Yes, there is, though I thought it was a domain wide setting rather than
a domain controller. You can use either NTDSUTIL or an LDAP client to
manually change it, though it's not recommended!!
Darren.
-Original Message-
From: Fleenor Todd [mailto:[EMAIL PROTECTED]]
Sent: 22 April 2002
Title: Message
Hi David,
Thanks for the info, alas, it seems that MS still
has a VERY long way to go before thay can live up to what they have promised...a
scalable DS.
Why with all the hooha with DNs sizes, ya think
the most administrators/users gonna be able to determine the sizes and
Title: Message
Hi,
I do agree that in most cases, no one will be
insane enuff to put 5000 users in one group, the thing is why can't
we?
After all, we bought the s/ware so why can't we use
it the way we want it?
ERIC
- Original Message -
From:
Hutchins,
Mike
To: '
Title: Message
Yes...this also is bothersomesince MS is
so keen on saying win2k is scalable
ERIC
- Original Message -
From:
AMAN, ALICE L. (JSC-GT4) (NASA)
To: '[EMAIL PROTECTED]'
Sent: Wednesday, June 05, 2002
03:34
Subject: RE: [ActiveDir] Active Directo
Tim,
If Windows 2000...
Backup PDC, using NTBACKUP (Full incl. System State; Backup everything on my
computer if using the Wizard) to tape or file (Our PDC held all operation
master roles as well)
Build up another box with W2K Server (It does not matter what kind of box it
is)
Once "new box" i
Title: Message
We
spent some MS Support $$ to research this question. What is widely known as fact
is really wrong.
This
is what we were told:
The
limit might be somewhere around 5000 but it depends on the size of Distinguished
Names that are the members of the group. If you look at th
At 16:17 6/4/2002, you wrote:
The 5000 member limit does not include Primary Group memberships. As users
will, by default, have the "Domain Users" group as their Primary Group, the
limit doesn't come into play. The "Domain Users" group in of itself is not
special; again, it has the 5000 limi
Title: DNS errors in logs
I keep getting this message in the DNS event log:
The DNS server machine currently has no DNS domain name. Its DNS name is a single label hostname with no domain (example: "host" rather than "host.microsoft.com").
You might have forgotten to configure a pri
If I understand, you want to find all users that are disabled but do NOT
have "delete" in the description attribute? This should do that:
(&(objectClass=user)(objectCategory=person)(employeeID=*)(sn=*)(Company=*)(u
serAccountControl:1.2.840.113556.1.4.803:=2)(!(description=*delete*)))
The object
Title: Message
Fantastic! I knew I wasn't completely stupid but WAS starting
to wonder. :)
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]Sent: Tuesday, June 04, 2002 3:44
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDi
Title: Message
TOLD
YA ! ! ! !
I was
wrong.. lol
Thanks
for that valuable piece of info. I wonder what makes it so
special..
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 04, 2002 2:44
PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDi
Title: Message
Did a
google search...came up with the following:
When you
change a user-account attribute under NT 4.0, NT replicates the user's entire
record; AD replicates only the changed attribute. However, AD stores a group's
membership as one attribute. The list of a group's users an
Title: Message
Hmm...
I could very well be wrong on this one then. I was told last week this was a
hard global limit. And that in >NET it was removed...
Alas,
Who knows...
-Original Message-From: Parker, Edward
[mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 04, 2002 2:34
PMTo: '[
Title: Message
Hmmm
I just ran this script on a custom logon
script group. It has 5718 members. It enumerates the group, then
details all members. It would detail additional groups, but not
individuals within those groups.
This is interesting. I might be
missing somethingI
Title: Message
A
global group is a global group, is a global group, is a global
group..
But if
your script enumerated the groups within the group to find nested members, then
that would be reasonable to find 10,000
-Original Message-From: T Bowman
[mailto:[EMAIL PROTECTED]] Sent:
Title: Message
After
my last response... I hesitate, but...
If I'm
not mistaken, I read somewhere that the Domain Users group (at least I *think*
it
was
that one) isn't actually a group in the strictest sense of the
word.
Correct away... (crossing my fingers ;)
T.
---T
Title: Message
Does this apply to the "Domain Users"
group ?!?
