Title: Message
Guyz
still the SYSVOL is not shared?? how do i troubleshoot this critical
problem
Regards, Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group
Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EMAIL PROTECTED] "Save Internet, Keep al
Title: Message
restart the File Replication Service and run your dcdiag again. Any
change?
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 May
2004 09:20To: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Sysvol Damaged
Guyz still the SYSVOL is no
Title: Message
Hello Admins,
I
have added NTDS Conenction objects in Sites and Services becoz they were not
automatically created. Now when i add that manually, i see event id 13562 Source
NTFRS, Description,
Following is the summary of warnings and errors
encountered by File Replication Ser
Title: Message
I
will try to run DCDAIG now,. Actually, i thought ther might be problem with the
missing NTDS CONNECTION OBJECTS and so I have manually added those. Now when i
restart NTFRS, i see i see event id 13562 Source NTFRS, Description,
Following is the summary of warnings and errors
Title: Message
I
assume you have not disabled the KCC..
Delete
the manual objects and then kick off the KCC and it should work out the best
paths. This can be done via replmon or sites and services. Unless you have a
large complex site structure then I would just use the KCC as it does
Title: Message
Domain membership test . . . . . . : FailedSONYDC
failed test kccevent Starting test:
frssysvol Error: No record
of File Replication System, SYSVOL
started. The Active
Directory may be prevented from
starting. There are errors
after the SYSVOL h
Title: Message
Did
you restart the FRS service before running the below dcdiag?
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 May
2004 10:13To: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Sysvol Damaged
Domain membership test . . . . . . : F
Title: Message
Yes
i did restart FRS before DCDIAG
Regards, Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group
Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EMAIL PROTECTED] "Save Internet, Keep all the systems patched"
Web: http://alfaisaliah
Title: Message
Are
all your other DC's still running clean? If so then I'd suggest a DCpromo down
and then up again.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 May
2004 11:27To: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Sysvol Damaged
Title: Message
Yes,
but still many issues with FRS, DCPRMO, will it solve all the issues bcoz that
will be thru a WAN Link.
Regards, Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group
Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EMAIL PROTE
Title: Message
Hi
Guys,
Thinking. any experiences out there on the
below?
I'd
like to have a testlab to directly match my production AD in terms of OUs, GPOs,
Objects, etc, etc. The thing is that I'd like the test domain to be phyically
separate from my production environement.
Any
Title: Message
I've
seen some neat things being done with one or a very few machines using
Microsoft's Virtual PC or VMWare to simulate many machines. You could take
a few, well configured PCs to emulate your domain while keeping those PCs on an
isolated network.
Check
out Microsoft's Vi
Title: Message
Thanks
for that info Ken... I'm actually using Vmware for part of the
lab.
Sorry
but I forgot to mention the most important part of that Q.
I want
a way to regularly synch / update the test lab, in terms of OUs, GPOs, objects
etc. I think it's going to have to be a manual
After running DCPROMO I am experiencing few problems with some services. The account
used to start the services does no longer exists after the DCPROMO procedure has
completed. When I restart the DC I receive the following error (this is just an
example of one of the services) :
Date : 5/26/200
Return Receipt
Your [ActiveDir] DCPROMO and Services
document
:
Title: Message
There’s
actually a pretty good article related to this topic in the new Windows &
.NET Mag “Patch Testing.” The author talks about setting up a lab
that mimics your prod environment so you can test patches faster and more
accurately before deployment. Might be some stuff in
Title: Message
You
can just promote an Additional Domain Controller and later on you can
seperate that from production, Just a thougt!
Regards, Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group
Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: [EM
Title: Sysvol Damaged
Run from
the command line using cscript [script_name]
-Original Message-
From: Douglas M. Long
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004
10:08 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Password
set and enable account
Stup
Anybody
know a good way to add a group programmatically (or GPO, etc.) to the RDP
properties visible when you go to Terminal Services
Configuration/Connections/RDP-Tcp [Properties]. I have a bunch of Win2K remote
administration mode servers that I want to add a group of night operators to.
Title: Sysvol Damaged
run it using cscript rather than wscipt - cscript is the
command line version..
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
From: Douglas M. Long
[mailto:[EMAIL
I'm looking for a way to get an email address report for all user
objects in Active Directory. Any idea on how to do this? I see the mail
attribute in LDP but how can I get just this one field filtered out into
a report
Thanks
List info : http://www.activedir.org/mail_list.htm
List FAQ: ht
i use this-
'Global variables
Dim Container
Dim OutPutFile
Dim FileSystem
'Initialize global variables
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("virtual.txt", True)
Set Container=GetObject("LDAP://ou=ExchUsers,DC=childdomain,
If your users have more than one email address, you will also need to
get the proxyAddresses attribute.
