from:"William Lefkovics"

RE: [ActiveDir] OT: M$

2006-11-10 Thread William Lefkovics

What does all this have to do with the hidden administrative share on the M:
drive?
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter
Sent: Thursday, November 09, 2006 6:17 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: M$

You're not a fake employee, I've seen you.  :-)  BrettSh, too.

It's that Stuart Kwan guy whose existence I'm doubting.


(Come on, was that enough to inspire the rarity that is a Stuart Kwan
ActiveDir post?  Please? PLEASE?!?!?!?!?!?!?!?!?!?!?  ;-))

On 11/9/06, Eric Fleischman <[EMAIL PROTECTED]> wrote:
>
>
>
> Not that I really care if people say M$ or not, but I thought I'd 
> comment on one thing, in the name of full disclosure..
>
>
>
> My participation on this list has __nothing__ to do with money. I 
> don't get compensated on any level for this. Heck, I don't even work 
> on AD anymore, so this is like 2 degrees of separation away from 
> anything that MS compensates me for.
>
>
>
> So, is MS out to make $? Sure.
>
> Is AD part of that money-making strategy? Sure.
>
> Does that have anything to do with MS employee participation on this 
> list? I don't think so. Others (at least those that I can recall 
> posting here as I type this mail) on this list fall in to the same 
> boat. A couple of them don't work on AD anymore either.
>
>
>
> Why do I hang out here? I do it because I care about customers and 
> about AD/ADAM. It has nothing to do with my salary.
>
> It's also why I still blog about AD, answer newsgroup questions, 
> answer internal questions (DLs, PSS, MCS, other PGs, etc.), handle 
> direct emails from a myriad of non-MS people (some I know, some are 
> totally out of the blue), fix code for people that ask for help, etc. 
> I don't get paid for any of this.
>
>
>
> ~Eric
>
> Borg #145719302
>
>
>
>
>
>  "the man" actually wrote it on behalf of the fake employee that goes 
> by Eric
> Fleischman>
>
>
>
>
>
>
> 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

Re: [ActiveDir] OOT: WSUS

2006-01-03 Thread William Lefkovics


If you don't already know, there is a good WSUS list at:
http://www.patchmanagement.org/wsusfaqs.asp


Harjadi, Yandi wrote:


Hi,

 

Is it possible to make the downstream server to retrieve the updates 
directly from MS WSUS server instead of upstream server in replica 
mode ?  I need to have 1 server to approve and manage the approval, 
but each server download the patch individually since each site have 
their own internet connection..


 


Thanks

Yandi



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Urgently Yes or No

2005-12-31 Thread William Lefkovics


Windows 2000 and Windows Server 2003 cluster nodes as domain controllers
http://support.microsoft.com/?kbid=281662

tareq ttt wrote:



Dear All,
 i am asking if i can install two windows 2003 servers that running

active directory on each one,at the same time they have the same DNS 


name.

 for example:

server one : tech.com 


server tow:  tech.com



my goal to built clustering between them and at the
same time great 


the load balance between

them.

please i need your answer just to be (YES or NO).



 if the answer is yes where is the link can get informatin about the 


setting configuration for this procedure.



 please i need your help urgently.



 Tareq Fkhideh.




List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Excahnge suggestion

2004-11-12 Thread William Lefkovics

http://hellomate.typepad.com/exchange/2004/02/exchange_mailin.html

William

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Friday, November 12, 2004 9:55 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Excahnge suggestion

Can this list suggest a good Exchange 2000/2003 list?

I am now being tasked with providing Exchange 2003 support and hope to find
an Exchange list that can provide the same high quality support,
suggestions, and advise as this list.

Daniel

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Tombstone Lifetime and DC Replication

2004-08-21 Thread William Lefkovics

I think this normally comes up when an old backup is restored, but...

I have a pair of lab DCs on Windows 2003 that have been turned off for
longer than the tombstone lifetime of 60 days.

In firing them up, they will no longer speak to one another like each thinks
the other has cooties.
This is by design, of course.

I was going to force the removal of the one without the FSMO roles with
DCPromo and then rejoin.  Is that the simplest course of action?

Thanks in advance.

William



 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] MS04-007 checking

2004-02-14 Thread William Lefkovics




The LSASS DOS:
http://isc.sans.org/diary.html
http://www.k-otik.com/exploits/02.14.MS04-007-dos.c.php
http://linuxfromscratch.org/~devine/MS04-007-dos.c
 
William
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Ayers, 
DianeSent: Saturday, February 14, 2004 8:50 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] MS04-007 
checking

You have any pointers to info the 
"proof of concept"?  I'm not interested in code but would like to look at 
the info and we may want to pull the trigger at our organization.  We're 
working the rollout  for 007 but may want to deploy quicker than 
we currently have mapped out.
 
Diane


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of deji 
AgbaSent: Saturday, February 14, 2004 6:10 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] MS04-007 
checking


In case anyone here is having 
difficulties justifying (to management) the "urgent" need patch systems 
against this new vulnerability, here's one for your ammunition:
There is now a "Proof of Concept" exploit code that exploits this 
vulnerability. The clock is now ticking in the race for another Blaster. I am 
not sure if it's OK to post URL to exploits here, so I will err on the side of 
prudence and say if you need to know where, email me.
 


 
Sincerely,Dèjì Akómöláfé, 
MCSE MCSA 
MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now 
realize that Today is the Tomorrow you were worried about Yesterday?  
-anon

RE: [ActiveDir] MS04-007 checking

2004-02-13 Thread William Lefkovics




The Microsoft Baseline Security Analyzer should be able to 
check for this.
http://www.microsoft.com/technet/treeview/default.asp?url="">
 
Or a third party vulnerability assessment tool, such as 
Retina from www.eeye.com (the folks that 
discovered MS04-007).
 
William Lefkovics
eEye Digital Security


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Friday, February 13, 2004 9:06 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
MS04-007 checking
Does anyone know of a tool to make 
sure that all the users have this patch applied?  I know Microsoft had 
something for the Blaster and was wondering if anyone has anything that would 
check to make sure this patch has been applied? Thanks again Ryan 
McDonald

RE: [ActiveDir] MS04-006 - Serious hole that needs patching - think Blaster++

2004-02-10 Thread William Lefkovics

Except that is really MS04-007.
And [EMAIL PROTECTED] goes to me.  :o)

RPC/DCOM was actually easy to defend against in many ways.  For ASN, the
range of methods for leveraging this vulnerability are many and varied.
Granted, we had 6 months to think about it.

William Lefkovics, ExchangeMVP
eEye Digital Security
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, February 10, 2004 8:47 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] MS04-006 - Serious hole that needs patching - think
Blaster++

You guys have probably all seen this, but just in case

This thing has greater potential than Blaster due to the fact that there are
more vectors for it to come in through... 





