The rollback possibilityis a interesting issue.
I've looked into this and came across the following quote from Microsoft:
"While the Windows Server 2003
functional level provides a number of features and advantages, you might choose
not to move to this functional level if your environment
Hi,
Can anyone answer this?
Scenario:
I have just deployed W03 AD for our enterprise, and in the
process of creating a multipurpose management console for our support centre,
which I have successfully managed to do for all the AD bits, but does anyone
know a way of getting
Forcing a replication sounds like fixing a problem that shouldn't be
there... But let's give it a try. Mayby we can find another way of solving
your problem.
First of all, you want to be in charge of the decision of choosing the DC on
which the computer account is created. This can be done by
Nup, becuase they have not been written for MMC. That was
the big thing about MMC framework. You would have to distribute them
separately.
Regards
Matjaz Ladava
From: Pararajasingam,Anton
[mailto:[EMAIL PROTECTED] Sent: Wednesday,
November 05, 2003 1:04 PMTo:
'[EMAIL
While it is possible to some extent to manage a 5.5 server
with up-level tools (Exchange 200x ESM) it is considered best practice to use
the 5.5/NT tools for 5.5/NT and to use the MMC for Exchange 200x/Active
Directory. There are limitations and quirks you'll run into
otherwise.
As was
When specifying DHCP servers in the DnsUpdateProxy, should the ACL For the record
show the machine account (DHCPSERV1$) or should it show (DNSUPDATEPROXY)?
I'm looking at some Zones, and I see that the DHCP server as having FullControl, and
the owner as SYSTEM.
Would a 2nd DHCP server in the
When you add servers to the DNSUpdateProxy group, it basically REMOVES any
security of the objects by granting Authenticated Users Full Control to
the DNS record = this is what allows other DNS servers (or whoever is added
to the DnsUpdateProxy group) to overwrite these records.
As such you
Guido,
Thanks for the Response.
Since DNS is running AD integrated on the DCS, and runs under the System context, they
don't need to be added to this group,correct? I think you meant that Stand alone DNS
servers would need to be added to this group to facilitate updates,correct?
Since coming
Yes, you DON'T want your DCs to be added to the DNSupdateProxy group, even
if they run DHCP services. Only Stand alone (i.e. normal member servers)
should be added to the group. I would sincerely suggest that you remove
your DCs from the group as you're currently rather unprotected = you could
John - it sounds like Mark is talking about a 2000 domain -
not that it makes too much of a difference, but 2000 doesn't know about
functional levels (especially not about forest functional levels). Mark,
correct me if I'm wrong.
However, since in 2000 the domain mode really only effects
look at the ACL with ADSIedit - it should not be empty. Is there an
Everyone ACL?
-Original Message-
From: Jef Kazimer [mailto:[EMAIL PROTECTED]
Sent: Mittwoch, 5. November 2003 22:07
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DHCP - DNS - DnsUpdateProxy Group
Guido,
Thanks. I
Guido,
I know my description is not doiong justice to what I am seeing. :)
The ACL has an ACE for Everyone, Authenticated users, DnsADmins, etc
it lists Authenticated Users as Special and when you look at the properties, it
shows the Read All Properties and Write AlL properties, but NONE of
Yikes! Wanting to roll-back an Active Directory
native mode change...
I can tell you from past experience, the older samba SMB
stuff does tend to break in a native mode domain. That gives cause for
concern if you're going to go native mode and start to wonder if any other
applications are
it does makes sense, as you've probably got a permission set that's filtered
from the UI (via the dssec.dat file in you sytems32 folder...) - that's why
you should look at it via ADSIedit, which doesn't filter any permissions in
the UI.
I don't have anything to test around here right now so I
I did look at it with both the DNS MMC, and then went into ADSI Edit as you suggested.
They have the same empty boxes.
Weirdness I tell you! Weirdness!!!
Original Message:
From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DHCP - DNS -
Does a VPN server have to have 2 NICs?
Can't you have a VPN server behind a firewall Natted?
Justin A. Salandra, MCSE
Senior Network Engineer
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
Maybe I should back up here. DO any of you have documentation on how to
setup a Windows 2000 Server as a VPN server?
WHen I set up the server manually, I can connect but then after about a
minute I lose the connection. My server is only using 1 NIC Card. I have
the firewall all configured
No, one will work. But you have to manually configure it.
I don't think any of the MS docs cover this though.
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 05, 2003 8:15 PM
To: ActiveDir (E-mail)
Subject: [ActiveDir] VPN
Does a VPN
I keep losing the connection after 1 minute, any ideas?
-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 05, 2003 8:58 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] VPN
No, one will work. But you have to manually configure it.
I don't
It's a tough question to respond to in one sitting. So, I hope these references help you along the way:
VPN on
20 matches
Mail list logo