-Original Message-
From: Grantham, Caron [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 7:35 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Can LDP be used to create email repor
Would be relatively easy to check DNS. DCDIAG and NETDIAG would be two
tools to use to check to see that all is well from the bad dc and good dc
perspectives. I'd say go the easy part first.
Invalid Checksum? Hmmm... Anything in the security logs that gives an
indication?
Al
-Original Me
They only have one address, I'm trying to figure out the correct syntax
for a CSVDE export, do you know?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Sent: Wednesday, May 26, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LD
Wish I had a better solution off-hand. Doesn't sound like you'll get one
that works for you however.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky
Sent: Tuesday, May 25, 2004 7:23 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] A
Title: Imaged Computers
Our testing group is imaging computers for testing. The problem is with the computer object and the SID. The PC was imaged as a member of our Domain. So when it is re-imaged the computer password are not synced. The only way I have found to fix this is Delete the compu
If you need to cross OU's, you may want to iterate through OU's and for each
OU follow that path. Might be helpful to spit out some information linking
the addresses to the user's samaccountname or UPN as well, just for linking
the user to the address.
Al
-Original Message-
From: [EMAIL
Title: Sysvol Damaged
Alternatively, first set your default interpreter to
be cscript with
cscript //h:cscript
This would be the recommended setting in my
opinion.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Creamer,
MarkSent: Wednesday, May 26, 2004 10:16
LDP is great for a quick look-see but isn't really a reporting tool - I don't know of
any way to write the output from the search into a file. That said, it certainly is
possible to have it return specific attributes instead of all attributes. In the
Search dialog, click the Options button and
Hello Everyone,
We have 2 Domain controllers running Windows2000 server with Active Directory that is
running a high and low CPU pattern. The CPU flatlines at 100% for about 60 seconds
then drops to 5% for about 30 seconds. This high and low cycle continues to repeat.
When the CPU is high the l
Something like
Example: Export of specific domain with credentials
csvde -m -f OUTPUT.CSV
-b USERNAME DOMAINNAME *
-s SERVERNAME
-d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
-r "(objectClass=user)"
Csvde -m -f OUTPUT.CSV -d "dc=domainname,dc=com" -r
csvde -f outfile.txt -d "cn=users,dc=yourdomain,dc=com" -r
"(&(objectclass=user)(objectcategory=person))" -l mail,proxyaddresses
Replace the "cn=users,dc=yourdomain,dc=com" with the place you want to start the
search, or leave out the -r altogether if you want to do the whole domain naming
cont
csvde -s dcname -f c:\mail.csv -d "dc=xx,dc=com" -p subtree -r
objectClass=user -l "cn,mail"
-Original Message-
From: Grantham, Caron [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 7:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report o
Searches, logging on, etc could cause this. Have you checked to see that
there aren't any other issues going on? What about a network trace to see
what the heck is going on at the wire after checking the logs?
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On B
Both come up clean, despite the fact that the A record for the DC
initially didn't have the BAD_DC$ account in the ACL and the owner was
SYSTEM instead of BAD_DC$. I adjusted that manually and the change
replicated to all DCs. Still the netdiag and dcdiag do not show any DNS
related problems - only
replication,kcc?
-Original Message-
From: Airhart, Cliff [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 11:21 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] lsass.exe process causing high CPU on DCs
Hello Everyone,
We have 2 Domain controllers running Windows2000 server with Act
Or better yet, combine what Al said and what I said, like this:
Csvde -m -f OUTPUT.CSV -d "dc=domainname,dc=com" -r
"(&(objectclass=User)(objectcategory=person)(mail=*))" -l mail,proxyaddresses
That way you get only the attributes you want, and then only for people who actually
have mail address
The -l params is a nice touch but curious why you want to find objectClass
objects. That's an inefficient query IIRC. Plus, if you return each person
in the directory (you should start at a higher node to supply an answer to
his request which is to find ALL users in the domain; if he had them in
Had this problem as well. Was caused by a virus; sasser I beleive.
Cass M. Gowins / Network Manager
Stark/Portage Area Computer Consortium
2100 38th St. N.W.
Canton, Ohio 44709
[EMAIL PROTECTED]
- Original Message -
From: "Kern, Tom" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wedn
Thanks everyone, actually I figured it out and got just the info I
needed:
CSVDE -f email.csv -r "(&(objectClass=user))" -l "mail, name"
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%4
Objectcategory is indexed (objectclass is not), so objectcategory=person is more
efficient. Contacts have an objectcategory of person as well, though, so if you use
only objectcategory=person you get both users and contacts. By using both in an AND,
you get only users.
