Ah yes. So SPA uses similar back end stuff to adperf (just more of it, and
better, and more efficient in a lot of ways). And spa is more intelligent.
If you can trick spa in to thinking the data is it's own (or adperf or has
enough to keep it happy), sure you can use spa to compile the data. But
Well, its been a while since I've looked at adperf, but essentially on a Win2K
DC, there was support for event tracing with a subset of the AD providers (e.g.
AD:core, AD: Kerberos, etc.) supported on 2003. The Win2K event tracing created
binary .etl files that *appeared* to be able to be parsed
Guido, thanks for the answer...helps a lot
No I understand it that I can do the accounts/server/computer/desktop
migration from the accounts domainand that once everything is migrated I
use AD to do any new additions such a accounts etcI know that the last
question was a no brainer but
Can you define "win2k ad providers"? If you mean adperf, yes. If you mean
something else, please clarify, because it depends.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Wednesday, February 23, 2005 5:20 PM
To: ActiveDir@mail.a
Novell client adjusts several protocol level settings. Check the binding order of protocols to ensure that tcp/ip is being used for the smb connection and not the Novell implementation of IPX. Or if the scripts are solely located on sysvol make sure the DC's do not have IPX enabled.If that doe
Eric-
One thing on Win2K--can you crunch .etl files that the Win2K AD providers spit
out using SPA? I thought I remembered being able to do reporting against those
with the Server 2003 tracerpt utility, so I'm wondering if SPA can do it too?
Darren
-Original Message-
From: [EMAIL PROTE
Oh, I should add, I _hope_ people who use SPA in production environments know
to use the tool in data only mode, then compile it later. This way the
expensive part of the run (report compilation) can be offloaded to a non-loaded
DC.
Just set SPA on the DC to run in data mode. Then when you hit
Title: Disabling Inactive Users
yep, heard of it, but never had the time to look at it yet
(a shame)
/Guido
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
KirkpatrickSent: Wednesday, February 23, 2005 7:30 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Any
no,yes,yes
no, don't have to do two migrations... yes, you can migrate servers from
the resource domain directly, but you need to setup a trust from the
resource domain to the AD domain... yes, after migration, add new users
machines to AD
/Guido
gee, I find my own answer hard to read ;-)
-
Grillenmeier, Guido wrote:
let's see if anybody here ever came accross this issue - I can't find
anything on it: a company is using NT4 workstations with a Novell Client
(v4.9) and these are being migrated to AD. The workstations with the
(...)
Hi Guido,
I don't know if it will help but I had
Correct Paresh, but you can do some complication of other data from 2k (like
adperf) with SPA on a 2k3 box after the fact. So you can have some of the SPA
benefits w/o 2k3 DCs, even though you don't get the whole experience. :)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
I'm not aware of an updated version, however, most of what's written in
the 2000 whitepaper is still valid in 2003 AD. An important addition
I'd consider for hosted environments is working with AD object quotas
(providing you'll allow decentral administration).
/Guido
-Original Message
thanks Gil - I'm right there with you (the "I don't miss
it" part...). I'm pretty sure this is client related, but it never hurts
to check with others ;-)
/Guido
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
KirkpatrickSent: Wednesday, February 23, 2005 11:45 PMTo:
Please do note that SPA can only be used on Windows Server 2003 and not on
Windows 2000 (as fas as I know)...
PN
From: [EMAIL PROTECTED] on behalf of Nathan Muggli
Sent: Wed 23/02/2005 20:55
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Anyone use S
Its been so long since I've worked with the Netware
client... boy I don't miss it :)
I've checked with our support and QA people and it doesn't
ring a bell with anyone.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
GuidoSent: Wednesday, February 23,
let's see
if anybody here ever came accross this issue - I
can't find anything on it: a company is using NT4 workstations with a Novell
Client (v4.9) and these are being migrated to AD. The workstations with the Novell Client have
issues running the Logon-Script for the users in AD (if
au
I never realized that the msi file in the
vphome share would properly configure the client in managed mode and to the proper
parent server. Now that I think about it, however, it makes perfect sense.
I piloted out the deployment using that
package and it worked flawlessly.
