RE: [ActiveDir] Single sign-onThat used to be the case, not sure if MMS 2003
has the same sort of requirements.
The main reason they had consulting attached was that MMS was fairly clunky
to set up and configure, and unless you knew what you were doing, could tie
youself up in knots fairly quickly
After searching further into an NDR 5.3.5 issue
I was having with Exchange 2000 last week, it
looks like the user with the issue has incorrect
security settings in Active Directory. When I go
to the security tab of the user properities, the
check mark is missing from the Allow Inheritable
Per
Title: Message
what os?? on the clients.
- Original Message -
From:
Bryan Schlegel
To: [EMAIL PROTECTED]
Sent: Thursday, June 05, 2003 7:25
PM
Subject: RE: [ActiveDir] No logon servers
available
Windows VPN or RAS? What are the clients
running?
Title: Message
sorry, i still can not add the value of the SchemIDGUID when I
create a schemd object, who could tell me how to do that or what's wrong with my
program, thanks very much~
- Original Message -
From:
Robbie Allen
To: '[EMAIL PROTECTED]'
Se
Hmmm...in all of my forests, EmployeeID is already an optional attribute of the
abstract class "organizationalPerson". The ntfaq article recommended below tells you
to add it as an optional attribute to the abstract class "person".
In any event, it is not visible in any of the 'stock' GUIs th
My company purchased it about 6 months ago... Like Roger said it
doesn't monitor services, but it had a ton of other features that more
than made up for that in our eyes. My company uses static IP address
due to a limitation with one of our vendors so we make use of the IP
Address management suit
Hello all,
Does anyone know a good topology for a bridged WAN. Once everyone picks
up their jaws, I'll continue. We have approximately 18 DC's at remote
sites on various low bandwidth lines (from 384K to T-1). By default all
the servers are trying to talk to each other and there have been
inst
Title: OT- Quest Fastlane tools (maybe not OT?)
Does anyone have any feedback- positive and negative - on using Active Roles and Migrator from Quest software. We are looking at these products for migrating from a complex NT4 model and further ongoing security admin of the AD.
At a cost of a
There are no good topologies for a bridged WAN. Including the time I saw a
three building campus bridged by OC3 (155MBps) lines. Performance was still
an issue.
Is there any logical segmentation that can be done, such as each office has
its own block of IPs? That would allow you to create AD Sites
Title: OT- Quest Fastlane tools (maybe not OT?)
Stephen:
We have gone through an evaluation of products including the ActiveRoles
and Migrator tools. Contact me off list and I can give you some input on
what we found.
Diane
AyersTeam Lead,
System Server SupportPacific Gas
& Electric Co
The question I have is if I have a DC with all of the roles on that one server and I run sp3 on it and reboot it is there going to be a problem with the fismos being down for 2-3 min? Also this is going to be after hours so no one will be on the network. Also I know I need to move the roles to d
We do, at least, have each of our remote sites with a different IP range
since the network USED to be routed (long story short, our core
processor uses a serial printing protocol that was not routable at the
time) We are redesigning the network this year so that we can unf#$%^
ourselves. But in t
Title: Message
I've
used Migrator twice for migrations, and it has been rock solid and very, very
helpful both times. Its got a lot of nice features, especially if you're doing
multiple-to-one or multiple-to-multiple domain migrations. Its also got nice
Exchange integration features. Overall
Ryan,
There shouldn't be a problem. The only reason you would experience a
complication is if there is activity on your network that would utilize one
of the roles, like making a change to the Schema, or a change to an account
that would need to replicate to an NT4 BDC. If you are going to reboo
Title: Message
Nope.
Nothing major. Everything can survive without the FSMO's being available for a
short period of time.
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
-Original Message
Raymond, Roger,
Perhaps I'm missing the significance of a "bridged WAN", but why not disable
the KCC and create your own connection objects to control which DCs
replicate with each other?
-gil
-Original Message-
From: Raymond McClinnis [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04,
Bridged WAN = 1 subnet, everything is local to everything else. It's a
traffic nightmare, especially since every broadcast traverses every WAN
link.
>From an AD perspective, I'm always wary of doing the manual replication
objects. Not to mention one would have to do a LOT of work to ensure the use
I've taken a gander at the doc listed below. I take it that when I
extend the schema to use the Employee Number or ID, update can be made
via the vbs script. Does it put a block in the "user & Computer"
display so the Employee number of ID can be added when adding a new
user? Or would I only hav
> I do think you should have your network engineer fired, then shot, hung,
and sent to the Russian Front!