Pulled from the Full Disclosure ListServ


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marc Maiffret
Sent: Tuesday, February 10, 2004 1:31 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Bit String Heap
Corruption Microsoft ASN.1 Library Bit String Heap Corruption

Release Date:
February 10, 2004

Date Reported:
September 25, 2003

Severity:
High (Remote Code Execution)

Systems Affected:
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003

Description:
eEye Digital Security has discovered a second critical vulnerability in
Microsoft's ASN.1 library (MSASN1.DLL) that allows an attacker to overwrite
heap memory with data he or she controls and cause the execution of
arbitrary code.  ASN.1 is an industry standard used in a variety of binary
protocols, and as a result, this flaw in Microsoft's implementation can be
reached through a number of Windows applications and services.  Ironically,
the security-related functionality in Windows is especially adept at
rendering a machine vulnerable to this attack, including Kerberos (UDP/88)
and NTLMv2 authentication (TCP/135, 139, 445).

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Exchange: decommission the exchange 2000 server

2003-12-11 Thread William Lefkovics

Also pfmigrate.wsf from the Exchange Deployment Tools.

William

- Original Message - 
From: "Steve Shaff" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 11, 2003 2:56 PM
Subject: RE: [ActiveDir] Exchange: decommission the exchange 2000 server

That is perfect.

Thanks,

S

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, December 11, 2003 1:58 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange: decommission the exchange 2000 server

I am not aware of a white paper for this. But to answer your specific
question on PF transfer, the easiest way (for me) is to add the replica of
the PF to the new Exchange Server. Wit for a sufficiently long period of
time for the Replica to come over, then remove the Original Exchange server
from the Replica list.

Also, look at PFAdmin. I think it's on the Exchange CD.

"Sufficiently long time" is relative and depends on things like the size of
the PF, the size of the network pipe between the 2 servers, etc. There are
other considerations involved in retiring your original Exchange server
besides rehoming the PF. If you need more info, post the question.

HTH

Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon

From: [EMAIL PROTECTED] on behalf of Steve Shaff
Sent: Thu 12/11/2003 1:32 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Exchange: decommission the exchange 2000 server

Group,

We are getting ready to decommission the exchange 2000 server and
transfer all the roles to the exchange 2003 server.  Are there any white
papers or documents on how to do this?  I seem to be missing how you
transfer the public folder dbs to the new server.  Any ideas, problem
area, etc that I should be aware of?

I was looking at the kb article (307917). This does not help, since the
tabs have changed with the addition of the 2003 server.

Thanks,
S

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Happy Thanksgiving...

2003-11-26 Thread William Lefkovics

That was like 5 weeks ago.

- Original Message - 
From: "Myrick, Todd (NIH/CIT)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 26, 2003 11:02 AM
Subject: [ActiveDir] Happy Thanksgiving...


> Just wanted to wish everyone on the list a Happy Thanksgiving...
> 
> Todd Myrick
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] OT:Exchange 2000 and Kerberos

2003-09-24 Thread William Lefkovics

It's not planned for Exchange 2003.  It's there.
Go to Exchange 2003 and do not look back.

William


- Original Message - 
From: "Chris Flesher" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 24, 2003 1:42 PM
Subject: [ActiveDir] OT:Exchange 2000 and Kerberos


> I know this is off topic, but does Exchange 2000 support kerberos
> authentication? Is it planned for Exchange 2003? Finally, can OWA
> authenticate to a backend kerberos server, say on Unix machine?
>  
> Chris Flesher
> The University of Chicago
> NSIT/DCS
> 1-773-834-8477
>  
> 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] OT: Microsoft MOM

2003-09-22 Thread William Lefkovics

It does need a little mothering, yes, and it is probably overkill for a
smaller firm.
Isn't MOM an offspring of NetIQ?

And I work with the Exchange Management Pack mostly.

- Original Message - 
From: "Rick Kingslan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, September 22, 2003 6:39 PM
Subject: RE: [ActiveDir] OT: Microsoft MOM


> MOM has lots of promise - but it's like any other tool of this type.  It
> takes much care, quite a bit of skill, and a lot of commitment.  We have
one
> person who is all but dedicated to running MOM.
>
> As to the pieces of MOM that come in the AD Management Pack - well,
they're
> not bad.  But - they aren't great either.  There are a lot of holes, but
as
> mentioned - it takes tuning.  I suspect the holes are the pieces of our
> installation that need to be tuned to collect the right data to fill in.
> Given  enough data, MOM can be a great tool.  I suspect, given this depth
> and breadth of a tool - you're going to need 12 - 18 mos. Of historical
data
> built up before it becomes a PREDICTIVE tool - and not just a monitoring
> station.
>
> If all you want is monitoring, Dell Open Manage or HP/Compaq Insight
Manager
> is going to do that for you - and the cost is, well, let's just say a lot
> less. :o)
>
> MOM is a great tool.  It just needs LOTS of care and feeding.
>
> Rick Kingslan  MCSE, MCSA, MCT
> Microsoft MVP - Active Directory
> Associate Expert
> Expert Zone - www.microsoft.com/windowsxp/expertzone
>
> > This message may contain privileged or confidential information.  If you
are
> not the intended recipient of this message, you may not make any use of,
or
> rely in any way on, this information, and you should destroy this message
> and notify the sender by reply email.  Any opinions or advice contained in
> this email are subject to the terms and conditions in any applicable
client
> engagement letter or service agreement.
>
> .org/
>

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS does SPs now

2003-09-21 Thread William Lefkovics

Point taken.  And thanks.

I don't really consider IIS all that insecure, anymore.  
There are a lot of Small Business Servers out there, for example.

I'm only saying there are better reasons not to put SUS on a DC other than
the use of IIS.

I mean, Windows is a 'known problem'.

Carry on.

William Lefkovics
eEye Digital Security
http://www.eeye.com/html/Products/SecureIIS/index.html



 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, September 20, 2003 6:23 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now

William,

Let me clarify myself:

I don't FEAR IIS on a DC.  Just from a security perspective, I don't think
it's smart.  I don't see any reason to put a known problem on my domain's
authentication source, among other things.

Now, I might change my mind if we're talking about IIS 6.0, but likely not.
Least privilege access.  IIS is not needed on a DC, and is not part of what
a DC needs to do what it is designed for.

But, that's just me.  Wonderful thing about freedom - each is free to do
whatever he wants.  As long as it doesn't impede on the freedom of others,
have at it.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of William Lefkovics
Sent: Saturday, September 20, 2003 8:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now

I agree with that premise of no SUS on a DC, though I have no fear of IIS on
a DC.

Domain controllers are special and should not get auto-anything in terms of
updates or other changes.
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, September 20, 2003 11:39 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now

Raymond, 

Good question - I hope that I can provide a good answer.

I would NOT suggest or recommend deploying SUS to a DC for one simple
reason: It requires IIS, and for security purposes, I will not deploy IIS
onto a domain controller - which clearly dismisses a DC from hosting SUS
IMHO.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SUS does SPs now

2003-09-20 Thread William Lefkovics

I agree with that premise of no SUS on a DC, though I have no fear of IIS on
a DC.

Domain controllers are special and should not get auto-anything in terms of
updates or other changes.
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, September 20, 2003 11:39 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now

Raymond, 

Good question - I hope that I can provide a good answer.

