I was refering to ObjectGUID, you on the ball as usual Joe
:oP
It was easier for me to get the ldapDisplay name an not
having to do magic tricks with System.DirectoryServices in .net to get the
ObjectGUID out of the directory. But it that is the best way (and Eric hasnt
given us his answer
Well. Gil you bring up some interesting points
here-
I am building a schema tool and search tool sounds fun
huh... Now to give you some more info about the info, I use some "simple" code
to get all the mandatory and optional attributes for a specified class, those
attributes are the
Here's the situation. We've got a number of W2K DCs that are Compaq DL360's
with dual NICs. Each one of them has a production interface that is
reachable by clients. The second interface has a presence on a non-routable
network that is used exclusively for backups. Since the DC sees both
hi,
any one can give me the name of a good cache software that works with transparent
proxy and can be used on windows 2000 server. any good that you may have used and know
that is a good one.
thanks in advance.
roseta
There are a few steps that have to be followed to disable dynamic DNS registration on
a DC, you will probably find it's not just invalid GC records that appear but invalid
host entries as well since Netlogon will by default register all IP addresses with
DNS. This kb shows you how to disable
The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited. If you
The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any use (including retransmission or copying)
of this information by persons or entities other than the intended
recipient is prohibited. If you
It doesn't fail, it then relies on broadcasting.
What that article talked about was putting the same WINS server in the
TCPIP settings twice so that it tries the first then the second then the
first then the second and so on.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
http://support.microsoft.com/default.aspx?scid=kb;en-us;272294Product=w
in2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;198767Product=w
in2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;246804Product=w
in2000
One of these 3 will probably take care of the issue for you.
Yeah - uncheck the checkboxes that say Register this connection in DNS on
the TCP/IP properties of the backup NIC's .
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From:
What, exactly, are you trying to accomplish?
Straight proxy caching for a speed increase, or are you also looking to do
authenticated proxying?
Roger
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
That's right - I did forget Netlogon registers the NICs. See the posts from
Michael Smith and Simon Geary for KB articles.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
If I remember.. Winproxy will do almost anything you could want on a
proxy front. It's also relatively cheap.
http://www.winproxy.com
BR,
Rob
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: 20 May 2004 13:39
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] a
Please
remove [EMAIL PROTECTED] from the
Activedir.org mailing list.
Thanks
you
Michael
Welborn
a cach for a speed increase and a strong one!
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Thu 5/20/2004 4:08 PM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: [ActiveDir] a good software for cache on windows 2000
That will prevent the DHCP client service registering the resords in DNS but as these
servers are DC's you also need to prevent Netlogon from registering the records so
that tick box wouldn't be enough. If any of the DC's are DNS servers there are even
more hoops to jump through to completely
and Eric
hasnt given us his answer to his question
What question is that?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Carlos Magalhaes
Sent: Thursday, May 20, 2004 1:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP
filter
I was refering to
"
I can conceive of a scenario (maybe more,
you tell me) where lDAPDisplayName is not unique.
Anyone want to take a swing at
it?
Attached is my first answerno
peaking!
~Eric"
That one :P
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric
FleischmanSent: Thursday,
Please continue FEMALE membership J
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Welborn
Sent: Thursday, May 20, 2004 8:51
AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Discontinue
Mail Membership
Please
remove [EMAIL PROTECTED] from the
I answered it though in the attached file.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes
Sent: Thursday, May 20, 2004 8:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP
filter
I can conceive of a scenario (maybe more,
you tell
If the client is an H node it will try broadcast no matter how many WINS
Servers you have listed, it will occur after it has gone through the WINS
List and not resolved the name.
If the client is P node it will not do the broadcast.
joe
-Original Message-
From: [EMAIL PROTECTED]
Blonde moment - this hasnt been my
month...
*Blushing*
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric
FleischmanSent: Thursday, May 20, 2004 3:33 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP
filter
I answered it though in the attached
file.
From:
Title: RE: [ActiveDir] a good software for cache on windows 2000
Personal preference for secure, fast cache only proxy is
Squid, but it only runs on Unix. I run an OpenBSD/Squid cache combo at home to
speed up my access.
Transparent proxying is kinda hard - you need to put the
box inline
Title: RE: [ActiveDir] a good software for cache on windows 2000
Im not clear on this thread I dont think.
Are we talking about web content caching
or authenticating caching? That hasnt been spelled out, and I assumed web content
caching, but was not sure.
~Eric
Thats why Ii was thinking maybe ObjectGUID might be the
best way to go... Nice point to keep in mind though good stuff
Eric.