I ran a script against our Domain and
returned over 10,000 users that are a member of "Domain Users"
-Original Message-
From: Hutchins, Mike
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 2:46
PM
To: '
You can do the same thing with 2000. You will have to run NTDSUTIL to move
all the roles to the "UP" systems in the lab, once you move it. If you move
more than one, then you may want to manually setup a connection between them
so they start to sync once they are out of production. (Site and Ser
Title: Message
The
5000 user limit is not a 5000 "user" limit, it is a 5000 Direct
member limit. I don't think anyone in their right mind would have 5000 users in
one group. I would suggest nesting them to make them more manageable
anyways.
FYI,
.NET removes this limitation for the nutty
Title: Message
Someone on slashdot.org (pro-linux site) indicated real-world problems
with AD
including:
"Groups aren't scalable, supporting
max 5000 users."
I want to recommend that we keep our people directory
flat but if groups have a maximum of
5000 users, this will be an obstacle. Wo
That is it exactly. Move it to your lab and promote it to a PDC. DO
NOT RECONNECT IT TO THE SAME WIRING PLANT AS YOUR PRODUCTION DOMAIN ONCE
YOU MOVE IT AND PROMOTE IT.
I assume you are talking about NT4??...
Shawn Hayes
-Original Message-
From: Huntley, Tim [mailto:[EMAIL PROTECTED]]
I would like to be able to clone our Domain I know that there was a
discussion about this sometime ago but can not find the thread. We about
ready to rebuild our test lab to match production and I am looking for the
easiest way to do so. I believe the thread I am talking about talks about
building
Has anyone seen an Active Directory Query Builder
I'm getting so fustrated trying to correct syntax and return results,
especially with multiple criteria...it's driving me mad...
MAD I TELL YOU...
They're coming to take me away, ha, ha...
They're coming to take me away, ho, ho...
To the Funny
Title: Message
Oops... how embariskin'... eh ga ga ga ga.
:|
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Gil
KirkpatrickSent: Tuesday, June 04, 2002 11:49 AMTo:
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Active
Directory Limitatio
Title: Message
Eoin,
Actually the size of the directory itself doesn't really affect
replication traffic (except when you bring up a new domain controller). Its the
amount of data that is changed, and how frequently it is changed, that drives
the replication traffic.
-gil
-Origi
Title: Active Directory Limitations
Eoin,
I do not believe there is a hard limit. I do know it is capable of
handling millions of objects.
However, keep in mind that the size will affect replication and thus your
network.
T.
---Tony Bowman, MCSE, MCSA, CCNAHarvest,
A
Title: Active Directory Limitations
Hi all,
I know this is probably a very general question , but is there a limit with relation to active directory size.
Number of folders created , data stored ,etc,etc
Regards
Eoin
Hey Don --
I've been experiencing the exact same issue. Like John Bjelke suggests
mine also appears to be policy related even though I haven't found it
yet. I'll be watching your thread very closely for a resolution.
-Original Message-
From: Don L. Hollingshead [mailto:[EMAIL PROTECT
Hey,
I verified PW length that user is running. It is the required length.
Thanx
Don
>>> [EMAIL PROTECTED] 06/04/02 08:42AM >>>
Don,
Check for policy changes. The "you are not authorized to change your
password" error message appears to be the default error message. Our users
see thi
Don,
Check for policy changes. The "you are not authorized to change your
password" error message appears to be the default error message. Our users
see this error all the time if they are not meeting the length and
complexity requirements. Hope this helps!
John A. Bjelke AFRL\VSIO
Bus
Hey,
We have been operating normally with periodic user password changes. Today anyone
that is required to change their password gets a message stating that they are not
authorized to change it.
Any ideas would be appreciated.
Thanx
Don
List info : http://www.activedir.org/mail_list.htm
Yep, you're right. It's the win9x client that's on the cd.
-RIck
At 11:58 AM 6/4/2002, you wrote:
>Hi,
>
>The AD Client for NT isn't on the Win2k Server CD. You need to download
>from the net or if you have TechNet CDs.
>
>ERIC
>
>
>- Original Message -
>From: Rick Coloccia <[EMAIL PRO
Ken asks:
> Or are you just saying go with
> a name totally unrealted and stick with it as you grow?
That's right (well : what I was advocating as an option, anyhow).
The advantage is that you'd be able to have a 2 DC/GC environment using the
2 nice servers you have approval for, and not have t
33 matches
Mail list logo
