But would this be the standard practice for stricter organisations? Of
course it ain't a big problem for me in reality since the customer's
environment is a small one, but I'd like know how corporate domain/forest
admins handle this.
thanks,
Aaron
-Original Message-
From: [EMAIL
Well, I am hoping someone will be able to help me. I can not dcpromo another
Win2000 Server on my network.
I was originally able to do this but then active directory corrupted on the
2nd DC. This was then forced removed from being a DC. I used KB332199 and
KB216498 to do this.
I have since
Hi,
Try the following MS KB article.
http://support.microsoft.com/?id=314978 How to use Adminpak.msi to install
a specific server administration tool in Windows
Regards,
Jorge
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: woensdag
I keep wading through lots of news groupposts that keep citing the same 2 MS KB articles. I need a bit of confirmation
# Account lockout is an urgent rep trigger, but this only means intra-site.
# For inter-site the lockout reps as per the schedule.
# To get lockout to rep urgently inter-site
Hi Paul,
About immediate and urgent replication I
know the following:
* Immediate replication occurs independent
of the configuration of intra-site and inter-site replication. This is valid for
password changes and account lockout. The new informatie is replicated through
the NETLOGON's
Couldn't you just install the AD tools and delete the short-cuts you don't
want the user to use/have from Control Panel and restrict MMC?
-Za Vue
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aaron Seet
Sent: Wednesday, October 13, 2004 12:58 AM
To:
OK, I'mlogged in asa Domain Admin and an
Enterprise Admin on our domain. My desktop
is a member of the domain.
I have one server,
which is a member of the domain,it is not a
DC,running Windows 2000 Server, sp4, that if I don't create a
mapped share (and authenticate separately) that the
Double check your permissions on C:\winnt\ndts, c:\winnt\sysvol, and
c:\winnt\system32\ntds.dit. I say delete the ndts and sysvol folders and
start over.
-Za
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, October 13, 2004
Path not found? Are you getting an issue with netbios
name resolution for that? Maybe not returning fast enough for the
script?
How about the security and system logs for this one?
Anything there?
Al
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
SmithSent:
Anyone?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon
Sent: Tuesday, October 12, 2004 6:05 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] HOSTS file modification via GP?
His wouldn't work as when clients connect to the internet, they
Is the domain for sale?
-Za
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon
Sent: Wednesday, October 13, 2004 9:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] HOSTS file modification via GP?
Anyone?
-Original Message-
From:
Yeah, I thought about that, but the server (aspen) is both
in WINS and in DNS. ping works fine (specify the netbios name, returns the DNS).
The script makes six attempts, so I'm certain it has long
enough.
There are no failures in the security log (and the accesses
are logged as success).
No its not. Does this seem like the only solution? To buy the domain?
-Devon
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Za Vue
Sent: Wednesday, October 13, 2004 9:33 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] HOSTS file modification via GP?
Return Receipt
Your [ActiveDir] Unable to Promote a 2nd DC or Access Group
document Policy on existing DC
:
Everything looks OK, as far as I can see. Aspen doesn't run
the computer browser service so it doesn't have a 1e record. Looks just like a
number of other servers records...
Thanks,
Michael
C:\nbtstat -a aspen
Local Area Connection:Node IpAddress: [192.168.100.118]
Scope Id: []
NetBIOS
Title: Message
That's
all correct, with one addition: if an account is locked out at a DC other than
the PDCE, it uses 'immediate replication' to tell the PDCE about it. This
does not wait for any schedule; it just happens. There's a webcast
transcript out there that details the various
Yup, that looks OK to me as well - assuming that box isn't
a DC, right?
Al's probably on the right track (as usual...~sigh~) -
could you be getting an 'access denied' somewhere along the line?
Where did you chek the event logs - anything in the
security logs on the client running the
You don't need a proxy to accomplish that - point your clients
(typically via DHCP) to your internal DNS, and have your internal DNS
forward to your ISP. Never point your clients directly to your ISP.
Having said that, I thought the gist of the problem was specifically for
laptop users when they
True enough, you could use DNS forwarding as well, but I tend to perfer
having a proxy server in place as it also lets you have some control
over your users internet traffic and allows you more flexibilty with DNS
if you don't use your ISP for your external DNS.
Phil
-Original Message-
There appears to be no Taskpad feature for AD Users and Computers
snap-in
Aaron
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Wednesday, 13 October 2004 15:28
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Install only Active
Start mmc with a /a switch. This puts it in author mode. From there, you can customize
to your delight, and under View, there is a dialog which you can force it so users
can't modify the msc.
Thanks.
