Here is a three articles I've used to hide the PDC emulator and also hide a
delayed replicated domain controller (A DC that only gets replicated once a
day) using SRV records. These articles relate to using a lower SRV LDAP key
but is good to help understand how to use DNS and SRV *magic* to hide
I have been trying to reproduce the behavior in our test forest, but meanwhile in
vain. I can only speculate that you need more than one DC on site (at least 1 DC and 1
GC maybe ?).
In any case, meanwhile another issue popped up and it looks like it might be related.
As I have already mentioned
~
I would like to give a group of our 2nd level administrators the
ability to log on to all Domain Controllers.
~
Because?
-ASB
- Original Message -
From: Abbiss, Mark <[EMAIL PROTECTED]>
Date: Mon, 13 Sep 2004 14:32:47 +02
Thanks to Darren, Guy and Phil for the help -- this is pretty much the
answer I was hoping for. :-)
Cheers,
-- Idan
On Mon, 13 Sep 2004, Renouf, Phil wrote:
> The only GPOs that won't apply are machine account GPOs since those will
> be based on the DA GPOs since the workstation is a member of
The only GPOs that won't apply are machine account GPOs since those will
be based on the DA GPOs since the workstation is a member of the DA
domain.
Phil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Monday, September 13, 2004 2:0
It's worth mentioning that in the case of W2K3 forest trust (user from
forest A signs to machine in forest B) the loopback GPO processing is
enabled by default.
Guy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Monday, September 1
Idan-
It makes part sense, but in general, yes, Group Policy does not have an
issue with trusts. Your described scenario below is a bit confusing. If
U1 is defined in domain DB, then I'm assuming that when you say that U1
signs into domain DA, you mean that U1 is sitting at a workstation whose
mach
I haven’t run into this type of problem
in either W2K or W2K3 DC’s…though I haven’t used the WinNT
provider in a long time. Any chance you can post the complete snippet of code
and the error being returned?
I know one thing to keep in mind with W2K3
you many need to use ADS_SECURE_AUTHENT
Any, only that the developer´s use that in many
case.
Thanks anyway
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Monday, September 13, 2004 1:45 PMTo:
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] ADSI & DC
W2K3Sensitivity: Private
No, but I don't use the Winnt provider either. Any
No, but I don't use the Winnt provider either. Any
particular reason to use the winnt provider vs. the LDAP
provider?
Al
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Monday, September 13, 2004 10:30
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir]
A
Hi All,
I have a question about whether GPOs get applied in a situation where
domain trust is used..
Assume AD domain DA trusts DB. There is a user U1 defined in DB.
U1 belongs to a group G1 on DB. A particular GPO applies to G1 in DB.
Now when user U1 signs into domain DA, using trust, does t
We were looking into exactly this problem, and came across
a few options. If you want to get fancy, (with a fair bit more work), you
could go with an 802.1x solution, and automatically VLAN people (or not) as they
connect to the network. We also stumbled across a neat solution, that
requir
Title: Message
Resistance is futile - you will be assimilated.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Coleman, HunterSent: Monday, September 13, 2004
9:31 AMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Unauthorized DHCP Reque
Hi
List,
I have problem wiht ADSI script inside an *.asp
when it validate over a Windows 2003 Server STD DC, if the consult is to a
Windows 2000 Server DC, it´s OK. Any have similar problem ? The domain is
Windows 2000 Native.
For
instance
set Ad =
GetObject("WinNT://DomainName/Us
It's part of our plan to force a pure MS environment
:-).
I asked our network group about this last week, and was
told that the non-MS devices would need a "placeholder" account in AD. I haven't
had a chance to check through the documentation to verify this. I'll post back
whatever I can d
Hunter:
With Cisco ACS, how are you going to
deal with non-MS based devices that get DHCP addresses? That's always been
the hang-up for us to shift to a setup like you
describe.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Coleman,
HunterSent: Monday, September 13, 20
Our network folks are starting to roll out Cisco's Access
Control Server. They plan to tie it into our AD, and eventually configure all of
the network devices so that machines won't get on the network unless they're
joined to the AD and have successfully authenticated. I'm not sure who else
Hi Mark
The default domain controller policy also sets the rights to log on
locally. We were attempting to deny logon local rights to our Service
accounts, and found that this GPO overrides the one we put in to deny the
service account group to log on locally (apparently GPO does not let the
same
Title: Message
Someone is going to ask it so it might as well be
me
Why are you letting non-domain admins log onto domain
controllers?
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abbiss,
MarkSent: Monday, September 13, 2004 8:33 AMTo:
'[EMAIL PROTECTED]'Su
Are they attempting to log on via the console or by Terminal Services?
If the later did you grant them access in the Terminal Server configuraton?
al
Abbiss, Mark wrote:
I am going round in circles and am now completely confused !
I would like to give a group of our 2nd level administra
Title: Message
I am
going round in circles and am now completely confused !
I
would like to give a group of our 2nd level administrators the ability to log on
to all Domain Controllers. I have applied a group policy to the "Domain
Controllers " OU which sets the "Computer configuration ->
21 matches
Mail list logo
