Re: Re: [ActiveDir] OT: Request for Test AD Poplulation Data
All depends on who he asks Sadly, I didn't have time to dig it up before jetting out for sunny, tropical, Madison, Wi this AM. Sorry, Mark > > From: Tomasz Onyszko <[EMAIL PROTECTED]> > Date: 2006/01/03 Tue AM 09:49:22 EST > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] OT: Request for Test AD Poplulation Data > > Rick Kingslan wrote: > > Tomasz, I think that Mark is looking to populate his metabase with data > > other than User 1, User 2, User 3, etc. with simple or blank attributes. > > So, he's looking for stuff like Homer Simpson, with all of the user data, > > then Marge, etc. > > So stuill I don't think he will find such .. I use vbscript to populate > my AD with test data. > > -- > Tomasz Onyszko > http://www.w2k.pl > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: RE: [ActiveDir] trust question
I suspect that it comes from all of the external trusts that people have established with existing NT4 environments and not changing their tactics because the LMHosts and NetBIOS things work with NT4. First shot on Win2k to Win23 - fire up LMHosts and get it working. Yes - DNS will work, but as I said in my post earlier this week, sometimes the familiar and simpler methods make sense when you 5 million other problesm that are quite large. However, DNS or WINS (there, joe... happy? :) is the preferred method, without question as it provides a much more 'universal' mechanism for name resolution between the two entities once in place. Rick > > From: "Dean Wells" <[EMAIL PROTECTED]> > Date: 2005/08/13 Sat AM 11:32:26 EDT > To: "Send - AD mailing list" <[EMAIL PROTECTED]> > Subject: RE: [ActiveDir] trust question > > I'm really not certain where this very common misunderstanding comes from, > neither Windows 2000 nor Windows 2003 (nor Longhorn for that matter) > requires NetBIOS in order to establish a trust. The locator mechanisms > employed to establish the trust are dependant exclusively upon the ability > to resolve the trust partner, a role which DNS is more than able to fulfill. > This is true to say of external, cross-forest and realm trusts (as far as I > can recollect however, NT does impose a NetBIOS dependency). > > One of the most common reasons for trust creation failure is the scenario > where each domain uses an isolated DNS name resolution hierarchy, enabling > NetBIOS often appears to resolve this (no pun intended) since broadcast, > WINS or LMHOSTS mechanisms are triggered and are typically more tolerant in > these instances. > > -- > Dean Wells > MSEtechnology > * Email: [EMAIL PROTECTED] > http://msetechnology.com > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mylo > Sent: Saturday, August 13, 2005 9:46 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] trust question > > Tom, > > Had to do this a few months back in a 3-way love triangle between NT4, 2K > and 2K3 :-) ... even between 2k and 2k3 I don't believe that NetBIOS has > been deprecated... so, yes you still need NetBIOS for the trust > creation process try creating the trust with NetBIOS (e.g. > LMHOSTS with 1xB and 1xC entries) enabled and then disable it and validate > the trust afterwards... It could be for the trust creation only that it > needs to be turned on.. > Cheers > Mylo > > Tom Kern wrote: > > >I can't find a clear answer- > >when you form a trust between the root of a win2k3 forest and a child > >domain of a win2k forest, is netbios used at all? > >is this trust all done through dns? > > > >this is NOT a forest trust but an external trust. > > > >we are about to migrate to a new forest. the old forest has netbios/tcp > >turned off and so will the new forest. > > > >when an external trust is formed between a win2k3 and win2k domain, is > >wins/netbios needed? > > > >thanks > >List info : http://www.activedir.org/List.aspx > >List FAQ: http://www.activedir.org/ListFAQ.aspx > >List archive: > >http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: RE: [ActiveDir] Domain Admins Group Membership
