Re: [ActiveDir] FW: Authentication Problems.

Does the old password work when it prompts, if so, then not all the dc;s know the password has been changed. - Original Message - From: "Juan Ibarra" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 06, 2003 10:15 PM Subject: RE: [ActiveDir] FW: Authentication Problems.

[ActiveDir] Exchange, and SPAM filters or blacklist or...

Does anyone have recommendations for a Spam filter or black list service that works well. I have a few clients that are getting thousands of Spam messages a day. And need to know of what works well.   Rick Reynolds MCSE 2000, CCNA, CISSP    

Re: [ActiveDir] FW: Authentication Problems.

I agree, if the drive was mapped, or the resource used, and the machine is not restarted, the acl is stored locally, and if the password changed, you would have to restart.. - Original Message - From: "David Precht" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 06, 2003 9:

RE: [ActiveDir] FW: Authentication Problems.

Tried that many times and didn't work. Juan -Original Message- From: David Precht [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 9:40 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] FW: Authentication Problems. reboot, logoff/logon, tried that? --- Juan Ibarra <[EMAIL PROTECTED

Re: [ActiveDir] FW: Authentication Problems.

reboot, logoff/logon, tried that? --- Juan Ibarra <[EMAIL PROTECTED]> wrote: > > Hello to all, > > I am experiencing the following problem at a client. > > We forced all employees to change their password, by > going to AD users and > computers and checking the box "user must change > passwor

[ActiveDir] FW: Authentication Problems.

  Hello to all,   I am experiencing the following problem at a client.   We forced all employees to change their password, by going to AD users and computers and checking the box "user must change password at next logon"   It appeared that everything worked fine until we started noti

[ActiveDir] Authentication Problems.

Hello to all,   I am experiencing the following problem at a client.   We forced all employees to change their password, by going to AD users and computers and checking the box "user must change password at next logon"   It appeared that everything worked fine until we started noticin

RE: [ActiveDir] sidhistory of well known groups

Correct - and I support what is being said by MS - that it will only migrate to the exact SID on the receiving end. However, maybe someone else can shed some light - I'm not sure what the setting is to allow it in ADMT at the moment. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory

RE: [ActiveDir] No logon servers available

Title: Message Windows VPN or RAS?  What are the clients running? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 9:42 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] No logon servers available Hi, We've just upgraded

RE: [ActiveDir] sidhistory of well known groups

Graham, The solution that Rick describes in his post is similar to the one that we used when faced with this challenge. Solving the domain admins issue was rather easy because not many users where domain admins and file shares were not acl'd using the domain admins group. What you want to watch

[ActiveDir] No logon servers available

Title: No logon servers available Hi, We've just upgraded our NT domain to Windows 2000 Active Directory. The upgrade went very smooth with few issues. The problem that we're having is with VPN users. When working from home, users can access email and other applications but they are unable t

RE: [ActiveDir] Single sign-on

SQL Server has an option to use integrated authentication, it works well in most situations.  Extranets or public internet sites would be one area where you would probably not want to use that option. "Sharma, Shshank" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 06/06/2003 01:15 PM Pleas

Re: [ActiveDir] EXMERGE

You need to get the Microsoft BackOffice Resource Kit, Second Edition in order to use exmerge. http://support.microsoft.com/default.aspx?scid=kb;EN-US;174197 Rob Freeman Fleetone - Original Message - From: "Salandra, Justin A." <[EMAIL PROTECTED]> To: "ActiveDir (E-mail)" <[EMAIL PROTECT

[ActiveDir] EXMERGE

I need a copy of EXMERGE for Exchange 5.5, does anyone have? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 primary office 917.455.0110 cell [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: h

RE: [ActiveDir] Please Help

Title: Please Help I think that Anwer is correct. He was able to add the computer account to the domain using his credentials because that action has to go to the PDC which obviously has the account. His local BDC can not do that and can’t authenticate him because it doesn’t know about him

RE: [ActiveDir] Single sign-on

Title: Message  >  To provide web based stuff you're looking for then we're in the middle of implementing Novell iChain - we run both  > NDS and AD, but I'm told it can be installed against either (or any LDAP v3 directory).    Web-based stuff, yes. But I am looking at apps that dont necessa

Re: [ActiveDir] FSMO roles issue

I would highly recommend making sure that your FSMO role holders are fully connected. But if for some reason this is not possible, below is the answer to your question. Schema Master - Only needs connectivity if you are updating the schema. Domain Naming Master - Needs full connectivity. If it

Re: [ActiveDir] No logon servers available

Title: Message did you renew the certs on the server, and each client needs to request one as well - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 06, 2003 4:51 AM Subject: RE: [ActiveDir] No logon servers available All

[ActiveDir] FSMO roles issue

Hello AD Folks, I've got a problem of configuring my firewall. I need to know what FSMO role holders (PDC Emulator, RID Master, Infrastructure Master, Domain Naming Master, Schema Master ) must be contacted by every DC of the forest. I heard somewhen the same problem reported. The people told th