I would NOT suggest or recommend deploying SUS to a DC for one simple
reason: It requires IIS, and for security purposes, I will not deploy IIS
onto a domain controller - which clearly dismisses a DC from hosting SUS
IMHO.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Raymond McClinnis
Sent: Saturday, September 20, 2003 12:36 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now

I have a somewhat silly question on SUS...

Would anyone recommend against installing it on a DC?  And if so, I curious
as to why (other that the obvious things, like it's a DC :) )

Thanks,

Raymond McClinnis


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff
Sent: Friday, September 19, 2003 12:54 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now

You will have to setup two SUS servers.  One in a dev environment and one on
the corporate network.  The dev SUS will get the updates directly from MSFT
and then once approved, the other SUS will be able to pull those updates for
the corporate clients.


Steve Shaff
Active Directory / Exchange Administrator Corillian Corporation
(W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 

 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Adams, Kenneth W
(Ken)
Sent: Friday, September 19, 2003 10:47 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now

Yes.

Kenneth W. (Ken) Adams, MCSA, MCSE



-Original Message-
From: Rod Trent [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 12:28 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now


Aren't we saying the same thing, then?  Updates deployed to test
environment, then approval, then deployment to production. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Adams, Kenneth W
(Ken)
Sent: Friday, September 19, 2003 11:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now

Not if your SUS server is used to supply the fixes to your test environment.

Kenneth W. (Ken) Adams, MCSA, MCSE



-Original Message-
From: Rod Trent [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 9:22 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now


The approval in the change management process should be before the update is
even deployed -- after testing against applications, services,
infrastructure, rollback, etc.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Adams, Kenneth W
(Ken)
Sent: Friday, September 19, 2003 8:30 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now

It's also good if you have a Change Management process that requires a CM
record be created and approved by a review board before the actual
installation occurs.

Ken A., MCSA, MCSE



-Original Message-
From: Rod Trent [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 7:49 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now


That's good if you have a minimal number of servers. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Adams, Kenneth W
(Ken)
Sent: Friday, September 19, 2003 7:42 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS does SPs now

I'll be setting up SUS SP updates to servers, only I set my servers to
download and notify, not to automatically install and boot.  I keep control
that way.

Ken A., MCSA, MCSE



-Original Message-
From: Henderson Richard [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2003 7:13 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] SUS does SPs now


As it will only run on W2KSP2+ Clients SMS is still needed for NT4 Clients.

But another question,  how many here will setup SUS SP updates to Servers?
i.e 100 servers all being rebooted at 3am Sunday morning ??

-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: 19 September 2003 09:44
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] SUS does SPs now


Have just picked up on this thread of SUS - looks a real winner

would be glad for the views of the positioning of this product relative to
SMS ??

GT

- Original Message -
From: "Free, Bob" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent:

Re: [ActiveDir] problem running 2003 Server "adprep /forestprep"

2003-09-18 Thread William Lefkovics

Any further information in the exchangesetup.log located at c:\ ?

- Original Message - 
From: "Thommes, Michael M." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 18, 2003 6:05 PM
Subject: [ActiveDir] problem running 2003 Server "adprep /forestprep"

Tonight I tried running "adprep /forestprep" from the Server 2003 CD on my
W2K/SP3 schema master to get ready to put up a 2003 server.  The process
stopped saying that the logged in account was not a member of the Enterprise
Admins, the Schema Admins and the Domain Admins.  Not true!  I was logged in
(at the console) on the DC that currently holds all of the FSMO roles (and
has schema updates allowed on this computer) with the "Big Kahuna" account
which certainly is a member of those groups (I double checked).  I ran this
command on our testbed virtually the same way and had no problems.

While I will open a trouble ticket with Microsoft tomorrow, I was hoping to
"hit the streets running" with additional information.  Have any of you
tried this and failed with a similar error?  I am at a loss as to what is
going on.  Thanks for any info!

Mike Thommes
Argonne National Laboratory

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] SUS Feedback...

2003-09-09 Thread William Lefkovics

We share the same issues.

But we have laptops that have traveled the country or just get taken home
each night, but haven't been rebooted in weeks.  They just hibernate on
battery power til next time they are opened.

Essentially, we have chosen to not shut off workstations at days' end.  They
remain running 24/7.  Updates for antivirus, patches for applications or OS
all happen after hours for desktops.

William

- Original Message - 
From: "Roger Seielstad" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 09, 2003 11:59 AM
Subject: RE: [ActiveDir] SUS Feedback...


> I've been running SUS SP1 for a week or two now - finally got time to
> implement it.
>
> I'd second a lot of the basic limitations of the product - its not
perfect,
> but it does do a good job with the basics. If you're aware of the limits,
> it's a good way to push the more critical OS layer stuff.
>
> The biggest issue I've got is dealing with the automatic reboots - a lot
of
> MS patches (as you know) require restarts to take effect. The decision as
to
> whether or not to force reboot isn't easy, and I wish there was some form
of
> recurring reminder to reboot.
>
> In my environment, that can be an issue - I have a heavily laptop oriented
> client base, so I have to schedule the updates to happen when they're here
> (I chose Noon), but that's a busy time for people, so forcing a reboot
then
> isn't a great option. Fortunately, most laptops get shut down and taken
home
> at night. My desktops, however, probably won't get rebooted, so that's a
> problem. And more often than not, the desktops are on the desks of people
> who are going to cause me pain (development and customer support).
>
> I'd like to be able to do some form of filtering (WMI?) for client type
and
> have different settings for different boxes, and I *think* that's on the
> books for 2.0, but I don't know.
>
> --
> Roger D. Seielstad - MTS MCSE MS-MVP
> Sr. Systems Administrator
> Inovis Inc.
>
>
> > -Original Message-
> > From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, September 09, 2003 1:12 PM
> > To: '[EMAIL PROTECTED]'
> > Subject: [ActiveDir] SUS Feedback...
> >
> >
> > Is anyone out there running Software Update Service?  I want
> > to gage what
> > the general opinion of the service is.  I personally think that there
> > probably needs to be two approaches when it comes to a
> > service like this.
> > One is a pull service based on GPO agent configuration, the
> > other is a push
> > service based on a need to force workstation updates on
> > down-level clients,
> > and those that seem to ride outside the SUS zone.
> >
> > Any comments?
> >
> > Thanks,
> >
> > Todd Myrick
> > List info   : http://www.activedir.org/mail_list.htm
> > List FAQ: http://www.activedir.org/list_faq.htm
> > List archive:
> > http://www.mail-archive.com/activedir%> 40mail.activedir.org/
> >
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] SP4

2003-08-21 Thread William Lefkovics

Title: Message



Which 
latest 'virus'?
 
Considered a vulnerability assessment tool?
http://www.eeye.com/html/Research/Tools/RPCDCOM.html
 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Don Murawski (Lenox)Sent: Thursday, August 21, 
  2003 7:28 AMTo: '[EMAIL PROTECTED]'Subject: 
  [ActiveDir] SP4
  Has anyone had issues 
  with SP4 on DC's?
  We are getting hammered 
  by the latest virus.
   
