Title: WASTING RIDs
Hi Everyone,
A few days ago I experienced the following:
I was playing with RID pools, tombstones (deleted objects) en the new "reanimate tombstone API" and the following came to my attention:
Lets say a certain AD environment (W2K3, I think the same happens in W2K) has
Your .dit will not like it if you do it this. You will not like it either.
Why not build a "Phone book" and have it query AD for the users and link the
result to a picture of the queried user. This is how I do it right now. If
you know .Net and would like to see a sample, hook up with me offline.
Check the inventory section on issues involved
325379 - How to Upgrade Windows 2000 Domain Controllers to Windows Server
2003
This article discusses how to upgrade Windows 2000 domain controllers to
Windows Server 2003 and how to add new Windows Server 2003 domain
controllers to Windows 2000 d
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/ac
tivedirectory/deploy/confeat/securead.mspx#XSLTsection126121120120
303305 - "Access Denied" Error Message When You Use the Active Directory
Sites and Services Tool
If you are in a domain in which a user or group has been
I have two AD domains, of which one is subdomain to the other.
In the child domain, most users are members of a number of security
groups in the parent domain.
All was well until recently, but after raising the domain and forest
level to 2003 i can no longer see the child domain users parent doma
Michael-
SI uses the MSI product code (aka product id) to determine whether an
application is installed already or not. I think that if you have an
upgrade relationship between v.1 and v.2 and the Product codes are the
same, then it will ignore the upgrade.
There are a lot of options for troubles
Forest Prep will prepare your forests for the Windows 2003 upgrade. IT
will also expand your schema at that time.
S
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Tuesday, April 06, 2004 12:01 PM
To: [EMAIL PROTECTED]
Subject:
It is actually a per-user assignment in a Windows 2003 domain. So, I
have configured it to install at log on as you had mentioned Darren.
What this particular application does is install a button on the toolbar
of Outlook to access a form that has been published in our Exchange
environment. Fair
Michael-
Are you doing per-user assignment or per-machine? In general, if you do
a per-user assignment, the application is only "advertised" for install
on first use at logon, rather than fully installed. The exception to
this is that software installation policy in W2K3 supports a new option
on us
Kind of had my hopes up for this one but I just tested it on 4 different
computers and still the same outcome :-P
I wonder if whatever *was* installed that was shown in the Event Log
tainted any further testing that I did afterwards.
That wouldn't make much sense though because I am forcing a req
I know that I used to have problems with leftover regkeys for the packages
that had been previously deployed when I was using the same machine for
testing. Search the registry on that computer for the exact package name
and remove the keys associated with it (if they exist).
Craig-
Pretty much any MSI can be deployed via Group Policy. The limiting
factor will be whether you need to transform it for your environment and
if it provides tools to create transforms so you don't have to do it
manually.
Darren
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EM
GPO's support the use of .MST answer files (transforms), there are also
many utilities around that create before/after snapshots and generate an
.MSI package from the installed files (WinINSTALL, Wise Studio etc.), so
there are a lot of ways to get around what's supported "Out-of-the-box"
and what
You might try Appdeploy.com
But, still, if it comes in MSI format, it should be deployable via GPO.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Craig Gauss
Sent: Tuesday, April 06, 2004 9:32 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] MSI Deploy
Yes actually I was.
I have done other tests using different machines, but that particular
test I used the same machine for. I will try it using a different
machine. I did force the GPO to uninstall the assigned application from
the previous GPO (eventhough it hadn't actually been installed, bu
Is there any site or anything that lists the apps that can be deployed via
MSI and Group Policies??
The information contained in this communication may be confidential or
legally privileged and may contain confidential health information. This
email is intended only for the recipient named above.
Are you testing it on the same PC in the Production OU that you used in the
Test OU?
-Peter
"Michael Wassell"
I really just want to prepare the forest for windows 2003, I don't need
the domains ready yet.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent
Sent: Tuesday, April 06, 2004 2:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Updating Schema to
Okay guys, I am at
my wit's end here
I've been trying to
distribute an .MSI package via GPO as an Assigned application to an OU in
AD.
Test
environment: Worked perfectly fine in my test environment, I
copied the install package to a share on the server, set permissions,
assigned
Title: Message
Hi
Orin,
The
DNS domain hierarchy determines the DNs in AD... see RFC 2377 for details. For
instance, if you are installing AD with a DNS domain of ad.megacorp.com, the DN
for the forest root would be DC=ad,DC=megacorp,DC=com.
If you
use AD/AM (Active Directory in Applica
Also, if you stick in the CD to upgrade a server, it will check the server
and AD type, and will not upgrade until you have performed those steps. It
even gives you the steps to perform that you can copy/paste.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behal
This article might be helpful http://support.microsoft.com/?kbid=325379 - I
know this is geared at upgrading a domain controller, but it has links in it
to other articles that pertain the process as a whole.
r/
Lou
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On B
I am not aware of any KB articles, but here are the steps that were
performed on our upgrade.
