I've decided to break ranks and reveal to the world EXACTLY what the MVPs are up to when they pay their annual pilgrimage to Redmond.
Everyone of them comes and start mouthing "It's NDA", "I really can't tell you", "Yeah, I heard that's coming soon but I can't say anymore..", etc, etc.
Hi Joe,
I totally agree. The XXX02 is fortunately an old one and it will hopefully die in a
month or so. But until then it's important to inform everyone again and again. I
wouldn't be surprised if this will cause additional problems.
/MS
From: [EMAIL
Title: RE: [ActiveDir] (OT?) Slow resume from computer Lock
I concur wholeheartedly.
A migration generally doesn't need the overhead
ofMIIS but ADC doesn't have thegarbonzoes to (nor was it intended
to)be used long term.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Title: Cached Domain Credential logon expiry for Win2k/XP
Our cached logon expert is Rick, he should be along shortly
with info... :o)
I do not believe that there is an expiration. However a
simple test would be to take a test domain and set the password policy to 1 or 2
days and then join
Hi
Only tested it today.
Well - it does not work.
The ADM template is loading, the group policy objects reg key is being
updated.
But, the actual desired registry key is not affected (after secedit.
Logoff and logon)
Ronen
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Resend...
Couple of things...
1. Listen to Brian
2. The RUS is what builds those lists and isn't really doing LDAP queries to
build them. Turn up logging and turn on netmon and watch what happens as
they go through the objects, it is rather startling to watch.
3. You can not set
That's long since happened, my friend.
The particular distro I was installing was Redhat 7.1[1], which is required
for one of our soon to be legacy products...
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis
Default password aging for machine accounts is 30 days in AD and 7 days in
NT4 domains..
Now - it will support current and previous, I believe, so techically you can
get 60 days out of it, IIRC.
--
Roger D. Seielstad - MTS MCSE MS-MVP
I am actually starting to wonder on this and how it actually works and now
have some new theories.
I recently had to troubleshoot an issue and there were machines with
passwords that were greater than 600 days old. The password had never been
changed from the first day the machines were added to
I would say it is in the process of happening and will get more and more
prevelant. Probably to the great dislike of many a Linux person who until
recently has been pushing so hard for Linux to be the mainstream replace
everything MS OS. I know many are backing off of that now as they realize
what
You are picking low hanging fruit there Roger, even I can attest that I have
an interesting view of things. :o)
I need 7 inch heels because of how short I am.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Thursday, May
Hello,
Has anyone ever had a problem with xp-2000 clients not being
pingable when the desktop goes into power save mode?
It happens to a handful of clients each night, which means
nightly updates etc. are not happening.
I think I have checked all of the options on the client
machines
Sorry about the multiple posts on this, no I wasn't trying to be like Guido.
;o)
My joeware.net provider is having a tremendous time trying to keep their
outbound SMTP queues flowing and never seem to notice that it is broken
until AFTER I start telling them about it. Inbound is working fine now
Oh i have had servers/domains like that One died in 2004 that was
supposed to die in 2000... Definitely keep pushing to have it go away. :)
joe
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mikael Svennungsson
Sent: Thursday, May 06, 2004 2:07 AM
To: [EMAIL
Nope. RUS is not using the query. It is interpreting it internally which is
why you can see queries that work perfectly in ESM when you have it test the
query but blow up in very odd ways when the RUS gets a hold of it.
joe
-Original Message-
From: [EMAIL PROTECTED]
:o)
See most people didn't know WHAT Missy I was talking about until you
responded to this... Now everyone knows.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Missy Koslosky
Sent: Wednesday, May 05, 2004 7:22 PM
To: [EMAIL PROTECTED]
Subject:
Hmmm.. I'd expect that the domain had the password change at next logon flag
set for the computer accounts, but since that logon never happens, the
password would technically still be valid. I'm having a hard time wording
what I'm thinking the underlying problem here is, but it's systemic in the
I will simply say that my long term use of the ADC was not a pleasant
experience. The the way the ADC ran was somewhat akin to how the Army is...
Different parts would pass out at different times... If you do intend to use
it long term, say greater than 90 days or so, I would definitely recommend
I am not sure that outlook would do that. When working with
Exchange, it seems to like to do what it wants to do which is told to it by the
Exchange Server's DSACCESS process. Now for ALs I am not sure if the client
directly queries for them from the DCs or gets them from the Exchange Server
I am not sure I follow but then, hey, I'm not an Exchange
person. :o)
Your issue sounds to be with the RUS though and not the
ALs. If this is something you guys are having pain with and it is very
important, I, personally, would probably sit down in a lab and try to work up my
own code (or
Yes. Ive seen something similar with
power savings shutting down the machine to the point where it doesnt
respond to pings. Try playing with the power settings so that the machine doesnt
shut down as far. It appears to be a BIOS/Firmware/OS interaction issue.