   
   
   
  Don L. 
  Murawski
  Sr. Network 
  Administrator
  
  WorldTravel 
  BTI
  Phone: (404) 
  923-9468
  Fax: (404) 949-6710
  Cell: (678) 549-1264
   
  
<>

RE: [ActiveDir] SP4

2003-08-21 Thread William Lefkovics

>From another list:

Original Message - 
From: "Jim Knouse" <[EMAIL PROTECTED]>
Sent: Thursday, August 21, 2003 5:40 PM

"Seems many of you subscribe to Brian's Buzz. He published a story 
today;
http://www.briansbuzz.com/w/030821/

that included a bit about the statement we, TruSecure Corporation, had 
posted on our website.
During the initial rush to get information out about Blaster, we 
Included a
statement that if you had Windows 2000 SP3, then applied MS03-026, 
you'd
be
patched. However, if you subsequently installed SP4, you would be 
reverted to an unpatched state.
The testing that was used to come up with this statement was wrong. I 
did the testing, so I know it was wrong. Last week I rechecked this 
and found
my
mistake. Unfortunately, it took until Monday to get the TruSecure 
alert corrected. Brian refers to a different alert, the original alert 
about the RPC/DCOM overflow (TSA03-009). I'm not sure we ever had 
mention about SP4 reverting MS03-026 in that alert. I know we had it 
in TSA03-011, and that alert now contains the following";

"TruSecure Corporation originally believed that Windows 2000 machines
which
were at SP3, then patched with MS03-026, and then updated to SP4, 
would become vulnerable to the attacks against RPC/DCOM (e.g. 
Blaster).
Subsequent
testing proved this not to be the case. Systems patched in this method
will
retain the MS03-026 patch after applying SP4 and do not need to 
re-apply
the
patch.  Apologies to all who read the incorrect information." -Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor 


William Lefkovics


Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of jalen richard
Sent: Thursday, August 21, 2003 7:02 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SP4


Windows 2000 upgrades to SP4 undo the MS03-026 patch. Take Windows 2000
machines with Service Pack 3, patch them with MS03-026, and then upgrade
them to Service Pack 4. They become vulnerable to Blaster again. If you
don't need the features of SP4, either hold off on installing it, or do
install it and then manually disable the Windows DCOM service. (That
last step will break applications that use DCOM.) A more complete
description of this approach can be found in the Mitigations section of
TruSecure article 03-009.



Roger Seielstad <[EMAIL PROTECTED]> wrote: 
I would tend to agree with you.

Then again, I also witnessed no less than 3 different releases of the
same patch over the last 10 days.


-- 
Roger D. Seielstad - MTS MCSE MS-MVP 
Sr. Systems Administrator 
Inovis Inc. 
-Original Message-
From: Ken Cornetet [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 21, 2003 11:26 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SP4


Despite what the FAQ says, I've seen some win2k pro workstations where
the patch would NOT install on SP2. Upgrading to SP3 allowed the patch
to be applied. My guess is that what is really required is SP2 + some
post SP2 hotfix. Again, this is only a guess on my part. Since our
internal standard is SP3, we didn't spend anytime investigating - we
just installed SP3.  
-Original Message-
From: Andy David [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 21, 2003 10:11 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] SP4


Is the patch supported on Windows 2000 Service Pack 2? 
This security patch will install on Windows 2000 Service Pack 2.
However, Microsoft no longer supports this version, according to the
Microsoft Support Lifecycle policy found at
http://support.microsoft.com/lifecycle. In addition, this security patch
has only received minimal testing on Windows 2000 Service Pack 2.
Customers are strongly advised to upgrade to a supported service pack as
soon as possible. Microsoft Product Support Services will support
customers who have installed this patch on Windows 2000 Service Pack 2
if a problem results from installation of the patch. "
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS03-026.asp


- Original Message - 
From: Hutchins, Mike 
To: [EMAIL PROTECTED] 
Sent: Thursday, August 21, 2003 10:36 AM
Subject: RE: [ActiveDir] SP4


sp3




From: Roger Seielstad [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 21, 2003 8:34 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] SP4


The patch to stop the MSBlast virus only requires SP2 be installed on
the machine.


-- 
Roger D. Seielstad - MTS MCSE MS-MVP 
Sr. Systems Administrator 
Inovis Inc. 
-Original Message-
From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 21, 2003 10:28 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] SP4


Has anyone had issues with SP4 on DC's?
We are getting hammered by the latest virus.




Don

RE: [ActiveDir] MS SharePoint Server

2003-06-27 Thread William Lefkovics

Title: Message



http://groups.yahoo.com/group/sharepoint as 
well.
 
William


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
JoeSent: Friday, June 27, 2003 3:37 AMTo: 
[EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: 
RE: [ActiveDir] MS SharePoint Server

You 
probably want to look at the microsoft.public.sharepoint.* and 
microsoft.public.sharepointportalserver.* newsgroups through your local News 
Server or news.microsoft.com for suggestions/help on that product. 

 
 
  
joe
 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Jochen AndriesSent: Friday, June 27, 2003 6:20 
  AMTo: [EMAIL PROTECTED]; 
  [EMAIL PROTECTED]Subject: [ActiveDir] MS SharePoint 
  Server
  
  Hello,
   
  Is there 
  anybody out there who has got experience with MS SharePoint Server 
  I’m 
  looking for a solution :
   
  We have 
  several “maps”, all numbered.  In 
  these maps are some documents (offer, offer-confirmation, worksheet, …).  Now, it’s a soup.  You can find some (digital, not 
  printed) documents here, others there,…
   
  Is 
  SharePoint Server THE solution for my problem ?  Or should I get lost and try to find a 
  SharePoint-mailing list 
?
   
  Greetings,
  Jochen 
  Andries
  Network-Admin 
  Mercator Press
  Jabbeke 
  - Belgium

Re: [ActiveDir] Active Directory Monitoring with MOM

2003-06-11 Thread William Lefkovics

Title: Message



Even though we set aside a single day in May as 
MOM's day, we really should show our appreciation for it every day.
I have fully embraced MOM as a monitoring 
solution.  It was the Exchange 2000/2003 Management packs that made the 
difference.
 
If Exchange is in your environment, I certainly 
recommend it or at least recommend you consider it as one of your 
options.
 
http://www.microsoft.com/mom/
 
Monitoring Exchange 2000 with Microsoft Operations 
Manager 2000:
http://snurl.com/1k5a
 
All the big names have monitoring 
tools.
www.netiq.com 
<-- grandma (MOM's mom)
www.aelita.com
www.quest.com
 
I prefer MOM at this point.
 
William
 
 

  - Original Message - 
  From: 
  Chris 
  Flesher 
  To: [EMAIL PROTECTED] 
  
  Sent: Wednesday, June 11, 2003 10:13 
  AM
  Subject: [ActiveDir] Active Directory 
  Monitoring with MOM
  
  I'm wondering if 
  anyone uses Microsoft Operations Manager to monitor their AD infrastructure? 
  If not, what other product(s) are used, and how do you feel about them? What 
  are the relative costs for the product?
   
