subject:"RE\: Group Enumeration Issue"

RE: Group Enumeration Issue

2011-04-01 Thread Michael B. Smith

If you are using that account for day-to-day operations, please do nuke it.

Have one for admin operations and one for day-to-day use.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Phil Hershey [mailto:phers...@agia.com]
Sent: Friday, April 01, 2011 5:01 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

Turns out its tied to my account, although I'm a member of Domain Admins, 
Enterprise Admins, Schema Admins, Exchange Full Admins and others.  Most 
puzzling.  I really don't want to have to nuke my account and start with a 
fresh one.


From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, March 31, 2011 6:50 AM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

Dcdiag and netdiag.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Phil Hershey [mailto:phers...@agia.com]
Sent: Wednesday, March 30, 2011 3:26 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

Tried promoting from global to universal, but it didn't help we apparently have 
bigger AD issues, symptoms of which are starting to bubble up.  No events in 
security event log, although the Default Domain Controller audit policy clearly 
as logon events, account logon events and other items set to monitor both 
successful and failed events.

(Tried to reply multiple times this morning, but kept being rejected by the 
list server for send an attachment, although there was never one.)


From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, March 29, 2011 2:53 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

Promote it.

Sent from my HTC Tilt 2, a Windows phone from AT&T

From: Phil Hershey 
Sent: Tuesday, March 29, 2011 5:27 PM
To: NT System Admin Issues 
Subject: RE: Group Enumeration Issue
Hi, Michael.

Global distribution.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, March 29, 2011 2:23 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

What kind of group?

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Phil Hershey [mailto:phers...@agia.com]
Sent: Tuesday, March 29, 2011 4:59 PM
To: NT System Admin Issues
Subject: Group Enumeration Issue

Odd problem that has just cropped up.  Domain with 4 DC's in 2 sites that are 
T3 connected, only about 350 users, native 2003 mode.  We have a problem with 
resolving the members of a single one of our ~100 distribution groups.  The 
server that holds all but one of the FSMO roles correctly shows all the member 
groups and users for this DL.  If I go to the Members tab for this DL on any of 
the other DCs, the members box is empty.  However if you try and add one of the 
groups or users that is actually already in this DL, you get a 'account name is 
already a member of the local group' error.  REPLMON shows all successful 
replications, and a REPADMIN /syncall DC /force all shows completion without 
errors.  Seems like we've got a problem with versioning on the DCs.  They're 
all Server 2003 32-bit Std Edition and fully patched.

Any ideas?

Thanks.

Phil Hershey
MCSE 2003: Security | MCITP - Enterprise Messaging Admin 2010
AGIA Insurance Services


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoft

Re: Group Enumeration Issue

2011-04-01 Thread Rankin, James R

Hope that's got a strong password :-)

Typed frustratingly slowly on my BlackBerry® wireless device

-Original Message-
From: "Phil Hershey" 
Date: Fri, 1 Apr 2011 14:01:19 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: Group Enumeration Issue

Turns out its tied to my account, although I'm a member of Domain
Admins, Enterprise Admins, Schema Admins, Exchange Full Admins and
others.  Most puzzling.  I really don't want to have to nuke my account
and start with a fresh one.

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, March 31, 2011 6:50 AM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

Dcdiag and netdiag.

Regards,

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

From: Phil Hershey [mailto:phers...@agia.com] 
Sent: Wednesday, March 30, 2011 3:26 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

Tried promoting from global to universal, but it didn't help we
apparently have bigger AD issues, symptoms of which are starting to
bubble up.  No events in security event log, although the Default Domain
Controller audit policy clearly as logon events, account logon events
and other items set to monitor both successful and failed events.

(Tried to reply multiple times this morning, but kept being rejected by
the list server for send an attachment, although there was never one.)

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, March 29, 2011 2:53 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

Promote it.

Sent from my HTC Tilt 2, a Windows phone from AT&T

From: Phil Hershey 
Sent: Tuesday, March 29, 2011 5:27 PM
To: NT System Admin Issues 
Subject: RE: Group Enumeration Issue

Hi, Michael.

Global distribution.

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, March 29, 2011 2:23 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

What kind of group?

