That does sound like a possibility. I've tried to search the Internet for
more information on that, but I haven't come up with much. Do you know if
it only does the pings when a computers starts, or does it continually ping
computers throughout the day? That amount of the traffic shown seems
Yes, over 500 GIG and sometimes approaching a terabyte. I'm afraid I only
know what the networking professional sent. He was monitoring the traffic
to and from two AD DC's. From the graph he sent, it appears he is using a
product called NetworkVantage? It has graphed data for 5 categories:
I have to agree with Joe, that it doesn't sound like normal traffic. You
really should look much more closely at the traffic being sent to see why
and what it actually is.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jacob Walker
Sent:
Hey allHope someone has the answer to this.
We consistently have problems with some admin dragging and dropping an OU
by mistake inside another, wreaking havoc with AD. Not to mention the
errors etc.
Politically, we have way too many admins, too much rights...etc. Slowly
approaching that
Hello John,
I don't know if there's a way to totally disable that feature other than
using the MMCs from W2k, but at least in SP1 there will be a warning
dialog box if you drag and drop. Unfortunately there is a checkbox Do
not display that message again, and I havent found a GPO-Setting yet
to
Really, CrackLib is a toolset that I'm guessing they want to use to
*prevent* the use of passwords that are too easy. Personally, I would have
suggested that they think this out a lot more. The reason I say that is
that once you build an app like this, you often times want to extend it to
be
John-
IIRC, a move equates to a rename of the object. I'm pretty sure that if
you remove the Allow right on the Write Name property of the OU, then
the careless admin won't be able to move it. You might have to take it
one step further and set a Deny on Write Name, but I'd avoid that if
possible
Time to break out Netmon or Ethereal and learn what is going on. This is
something I recommend on a regular basis anyway. Any time you have free
time [1] you should be pulling out a network monitor and watching the
traffic zipping around and try to understand what it is. 500 GIG of traffic
is
There are two permissions papers now.
Working With Active Directory Permissions in Exchange Server 2003
http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3
ad.mspx
Working with Store Permissions in Exchange 2000 Server and Exchange
Server 2003
It is possible to break out the TLD _msdcs and then create secondaries for
just that portion of the TLD zone and transfer those to the child domains.
Setup:
W2K SP4
W2K DNS only
All AD domain DNS zones are AD integrated
TLD and 4 peer child domains
On the first server in the TLD run the
Migrating Citrix server in an NT4.0 domain to Windows 2003 domain. Is there
anything concerning licensing that we need to worry about? Or if anyone has
encountered any issues doint this, could you please share?
Thanks,
Mario
Hi All:
Image my surprise when I tried to fire up the dsa.msc and
was greeted with the error in the subject line. Specifically: Naming
information cannot be located for the following reason: The server is not
operational. In fact, I could not access any domain-related tools.
The
Can you run a dcdiag and post as a first
port of call?
Cheers
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: 08 December 2004 16:44
To: [EMAIL PROTECTED]
Subject: [ActiveDir] The server is
not operational
Hi All:
Image my surprise when
Sure (see below). BTW: the time
server error reported in the systemlog section resolved itself a few
minutes later.
Domain Controller
Diagnosis
Performing initial
setup:
Done
gathering initial info.
Doing initial
required tests
Testing server:
Thanks for the additional details on cracklib. It sounds like something
you could use for implementing a custom DC password filter if one was so
inclined. (see other current topic)
It does seem like using the AD native stuff would be a better starting
place.
Joe K.
-Original Message-
I have been away for a while and have not been following this conversation
closely, so excuse me if I missed some of the relevant conversation.
Looking at what you've written, I do not understand what the purpose of this
exercise would be.
If you have a parent-child topology, and you configure
Noah elger wrote
RRAS is running (only for me to make a PPTP connection over which I run
RD).
Due to RRAS, the server registers another A record and SRV record in DNS (for
the VPN interface). DNS also shows that it is servicing requests on that
address. ...
And I replied ..
I
OK - here is the rest of the story...
The secnario is a worldwide corp (200+ physical locations, 180 +/- DCs, 4
regional child domains, all site level DCs are also GCs). Clients use their
local child domain DC as their DNS server. A fair percentage of our
locations are in places that are really
Can someone please e-mail me off line the folder called REMOTEREG off of
a Windows 98 CD Please, thanks.
Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]
List info : http://www.activedir.org/mail_list.htm
Return Receipt
Your [ActiveDir] Citrix and Windows 2003 AD Domain
document
:
Smells like a MS best practice for branch office environments... ;-)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, December 08, 2004 10:44 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DNS root
OK - here is the
That's great Frank, but again, what was the reason for breaking out the
_msdcs from the rest of the zone? Why not give them the entire zone? Why
the hassle?
That said, I've seen serial number issues in similar setups, so did you get
the results you wanted?
(should've looked before. I
I suppose that depends on which part of the doc you read (I chose this one
because he's using W2K).
Configuring the _msdcs zone
If you are planning to deploy a global catalog server or multiple domain
controllers to the branch offices, the _msdcs.corp.hay-buv.com zone should
be configured as a
Aric,
You are correct - I never claimed to invent this ;-)
BTW - This is the end result of what you looked at a couple of years ago
when Tom B. had you come to Greensboro for a day
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard,
i have clients connecting via pptp vpn in windows XP to a win2k RRAS server.
They connect fine, but after they log on they can't get to Exchange/ When they
ping my exchange server they get back the ip of their dsl router(netopia).
also when they do an nslookup, they get their isp's dns server.
I remember it well - my only trip to NC if I am not mistaken. :)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, December 08, 2004 11:26 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DNS root
Aric,
You are correct
the first article was great.
just one question- he talks about needing to be exchange full admin on the org
to install or upgrade a server in exchange 2k. do you know if this means you
need to be a full admin on the org to install a exchange service pack as well?
or just the admin group?
thanks
Thanks for putting that into perspective for me. It helps to understand
design requests before saying yes/no. Having said that, secondarying the
TLD from the Child DCs would be a requirement (must-have) IF there are no TLD
DNS servers at the local site. I know that this is a common scenario, and
As far as the serial number behavior - yes it worked.
The trick is to pick one DC in the TLD and always use that DC to get the
original copy of the _msdcs zone (this is the copy that goes to the child
domain FSMO server). The SOA serial behavior is consistent on a single DC.
Once you get that
Thanks, we'll give it a try.
John
Coleman, Hunter
[EMAIL PROTECTED]
t.us
And another reply with slightly different information:
From the document you mentioned, on page 19:
Service packs for Exchange must be installed after Exchange Server 2003.
There is not an integrated setup of Exchange that includes service
packs. You need the following permissions to apply
I didn't want to guess (none of my customers restrict Exchange admins),
so I went to someone who would know for sure:
It would just need to be on the Admin group. The org level permissions
are only needed for the FIRST install of Exchange, any subsequent server
installs, service pack
Deji,
You are correct - in my case TLD DCs/DNS servers only exist in the network
backbone. The user sites only have a DC/DNS server for their regional domain
on-site.
I agree that if a TLD server is also on-site there is no need to secondary.
Frank
-Original Message-
From: [EMAIL
Is the dial-in tab in ADUC only available if Remote Access Services are
installed? I would make sense, but I just want to make sure before
installing a service. Thanks
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
I don't know about that.
The article says for install/removal,and DR of subsequent servers, you need
full admin rights on the org for exchang2k(pg18). this has change in exchange
2k3.
I also know from experience when i try to install an exchange server in my
admin group, i get a rights error
Thanks, Deji. So apparently I have been sinning... in many places with no
apparent impact on service.
The fun part is picking through all the spots in DNS where that extra
registered address created records. It's kinda like flossing your teeth
after eating popcorn.
-- nme
-Original
I'm not sure which specific DNS records got registered for the VPN interface,
but nltest /dsderegdns may make cleanup much easier. I've used it to clean out
records when we didn't want a DC advertising itself beyond a hub site.
-Original Message-
From: Noah Eiger [mailto:[EMAIL
Is it just from an XP box? I can see it on servers W/O RAS.
The Dial-in tab does not appear when you use the Active Directory Users
and Computers snap-in to view the properties for a domain user on a
Windows XP-based computer: http://support.microsoft.com/?id=837490
-Original Message-
Thanks, Hunter. So in this case, I have it registered for two addresses. If
I run that, it looks like it will deregister both of those addresses. I
would then need to add back the one I want.
Do you know if you can run that with an IP address? As in, I just want to
deregister this one address.
I don't think you can specify a particular IP address. What I would do is
follow the KB article that Deji sent, then run the nltest /dsderegdns command.