The part about where to
There is a reason to attend TechEd... "Win303 - AD performance
troubleshooting".
>From that talk, the two typical causes are non-indexed searches against AD
or a rapid retry of authentication from an application that is using an bad
or expired account. As Joe says all the time... crank up NetMon
Pardon me for starting a new thread from the original post, I'm taking a
different approach..
This is TOTALLY one of my FAVORITE types of issues to work. I work at
least half a dozen of these a week. Here's my standard action plan that
I use when an engineer here comes to me with one:
1) Firs
Thanks for the clarification. That helps tremendously!
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A
Sent: Wednesday, May 26, 2004 12:18 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of
Title: Message
Here's
some Perl WMI code for adding a local group to the RDP security. However, if
memory serves, W2K doesn't support WMI TS stuff - only 2k3
Anyway, maybe it will work...
sub
TerminalServerSecurity {
my $host = shift;
my $RemoteGroup = shift;
my $wmi =
Win32::OLE-
Title: Message
Thanks Ken!
Even if I can’t use this on the 2K machines, it’ll help a bunch in
a couple of months. Many of our TS machines are about to be upgraded and/or
installed. I appreciate it…
-Original Message-
From: Ken Cornetet
[mailto:[EMAIL PROTECTED]
Sent: Wed
First, thanks to Charles Soto and Nicholas Froome.
In general, my question was about the best way to implement directory
services (including single sign-on, authentication, and directory security)
for a mixed network of PCs and Macs (30 Macs, 40 PCs). Would one run Open
Directory or Active Direct
Title: OT: Exchange SMTP Relay Precedence
Here is the scenario:
I have two Exchange servers in different routing groups called ServerA and ServerB. ServerA has an SMTP Connector to an external domain (externaldomainA.com) using a smart host with a Connector Scope of Entire Organization and
Title: OT: Exchange SMTP Relay Precedence
IIRC, the connector trumps the VS, but in your case it's in
another RG. I would guess (and I'm reaching a bit here) that it would work
if you had a connector specified that utilized that VS. Since you don't,
you'll need to find a way to allow the tr
Critical mass has been reachedmultiple people asked me (offline)
where to get SPA. Here's a link:
http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-4
7b9-901b-cf85da075a73&displaylang=en
I shall learn to post links with tools..
~Eric
-Original Message-
From:
Hi Al. :o)
&(objectcategory=person)(objectclass=user) is a good filter though it
wouldn't catch inetorgpersons. Slightly better may be
&(objectcategory=person)(samaccountname=*) if you have contact objects or
you have inetorgpersons you want to catch as well as user objects. If you
have no conta
Answers in line to additional questions
> From: Noah Eiger <[EMAIL PROTECTED]>
> Organization: PRBO Conservation Science
> Reply-To: <[EMAIL PROTECTED]>
> Date: Wed, 26 May 2004 10:36:54 -0700
> To: Active Directory List <[EMAIL PROTECTED]>
> Subject: [ActiveDir] SUMMARY: Mixed network PC and Mac
Title: OT: Exchange SMTP Relay Precedence
Al,
Thanks for the info. It looks like
we will have to either create an SMTP Connector in ServerB's routing group or
open up externaldomainB.com's server to relay through our server on the SMTP
Virtual Server.
Jeremy
-Original Messa
Hi Joe.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, May 26, 2004 2:25 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all use
rs in AD?
Hi Al. :o)
&(objectcategory=person)(objectclas
would this script let me add users from domain A to universal group in domain B?-
Const ADS_PROPERTY_APPEND = 3
Set objGroup = GetObject _
("LDAP://cn=Universalgroup,cn=Users,dc=parentdomain,dc=rootdomain";)
objGroup.PutEx ADS_PROPERTY_APPEND, "member", _
Array("cn=username1,ou=ouname,dc=c
<<
> - Can XServe volumes be managed by Active Directory? That is, can you add
> and XServe as a member server of an AD domain?
Yes, you can use the active directory plugin in 10.3.3 to add xserves to an
active directory domain, and some creative vi'ing on the /etc/smb.conf file
to manage authenti
Title: Looking for a tool that displays SID
Hey I found the problem and I believe
fixed it. If you have a Win2K DC
with a domain name of “NAME” instead of “NAME.local”
it is categorized as a “single-label” name, and DNS treats that as
a TLD such as a .com, .net etc and subsequently disall
58 matches
Mail list logo
