Yep - entirely possible. Me, I prefer running it the
other way around - Windows DNS for hosting the AD and a secondary on the
Linux server running BIND, but to each his own. The key is to use the
later versions of BIND and to config the dynamic update properties to allow the
myriad of zone
Hello Everyone,
I am a newbee to W2K domain design and I hope to receive some help from you experts out there.
Scenario - We are creating a new domain with w2k as DC/AD. In the same domain, we will have Linux 7.2 server and one more w2k server. In the end, Linux will run as primary DNS and one
So, you're thinking with ATM between DCs I can crank up the holdback timing
and pause rates? Neat.
;op
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
> ___
Joe,
Make no mistake - I think the change *IS* for the better -
consistency is better than inconsistency. But, it really shouldn't be this
way in the first place. There should be no reason for me to have to weigh
the averages or go from domain to domain to determine what the REAL
members
Cool in that case I would do the same... Also if it is W2K and your
bandwidth can truly handle it I would turn down the timing for holdback and
pause between dsa's.
joe
> _
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Diane
Don't forget about heapdecommitfreethresholdvalue (?) for servers over a
GB...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, November 17, 2003 5:18 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Virtual Memory Fragmented
The biggest concern is not really the replication traffic and wanting to
throttle the traffic but trying to localize the authentication. I've turned
on change notifications and we'll see how this works. Thanks for the
refresher on urgent replication and good point on the bridge head traffic.
Dia
Urgent replication really isn't... It is urgent queuing of a replication
request in actuality or at least from what I have observed. Basically you
quickly stick a replication request into the queue of all change
notification partners. They process it in the order and priority received...
i.e. it wo
I'm
sending one too, but it is going to say great job! Thanks for working towards
consistency. :o)
It
should be good weight as well because I usually am complaining about something.
Last time I talked to him I was trying to talk him into giving me AutoGroup - No
I don't mean AutoDL.
Yeah
but unless all of your DC's are GC's, there is a good chance of seeing
inconsistent results. That is even harder to explain to users.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Isham, Alan
ASent: Monday, November 17, 2003 1:41 PMTo:
[EMAIL PROTECTED]
Ok, newbie
here...
We're preparing to
upgrade our Single Forest (Windows 2000 AD Domain) to a Windows 2003
Domain.
We have 3 Domain
controllers all 2k, all running DNS.
My question is, do I
have to Run ADPREP on all domain controllers or can I do a straight upgrade on
all DC's withou
Title: RE: Inter-site Urgent replication
Never mind. Google to the
rescue... Thanks for your help.
Diane
Change Notification Between Sites
By default, changes are replicated between sites according to a schedule and
not according to when changes occur. For this reason, the greatest repl
Title: RE: Inter-site Urgent replication
We are at SP3. I've gone through
most of those articles already. re-reading 232690 it does refer to my
issue:
"Windows 2000 enables
change notifications to propagate across inter-site connections. This is
administratively configured on each site-l
Dump the /3GB switch, it is for Enterprise Edition Only
-Original Message-
From: Steve Shaff [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 5:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Virtual Memory Fragmented
I will give this a try.
No, this is Windows 2003 Standa
Title: Message
Hi Jason,
Although I'm aware that there are
security holes etc, I've used IISADMPWD to achieve what you're
after. It allows you to dictate that a user must change the PW upon logging on,
let's them change it whenever they'd like etc.
HTH,
Katherine
-Origina
Actually, for Windows 2003 you should be able to use the /3gb switch even on
standard version. That limitation applies to Windows 2000 last I checked.