--Brian Desmond
[EMAIL PROTECTED]
Payton on the web! www.wpcp.org
v - 773.534.0034 x135
f
Aaron,
I think it is called dsadmin.dll, (it has been quite a while). At one
point I opened adminpak.msi with WISE (you may be able to do the same
with Orca) and found the association between ADUC and the .dll.
Things have changed a bit and there are switches that allow you to
install (register)
http://www.google.com/search?hl=enlr=q=create+your+own+MMC+snapin
- ASB
Cheap, Fast, Secure -- Pick Any TWO.
http://www.ultratech-llc.com/KB/
On Wed, 13 Oct 2004 12:58:25 +0800, Aaron Seet [EMAIL PROTECTED] wrote:
The articles i find just talk about installing the entire Administrative
OK - I have a basic setup in the lab, but is there any way to auto-map a
certificate to an AD account? The way of the lab has me manually setting up
the relationshipsnot a practical solution when you have more than 1000
accounts to map in such a way.
-Original Message-
From: [EMAIL
Ok i did some digging, and found
http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fbin%2Fkbsea
rch.asp%3FArticle%3D325051
Thinking it's some permission lacking for
CN=Configuration,DC=domain,DC=com|- CN=Services|- CN=Microsoft Exchange, I
went in ADSI edit to give the normal user
Something like this?
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/certenrl.mspx
#EIAA
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega
Sent: Wednesday, October 13, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
That would rock - if I had a common client PC configuration...I'm dealing
with a large user base that has a variety of Microsoft OS's installed
(Windows XP, W2K Pro, etc.). Thanks for the pointer though, I think I can
leverage that for another smaller project down the line.
-Original
You also might want
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/
html/certenrollment.asp for more custom functions.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, October 13, 2004 1:58 PM
To:
Now THAT looks promising...back to the lab!
-Original Message-
You also might want
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/
html/certenrollment.asp for more custom functions.
List info : http://www.activedir.org/mail_list.htm
List FAQ:
Fantastic. This is it - by using a blank MMC instead of the static one, i
can adjust and configure Taskpad views.
Now all that stands in my way are the Exchange errors (as reported in my
other post). If i can get the user account the right set of permissions to
work this out then everything
Oh, I'm sure it's an authentication
issue.
The initial logs I checked were on Aspen (the server to
which the connection is failing). I have nowalso checked on the client and
on the DCs and there are no relevant entries.
Aspen is not a DC.
Thanks,
Michael
From: [EMAIL PROTECTED]
Clients have not access to our Internal DNS once connected to their ISP.
This is why this problem is happening. Otherwise, our internal DNS
would point them to the correct AD domain.
-Devon
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Boza
Sent:
Oh wait, indeed one must delegate control of View-only Exchange
Administrator to the user/group and that solves the permission problem.
Woot
Aaron
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aaron Seet
Sent: Thursday, 14 October 2004 01:58
To:
No relevant? Success or failure? Or just
success entries?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
SmithSent: Wednesday, October 13, 2004 2:31 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] OT sorta:
GetDrive() error
Oh, I'm sure it's an authentication
Nothing regarding this issue
whatsoever.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick,
AlSent: Wednesday, October 13, 2004 2:57 PMTo:
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT sorta:
GetDrive() error
No relevant? Success or failure? Or just
success
Might be good to check on the wire outside of the machine
running this then. Sounds like it's not making it to the wire at
all.
Al
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
SmithSent: Wednesday, October 13, 2004 3:03 PMTo:
[EMAIL PROTECTED]Subject: RE:
hand flashes over top of head
huh?
/hand flashes over top of head
Thanks,
Michael
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick,
AlSent: Wednesday, October 13, 2004 3:24 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] OT sorta:
GetDrive() error
Might be good to
What effect would this have on the domain if that setting was put onto
the default domain policy?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Tuesday, October 12, 2004 7:50 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] GPO and
network trace.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
SmithSent: Wednesday, October 13, 2004 3:40 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] OT sorta:
GetDrive() error
hand flashes over top of head
huh?
/hand flashes over top of head
Thanks,
Obviously back them up and delete them but what are the ramifications should
something go wrong from here? I am just a little worried about deleting what
you have suggested and not having the system come back up properly.
I am open to try anything so long as the chance of losing the only DC we
If it is not returning fast enough then would a pause for a few seconds
help? I state / ask this because I had a problem once and adding in a
waitsecs xx allowed enough time before the next command executed. Granted
it was only in a batch file but this has saved me several times.
Not sure if you
You asked:-
Is it possible to modify each client's HOSTS file via Group Policy? If so,
how is this done?
Not that this answers your question but an alternat way to update the hosts
file could be via a login script which copies the hosts file you want on all
workstations from a specified
42 matches
Mail list logo