ROTFLMAO!
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-Original Message-
From: [EMAIL PR
Gil,
That's kind of what I was asking. I was thinking I could just have all
of the remote DC's pull from the DC's here at HQ, I just wasn't sure
what problems I might run into. MS recommends using a site for each
remote which makes sense, but I wasn't clear on the time periods that
sync would oc
OK, that's what I understood.
Doing the replication topology manually isn't a wonderful solution, but it
is workable. Manuall defining a hub-and-spokish replication topology with 19
DCs is not a huge undertaking. Forcing the appropriate authentication
topology would require judicious assignment of
I *think* the default is 300 minutes, but can be configured down as low as
15 minutes.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
> -Original Message-
> From: Gil Kirkpatrick [mailto:[EMAIL PRO
Hi everybody,
I am new to Active Directory realm.
Am looking for help on implementing single sign-on for multiple web-based
applications using Microsoft's Active Directory.
Any and all pointers to how-to's et al will be thankfully received.
-Shshank Sharma
List info : http://www.activedir.org
Is the returning group membership issue the only problem your seeing?
Thanks
Bob
-Original Message-
From: Raymond McClinnis [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 11:06 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Replication Problems...
Hello all,
Does anyone know
If it's really bridged, as in one big, happy IP subnet, how would you create sites ?
Maybe I'm just confused...happens a lot lately.
Dave
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 3:03 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Active
If the computers on each site have a range of ip,s that can be logically subnetted,
then you can define those logical subnets in AD sites and subnets, even though the
actual network is one large subnet.
The subnet information in AD sites and services has nothing to do with routing, it is
there
>From Raymonds original post:
==
We do, at least, have each of our remote sites with a different IP range
since the network USED to be routed (long story short, our core processor
uses a serial printing protocol that was not routable at the time)
==
So I assume he could, without too much effort,
If he can create sites, then couldn't he
create a site link from his remote offices to his HQ, and disable site
link bridging. This would let him leave his KCC active.
John WitasickProject Manager - Windows Networking Services
Group
- Original Message -
From:
Gil Kirkpatri
As far as timeouts, you can set them when using IDirectorySearch:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi
/ads_searchpref_enum.asp?frame=true
Or using ADO:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi
/searching_with_activex_data
Bob,
There have been some other weird issues, for instance it took TWO days
for a computer to finally be deleted in active directory, DNS
disappearing off of a couple domain controllers after that and some name
resolution problems which may or may not be related.
I'm really beginning to think
Title: Message
Yeah,
I don't see why not.
-Original Message-From: John Witasick
[mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04,
2003 3:11 PMTo: [EMAIL PROTECTED]Subject: Re:
[ActiveDir] Replication Problems...
If he can create sites, then couldn't he
create a sit
Title: Message
We have done this in our environment and
it has solved multiple issues.
-Original Message-
From: Gil Kirkpatrick
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003
4:00 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir]
Replication Problems...
Yeah,
Shshank,
MMS (Microsoft Metadirectory Services) seems to be a nice solution.
http://www.microsoft.com/windows2000/technologies/directory/MMS/default.asp
The May 2003 issue of Windows & .NET Magazine has 4 page infomercial about
MMS.
I can tell you from experience; one organization I am famil
Thanks Justin, for the useful pointer.
I was reading through the March'03 issue
(http://www.fawcette.com/dotnetmag/2003_03/magazine/features/nruest/page3.as
p) and it refers to MMS. Will check it out in more detail.
Also, are MMS and ADAM (Active Directory in Application Mode) shipped as
_free_
ADAM is intended AFAIK, to be free. MMS 3.0 Standard is free, too - but it
will only synch MS data. E.g Forest GAL to Forest GAL. If you want to
bring other directories into the mix (iPlanet, NDS, etc) you will need MS
3.0 Enterprise. That one is gonna cost ya. ;-)
Rick Kingslan MCSE, MCSA,
Title: RE: [ActiveDir] Single sign-on
Rick, correct me if I am wrong but as far as I know if one is considering MMS Enterprise than you are bound by MCS to assist you in the Q&A and Design. (and they don't come cheap)
Yusuf
-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTE
Title: Message
I
think there is difference between the OEM version and the version you get from
SELECT agreement.
Marc
From: Joe L. Casale
[mailto:[EMAIL PROTECTED] Sent: donderdag 5 juni 2003
5:44To: [EMAIL PROTECTED]
Hey Roger, what ya mean
no GUI? I have it from my OEM pack, and u
37 matches
Mail list logo
