RE: [ActiveDir] Active Directory Operations Guide

Stuart, By all means - thanks for this. It's nice to see you, Levon and others stop by. Adds a nice 'ambiance'. Looking forward to seeing you in February, as MEC isn't going to happen for me (doing an inter-forest migration) Tony (and others, if you're going - ) full book trip reports on

RE: [ActiveDir] OT: Unable to browse across the subnets/gateways

Title: Message What are the subnets? And what is the gateway config.   Also, When you say browse do you mean Network neighborhood? If so play with the LMHosts file to see if you can force resolution if you can it is probably a WINS issue. Are the servers WINS clients? Do the registration

RE: [ActiveDir] Joining computers to a domain?

Thanks everyone. Raun Holmes -Original Message- From: Puckett, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 3:23 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Joining computers to a domain? Picky, picky, picky... *grin*. Here is it in VBS (and a little

[ActiveDir] OT: Unable to browse across the subnets/gateways

Title: Message Okay,   Situation: I have two subnets (subnet A and subnet B) with gateways between then.  All my DCs (and the rest of my server farm) is on subnet A.  There are clients on both subnets.  All the the clients are either Windows XP or Windows 2000 Prof patched to current standar

RE: [ActiveDir] Computer OU placement Script

Does anyone have a Script or seen a script to be able to take a list of computer names or even 1 computer name and query AD to tell what OU the computer account is currently in without having to scan each OU individually? I actually need to take a huge list of computers and produce a placement br

RE: [ActiveDir] Joining computers to a domain?

Perfect... Thanks Richard. The new Perl below works like a charm as well as the VBScript. Great work. -Original Message- From: Puckett, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 3:23 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Joining computers to a doma

RE: [ActiveDir] Joining computers to a domain?

Picky, picky, picky... *grin*. Here is it in VBS (and a little cleaner Perl below it). Richard -- ' VBS ms-DS-MachineAccountQuota Modifier Option Explicit On Error Resume Next Dim DSO, DSBind, strDS, strDC, strPath, strUsr, strPw

RE: [ActiveDir] Cleaning out old machine accounts

I used this back in NT4 days. It might be worth your time to take a look and see if will work in an AD environment. http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q197478&; -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 11:36 AM

RE: [ActiveDir] Joining computers to a domain?

That's great Richard. I would still like to see the VBScript though. Any for Jscript or Python? -Original Message- From: Puckett, Richard [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 2:40 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Joining computers to a domain?

RE: [ActiveDir] Joining computers to a domain?

Dunno if this is useful for anyone, but here it is in Perl... Regards, Richard use strict; use Win32::OLE 'in'; use Win32::OLE::Const 'Active DS Type Library'; $Win32::OLE::Warn = 3; # domain, access & quota variables my $usr = 'DOMAIN\userid'; my $pwd = 'password'; my $dse = 'dc=mycompanyna

RE: [ActiveDir] Joining computers to a domain?

I tried to post the swynk script and it didn't send. From past experience it will probably show up in a while. Anyway, I couldn't get the script that Tony mentioned to run. Can someone put their eyes on the script and let me know if you see any problems or lines that I may need to edit. Thanks,

RE: [ActiveDir] Add computer to domain delegation

Diane, Thanks for the info - it has been a help. Ken -Original Message- From: Ayers, Diane [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 4:22 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Add computer to domain delegation Kenneth: For the easiest approach, you ca

RE: [ActiveDir] Joining computers to a domain?

Title: Message  Domain Users Cannot Join Workstation or Server to a Domainhttp://support.microsoft.com/default.aspx?scid=kb;en-us;Q251335   From the article:   "Windows 2000 grants the "Add workstations to domain" privilege to the Authenticated Users group by default. When this privilege is

RE: [ActiveDir] OT: Security Template Docs

$)C Ok, thanks for the help, I will play around with it and see what I can get. Thanks "Darren Sykes" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 10/03/2002 12:37 PM Please respond to [EMAIL PROTECTED] To <[EMAIL PROTECTED]> cc Subject RE: [ActiveDir] OT: Security Template D

RE: [ActiveDir] OT: Security Template Docs

To be completely honest, I can’t remember; It’s been a while since I did it. It’s easily tested though – create a folder in the root with a couple of subfolder and apply the template with secedit. The key to it is that as far as I remember, the settings are applied in order of appearanc