Thanks,
I've read the whitepaper "Deploying Active Directory in a High Volume
Hosting Environment" (
http://www.microsoft.com/serviceproviders/whitepapers/hvh_ad_deploy.asp )
and have setup a lab based on this paper that works well. I am wondering
though, if anyone knows if there is an updated whitepaper t
We have 2 nt40 domains, 1 an accounts domain and the other a resource domain
with a one way trust from the accounts domain to the resource domain, and we
are planning on have 1 AD domain, to migrate all user accounts,
servers/computers, desktops etc... before we do our exchange migration do I
need
Title: Disabling Inactive Users
http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-47b9-901b-cf85da075a73&displaylang=en
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Francis Ouellet
Sent: Wednesday, February 23, 2005
12:29 PM
To: ActiveDir@
Title: Disabling Inactive Users
Where could I get my hands on SPA?
Thanks,
Francis
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
KirkpatrickSent: 23 février 2005 15:18To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Anyone use
Server Performance Analyzer?
I'
Title: Disabling Inactive Users
I've used ADTEST/ADPERF some and the trace APIs a lot, but
I haven't used SPA much at all. It looks like it does a nice job of summarizing
statistics and identifying key resource users, but I haven't explored it
much.
Is there interest in a session at DEC on
I would say that if you are going to
deploy this type of package on a global basis, without using GPOs. Have you
thought about using a logon script? It is not as easy as using GPOs or SMS,
but it may get the job done.
Just a thought?
From:
[EMAIL PROTECTED] [mailto:[EMAIL
Yes, but you have to pick and choose each machine
manually.
Z.V.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mohammed
TantawiSent: Wednesday, February 23, 2005 2:30 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] GPO Software
Deployment
Dear All,
This
Return Receipt
Your RE: [ActiveDir] GPO Software Deployment
document
:
Dear All,
This is Mohammed
Tantawi, from Egypt
, its now here 10:27 PM, 23/02/2005.
I have this situation , I am not using GPO
at all, the main thing Symantec is having a way to deploy it to the network
without GP, at all.
All what you have to do is :-
Choose install serv
Title: Disabling Inactive Users
When I was still in IT I used SPA (and its
predecessor ADPERF) all the time to troubleshoot performance issues. Personally
it’s my favorite AD operations tool (beating out LDP).
You can definitely get performance data
for specific LDAP queries (filter, s
Title: Disabling Inactive Users
Gil-
Heard of it, looked at it--it basically puts a nice face on
the event tracing data provided in Win2K and Server 2003. In the past I've found
that data to be voluminous and not altogether useful, esp. around AD, but I
think SPA does a decent job of rolling
Title: Disabling Inactive Users
Sorry, never used it nor in fact never seen it though.
I heard of it when reporting a STATS bug I found when working on the STATS
functionality of adfind.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
KirkpatrickSent: Wednesda
Hello Dan,
Only one piece of advise for you: Make sure you patch the
.msi with the latest .msp provided by Symantec (I think it's 9.00.1400) For some
odd reason you can't update the clients through a GPO using the provided .msp
once the client have had the SAV .msi package installed.
Go
Title: Disabling Inactive Users
Maybe I should rephrase the question then. Has anyone
_heard_ of Server Performance Analyzer?
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
KirkpatrickSent: Tuesday, February 22, 2005 3:20 PMTo:
ActiveDir@mail.activedir.orgSubject:
Title: Disabling Inactive Users
Actually, it was on a Pluto Platter I had back in the
Days Before the Earth Cooled.
-gil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gilbert, Daniel
L Mr ANOSC/FCBSSent: Tuesday, February 22, 2005 3:24 PMTo:
ActiveDir@mail.activedir.orgS
Title: Message
I
realize this is completely off-topic, but it might save you some unnecessary
headaches. If you have PCAnyWhere 11.5 installed on any of your 2003
servers, do not roll out SAV 9.0. There is a known issue
between 2003, PCAnyWhere 11.5, and SAV 9.0 that results in blue screen
I believe 9.0.0.338 is the first version
of SAV that supports GPO deployment. I haven’t seen a transform
creator per se, but the Symantec
System Center
allows you to configure most options. These settings are stored in
GRC.dat on \\ParentServer\VPHOME\CLT-INST\WIN32
along with the MSI ne
Title: Message
To
your 2nd question; yes ... I modified the resulting attribute quite some time
back, IIRC once replicated the DCs began whining ... try it yourself if you can
as my tests were conducted against Whistler betas. I'd be interested to
see if there any behavior changes (but not
Thanks, Rick. Looks like it's time for WUS in the test environment. (BTW:
can you believe they named it a wus server? Who vetted that?)
