder, does this script take this vwpn> into account? vwpn> Again thanks. vwpn> Victor vwpn> From: Mathieu CHATEAU [mailto:[EMAIL PROTECTED] vwpn> Sent: zondag 27 augustus 2006 22:04 vwpn> To: Victor W. vwpn> Cc: [EMAIL PROTECTED] vwpn> Subject: Re: [ActiveDir] Add folder with quota to existing vwpn> mailboxes - via scripting or tool vwpn> Hello Victor, vwpn> you will at least need an account that can access all mailboxes vwpn> (not a domain admins one) vwpn> (or give a script to everyone that they will execute) vwpn> To my knowledge, quota is mailbox based. You may set up a special vwpn> retention on this folder. vwpn> sample _vbscript_ to create the private folder vwpn> set olApp = CreateObject("Outlook.Application") vwpn> set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6) vwpn> set temp5 = inbox.folders.add("Private",6) vwpn> hope it helps, vwpn> Regards, vwpn> vwpn> Mathieu CHATEAU vwpn> http://lordoftheping.blogspot.com vwpn> Sunday, August 27, 2006, 8:57:03 PM, you wrote: vwpn> Does anybody know what is
RE: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool
ly get down to it, none of a business mailbox is private/personal. The company can go into any part of any mailbox any time they want. They have legal obligations to do so in some cases and in other cases it could become necessary for troubleshooting. If the customer thinks administrators will just avoid those folders when working on mailboxes they are almost certainly wrong, if anything, if you have an admin who does that kind of perusing, that would be the first place they would go hunting in. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of victor- [EMAIL PROTECTED] Sent: Monday, August 28, 2006 5:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool Thanks Brian and Mathieu, I will tell a little bit more about the background of this. The customer has asked for a folder called "private" to be created in the root of every users mailbox and if possible set a quota to this folder. After this has been done, the customer wants to instruct his users to use only this folder only as their personal/private email folder and move everything that the users sees as being private, to the private folder. From that moment on, all other folders in the users mailboxes are no longer considered as private/personal. I do have some additional questions: - how would the script look if the requirement would be to create the folder in the root. - The way the script is set up now, do I have to set up which users this script will apply to, I mean will it now apply to all users in the entire domain which are mailbox enabled? - Is there any way that I can specify which users this script has to be applied to, I mean can I run it against all mailbox enabled users in a specific OU? --- Re[2]: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool From: Mathieu CHATEAU <[EMAIL PROTECTED]> Date: Mon, 28 Aug 2006 00:24:47 +0200 Hello Victor, If the folder already exist, it will simply do nothing, except going into errors.. need to add a on error resume next or test if the folder exist before. will create in the inbox, as a subfolder I don't see your goal with this folder...except if you turn special rights on it. may ask them to put it [private] in the subject instead (it will work for the sent folders) Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Sunday, August 27, 2006, 10:26:59 PM, you wrote: Thanks Mathieu, nice. Does this create a folder in the root of the mailbox? Access all mailboxes you say, that sounds logical. I know that domain admins indeed dont actually have the full mailbox access (they have some denies). What if a user already has the folder, does this script take this into account? Again thanks. Victor From: Mathieu CHATEAU [mailto:[EMAIL PROTECTED] Sent: zondag 27 augustus 2006 22:04 To: Victor W. Cc: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool Hello Victor, you will at least need an account that can access all mailboxes (not a domain admins one) (or give a script to everyone that they will execute) To my knowledge, quota is mailbox based. You may set up a special retention on this folder. sample _vbscript_ to create the private folder set olApp = CreateObject("Outlook.Application") set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6) set temp5 = inbox.folders.add("Private",6) hope it helps, Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Sunday, August 27, 2006, 8:57:03 PM, you wrote: Does anybody know what is the 'best' way to add automatically a folder to existing mailboxes and set a quota on that same folder? We would like all our users to get a folder called "private" added to the root of their mailbox and if possible, a quota to be set to that folder. Can this be done by scripting easily or is there perhaps even a tool which is capable of doing this? This also counts for new, still to be created users. I mean, every user that will be created will have to have that certain folder added to his or her mailbox. Offcourse this could be done by running the script a couple of times a day, checking if the folder exists allready and if not, adding it. Or perhaps it can even by realised the moment a user has been created. Any ideas are greatly appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/
RE: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool
Thanks Brian and Mathieu, I will tell a little bit more about the background of this. The customer has asked for a folder called "private" to be created in the root of every users mailbox and if possible set a quota to this folder. After this has been done, the customer wants to instruct his users to use only this folder only as their personal/private email folder and move everything that the users sees as being private, to the private folder. From that moment on, all other folders in the users mailboxes are no longer considered as private/personal. I do have some additional questions: - how would the script look if the requirement would be to create the folder in the root. - The way the script is set up now, do I have to set up which users this script will apply to, I mean will it now apply to all users in the entire domain which are mailbox enabled? - Is there any way that I can specify which users this script has to be applied to, I mean can I run it against all mailbox enabled users in a specific OU? --- Re[2]: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool From: Mathieu CHATEAU <[EMAIL PROTECTED]> Date: Mon, 28 Aug 2006 00:24:47 +0200 Hello Victor, If the folder already exist, it will simply do nothing, except going into errors.. need to add a on error resume next or test if the folder exist before. will create in the inbox, as a subfolder I don't see your goal with this folder...except if you turn special rights on it. may ask them to put it [private] in the subject instead (it will work for the sent folders) Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Sunday, August 27, 2006, 10:26:59 PM, you wrote: Thanks Mathieu, nice. Does this create a folder in the root of the mailbox? Access all mailboxes you say, that sounds logical. I know that domain admins indeed dont actually have the full mailbox access (they have some denies). What if a user already has the folder, does this script take this into account? Again thanks. Victor From: Mathieu CHATEAU [mailto:[EMAIL PROTECTED] Sent: zondag 27 augustus 2006 22:04 To: Victor W. Cc: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool Hello Victor, you will at least need an account that can access all mailboxes (not a domain admins one) (or give a script to everyone that they will execute) To my knowledge, quota is mailbox based. You may set up a special retention on this folder. sample _vbscript_ to create the private folder set olApp = CreateObject("Outlook.Application") set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6) set temp5 = inbox.folders.add("Private",6) hope it helps, Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com Sunday, August 27, 2006, 8:57:03 PM, you wrote: Does anybody know what is the 'best' way to add automatically a folder to existing mailboxes and set a quota on that same folder? We would like all our users to get a folder called "private" added to the root of their mailbox and if possible, a quota to be set to that folder. Can this be done by scripting easily or is there perhaps even a tool which is capable of doing this? This also counts for new, still to be created users. I mean, every user that will be created will have to have that certain folder added to his or her mailbox. Offcourse this could be done by running the script a couple of times a day, checking if the folder exists allready and if not, adding it. Or perhaps it can even by realised the moment a user has been created. Any ideas are greatly appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Add folder with quota to existing mailboxes - via scripting or tool
Does anybody know what is the 'best' way to add automatically a folder to existing mailboxes and set a quota on that same folder? We would like all our users to get a folder called "private" added to the root of their mailbox and if possible, a quota to be set to that folder. Can this be done by scripting easily or is there perhaps even a tool which is capable of doing this? This also counts for new, still to be created users. I mean, every user that will be created will have to have that certain folder added to his or her mailbox. Offcourse this could be done by running the script a couple of times a day, checking if the folder exists allready and if not, adding it. Or perhaps it can even by realised the moment a user has been created. Any ideas are greatly appreciated.
Re: RE: [ActiveDir] Granting Exchange Mailbox Access
Ben, I have dealt with this issue before. What it basically comes down to is creating a new group, putting the member who inherited the deny in that group and then granting that group an explicit allow to the resource in question, which will then override the inheritid deny. See also this article: http://support.microsoft.com/kb/262054/ Cheers, Victor - Oorspronkelijk bericht - Van: "WATSON, BEN" <[EMAIL PROTECTED]> Datum: donderdag, augustus 3, 2006 5:32 pm Onderwerp: RE: [ActiveDir] Granting Exchange Mailbox Access > Hi Scott, > > > > Thanks for the reply. Unfortunately, it didn't seem to grant access. > That was definitely one of the first places I looked to check for > permissions that would give me a clue as to why the username that > originally installed Exchange 2003 has access to all user's mailboxes, > yet the Exchange Full Administrators delegated group does not. Oddly > enough, I find that the specific account that installed Exchange > has the > same exact rights as the delegated group. Both have a specific > deny set > for Send As and Receive As, yet the individual user account can access > any mailbox, and the delegated group cannot. > > > > ~Ben > > > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Crawford, > ScottSent: Wednesday, August 02, 2006 4:20 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Granting Exchange Mailbox Access > > > > The perm you're looking for is Receive As on the Mailbox store. The > problem is that delegating Exchange Full Administrator adds an > explicitDeny ACE to CN=First Organization,CN=Microsoft > Exchange,CN=Services,CN=Configuration,DC=domain,DC=com for Receive As > and that gets replicated all the way down to the mailboxes. So > even if > you grant your group the required perms, if they've been delegated > EFA,the Deny will override it. > > > > I'd imagine you can remove the Deny ACE manually, but we just skipped > the delegation wizard and added the ACE for Receive As for our Mailbox > Admins. > > > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN > Sent: Wednesday, August 02, 2006 5:46 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Granting Exchange Mailbox Access > > > > In an effort to cut down on service account abuse, I've been removing > and reducing privileges left and right. I have delegated Exchange > FullAdministrator rights to a few users who had previously been > using the > service account we originally installed Exchange 2003. > > > > Sometimes, the Exchange Administrators will need to access a user's > mailbox to assist with various issues, and I'm having trouble > delegatingthat right to the members of the Exchange Full > Administrators group. > > > > I have created a domain security group named simply "Exchange Full > Administrators", and I delegated Exchange Full Administrator > rights to > that security group at the organizational level. So anyone in that > security group "should" have full administration rights. I've had to > delegate a few other rights in Active Directory for some other reasons > to this new security group (for instance to give this security group > rights to modify the dynamic mailing list OU); however I'm having > trouble finding exactly where to delegate rights to give this security > group full access to everyone's mailbox. > > > > Any thoughts? > > > > Thanks, > > ~Ben > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] OT - Adding disclaimer on E2K3 on a SBS 2K3 box
"Perhaps it's an idea for them for the future releases" The functionality has been implemented in EX2K7. Cheers, Victor - Oorspronkelijk bericht - Van: Bart Van den Wyngaert <[EMAIL PROTECTED]> Datum: donderdag, augustus 3, 2006 12:10 pm Onderwerp: Re: [ActiveDir] OT - Adding disclaimer on E2K3 on a SBS 2K3 box > Thanks Paul, as they are currently working (GMT+1), I will test again > this evening and post my findings here. > > As you pointed out: troubleshooting is a real pain in the ass... Yes > I'm using VBScript, I have more experience with that then VB itself > and that makes it more easy for me. > > Indeed MAPI Clients => Outlook! What a wonderfull world we live in... > I thought that they communicate with MAPI towards the Exchange server > which sends out in SMTP format. So I have a real problem with > understanding why MS didn't provide the feature themselves built-in. > > Perhaps it's an idea for them for the future releases. They are > working on a lot of tools (ex. IMF) themselves to cut the need of > third-party tools, but something essential like this (I think it's > standard for a company to have a disclaimer, not?) is not > available in > GUI and needs quiet some manipulation. Additionally the exception of > working with SBS and having the SMTP connector to be able to forward > mail to the SMTP of your ISP. > > I know I keep hanging on that point, but I think I'm not the only > one. > On 8/3/06, Paul Williams <[EMAIL PROTECTED]> wrote: > > I've done this a couple of times, but on the exchange gateway > servers, not > > on an SBS box. I've never seen SBS. > > > > Anyway, the easiest way to do this is to create a second virtual > SMTP server > > and set it to listen on port 26 (and send on 25). Configure the > first> virtual server to send on 26 (its already listening on 25). > Then register > > the sink on the second virtual server. > > > > The reason is that most of your clients are MAPI clients, so > don't trigger > > the SMTP sink. > > > > If you're using a connector, you need to point the second > virtual server at > > the connector (I think, it's been even longer since I did one > where they had > > an SMTP connector). > > > > I'm afraid I can't give you the scripts as they're at customer > sites, etc. > > One thing I will say is troubleshooting this is a real pain. On > one problem > > I had Dev Support MSFT people help out. We took it from the > bottom up. > > Unregistered all the sinks (that I'd registered, the VBS script > you use to > > register allows you to view all sinks) and then registered a new > one that > > simply created a text file on the D drive. > > > > As you're using VBS, not VB, ensure that you use absolute paths > for things > > like text files, etc. as the script will run and not error > without absolute > > paths but they won't work... > > > > > > --Paul > > > > - Original Message - > > From: "Bart Van den Wyngaert" <[EMAIL PROTECTED]> > > To: "ActiveDir" > > Sent: Wednesday, August 02, 2006 9:41 PM > > Subject: [ActiveDir] OT - Adding disclaimer on E2K3 on a SBS 2K3 box > > > > > > > Hi guys, > > > > > > I'm having trouble with adding a disclaimer on E2K3 on a SBS > 2K3 box. > > > I'm using the EventSink with a .vbs to add the disclaimer. The > box is > > > configured with a default SMTP server and a SMTP connector which > > > forwards all external email to the SMTP of the ISP. > > > > > > Anybody who has done the trick already? If so, can you please > tell me > > > the little secret for this? *g* > > > > > > Many thanks to all, > > > Bart > > > List info : http://www.activedir.org/List.aspx > > > List FAQ: http://www.activedir.org/ListFAQ.aspx > > > List archive: http://www.activedir.org/ml/threads.aspx > > > > List info : http://www.activedir.org/List.aspx > > List FAQ: http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.activedir.org/ml/threads.aspx > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Always point a DC with DNS installed to itself as the preferred DNS server...always?
