Title: Modifying Multiple Active Directory User Accounts at Once
Having just installed Citrix I need to change the Terminal Services Profile, User Profile attribute of all the terminal services user accounts. Having over 1000 users makes this a time consuming job to do manually, and having
Title: Message
Keith, This is a good start.
Domain="DomainName"
On Error Resume Nextset oDomain
= GetObject("WinNT://"Domain)
If err.number0
Thenwscript.echo "There was a problem connecting to "
Domainwscript.quitEnd If
oDomain.filter =
array("user")
for each oUsr in
Title: Message
These I found at the MS Site
Set objUser =
GetObject("LDAP://cn=youngrob,ou=rd,dc=fabrikam,dc=com")'**'*
Terminal Services Profile
Yowzers.
Try dnscmd.exe - I did that with the 60 or so reverse zones I was migrating,
and had good success with it.
--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA
-Original
Here is another option to create a buttload of DNS zones. This will work
with Primary Secondary, not AD integrated.
Change your DNS server option: Load DNS data on startup from Active
Directory and Registry to from file.
This will create a boot file.
Edit the boot file with the zone and the
Title: Message
Did my
suggestion help you?
-Original Message-From: Gil Kirkpatrick
[mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 15, 2002 10:54
AMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Secondary DNS setup?
What kind of DNS
service are you running?
Heh. I like it. And of course, thumbcuffs would work wonders to prevent
inapropriate surfing... :^)
-Original Message-
From: Puckett, Richard [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 15, 2002 4:03 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Disable IE via GPO
If you
Title: Message
To be
honest, I have not had a chance to do it yet... I plan on working on it later
this morning.
Thanks,
Chris
-Original Message-From: MHR(Michael
Ross) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 16, 2002
7:57 AMTo: '[EMAIL PROTECTED]'Subject:
We don't have a policy in place the prevents folks from reading yahoo,
hotmail etc. So if I have our firewall configured to block this I'm sure I'd
immediately be blacklisted by end users. I could just as easily use McAffee
EPO and add these various webmail URLs and block them. Until
Hey guys.
I've got a few questions and I hope someone can lead me in the right
direction or give me a heads up on an idea that will help my situation.
My situation is that we have 1 NT 4 domain (1 PDC, 1 BDC, 1 webserver) with
300 so clients scattered throughout 5 states. We are consolidating
We are a small biotech and I am already accused of spying and snooping, being
draconian and being paranoid so I guess it can't get any worse.
Jim
-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 16, 2002 11:37 AM
To: [EMAIL PROTECTED]
Could you add the 2000 AD computer to the existing domain as
a BDC and after succesful propagation of the domain info,
use dcpromo on the 2000 AD server making it Master of Operations.
Just a thought!
MGP
- Original Message -
From: Weston Rogers [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Well, you *could* write code into his login script that sets the IE security
preferences for the Restricted Zones, and then undoes it in the standard
login script so that others are not affected...
That would probably be a good script to hang onto for future offenders as
well.
Add his web-mail
John,
Interesting that you even mention this. I have a reg file that sets the
zones on IE via directly modding the registry in just this manner.
We've got about 25k seats of Inbound/Outbound 'Out-sourced marketers'
(yeah, I can even put lipstick on a pig like Telemarketing!) and we have
to lock
That's a shame James --- we all where the sneaky snooping hat as far
as the end users are concerned - but I know how bad it can be in a small
company --- keep your chin up pal.
-Original Message-
From: James Liddil [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 16, 2002 11:44 AM
Title: RE: [ActiveDir] Disable IE via GPO
Yeah, I'd like a copy of that.
-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 16, 2002 10:17 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Disable IE via GPO
John,
Interesting that you
Title: Message
i would also like a copy. :-)
-Original Message-From: Al Garrett
[mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 16, 2002
11:46 AMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Disable IE via GPO
Yeah, I'd like a copy of that.
-Original
Title: Message
ditto...sans the picture of the pig...