CM
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric
FleischmanSent: Thursday, May 20, 2004 4:09 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir]
Title: RE: [ActiveDir] a good software for cache on windows 2000
Web content, it would seem.
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
From: Eric Fleischman
[mailto:[EMAIL PROTECTED]
I don't think you can do a change notification with the Dot
NET stuff yet... You have to use the LDAP API.
See http://msdn.microsoft.com/library/default.asp?url="">
(watch for url wrap)
Anyway, that seems slow on the search, is dot NET really
adding that much overhead? I just did a quick
btw, KB 326690 still mentions 7th bit.
Ugh. I sent another note to MSKB folks to catch the other 7th bit references
in that article. They got some of them, just not all of them. :oP
Setting up a heterogeneous environment is a pain. Putting *nix clients (or
services) into the AD mix is not
I think this thread has been on here before, but I just wanted to verify it
once more.
In order to use LDAPS on DC's Microsoft Documentation says a CA needs to be
installed on the DC.
Does anyone have any information on other methods to do LDAPS without the CA
requirement?
Thanks,
Todd
List
[EFLEIS] - So we think it is easier to sync over a subset of
data to the other directory, extend there and populate there?
Rather than just putting it all in the main directory? I'm
sorry, I just disagree. :)
Hmm I have mixed feelings on this one and would say... It depends. I can see
Title: RE: [ActiveDir] Exchange 2003 Question
Also need to be careful here with mucking with the property
sets so as not to hurt sensitive apps dependent on them... coming to mind right
off would be Exchange which has heavy dependence on property sets. You would
almost certainly end up
There's no question that this is a sliding rule. And I think somewhere else down in
that post I noted that but am not seeing it right there.
The bottom line is that there will always be a cost/benefit to putting a piece of data
in a replicate location which spreads out to other servers where it
Title: RE: [ActiveDir] a good software for cache on windows 2000
ISA
would be another option. It doesn't have to be inline so much as it has to
be specified at the client to use a proxy with all other http requests being
denied at the firewall. ISA in cache mode works very well from the
Hi Todd
The DCs require a certificate issued by a trusted CA. This can be the
Microsoft Enterprise Certificate Authority (installed on a member server) or
a third party CA. There are certain preconditions for the third party CA.
More info here.
Not sure about putting the CA on a DC but I can't think why it would be a
requirement. You would need a cert for ldaps.
This is probably where the recommendation came from to use an Enterprise CA
http://support.microsoft.com/default.aspx?scid=kb;EN-US;247078
However, in light of the question I
If memory serves me correctly, that probably stems from the fact that
most people want to do auto enrollment, auto enrollment need be done
from an enterprise CA rather than a standalone one, and enterprise ca's
(root or subordinate) need be on DCs.
That said, you don't need to do that for
Hi Eric
According to the Step-by-step guide to setting up a Certificate Authority
(http://www.microsoft.com/windows2000/techinfo/planning/security/casetupstep
s.asp) the enterprise CA can be either a member server or a DC.
The enterprise CA requires the following:
Windows 2000 DNS Service
Title: RE: [ActiveDir] Exchange 2003 Question
Now you are going
to think this is dumb, but even knowing that the page file should atleast be on
a seperate disk from the OS, I have never done so. From what I have read, it
seems like when you put a page file on another disk, you actually have
Yes, unless you remove the one on the first drive. In the box where you
configure the pagefile, you can set the one on the system drive to 0 and it
will go away. It will complain about memory dumps, but if you don't need
that you can ignore it.
You can set the size for each pagefile as you want
Title: RE: [ActiveDir] Exchange 2003 Question
Configure the second page file, then
disable the one on the OS partition.
-Original Message-
From: Douglas M. Long
[mailto:[EMAIL PROTECTED]
Sent: Thursday, May
20, 2004 10:14 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] PAGE
Title: RE: [ActiveDir] Exchange 2003 Question
Not necessarily. You can configure your page file to live on the
same drive as the OS, on a separate drive, or to exist across multiple
drives. If you remove the pagefile from the "OS drive" (read: set the
maximum size to 0), you will lose
Title: RE: [ActiveDir] Exchange 2003 Question
...and remember that you will no longer get the crashdump
ability, so you may as well disable that.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tieman, Harold A
Mr ANOSC/FCBSSent: Thursday, May 20, 2004 1:19 PMTo:
'[EMAIL
I know this question is kind of off topic, but this is the
first time I have ever seen this problem, I have a computer that has a 120 GB C
drive and just because today when the user logged into the system, all of the
files on the C drive were set to read only, when we try and change them
Title: RE: [ActiveDir] Exchange 2003 Question
Ok, so
sounds like I want to keep one on the OS drive also...Is there a way to set
priority on which one to use first???