Yeah - I saw that after reading the other posts. However, I wasn't going to post a follow-up just to call attention to myself. Thanks for your help, Guido! You blew THAT plan! ;o) Rick > > From: "Grillenmeier, Guido" <[EMAIL PROTECTED]> > Date: 2005/06/27 Mon PM 05:40:11 EDT > To: > Subject: RE: [ActiveDir] Domain Admins Group Membership > > Rick - you should have taken the time to read the other posts ;-) > > He wants to grant admin access to memberservers, which you won't achieve > by adding the domain A users to domain B's administrator group... > > /Guido > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Montag, 27. Juni 2005 23:31 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Domain Admins Group Membership > > Juan, > > You won't be able to add users from another domain to the Domain Admins > group. The Domain Admins group is a global group, and rules for Globals > Groups are that they can contain users from the domain in which the > global group was created. > > By that rule, only users of Domain A may be members of the Domain Admins > group of Domain A. > > However, IIRC, the Administrators group is a special group or a Domain > Local group, and will allow the add of users from Domain B. > > Rick > > > > > From: "Ibarra, Juan" <[EMAIL PROTECTED]> > > Date: 2005/06/27 Mon AM 11:24:58 EDT > > To: > > Subject: [ActiveDir] Domain Admins Group Membership > > > > Hi, > > > > > > > > I need to add certain users from domain B, Win 2000 Domain, to the > > Domain Admins group of Domain A, Windows 2003 Domain. There is a two > > way trust between the two domains; however, I don't seem to find the > way > > to do this. I am able to add users to shares but not the group. > > > > > > How could I accomplish this? > > > > > > > > Thanks, > > > > Juan > > > > > > > > > > > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Domain Admins Group Membership
Juan, You won't be able to add users from another domain to the Domain Admins group. The Domain Admins group is a global group, and rules for Globals Groups are that they can contain users from the domain in which the global group was created. By that rule, only users of Domain A may be members of the Domain Admins group of Domain A. However, IIRC, the Administrators group is a special group or a Domain Local group, and will allow the add of users from Domain B. Rick > > From: "Ibarra, Juan" <[EMAIL PROTECTED]> > Date: 2005/06/27 Mon AM 11:24:58 EDT > To: > Subject: [ActiveDir] Domain Admins Group Membership > > Hi, > > > > I need to add certain users from domain B, Win 2000 Domain, to the > Domain Admins group of Domain A, Windows 2003 Domain. There is a two > way trust between the two domains; however, I don't seem to find the way > to do this. I am able to add users to shares but not the group. > > > How could I accomplish this? > > > > Thanks, > > Juan > > > > > > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] OT: GPO undefined definition
Yep - that is the prescribed behavior. Rick > > From: "Douglas M. Long" <[EMAIL PROTECTED]> > Date: 2005/06/27 Mon AM 10:14:42 EDT > To: > Subject: [ActiveDir] OT: GPO undefined definition > > > > > > If something is set to "undefined" in group policy, does it get set to > the Windows default all the time? > > > > The reason I ask is because I had Microsoft network server: Digitally > sign communications (always) set to enabled, then changed it to > undefined. I was thinking this would leave all those machines set to > enabled, and then I could just disable it on the single machine that I > wanted to, but it set them all to disabled (the Windows default). Is > this the correct behavior? > > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: RE: [ActiveDir] Integrate Linux with AD
Jennifer, The first solution that was presented to you by Tom [AD4Unix] is a solution that we've implemented in the past. It uses the schema extensions from SFU, and it's a fairly easy to manage and easy to install solution. Not lots of bells and whistles, and does require that all of your systems are a part of NIS - which can be arbitrarilly defined. IOW, it doesn't have to be an official and stringent NIS, just something for AD to know who is and who isn't playing in your ballpark. As to SFU 3.5, I believe that Rod Trent or Jackson suggested it, and you can certainly use it to great advantage as well. The VAS solution is a fantastic product, but many folks are put off by the cost. It all depends on how 'seamless' you want the solution, obviously offset by the 'pocket book' factor. Good luck! Rick Kingslan Microsoft MVP - Active Directory > > From: "Jennifer Fountain" <[EMAIL PROTECTED]> > Date: 2004/02/06 Fri PM 05:11:49 EST > To: <[EMAIL PROTECTED]> > Subject: RE: [ActiveDir] Integrate Linux with AD > > > > > Hot off the press. > > > > Solution Guide for Windows Security and Directory Services > > for UNIX Using Active Directory and Kerberos for > > authentication and identity store in a heterogeneous UNIX and > > Windows IT environment. > > > > http://www.microsoft.com/downloads/details.aspx?FamilyId=144F7 > > B82-65CF-4105- > > B60C-44515299797D&displaylang=en > > > > Could I use Services for Unix? Would that work instead of buying VAS? > > Jennifer > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