-Original Message-From: Hutchins, Mike
[mailto:[EMAIL PROTECTED]]Sent: Wednesday, October 16, 2002
10:51 AMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Disable IE via GPO
i would also like a copy. :-)
Heh... Welcome to the wonderful world of the Corporate Security
'heavy-hander'!
;)
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
Any sufficiently advanced technology
is indistinguishable from magic.
--- Arthur C. Clarke
Any reason why you can't do an in-place upgrade instead of migrating ?
Dave
-Original Message-
From: Weston Rogers [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 16, 2002 10:44 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] NT to AD client migration headaches.. blargh
Hey guys.
I will
take one also
-Original
Message-
From: John Hicks/MIS/HQ/KEMET/US
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 16, 2002
2:13 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Disable
IE via GPO
A copy of that would be great.
Thanks
John Hicks |
Yes
-Original Message-
From: Weston Rogers [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 16, 2002 3:29 PM
To: '[EMAIL PROTECTED]'
Subject:RE: [ActiveDir] NT to AD client migration headaches.. blargh
I need to preserve all groups/users/mailboxes/mail/public
I'm starting to like the sound of this.
Anyone have any info for me to check out?
Thanks.
Wes
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 16, 2002 4:09 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] NT to AD client migration
Wes --
I just completed an inplace upgrade. It wasn't too bad, but it had a couple of
troublesome moments. Get the whitepaper from microsoft on upgrading exchange 5.5 to
2000, then get the rest of the docs from microsoft about potential problems. Some
docs say you cannot be in mixed mode,
If you update and don't migrate, all users can keep their same passwords,
machine accounts are brought into the new domain, the NetBIOS name of the
domain is the same, Access rights remain intacted, but I am unsure about the
profiles, I think they still work afterwards. Try implementing Romaing
And me too buddy - thanks. :o)
-Original Message-
From: Dave Kinnamon [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 16, 2002 3:22 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Disable IE via GPO
One for me too?!?
-Original Message-
From: Rick Kingslan
hi all,
i have a question about printer sharing. I have a network (win2000)
with a domain controller with two OU's. Let's call these OU1 and OU2.
There's a workstation in OU1 with a printer connected to it.
I would like to have this printer shared across the network
so that anyone in OU1 and
The biggest issues will be getting the ADC (active directory connector)
between Exchange 5.5 and E2K/AD up and running. A badly configured
connection agreement in the ADC can wreck havoc but is other wise straight
forward. IN our testing, a bad CA is the only issue we ran into. Other
testing
If I understand your question 2 correctly, here's what you want to do:
1. Install windows NT4 on new hardware as a BDC.
2. Make the new box PDC.
3. Install win2k on new box.
4. Allow dcpromo to convert to DC.
Viola! Your win2k server is now the DC for the NT4 domain. Obviously, you
can't go
You should be able to set up the printer and give access to Domain Users
to print. Unless you specificly take all access away and then give
access only to one OU (or the group that corresponds rather) then it
should work domain wide. Just make sure when you share the printer (on
the
By default, printers are published to the directory. You have to REMOVE
a check box during the setup of the printer (or, remove it after the
fact in the printer properties) to prevent/remove the publishing of a
printer to the directory.
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Wes,
There are as many issues with an inplace upgrade as there are benefits.
The option to create a pristine AD an move everything over allows you a
lot of flexibility in cleaning up your old NT environment and making
sure you don't migrate any junk that you should get rid of anyway. So
with
Marvin,
Generally speaking, you can't undo schema changes. They are for all intents
and purposes permanent. If you want to live out on the ragged edge with
Robbie where Microsoft won't answer your support calls, there is a way to
delete schema objects, but I'd never do it on a production
I made the ultimate newbie exchange error by restaging my exchange server
before trying to remove the exchange objects from Active Directory now I
need to reinstall on this server, with a different name, and get it back on
my network. Can anyone advise on the best way to remove these objects from
34 matches
Mail list logo