> > your DC's to be clients of the BIND or Microsoft DNS servers. > > > > If you have the the DNS AD-Integrated, then after initial > replication > you > > should have the client configured to use itself as the DNS > server. > > That'd > > be the best practice. Before 2003 you could have an "island > effect" > where > > because you didn't have a full picture of the directory, you > might not > > have > > all the records needed to fully *see* the entire DNS names > list > > effectively > > creating an island of a DC. In 2003 some additional code was > put in > to > > make sure that doesn't happen. You need to be a client of a > working DNS > > to > > join the domain and to find the other DC's when you get > promoted. > After > > replication completes, you have a full list and there's no > need to > > continue > > as a client of a server that has the same information you do. > > > > So, what's silly about having your server configured to be a > client of > a > > dns server that has the same information? I find it amusing > that if > the > > server wants to find something he'll ask his neighbor if he > has the > > information when he could just ask himself. It's brain dead > in my > > opinion > > and very difficult to troubleshoot. In addition, and more > importantly it > > breaks the idea of a fabric design because now dc1 and dc2 are > reliant > on > > each other to be operational. If either is down, both are down > and > > that's > > ridiculous considering how easy it is to prevent that > situation. But > > wait! > > you say? He should try the partner first and if that fails use > himself > right? Yes but. :) He'll try the neigbor first, > because that's the > > preferred. He'll also register there etc. The worst part is > that if > he > > tries the partner and the partner is not completely dead, > he'll not > try > > himself even if he has the right information. > > > > Now, will it work? Yes. Is it a good idea? Absolutely not and > shows a > > lack > > of understanding on the part of the folks that deployed it. > From the > > sounds > > of it, an unwillingness to fix the underlying issues that led > them > there > > as > > well. On the other hand, they're spot on if it's W2K vs. K3 :) > > > > Does that help? > > > > > > [1] unless you like a granular audit logging. But that's > neither here > > nor > > there. > > > > > > On 7/12/06, Victor W. <[EMAIL PROTECTED]> wrote: > > Today a conversation at my job came up about setting the > preferred DNS > > server on the NIC of a DC with DNS installed. > > For as far as I know it's best to point the DC (with DNS > installed) to > > itself for DNS by specifying the internal IP address of the > DC as the > > preferred DNS > > server on the NIC. > > > > Then I was told that this is not always necessary and this > puzzled me > > a > > bit. > > > > Not everybody was convinced of the above and this got me > thinking. > > Some > > people are claiming that it doesnt really matter if you set > that DC > to > > be > > the preferred or the alternate DNS server. > > > > I was then showed an environment where all DC's in a child > domain > (all > > had DNS installed), had the same DNS server set as preferred DNS > > server. > > > > Perhaps an example will make it more clear: > > > > a forest root domain with 4 child domains. > > > > child domain A, B, C, and D. > > > > Names of the Domain Controllers: > > root domain: DC-A & DC-B & DC-C & DC-D > > for child domain A: DC-A1 & DC-A2 > > for child domain B: DC-B1 & DC-B2 > > for child domain C: DC-C1 & DC-C2 > > for child domain D: DC-D1 & DC-D2 > > > > > > DC-A1 has specified DC-A2 as preferred DNS server and has > specified > DC-A1 > > (itself) as alternate DNS server. > > DC-A2 has specified DC-A2 (itself) as preferred DNS server > and has > > specified DC-A1 as alternate DNS server > > > > DC-B1 has specified DC-B2 as preferred DNS server and has > specified > DC-B1 > > (itself) as alternate DNS server > > DC-B2 has specified DC-B2 (itself) as preferred DNS server > and has > > specified DC-B1 as alternate DNS server > > > > And so on for the other child domains. > > > > I was told that this was done because this AD environment was not > > optimal > > and that by pointing all the dc's in a child domain to the > same DNS > > server, other issues were prevented from occuring. > > This didnt sound all that good to me to be honoust :-) > > > > I am now wondering if there are scenario's thinkable when it > would be > > better not to point a DC with DNS installed as the preferred > server > on > > it's NIC. > > > > Does the term Island DNS also play a role in this? > > > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ: http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.activedir.org/ml/threads.aspx > > List info : http://www.activedir.org/List.aspx > > List FAQ: http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.activedir.org/ml/threads.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Always point a DC with DNS installed to itself as the preferred DNS server...always?
standard. Windows 2003 DNS follows those standards (commentsreally, but let's not pick right?) Microsoft has done some enhancements above and beyond that make DNS play very well in the Microsoftsphere[1].You can however have DNS that is a third party DNS system, such as BIND.Active Directory plays very well with such third party DNS systems. You could have your domain controllers not have any DNS hosted on them atall.You could have it hosted, but as a secondary zone. You could also haveitAD integrated meaning that you have a listener for DNS but the data(base)is stored in the active directory.Something to clarify: what you're talking about is making the DC a*client*to another DNS server that hosts the zones. You're also talking aboutmaking dc1 a client of dc2 and vice versa. That's silly, but I'll get tothat.If you have your dns hosted on a third party system such as BIND, you'llhave one server as the primary (not best practice, but you get the idea;inpractice you'd have multiple for failure tolerance wan traffic optimization) and your DC would be a client of that system.If you have a traditional DNS hierarchy that has primary and secondarytransfers, you would be mimicking BIND topology and again couldconfigure your DC's to be clients of the BIND or Microsoft DNS servers.If you have the the DNS AD-Integrated, then after initial replicationyoushould have the client configured to use itself as the DNS server.That'dbe the best practice. Before 2003 you could have an "island effect"wherebecause you didn't have a full picture of the directory, you might nothaveall the records needed to fully *see* the entire DNS names list effectivelycreating an island of a DC. In 2003 some additional code was put in tomake sure that doesn't happen. You need to be a client of a working DNStojoin the domain and to find the other DC's when you get promoted. After replication completes, you have a full list and there's no need tocontinueas a client of a server that has the same information you do.So, what's silly about having your server configured to be a client of a dns server that has the same information? I find it amusing that if theserver wants to find something he'll ask his neighbor if he has theinformation when he could just ask himself. It's brain dead in myopinionand very difficult to troubleshoot. In addition, and more importantly itbreaks the idea of a fabric design because now dc1 and dc2 are reliantoneach other to be operational. If either is down, both are down and that'sridiculous considering how easy it is to prevent that situation. Butwait!you say? He should try the partner first and if that fails use himselfright? Yes but. :) He'll try the neigbor first, because that's the preferred. He'll also register there etc. The worst part is that if hetries the partner and the partner is not completely dead, he'll not tryhimself even if he has the right information.Now, will it work? Yes. Is it a good idea? Absolutely not and shows a lackof understanding on the part of the folks that deployed it. From thesoundsof it, an unwillingness to fix the underlying issues that led them thereaswell. On the other hand, they're spot on if it's W2K vs. K3 :) Does that help?[1] unless you like a granular audit logging. But that's neither herenorthere.On 7/12/06, Victor W. <[EMAIL PROTECTED]> wrote: Today a conversation at my job came up about setting the preferred DNSserver on the NIC of a DC with DNS installed.For as far as I know it's best to point the DC (with DNS installed) toitself for DNS by specifying the internal IP address of the DC as the preferred DNSserver on the NIC.Then I was told that this is not always necessary and this puzzled meabit.Not everybody was convinced of the above and this got me thinking.Somepeople are claiming that it doesnt really matter if you set that DC to bethe preferred or the alternate DNS server.I was then showed an environment where all DC's in a child domain (allhad DNS installed), had the same DNS server set as preferred DNSserver.Perhaps an example will make it more clear: a forest root domain with 4 child domains.child domain A, B, C, and D.Names of the Domain Controllers:root domain: DC-A & DC-B & DC-C & DC-Dfor child domain A: DC-A1 & DC-A2 for child domain B: DC-B1 & DC-B2for child domain C: DC-C1 & DC-C2for child domain D: DC-D1 & DC-D2DC-A1 has specified DC-A2 as preferred DNS server and has specifiedDC-A1(itself) as alternate DNS server. DC-A2 has specified DC-A2 (itself) as preferred DNS server and hasspecified DC-A1 as alternate DNS serverDC-B1 has specified DC-B2 as preferred DNS server
Re: [ActiveDir] Always point a DC with DNS installed to itself as the preferred DNS server...always?
Al, This sure helped, we are by the way indeed talking about W2K DC's. Victor - Oorspronkelijk bericht - Van: Al Mulnick <[EMAIL PROTECTED]> Datum: donderdag, juli 13, 2006 3:58 am Onderwerp: Re: [ActiveDir] Always point a DC with DNS installed to itself as the preferred DNS server...always? > You don't work at the post office do you? ;) > > > There are many many many ways to properly configure DNS. One > thing that > helps is to think of the terms client and server vs. preferred and > alternateonly. You are configuring a preferred server and an > alternate server that > you want this DC to be a client of. > > DNS is a standard. Windows 2003 DNS follows those standards (comments > really, but let's not pick right?) Microsoft has done some > enhancementsabove and beyond that make DNS play very well in the > Microsoft sphere[1]. > You can however have DNS that is a third party DNS system, such as > BIND.Active Directory plays very well with such third party DNS > systems. You > could have your domain controllers not have any DNS hosted on them > at all. > You could have it hosted, but as a secondary zone. You could also > have it > AD integrated meaning that you have a listener for DNS but the > data(base) is > stored in the active directory. > > Something to clarify: what you're talking about is making the DC a > *client*to another DNS server that hosts the zones. You're also > talking about > making dc1 a client of dc2 and vice versa. That's silly, but I'll > get to > that. > > If you have your dns hosted on a third party system such as BIND, > you'llhave one server as the primary (not best practice, but you > get the idea; in > practice you'd have multiple for failure tolerance wan traffic > optimization)and your DC would be a client of that system. > > If you have a traditional DNS hierarchy that has primary and secondary > transfers, you would be mimicking BIND topology and again could > configureyour DC's to be clients of the BIND or Microsoft DNS servers. > > If you have the the DNS AD-Integrated, then after initial > replication you > should have the client configured to use itself as the DNS server. > That'd be > the best practice. Before 2003 you could have an "island effect" > wherebecause you didn't have a full picture of the directory, you > might not have > all the records needed to fully *see* the entire DNS names list > effectivelycreating an island of a DC. In 2003 some additional > code was put in to make > sure that doesn't happen. You need to be a client of a working > DNS to join > the domain and to find the other DC's when you get promoted. After > replication completes, you have a full list and there's no need to > continueas a client of a server that has the same information you do. > > So, what's silly about having your server configured to be a > client of a dns > server that has the same information? I find it amusing that if > the server > wants to find something he'll ask his neighbor if he has the > informationwhen he could just ask himself. It's brain dead in my > opinion and very > difficult to troubleshoot. In addition, and more importantly it > breaks the > idea of a fabric design because now dc1 and dc2 are reliant on > each other to > be operational. If either is down, both are down and that's ridiculous > considering how easy it is to prevent that situation. But wait! > you say? He > should try the partner first and if that fails use himself right? > Yes but. > :) He'll try the neigbor first, because that's the preferred. > He'll also > register there etc. The worst part is that if he tries the > partner and the > partner is not completely dead, he'll not try himself even if he > has the > right information. > > Now, will it work? Yes. Is it a good idea? Absolutely not and > shows a lack > of understanding on the part of the folks that deployed it. From > the sounds > of it, an unwillingness to fix the underlying issues that led them > there as > well. On the other hand, they're spot on if it's W2K vs. K3 :) > > Does that help? > > > [1] unless you like a granular audit logging. But that's neither > here nor > there. > > > On 7/12/06, Victor W. <[EMAIL PROTECTED]> wrote: > > > > Today a conversation at my job came up about setting the > preferred DNS > > server on the NIC of a DC with DNS installed. > > For as far as I know it's best to point the DC (with DNS > installed) to > > itself for DNS by specif
[ActiveDir] Always point a DC with DNS installed to itself as the preferred DNS server...always?
Today a conversation at my job came up about setting the preferred DNS server on the NIC of a DC with DNS installed. For as far as I know it's best to point the DC (with DNS installed) to itself for DNS by specifying the internal IP address of the DC as the preferred DNS server on the NIC. Then I was told that this is not always necessary and this puzzled me a bit. Not everybody was convinced of the above and this got me thinking. Some people are claiming that it doesnt really matter if you set that DC to be the preferred or the alternate DNS server. I was then showed an environment where all DC's in a child domain (all had DNS installed), had the same DNS server set as preferred DNS server. Perhaps an example will make it more clear: a forest root domain with 4 child domains. child domain A, B, C, and D. Names of the Domain Controllers: root domain: DC-A & DC-B & DC-C & DC-D for child domain A: DC-A1 & DC-A2 for child domain B: DC-B1 & DC-B2 for child domain C: DC-C1 & DC-C2 for child domain D: DC-D1 & DC-D2 DC-A1 has specified DC-A2 as preferred DNS server and has specified DC-A1 (itself) as alternate DNS server. DC-A2 has specified DC-A2 (itself) as preferred DNS server and has specified DC-A1 as alternate DNS server DC-B1 has specified DC-B2 as preferred DNS server and has specified DC-B1 (itself) as alternate DNS server DC-B2 has specified DC-B2 (itself) as preferred DNS server and has specified DC-B1 as alternate DNS server And so on for the other child domains. I was told that this was done because this AD environment was not optimal and that by pointing all the dc's in a child domain to the same DNS server, other issues were prevented from occuring. This didnt sound all that good to me to be honoust :-) I am now wondering if there are scenario's thinkable when it would be better not to point a DC with DNS installed as the preferred server on it's NIC. Does the term Island DNS also play a role in this?