RE: [ActiveDir] Please Help

Title: Please Help Have you synchronized the BDC with the PDC?   Anwer Abbas, MCSE, CNA,  MCP, CCNA, A+ IT Manager Interactive Network for Continuing Education Phone: (609) 819-4152 Fax: (609) 409-5965 www.ince.com       -Original Message- From: Juan Ibarra [mailto:

[ActiveDir] Please Help

Title: Please Help Hello, to all, I have the following problem. I have a user in a remote office that some how manage to screw up his system running windows 2000.  What I did was configure a new HD and shipped out to him.  I was able to log on to the NT domain as him, configure his email a

Re: [ActiveDir] Single sign-on

Title: Message Since you are using AD, if you are using IIS you can use integrated authentication in many circumstances for single signon--Sent from my BlackBerry Wireless Handheld  - Original Message -  From: ActiveDir-owner  Sent: 06/06/2003 07:53 AM  To: "'[EMA

RE: [ActiveDir] sidhistory of well known groups

Rick, thanks for the reply post. membership of these groups not the issue - i take your point though it is more to do with the ability to translate the security of the resources which as i understand wont happen without an entry in the ADMT database - but thinking about it I don't need to do

RE: [ActiveDir] No logon servers available

In the past I've had users check off the Dial Up Networking box as soon as the logon screen appears.  Then the users selects a VPN session to dial/connect too.  Give that a shot in a test environement.[EMAIL PROTECTED] wrote: All clients are running Windows 2000 Pro with SecuRemote v4.1. -

RE: [ActiveDir] No logon servers available

Title: Message All I can think of is check the WINS settings on the client and make sure the clients have the correct DNS servers when trying to login and that you can resolve server names to ip addresses when logging into your vpn solution.  I would also check with your VPN solution provid

Re: [ActiveDir] Single sign-on

Typically, there are very expensive packages that a difficult to maintain which set up a wrapper around each application to handle authentication. Some of these actually reduce security. If you want to build a single sign on solution you have to get pretty deep into delegation and kerberos rea

RE: [ActiveDir] sidhistory of well known groups

Graham, You cannot migrate the well known groups from one domain (or forest) to another. The SIDS are universally the same. ADMT will attempt, however the well-known already exists, and you cannot migrate it. Our solution was to take an inventory of who / what was member of the groups (or inclu

[ActiveDir] sidhistory of well known groups

Dear all, have posted quite recently with no feedback so hoping this time round to get a bit more info, still looking at strategy for migration of the well known accounts - "Domain Admins" / Domain Users on which a lot of domain security is based. thought this was where the Group mapping and me

RE: [ActiveDir] Exchange 5.5 and active directory connector errors

Have you setup all your connection agreements correctly to replicate two way from exchange 5.5 to AD? Have you setup a Public Folder Connection Agreement?   -Original Message- From: Rick Reynolds [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 2:06 PM To: [EMAIL PROTECTE

RE: [ActiveDir] Single sign-on

Title: Message To provide web based stuff you're looking for then we're in the middle of implementing Novell iChain - we run both NDS and AD, but I'm told it can be installed against either (or any LDAP v3 directory).   Basically it's a reverse proxy that sits between you and the web server,

RE: [ActiveDir] No logon servers available

Title: Message All clients are running Windows 2000 Pro with SecuRemote v4.1. -Original Message-From: rick reynolds [mailto:[EMAIL PROTECTED]Sent: Thursday, June 05, 2003 11:55 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] No logon servers available what os?? on the clie

RE: [ActiveDir] Exchange 5.5 and active directory connector errors

That message comes up if the install account does not have the proper privileges.   I used the exchange 5.5 service account which is a domain administrator to install.   Ken   -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 200

RE: [ActiveDir] Single sign-on

>From what I've heard (no personal experience), MMS 2.x was a pain, MMS 2003 is quite easy for common scenarios. There are other meatdirectories (Novell, CriticalPath, Siemens, IBM, etc.) They are industrial strength metadirectories but are time consuming (read: expensive) to implement. There are s

RE: [ActiveDir] Remote Office Domain Controllers

>From a network traffic point of view, it doesn't it makes sense to put DCs at the remote sites. The concern I would have is the reliability of the links... No linky, no login. -gil -Original Message- From: Carstensen, Pete [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 8:41 AM

RE: [ActiveDir] Single sign-on

RSN* -gil *real soon now -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 7:21 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Single sign-on Is MMS3 general availability yet? Roger -

[ActiveDir] Exchange 5.5 and active directory connector errors

While trying to install Exchange 2000 where the active directory is installed. I keep getting the following error.   Setup has detected that the Exchange 5.5 site your server belongs to has not replicated to the Active Directory yet. You can either wait for replication to complete and try t

RE: [ActiveDir] Single sign-on

That is correct, for the Enterprise version. Its roughly $25,000 per processor. Interesting, that seems to be the per processor cost of most of the MS Enterprise apps. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inov