The forest and domains are prepared by using the adprep command on the
schema operations master and infrastructure operations master,
respectively. (25min)
* At a command prompt, change to the \I386
http://support.microsoft.com/default.aspx?kbid=331161
&
http://support.microsoft.com/default.aspx?scid=kb;en-us;325379
Should get you started.
Regards,
Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Salandra, Justin
A.
Sent: Tuesday, April 06, 2
I have a question, what are the steps to update the schema to Windows
2003?
Is there a q article out there?
Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]
List info : http://www.activedir.org/mail_list.ht
Perhaps someone on the list could help. We've recently built a Windows 2003
Active Directory. Our DNS administrators are not the same individuals as
our domain administrators. We believed we could put our DNS administrators
in the DNSAdmins group, and they would have all of the rights they ne
Return Receipt
Your RE: [ActiveDir] Photos in Active Directory
document
:
To keep your Replication traffic down, why don't you just add a "Link" in
the User properties that takes you to a web page with their Picture? That
way you have a server with the pictures stored on it and you are only
keeping links in the AD Directory?
-Original Message-
From: [EMAIL PRO
Setting up ap. Want
to connect to AD using LDAP. How do I determine the parameter o=
?
Regards, Orin
Orin Rehorst Port of Houston Authority
I think the benefit is obvious - security.
You may want to consider using Active Directory Application Mode or
setting up an Application Partition in AD (assuming you are using W2K3).
Either would enable you to isolate the data & replication.
Photos shouldn't change much so once you have done you
Chuck-
Try granting the "Replication Synchronization" right on the domain
object (domainDNS class) that you want the user to be able to replicate.
Note that this provides the synchronization right for just that domain
NC. You'll have to do the same thing to the schema and config objects to
delegate
I
ran into an issue with DHCPobjects where it couldnt read any scope with more
than 255 reservations in it. Eventually gave up on using it.
There is a command line utility called netsh that you can use to search
through all scopes with.
Clyde Burns
From: [EMAIL PROTECTED]
[mailto:[EM
Dear Group,
This might seem like a dull question but I have not been able to find a
good answer for it, so here goes.
I was wondering if it is possible to use the delegate administration
feature to give a non-admin the ability to force replication of an AD?
Thus far, we have been unable to do
All of the printers at our remote
locations are in different parts of their building, management wants all setups
to be transparent to the user. I could do this PC by PC, but Logon seemed
easier.
The space isn’t in my actual script,
guess it happened while I was sanitizing it J. Thank yo
Hi,
I am struggling
with the dsacls.exe tool and hope that someone in this list can answer
me.
I need to set
permissions on an OU from a CMD line batch file and I am using dsacls.exe for
that.
However, setting
the "Reset Password" extended right is one task I cannot
accomplish.
Can you ple
Title: Message
Excellent Source…
This is what I wanted…
Thanks…
Todd
From: Santhosh
Sivarajan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 06, 2004 9:29
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Joining
computer to a domain... And Kpassword port 446.
Title: Message
Thanks Ulf.
Todd
From: Ulf B.
Simon-Weidner [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 06, 2004 9:02
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Joining
computer to a domain... And Kpassword port 446.
Sorry - the picture is somewhat in German,
I highly recommend Dean as well..
Todd
From: joe
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 06, 2004 2:26
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD
Consultants
http://www.msetechnology.com/
This is where Dean Wells works, they are
out of Florida
but
Title: Message
This might help
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
Santhosh
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT)
Sent: Monday, April 05, 2004 9:26
AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Jo
Hello Lara,
first of all - I'd wait putting all kinds of applications
and devices which tweak the system until the DC works. You seem to have issues
with the smartcard reader, and VNC (whyever you would need that - I'd just go
for Terminal Services Administration Mode). Are you able to nail
Title: Message
Sorry,
I meant if it is a new domain which wouldn't take much time to rebuild then
DCPROMO it down and then up again.
-Original Message-From: Rutherford,
Robert Sent: 06 April 2004 12:34To:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] failed to
locate a DC...
Title: Message
It
looks to me like this a brand new domain? If not then I
would suggest a DCPROMO down and up again. I'd also uninstall DNS and let the
DCPROMO wizard install it.
If
it's not a new domain and it's live in production then please come back and
we'll take it further.
BR
R
Title: Message
As an answer to this one the answer is
yes.
I am looking for that info and I will post
by end of week some details.
Thought there was some more documentation
out there on this.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Eric Fleischman
Sent:
Please attach the netsetup.log and
netlogon.log from the debug directory of the system.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lara Adianto
Sent: Tuesday, April 06, 2004 3:16
AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] failed to
locate a DC...
H
Hello,
I have been struggling with this problem for almost a day, and hope to get a hand through this mailing list.
The problem is that I can't make a windows2000 prof. client to join a w2k domain.
I'm using a win2k server as the DNS and AD server.
When I tried to add the client to the domain
It all depends on how large your organisation is I guess, how many
sites, WAN links, etc. I wouldn't really recommend it as you really want
to keep your AD as small as possible for replication and performance
reasons.
What benefit will you get out of having users photo's in the user
object?
46 matches
Mail list logo