Regards,

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

From: Phil Hershey [mailto:phers...@agia.com] 
Sent: Tuesday, March 29, 2011 4:59 PM
To: NT System Admin Issues
Subject: Group Enumeration Issue

Odd problem that has just cropped up.  Domain with 4 DC's in 2 sites
that are T3 connected, only about 350 users, native 2003 mode.  We have
a problem with resolving the members of a single one of our ~100
distribution groups.  The server that holds all but one of the FSMO
roles correctly shows all the member groups and users for this DL.  If I
go to the Members tab for this DL on any of the other DCs, the members
box is empty.  However if you try and add one of the groups or users
that is actually already in this DL, you get a 'account name is already
a member of the local group' error.  REPLMON shows all successful
replications, and a REPADMIN /syncall DC /force all shows completion
without errors.  Seems like we've got a problem with versioning on the
DCs.  They're all Server 2003 32-bit Std Edition and fully patched.

Any ideas?

Thanks.

Phil Hershey

MCSE 2003: Security | MCITP - Enterprise Messaging Admin 2010

AGIA Insurance Services

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe nts

RE: Group Enumeration Issue

2011-04-01 Thread Phil Hershey

Turns out its tied to my account, although I'm a member of Domain
Admins, Enterprise Admins, Schema Admins, Exchange Full Admins and
others.  Most puzzling.  I really don't want to have to nuke my account
and start with a fresh one.

 

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, March 31, 2011 6:50 AM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

 

Dcdiag and netdiag.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Phil Hershey [mailto:phers...@agia.com] 
Sent: Wednesday, March 30, 2011 3:26 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

 

Tried promoting from global to universal, but it didn't help we
apparently have bigger AD issues, symptoms of which are starting to
bubble up.  No events in security event log, although the Default Domain
Controller audit policy clearly as logon events, account logon events
and other items set to monitor both successful and failed events.

 

(Tried to reply multiple times this morning, but kept being rejected by
the list server for send an attachment, although there was never one.)

 

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, March 29, 2011 2:53 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

 

Promote it.

Sent from my HTC Tilt 2, a Windows phone from AT&T



From: Phil Hershey 
Sent: Tuesday, March 29, 2011 5:27 PM
To: NT System Admin Issues 
Subject: RE: Group Enumeration Issue

Hi, Michael.

 

Global distribution.

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, March 29, 2011 2:23 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

 

What kind of group?

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Phil Hershey [mailto:phers...@agia.com] 
Sent: Tuesday, March 29, 2011 4:59 PM
To: NT System Admin Issues
Subject: Group Enumeration Issue

 

Odd problem that has just cropped up.  Domain with 4 DC's in 2 sites
that are T3 connected, only about 350 users, native 2003 mode.  We have
a problem with resolving the members of a single one of our ~100
distribution groups.  The server that holds all but one of the FSMO
roles correctly shows all the member groups and users for this DL.  If I
go to the Members tab for this DL on any of the other DCs, the members
box is empty.  However if you try and add one of the groups or users
that is actually already in this DL, you get a 'account name is already
a member of the local group' error.  REPLMON shows all successful
replications, and a REPADMIN /syncall DC /force all shows completion
without errors.  Seems like we've got a problem with versioning on the
DCs.  They're all Server 2003 32-bit Std Edition and fully patched.

 

Any ideas?

 

Thanks.

 

Phil Hershey

MCSE 2003: Security | MCITP - Enterprise Messaging Admin 2010

AGIA Insurance Services

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with

RE: Group Enumeration Issue

2011-03-31 Thread Michael B. Smith

Dcdiag and netdiag.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Phil Hershey [mailto:phers...@agia.com]
Sent: Wednesday, March 30, 2011 3:26 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

Tried promoting from global to universal, but it didn't help we apparently have 
bigger AD issues, symptoms of which are starting to bubble up.  No events in 
security event log, although the Default Domain Controller audit policy clearly 
as logon events, account logon events and other items set to monitor both 
successful and failed events.

(Tried to reply multiple times this morning, but kept being rejected by the 
list server for send an attachment, although there was never one.)


From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, March 29, 2011 2:53 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

Promote it.

Sent from my HTC Tilt 2, a Windows phone from AT&T

From: Phil Hershey 
Sent: Tuesday, March 29, 2011 5:27 PM
To: NT System Admin Issues 
Subject: RE: Group Enumeration Issue
Hi, Michael.

Global distribution.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, March 29, 2011 2:23 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

What kind of group?

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Phil Hershey [mailto:phers...@agia.com]
Sent: Tuesday, March 29, 2011 4:59 PM
To: NT System Admin Issues
Subject: Group Enumeration Issue

Odd problem that has just cropped up.  Domain with 4 DC's in 2 sites that are 
T3 connected, only about 350 users, native 2003 mode.  We have a problem with 
resolving the members of a single one of our ~100 distribution groups.  The 
server that holds all but one of the FSMO roles correctly shows all the member 
groups and users for this DL.  If I go to the Members tab for this DL on any of 
the other DCs, the members box is empty.  However if you try and add one of the 
groups or users that is actually already in this DL, you get a 'account name is 
already a member of the local group' error.  REPLMON shows all successful 
replications, and a REPADMIN /syncall DC /force all shows completion without 
errors.  Seems like we've got a problem with versioning on the DCs.  They're 
all Server 2003 32-bit Std Edition and fully patched.