-Al
-Original Message-
From: Dryden, Karen [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 5:09 PM
To: [EMAIL PROTECTED]
Subj
As long as this is on the intranet and you restrict the IPs that can perform
zone transfers, there should be no security problems. That's not to say
your security team can't invent a problem :-)
Regards,
Robbie Allen
http://www.rallenhome.com/
http://www.rallenhome.com/blog/adcookbook/
> -O
Title: Message
I understand your two’s apathy
towards software vendors, but to be fair I think we have to acknowledge that user
profile migration on machines is a tricky operation because of the changes on
the platforms over the years, and that there are probably circumstances that
complica
If you're using Standard server and it appears you are, you should NOT be using the
/3GB switch.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mulnick, Al
Sent: Monday, November 17, 2003 5:04 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Virtual Memo
I will give this a try.
No, this is Windows 2003 Standard running Exchange 2003 Enterprise.
Thanks
Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 1:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveD
Did you notice the first post that was out there that linked to eventid.net?
There were some other suggestions in there that may be of use to you. Also,
in Exchange 2000 this was considered a mostly benign error if you weren't
using clustering which is what the event was put in there mainly to add
Title: Message
That
would be ideal, but due to the security requirements, we have to change the
passwords constantly. I would like to have this domain use their usernames and
passwords from the PDC, however, that isn't allowed either.
-Original Message-From: Rick
Reynolds [mail
Create a new pagefile specify same size for min and max
Delete current pagefile
Create new pagefile to replace deleted page file and specify same size
for min and max
This is Windows 2000 Enterprise edition, isn't it?
-Original Message-
From: Steve Shaff [mailto:[EMAIL PROTECTED]
Sent:
Title: Message
the only way I found is to have them never expire
for the web users.
We require hard password, ie numbers letters
and at least on special character.
and domain users have to change every 42 days,
Remote and web only users never
expire.
Rick
- Original Message ---
I already have put into place the /3gb switch before this all happened,
as seen below.
Any other ideas?
Thanks,
S
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003,
Standard" /fastdetec
Title: Message
Hi all,
We have an intranet
site running on IIS with SQL Server 2000 that uses Active Directory to control
user access and passwords. The problem is that under the current set-up, I have
to go into Active Directory and change each users password once a month which is
a pai
the paper is released to production - you shouldn't need to hold your breath
much longer. It should be out on http://www.microsoft.com/downloads/ by
11/25.
/Guido
-Original Message-
From: Free, Bob [mailto:[EMAIL PROTECTED]
Sent: Montag, 17. November 2003 07:03
To: [EMAIL PROTECTED]
Subj
Have not check to see if it replicated will do that. Also it's a GPO applied at the top level so I was thinking it should go to all the users.
Ryan McDonald
Systems Administrator
The Bankers Bank
770-805-2304
"Creamer, Mark" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
11/17/2003 04:11 P
Has it replicated to the netlogon share of
each dc? Are you sure the script is assigned to each user’s account?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003
4:06 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Gro
I just setup a simple login script to map 2 drive, now some people are getting it and some are not, The 2 people that are getting it are XP the others are windows 2000. Any ideas?
Ryan McDonald
Systems Administrator
The Bankers Bank
770-805-2304
yeap Rick, agreed - as mentioned before, it'll cause
confusion. Yes, I talked to Andreas about it - he'll be aquainted with the
topic, but may have to pass it on to other folks himself.
From: Kingslan, Rick T.
[mailto:[EMAIL PROTECTED] Sent: Montag, 17. November 2003
20:12To: [EMAIL PR
Alan - that's how I see it as well - it's the unexpected
change that I don't like. Especially in environments where Exchange is not
centralized, it is not uncommon that almost all DCs are GCs - here this
"feature" is definitely a loss.
No matter what - it will cause confusion, as it does
Yeah, I already had this in place. Good thought though.
S
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 11:08 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Virtual Memory Fragmented
This may not
Here's an article I found on MS site -
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b329864
This has been talked about quite a bit on the Swynk Exchange list - not
to any great resolution that I can recall...
HTH
=
Arron King
Network & Systems Admi
Are you running E2K enterprise or standard? If standard your not going
to be able to fully utilize the 3G of RAM. If using enterprise then are
you using the /3Gig switch in your boot.ini?
