Title: EntDrv52 service failed
Hi,
Check:
http://forums.mcafeehelp.com/viewtopic.php?p=212450
http://forums.winforums.org/showthread.php?t=9223&page=2
for more
info
Regards,
Jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tashildar,
Dinesh (Cognizant)Sent: Tuesday, Ma
Title: EntDrv52 service failed
Hi
I am getting an error in my system event log one every 4 minutes. It states that "The EntDrv52 service failed to start due to the following error: The system cannot find the file specified." Does anyone know what this service is? This started after upgradin
See the following if it
applies:
http://support.microsoft.com/Default.aspx?kbid=842382
Jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sharif
NaserSent: Tuesday, March 01, 2005 08:22To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] lsass.exe hogs my
domain controll
Yeah, enable auditing on each DC
through the DDC-GPO and then suck-out the security log of each DCs. One of the
free tools to do this is EventComb from MS
Regards,
Jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Saleem, Mohamed
YunusSent: Tuesday, March 01, 2005 05:25T
Hello experts,
Lsass.exe hogs my domain controllers cpu (99%), what could be the reason for this, how do I
get rid off this problem.
Machine was started twice but the problem still persists.
By the way, machines has advanced windows 2000 with sp4.
Regards,
DISCLAIMER:This el
Hi All
Is there a way that I can know which users
have logon to which DC.
On individual client pc if I type set command
I will know the logon server. But this is huge burden. If there a command in AD
that can tell me which users have logon to which DC…this will help me to
isolate us
A couple of different ways
adfind -bit -b dc=domain,dc=com -f
"&(objectcategory=person)(objectclass=user)(!(useraccountcontrol:AND:=2))"
adfind -bit -b dc=domain,dc=com -f
"&(objectcategory=person)(samaccountname=*)(!(useraccountcontrol:AND:=2))"
adfind -bit -b dc=domain,dc=com -f
"&(sa
Lol
Dang! Always forget about the objectcategory
attrib….
Thanks guys!
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sakari Kouti
Sent: Monday, February 28, 2005
3:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Querying
for all users
Hi Alex,
The following filter might be right for
you:
(&(objectcategory=person)(userAccountControl:1.2.840.113556.1.4.803:=512))
Yours, Sakari
PS.
This gives the same result as Jorge's filter, that he just sent, but mine look
cooler :-)
From: [EMAIL PROTECTED]
[mailto:[E
Hi,
The following should return all user accounts (DNs only)
ADFIND -dn -b dc=joehome,dc=net -f
"&(objectcategory=person)(samaccountname=*)"
Cheers
Jorge
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 2/28/2005 11:48 PM
Subject: [ActiveDir] Querying f
Is there any attribute that is unique to real user accounts
only (mail enabled and non-mail enabled)? We tried teaming up objectclass=user
and givenname=*, but of course not all users have to have a given name. Then
tried teaming up the objectclass with useraccountcontrol=5*, then we foun
Title: RE: [ActiveDir] GPO List
Hi,
See http://www.microsoft.com/downloads/details.aspx?FamilyID=7821c32f-da15-438d-8e48-45915cd2bc14&displaylang=en (Group Policy Settings Reference for .adm files and Security Settings included with Windows XP Professional Service Pack 2)
This includes all
Hi -
Can anyone point me to a comprehensive list of the GPO options on a standard
2003 install? I have an Excel sheet that I downloaded from MS some years
ago, but it is for 2000 only.
This actually leads to another question: how do admins track their policies
and links? I have been using this
One more thing I noticed here is that it is using
the cert which was installed long while ago. But after that, the CA was
installed/uninstalled several times, and new certificates were issued. but still
it is using the same cert?
- Original Message -
From:
Mayuresh Kshirsagar
Well - great, Lee. Have a safe Holiday and we’ll be happy to hear from you when
you return.
:oP
-rtk
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee Jessup
Sent: Monday, February 28, 2005
9:33 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir]
Hi Dave,
This will be my fourth DEC and everyone has
been worth it. I think I have learned more at this conference than any other I
have attended. It is very focused, intimate and full of some incredibly
interesting people who are out there doing it.