RE: [ActiveDir] DNS - How to tell the static DNS IP-addresses per server
Thank you all, great input. I will be trying this and will let you know the outcome. Victor From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard KlineSent: dinsdag 13 juni 2006 6:18To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DNS - How to tell the static DNS IP-addresses per server Please find a better VBS script below. The last post was a “while rushing out the door” effort. There is now: A Where clause which limits the adapter scope (“ where dnshostname is not null”). Less information as most of the non-needed for this exercise stuff is removed. An example of how to embed an array of hosts. Of course the script assumes that the account with which you’ve logged in has adequate security permissions on all of the boxes being queried. Richard On Error Resume Next Const wbemFlagReturnImmediately = &h10 Const wbemFlagForwardOnly = &h20 arrComputers = Array("192.168.1.15","192.168.1.16","192.168.1.154") For Each strComputer In arrComputers WScript.Echo WScript.Echo "==" WScript.Echo "Computer: " & strComputer WScript.Echo "==" Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration where dnshostname is not null", "WQL", _ wbemFlagReturnImmediately + wbemFlagForwardOnly) For Each objItem In colItems WScript.Echo "DNSHostName: " & objItem.DNSHostName WScript.Echo "Caption: " & objItem.Caption strDefaultIPGateway = Join(objItem.DefaultIPGateway, ",") WScript.Echo "DefaultIPGateway: " & strDefaultIPGateway strDNSDomainSuffixSearchOrder = Join(objItem.DNSDomainSuffixSearchOrder, ",") WScript.Echo "DNSDomainSuffixSearchOrder: " & strDNSDomainSuffixSearchOrder WScript.Echo "DNSEnabledForWINSResolution: " & objItem.DNSEnabledForWINSResolution strDNSServerSearchOrder = Join(objItem.DNSServerSearchOrder, ",") WScript.Echo "DNSServerSearchOrder: " & strDNSServerSearchOrder WScript.Echo "DomainDNSRegistrationEnabled: " & objItem.DomainDNSRegistrationEnabled strIPAddress = Join(objItem.IPAddress, ",") WScript.Echo "IPAddress: " & strIPAddress WScript.Echo "WINSEnableLMHostsLookup: " & objItem.WINSEnableLMHostsLookup WScript.Echo "WINSHostLookupFile: " & objItem.WINSHostLookupFile WScript.Echo "WINSPrimaryServer: " & objItem.WINSPrimaryServer WScript.Echo "WINSScopeID: " & objItem.WINSScopeID WScript.Echo "WINSSecondaryServer: " & objItem.WINSSecondaryServer WScript.Echo Next Next Function WMIDateStringToDate(dtmDate) WScript.Echo dtm: WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _ Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _ & " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2)) End Function From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Freddy HARTONOSent: Monday, June 12, 2006 11:16 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DNS - How to tell the static DNS IP-addresses per server The only comments to the wmi below is that it will dump every network cards that you have, is there a way that you could do it for the primary network card (the one on top of the binding list?) As for registry key it will be NameServerList value but still binds to the transport id..(which is different for all servers) Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785
RE: [ActiveDir] DNS - How to tell the static DNS IP-addresses per server
Thank you all for the input. I will tell a little bit more about this situation: I am in an environment where it is unclear/undocumented which servers are using which DNS servers as their primary and secondary DNS servers (statically filled in in their TCP/IP settings). We are talking about 60 servers approx so logging on to each of them seperately would not be all that pleasant, ;-) maybe I should have been more clear about that from the start. What I am looking for is indeed something I could run on only one dc for instance, querying all servers in the domain and thereby checking which DNS servers they are using as their primary and secondary DNS servers. Victor From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Olivarez, Sergio J Mr CTNOSC/GD-NSSent: maandag 12 juni 2006 19:23To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DNS - How to tell the static DNS IP-addresses per server His question asked for a command line tool that he could use to query this information; this is why others and I suggested, Netsh. Maybe he has a small range of server that he doesn’t feel like logging into or writing a script for, and just feels like querying them from the command prompt. I don’t know! I made a suggestion; if your suggestion accommodates Victor’s situation better then he can choose to do it your way. -Sergio From: Al Mulnick [mailto:[EMAIL PROTECTED] Sent: Monday, June 12, 2006 9:50 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DNS - How to tell the static DNS IP-addresses per server I'm shocked that an IT worker in an environment with as many potential computers as yours would consider querying each host out there to find out which ones use a particular host for DNS name resolution services vs. querying the DNS server itself to find out what's using it. Maybe I'm missing some bigger picture out there 'cuase there were several similar posts. Either that, or people have a lot of time on their hands and very few hosts in the pool. Al On 6/12/06, Olivarez, Sergio J Mr CTNOSC/GD-NS <[EMAIL PROTECTED]> wrote: Try the "NetSh" command. I couldn't get the "-r (Computer Name)" option towork with the "interface ip show dns" option, but maybe you can. Or you can do a NetMon trace and filter for incoming DNS requests.-Sergio-Original Message-From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]]Sent: Monday, June 12, 2006 8:37 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DNS - How to tell the static DNS IP-addresses per serverThe thing is this:I will be demoting a domain controller which is also running DNS. Iwould like to know which other servers have specified this dc as theirDNS server (in their tcp/ip settings I mean). Is there some way to check this, from the command line for example?Like for instance checking which fsmo roles are held by which dc's viantdsutil.List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] DNS - How to tell the static DNS IP-addresses per server
The thing is this: I will be demoting a domain controller which is also running DNS. I would like to know which other servers have specified this dc as their DNS server (in their tcp/ip settings I mean). Is there some way to check this, from the command line for example? Like for instance checking which fsmo roles are held by which dc's via ntdsutil. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] [OT] Uninstalling Exchange - how does this modify AD, what alters in AD
Slight correction, it should say UNinstalling instead of installing in this section: "What I am now trying to get clear is how this differs from not installing Exchange but simply only removing the server object from ESM without uninstalling Exchange from that server". - Oorspronkelijk bericht - Van: [EMAIL PROTECTED] Datum: donderdag, juni 8, 2006 10:39 am Onderwerp: Re: [ActiveDir] [OT] Uninstalling Exchange - how does this modify AD, what alters in AD > I agree with that. Besides that, my description of the situation > is > probably not as clear as it should be. > > What I am trying to say is that you can only uninstall Exchange by > choosing 'remove components' when you have the necessary rights at > the > AG. That implies that it then does something to AD, something is > being > changed then. > > What I am now trying to get clear is how this differs from not > installing Exchange but simply only removing the server object > from ESM > without uninstalling Exchange from that server. > > Otherwise said: uninstalling Exchange is not only an action which > changes things on the local Exchange server itself, I guess the > reason > that network access is needed is because something on the network > is > being changed. > > Or am I wrong? > > > > - Oorspronkelijk bericht - > Van: Al Mulnick <[EMAIL PROTECTED]> > Datum: woensdag, juni 7, 2006 10:04 pm > Onderwerp: Re: [ActiveDir] [OT] Uninstalling Exchange - how does > this > modify AD, what alters in AD > > > Aren't you removing an item from that AG? Shouldn't you have to > > have rights > > for that? > > > > > > > > On 6/7/06, Victor W. <[EMAIL PROTECTED]> wrote: > > > > > > Yes, according to this article it looks like it. Still > > wondering why you > > > then need to have to the necessary rights on the > Administrative > > Group in > > > order to uninstall Exchange. > > > > > > -- > > > *From:* [EMAIL PROTECTED] [mailto: > > > [EMAIL PROTECTED] *On Behalf Of *Al Mulnick > > > *Sent:* woensdag 7 juni 2006 1:24 > > > *To:* ActiveDir@mail.activedir.org > > > *Subject:* Re: [ActiveDir] [OT] Uninstalling Exchange - how > does > > this> modify AD, what alters in AD > > > > > > > > > In theory, you *could* just remove it from ESM if you believe > this> > article. > > > > > > http://support.microsoft.com/?kbid=260378 > > > > > > > > > On 6/6/06, Victor W. <[EMAIL PROTECTED]> wrote: > > > > > > > > Lately I have been thinking about the following: > > > > What happens actually in Active Directory and what changes > in > > it, while > > > > or after having uninstalled Exchange. > > > > > > > > I am asking this because usually when I uninstall an Exhange > > server, I > > > > do this according to the KB articles from Microsoft i.e. "Ho > w > > to remove > > > > the first Exhange server". > > > > > > > > After that I insert the Exchange 2003 cd and do a 'remove > > components'> > (in case of Exchange 2000 I remove it from within > > Add/Remove Programs in > > > > Control Panel). > > > > After having done that I go into ESM and delete the server > > object from > > > > there. > > > > > > > > Recently I have had a customer asking me to remove his first > > Exhange> > server and transfer everything to another Exchange > > server. So I went along > > > > and followed the KB article up to the point where I had to > > uninstall> > Exhange. Everything went fine. > > > > After that, before I wanted to uninstall Exchange, I stopped the > > > > Exchange services and left this so for a day, just to be > sure > > kept on > > > > running right without the Exhange services on the old server > > running.> > This also went fine. I then left the instruction > with > > the customer how > > > > to uninstall Exchange and delete the server object from > within > > ESM. They > > > > want to do something themselves also, they have their own IT > > department :-). > > > > > > > > Instead of doing that, they simply switched the server off > and > > told me > > > > this a couple of days later. > > > > I offcourse told them that Exchange
Re: [ActiveDir] [OT] Uninstalling Exchange - how does this modify AD, what alters in AD
I agree with that. Besides that, my description of the situation is probably not as clear as it should be. What I am trying to say is that you can only uninstall Exchange by choosing 'remove components' when you have the necessary rights at the AG. That implies that it then does something to AD, something is being changed then. What I am now trying to get clear is how this differs from not installing Exchange but simply only removing the server object from ESM without uninstalling Exchange from that server. Otherwise said: uninstalling Exchange is not only an action which changes things on the local Exchange server itself, I guess the reason that network access is needed is because something on the network is being changed. Or am I wrong? - Oorspronkelijk bericht - Van: Al Mulnick <[EMAIL PROTECTED]> Datum: woensdag, juni 7, 2006 10:04 pm Onderwerp: Re: [ActiveDir] [OT] Uninstalling Exchange - how does this modify AD, what alters in AD > Aren't you removing an item from that AG? Shouldn't you have to > have rights > for that? > > > > On 6/7/06, Victor W. <[EMAIL PROTECTED]> wrote: > > > > Yes, according to this article it looks like it. Still > wondering why you > > then need to have to the necessary rights on the Administrative > Group in > > order to uninstall Exchange. > > > > -- > > *From:* [EMAIL PROTECTED] [mailto: > > [EMAIL PROTECTED] *On Behalf Of *Al Mulnick > > *Sent:* woensdag 7 juni 2006 1:24 > > *To:* ActiveDir@mail.activedir.org > > *Subject:* Re: [ActiveDir] [OT] Uninstalling Exchange - how does > this> modify AD, what alters in AD > > > > > > In theory, you *could* just remove it from ESM if you believe this > > article. > > > > http://support.microsoft.com/?kbid=260378 > > > > > > On 6/6/06, Victor W. <[EMAIL PROTECTED]> wrote: > > > > > > Lately I have been thinking about the following: > > > What happens actually in Active Directory and what changes in > it, while > > > or after having uninstalled Exchange. > > > > > > I am asking this because usually when I uninstall an Exhange > server, I > > > do this according to the KB articles from Microsoft i.e. "Ho w > to remove > > > the first Exhange server". > > > > > > After that I insert the Exchange 2003 cd and do a 'remove > components'> > (in case of Exchange 2000 I remove it from within > Add/Remove Programs in > > > Control Panel). > > > After having done that I go into ESM and delete the server > object from > > > there. > > > > > > Recently I have had a customer asking me to remove his first > Exhange> > server and transfer everything to another Exchange > server. So I went along > > > and followed the KB article up to the point where I had to > uninstall> > Exhange. Everything went fine. > > > After that, before I wanted to uninstall Exchange, I stopped the > > > Exchange services and left this so for a day, just to be sure > kept on > > > running right without the Exhange services on the old server > running.> > This also went fine. I then left the instruction with > the customer how > > > to uninstall Exchange and delete the server object from within > ESM. They > > > want to do something themselves also, they have their own IT > department :-). > > > > > > Instead of doing that, they simply switched the server off and > told me > > > this a couple of days later. > > > I offcourse told them that Exchange needed to be uninstalled > the way > > > Microsoft says so but now they want me to somehow prove what > will happen if > > > they do it as they have always done it, simply remove the > server object from > > > within ESM and not uninstalling Exchange from the server at all. > > > This Exchange Organisation exists of several servers and several > > > Administrative Groups. > > > > > > > > > I know that in order to uninstall Exchange you need the > necessary rights > > > on the Administrative Group the server is in, so I guess that > during the > > > uninstall, the server 'unties' itself from that Administrative > Group.> > But what happens if you dont do this, are you then > really stuck with > > > pieces in AD of the 'not properly uninstalled server'? > > > > > > Lets ssay you would not uninstall Exchange but you will remove the > > > server object from within ESM and the
RE: [ActiveDir] [OT] Uninstalling Exchange - how does this modify AD, what alters in AD
Yes, according to this article it looks like it. Still wondering why you then need to have to the necessary rights on the Administrative Group in order to uninstall Exchange. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: woensdag 7 juni 2006 1:24To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] [OT] Uninstalling Exchange - how does this modify AD, what alters in AD In theory, you *could* just remove it from ESM if you believe this article. http://support.microsoft.com/?kbid=260378 On 6/6/06, Victor W. <[EMAIL PROTECTED]> wrote: Lately I have been thinking about the following: What happens actually in Active Directory and what changes in it, while or after having uninstalled Exchange. I am asking this because usually when I uninstall an Exhange server, I do this according to the KB articles from Microsoft i.e. "Ho w to remove the first Exhange server". After that I insert the Exchange 2003 cd and do a 'remove components' (in case of Exchange 2000 I remove it from within Add/Remove Programs in Control Panel). After having done that I go into ESM and delete the server object from there. Recently I have had a customer asking me to remove his first Exhange server and transfer everything to another Exchange server. So I went along and followed the KB article up to the point where I had to uninstall Exhange. Everything went fine. After that, before I wanted to uninstall Exchange, I stopped the Exchange services and left this so for a day, just to be sure kept on running right without the Exhange services on the old server running. This also went fine. I then left the instruction with the customer how to uninstall Exchange and delete the server object from within ESM. They want to do something themselves also, they have their own IT department :-). Instead of doing that, they simply switched the server off and told me this a couple of days later. I offcourse told them that Exchange needed to be uninstalled the way Microsoft says so but now they want me to somehow prove what will happen if they do it as they have always done it, simply remove the server object from within ESM and not uninstalling Exchange from the server at all. This Exchange Organisation exists of several servers and several Administrative Groups. I know that in order to uninstall Exchange you need the necessary rights on the Administrative Group the server is in, so I guess that during the uninstall, the server 'unties' itself from that Administrative Group. But what happens if you dont do this, are you then really stuck with pieces in AD of the 'not properly uninstalled server'? Lets ssay you would not uninstall Exchange but you will remove the server object from within ESM and then, much later you would bring that same server, not uninstalled, online again. I guess you could end up with messy thing then. But I dont think Microsoft says to uninstall Exchange because of this reason only. Is there a program for AD like there is 'Snapshot' for the Windows registry. A program which creates a 'before' and 'after' picture. Or am I now thinking too complex? Can anybody who can shed some light on what exactly is altered in AD when doing an uninstall of an an Exchange server?