-Original Message-
From: Steve Shaff [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 11:0
This may not be of help - but - with Server 2000 and 4G of ram MS told us we had two
choices to avoid this problem. Downgrade to 1G of ram or upgrade to Windows 2000
Advanced server and use the /3g switch...
- Original Message -
From: Steve Shaff <[EMAIL PROTECTED]>
Date: Monday, Nove
Guido,
So, you're saying that Andreas is the one that we need to
'convince' that this isn't such a great change? I've noted this in my
testing, and know that I've got a huge learning curve with some of my admins,
who don't yet grasp the way that Windows 2000 manages viewing group
membersh
http://eventid.net/display.asp?eventid=9582&source=
-Original Message-
From: Steve Shaff [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 2:01 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Virtual Memory Fragmented
Greetings,
I appear to have a problem with my virtual memory b
Greetings,
I appear to have a problem with my virtual memory being fragmented.
This is on a Windows 2003 Server running Exchange 2003, so needless to
say it is very important that it stays running. The server rebooted,
but in doing so did not start all of the exchange services, which was
very bad
Joe, thanks for the reply.
Similarly, Intel has developed a command line tool to
enumerate all group memberships, but for mass consumption by the "office worker"
community, you can't beat an out of box, graphical user interface solution
from Microsoft. Yes, I did say that.
Alan A Isham
Guido, thanks for the reply.
I don't like "the feature" and would consider it a
takeaway from the Windows 2000 version. We've spent considerable time
teaching our "office workers" how they can locate ALL groups they are a
member of. The belly aching I heard before will only be magnified
I would ask them there reasons and then post them here...
I cant think of any real reasons as long as your servers are sat internally
and talk on your private WAN?
Rob
Hi,
Are there any security concerns or issues with creating a secondary DNS zone and doing
Zone transfer? If you have a root Windows 2000 domain in a different country and
want to create a secondary zone for the root domain in the US, what are the security
issues associated with the configur
Title: Message
I've
got a MUCH easier way to do it.
Set
your Windows boxes up to secondary the zones from the existing DNS servers -
that way you'll get a 100% complete, current file, with next to no effort on
either side.
Then,
when you're ready, simply change the Windows boxes to be e
Here's the LAN Manager Hash article:
How to Prevent Windows from Storing a LAN Manager Hash of Your Password in
Active Directory and Local SAM Databases
http://support.microsoft.com:80/support/kb/articles/q299/6/56.asp
You didn't say if you have AD2K or AD2003 - but:
Check these settings in the G
The part about them not seeing the issues is a problem that I think is being
addressed at some levels (see note about Exchange Rangers and what they
should do for you in previous emails).
The hardcoding of servers is the one that is likely going to pay back the
way you want. It gives predictabi
Title: Message
This is the same one MS sent me on 10/13/03.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Blair
Sent: Friday, November 14, 2003
12:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Window 98
Desktops are being locked out
I found
This actually also goes back to something I have been
saying MS needed for a while. Domain Specific DNS entries for GC's as well
as an additional call type from dsgetdc
I was kinda thinking that too... clients are using DNS to find lots of other
SRV info, seems a logical place to put this too
Title: Message
I’ve never used Aelita, but after
reading this I suspect that many software vendors try to land the sale and run…
until you ask for some functionality when they then say “oh, well, you
can sorta get that to work, but if you really want to do you really need
this “_ A
Samantha,
If I remember have you gone into the 'client for Microsoft Networks'
and set password synch on the W98? I haven't got a machine to verify it
with here but I think it was an option.
BR
Rob
That's a known issue, but I can't remember what's known about it ;)
Seriously, I believe its an issue with the network password hash algorythm
used - something like NTLM v2 is used by default, which 9x client's can't do
without the ADClient.
It also could be related to the setting for client/serv
Title: Message
I had
very good luck the two times I've used the Fastlane Migration Suite from
Quest.
Roger
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
-Original Message-From: Ellis
52 matches
Mail list logo