There are three types of replication when you are talking
about passwords .
1. Urgent replication. This is when a password changes
anywhere, it sendsout an urgent replication notification (i.e no hold back
on the notification, it goes now - use my adqueueloop to watch for it). Again,
the
Hi Ian
I think the main problem with modifying ADUC is that you
really need to ensure tight version control afterwards. For example
if, as you state, data entry validation is one of your goals then how do you
ensure people are not using uncontrolled, non-modified versions of ADUC?
One
Cool looks like my ISP backed up on their SMTP outbound
again... I sent this thing Friday morning and it looks like it hit the list
Sunday morning...
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Friday, April 30, 2004 7:49 AMTo:
[EMAIL PROTECTED]Subject:
Tony is 1000% correct. Trying to force validation through
ADUC will only help you validate data being sent in by people who follow the
rules or even know them, at that point you can ask yourself why aren't they just
following the data validation rules when using the default ADUC. To restate
Do a network trace while unlocking a machine and look to see if something
isn't being found or is responding slowly. I would expect something in DNS.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of J0mb
Sent: Monday, April 19, 2004 4:43 AM
To:
Yeah, I would say that your last paragraph hits this on the
head. I hear "resistance to change" and "possible loss of job" as the reasons
for concern.
The guys have all given great advice here. Don't extend
your production forest into an unsecure zone. Either use some other forest or
I want to say a couple of things on this point, however first off, we use
cn=sAMAccountName.
1. LDAP is not a good authentication mechanism. Especially how most
companies seem to do it with their products. I.E. Simple LDAP Binds. This is
not in any way shape or form secure. Use kerberos, kerberos
IMHO, it will be tough to beat MOM long term. The company writing the
directory software is in a good position to write the best monitoring software
for it. They should definitely be ahead of the curve in terms of monitoring new
things the directory does in newer versions.
joe
From:
The ability to rename is no substitute for figuring things out right in the
first place. But it is good that MS is working on making the functionality
better and better for those poor souls who do indeed have to go through
it... Say they are going into a company whose previous admins weren't quite
Title: Message
One would wonder why they did this at all... Possibly
support for future functionality? Because as of right now, if a client logs onto
a specific DC, that DC should also have the SYSVOL right there...
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
You don't specify whether your disks or IDE or not but I
will assume yes so you may want to take a peek at
http://support.microsoft.com/default.aspx?scid=kb;EN-US;305098
Basically it could be a possible LBA issue. I have seen
this on XP personally and luckily one of my good friends had
No this should not be a problem. Troubleshoot your client issues like you
always would. If you don't do network traces, I recommend you do one anyway,
may nail the problem faster for you.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Hey Mark,
I am not an ADO fan but it appears you are missing the
attributes you want returned in your execute...
BTW, this will get you ALL groups named RPT* in the domain,
it won't just get Global Groups. If you want global groups only, you need to add
something to your filter...
All
I haven't played with this but my understanding is that you
do what you mention in your first post. Created a restricted group for the group
name that you want to add and then place in the memberof section what groups you
want it added to...
Now my question would be... Where does the new
Title: Ldap - linux slowdown in searching
Exactly what I was thinking though you can use ethereal on
the Windows side as well.
A query is a query to AD, it shouldn't matter if it comes
to the server from Windows or Linux.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Title: LDAP Query Question
I wholeheartedly agree with point 2.
I will look at doing STATS in ADFIND in the next rev or
two. Give me a month, maybe two. Just starting to see the light of day
again. :o)
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric
I agree with "I doubt you will gain enough to make the
investment ina new server" performance wise. For security, you absolutely
should segregate off the DC functionality. Compromise of anything on that DC is
a compromise of the entire domain and means any security patches need to be
Title: Message
Trying grepping (findstr'ing) the INF files in your sysvol
structure for power users or the SID S-1-5-32-547.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Monday, April 26, 2004 6:46
AMTo: [EMAIL PROTECTED]Subject: RE:
Excellent, let me know if you want me to review it. :o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Allen
(rallen)
Sent: Saturday, April 17, 2004 12:24 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] scripting admin
But of course :-)
If you weren't the size of a Giant Redwood tree I would take offense to that
therapy comment. ;o)
Instead my response is simply Yes sir, it is working. =)
Now that some of you folks know what I look like and actual pictures exist,
I have to be nicer... Welcome to the nicer kinder gentler
Driver error. Recompile kernel snicker
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Thursday, April 22, 2004 10:42 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] User to InetOrgPerson Class
Um, yeah. That's right.
If I
Actually I was wearing 7 stiletto's the whole time but in reality, Rick is
considerably taller than I am.
As you found, I am a just a small quiet coy simple white boy from the
midwest. My issue is the company that I keep. :o) I spent over an hour in a
bedroom on the top floor of the Westin with
The number of threads would be a function of how the
threads were using some key memory (amount of stack requested for
instance) and what is allocated by the linker options. I.E. Depending on
how the program is compiled/linked, it could have differing numbers of threads.
I think I recall
A mightly number of options there from Tony and Joe - we are looking at MIIS as a possible solution for a number of systems - Openldap, Oracle OID, NDS and some ADAM solutions. I like MIIS,and I think an organisation with a number of systems such as ours can only have any level of consistent
Ian.
You might want to look at Aelitas
Enterprise Directory Manager (EDM) application. They were recently purchasd by
Quest Software but I know that the product will stay in tact because of its
wide use by large and small companies. You can create pre and post
scripts to enforce
In line with an
earlier post where I said that LDAP isn't for authentication, kerberos is. Here
are some kerberos links for folks. The last one is from a vendor who sells a
product to help but it interesting reading due to them pointing out some of the
shortcomings of some of the *nix
JoeIf you are interested in
true *nix integration with Active Directory, check out a company named Vintela.
They have a great solution but you will
pay for it.
Mike W.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Sunday, May 02, 2004 6:09 PM
To:
Hey Mike,
How about clicking on that last link that Joe provided?
On May 2, 2004, at 8:33 PM, Mike Welborn wrote:
x-tad-biggerJoeIf you are interested in true *nix integration with Active Directory, check out a company named Vintela./x-tad-bigger
x-tad-biggerThey have a great solution but you
Yeah I know, I should have included a goofy emoticon to indicate a
playful jab. I've yet to find one that looks like me though $-)
On May 2, 2004, at 11:04 AM, joe wrote:
I don't disagree with inetOrgPerson or even its use of it. I do
strongly
disagree with vendors requiring you to change your
29 matches
Mail list logo