Right
now, here is what I am thinking for the setup of my DC
RAID-1
2 drives
OS, Software, and System Logs (and
is there an attribute i can set in adsiedit,ldp,etc to hide a user from appearing in
the usual admin gui utlilties like aduc?
also when you look in group memebership, to not have s(he) appear there as well?
thanls
List info : http://www.activedir.org/mail_list.htm
List FAQ:
Only if it was pushed down via group
policy...but if that is the case then it would be affecting the rest of the
computers in that OU...I have not removed it, and when I checked it was
there
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick - IT Department
Can you give some background on what you want to accomplish?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Thursday, May 20, 2004 2:00 PM
To: ActiveDir (E-mail)
Subject: [ActiveDir] hidding users
is there an attribute i can set in
Not sure about an attribute, but shouldn't you be able to set the security
permissions on the user(s) in question with a DENY ALL for whichever group
or user you are trying to keep out? At the very least the object will show
up but will show up as UNKNOWN and the person with the DENY ALL access to
I did something like that in my environment. Basically, I put all the users
in an OU into a group, and allowed only that group, plus various pertinent
admin groups, to read/list resources. It works well enough, but can take
time to get it all down. For a real large environment, it may not be the
when opening up aduc, i'd like the user not to appear. also, if s(he) is a member of
groupA, when looking at membership of groupA thru aduc, that user should not appear.
i would think there is an attribute of that specfic userclass which you can set so it
would not be visible via the normail gui
Title: RE: [ActiveDir] Exchange 2003 Question
I'd leave the page files on the OS drives in both
cases.
Keep in mind that once the system and whatever apps are
running, the OS drive really won't get hit for anything.
Roger
--
Roger
Joe-
My understanding is that they are indeed correcting the
er..challenges withSystem.DirectoryServices in the 2.0 Framework. I can
echo Gil's comments--today it uses COM Interop, as is evidenced by the
COMInterop exceptions that I get when something pukes and I can also
confirm
Maybe the AD List Mode will be an option for you:
http://www.chrisse.se/MAQB.asp?ID=34
Ulf
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Kern, Tom
Gesendet: Donnerstag, 20. Mai 2004 20:00
An: ActiveDir (E-mail)
Betreff: [ActiveDir] hidding
What I am looking to do is change the
wording on the screen when a computer is locked where it says This
computer is in use and has been locked. I have it when the user log's
in but I want to change it when it's locked as well but I can not find
out where to do this for the life of me. Any help
Gil,
Yeah that's the exact steps that .net uses, under the hood
it uses ADSI , most of the hard work you then have to manually invoke the COM
pity
PInvoke just kills the idea of the LDAP
API
You know how clients are it HAS to be .NET (I can imagine
Eric smiling now)
You keep
AD list mode is interesting enough that we're going to look into it as
well. We're also looking into the link below as a way to accomplish this.
At this point we haven't tested either so I don't really know yet whether
they fill your need (or ours, for that matter).
Mike
Joe are you really still bitter about the
care blanche thing? *sigh*
;)
~Eric
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, May 20, 2004 3:51
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP
filter
Well pardon my poor
Joe,
Yeah they are planning to "ADD" features to the namespace,
depending on the way you look at it, its things that where left out and should
have been there in any event. There are other NDA things that are very
interesting (just ping me offline if you want to know since you have been
Darren,
I have some code to handle those puked COM exceptions alot
of invoking but hey it does the trick, if you want just ping me
offline.
I wont be on email for a day or two I am on my way to Dubai
(from South Africa) and man I hate flying :(
Carlos
From: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Darren Mar-Elia
Sent: Thursday, May 20, 2004 3:14 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP filter
Joe-
My understanding is that they are indeed correcting the
er..challenges
Duh, had a moment. The requirement is not that they are on a DC, it is
that they are on a domain-joined machine. Member servers are ok.
I'm no cert guy. :)
Thanks for keeping me in line.
~Eric
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
i try to use .NET exclusively and have no issues
using COM-Interop. Its not the most efficient but it beling slow is a myth
in my experience.
Steve Schofield
Note: I think Joe and company should start a
reality show with the comedy. "Guess the geeks line" or "Geeks are funny
and are
62 matches
Mail list logo