RE: [ActiveDir] AD DNS: CNAME/Alias

It is a known issue, but if you are running SP3 then you can set the reg key described in this article to resolve the issue: http://support.microsoft.com/?scid=kb;en-us;281308 - Dave -- Original Message -- From: Roger Seielstad <[EMAIL PROTECTED]> Reply-T

RE: [ActiveDir] Single sign-on

Title: Message Right, sure that's the context I was thinking about. So, what are people typically doing, getting some stuff like this, and then cobbling together a single sign-on solution unique to themselves ? Or are there more generic tools out there, ofcourse ones which cost more and make

RE: [ActiveDir] Single sign-on

And is it good for single sign-on implementations for apps having disparate databases, Oracle, SQL Server et al ? Any used-it-and-this-is-what-we-ran-into kind of stories, anyone ? ./Shshank -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003

RE: [ActiveDir] Force Logoff

My understanding is that it is 'not' supposed to log them off of the machine. It keeps them from making any additional authenticated connections on the network and 'logs off' any authenticated connection that have already been made. If you want to 'log off' the users use the 'logoff.scr' (I think t

RE: [ActiveDir] Single sign-on

RC1 is on msdn universal subscriptions.  It was supposed to be available to general public in gold release 90 days after Windows Server 2003 launch. Roger Seielstad <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 06/05/2003 10:21 AM Please respond to ActiveDir                 To:        "'[E

RE: [ActiveDir] Single sign-on

Just a fyi - On a MS sponsored Windows Server 2003 Readiness course last week our guys were told that MMS 3.0 would cost £25,000 (may have been $s) per processor. Which is a stunning amount of money - in either currency Stephen Wilkinson Tel: +44(0)207 4759276 Mobile: +44(0)7973 143970 E

[ActiveDir] Remote Office Domain Controllers

We have several (6) remote offices, each with 5-10 users, that are connected via 256K FR circuits back here to the corporate office. At the present time, they are used for F&P services, wins, and dhcp. We do have plans to implement SMS in the future for software rollout and desktop management. A

RE: [ActiveDir] WinPE and RIS

Title: Message So, its a pretty CLI then.     -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June

RE: [ActiveDir] WinPE and RIS

Title: Message We have a copy of it from our Select agreement.  It has the default WinXP background but only the command prompt can be used.  Maybe the background is what he is referring to as the GUI?   Mike From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 11:1

RE: [ActiveDir] Single sign-on

Best low cost alternative is called Simple Sync from CPS Systems. It also doesn't come with the Microsoft only limitations of the free version of MMS2003 -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > --

RE: [ActiveDir] WinPE and RIS

Title: Message The one that I have from my MCS folks is CLI only - no GUI.  FWIW.   Rick Kingslan  MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [E

Re: [ActiveDir] WinPE and RIS

Title: Message I have the Select version and it runs the standrad xp graphical background with its only interface being a command prompt window. Not much of a gui --Sent from my BlackBerry Wireless Handheld  - Original Message -  From: ActiveDir-owner  Sent: 06/05

Re: [ActiveDir] Single sign-on

MMS 3.0 definitely does not have a consulting requirement, its licensing was brought out before. The enterprise version is 25k per processor, I believe. -- Sent from my BlackBerry Wireless Handheld - Original Message - From: ActiveDir-owner Sent: 06/05/2003 04:

[ActiveDir] Force Logoff

Hello, I'm having a problem with the force logoff (Automatically log off users when time expires) in my GPO. I have all the users times from 10 pm on in to the morning to logon deny. This is supposed to log them off of their machine, correct? Well is doesn't. All the client machines are

Re: [ActiveDir] Single sign-on

MMS 3.0 is a lot easier then the old 2.2 version. 3.0 will be availible this summer and can be configured by the customer. It's not that clunky and now comes with a nice wizard that helps you through the process. You still needs to know what you are doing because it's not really easy. The biggest

RE: [ActiveDir] WinPE and RIS

Title: Message That sounds suspiciously like XP Home...   WinPE is designed as a CLI envrionment to replace DOS.     -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From

RE: [ActiveDir] Single sign-on

Are there any other products out there similar to MMS? When you say "clunky to set up and configure", are we talking months? Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn Corbett Sen

RE: [ActiveDir] Single sign-on

Is MMS3 general availability yet? Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Rick Kingslan [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 04, 2003 11:36 P

RE: [ActiveDir] Replication Problems...

I'd agree with you on the consultant. I'm guessing that what you're seeing is the result of an inconsistant replication topology. I'd even be willing to bet that what's happening is the KCC is constantly modifying the topology, and its never fully acquiesed. --

RE: [ActiveDir] Replication Problems...

It would entirely depend on if there is an underlying IP addressing scheme that would lend itself to being subnetted - in this case there appears to be one, as it used to be subnetted. So, in this case, you just create subnets in AD that reflect the local group of IP's in each office. You are corr

Re: [ActiveDir] User Security Problem

Tim, the user is most likely a member of a protected group. See this article: Delegated Permissions Are Not Available and Inheritance Is Automatically Disabled http://support.microsoft.com/?kbid=817433 For a sample about how to manipulate the permissions on this object (since the GUI doesn't re