  Chris 
  Flesher

RE: [ActiveDir] NT SUPPORT extended

2003-01-29 Thread William Lefkovics

Title: Message



Or is 
responsive to customers needs and requests.  Or is not afraid of 
change.  Or is flexible in its policies.
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]] On Behalf Of Carlos 
MagalhaesSent: Wednesday, January 29, 2003 11:23 PMTo: 
'[EMAIL PROTECTED]'


Shows a company that is 
either not sure of them self's or is changing direction 
 

Regards,
Carlos 
Magalhaes
 
-Original 
Message-From: Barry 
Patterson [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 9:19 
AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] NT SUPPORT 
extended
 

Yea, they seem to 
be changing their mind a lot lately.

 

  -Original 
  Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
  On Behalf Of Carlos 
  MagalhaesSent: Thursday, 
  January 30, 2003 12:56 AMTo: 
  '[EMAIL PROTECTED]'Subject: [ActiveDir] NT SUPPORT 
  extended
  
  Guys check this 
  out:
  
   
  
  http://www.computerworld.com/managementtopics/management/helpdesk/story/0,10801,77950,00.html?SKC=management-77950

RE: [ActiveDir] Split Brain DNS and AD Namespace

2003-01-29 Thread William Lefkovics

 
The split DNS with contiguous namespace is suitable and preferable for
most installations.

You might actually ask 'is there a compelling reason NOT to use the same
namespace'.

(See the Getronics.com Active Directory case study at microsoft.com for
an example)

William 
 
 
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Nevan McAlynn
Sent: Wednesday, January 29, 2003 12:21 PM
To: [EMAIL PROTECTED]

When using the split brain DNS model, securing the internal DNS servers,
are there any compelling reasons not to use the same top-level domain
name for the Active Directory?

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD Administration Tools Suvey

2002-04-08 Thread William Lefkovics

Title: Message



Only 
when they turn their SPAM off.  (Hi Andrew Kordek ([EMAIL PROTECTED]))
 
(ask a 
question in September and can't get off their mailings for 
months).
 
Otherwise, I'm sure they're perfectly alright.  

 
William

  -Original Message-From: Rakes, Brandon A. NMIMC 
  Contractor [mailto:[EMAIL PROTECTED]]Sent: Monday, April 08, 
  2002 8:27 AMTo: '[EMAIL PROTECTED]'Subject: 
  RE: [ActiveDir] AD Administration Tools Suvey
  
  You might want to 
  check out a product called ActiveRoles from Quest Software. They offer a whole 
  bunch of different products to manage your AD 
  environment.
   
  http://www.quest.com/solutions/ms_admin_and_deployment.asp
   
  On another note I 
  think I might work right across the street from you. 
  
   
  -Original 
  Message-From: Myrick, 
  Todd (CIT) [mailto:[EMAIL PROTECTED]] Sent: Monday, April 08, 2002 9:03 
  AMTo: 
  '[EMAIL PROTECTED]'Subject: [ActiveDir] AD Administration 
  Tools Suvey
   
  
  Our group is in the process of 
  evaluating some 3rd party tools to assist in delegation and administration of 
  our Active Directory technology. We are evaluating the products based on 6 key 
  areas.
  
   
  
  1.  Role / Trustee 
  delegation
  
  2.  Control View of 
  resources
  
  3.  Data Validation & 
  Rule Sets
  
  4.  Group Policy 
  Management
  
  5.  
  Reporting
  
  6.  Web based 
  administration
  
   
  
  We are also evaluating Native 
  Delegation vs Proxy based Delegation.
  
   
  
  What I am fishing for from this 
  community is some experiences and possibly some recommendations from this 
  group on some of the Admin consoles you folks 
  use.
  
   
  
  Thanks 
  
  
   
  
  Todd

RE: [ActiveDir] Mixed mode

2002-04-04 Thread William Lefkovics

Title: Message



No we 
wouldn't have. ;o)
 
William

  -Original Message-From: Joe Sargent 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, April 04, 2002 7:23 
  AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Mixed mode
  I 
  spoke too quick.  I learned something today.  Thanks for not flaming 
  me.  I am on an Exchange list that would have burnt me for this 
  one.
   
  Thanks,
  Joe 
  S.
  

-Original Message-From: David M Ha 
[mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 
9:57 AMTo: '[EMAIL PROTECTED]'Subject: RE: 
[ActiveDir] Mixed mode
Rachui is correct.  Native mode is domain-specific not 
forest.

  
  -Original Message-From: Rachui, 
  Scott [mailto:[EMAIL PROTECTED]] Sent: Thursday, 
  April 04, 2002 8:51 AMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Mixed 
  mode
  Actually, I don't think that's true.  You can change the mode 
  of a single domain from mixed to native, but this doesn't force a change 
  in other domains.  In fact, I've added child domains to a native 
  parent domain, and have had to go back and manually change to mode to 
  native mode.  So I think I'm right in saying that the mode (native 
  vs. mixed) is specific to the domain versus the entire 
  forest.
  
-Original Message-From: Joe Sargent 
[mailto:[EMAIL PROTECTED]]Sent: Thursday, April 04, 2002 
8:52 AMTo: [EMAIL PROTECTED]Subject: 
RE: [ActiveDir] Mixed mode
Nope.  Once in native mode the whole forest must be 
native.  Only other forest can be mixed and connected via 
trust.

  
  -Original Message-From: Brian 
  Pietrewicz [mailto:[EMAIL PROTECTED]] Sent: Thursday, 
  April 04, 2002 9:27 AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Mixed 
  mode
  
  Hello 
  everyone,
   
  If you have a root domain 
  in native mode, can you add a child to that root domain in mixed 
  mode?
   
  Thanks,
   
  Brian Pietrewicz

RE: [ActiveDir] Hard Disk size limitation on Win2k

2002-03-19 Thread William Lefkovics




http://support.microsoft.com/default.aspx?scid=kb;EN-US;q257184
 
Exchange2000 databases are moved fairly easily.  
Consider adding a new, bigger drive in there.
 
William Lefkovics, MCSE, A+, 
ExchangeMVP
 

  -Original Message-From: Oluwaseyi Owoeye 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, March 19, 2002 
  7:52 AMTo: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Hard Disk size limitation on Win2k
  
   
   
  Hi 
  guys,
   
  I have 
  Exchange 2000 running on Windows 2000. Now my exchange partition is about 10GB 
  AND 9.2GB has been used up. There are presently 2 partions on my hard disk, 
  both are 10GB each and the second partition is 
  empty.
   
  The 
  exchange server has been acting up because of the size problem. Is there a way 
  I can Increase the size of the 10GB partion to about 
  15gb?
   
  Thanks 
  guys,

RE: [ActiveDir] Active Directory Replication

2002-03-19 Thread William Lefkovics




You 
can move stores fairly easy in exchange2000.  Dismount.  Edit the 
path.  Move the store.  Mount.
 
William

  -Original Message-From: Oluwaseyi Owoeye 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, March 19, 2002 
  7:50 AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Active Directory Replication
  
  Hi 
  guys,
   
  I have 
  Exchange 2000 running on Windows 2000. Now my exchange partition is about 10GB 
  AND 9.2GB has been used up. There are presently 2 partions on my hard disk, 
  both are 10GB each and the second partition is 
  empty.
   
  The 
  exchange server has been acting up because of the size problem. Is there a way 
  I can Increase the size of the 10GB partion to about 
  15gb?
   