The content ranges in complexity
I also see that The certificate that I see from
right clicking the CA is as attached. But when I check using a utility from my
machine, I see the following information:
Subject name: CN=kaling.meta.testIssuer name :
C=IN, L=Pune, O=PSPL, OU=support, CN=meta-testValid from (dd/mm/):
25/
I generated this certificate from the CA and it
says, it doesn't have enough information to verify this
certificate!
I generated a new certificate from
"Personal->certificate" from Certificate snap-in. Then copied this
certificate onto my machine and installed it here under the "Trusted Ro
You as an MVP have a mechanism to submit this request. :o)
Something bug
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd
(NIH/CC/DNA)
Sent: Monday, February 28, 2005 11:55 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Cha
This is the error number I am able to
see.
session=3741BE8 cannot negotiate SSL security error
8048
can you speculate what this means?
- Original Message -
From:
Steve
Patrick
To: ActiveDir@mail.activedir.org
Sent: Monday, February 28, 2005 9:03
PM
Sub
Thanks for the input from all.
Sorry to not be clear - I meant unlock workstations. Thanks, Joe, for pointing
out that I meant local admins group on the workstation. I was hoping that I
could be a bit more granular in assigning this right - i.e. just the right to
unlock the workstation instea
Thanks Joe,
I think my main point was to make sure there wasn't a way to specify it
without modifying MSgina.dll on all workstations and servers.
With MS Identity Management push in Longhorn, maybe we can sway them to
allow for more customized account management operations / jobs.
Todd
Sorry, ignore my last post completely - I read that as unlock user right,
not the unlock workstation.
I think Joe is correct - I believe only admins on the machine can unlock
computers.
Regards;
James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
Hi Tim
We have some users who were delegated the right to do this. The delegation
wizard will not do it but you can change the security settings on the OU or
domain to allow specific groups / users the right without making them part
of any elevated group.
1.On the Object tab, find Apply onto
Yep, the good fix would be able to specify exactly the text of the message.
This has been one of the banes against deploying custom password filters for
years and years and has forced people into building or buying custom
packages that send people to special web sites prior to the system expiring
t
Actually, I did find a KB that pointed to a hotfix that addresses the issue
slightly.
http://support.microsoft.com/?kbid=821425
Todd
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: Monday, February 28, 2005 11:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Nope.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd
(NIH/CC/DNA)
Sent: Monday, February 28, 2005 11:03 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Change the Password Error Message
Is it possible to change the error message y
Is it possible to change the error message you get when you set a password
to something that isn't compliant to the password policy. A couple of
people on my team think it is a registry setting in NT 4.
Thanks,
Todd Myrick
List info : http://www.activedir.org/List.aspx
List FAQ: http://w
Ok, thanks.
I will check this immediately :)
Mikael
On Mon, 28 Feb 2005 10:25:50 -0500, Mulnick, Al <[EMAIL PROTECTED]> wrote:
> I would expect the error to occur in the part of the code that makes the
> search request. src = dsDirSearcher.FindAll()
>
> The referral may be occurring because of
If you installed the CA on the PDC then did you
install it as an Enterprise CA?
If this is a production environment you should
really understand the PKI needs for your company currently,
and any future plans.
In a nutshell you need a Domain Controller
cert or Server Auth cert on the DC with
I will be out of the office starting 02/28/2005 and will not return until 03/04/2005.
I will respond to your message when I return.
I would expect the error to occur in the part of the code that makes the
search request. src = dsDirSearcher.FindAll()
The referral may be occurring because of a multi-domain environment. You're
making a call to the directory looking for objects that exist in one domain
while the string you are
I think I misunderstood the
question. I though he was talking about managing computer accounts.
Todd
From: joe [mailto:[EMAIL PROTECTED]
Sent: Monday, February 28, 2005
9:42 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Unlock
Workstation User Right
Well, this is the problem... I don´t really know.
