James,
unfortunately, the bulk of our experince
has been in using SMS to push patches and updates. I really don't think building
a new .msi file is the way you want to go. Slip-streaming the patches into the
original installs has worked very well for us, and has allowed us to keep an
We are tearing our hair out at this moment. Please help a man staring into
the depths of insanity.
We have a Win2K SP2 server (MachineA) running AD in native mode, as the only
domain controller on the network.
We have added another Win2K SP2 server (MachineB) to the network, and ran
dcpromo on
If a Global Catalog server (GC) is un-available users will not be able
to logon. By default the first DC is a GC - your second DC wont be.
Ian Moran
Konnexion Ltd
-Original Message-
From: Julian Lyndon-Smith [mailto:[EMAIL PROTECTED]]
Sent: 11 December 2001 14:53
To: '[EMAIL
It's possible, though I've only had a brief look at your enclosed diagnostic
results, that you're experiencing the DNS island issue in that both DCs
resolve against themselves. Is the DNS zone representing your domain Active
Directory integrated? In addition, has this ever worked?
Dean
--
Dean
Julian,
At what point do your users get hung up on login? Can you browse the
network from your PDC?
-Original Message-
From: Dean Wells [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 11, 2001 9:59 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD problems. Please help !!
I'm
I disagree. Everything I've read (never tested this one as all our DCs
are GCs) says that a non-admin domain logon will fail if there is no GC
available and there are no cached credentials.
Looking at
http://support.microsoft.com/support/kb/articles/Q216/9/70.asp I see the
following;
--
If a GC
We had no luck
with SP2 and IE6 until we ran it on the workstation container GPO.
Double-check the permissions of those workstations (or just DOMAIN COMPUTERS or
whatever it's called)into the directories you're storing the files
in. Our IE6/SP2 only rebooted once. (The other funny thing was
Thanks Tony - The only clients that could log on were 2000/XP machines. All
the other 98/Me computers would not log on at all until we restarted the old
server.
All SRV records are created and accounted for - I've also stopped and
started the netlogon service to no avail :(
Regards,
Julian.
My recommendation at this point ould be to simply restart the DC's (if
possible). Restart them one at a time starting with the DC that owns the
FSMO roles and the GC role.
Dean
--
Dean Wells
MSEtechnology
* Tel: +1 (954) 501-4307
* Email: [EMAIL PROTECTED]
http://msetechnology.com
Good lead. Install WINS services until you get rid of all the 98 boxes,
then enter the WINS info in the DHCP server or fixed IP info. Go around
and force the servers to register their WINS info with nbtstat -RR, then
have the Win9x workstations renew their info with nbtstat -R (these
switches
Title: Replication By Users Other Than DomainAdmins
We have been looking into this situation for quite a while, with no solid answers. We want to allow some of or lab administrators and group policy administrators to replicate AD, but we do not want to make them DomainAdmins. Has anyone run
Title: Replication By Users Other Than DomainAdmins
What I want to do is allow a user to
FORCE replication. They get an error Replication Access Was Denied
Benton Chase Wink
-
Benton Chase Wink, CCNA MCP
McCombs School of Business
Replication By Users Other Than DomainAdminsHave you looked at Q262795?
Replication Access Was Denied Error Message When Attempting to Synchronize
Domain Controllers
Also, try putting the people you want to be able to force replicating into
the Backup Operators group.
- Original Message
Replication By Users Other Than DomainAdminsHave you looked at Q262795?
Replication Access Was Denied Error Message When Attempting to Synchronize
Domain Controllers
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 11, 2001 12:40 PM
Subject: RE:
Title: RE: [ActiveDir] Replication By Users Other Than DomainAdmins
Yes, we have looked at that Q article, but this is not a parent/child or sibling relationship problem. I want to allow non DomainAdmins within our domain to be able to replicate within this domain.
A lot of our testing is
I've used the Delegation Wizard to try and limit my Helpdesk agents to only
resetting passwords and clearing the Account lockout flag. The resulting
security settings don't allow any user account management from an NT4 system
and the Account lockout flag is actually within the userAccountControl
16 matches
Mail list logo
