during replication you doen't need to reach a GC - but you do need to reach
the _msdcs zone of the forest root, which contains GUIDs of the domains and
all the DCs. These are used to setup the replication links (not the names
of the DCs).
hosting a secondary zone of the _msdcs zone of the forest
just replied on the gripe thing ;-)
and yes - pls. allow for replication of the tombstones (in reality you'd
not necessarily have a chance to take down your production DC on which the
deletion was performed before it replicates the tombstones out to other DCs
of the same or another domain).
Title: Message
Hi,
If one of the domains in a
forest dies on you the procedure is as follows (in a
nutshell):
* Install the OS or reboot in
DSRM if possible
* Restore system
state
* No need to authoritatively
restore the database!!!
* Increase RidManagerPool in the
domain
* Seize domain
Return Receipt
Your
RE: [ActiveDir] Recover a Domain document
:
I'm troubleshooting win95 clients that have to map a drive to a windows
2003 member server in AD 2003. The win95 clients login locally with an
account called Generic The win95 are terminals and aren't in the
domain. To get around mapping to the w2k3 member server share, we
created a guest user
Thanks to Brent and Arden who have given me some
insights, though I'm not fully successful yet, but I
can see a progress...
Apparently, my biggest problem was the DNS server
setup. I managed to come over the problem (phiughh)
Now, the problem is when a client wants to login with
the domain set
Anyone know of a way to restore a child domain for a DR test, without any connectivity
to the root domain of the forest?
I don't need the chema or domain naming roles.
I just want to get up and functional enough for user access and basic everyday use.
This also involves restoring Exchange
i have a question here:
unless something has changed, domain admins should be populated in the
local administrators group when you join the domain...so, by default
they should have remote access rights.
there are ways to block this with policy, and the most obvious one would be
to use
We are trying that route, however they can be very stubborn some times.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, Robert
Sent: Wednesday, March 24, 2004 3:41 AM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] Exchange
I believe their firewall is using NAT. There is no IPSEC anywhere.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 3:55 AM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] Exchange 2003 and
If you don't have the forest root DNS zone then you are missing the _msdcs zone which
is needed for replication to occur.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kern, Tom
Sent: Wednesday, March 24, 2004 1:35 PM
To: [EMAIL PROTECTED]
Subject:
Title: [ActiveDir] disaster recovery
Just out of curiousity, why did you deploy a forest root
structure? Why didn't you go with a single domain
structure?
Otherwise, Who manages the schema without the root?
Who manages the domain naming master in your environment (both are at the root,
I thought that was the case Domain Admins have access to Remote Desktop by
default. But how do you activate it via AD. If the Allow users to connect
remotely to this computer is not checked this is useless.
Lynden
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
I tried this last night on my test machine and the domain admins are
automatically populated in the local admin group
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, March 25, 2004 15:17
To: [EMAIL PROTECTED]
Subject: RE:
Title: Server Membership
Does anyone know if a server is taken off the wire, how long before its machine account is removed or out of synch with the domain? We regularly break a mirror of the OS when we do service packs and patches. A drive may sit on the shelf for a few days before we decide
You can use this custom ADM to enable that little check box. I can't
claim credit for it however. It was posted by a guy named Joe Elway from
Ireland on the GPO forum I moderate. Pretty useful.
;;;
CLASS MACHINE ;;
;;;
CATEGORY
Title: Server Membership
30 days is the default machine account password renewal
interval--I believe--on Win2k and above.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Strand,
TedSent: Thursday, March 25, 2004 8:45 AMTo:
[EMAIL PROTECTED]Subject: [ActiveDir] Server
If it's Windows 2000 the password is automatically changed every 30 days, but you have
the option to disable this, see:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;154501
Tony
-- Original Message --
Wrom: OTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGD
I have a issue here that I am struggling with. On Exchange 5.5, I was able to add
people to be able to modify the membership of DL through outlook without them having
to be the Manager or owner of the DL.
Now that I am on Exchange 2003, what permissions do groups or user accounts need to
have
going to AD was something decided by the higher ups to merge my corp and our sister
corp into a smealess whole. The sister corp already had AD in place and they own the
root. our IT depts. don't exactly communicate or relate to each other very well :)
i'm sure its like that in alot of places.
well, at least on my xp box
setting a gpo on my test ou
computer configuration/administrative templates/windows components/terminal
services/allow users to connect remotely using terminal services...setting
this to enabled, checks the box, and greys it out
imho, much better to
Yea, that works too :-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, March 25, 2004 9:59 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Remote Desktop
well, at least on my xp box
setting a gpo on my test
To All:
I have a Remote Desktop issue that is driving me nuts. Servers are Windows
Server 2003.
I have a root domain spread across to two different sites, both physically
(East Coast and West Coast) and AD wise (AD East and AD West).
My two Enterprise Admins are members of a child
Anyone using a
dedicated appliance for DHCP instead of the builtin service for 2000 /
2003?
Im looking for
something both intergrates with 2000/2003 andhas very very granular
control over the tasks associated with DHCP. Like only able to add/remove
reservations (and not change/add/delete
What error does he get when trying to connect using
a terminal session?
- Original Message -
From:
Gilbert, Daniel L Mr
ANOSC/FCBS
To: ActiveDir
([EMAIL PROTECTED])
Sent: Thursday, March 25, 2004 1:58
PM
Subject: [ActiveDir] Remote Desktop
Issue
To
I don't have terminal services. How can I get an up-to-date adm
Lynden
-Original Message-
From: Darren Mar-Elia [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 25, 2004 1:14 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Remote Desktop
Yea, that works too :-)
-Original
Title: [ActiveDir] disaster recovery
Ad is supposed to be a enterprise
directory where most enterprises span the globe and have multiple sister corps
or corps they've merged with or aquired. these corps have thier own domains and
IT depts.
That's not how AD is supposed to be - that's merely
it must be the default xp templates...if you create the policy from an xp
box, it should use them..
|-+--
| | Philadelphia, Lynden -|
| | Revios Toronto|
| | [EMAIL PROTECTED]|
|
I never thought to decentralize the administration of DHCP,
but wouldn't that be possible with Active Directory
permissions?
Lucent used to have a product that you may want to take a
look at. Can't recall the name, but it may have what you're after if the
Active Directory permissions route
I think our
WAN guys evaluated some appliance from Infoblox, I didnt get to see it.
We stayed with the OS-based solution
mc
�
Folks,
I'm the one who started this thread and this discussion has be very
informative. The one lesson I got from this is the importance of having a
test environment and testing various restore scenarios. That has proven
hard to sell to management but I'll press harder.
Not having experience
I am setting a lab to test AD migration and have a question about
_Msdcs.domain.com Zone Creation.dcpromo with DNS configured
first:installed DNS and forward lookup zone (domain.gov). Server
points to itself as primary DNS server and registered itself in the domain.gov
zone.I then ran
No error message. He gets the logon
prompt, logs on, the screen flashes applying settings then the
terminal session screen closes out.
Really weird.
Dan
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Tim Hines
Sent: Thursday, March 25, 2004
12:35 PM
To:
33 matches
Mail list logo