That will clear out all references to the DC. Then stop and restart the
Netlogon service on the DC to have it reregister the correct DNS
Your sins are forgiven, son :)
As for the fun part come on, this is what you get paid to do. Just click
through all the different zones and sub-zones and delete them. It'll only
take you a couple of hours :) Seriously, something like this should work:
net stop dnscache net start dnscache
Yes, it is from an XP machine. It looks like this is a bug that has a
multiple solutions (hot fix, 2003 adminpack, SP2). Of course none of
them worked for me, but once I found out that they show up on the DC, I
just did what I needed to from there. Will work on fixing the client
though.
Have you tried this?
http://www.jsiinc.com/subn/tip6900/rh6988.htm
Santhosh"Douglas M. Long" [EMAIL PROTECTED] wrote:
Yes, it is from an XP machine. It looks like this is a bug that has amultiple solutions (hot fix, 2003 adminpack, SP2). Of course none ofthem worked for me, but once I found out
Have you tried this?
http://www.jsiinc.com/subn/tip6900/rh6988.htm
Santhosh"Douglas M. Long" [EMAIL PROTECTED] wrote:
Yes, it is from an XP machine. It looks like this is a bug that has amultiple solutions (hot fix, 2003 adminpack, SP2). Of course none ofthem worked for me, but once I found out
I wrote an EXE that adds the tab dial-in if you're
interested... It does everything that the JSI article does, just by
running the EXE file. Good if you have a lot of machines to add the tab
on.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Santhosh
SivarajanSent:
Title: RE: [ActiveDir] OT: Virtual Server 2005
Hi Glenn:
I have been building a configuration similar to what you recommend, but using RRAS (I don't own ISA).
I have RRAS running on the physical host. This has two physical NICs (ipconfig at the end of this post): ProductionLAN and TestLAN.
Title: RE: [ActiveDir] OT: Virtual Server 2005
I previously
promised a script to convert adfind output to CSV format. This is until I get
ADFIND so that it natively outputs CSV which will occur in Version 2.0.0 at some
point in the future. I have been looking over the code and adding things
Title: RE: [ActiveDir] OT: Virtual Server 2005
where is that perl to vbscript converter?
:-P
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Wednesday, December 08, 2004 9:41 PMTo:
[EMAIL PROTECTED]Subject: [ActiveDir] ADFIND CSV
Output
I previously
promised a
Title: RE: [ActiveDir] OT: Virtual Server 2005
I was going to
try and convert it, but, none of that stuff makes any sense to me. g
About all Ive
ever chomped is $food.
Thanks.
--Brian
Desmond
[EMAIL PROTECTED]
Payton on the
web! www.wpcp.org
v - 773.534.0034 x135
f -
Title: RE: [ActiveDir] OT: Virtual Server 2005
The answer is that you should have nothing
entered in the default gateway field for the internal (TestLAN) interface. Traffic
is flowing now.
Sorry to waste the bandwidth.
-- nme
From: Noah
Eiger [mailto:[EMAIL PROTECTED]
Title: [ActiveDir] Black Login Screen
ADTEST I believe logs LDAP response times, but its been
awhile.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Centenni,
JasonSent: Tuesday, December 07, 2004 7:14 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP Capacity
We did have an OEM relationship with them, but we terminated that
relationship several years ago. I don't actually know what happened to
them or the product. It was a cool idea, lousy execution, and frankly
hardware costs are such that you can rule-of-thumb most AD capacity
planning problems and
Hint taken. One of the problems with the NTSim product was that
generally AD customers didn't need AD capacity planning, they needed AD
deployment, migration, and operations tools. The market has certainly
matured since then, but I'm still unconvinced that there is a broad need
for AD capacity
Tom, Bob,
Deji will be covering Exchange security and how it relates to AD
security at DEC 2005 in Vancouver.
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Tuesday, December 07, 2004 10:10 PM
To: [EMAIL PROTECTED]
Subject: RE:
Title: [ActiveDir] Black Login Screen
You could make yourself a .net console app
which took a couple of parameters query, dc/gc, etc and returned the
time elapsed to execute the query. I dont think MOM05 includes this but
it would be trivial to create rules to do this given such an
With or with out a rubber chicken?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, December 08, 2004 8:04 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] exchange 2k permissions OT
Tom, Bob,
Deji will be covering
Deji
Maybe I missed something: I did all the steps as per MSKB
292822. However, when I restarted the DNS service, disconnected the VPN, and
then reconnected, the PPP interface address came back from the dead. There it
was (ugly little bugger): (same as parent), etc.
Any thoughts?
57 matches
Mail list logo