[ActiveDir] [OT] Uninstalling Exchange - how does this modify AD, what alters in AD
Lately I have been thinking about the following: What happens actually in Active Directory and what changes in it, while or after having uninstalled Exchange. I am asking this because usually when I uninstall an Exhange server, I do this according to the KB articles from Microsoft i.e. "How to remove the first Exhange server". After that I insert the Exchange 2003 cd and do a 'remove components' (in case of Exchange 2000 I remove it from within Add/Remove Programs in Control Panel). After having done that I go into ESM and delete the server object from there. Recently I have had a customer asking me to remove his first Exhange server and transfer everything to another Exchange server. So I went along and followed the KB article up to the point where I had to uninstall Exhange. Everything went fine. After that, before I wanted to uninstall Exchange, I stopped the Exchange services and left this so for a day, just to be sure kept on running right without the Exhange services on the old server running. This also went fine. I then left the instruction with the customer how to uninstall Exchange and delete the server object from within ESM. They want to do something themselves also, they have their own IT department :-). Instead of doing that, they simply switched the server off and told me this a couple of days later. I offcourse told them that Exchange needed to be uninstalled the way Microsoft says so but now they want me to somehow prove what will happen if they do it as they have always done it, simply remove the server object from within ESM and not uninstalling Exchange from the server at all. This Exchange Organisation exists of several servers and several Administrative Groups. I know that in order to uninstall Exchange you need the necessary rights on the Administrative Group the server is in, so I guess that during the uninstall, the server 'unties' itself from that Administrative Group. But what happens if you dont do this, are you then really stuck with pieces in AD of the 'not properly uninstalled server'? Lets ssay you would not uninstall Exchange but you will remove the server object from within ESM and then, much later you would bring that same server, not uninstalled, online again. I guess you could end up with messy thing then. But I dont think Microsoft says to uninstall Exchange because of this reason only. Is there a program for AD like there is 'Snapshot' for the Windows registry. A program which creates a 'before' and 'after' picture. Or am I now thinking too complex? Can anybody who can shed some light on what exactly is altered in AD when doing an uninstall of an an Exchange server?
RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name
Sorry for the somewhat late response. Clear answer Joe, The fact that you need something constant really makes sense and explains a lot. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: woensdag 24 mei 2006 2:55To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name Even if it updated itself it would still be stamped in the contents of every message that still exists somewhere within the ORG, either in calendars or in mailboxes. That is the address Exchange uses when you try to update a meeting or respond to a message. You need something constant or else you would lose those connections when say an email address or name changed. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: Tuesday, May 23, 2006 4:11 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name Thank you both very much for the replies and for the clear explanations. I think I will leave the legacyExchangeDN alone then. I was thinking about changing it because part of it refers to an object (Administrative Group) that no longer exists. I am still a bit puzzled why it not updates itself when the Administrative Group a user sits in, changes. I will definately read up on the other conversations about the legacyExchangeDN, sound interesting. For the time being I will leave it to what it is now. ;-) Thanks again. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: dinsdag 23 mei 2006 6:04To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name Yep I agree with Steven here. If you really feel you need to change this, stop feeling that way. ;o) It can impact mail delivery when someone tries to respond to a message as well as calendar entry ownership, etc. If you ABSOLUTELY must change the legacyExchangeDN, then search the archives as there are some conversations on this. Basically you will need to move the former legacyExchangeDN into proxyAddresses as an x500 address. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Presley, StevenSent: Sunday, May 21, 2006 6:04 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name Victor, At first I was not sure what you were talking about. I've never used this column before (it's not displayed as one of the defaults and I'm used to looking at mailbox enabled accounts via cmdline and now PowerShell), but after looking at ESM what you are really talking about (that most of us may be more familiar with) is the mailbox's legacyExchangeDN attribute (which is called "Full Mailbox Directory Name" in ESM). This attribute does not change when you move mailboxes from one server or administrative group to another, in fact changing this attribute's value will lead to messages that were send out by the moved mailbox not being replyable. So in a nutshell, there is absolutely nothing wrong with what you are seeing. It is expected and by design behavior. The legacyExchangeDN is used by Outlook clients (under the hood) to address and submit mail through MAPI. When an Outlook user sends out an email to other internal mailboxes the from address, under the hood, is actually the legacyExchangeDN address (if viewed with a tool like MFCMapi it's the PR_SENDER_EMAIL_ADDRESS). So if you were to change this value then any messages sent out before the change would become unreplyable (ok, not 100% true, because you could add an X500 address to the user's mailbox-enabled account that matches the old legacyExchangeDN and then the messages would get properly delivered). Anyways, don't worry about it. There is nothing wrong and I would highly recommend leaving the "full mailbox directory name" alone. It's not that you can't change it, but you'd have to put it's old value in as an additional proxy address (of the X500 type) in order for mail to continue to be delivered properly. Don't really know what you'd gain from that in the end. Hope this helps explain it a bit. There is a lot more to it then that naturally, but I think the above summarizes some of the key points about why you would not want to change it. Best regards, Steven From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: Saturday, May 20, 2006 12:47 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name Still hoping for somebody to think with me on this
RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains
That was indeed the case. In the mean time I got the query working, see my earlier reply to Jerry Welch. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: woensdag 31 mei 2006 22:42 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains I suspect you are making this overly complicated. Can you state your query in words? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, May 31, 2006 7:14 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains Okay, I have been working on getting this query right for an hour now, tried several combinations but I believe it is not all that easy to build an LDAP query, things like parentheses and ampersands...they are driving me mad right now ;-) I have now created 2 seperated address lists in Exchange because I cannot seem to create one query to output the complete result I want. I have now composed 2 seperate queries which give me exactly the output that want, BUT only seperately. When I join these queries together I get a query which doesnt work or doesnt give me the output that I want. These are the queries: query 1: (&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(! (homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person) (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& (objectCategory=person)(objectClass=contact)) query 2: (&(objectCategory=group)(proxyAddresses=*a.mydomain.com)) - "AA" are the first letters of the servernames for that child domain. - "a" in "a.mydomain.com" is the name of my child domain. Both these queries are working but I cannot seem to make one query out of them. I guess the query I want to create should have some sort of AND in it because I want the results of both queries together in one query. Does anybody have any idea how to create one working query out of these two? - Oorspronkelijk bericht - Van: [EMAIL PROTECTED] Datum: woensdag, mei 31, 2006 11:27 am Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains > Emm, it seems I just found it, might be usefull for anybody who > didnt > already know it, (probably just me): > > http://support.microsoft.com/default.aspx?scid=kb;en-us;312299 > > - Oorspronkelijk bericht - > Van: [EMAIL PROTECTED] > Datum: woensdag, mei 31, 2006 10:33 am > Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange > address > list - organisation with child domains > > > I have made some progress and I think that this query should work: > > > > (&(&(& (mailnickname=*) (| > > (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(! > (msExchHomeServerName=*)))(&(objectCategory=person) > > (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& > > (objectCategory=person)(objectClass=contact)) > > (objectCategory=publicFolder))(&(objectCategory=group) > > ([EMAIL PROTECTED] email address > > > > Unfortunately I cannot paste this query in the LDAP query field > on > > the > > Advanced tab of the screen I get in when I click properties of > the > > address list. It seems I can only put a certain number of > > characters in > > there. > > > > > > - Oorspronkelijk bericht - > > Van: [EMAIL PROTECTED] > > Datum: woensdag, mei 31, 2006 9:55 am > > Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange > > address > > list - organisation with child domains > > > > > Good idea, but I think I am doing something wrong. It is not a > > > matter > > > of the AL being displayed differently by the RUS on the hand > or > > > the AL > > > previeuw button on the other hand (at least in case of this > > > company it > > > isnt:-). > > > > > > The only thing I am looking at is the list which is displayed > > when > > > clicking the AL preview button. When I put the query described > > > beneath, > > > in the address list in ESM and I click the preview button, a > > list > > > is > > > displayed which also contains mail enabled groups from the > other > > > child > > > domains. I cannot seem to get the query right to not display > > those > > > groups. It looks like this problem is more difficult than I > > > thought it > > > would be. > > > > > > Still working on it. > > > > > > - Oorspronkelijk bericht - > > > Van: joe <[EMAIL PROTECTED]> > > > Datum: woensdag, mei 31, 2006 1:59 am > > > Onderwerp: RE: [ActiveDir] LDAP query to create Exchange > address > > > list - > > > organisation with child domains > > > > > > > First off, the test AL button in the ESM doesn't build the > AL > > > the > > > > same way > > > > that the RUS does. The RUS does not issue an LDAP query to > > build > > > > the AL, it > > > > looks at every object t
Re: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains
Thanks for that, nice tool, it shows a lot of info. In the mean time I got the query working, finally. Does anybody know where I can find information about how to learn LDAP. It would be nice if in the future I would not have to disturb the people with LDAP query questions :-) but be able to fix/create them myself. I first started to read this: http://www.microsoft.com/technet/prodtechnol/exchange/2003/insider/ldapq uery.mspx Now I am working on this: http://download.microsoft.com/download/3/d/3/3d32b0cd-581c-4574-8a27- 67e89c206a54/uldap.doc But perhaps there is even better material, especially focussed on queries in AD. - Oorspronkelijk bericht - Van: Jerry Welch <[EMAIL PROTECTED]> Datum: woensdag, mei 31, 2006 1:40 pm Onderwerp: RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains > Victor, > There is a great little editor called Notepad2 that pairs up > parentheses and > makes this type of work much easier. http://www.flos-freeware.ch/ > I copied your earlier query string into Notepad2 and see that the > parentheses did not balance out. > Jerry > > > Jerry Welch > CPS Systems > US/Canada: 888-666-0277 > International: +1 703 827 0919 (-5 GMT) > IP Phone (Skype): Jerry_Welch ( www.skype.net ) > IP Phone (VOIP): Jerry_Welch ( www.voipstunt.com ) > VOIP to Landline: callto:+1-703-827-0919 > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of victor- > [EMAIL PROTECTED]: Wednesday, May 31, 2006 7:14 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] LDAP query to create Exchange address > list - > organisation with child domains > > Okay, I have been working on getting this query right for an hour > now, tried > several combinations but I believe it is not all that easy to > build an LDAP > query, things like parentheses and ampersands...they are driving > me mad > right now ;-) > > I have now created 2 seperated address lists in Exchange because I > cannotseem to create one query to output the complete result I > want. > > I have now composed 2 seperate queries which give me exactly the > output that > want, BUT only seperately. When I join these queries together I > get a query > which doesnt work or doesnt give me the output that I want. > > These are the queries: > > query 1: > > (&(&(& (mailnickname=*) (| > (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(! (msExchHomeServerName=*)))(&(objectCategory=person) > (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& > (objectCategory=person)(objectClass=contact)) > > query 2: > > (&(objectCategory=group)(proxyAddresses=*a.mydomain.com)) > > > - "AA" are the first letters of the servernames for that child domain. > - "a" in "a.mydomain.com" is the name of my child domain. > > Both these queries are working but I cannot seem to make one query > out of > them. I guess the query I want to create should have some sort of > AND in it > because I want the results of both queries together in one query. > > Does anybody have any idea how to create one working query out of > these two? > > > > - Oorspronkelijk bericht - > Van: [EMAIL PROTECTED] > Datum: woensdag, mei 31, 2006 11:27 am > Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange > address > list - organisation with child domains > > > Emm, it seems I just found it, might be usefull for anybody who > > didnt > > already know it, (probably just me): > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;312299 > > > > - Oorspronkelijk bericht - > > Van: [EMAIL PROTECTED] > > Datum: woensdag, mei 31, 2006 10:33 am > > Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange > > address > > list - organisation with child domains > > > > > I have made some progress and I think that this query should work: > > > > > > (&(&(& (mailnickname=*) (| > > > (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(! > > (msExchHomeServerName=*)))(&(objectCategory=person) > > > (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& > > > (objectCategory=person)(objectClass=contact)) > > > (objectCategory=publicFolder))(&(objectCategory=group) > > > ([EMAIL PROTECTED] email address > > > > > > Unfortunately I cannot paste this query in the LDAP query > field > > on > > > the > > > Advanced tab of the screen I get in when I click properties of > > the > > > address list. It seems I can only put a certain number of > > > characters in > > > there. > > > > > > > > > - Oorspronkelijk bericht - > > > Van: [EMAIL PROTECTED] > > > Datum: woensdag, mei 31, 2006 9:55 am > > > Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange > > > address > > > list - organisation with child domains > > > > > > > Good idea, but I think I am doing something wrong. It is not > a > > > > matter > > > > of the AL being displayed differently by the RUS on the hand > > or > > > > the AL
Re: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains
Okay, I have been working on getting this query right for an hour now, tried several combinations but I believe it is not all that easy to build an LDAP query, things like parentheses and ampersands...they are driving me mad right now ;-) I have now created 2 seperated address lists in Exchange because I cannot seem to create one query to output the complete result I want. I have now composed 2 seperate queries which give me exactly the output that want, BUT only seperately. When I join these queries together I get a query which doesnt work or doesnt give me the output that I want. These are the queries: query 1: (&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(! (homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person) (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& (objectCategory=person)(objectClass=contact)) query 2: (&(objectCategory=group)(proxyAddresses=*a.mydomain.com)) - "AA" are the first letters of the servernames for that child domain. - "a" in "a.mydomain.com" is the name of my child domain. Both these queries are working but I cannot seem to make one query out of them. I guess the query I want to create should have some sort of AND in it because I want the results of both queries together in one query. Does anybody have any idea how to create one working query out of these two? - Oorspronkelijk bericht - Van: [EMAIL PROTECTED] Datum: woensdag, mei 31, 2006 11:27 am Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains > Emm, it seems I just found it, might be usefull for anybody who > didnt > already know it, (probably just me): > > http://support.microsoft.com/default.aspx?scid=kb;en-us;312299 > > - Oorspronkelijk bericht - > Van: [EMAIL PROTECTED] > Datum: woensdag, mei 31, 2006 10:33 am > Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange > address > list - organisation with child domains > > > I have made some progress and I think that this query should work: > > > > (&(&(& (mailnickname=*) (| > > (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(! > (msExchHomeServerName=*)))(&(objectCategory=person) > > (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& > > (objectCategory=person)(objectClass=contact)) > > (objectCategory=publicFolder))(&(objectCategory=group) > > ([EMAIL PROTECTED] email address > > > > Unfortunately I cannot paste this query in the LDAP query field > on > > the > > Advanced tab of the screen I get in when I click properties of > the > > address list. It seems I can only put a certain number of > > characters in > > there. > > > > > > - Oorspronkelijk bericht - > > Van: [EMAIL PROTECTED] > > Datum: woensdag, mei 31, 2006 9:55 am > > Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange > > address > > list - organisation with child domains > > > > > Good idea, but I think I am doing something wrong. It is not a > > > matter > > > of the AL being displayed differently by the RUS on the hand > or > > > the AL > > > previeuw button on the other hand (at least in case of this > > > company it > > > isnt:-). > > > > > > The only thing I am looking at is the list which is displayed > > when > > > clicking the AL preview button. When I put the query described > > > beneath, > > > in the address list in ESM and I click the preview button, a > > list > > > is > > > displayed which also contains mail enabled groups from the > other > > > child > > > domains. I cannot seem to get the query right to not display > > those > > > groups. It looks like this problem is more difficult than I > > > thought it > > > would be. > > > > > > Still working on it. > > > > > > - Oorspronkelijk bericht - > > > Van: joe <[EMAIL PROTECTED]> > > > Datum: woensdag, mei 31, 2006 1:59 am > > > Onderwerp: RE: [ActiveDir] LDAP query to create Exchange > address > > > list - > > > organisation with child domains > > > > > > > First off, the test AL button in the ESM doesn't build the > AL > > > the > > > > same way > > > > that the RUS does. The RUS does not issue an LDAP query to > > build > > > > the AL, it > > > > looks at every object that is detected as changed (or at > every > > > > object if > > > > forced to rebuild) via USN change tracking and manually > > compares > > > > it to the > > > > AL LDAP filter. This means that bugs in either mechanism > could > > > > result in > > > > different lists being built, so basically, don't trust what > > ESM > > > > says the AL > > > > will have as members, it is pretty worthless. Set the filter > > and > > > > let the AL > > > > build the list. > > > > > > > > Because of how this is all implemented, there is no domain > > > > affinity for the > > > > building of the ALs. This means you need to focus on > something > > > > else. I would > > > > not focus on the email addresses since those are also being >
Re: RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains
Emm, it seems I just found it, might be usefull for anybody who didnt already know it, (probably just me): http://support.microsoft.com/default.aspx?scid=kb;en-us;312299 - Oorspronkelijk bericht - Van: [EMAIL PROTECTED] Datum: woensdag, mei 31, 2006 10:33 am Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains > I have made some progress and I think that this query should work: > > (&(&(& (mailnickname=*) (| > (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(! (msExchHomeServerName=*)))(&(objectCategory=person) > (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& > (objectCategory=person)(objectClass=contact)) > (objectCategory=publicFolder))(&(objectCategory=group) > ([EMAIL PROTECTED] email address > > Unfortunately I cannot paste this query in the LDAP query field on > the > Advanced tab of the screen I get in when I click properties of the > address list. It seems I can only put a certain number of > characters in > there. > > > - Oorspronkelijk bericht - > Van: [EMAIL PROTECTED] > Datum: woensdag, mei 31, 2006 9:55 am > Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange > address > list - organisation with child domains > > > Good idea, but I think I am doing something wrong. It is not a > > matter > > of the AL being displayed differently by the RUS on the hand or > > the AL > > previeuw button on the other hand (at least in case of this > > company it > > isnt:-). > > > > The only thing I am looking at is the list which is displayed > when > > clicking the AL preview button. When I put the query described > > beneath, > > in the address list in ESM and I click the preview button, a > list > > is > > displayed which also contains mail enabled groups from the other > > child > > domains. I cannot seem to get the query right to not display > those > > groups. It looks like this problem is more difficult than I > > thought it > > would be. > > > > Still working on it. > > > > - Oorspronkelijk bericht - > > Van: joe <[EMAIL PROTECTED]> > > Datum: woensdag, mei 31, 2006 1:59 am > > Onderwerp: RE: [ActiveDir] LDAP query to create Exchange address > > list - > > organisation with child domains > > > > > First off, the test AL button in the ESM doesn't build the AL > > the > > > same way > > > that the RUS does. The RUS does not issue an LDAP query to > build > > > the AL, it > > > looks at every object that is detected as changed (or at every > > > object if > > > forced to rebuild) via USN change tracking and manually > compares > > > it to the > > > AL LDAP filter. This means that bugs in either mechanism could > > > result in > > > different lists being built, so basically, don't trust what > ESM > > > says the AL > > > will have as members, it is pretty worthless. Set the filter > and > > > let the AL > > > build the list. > > > > > > Because of how this is all implemented, there is no domain > > > affinity for the > > > building of the ALs. This means you need to focus on something > > > else. I would > > > not focus on the email addresses since those are also being > > > set/modified by > > > the RUS, you want to use something else. This could be a > > specific > > > specialattribute you set on the objects that allow you to > > > categorize them or add > > > the users/groups to special groups that indicate what domain > > they > > > are in and > > > add a memberof=somegroupdn component to the filter. > > > > > > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of > victor- > > > [EMAIL PROTECTED]: Tuesday, May 30, 2006 3:53 PM > > > To: ActiveDir@mail.activedir.org > > > Subject: [ActiveDir] LDAP query to create Exchange address > list - > > > organisation with child domains > > > > > > I am in an organisation of which the Active Directory exists > of > > a > > > parent root domain and 4 child domains. > > > > > > Each child domain has its own address list in Exchange. It is > > one > > > Exchange organisation with 1 Administrative Group. > > > > > > Let's call these domains A, B, C, and D. > > > > > > When looking at each of these lists I see the following: > > > > > > - Users with Exchange mailbox > > > - Users with an External e-mail address > > > - Groups > > > - Contacts > > > - Public Folders > > > > > > The thing I dont want to see but what I cannot seem to get rid > > of > > > is > > > the fact that I see (mail enabled) groups from other child > > domains > > > in > > > the address lists. > > > > > > Each child domain has several Exchange servers which names > start > > > with > > > AA or BB or CC or DD, depending on the child domain for which > > they > > > are > > > serving. For instance the Exchange servers in child domain A, > > all > > > start with AA. That is why I based the query on AA* for the A > > > child > > > domain. > >
Re: RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains
I have made some progress and I think that this query should work: (&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(! (homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person) (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& (objectCategory=person)(objectClass=contact)) (objectCategory=publicFolder))(&(objectCategory=group) ([EMAIL PROTECTED] email address Unfortunately I cannot paste this query in the LDAP query field on the Advanced tab of the screen I get in when I click properties of the address list. It seems I can only put a certain number of characters in there. - Oorspronkelijk bericht - Van: [EMAIL PROTECTED] Datum: woensdag, mei 31, 2006 9:55 am Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains > Good idea, but I think I am doing something wrong. It is not a > matter > of the AL being displayed differently by the RUS on the hand or > the AL > previeuw button on the other hand (at least in case of this > company it > isnt:-). > > The only thing I am looking at is the list which is displayed when > clicking the AL preview button. When I put the query described > beneath, > in the address list in ESM and I click the preview button, a list > is > displayed which also contains mail enabled groups from the other > child > domains. I cannot seem to get the query right to not display those > groups. It looks like this problem is more difficult than I > thought it > would be. > > Still working on it. > > - Oorspronkelijk bericht - > Van: joe <[EMAIL PROTECTED]> > Datum: woensdag, mei 31, 2006 1:59 am > Onderwerp: RE: [ActiveDir] LDAP query to create Exchange address > list - > organisation with child domains > > > First off, the test AL button in the ESM doesn't build the AL > the > > same way > > that the RUS does. The RUS does not issue an LDAP query to build > > the AL, it > > looks at every object that is detected as changed (or at every > > object if > > forced to rebuild) via USN change tracking and manually compares > > it to the > > AL LDAP filter. This means that bugs in either mechanism could > > result in > > different lists being built, so basically, don't trust what ESM > > says the AL > > will have as members, it is pretty worthless. Set the filter and > > let the AL > > build the list. > > > > Because of how this is all implemented, there is no domain > > affinity for the > > building of the ALs. This means you need to focus on something > > else. I would > > not focus on the email addresses since those are also being > > set/modified by > > the RUS, you want to use something else. This could be a > specific > > specialattribute you set on the objects that allow you to > > categorize them or add > > the users/groups to special groups that indicate what domain > they > > are in and > > add a memberof=somegroupdn component to the filter. > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of victor- > > [EMAIL PROTECTED]: Tuesday, May 30, 2006 3:53 PM > > To: ActiveDir@mail.activedir.org > > Subject: [ActiveDir] LDAP query to create Exchange address list - > > organisation with child domains > > > > I am in an organisation of which the Active Directory exists of > a > > parent root domain and 4 child domains. > > > > Each child domain has its own address list in Exchange. It is > one > > Exchange organisation with 1 Administrative Group. > > > > Let's call these domains A, B, C, and D. > > > > When looking at each of these lists I see the following: > > > > - Users with Exchange mailbox > > - Users with an External e-mail address > > - Groups > > - Contacts > > - Public Folders > > > > The thing I dont want to see but what I cannot seem to get rid > of > > is > > the fact that I see (mail enabled) groups from other child > domains > > in > > the address lists. > > > > Each child domain has several Exchange servers which names start > > with > > AA or BB or CC or DD, depending on the child domain for which > they > > are > > serving. For instance the Exchange servers in child domain A, > all > > start with AA. That is why I based the query on AA* for the A > > child > > domain. > > > > For child domain A the query looks like this: > > > > (&(&(& (mailnickname=*) (| > (&(objectCategory=person)(objectClass=user)> > (!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)> (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& > > (objectCategory=person)(objectClass=contact))(objectCategory=group) > > (objectCategory=publicFolder) > > > > What I would like to do is create an Exchange address list > without > > groups from other child domains in it. > > > > The strange thing is that when I build a query which consists of > > groups based on the emailaddress/proxyaddress of that specific > > child > > domain, the query gives a
Re: RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains
Good idea, but I think I am doing something wrong. It is not a matter of the AL being displayed differently by the RUS on the hand or the AL previeuw button on the other hand (at least in case of this company it isnt:-). The only thing I am looking at is the list which is displayed when clicking the AL preview button. When I put the query described beneath, in the address list in ESM and I click the preview button, a list is displayed which also contains mail enabled groups from the other child domains. I cannot seem to get the query right to not display those groups. It looks like this problem is more difficult than I thought it would be. Still working on it. - Oorspronkelijk bericht - Van: joe <[EMAIL PROTECTED]> Datum: woensdag, mei 31, 2006 1:59 am Onderwerp: RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains > First off, the test AL button in the ESM doesn't build the AL the > same way > that the RUS does. The RUS does not issue an LDAP query to build > the AL, it > looks at every object that is detected as changed (or at every > object if > forced to rebuild) via USN change tracking and manually compares > it to the > AL LDAP filter. This means that bugs in either mechanism could > result in > different lists being built, so basically, don't trust what ESM > says the AL > will have as members, it is pretty worthless. Set the filter and > let the AL > build the list. > > Because of how this is all implemented, there is no domain > affinity for the > building of the ALs. This means you need to focus on something > else. I would > not focus on the email addresses since those are also being > set/modified by > the RUS, you want to use something else. This could be a specific > specialattribute you set on the objects that allow you to > categorize them or add > the users/groups to special groups that indicate what domain they > are in and > add a memberof=somegroupdn component to the filter. > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of victor- > [EMAIL PROTECTED]: Tuesday, May 30, 2006 3:53 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] LDAP query to create Exchange address list - > organisation with child domains > > I am in an organisation of which the Active Directory exists of a > parent root domain and 4 child domains. > > Each child domain has its own address list in Exchange. It is one > Exchange organisation with 1 Administrative Group. > > Let's call these domains A, B, C, and D. > > When looking at each of these lists I see the following: > > - Users with Exchange mailbox > - Users with an External e-mail address > - Groups > - Contacts > - Public Folders > > The thing I dont want to see but what I cannot seem to get rid of > is > the fact that I see (mail enabled) groups from other child domains > in > the address lists. > > Each child domain has several Exchange servers which names start > with > AA or BB or CC or DD, depending on the child domain for which they > are > serving. For instance the Exchange servers in child domain A, all > start with AA. That is why I based the query on AA* for the A > child > domain. > > For child domain A the query looks like this: > > (&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user) > (!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person) > (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& > (objectCategory=person)(objectClass=contact))(objectCategory=group) > (objectCategory=publicFolder) > > What I would like to do is create an Exchange address list without > groups from other child domains in it. > > The strange thing is that when I build a query which consists of > groups based on the emailaddress/proxyaddress of that specific > child > domain, the query gives an output of exactly those groups which > are in > that child domain, so far soo good. When I then add all users with > an > emailaddress/proxyaddress to that same query (I do this all from > with > ESM, right click address list etcetera), I get the message that no > items can be found by this criteria. > > Any help is greatly appreciated. > > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] LDAP query to create Exchange address list - organisation with child domains
I am in an organisation of which the Active Directory exists of a parent root domain and 4 child domains. Each child domain has its own address list in Exchange. It is one Exchange organisation with 1 Administrative Group. Let's call these domains A, B, C, and D. When looking at each of these lists I see the following: - Users with Exchange mailbox - Users with an External e-mail address - Groups - Contacts - Public Folders The thing I dont want to see but what I cannot seem to get rid of is the fact that I see (mail enabled) groups from other child domains in the address lists. Each child domain has several Exchange servers which names start with AA or BB or CC or DD, depending on the child domain for which they are serving. For instance the Exchange servers in child domain A, all start with AA. That is why I based the query on AA* for the A child domain. For child domain A the query looks like this: (&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user) (!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person) (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& (objectCategory=person)(objectClass=contact))(objectCategory=group) (objectCategory=publicFolder) What I would like to do is create an Exchange address list without groups from other child domains in it. The strange thing is that when I build a query which consists of groups based on the emailaddress/proxyaddress of that specific child domain, the query gives an output of exactly those groups which are in that child domain, so far soo good. When I then add all users with an emailaddress/proxyaddress to that same query (I do this all from with ESM, right click address list etcetera), I get the message that no items can be found by this criteria. Any help is greatly appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name
