Yes, there is, though I thought it was a domain wide setting rather than
a domain controller. You can use either NTDSUTIL or an LDAP client to
manually change it, though it's not recommended!!
Darren.
-Original Message-
From: Fleenor Todd [mailto:[EMAIL PROTECTED]]
Sent: 22 April 2002
At 00:02 6/5/2002, you wrote:
I think it does little good to complain about a limitation, especially when
it's so easily bypassed. This is MS's first full directory; if you were
expecting something perfect, now or ever, you need to change fields. Be
happy enough it was corrected in .NET.
Yes it is called LDAP policy and is set on each DC.
-Original Message-
From: Darren Sykes [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 05, 2002 2:11 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] 1000 row limit
Yes, there is, though I thought it was a domain wide setting rather
Title: Message
I would have to agreeI did testing
last night and put 9,000 users in a single GG. So it must be related to size,
since the DNs I used were 1,2,3,4 etc.
-Original Message-
From: David Stacer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 7:09
PM
To:
Actually, I'm pretty sure that a NTDSUTIL change made to any DC will replicate to all
other DCs so there would be no reason to set each DC.
Could be wrong thoughwouldn't be the first time
-Original Message-
From: Parker, Edward [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 05,
I think the simple answer is yes. Use a DC
as your primary DNS server. You can set ACLS on the DNS zone just as you would
any other resource.
Though, if I remember rightly the actual
permissions are on a machine basis, so machines in the domain can register
themselves (of machines by
Hi Tom,
AD integrated DNS can use signed DNS updates to stop exactly this sort of
thing. It's a sort of standardish way to do it, but I don't know whether
any other OS supports it. Historically, the various versions of Bind allow
only ip address restrictions on dynamic updates. At least one uni
Thanks, I can get it from TechNet, I was using the Guide to Upgrading
from MS Exchange Server 5.5 to Exchange 2000 Server, and it left me unclear as
to where the ADC was to be installed? I don't plan to upgrade Exchange for some
time, but I wanted to extend the AD schema from the start, to
No, you can install the ADC and use an Exchange 5.5 server in a
different domain to retrieve the site/org information which forms the
basis of the CA that is created before you run forestprep.
So:
1) install the ADC on one of the domain controllers (make sure you run
the ADC with a user that
Oh, I forgot to mention to install the correct version of the ADC, i.e
from the Exchange 2000 sp2 CD if that's what you intend to use.
Darren.
-Original Message-
From: Darren Sykes [mailto:[EMAIL PROTECTED]]
Sent: 05 June 2002 15:46
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
You
should be able to run the /schemaonly switch prior to performing
OrgPrep.
-Original Message-From: Rittenhouse, Cindy
[mailto:[EMAIL PROTECTED]]Sent: Wednesday, June 05,
2002 10:33 AMTo: '[EMAIL PROTECTED]'Subject:
RE: [ActiveDir] Forest Prep and ADC
Thanks, I can get
Has anyone seen any adverse effects of the MSMQ Service being installed on
Active Directory Domain Controllers?
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Hi Justin,
It would be easier for us to help you if you gave us the outline of the config. that
you have attempted this with. Perhaps someone will be able to spot the flaw that stops
it from working
Regards
E.
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL
The MS way
http://www.microsoft.com/serviceproviders/whitepapers/configuring%20a%20vpn%20solution.doc
The Cisco way:
http://www.syngress.com/book_catalog/71_cnsad/toc.htm
If all else fails:
http://www.swynk.com/discuss_comm/
-Original Message-
From: Elizabeth Farrell
Subject: RE:
There is an on-site study going on from the MS website atm..they may be a source
of info. over the next few weeks
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnduwcol/html/sampleapp04062000.asp
I just tested this in the lab. I made the change to the root domain (1 DC)
and forced replication to all DCs in the forest. I checked the settings on
the other DCs (Both in the root and child) and the new settings was enabled.
So this does not need to be done on each DC, but it does hit all DCs
Elizabeth writes:
The MS way
http://www.microsoft.com/serviceproviders/whitepapers/configuring
%20a%20vpn%20solution.doc
Creating a VPN Connectoid. 13
Building A Connectoid. 14
Post Configuration Settings. 29
Connectoid?!! I'm scared. What if they breed?
College students using their own machine to plug into a
college network??? Don't be giving me shocks, I am seven and a half months
pregnant! faint
Locking down a linux box? Easiest thing in the world!
Come on, I have only had about 3 days exposure to RH7 and even I have that
morsel figured
Connectoids? 2nd generation of the borg? Somebody copyright the idea fast!
:)
http://www.theborgcollective.com/
-Original Message-
From: Andy Grafton
Subject: Re: [ActiveDir] VPNs
Elizabeth writes:
The MS way
http://www.microsoft.com/serviceproviders/whitepapers/configuring
This is pretty much the truth.
The architectural limit is defined by the database store used by Active Directory. In
order to verify replication was successful that limit can't be exceeded for any
transaction. The larger the transaction the more likely that this limit will be
reached. The
Elizabeth:
Thanks for the input.
Students are allowed to bring their own
machines onto the campus. Although this
isn't a large campus (3500 students), many of these students wish to have
their machines added to the domain because they can then easily map to resource
shares.
From
I was also using A Guide... and here is a few things I've learned the hard
way:
When configuring ADC, have it log into the MSX5.5 server as the service
account. Not a requirement, but it may save some potential headaches.
When creating the connection agreements, they must be two-way (the
22 matches
Mail list logo