Any ideas?

Thanks.

Phil Hershey
MCSE 2003: Security | MCITP - Enterprise Messaging Admin 2010
AGIA Insurance Services


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Enumeration Issue

2011-03-30 Thread Christopher Bodnar

Do a DCDIAG with the /e /i switches and look closely at the results. You 
should be seeing something there. 

Also do a repadmin /showrepl 




Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:   "Phil Hershey" 
To: "NT System Admin Issues" 
Date:   03/30/2011 03:26 PM
Subject:RE: Group Enumeration Issue



Tried promoting from global to universal, but it didn’t help we apparently 
have bigger AD issues, symptoms of which are starting to bubble up.  No 
events in security event log, although the Default Domain Controller audit 
policy clearly as logon events, account logon events and other items set 
to monitor both successful and failed events.
 
(Tried to reply multiple times this morning, but kept being rejected by 
the list server for send an attachment, although there was never one.)
 
 
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, March 29, 2011 2:53 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue
 
Promote it.

Sent from my HTC Tilt 2, a Windows phone from AT&T

From: Phil Hershey 
Sent: Tuesday, March 29, 2011 5:27 PM
To: NT System Admin Issues 
Subject: RE: Group Enumeration Issue
Hi, Michael.
 
Global distribution.
 
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, March 29, 2011 2:23 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue
 
What kind of group?
 
Regards,
 
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
 
From: Phil Hershey [mailto:phers...@agia.com] 
Sent: Tuesday, March 29, 2011 4:59 PM
To: NT System Admin Issues
Subject: Group Enumeration Issue
 
Odd problem that has just cropped up.  Domain with 4 DC’s in 2 sites that 
are T3 connected, only about 350 users, native 2003 mode.  We have a 
problem with resolving the members of a single one of our ~100 
distribution groups.  The server that holds all but one of the FSMO roles 
correctly shows all the member groups and users for this DL.  If I go to 
the Members tab for this DL on any of the other DCs, the members box is 
empty.  However if you try and add one of the groups or users that is 
actually already in this DL, you get a ‘account name is already a member 
of the local group’ error.  REPLMON shows all successful replications, and 
a REPADMIN /syncall DC /force all shows completion without errors.  Seems 
like we’ve got a problem with versioning on the DCs.  They’re all Server 
2003 32-bit Std Edition and fully patched.
 
Any ideas?
 
Thanks.
 
Phil Hershey
MCSE 2003: Security | MCITP - Enterprise Messaging Admin 2010
AGIA Insurance Services
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank

RE: Group Enumeration Issue

2011-03-30 Thread Phil Hershey

Tried promoting from global to universal, but it didn't help we
apparently have bigger AD issues, symptoms of which are starting to
bubble up.  No events in security event log, although the Default Domain
Controller audit policy clearly as logon events, account logon events
and other items set to monitor both successful and failed events.

 

(Tried to reply multiple times this morning, but kept being rejected by
the list server for send an attachment, although there was never one.)

 

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, March 29, 2011 2:53 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

 

Promote it.

Sent from my HTC Tilt 2, a Windows phone from AT&T



From: Phil Hershey 
Sent: Tuesday, March 29, 2011 5:27 PM
To: NT System Admin Issues 
Subject: RE: Group Enumeration Issue

Hi, Michael.

 

Global distribution.

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, March 29, 2011 2:23 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

 

What kind of group?

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Phil Hershey [mailto:phers...@agia.com] 
Sent: Tuesday, March 29, 2011 4:59 PM
To: NT System Admin Issues
Subject: Group Enumeration Issue

 

Odd problem that has just cropped up.  Domain with 4 DC's in 2 sites
that are T3 connected, only about 350 users, native 2003 mode.  We have
a problem with resolving the members of a single one of our ~100
distribution groups.  The server that holds all but one of the FSMO
roles correctly shows all the member groups and users for this DL.  If I
go to the Members tab for this DL on any of the other DCs, the members
box is empty.  However if you try and add one of the groups or users
that is actually already in this DL, you get a 'account name is already
a member of the local group' error.  REPLMON shows all successful
replications, and a REPADMIN /syncall DC /force all shows completion
without errors.  Seems like we've got a problem with versioning on the
DCs.  They're all Server 2003 32-bit Std Edition and fully patched.