Thank you both very much for the replies and for the clear explanations. I think I will leave the legacyExchangeDN alone then. I was thinking about changing it because part of it refers to an object (Administrative Group) that no longer exists. I am still a bit puzzled why it not updates itself when the Administrative Group a user sits in, changes. I will definately read up on the other conversations about the legacyExchangeDN, sound interesting. For the time being I will leave it to what it is now. ;-) Thanks again. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: dinsdag 23 mei 2006 6:04To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name Yep I agree with Steven here. If you really feel you need to change this, stop feeling that way. ;o) It can impact mail delivery when someone tries to respond to a message as well as calendar entry ownership, etc. If you ABSOLUTELY must change the legacyExchangeDN, then search the archives as there are some conversations on this. Basically you will need to move the former legacyExchangeDN into proxyAddresses as an x500 address. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Presley, StevenSent: Sunday, May 21, 2006 6:04 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name Victor, At first I was not sure what you were talking about. I've never used this column before (it's not displayed as one of the defaults and I'm used to looking at mailbox enabled accounts via cmdline and now PowerShell), but after looking at ESM what you are really talking about (that most of us may be more familiar with) is the mailbox's legacyExchangeDN attribute (which is called "Full Mailbox Directory Name" in ESM). This attribute does not change when you move mailboxes from one server or administrative group to another, in fact changing this attribute's value will lead to messages that were send out by the moved mailbox not being replyable. So in a nutshell, there is absolutely nothing wrong with what you are seeing. It is expected and by design behavior. The legacyExchangeDN is used by Outlook clients (under the hood) to address and submit mail through MAPI. When an Outlook user sends out an email to other internal mailboxes the from address, under the hood, is actually the legacyExchangeDN address (if viewed with a tool like MFCMapi it's the PR_SENDER_EMAIL_ADDRESS). So if you were to change this value then any messages sent out before the change would become unreplyable (ok, not 100% true, because you could add an X500 address to the user's mailbox-enabled account that matches the old legacyExchangeDN and then the messages would get properly delivered). Anyways, don't worry about it. There is nothing wrong and I would highly recommend leaving the "full mailbox directory name" alone. It's not that you can't change it, but you'd have to put it's old value in as an additional proxy address (of the X500 type) in order for mail to continue to be delivered properly. Don't really know what you'd gain from that in the end. Hope this helps explain it a bit. There is a lot more to it then that naturally, but I think the above summarizes some of the key points about why you would not want to change it. Best regards, Steven From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: Saturday, May 20, 2006 12:47 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name Still hoping for somebody to think with me on this matter :-( 75% of the mailboxes that were moved have a Full Mailbox Directory Name which has the Administrative Group in it from wich they were moved from, instead of the one they are in now. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: donderdag 18 mei 2006 22:20To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name Perhaps I need to clarify this a little. What I mean is that a mailbox that has been moved to another Administrative Group, still has the Administrative Group in it's Full Mailbox Directory Name frow which it was moved. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: dinsdag 16 mei 2006 22:32To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name We are in the middle of a migration from Exchange 2000 to Exchange 2003. We have 2 Administrative Groups in ESM. one of th
RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name
Still hoping for somebody to think with me on this matter :-( 75% of the mailboxes that were moved have a Full Mailbox Directory Name which has the Administrative Group in it from wich they were moved from, instead of the one they are in now. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: donderdag 18 mei 2006 22:20To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name Perhaps I need to clarify this a little. What I mean is that a mailbox that has been moved to another Administrative Group, still has the Administrative Group in it's Full Mailbox Directory Name frow which it was moved. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: dinsdag 16 mei 2006 22:32To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name We are in the middle of a migration from Exchange 2000 to Exchange 2003. We have 2 Administrative Groups in ESM. one of them is named: First Administrative Group (this name was left default at the time of the installation of the first server). The other has been given a new name. The First Administrative Group holds the Exchange 2000 servers, the other holds the Exchange 2003 servers. In the end only one Administrative Group will exist, the new one. Recently I moved a couple of hundred of mailboxes to a different server in a different Administrative Group. When looking at those mailboxes from withing ESM (by clicking the mailboxes node under the servers node), I can see that a most of those mailboxes still have the name of the Administrative Group they were in, in their Full Mailbox Directory Name (this is a column that can be added in ESM). The mailboxes were on a server which was in the First Administrative Group and have been moved to another server which sits in another Administrative Group. I am asking this because when after all the mailboxes have been moved (a few are still on that old server), I am planning to delete the First Administrative Group in time. My question is why does the Full Mailbox Directory Name still have the First Administrative Group in it, even if the mailbox is no longer in the First Administrative Group? Do I need to fix this before I will delete the First Administrative Group? Thanks in advance for the help.
RE: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name
Perhaps I need to clarify this a little. What I mean is that a mailbox that has been moved to another Administrative Group, still has the Administrative Group in it's Full Mailbox Directory Name frow which it was moved. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: dinsdag 16 mei 2006 22:32To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name We are in the middle of a migration from Exchange 2000 to Exchange 2003. We have 2 Administrative Groups in ESM. one of them is named: First Administrative Group (this name was left default at the time of the installation of the first server). The other has been given a new name. The First Administrative Group holds the Exchange 2000 servers, the other holds the Exchange 2003 servers. In the end only one Administrative Group will exist, the new one. Recently I moved a couple of hundred of mailboxes to a different server in a different Administrative Group. When looking at those mailboxes from withing ESM (by clicking the mailboxes node under the servers node), I can see that a most of those mailboxes still have the name of the Administrative Group they were in, in their Full Mailbox Directory Name (this is a column that can be added in ESM). The mailboxes were on a server which was in the First Administrative Group and have been moved to another server which sits in another Administrative Group. I am asking this because when after all the mailboxes have been moved (a few are still on that old server), I am planning to delete the First Administrative Group in time. My question is why does the Full Mailbox Directory Name still have the First Administrative Group in it, even if the mailbox is no longer in the First Administrative Group? Do I need to fix this before I will delete the First Administrative Group? Thanks in advance for the help.
[ActiveDir] [Exchange] Full Mailbox Directory Name holds wrong Administrative Group name
We are in the middle of a migration from Exchange 2000 to Exchange 2003. We have 2 Administrative Groups in ESM. one of them is named: First Administrative Group (this name was left default at the time of the installation of the first server). The other has been given a new name. The First Administrative Group holds the Exchange 2000 servers, the other holds the Exchange 2003 servers. In the end only one Administrative Group will exist, the new one. Recently I moved a couple of hundred of mailboxes to a different server in a different Administrative Group. When looking at those mailboxes from withing ESM (by clicking the mailboxes node under the servers node), I can see that a most of those mailboxes still have the name of the Administrative Group they were in, in their Full Mailbox Directory Name (this is a column that can be added in ESM). The mailboxes were on a server which was in the First Administrative Group and have been moved to another server which sits in another Administrative Group. I am asking this because when after all the mailboxes have been moved (a few are still on that old server), I am planning to delete the First Administrative Group in time. My question is why does the Full Mailbox Directory Name still have the First Administrative Group in it, even if the mailbox is no longer in the First Administrative Group? Do I need to fix this before I will delete the First Administrative Group? Thanks in advance for the help.
RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
What I did was the following: I used Adfind as Joe suggested and the output of that showed me that the I had no acces to the 'All Address Lists' and the 'All Global Address Lists'. I pasted the dn's of both of them into dsacls (from ADAM SP1/R2) and reset the permissions on those objects for the Authenticated Users group. After I had done this I now could see both of them in ESM again. I then saw the GAL had dissapeard so I first thought to kick of the RUS (this 'reloads' the GAL) but this didnt help (this was not really a surprise to me since the RUS kicks in every minute anyway). I recreated the GAL and now everything was back to normal and I was a happy man ;-). Again thanks for everybody who contributed, nice work. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: donderdag 9 februari 2006 21:08To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Lets here what you did. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: Thursday, February 09, 2006 1:49 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared I want to thank everybody who contributed to this thread. The problem has been solved :-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANNSent: woensdag 8 februari 2006 17:58To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared True execpt if you install the rdp client on windows 2000... :o)) Cordialement,Yann TIROACentre de Ressources Informatique.Campus Scientifique de la DOUA.Bât. Gabriel Lippmann - 2 ème étage - salle 238.43, Bd du 11 Novembre 1918.69622 Villeurbanne Cedex.Web: www.univ-lyon1.fr De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Steve RochfordEnvoyé : mercredi 8 février 2006 16:59À : ActiveDir@mail.activedir.orgObjet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Not with Windows 2000 :-) Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANNSent: 08 February 2006 13:36To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Hi, Just launch rdp client with the /console switch as this mstsc /console, this will give u interactive logon to your server. Cordialement,Yann TIROACentre de Ressources Informatique.Campus Scientifique de la DOUA.Bât. Gabriel Lippmann - 2 ème étage - salle 238.43, Bd du 11 Novembre 1918.69622 Villeurbanne Cedex.Web: www.univ-lyon1.fr De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Steve RochfordEnvoyé : mercredi 8 février 2006 12:47À : ActiveDir@mail.activedir.orgObjet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared One tiny little point which might be worth adding dont try doing this using a remote desktop session as I did the other week. I sat there cursing the machine, confident that Id got the syntax etc right. It was only much later when I looked at the real console screen that I saw lots of cmd windows which had all opened and were running in the local system context Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANNSent: 06 February 2006 19:53To: ActiveDir@mail.activedir.orgSubject: RE : [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Yes. 1)go to start -> execute and type cmd.exe 2) Then will have to type this command "at /interactive cmd.exe" (without quote). Example: if your local time is 20:05, then you will type "at 20:06 /interactive cmd.exe" This will open an other instance of cmd.exe 1 mn after your local time. This second instance of cmd.exe is running under the local system account, type whoami and u will see it. 3) at the second instance of cmd.exe, launch ESM [1] or type DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO [1]: after reading the whole KB, I will use the dsacls command suggested by the KB because , the command will do the job for u as resetting the good ACEs for Authenticated Users. Yann
RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
I want to thank everybody who contributed to this thread. The problem has been solved :-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANNSent: woensdag 8 februari 2006 17:58To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared True execpt if you install the rdp client on windows 2000... :o)) Cordialement,Yann TIROACentre de Ressources Informatique.Campus Scientifique de la DOUA.Bât. Gabriel Lippmann - 2 ème étage - salle 238.43, Bd du 11 Novembre 1918.69622 Villeurbanne Cedex.Web: www.univ-lyon1.fr De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Steve RochfordEnvoyé : mercredi 8 février 2006 16:59À : ActiveDir@mail.activedir.orgObjet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Not with Windows 2000 :-) Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANNSent: 08 February 2006 13:36To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Hi, Just launch rdp client with the /console switch as this mstsc /console, this will give u interactive logon to your server. Cordialement,Yann TIROACentre de Ressources Informatique.Campus Scientifique de la DOUA.Bât. Gabriel Lippmann - 2 ème étage - salle 238.43, Bd du 11 Novembre 1918.69622 Villeurbanne Cedex.Web: www.univ-lyon1.fr De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Steve RochfordEnvoyé : mercredi 8 février 2006 12:47À : ActiveDir@mail.activedir.orgObjet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared One tiny little point which might be worth adding dont try doing this using a remote desktop session as I did the other week. I sat there cursing the machine, confident that Id got the syntax etc right. It was only much later when I looked at the real console screen that I saw lots of cmd windows which had all opened and were running in the local system context Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANNSent: 06 February 2006 19:53To: ActiveDir@mail.activedir.orgSubject: RE : [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Yes. 1)go to start -> execute and type cmd.exe 2) Then will have to type this command "at /interactive cmd.exe" (without quote). Example: if your local time is 20:05, then you will type "at 20:06 /interactive cmd.exe" This will open an other instance of cmd.exe 1 mn after your local time. This second instance of cmd.exe is running under the local system account, type whoami and u will see it. 3) at the second instance of cmd.exe, launch ESM [1] or type DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO [1]: after reading the whole KB, I will use the dsacls command suggested by the KB because , the command will do the job for u as resetting the good ACEs for Authenticated Users. Yann
RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
Going into "Advanced" on which folder exactly? ? CN=Address Lists Container"? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 22:38 To: ActiveDir@mail.activedir.org Subject: RE : [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Victor, I will dare that your problem with /forestprep will be solve untill you grant the right accesses for authenticated users. The user able to launch the setup.exe /forestprep must be member of entreprise and schema admin *AND* also member of authenticated users, But, authenticated users are not present in your ACLs so the setup could not find ANY lists, that probably mention by "...Setup failed while installing sub-component Microsoft Exchange Organization-Level Container Children..." So, what i would suggest u to do is: 1) "Did you go into "Advanced" and ensure that "Allow inheritable..." is checked?" as Michael B. Smith stated earlier. If no, then check it. 2)If that not resolves your pb, use the at /interactive with dsacls switch as stated in MS KB; in order to add/grant authenticated users with the right aces to your lists. 3) then check if an autehnticated users *CAN SEE* the GAL + all @ lists. 4) if it's ok, launch the setip /forestprep command with a user -> that has full admin exchange at the org. level, ->that is member of the entreprise + schema groups. 5) if that works launch setup /domainprep. 6) At last, check if the system attendant is working fine for 10-15mn. 7) if that works, u won !!! Yann _ De: [EMAIL PROTECTED] de la part de Victor W. Date: lun. 06/02/2006 21:58 À: ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared I am going to try that, nice one. I am still puzzled why I cannot run forestprep. Can anybody tell me what I have to do to be able to run forestprep without any errors? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 20:53 To: ActiveDir@mail.activedir.org Subject: RE : [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Yes. 1)go to start -> execute and type cmd.exe 2) Then will have to type this command "at /interactive cmd.exe" (without quote). Example: if your local time is 20:05, then you will type "at 20:06 /interactive cmd.exe" This will open an other instance of cmd.exe 1 mn after your local time. This second instance of cmd.exe is running under the local system account, type whoami and u will see it. 3) at the second instance of cmd.exe, launch ESM [1] or type DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO [1]: after reading the whole KB, I will use the dsacls command suggested by the KB because , the command will do the job for u as resetting the good ACEs for Authenticated Users. Yann _ De: [EMAIL PROTECTED] de la part de Victor W. Date: lun. 06/02/2006 20:05 À: ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Okay, so you start ESM with local system properties. Does that mean you have to start ESM from that same command prompt window? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 19:28 To: ActiveDir@mail.activedir.org Subject: RE : [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared To right answer your question : Yes. I use ESM instead of dsacls because I get use granting ACL with GUI :o) Yann _ De: [EMAIL PROTECTED] de la part de Victor W. Date: lun. 06/02/2006 16:48 À: ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Thanks for your fast reply Yann! Do you mean to run the command which resets the permissions for the Authenticated users under local system priviliges? Cheers, Victor _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 16:30 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Hi, The only way to revert your organization accessible is to run the command under "Local System" privileges by passing this command in a command line windows as this: c:\>at /interactive cmd.exe Ex : c:\>at 12:00 /interact
RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
I am going to try that, nice one. I am still puzzled why I cannot run forestprep. Can anybody tell me what I have to do to be able to run forestprep without any errors? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 20:53 To: ActiveDir@mail.activedir.org Subject: RE : [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Yes. 1)go to start -> execute and type cmd.exe 2) Then will have to type this command "at /interactive cmd.exe" (without quote). Example: if your local time is 20:05, then you will type "at 20:06 /interactive cmd.exe" This will open an other instance of cmd.exe 1 mn after your local time. This second instance of cmd.exe is running under the local system account, type whoami and u will see it. 3) at the second instance of cmd.exe, launch ESM [1] or type DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO [1]: after reading the whole KB, I will use the dsacls command suggested by the KB because , the command will do the job for u as resetting the good ACEs for Authenticated Users. Yann _ De: [EMAIL PROTECTED] de la part de Victor W. Date: lun. 06/02/2006 20:05 À: ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Okay, so you start ESM with local system properties. Does that mean you have to start ESM from that same command prompt window? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 19:28 To: ActiveDir@mail.activedir.org Subject: RE : [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared To right answer your question : Yes. I use ESM instead of dsacls because I get use granting ACL with GUI :o) Yann _ De: [EMAIL PROTECTED] de la part de Victor W. Date: lun. 06/02/2006 16:48 À: ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Thanks for your fast reply Yann! Do you mean to run the command which resets the permissions for the Authenticated users under local system priviliges? Cheers, Victor _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 16:30 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Hi, The only way to revert your organization accessible is to run the command under "Local System" privileges by passing this command in a command line windows as this: c:\>at /interactive cmd.exe Ex : c:\>at 12:00 /interactive cmd.exe So at 12:00, a command prompt will appear with "Local System" privileges ( type whiami to be sure). Tip: if you connect to your server via RDP, the command will not be interactive and the command shell will not appear unless you active the /console in your RDP conection. However, just open a session directly to you r exchange server. Now you can open properly ESM with "Local System" privileges, and give full access to a user at the organisation level. After regainning total access to your exchange oraganisation server, run a /forestprep and /domainprep for the Systeme attendant to be in a stable state. Let us know if that works for you. Cordialement, Yann TIROA Centre de Ressources Informatique. Campus Scientifique de la DOUA. Bât. Gabriel Lippmann - 2 ème étage - salle 238. 43, Bd du 11 Novembre 1918. 69622 Villeurbanne Cedex. Web: www.univ-lyon1.fr _ De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Victor W. Envoyé : lundi 6 février 2006 16:05 À : ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared I had the chance to look at the actual problem today and hereunder I will describe the problem and what I have tried to resolve it: Problem: The All Address Lists container has dissapeared from ESM, as well as the All Global Address Lists container. >From within Outlook it is as iff you can display the All Address List but you are presented with an error message when you actually select it, the same error message is displayed when clicking "check name" when creating a new Outlook profile. I know what happened, what has caused this; somebody had denied Everyone and Authenticated Users acces to this list. I found a MS article which deals with exactly this, if I am right: http://support.micr
RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
Okay, so you start ESM with local system properties. Does that mean you have to start ESM from that same command prompt window? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 19:28 To: ActiveDir@mail.activedir.org Subject: RE : [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared To right answer your question : Yes. I use ESM instead of dsacls because I get use granting ACL with GUI :o) Yann _ De: [EMAIL PROTECTED] de la part de Victor W. Date: lun. 06/02/2006 16:48 À: ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Thanks for your fast reply Yann! Do you mean to run the command which resets the permissions for the Authenticated users under local system priviliges? Cheers, Victor _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: maandag 6 februari 2006 16:30 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Hi, The only way to revert your organization accessible is to run the command under "Local System" privileges by passing this command in a command line windows as this: c:\>at /interactive cmd.exe Ex : c:\>at 12:00 /interactive cmd.exe So at 12:00, a command prompt will appear with "Local System" privileges ( type whiami to be sure). Tip: if you connect to your server via RDP, the command will not be interactive and the command shell will not appear unless you active the /console in your RDP conection. However, just open a session directly to you r exchange server. Now you can open properly ESM with "Local System" privileges, and give full access to a user at the organisation level. After regainning total access to your exchange oraganisation server, run a /forestprep and /domainprep for the Systeme attendant to be in a stable state. Let us know if that works for you. Cordialement, Yann TIROA Centre de Ressources Informatique. Campus Scientifique de la DOUA. Bât. Gabriel Lippmann - 2 ème étage - salle 238. 43, Bd du 11 Novembre 1918. 69622 Villeurbanne Cedex. Web: www.univ-lyon1.fr _ De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Victor W. Envoyé : lundi 6 février 2006 16:05 À : ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared I had the chance to look at the actual problem today and hereunder I will describe the problem and what I have tried to resolve it: Problem: The All Address Lists container has dissapeared from ESM, as well as the All Global Address Lists container. >From within Outlook it is as iff you can display the All Address List but you are presented with an error message when you actually select it, the same error message is displayed when clicking "check name" when creating a new Outlook profile. I know what happened, what has caused this; somebody had denied Everyone and Authenticated Users acces to this list. I found a MS article which deals with exactly this, if I am right: http://support.microsoft.com/?id=286296 When I try this in a command prompt: DSACLS "CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" I get the following error message: "Object path is not valid, please correct it" When I try this in a command prompt: DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO I get the following error message: "The system cannot find the file specified". >From within Adsi Edit I can see In the right hand pane: "CN=All Address Lists" and "CN=All Globall Address Lists" They are at the following location: CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Domain,CN=AddressListContainer When I right click either of those two and ask for properties, I get the message that an invalid directory was passed. When I try to delete either of those two I get the message that there are other property sheets opened and that need to close first. It is as if the objects are visible but arent really there any more. As suggested I tried running setup: /forestprep but I get an error almost at the end of forestprep: "Setup failed while installing sub-component Microsoft Exchange Organization-Level Container Children with error code 0x80071392 (please consult the installation logs for a detailed description). You may cancel
RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
Yes, I did that already but forgot to mention it. I didnot see any deny permissions. I gave Authenticated users read permission, as well as the Everyone group. When I look in another Exchange Organization I manage I dont see that this is necessary, the Authenticated users and Everyone group dont have any rights there, I mean none of the checkboxes on the security tab are checked for those people. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: maandag 6 februari 2006 18:40To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Good. So, can you right click on Address Lists Container in the left pane and blow the permissions down? (Dont touch the right-side before trying!) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: Monday, February 06, 2006 11:58 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Good point. I will clarify things. If I navigate on the left side to "CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Domain,CN=AddressListContainer" from within Adsi Edit, I see only two 'folders' on the left side: - CN=Offline Address List - CN=Recipient Update Services I should see two more 'folders' there in my opinion, that is the CN=All Address Lists folder and the CN=All Globall Address Lists folder. I dont see the All Address Lists and the All Globall Address List 'folders' on the LEFT side but on the RIGHT side I see the following 'files' (not directories): - CN=All Address Lists - CN=All Globall Address Lists (I cant request properties from either of those two). Cheers, Victor From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: maandag 6 februari 2006 17:06To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared This may sound silly (and in a way, it is), but try accessing them a little differently. Open adsiedit.msc and drill down ONLY USING THE TREE IN THE LEFT PANE OF THE WINDOW. Right-click on All Address Lists IN THE LEFT PANE and open Properties and go to the Security tab and see if you can make your changes. Similarly for All Global Address Lists. Never click in the right pane during this process. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: Monday, February 06, 2006 10:05 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared I had the chance to look at the actual problem today and hereunder I will describe the problem and what I have tried to resolve it: Problem: The All Address Lists container has dissapeared from ESM, as well as the All Global Address Lists container. From within Outlook it is as iff you can display the All Address List but you are presented with an error message when you actually select it, the same error message is displayed when clicking "check name" when creating a new Outlook profile. I know what happened, what has caused this; somebody had denied Everyone and Authenticated Users acces to this list. I found a MS article which deals with exactly this, if I am right: http://support.microsoft.com/?id=286296 When I try this in a command prompt: DSACLS "CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" I get the following error message: "Object path is not valid, please correct it" When I try this in a command prompt: DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO I get the following error message: "The system cannot find the file specified". From within Adsi Edit I can see In the right hand pane: "CN=All Address Lists" and "CN=All Globall Address Lists" They are at the following location: CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Domain,CN=AddressListContainer When I right click either of those two and ask for properties, I get the message that an invalid directory was passed. When I try to delete either of those two I get the message that there are other property sheets opened and that need to close first. It is as if the objects are visible but arent really there any more. As suggested I tried running setup: /forestprep but I get an error almost at the end of forestprep: "Setup failed while installing sub-component Microsoft Exchange Organization-Level Container Children with error code 0x80071392 (please consult the installatio
RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
Good point. I will clarify things. If I navigate on the left side to "CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Domain,CN=AddressListContainer" from within Adsi Edit, I see only two 'folders' on the left side: - CN=Offline Address List - CN=Recipient Update Services I should see two more 'folders' there in my opinion, that is the CN=All Address Lists folder and the CN=All Globall Address Lists folder. I dont see the All Address Lists and the All Globall Address List 'folders' on the LEFT side but on the RIGHT side I see the following 'files' (not directories): - CN=All Address Lists - CN=All Globall Address Lists (I cant request properties from either of those two). Cheers, Victor From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: maandag 6 februari 2006 17:06To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared This may sound silly (and in a way, it is), but try accessing them a little differently. Open adsiedit.msc and drill down ONLY USING THE TREE IN THE LEFT PANE OF THE WINDOW. Right-click on All Address Lists IN THE LEFT PANE and open Properties and go to the Security tab and see if you can make your changes. Similarly for All Global Address Lists. Never click in the right pane during this process. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: Monday, February 06, 2006 10:05 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared I had the chance to look at the actual problem today and hereunder I will describe the problem and what I have tried to resolve it: Problem: The All Address Lists container has dissapeared from ESM, as well as the All Global Address Lists container. From within Outlook it is as iff you can display the All Address List but you are presented with an error message when you actually select it, the same error message is displayed when clicking "check name" when creating a new Outlook profile. I know what happened, what has caused this; somebody had denied Everyone and Authenticated Users acces to this list. I found a MS article which deals with exactly this, if I am right: http://support.microsoft.com/?id=286296 When I try this in a command prompt: DSACLS "CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" I get the following error message: "Object path is not valid, please correct it" When I try this in a command prompt: DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO I get the following error message: "The system cannot find the file specified". From within Adsi Edit I can see In the right hand pane: "CN=All Address Lists" and "CN=All Globall Address Lists" They are at the following location: CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Domain,CN=AddressListContainer When I right click either of those two and ask for properties, I get the message that an invalid directory was passed. When I try to delete either of those two I get the message that there are other property sheets opened and that need to close first. It is as if the objects are visible but arent really there any more. As suggested I tried running setup: /forestprep but I get an error almost at the end of forestprep: "Setup failed while installing sub-component Microsoft Exchange Organization-Level Container Children with error code 0x80071392 (please consult the installation logs for a detailed description). You may cancel the installation or try the failed step again". I took the relevant piece from the Exchange Server Setup Progress Log: "[09:30:39] Creating organization address books[09:30:39] Entering CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs[09:30:39] CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs (f:\titanium\admin\src\udog\exsetdata\components\server\a_orgctchildren.cxx:1815) Error code 0X80071392 (5010): The object already exists.[09:30:39] Leaving CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs[09:30:39] CAtomOrgCtChildren::ScAddDSObjects (f:\titanium\admin\src\udog\exsetdata\components\server\a_orgctchildren.cxx:192) Error code 0X80071392 (5010): The object already exists.[09:30:39] Leaving CAtomOrgCtChildren::ScAddDSObjects[09:30:39] mode = 'ForestPrep' (61965) CBaseAtom::ScSetup (f:\titanium\admin\src\udog\setupbase\basecomp\baseatom.cxx:842) Error code 0X80071392 (5010): The object already exists.[09:31:23] >> Setup encountered a fata
RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
