But is this necessary since the trust is working on every other DC but this
one? Isn't there some way to fix this single DC?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of E Brown
Sent: Wednesday, April 21, 2004 8:59 PM
To: [EMAIL PROTECTED]
Subject: RE:
Russ,
My experience with NT4 to Win2k trusts is that when they go whacky, blow the
trusting and trusted away. Set the trusted, don't verify. Have the other
side do their trusting. The other side should do their trusted, don't
verify. Then you do your trusting - making sure that the same
We've set up all sorts of trusts and haven't done any sort of LMHOSTS
modifications. Should we be? Is it necessary?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Thursday, April 22, 2004 6:37 AM
To: [EMAIL PROTECTED]
Subject: RE:
You don't need to touch LMHOSTS for the trusts - just rebuild them if they are broken
in the order mentioned earlier.
Regards,
Chuck Gafford
Systems Architect, Unisys
MCSE (Windows 2003/2000/NT), MCSE+I, MCT
www.unisys.com
List info : http://www.activedir.org/mail_list.htm
List FAQ:
We aren't even considering converting or making our 200k+ user objects
inetorgperson objects. We have had no requirement to do so and if someone
came forth with one at this point we would ask why their product wasn't
written to be flexible enough to account for the de facto most popular LDAP
Joe, as usual, your posts are both informative and entertaining. This one gets filed
for the next time
someone comes to me asking for another half-baked schema extension because the app
wasn't designed
right in the first place. Should be in the next hour or so if history would predict...
mc
Please - we're trying to not encourage him... ;)
Roger
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Jerry Welch [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 22,
And you didn't even mention the E word! :-)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, April 22, 2004 9:11 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] User to InetOrgPerson Class
We aren't even considering converting or
Didn't need to if you are running it, though I did dedicate an entire
paragraph to it :o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Thursday, April 22, 2004 9:31 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] User to
Roger, you are just mad because you were typing up the same note and I typed
it and sent it out faster...
Oh well I have to get back to unburying myself. Just came in to spot check
to see what you all were saying behind my back...
I should be back hard core in a week or two. In the meanwhile I
Hi All,
I have 2 remote sites, one in Singapore
and the other in Sydney.
I am going to configure a new DC/DNS/GC
for Sydney.
Singapore has 2 domain controllers running
DNS.
The new system in Sydney uses the DC's
in Singapore as it's primary/secondary DNS.
After I run DCPROMO and
Wasnt
this one on the exam? The cities sound familiar;-)
Anyway, why
force a DC to go elsewhere for its DNS info just make it query itself
and make DNS AD-integrated.
mc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Thursday, April 22,
I may be a little off in my topic, please bear with
me.
I've been using group policies with a startup
script to install the default printer on some lab machines (i use the
printui.dll). All worked fine with the Win2K client. As soon as we deployed
WinXP clients, the magic ceased?? I've
The only problem with that is creating a DNS Island. Why not have the DNS
servers point to each other to avoid that problem? Not knowing the way in
which they are connected (T1, 56K dialup, etc) it would be hard to answer that
question.
You can also configure DNS to point to itself
and
Or Universal Groups!
Apparently the therapy is working
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday,
Follow the recommendations in the document, for DC's with DNS they will help to avoid the island effect.
http://support.microsoft.com/?kbid=825036
On Apr 22, 2004, at 10:27 AM, Salandra, Justin A. wrote:
x-tad-biggerThe only problem with that is creating a DNS Island. Why not have the DNS
You may need to upgradegroup policy.
(http://support.microsoft.com/support/kb/Articles/q307/9/00.asp)
From: Don Stallworth [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 22, 2004 9:25 AMTo:
[EMAIL PROTECTED]Subject: [ActiveDir]Default printer logon
script OT
I may be a little off in my
Yep, youre
right Justinmore info would help. I would make the Sydney servers
primary DNS its own IP, and its
secondary would be Singapores.
mc
-Original Message-
From: Salandra, Justin A.
[mailto:[EMAIL PROTECTED]
Sent: Thursday, April 22, 2004
10:27 AM
To: [EMAIL
Absolutely have it point to the remote DC. If it points to
itself, you run the risk of it becoming isolated, which is
bad.
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
From: [EMAIL
Um, yeah. That's right.