Regards
Peter Johnson
Hello all -
Windows 2000 member server
Running Altiris application
Static IP on both member and DC
Windows 2000 Active Directory DC
We run Altiris on a W2K member server. Last night we had to reboot
active directory DC for the Sassar update. Since then the Altiris
member server will not see
Hi
all,
A customer of mine
had a forest root domain and a child domain. By disaster the single (i know very
bad) DC in the forest root domain has crashed and cannot be restored. All
replication within the forest came to a hold. By creating the forest root domain
on one of the DNS servers
Hey Groupie!! ;-)
Paul, I think you make a good point about looking into what
MIIS can do for them. Disabling the RUS is likely a good idea for them in
terms of reliability, speed, and reliability. Or, put another way, it
might be more reliable in a hosting situation to disable the RUS and
there is an option somewhere (I think in the N/W card
settings) to allow the OS to power it off to save energy - there's probably an
associated reg key you could use to roll out the change.
Jack
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jerry
JohnsonSent: 06 May 2004
I would start with a network trace from the DC and the member server. Make
sure name resolution is occurring properly [1] and that the packet is being
sent out by the member server and then from the DC verify that the packet is
getting there and it is responding.
joe
[1] Name being
Return Receipt
Your [ActiveDir] Dieing forest
document
:
From the Altiris server, run a traceroute to the IP address of the DC (or
DNS server) and see where it drops:
c:\tracert DC IP address
If it gets all the way to the DC, then it's a name resolution issue. If it
doesn't get to the DC, then you have either a NIC configuration or network
problem.
That
would be correct. A default installation of 2000/XP, annoyingly so, has the
network card hardware set to "Allow the computer to turn off this device to save
power" even on the server versions. If you go to the properties of your LAN
connection and selct the Configure button for the
I have disabled the Internet Connection Wizard through a GPO, but I have
a user that is unable to open up the browser. She keeps getting an
error saying that she is not authorized to run the internet connection
wizard. How do I get around this?
Justin A. Salandra, MCSE
Senior Network Engineer
An interesting way to do this. Thanks again Joe.
Mike Newell
Information Systems Manager
OSI Systems
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, May 06, 2004 5:41 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Simple LDAP
In case anyone has any need for this, I made a batch file for cleaning the
Sasser Worm, using the MS-supplied Sasser Cleaner for Win2K and WinXP
machines. The Batch file also patches the Sasser-infect system with MS04-11.
Required 3-rd party - PSKILL and PSLIST (
I have
zero experience with Macs, but we now have a few in our design dept. Our domain
is Windows 2000, and the Macs are using only TCP/IP to participate on the
network, no Appletalk. The users say they dont get notified when their AD
password expires, and then when it does expire, they
When you install services for Macintosh
and create a Macintosh accessible volume, two files are automatically created.
One is a Mac readable text file that tells you how to install the other file
which is a Microsoft compatible logon module. This add-on supports LanMan style
encrypted
I
believe you need to logon to your W2K server from your Mac stations and access
the Microsoft UAM share. Install the software from there onto your Mac, that
will enable encrypted authentication. Using the standard Apple UAM the passwords
are passed in the clear. Not sure about the
Thanks,
So far the
problem now seems to be related to memory and Java.
Thanks for all
the help, advice.
Mike
From: Eric Fleischman
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 04, 2004 7:38
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows
threads?
Are the Mac clients OSX or
9.earlier?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Creamer,
MarkSent: Thursday, May 06, 2004 2:01 PMTo:
[EMAIL PROTECTED]Subject: [ActiveDir] Mac clients
passwords
I have
zero experience with Macs, but we now have a few in our design
I use WebHost4Life.com, $10 a month for quite a lot, works great for me. They
occasionally have some problems with their MX records, or the POP3 goes away for a
little while, but as a rule, they're pretty good for non-mission critical stuff. If
you siugn-up for them, they give me 20% if you use
I don't understand the quesiton. You want an environment variable that resolves to the
value of the sn and givenName attributes strung together?
--Brian
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: Thu 5/6/2004 7:52 AM
To: [EMAIL
What's the script written in? If it's VBS, then use
ADSI to retrieve the cn based on the sAMAccountName (which you already have, it
sounds like).
Paul
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Thursday, May 06, 2004 4:43 PMTo:
[EMAIL
Scripting it is not a problem. Im
just trying to figure out a way for the one off user account creation done
though the GUI to match it without having to go into the home directory field
in the ADUC user profiles properties page and type it in; I would rather have a
variable to use there
You might be able to goof with a display specifier in the config container, but, I
have no idea if that field has one. I guess you could run a trace when you open the
new user box and see what all it pulls in.
--Brian
-Original Message-
From: Bell, Stephen
Title: RE: [ActiveDir] (OT?) Slow resume from computer Lock
Resend, my ISP sucks.
I concur wholeheartedly.
A migration generally doesn't need the overhead
ofMIIS but ADC doesn't have thegarbonzoes to (nor was it intended
to)be used long term.
joe
From: [EMAIL PROTECTED]
43 matches
Mail list logo