  Thanks 
  guys,

RE: [ActiveDir] DNS control

2002-03-13 Thread William Lefkovics


With AD integration, this ain't your father's DNS.

This is shared function here as we are at the server level split between
Unix and Windows in separate zones.  We have done similar to what you
propose.  Communication MUST be there.  Each must know what the other is
doing.

I am not sure what you mean by 'Y2K DNS'.

William Lefkovics, MCSE, A+, ExchangeMVP
Senior Systems Analyst - Messaging and Collaboration
Illuminet - A Verisign Company


-Original Message-
From: DeGrands, Charles [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 12, 2002 12:42 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] DNS control


Hello all,
I need some advice on DNS, please.  Who controls DNS in your organization?
We currently use Y2K DNS for our internal and external zones.  The security
team has brought up the possibility of taking over the DNS structure.  We,
on the AD team, feel it would be a bad deal for internal resolution but
we'll give up external zones.  We are concerned that the new security
officer came from old school DNS and doesn't understand the tight
integration that Y2K involves.   This is just sort and sweet to see if I can
generate any comments for you.
Thanks in advance.
Charles
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Exchange

2002-03-13 Thread William Lefkovics




In the 
past, I have deployed a custom MMC (.msc) with both Exchange System Manager and 
AD Users and Computers to the people that need access to Exchange as an 
alternative to installing the management components from the Exchange2000 
CD.
 
William Lefkovics, MCSE, A+, 
ExchangeMVP
 
 

  -Original Message-From: SALANDRA, JUSTIN 
  [mailto:[EMAIL PROTECTED]]Sent: Wednesday, March 13, 2002 7:45 
  AMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] Exchange
  
  When 
  you install Exchange 2000 it actually replaces the Active Directory Users and 
  Computers MMC with one from the Exchange 2000 CD.  I would suggest trying to copy over 
  this file to your opther domain controllers, or they may be a way for you to 
  install just the management utilities from the Exchange 2000 CD on to each 
  machine.
   
  Justin A. Salandra, 
  MCSE
  Senior Network 
  Engineer
  Catholic Healthcare 
  System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
   
   
  -Original 
  Message-From: Jon 
  Sellers [mailto:[EMAIL PROTECTED]]Sent: Wednesday, March 13, 2002 9:16 
  AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] 
  Exchange
   
  I have 
  a windows 2000 Domain and recently installed Exchange 2000 however none of the 
  tabs on AD users and computers for exchange have replicated to the other DCs 
  What could be the cause of this, is the ADC required for a Win2k and 
  Exchange2k environment? Ant help would be appreciated
   
  Jon 
  Sellers

RE: [ActiveDir] Clusters - Good or Bad idea?

2002-03-05 Thread William Lefkovics

Unless you can make it specific to Active Directory?

-Original Message-
From: Christopher Hummert [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 1:14 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Clusters - Good or Bad idea?

I would love to argue over it but since it's not right for the mailing
list you can e-mail me at [EMAIL PROTECTED]

-Chris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of David Abbishaw
Sent: Tuesday, March 05, 2002 1:05 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Clusters - Good or Bad idea?

Love to see you running ASP on linux without spending megabucks on
chillisoft!

- Original Message -
From: "Christopher Hummert" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 05, 2002 5:59 PM
Subject: RE: [ActiveDir] Clusters - Good or Bad idea?

Oh I hate to say this cause I think I'm going to get flamed but oh well.
If you want a reliable webserver farm you should look to Linux or bsd
running apache. -Chris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Mike Tonazzi
Sent: Tuesday, March 05, 2002 8:58 AM
To: [EMAIL PROTECTED]
Subject: AW: [ActiveDir] Clusters - Good or Bad idea?

I am specially interested in NLB (network load balancing) for a
webserver farm. Here is what I found on Microsoft's Website (it's a
overview over Clustering and Network Load Balancing)

http://www.microsoft.com/windows2000/advancedserver/evaluation/business/
overview/advanced.asp

But: Is this the right platform to discuss? Aren't there other
newsgroups or mailinglists more specifing concernig this issue?

Mike

-Ursprüngliche Nachricht-
Von: England, Christopher M [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 5. März 2002 17:49
An: '[EMAIL PROTECTED]'
Betreff: RE: [ActiveDir] Clusters - Good or Bad idea?

I am looking at buying new servers as well and we are looking into
Clustering or any other means of hardware and software redundancy. I am
pretty sure Advanced Server does clustering as well as load balancing,
and I think new servers can be brought in after the cluster is created.
One bad thing about Advanced Server and clustering techniques, from what
I understand, is that it is a more advanced setup and would require a
higher learning curve and more monitoring and maintenance. Not that that
is a concern for any of us, but time is a key element we must look at
here as well.

I am interested in what people have to say about this technology as
well, as it will be one of the major factors when we go to buy our new
server machines.

Thanks,
Chris England

---
Christopher England, MCP
Server Administrator
College Information Technology Office
Indiana University

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 11:08 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Clusters - Good or Bad idea?

Hi All,

I am currently specing out a number of  new file and printers servers
for our HQ with about 700 users (at the moment). I'm considering using
W2K Advanced server to cluster machines. My first questions is, is this
a good idea? Can you load balance across servers?

Where I am coming from is I want the users at the site, to be able to
connect to the machine(s) with one name using the same disk array. There
could be 4 or more servers in the cluster, if one of the servers fails,
the users get moved over to one of the working machines. Also, can it
load balances itself across the machines. For expandability, if we find
we need more storage or disk capacity, we can just add another server to
the cluster or more disk to the external device?

Is this possible in a File and Print only environment, or am I living in
a dream world?

Thanks for you comments

Jamie Simcox
PC Network Technician
J C Bamford Excavators Ltd

___

J. C. Bamford Excavators Ltd.
Registered Office: Rocester, Staffordshire, England. ST14 5JP Registered
No. 561597 England
___

The contents of this Email communication are confidential to the
addressee. If you are not the intended recipient you may not disclose or
distribute this communication in any form but should immediately contact
the Sender. The information, images, documents and views expressed in
this Email are personal to the Sender and do not expressly or implicitly
represent official positions and policies of the J C B group of
companies ("JCB") and no authority exists on behalf of JCB to make any
agreements, representations or other binding commitment by means of
Email.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com

RE: [ActiveDir] Clusters - Good or Bad idea?

2002-03-05 Thread William Lefkovics


Why would you get flamed for that?  It certainly is an option.  Slightly
more difficult to incorporate applications leveraging AD, but certainly an
option.

If only I could get Exchange2000 Outlook Web Access on there.

-Original Message-
From: Christopher Hummert [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 10:00 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Clusters - Good or Bad idea?


Oh I hate to say this cause I think I'm going to get flamed but oh well.
If you want a reliable webserver farm you should look to Linux or bsd
running apache.
-Chris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Mike Tonazzi
Sent: Tuesday, March 05, 2002 8:58 AM
To: [EMAIL PROTECTED]
Subject: AW: [ActiveDir] Clusters - Good or Bad idea?