 

Any ideas?

 

Thanks.

 

Phil Hershey

MCSE 2003: Security | MCITP - Enterprise Messaging Admin 2010

AGIA Insurance Services

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Enumeration Issue

2011-03-29 Thread Michael B. Smith

Promote it.

Sent from my HTC Tilt™ 2, a Windows® phone from AT&T

From: Phil Hershey 
Sent: Tuesday, March 29, 2011 5:27 PM
To: NT System Admin Issues 
Subject: RE: Group Enumeration Issue

Hi, Michael.

Global distribution.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, March 29, 2011 2:23 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

What kind of group?

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Phil Hershey [mailto:phers...@agia.com]
Sent: Tuesday, March 29, 2011 4:59 PM
To: NT System Admin Issues
Subject: Group Enumeration Issue

Odd problem that has just cropped up.  Domain with 4 DC’s in 2 sites that are 
T3 connected, only about 350 users, native 2003 mode.  We have a problem with 
resolving the members of a single one of our ~100 distribution groups.  The 
server that holds all but one of the FSMO roles correctly shows all the member 
groups and users for this DL.  If I go to the Members tab for this DL on any of 
the other DCs, the members box is empty.  However if you try and add one of the 
groups or users that is actually already in this DL, you get a ‘account name is 
already a member of the local group’ error.  REPLMON shows all successful 
replications, and a REPADMIN /syncall DC /force all shows completion without 
errors.  Seems like we’ve got a problem with versioning on the DCs.  They’re 
all Server 2003 32-bit Std Edition and fully patched.

Any ideas?

Thanks.

Phil Hershey
MCSE 2003: Security | MCITP - Enterprise Messaging Admin 2010
AGIA Insurance Services

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Enumeration Issue

2011-03-29 Thread Phil Hershey

Hi, Michael.

 

Global distribution.

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, March 29, 2011 2:23 PM
To: NT System Admin Issues
Subject: RE: Group Enumeration Issue

 

What kind of group?

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Phil Hershey [mailto:phers...@agia.com] 
Sent: Tuesday, March 29, 2011 4:59 PM
To: NT System Admin Issues
Subject: Group Enumeration Issue

 

Odd problem that has just cropped up.  Domain with 4 DC's in 2 sites
that are T3 connected, only about 350 users, native 2003 mode.  We have
a problem with resolving the members of a single one of our ~100
distribution groups.  The server that holds all but one of the FSMO
roles correctly shows all the member groups and users for this DL.  If I
go to the Members tab for this DL on any of the other DCs, the members
box is empty.  However if you try and add one of the groups or users
that is actually already in this DL, you get a 'account name is already
a member of the local group' error.  REPLMON shows all successful
replications, and a REPADMIN /syncall DC /force all shows completion
without errors.  Seems like we've got a problem with versioning on the
DCs.  They're all Server 2003 32-bit Std Edition and fully patched.

 

Any ideas?

 

Thanks.

 

Phil Hershey

MCSE 2003: Security | MCITP - Enterprise Messaging Admin 2010

AGIA Insurance Services

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Enumeration Issue

2011-03-29 Thread Michael B. Smith

What kind of group?

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Phil Hershey [mailto:phers...@agia.com]
Sent: Tuesday, March 29, 2011 4:59 PM
To: NT System Admin Issues
Subject: Group Enumeration Issue

Odd problem that has just cropped up.  Domain with 4 DC's in 2 sites that are 
T3 connected, only about 350 users, native 2003 mode.  We have a problem with 
resolving the members of a single one of our ~100 distribution groups.  The 
server that holds all but one of the FSMO roles correctly shows all the member 
groups and users for this DL.  If I go to the Members tab for this DL on any of 
the other DCs, the members box is empty.  However if you try and add one of the 
groups or users that is actually already in this DL, you get a 'account name is 
already a member of the local group' error.  REPLMON shows all successful 
replications, and a REPADMIN /syncall DC /force all shows completion without 
errors.  Seems like we've got a problem with versioning on the DCs.  They're 
all Server 2003 32-bit Std Edition and fully patched.

Any ideas?

Thanks.

Phil Hershey
MCSE 2003: Security | MCITP - Enterprise Messaging Admin 2010
AGIA Insurance Services


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Group Enumeration Issue

Re: Group Enumeration Issue

RE: Group Enumeration Issue

RE: Group Enumeration Issue

RE: Group Enumeration Issue

RE: Group Enumeration Issue

RE: Group Enumeration Issue

RE: Group Enumeration Issue

RE: Group Enumeration Issue

9 matches

Site Navigation

Mail list logo

Footer information