Hmm, this discussion is going the wrong way ;-)) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: maandag 6 februari 2006 16:55To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared "why am i" is a more philosophical question I guess, which cannot be answered by a CLI :) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANNSent: 06 February 2006 15:31To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared "So at 12:00, a command prompt will appear with Local System privileges ( type whiami to be sure)." > it is rather "type whoami to be sure". :) Yann De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Victor W.Envoyé : lundi 6 février 2006 16:05À : ActiveDir@mail.activedir.orgObjet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared I had the chance to look at the actual problem today and hereunder I will describe the problem and what I have tried to resolve it: Problem: The All Address Lists container has dissapeared from ESM, as well as the All Global Address Lists container. From within Outlook it is as iff you can display the All Address List but you are presented with an error message when you actually select it, the same error message is displayed when clicking "check name" when creating a new Outlook profile. I know what happened, what has caused this; somebody had denied Everyone and Authenticated Users acces to this list. I found a MS article which deals with exactly this, if I am right: http://support.microsoft.com/?id=286296 When I try this in a command prompt: DSACLS "CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" I get the following error message: "Object path is not valid, please correct it" When I try this in a command prompt: DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO I get the following error message: "The system cannot find the file specified". From within Adsi Edit I can see In the right hand pane: "CN=All Address Lists" and "CN=All Globall Address Lists" They are at the following location: CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Domain,CN=AddressListContainer When I right click either of those two and ask for properties, I get the message that an invalid directory was passed. When I try to delete either of those two I get the message that there are other property sheets opened and that need to close first. It is as if the objects are visible but arent really there any more. As suggested I tried running setup: /forestprep but I get an error almost at the end of forestprep: "Setup failed while installing sub-component Microsoft Exchange Organization-Level Container Children with error code 0x80071392 (please consult the installation logs for a detailed description). You may cancel the installation or try the failed step again". I took the relevant piece from the Exchange Server Setup Progress Log: "[09:30:39] Creating organization address books[09:30:39] Entering CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs[09:30:39] CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs (f:\titanium\admin\src\udog\exsetdata\components\server\a_orgctchildren.cxx:1815) Error code 0X80071392 (5010): The object already exists.[09:30:39] Leaving CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs[09:30:39] CAtomOrgCtChildren::ScAddDSObjects (f:\titanium\admin\src\udog\exsetdata\components\server\a_orgctchildren.cxx:192) Error code 0X80071392 (5010): The object already exists.[09:30:39] Leaving CAtomOrgCtChildren::ScAddDSObjects[09:30:39] mode = 'ForestPrep' (61965) CBaseAtom::ScSetup (f:\titanium\admin\src\udog\setupbase\basecomp\baseatom.cxx:842) Error code 0X80071392 (5010): The object already exists.[09:31:23] >> Setup encountered a fatal error during Microsoft Exchange Forest Preparation of ForestPrep component task. -- ID:62237 -- CBaseComponent::ScSetup (f:\titanium\admin\src\udog\exsetdata\components\forprep\compforprep.cxx:513) Error code 0X80071392 (5010): The object already exists.[09:31:23] Entering CBaseComponent::SetSubtreeComponentsToFailWithErrorInSetup[09:31:23] Leaving CBaseComponent::SetSubtreeComponentsToFailWithErrorInSetup[09:31:23] CCompForestPrep::ScSetup" I found an MS article that address the error 0x80071392 message, but I wonder if this is relevant for my case. http://support.microsoft.com/default.aspx?scid=kb;en-us;2969
RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
Thanks for your fast reply Yann! Do you mean to run the command which resets the permissions for the Authenticated users under local system priviliges? Cheers, Victor From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANNSent: maandag 6 februari 2006 16:30To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared Hi, The only way to revert your organization accessible is to run the command under Local System privileges by passing this command in a command line windows as this: c:\>at /interactive cmd.exe Ex : c:\>at 12:00 /interactive cmd.exe So at 12:00, a command prompt will appear with Local System privileges ( type whiami to be sure). Tip: if you connect to your server via RDP, the command will not be interactive and the command shell will not appear unless you active the /console in your RDP conection. However, just open a session directly to you r exchange server. Now you can open properly ESM with Local System privileges, and give full access to a user at the organisation level. After regainning total access to your exchange oraganisation server, run a /forestprep and /domainprep for the Systeme attendant to be in a stable state. Let us know if that works for you. Cordialement,Yann TIROACentre de Ressources Informatique.Campus Scientifique de la DOUA.Bât. Gabriel Lippmann - 2 ème étage - salle 238.43, Bd du 11 Novembre 1918.69622 Villeurbanne Cedex.Web: www.univ-lyon1.fr De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Victor W.Envoyé : lundi 6 février 2006 16:05À : ActiveDir@mail.activedir.orgObjet : RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared I had the chance to look at the actual problem today and hereunder I will describe the problem and what I have tried to resolve it: Problem: The All Address Lists container has dissapeared from ESM, as well as the All Global Address Lists container. From within Outlook it is as iff you can display the All Address List but you are presented with an error message when you actually select it, the same error message is displayed when clicking "check name" when creating a new Outlook profile. I know what happened, what has caused this; somebody had denied Everyone and Authenticated Users acces to this list. I found a MS article which deals with exactly this, if I am right: http://support.microsoft.com/?id=286296 When I try this in a command prompt: DSACLS "CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" I get the following error message: "Object path is not valid, please correct it" When I try this in a command prompt: DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO I get the following error message: "The system cannot find the file specified". From within Adsi Edit I can see In the right hand pane: "CN=All Address Lists" and "CN=All Globall Address Lists" They are at the following location: CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Domain,CN=AddressListContainer When I right click either of those two and ask for properties, I get the message that an invalid directory was passed. When I try to delete either of those two I get the message that there are other property sheets opened and that need to close first. It is as if the objects are visible but arent really there any more. As suggested I tried running setup: /forestprep but I get an error almost at the end of forestprep: "Setup failed while installing sub-component Microsoft Exchange Organization-Level Container Children with error code 0x80071392 (please consult the installation logs for a detailed description). You may cancel the installation or try the failed step again". I took the relevant piece from the Exchange Server Setup Progress Log: "[09:30:39] Creating organization address books[09:30:39] Entering CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs[09:30:39] CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs (f:\titanium\admin\src\udog\exsetdata\components\server\a_orgctchildren.cxx:1815) Error code 0X80071392 (5010): The object already exists.[09:30:39] Leaving CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs[09:30:39] CAtomOrgCtChildren::ScAddDSObjects (f:\titanium\admin\src\udog\exsetdata\components\server\a_orgctchildren.cxx:192) Error code 0X80071392 (5010): The object already exists.[09:30:39] Leaving CAtomOrgCtChildren::ScAddDSObjects[09:30:39] mode = 'ForestPrep' (61965) CBaseAtom::ScSetup (f:\titanium\admin\src\udog\setupbase\basecomp\baseatom.cxx:842)
RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
I had the chance to look at the actual problem today and hereunder I will describe the problem and what I have tried to resolve it: Problem: The All Address Lists container has dissapeared from ESM, as well as the All Global Address Lists container. From within Outlook it is as iff you can display the All Address List but you are presented with an error message when you actually select it, the same error message is displayed when clicking "check name" when creating a new Outlook profile. I know what happened, what has caused this; somebody had denied Everyone and Authenticated Users acces to this list. I found a MS article which deals with exactly this, if I am right: http://support.microsoft.com/?id=286296 When I try this in a command prompt: DSACLS "CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" I get the following error message: "Object path is not valid, please correct it" When I try this in a command prompt: DSACLS "CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Example,DC=com" /N /G "Authenticated Users":SDRCWDWOWPRPCALO I get the following error message: "The system cannot find the file specified". From within Adsi Edit I can see In the right hand pane: "CN=All Address Lists" and "CN=All Globall Address Lists" They are at the following location: CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Domain,CN=AddressListContainer When I right click either of those two and ask for properties, I get the message that an invalid directory was passed. When I try to delete either of those two I get the message that there are other property sheets opened and that need to close first. It is as if the objects are visible but arent really there any more. As suggested I tried running setup: /forestprep but I get an error almost at the end of forestprep: "Setup failed while installing sub-component Microsoft Exchange Organization-Level Container Children with error code 0x80071392 (please consult the installation logs for a detailed description). You may cancel the installation or try the failed step again". I took the relevant piece from the Exchange Server Setup Progress Log: "[09:30:39] Creating organization address books[09:30:39] Entering CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs[09:30:39] CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs (f:\titanium\admin\src\udog\exsetdata\components\server\a_orgctchildren.cxx:1815) Error code 0X80071392 (5010): The object already exists.[09:30:39] Leaving CAtomOrgCtChildren::ScCreateOrgLevelAddressBooksCTAndObjs[09:30:39] CAtomOrgCtChildren::ScAddDSObjects (f:\titanium\admin\src\udog\exsetdata\components\server\a_orgctchildren.cxx:192) Error code 0X80071392 (5010): The object already exists.[09:30:39] Leaving CAtomOrgCtChildren::ScAddDSObjects[09:30:39] mode = 'ForestPrep' (61965) CBaseAtom::ScSetup (f:\titanium\admin\src\udog\setupbase\basecomp\baseatom.cxx:842) Error code 0X80071392 (5010): The object already exists.[09:31:23] >> Setup encountered a fatal error during Microsoft Exchange Forest Preparation of ForestPrep component task. -- ID:62237 -- CBaseComponent::ScSetup (f:\titanium\admin\src\udog\exsetdata\components\forprep\compforprep.cxx:513) Error code 0X80071392 (5010): The object already exists.[09:31:23] Entering CBaseComponent::SetSubtreeComponentsToFailWithErrorInSetup[09:31:23] Leaving CBaseComponent::SetSubtreeComponentsToFailWithErrorInSetup[09:31:23] CCompForestPrep::ScSetup" I found an MS article that address the error 0x80071392 message, but I wonder if this is relevant for my case. http://support.microsoft.com/default.aspx?scid=kb;en-us;296938 That article talks about Domain prep and domain prep runs just fine (I ran domain prep anyway but it doesnt resolve the problem). The article also talks about renaming the Exchange System Objects OU and the fact that renaming it isnt possible if the Objectclass attribute of that OU has the value msExchSystemObjectsContainer. Even though in my case the OU has indeed got an Objectclass attribute, I can rename it anyway. I tried renaming this OU and ran forestprep again but still the same stop error. I wunder if I really renamed this OU, I mean I can right click it and rename it but the article says that it isnt possible, so I was wondering if it had really been renamed. I tried to remove the value of the Objectclass attribute but this gave me an errormessage telling me that this was an invalid operation, so I stopped there, not wanting to mess up anything. The System State backup the firm has, is one from last night and the problem occured a week ago so restoring AD in that sense is unfortunately not an option. I hope any
RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
Thanks Michael and Tony, I will try it and will let you know the outcome. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: vrijdag 3 februari 2006 2:04To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared As Tony said, if they are deleted and you need the specific contents back, an authoritative restore is your appropriate response. If the defaults work for you, you might just try rerunning forestprep and domainprep, then touching each store setting the GAL for the store. I have seen security changes make them "appear" to disappear. adsiedit.msc is where you go to deal with that(although, again, rerunning forestprep and domainprep will probably take care of it for you) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W.Sent: Thursday, February 02, 2006 4:26 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared What if the containers mentioned in the subject title are 'suddenly' missing in ESM? I have not checked (via adsiedit) if they are still in the Config.Nam.Context cause I just heard this and have not had the chance to actually look at it. If they are gone from the conf.nam.cont. how can I get these folders back and what if they are visible there but not in ESM. Any help is greatly appreciated.
[ActiveDir] Exchange - ESM - "All Address Lists" and "All Global Address Lists" disappeared
What if the containers mentioned in the subject title are 'suddenly' missing in ESM? I have not checked (via adsiedit) if they are still in the Config.Nam.Context cause I just heard this and have not had the chance to actually look at it. If they are gone from the conf.nam.cont. how can I get these folders back and what if they are visible there but not in ESM. Any help is greatly appreciated.
RE: [ActiveDir] exchange tool
There is a tool called ADMAP which draws the Exchange Organization but I doesnt go as far as drawing ALL settings on all mailbox stores. -Oorspronkelijk bericht-Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]namens shereen naserVerzonden: maandag 30 januari 2006 12:28Aan: ActiveDir@mail.activedir.orgOnderwerp: [ActiveDir] exchange tool Is there a tool to draw the exchange organization and list all settings on all mailbox stores?
RE: [ActiveDir] Force Outlook to use closest GC to Outlook client
Thanks for the reply. 1: Yes there are GC's in the clients site. 2: I want the Outlook client to connect to the closest GC. DSProxy on Exchange indeed refers the Outlook client to a GC the first time Outlook starts. But I want that not to take place and to hardcode in the client to use the closest GC. Well on the other hand, maybe there is a way to tell Exchange not to provide the client with a gc but to let the client decide what gc to choose. This seems rather tricky to me to say the least. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: woensdag 6 juli 2005 23:40 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Force Outlook to use closest GC to Outlook client I'm no Exchange expert so take with a bucket of salt. 1. Basic- are there GC's in the clients site? 2. It was my understanding that DSProxy and DSAccess on Exchange use the GC's in the Exchange server's site. Since outlook initally is getting the list of GC's from DSProxy, perhaps you have to make a change on Exchange itself. But like I said, I'm no expert. Hopefully, someone more knowing will pipe in. -- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Force Outlook to use closest GC to Outlook client
Title: Force Outlook to use closest GC to Outlook client Hope you can help me with this one. This is the case: I am in an environment with one root domain and 4 child domains in it, based on country (4 countries). All users have an account in one of the child domains (the rootdomain is in fact empty and acting as placeholder). Now when somebody from lets say childdomain A, is travelling to another country, for instance childdomain B and he connects with Outlook to his mailbox in childdomain A, he gets referred to the gc that is closest to his Exchange server. What I want is to get Outlook to connect to the closest gc to the Outlook client itself. I know there is a KB article for this and I followed that: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q319206 According to MS the following key could be implemented to force Outlook to connect to the closest gc to itself instead of to the gc closest to the Exchange server being used. HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider Value name: Closest GC Data type: REG_DWORD Radix: Hexadecimal Value data: 0x0001 Anyway, that doesnt work. When I check I find out that Outlook still uses the gc closest to the Exchange server. I even tried specifying a specific gc for Outlook to use. The registry key for that is also to be found in that same KB article: HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider Value name: DS Server Data type: REG_SZ (string) Value data: FQDN of the global catalog server Still the same problem. Outlook keeps using the gc closest to the Exchange server. Do you have any suggestions about solving this? Thanks a million in advance. Victor