-- nme
_
From: Rick Kingslan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 22, 2005 4:54 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [Active
I modified the cache.dns file on my DNS server with AD int zone. I am looking
in the Root Hints section of the DNS server and am not noticing any
modifications I have made. Am I missing something?
Thanks in advance.
Rob
List info : http://www.activedir.org/List.aspx
List FAQ: http://www
Title: Message
Thanks
- I should have re-read the rendom literature first :)
I guess the response to the original poster is then 'a. The DNM signs
and
seals the data which it posts in msDS-UpdateScript. 2. DCs will only ever respond
to data which is similarly signed and sealed by the DNM, wh
We are running w2k3 on a couple of 3000s (a 3000 and a 6000 actually).
It seems to work OK, but as you know, it isn't supported by either HP or
Microsoft.
Horsepower-wise, you'll be fine. But - do you *really* want your DCs
running on an unsupported configuration?
A new DL360 G4 or DL380 G4 with
Title: Message
LOL, I
was waiting for that question :)
In
terms of the signature's construct and/or the keys/digests used to construct it,
no I'm afraid not, I've never bothered looking (a finite number of options exist
although getting at those keys requires some effort).
The
followi
Is this going to be a short-lived condition in that eventually you will have
removed all clients using static addresses? If so, I would suggest dealing
with it on a case by case basis by simply removing the static entry from DNS
at the point the client is configured to use DHCP.
If it's not flee
Title: Message
Do
you
have any detail on the nature of that "signature", Dean?
neil
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Dean WellsSent: 23 February 2005
15:26To: Send - AD mailing listSubject: RE:
[ActiveDir]
Thoughts abou
Title: Thoughts about misusing the "msDS-UpdateScript" attribute by an AD-aware virus
If
memory serves the attribute content is signed by the DNM when populated, if you
can circumvent that (or mimic its signature) I'm fairly certain you could do
equally as much harm in many other ways.
--Dean
I should provide a little more information. All of my DHCP servers
are in the DNSUpdateProxy group that you are referring to. The zone
is an AD intergrated zone and only allows secure updates. The DHCP
servers are also configure to update DNS instead of the client. All
workstations are Windows
Dan-
The way you normally modify the behavior of an MSI
installation in GP is through a transform. Most packaging tools let you create
transforms from an existing package or you can use ORCA from the Installer SDK,
though that is a manual process that requires you to edit the actual MSI table
I would like to deploy a package (SAV 9.0) using GPO and use
some of the switches with the msi package. However, I cannot figure out how to do
this. Is it even possible or do I have to create a new package with all of the
options embedded?
_
Daniel DeStefano
I have two HP LH3000 servers, one is the PDC and the other a BDC. HP
does not support an upgrade to W2K3 but I've read where it is possible
to upgrade these servers from W2K to W2K3. The current domain is in
native mode, no NT4 servers but I do have a mix of Win2k3 and Win2k
computers. The LH300
One of the things mentioned in this thread was that lastlogon doesn't get
updated in all cases even if the user-ojbect is used for authentication.
I'm very interested in knowing under what circumstances this can occur and
why lastlogon wouldn't update when a user authenticates. From some off-li
joe wrote:
What do you mean you can't query on lastLogonTimeStamp in oldcmp?
wow! totally missed that switch. again, AFAIK oldcmp *will* give you
the llts *and* you can query directly on that.
If you use the -llts option (I'll let you guess what that stands for) it
uses lastLogonTimeStamp for t
Title: Disabling Inactive Users
James,
I would like to just expand a little on
what Gil said about Javelina’s product. http://www.Javelinasoftware.com AD
Toolkit is the Hyena of reporting / bulk AD Administration tools. It is extremely
useful and has the ability to schedule the execut
Title: Dns resolve issue (forward request)
Dear all,
Some time ago we have migrated our network to win2k but the old nt4 domain is still in use. The DNS servers of the win2k domain are configured to forward request (for nt4 domain (namespace)) to the nt4 dns servers. When we create an entry
I will be out of the office starting 02/23/2005 and will not return until
02/24/2005.
If you need immediate assistance please contact the Help Desk at
513-762-6578. I will respond to your message when I return.
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.
Title: Thoughts about misusing the "msDS-UpdateScript" attribute by an AD-aware virus
Hi,
A while ago I installed some DCs and domains in a virtual environment and I performed a domain rename.. Just to see how it works and what goes (or could go) right or wrong. This was fun to see... in an
53 matches
Mail list logo