RE: [ActiveDir] OT: Security Template Docs

$)C I am using the mmc console. I do see the options for propagation of settings, at first I was setting them to Propagate Inheritable permission's to all subfolders and files.  If I set my needed permission's at the root of C: would I  choose to replace existing permission's on subfolders and fil

RE: [ActiveDir] OT: Security Template Docs

John,   That’s a tad confusing. When you say that you’re looking through the templates, you are using the MMC snap-in aren’t you? When looking at file/registry permissions the option regarding propagation of settings is on the first page, before you have the opportunity to modify the DAC

[ActiveDir] OT: Security Template Docs

I posted a message earlier about a security template that I am working on. I am going by a article on the SANS site and it is based on manually applying NTFS and registry permission's on each machine. I am trying to accomplish the same thing through a security template. I looked through the basicd

[ActiveDir] Cleaning out old machine accounts

Our AD was upgraded from a NT domain. We have a bunch of old machine accounts. What is the best method to tell if a machine no longer exists or hasn't connected to the network? Thanks,jb -- Jason Benway [EMAIL PROTECTED] 1250 S.Beechtree Grand Haven, MI 49417 616-847-847

RE: [ActiveDir] Joining computers to a domain?

Thank you very much for your help. Raun Holmes -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 11:46 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Joining computers to a domain? Here's a good article on this, including a sample scri

Re: [ActiveDir] Joining computers to a domain?

Here's a good article on this, including a sample script to change the ms-DS-MachineAccountQuota attribute value. http://www.swynk.com/friends/policht/103101.asp Tony -- Original Message -- From: "Holmes,Raun M" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTEC

RE: [ActiveDir] Joining computers to a domain?

Title: Joining computers to a domain? The ms-ds-machineAccountQuota (I believe) is a per domain setting. It allows any user in the domain to create 10 computer accounts in AD. I also think this is possibly restricted to the default computer container but am not sure. This really helps for

RE: [ActiveDir] OT: Security Templates

Cool, that is what I was hoping. Thanks for the info "Darren Sykes" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 10/03/2002 11:10 AM Please respond to [EMAIL PROTECTED] To <[EMAIL PROTECTED]> cc Subject RE: [ActiveDir] OT: Security Templates As far as I am aware, and t

RE: [ActiveDir] Joining computers to a domain?

Title: Joining computers to a domain? I don’t believe so. I’m not actually sure of the official way to reset the counter, other than through script/ADSIEdit. You really need to be asking why the user needs to add that many machines, if they’re an admin, they should be given explicit righ

[ActiveDir] Joining computers to a domain?

Title: Joining computers to a domain? Hello, I have a support person who is getting a msg:  the following error occurred while attempting to join the domain"xxx.xxx.xxx":  you computer could not be joined to the domain, you have exceeded the max number of computer accounts you are allowed t

RE: [ActiveDir] OT: Security Templates

Sorry that should be .inf files, not .ini files (another point dropped on those MCSE modules then!!!). Thinking about this, the local part of the built in objects SID are the same on all machines, thus the reason why you can identify the built in administrator on every machine even when ren

RE: [ActiveDir] OT: Security Templates

As far as I am aware, and through basic testing, well known groups and accounts are referred to in the .ini file by generic identifiers, whereas other accounts (such as domain accounts) are stored using the SID of the user. So, in your example, that template should be able to be applied to

[ActiveDir] OT: Security Templates

I am in the process of creating a baseline security template for our Win2k servers based off of a SANS guideline. We do not have AD in place yet, so the templates will be applied to each server after it is built. I am setting NTFS permission's on the root of the C: drive and in the doc I am going

RE: [ActiveDir] Software Installation

When you made the GPO on the server, did you browse using E:\apps\msoffice or \\servername\sharename\msoffice? If the former, go redo your GPO. The latter should work. > -Original Message- > From: marija efnuseva [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 03, 2002 08:59 AM >

RE: [ActiveDir] Software Installation

One thing you might want to make sure of is that 'System' has read access. Since I am assuming you are assigning this 'per user', it is going to be running as 'System' Benton Chase Wink - Benton Chase Wink, CCNA MCSE The University of Texas at Aust

[ActiveDir] Software Installation

Hallo, I would like to thank everybofy for thir help. I find this mailing list very helpful in my work. Now I have a question about Software installation through Group Policy. We want to deploy Microsoft Office through GP, and we have created a shared folder on one of our Domain Controllers. W