I am specially interested in NLB (network load balancing) for a
webserver farm. Here is what I found on Microsoft's Website (it's a
overview over Clustering and Network Load Balancing)
 
http://www.microsoft.com/windows2000/advancedserver/evaluation/business/
overview/advanced.asp
 
 
But: Is this the right platform to discuss? Aren't there other
newsgroups or mailinglists more specifing concernig this issue?
 
Mike

-Ursprüngliche Nachricht-
Von: England, Christopher M [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 5. März 2002 17:49
An: '[EMAIL PROTECTED]'
Betreff: RE: [ActiveDir] Clusters - Good or Bad idea?


I am looking at buying new servers as well and we are looking into
Clustering or any other means of hardware and software redundancy. I am
pretty sure Advanced Server does clustering as well as load balancing,
and I think new servers can be brought in after the cluster is created.
One bad thing about Advanced Server and clustering techniques, from what
I understand, is that it is a more advanced setup and would require a
higher learning curve and more monitoring and maintenance. Not that that
is a concern for any of us, but time is a key element we must look at
here as well.
 
I am interested in what people have to say about this technology as
well, as it will be one of the major factors when we go to buy our new
server machines.
 
Thanks,
Chris England
 
--- 
Christopher England, MCP
Server Administrator 
College Information Technology Office 
Indiana University 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, March 05, 2002 11:08 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Clusters - Good or Bad idea?



Hi All, 

I am currently specing out a number of  new file and printers servers
for our HQ with about 700 users (at the moment). I'm considering using
W2K Advanced server to cluster machines. My first questions is, is this
a good idea? Can you load balance across servers? 

Where I am coming from is I want the users at the site, to be able to
connect to the machine(s) with one name using the same disk array. There
could be 4 or more servers in the cluster, if one of the servers fails,
the users get moved over to one of the working machines. Also, can it
load balances itself across the machines. For expandability, if we find
we need more storage or disk capacity, we can just add another server to
the cluster or more disk to the external device? 

Is this possible in a File and Print only environment, or am I living in
a dream world? 


Thanks for you comments 


Jamie Simcox
PC Network Technician
J C Bamford Excavators Ltd


___

J. C. Bamford Excavators Ltd.
Registered Office: Rocester, Staffordshire, England. ST14 5JP Registered
No. 561597 England
___

The contents of this Email communication are confidential to the
addressee. If you are not the intended recipient you may not disclose or
distribute this communication in any form but should immediately contact
the Sender. The information, images, documents and views expressed in
this Email are personal to the Sender and do not expressly or implicitly
represent official positions and policies of the J C B group of
companies ("JCB") and no authority exists on behalf of JCB to make any
agreements, representations or other binding commitment by means of
Email.


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Clusters - Good or Bad idea?

2002-03-05 Thread William Lefkovics

Title: Message



This 
would be the consensus in the Exchange community as well.  Clusters are 
great and all, but businesses need a positive cost-benefit analysis, and 
frankly, the extra few thousand could be better spent elsewhere if best 
practices are maintained.
 
William Lefkovics, MCSE, A+

  -Original Message-From: Christopher Hummert 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, March 05, 2002 9:09 
  AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Clusters - Good or Bad idea?
  Yea 
  it seems that your spending more money then your really need too. Using a raid 
  1 or 5 configuration, and some type of tape backup would be what I would do. 
  And if the entire server died one day I'm sure you have some type of backup 
  server that you could move stuff over to
   
  -Chris
  

-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]] On Behalf Of England, 
Christopher MSent: Tuesday, March 05, 2002 9:04 AMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Clusters - 
Good or Bad idea?
Actually the main reason my organization wants to go clustering is 
for hardware redundancy (not just hard disks and power and memory, but if a 
MoBo fails, we are still ok). I think it is overkill for a file server. 
Ideas? Thoughts?
 
Chris

  
  -Original Message-From: Morgan, 
  Joshua [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 05, 
  2002 11:58 AMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Clusters 
  - Good or Bad idea?
  It sort of depends on the apps you want to 
  cluster.
  Can you give us an idea of what you are looking at, as far as apps 
  go
   
   
  Joshua 
  Morgan PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] 
  

-Original Message-From: England, 
Christopher M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 
March 05, 2002 11:49 AMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] 
Clusters - Good or Bad idea?
I am looking at buying new servers as well and we are looking 
into Clustering or any other means of hardware and software redundancy. 
I am pretty sure Advanced Server does clustering as well as load 
balancing, and I think new servers can be brought in after the cluster 
is created. One bad thing about Advanced Server and clustering 
techniques, from what I understand, is that it is a more advanced 
setup and would require a higher learning curve and more monitoring and 
maintenance. Not that that is a concern for any of us, but time is a key 
element we must look at here as well.
 
I am interested in what people have to say about this technology 
as well, as it will be one of the major factors when we go to buy our 
new server machines.
 
Thanks,
Chris England
 
--- 
Christopher England, MCPServer Administrator 
College Information 
Technology Office Indiana University 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 
  Tuesday, March 05, 2002 11:08 AMTo: 
  '[EMAIL PROTECTED]'Subject: [ActiveDir] Clusters 
  - Good or Bad idea?Hi All, I am 
  currently specing out a number of  new file and printers servers 
  for our HQ with about 700 users (at the moment). I'm considering using 
  W2K Advanced server to cluster machines. My first questions is, is 
  this a good idea? Can you load balance across servers? 
  Where I am coming from is 
  I want the users at the site, to be able to connect to the machine(s) 
  with one name using the same disk array. There could be 4 or more 
  servers in the cluster, if one of the servers fails, the users get 
  moved over to one of the working machines. Also, can it load balances 
  itself across the machines. For expandability, if we find we need more 
  storage or disk capacity, we can just add another server to the 
  cluster or more disk to the external device? Is this possible in a File and Print only 
  environment, or am I living in a dream world? Thanks for you comments Jamie SimcoxPC Network 
  TechnicianJ C Bamford Excavators Ltd___J. 
  C. Bamford Excavators Ltd.Registered Office: Rocester, 
  Staffordshire, England. ST14 5JPRegistered No. 561597 
  England___The 
  contents of this Email communication are confidential to the 
  addressee.If you are not the intended recipient

RE: [ActiveDir] AD Restores

2002-02-21 Thread William Lefkovics

This was our scenario as well.  I wanted to understand why the schema
changes remained.  

-Original Message-
From: Ayers, Diane [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 9:00 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] AD Restores

Another point I discovered this week doing an authoritative restore in our
lab this week.  We had fired off a run of our ADC which populated the AD
with a number of new objects and updated a number of existing objects.  We
wanted to rerun the test so we rolled back the AD database with a
authoritative restore with a backup we did right before the ADC CA was run.

We discovered that the authoritative restore will rollback any existing
objects to the previous state but any new objects will remain in the
directory after the restore.  In our case, we were able to manually delete
these objects for our test.

Diane

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 9:39 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD Restores

Thanks Scott.  As usual, you and Dean are right.