If I wasn't spending all day yesterday trying to fix a Linux box, I would
have definitely written the same thing.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original
Anyway,
why force a DC to go elsewhere for its DNS info just make it query itself and
make DNS AD-integrated.
Because replication will break? AD replication relies on, among other
things, correct DNS entries to find the other DCs, and if they're missing,
you're screwed. If the DC only
Title: Message
Isn't
there a risk, if the link to the remote DC were to fail, that the DC would be
unable to refresh its own DNS records resulting in loss of
services?
David
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Roger
It sounds like multiple people are in agreement - avoid the island effect, run DNS
in Sydney on the DC but point the secondary DNS IP to Singapore...
Chuck Gafford
Systems Architect, Unisys
MCSE (Windows 2003, 2000, NT 4.0), MCSE+I, MCT
List info : http://www.activedir.org/mail_list.htm
List
Russ,
I'm battling this same problem right now. It worked and now it doesn't.
Mark Minasi says you can fix this with an LMHosts file. I run them and it
helps. You can set one up for just this unit if you want, but I would be
willing to bet you joe's (YMYMYM) salary that the problem you're
Return Receipt
Your RE: [ActiveDir] DNS Server Using its own IP as a Primary DNS
document
:
Return Receipt
Your RE: [ActiveDir] DNS Server Using its own IP as a Primary DNS
document
:
Personally, even though its officially resolved, I
still don't completely trust it - and there's such a low overhead with making
the DC's nearest neighbor its DNS server that its not detrimental if
done.
I also tend to have 2 DCs in each location that rates a
DC, so they point to each
Title: Message
That risk is relatively small, since the expiry times are
fairly long.
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
From: David Rudolph
[mailto:[EMAIL PROTECTED] Sent:
I just wanted to say this newgroup is
GREAT and has saved me a lot of calls to Microsoft but this last problem
is killing me. What is going on is I have a login script assigned
to the user and if the user logs into Windows XP it works perfect, the
script is just net using a few drives. Now if the
Hi,
Is it possible to modify the User Property Pages (GUI) to include a Employee
ID or Number attribute within a user object.
Thanks,
_
FREE pop-up blocking with the new MSN Toolbar get it now!
Have you tried logging? You can write each step and
it's return value as the script runs.
Alternatively, you could run the script on the w2K
workstation in debug mode to see what's happening line for line to see where the
error occurs.
Al
From: [EMAIL PROTECTED]
[mailto:[EMAIL
If you logon to one of the affected machines (as an affected user) and run a
gpresult /scope user. Is the logon script in the list?
Are you using loopback processing to assign this setting? If so, are the
machines in an OU which is getting the GPO with the loopback
I have not tried logging, what do I
have to do to set this up? The script is a .bat file and it works
fine if I copy it to the computer and have the user dbl click it.
Mulnick, Al
[EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
04/22/2004 04:44 PM
Please respond to
[EMAIL PROTECTED]
Can you post a copy of the script?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Thursday, April 22, 2004 3:35
PMTo: [EMAIL PROTECTED]Subject: [ActiveDir]
Login script problems
I just wanted to say this newgroup
is GREAT and has saved me a lot of
Does anyone
know if MS still requires an external drive array for a cluster or if theres
a way around it, Vertias other 3rd party, etc?
Mike
I got it working now, thanks for all
of the help everyone. Just a few wrong words were causing the problems.
Rod Trent [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
04/22/2004 04:49 PM
Please respond to
[EMAIL PROTECTED]
To
[EMAIL PROTECTED]
cc
Subject
RE: [ActiveDir] Login
http://www.nsisoftware.com/pro/geocluster/datasheets/
Check this one out, it may do what you need, but the cost would probably be equivalent to a disk cabinet. So what you are buying is flexibility. I haven't used the product, but NSI gets high marks from most places.
Brent
On Apr 22, 2004,
Majority Node Set Clusters is a new feature in Windows 2003 Clustering. This
is billed as a way around the dedicated shared disks requirement. If you have
no NEED for a dedicated shared storage, then, yes don't HAVE to have one.
This is all a book knowledge I'm regurgitating here. I haven't
Gentlemen,
I just wanted to give you a few final notes for future reference.
1. Use netdom as the authoritative trust verifier over nltest and the GUI.
Add the /verbose switch will give you exact details. You will see cached
result using nltest and the gui on occasion as well.
2. You don't
39 matches
Mail list logo
