what this is all about trying to automate from the domain configuration the
container into which a computer which is joined to the domain using the
Ghost imaging software which apparently does not seem from the client side
to accept the DN of the target OU - only understands a domain name
as such
Does anyone know if it is possible (and if so how and where) to change the
priority with which object attribute data is replicated throughout an AD ?
For example, when we create new users and include a profile path for
Terminal Services it can take 20 minutes longer to replicate than other data
The issue you'll run into is that the computer GPO and user GPO settings
aren't identical - there is some overlap but not significant enough to be
able to exclusively use one or the other.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr.
Title: Message
True.
Although I was envisioning controlling the startup script creation through that
user's login script. In other words, if you know only these 300 users should be
affected, only change their login scripts. Its a small, but in my mind somewhat
significant, difference.
Isn't replication USN based only - meaning that the value of the attribute
isn't relevant, just the fact that it was changed, as indicated by the USN
incrementing?
I have to go back and look up the password propagation pattern (PPP?) again.
For some reason, I recall it being standard replication
Are you referring to opening the GPO on each workstation to disable the
user/computer settings?
Thanks.
Charles
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Wednesday, July 30, 2003 18:57
To: [EMAIL PROTECTED]
Subject: RE:
Title: Message
Yep
absolutely which is where my caveat came from. However anyone who gets their
hands on the machine is pretty much golden even without this if they know what
they are doing or have spent more than 30 minutes in many of the public
newsgroups or had a friend give them a
I believe Justin asked the question because the gpresult output shows the LAN Policy
twice in various places. This is unusual, e.g
Computer Received Registry Settings from these GPOs:
Local Group Policy
LAN Policy
LAN Policy
Without knowing more about your environment
Well, I must have a serious problem...
I changed the name back to Default Domain Policy. Rebooted the server.
Waited approximately 30 minutes, then ran GPResult from the Server. Below is
the result: (More info after results)
User Group Policy results for:
CN=Administrator,CN=Users,DC=
This works well for a single domain.
Dave, Any caveats for the multiple NT 4.0 domains ?
We do have another, smaller, not-so-AD-hungry-as-yet NT 4.0 domain that we
might consider merging into AD realm in the future.
Would that be a problem ?
Some things to watch:
- make sure you know how
Charles,
I'd suggest strongly not to conclude that there's a problem simply because
of this output. If you aren't seeing errors, there is no problems on the
system (i.e. incorrect behavior, crashing, improper application of GPO or
missing / incorrect settings) and the Application and System
Just install 812499 and get away from the whole silly notion of having to
figure out which DC you need to do the set at. MS was silly for ever
requiring that in the first place.
-Original Message-
From: deji Agba [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday,
What - you have a problem with the walking dead? ;P
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe
Sent:
With that caveat, future methods could use what I suggested in some of these
posts with having two scripts. The computer script which adds interactive,
and the logon script that removes it and adds the first interactive logged
on user or some variant on that if you want it to ignore certain admin
See comments inline
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sharma, Shshank
Sent: Thursday, July 31, 2003 4:29 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Planning the migration from NT4 to AD
This works well for a single domain.
Title: Message
By default, the Domain Administrator is a recovery agent,
not the local admin. However, even the Domain Administrator can be removed
as a recovery agent.
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
Yes replication is USN based. However if you make a change to an
attribute normally that is the same exact value, AD tricks you and
responds to the request like it made the change but doesn't really
update anything. I haven't tested that with the password fields but
would expect that it works the
Yep, don't let them change in multiple places. We make them hunt out the
PDC and make the change there. If they can't get to the PDC they just
grab the default DC for the domain.
That product has gone through quite a bit of change in the last year or
two, we beat them up pretty bad as they
Title: Message
http://www.psynch.com/
The
self-help reset stuff is very nice to have.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Mayet, Yusuf YSent: Thursday, July 31, 2003
12:14 PMTo: '[EMAIL PROTECTED]'Subject: RE:
Only in my AD. Other than that they are free to move about the cabin.
:o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Thursday, July 31, 2003 10:49 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] how to re-establish a w2k trust
There are only a few pieces of critical security data that should
replicate faster than a majority of the data and that really is only
within a site unless you have enabled change notification between sites.
Changes still queue up on bridgehead and replicate out to other sites
through them during
The changes are all passed immediately to the PDC FSMO holder (assuming
the mastering DC can reach it) and then the changes replicate out from
both places slowly converging around the domain. If you change on
multiple domain controllers all of those would be passed to the PDC FSMO
and then the
22 matches
Mail list logo