I also found some further information in the following document:

http://www.microsoft.com/windows2000/docs/adboc10d.doc

The relevant paragraph is shown below:

Important.  Only the domain and configuration partitions can be marked as
authoritative. The schema cannot be authoritatively restored because it
might endanger data integrity. For example, if the schema was modified and
then objects of the new or modified class schema object were created,
subsequent authoritative restore might replace the new or modified classes,
thereby causing serious data consistency problems.

Tony

-- Original Message --
From: "Rachui, Scott" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Wed, 20 Feb 2002 09:32:28 -0800

You can't do an authoritative restore to undo changes to the Schema.  The
following paragraph from the Active Directory Disaster Recovery document
available on Microsoft's website explains this:

An authoritative restore will not overwrite new objects that have been
created after the backup was taken. It can only be carried out on objects
from the configuration and domain contexts. Authoritative restores of schema
naming contexts are not supported.

The Schema is in another partition (the Schema partition), and that
partition can't be restored authoritatively.  Only the configuration and the
domain partitions can be restored.

So the moral is, once you make a change to the Schema, you're stuck with it.
At least until the next version of AD.

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 11:26 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD Restores

It might have something to do with the fact that membership of the Schema
Admins group is required to make changes to the schema.  Another issue might
be whether the "Schema Update Allowed" registry entry has been set
correctly.

I also seem to remember reading something about schema changes re-setting
the USNs to zero.  I don't know what effect this might have when an
authoritative restore is performed.

Tony

-- Original Message --
From: William Lefkovics <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Wed, 20 Feb 2002 09:03:20 -0800

As we know, schema changes are basically permanent.  

In a multi-DC environment, why wouldn't an authoritative restore from a
pre-schema change, system-state backup return the AD to the same condition
as prior to schema changes?  Why do the schema changes, though ineffective,
remain?

Regards,

William

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD Restores

2002-02-20 Thread William Lefkovics

Thanks guys.

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 9:39 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD Restores

Thanks Scott.  As usual, you and Dean are right.

I also found some further information in the following document:

http://www.microsoft.com/windows2000/docs/adboc10d.doc

The relevant paragraph is shown below:

Important.  Only the domain and configuration partitions can be marked as
authoritative. The schema cannot be authoritatively restored because it
might endanger data integrity. For example, if the schema was modified and
then objects of the new or modified class schema object were created,
subsequent authoritative restore might replace the new or modified classes,
thereby causing serious data consistency problems.

Tony

-- Original Message --
From: "Rachui, Scott" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Wed, 20 Feb 2002 09:32:28 -0800

You can't do an authoritative restore to undo changes to the Schema.  The
following paragraph from the Active Directory Disaster Recovery document
available on Microsoft's website explains this:

An authoritative restore will not overwrite new objects that have been
created after the backup was taken. It can only be carried out on objects
from the configuration and domain contexts. Authoritative restores of schema
naming contexts are not supported.

The Schema is in another partition (the Schema partition), and that
partition can't be restored authoritatively.  Only the configuration and the
domain partitions can be restored.

So the moral is, once you make a change to the Schema, you're stuck with it.
At least until the next version of AD.

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 11:26 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD Restores

It might have something to do with the fact that membership of the Schema
Admins group is required to make changes to the schema.  Another issue might
be whether the "Schema Update Allowed" registry entry has been set
correctly.

I also seem to remember reading something about schema changes re-setting
the USNs to zero.  I don't know what effect this might have when an
authoritative restore is performed.

Tony

-- Original Message ------
From: William Lefkovics <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Wed, 20 Feb 2002 09:03:20 -0800

As we know, schema changes are basically permanent.  

In a multi-DC environment, why wouldn't an authoritative restore from a
pre-schema change, system-state backup return the AD to the same condition
as prior to schema changes?  Why do the schema changes, though ineffective,
remain?

Regards,

William

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD Restores

2002-02-20 Thread William Lefkovics

Understood.  (and read).

Thanks.

-Original Message-
From: Rachui, Scott [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 9:32 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD Restores

You can't do an authoritative restore to undo changes to the Schema.  The
following paragraph from the Active Directory Disaster Recovery document
available on Microsoft's website explains this:

An authoritative restore will not overwrite new objects that have been
created after the backup was taken. It can only be carried out on objects
from the configuration and domain contexts. Authoritative restores of schema
naming contexts are not supported.

The Schema is in another partition (the Schema partition), and that
partition can't be restored authoritatively.  Only the configuration and the
domain partitions can be restored.

So the moral is, once you make a change to the Schema, you're stuck with it.
At least until the next version of AD.

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 11:26 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD Restores

It might have something to do with the fact that membership of the Schema
Admins group is required to make changes to the schema.  Another issue might
be whether the "Schema Update Allowed" registry entry has been set
correctly.

I also seem to remember reading something about schema changes re-setting
the USNs to zero.  I don't know what effect this might have when an
authoritative restore is performed.

Tony

-- Original Message ----------
From: William Lefkovics <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Wed, 20 Feb 2002 09:03:20 -0800

As we know, schema changes are basically permanent.  

In a multi-DC environment, why wouldn't an authoritative restore from a
pre-schema change, system-state backup return the AD to the same condition
as prior to schema changes?  Why do the schema changes, though ineffective,
remain?

Regards,

William

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD Restores

2002-02-20 Thread William Lefkovics


I thought it might be simple.  So schema changes are permanent, regardless
of backup/restore methodology?

I know it was not a permissions issue.



-Original Message-
From: Dean Wells [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 9:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD Restores


The schema cannot be authoritatively restored.

--
Dean Wells
MSEtechnology
* Tel: +1 (954) 501-4307
* Email: [EMAIL PROTECTED]
http://msetechnology.com



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of William
Lefkovics
Sent: Wednesday, February 20, 2002 12:03 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] AD Restores



As we know, schema changes are basically permanent.  

In a multi-DC environment, why wouldn't an authoritative restore from a
pre-schema change, system-state backup return the AD to the same condition
as prior to schema changes?  Why do the schema changes, though ineffective,
remain?

Regards,

William





List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD Restores

2002-02-20 Thread William Lefkovics


Thank you Tony.  I'll look at those.

Permissions are not at issue (membership to schema, enterprise and domain
admin groups with no GPOs).

William


-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 9:26 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD Restores


It might have something to do with the fact that membership of the Schema
Admins group is required to make changes to the schema.  Another issue might
be whether the "Schema Update Allowed" registry entry has been set
correctly.

I also seem to remember reading something about schema changes re-setting
the USNs to zero.  I don't know what effect this might have when an
authoritative restore is performed.

Tony

-- Original Message ------
From: William Lefkovics <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Wed, 20 Feb 2002 09:03:20 -0800


As we know, schema changes are basically permanent.  

In a multi-DC environment, why wouldn't an authoritative restore from a
pre-schema change, system-state backup return the AD to the same condition
as prior to schema changes?  Why do the schema changes, though ineffective,
remain?

Regards,

William





List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] AD Restores

2002-02-20 Thread William Lefkovics



As we know, schema changes are basically permanent.  

In a multi-DC environment, why wouldn't an authoritative restore from a
pre-schema change, system-state backup return the AD to the same condition
as prior to schema changes?  Why do the schema changes, though ineffective,
remain?

Regards,

William





List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

37 matches

Mail list logo