This module is a part of a bigger application, and the error occurs on
one of the customers networks. I assume there exists several forests
since it´s a big company (world-wide). Unfortunately, I can´t run any
test with e.g. LDP since they do not al
Hopefully JoeK will swing by shortly to say his piece on the NET call.
For the queries below, unless you want them scoped at a specific domain
anyway, consider querying a GC since all of those attribs are in the GC.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECT
If you mean unlock the console of a machine locked by a
user, I think you have to be an administrator on that machine. It doesn't take
any domain level permissions except being an authenticatable user unless the
machine someone wants to unlock is a DC, at which point they have to be an admin
Santhosh,
If you would like to download our SimpleSync product from
www.CPS-Systems.com you can use it in a
'test' mode for two weeks. Should take less than an hour to implement a
2-way synchronization.
If you would like to discuss please give me a
call.
Thanks,
Jerry
Jerry Welch
CPS Sys
Title: Message
In
order to connect to this new PKI CA, you will need to ensure that clients have
certs installed from the root of this new CA (and optionally intermediate
levels) so that a correct CA path can be established.
When
you created the new Windows CA, you would have generated a
Account Operators Local Group I think.
Must us ADU&C, you might have to grant permissions to the group if inheritance
is blocked on some OU’s.
Todd Myrick
From: Tim Foster [mailto:[EMAIL PROTECTED]
Sent: Monday, February 28, 2005
9:08 AM
To: ActiveDir@mail.activedir.org
Su
Can you include the code snippet where this occurs?
Have you tried using an alternate tool (LDP or Joe's ADFIND) to validate
that you don't get the same results from those tools?
??Is this a single domain forest that you're testing in?
Al
-Original Message-
From: [EMAIL PROTECTED]
[ma
I want to grant some users the right to unlock workstations
in a W2K3 domain. I have scanned through Group Policy and I can’t
seem to find the appropriate setting to do this. Is this a right that is
automatically granted to one of the Built-In groups? If so, which
one? It seems overkill
Any other times that you know of? Outlook wouldn't be a simple bind (I hope
not anyway!!).
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, February 25, 2005 11:34 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Disablin
Any query throws the referral exception.
Like
"(& (mailnickname=*) (|
(&(objectCategory=person)(objectClass=contact)) ))" which is from the
"All Contacts" address list.
or
"(& (mailnickname=*) (|
(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCate
Title: OT: VERY STRANGE ISSUE - Windows 95 and Long File Names
Hi Guido,
See inline
answers
We are not going to put more
time in this as we are not able to find the problem. Last week we had a user
where it first did not work and a day later it did work (nothing changed as
I know of). Fo
It is my understanding that you can
download the free MIIS Identity Integration Feature Pack for this purpose.
http://www.microsoft.com/downloads/details.aspx?FamilyID=d9143610-c04d-41c4-b7ea-6f56819769d5&DisplayLang=en
http://www.microsoft.com/windowsserversystem/miis2003/techinfo/pla
Slow down. This isn't the instant email AD support hotline.
You sent the message when most of the people are offline that tend to
respond to things. If you see it goes a couple of days without a response,
then it is probably good to ping the list asking if anyone has seen
it.
In the meanwh
You might look at the AD toolkit from www.javelinasoftware.com if you
want to manually do it.
Quest / Aelita have a tool called
collaboration services that syncs GAL’s. http://wm.quest.com/products/collaborationservicesexchange/
Todd Myrick
MVP Directory Services
From:
Yes, it requires you writing a script to export mailbox
enabled users from both forests, then create mail-enabled contacts in the other
forest. This could get involved if you have naming collisions. It could
take 2 weeks just to work the script out so it doesn't cause more issues than it
hel
1. Cool
2. Your search should use objectcategory, not objectclass.
3a. Ok
3b. What exactly is the query? The rest of the stuff building up to it isn't
throwing the referral, the query you neglect to show is.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
Good morning,
I have 2 AD 2003 forest with Ex2003. We need to export all the users from one
forest and import ito the second Forest as contacts. Unfortunately, IIFP is not an option
because we are going to merge both forests in 2 weeks. During this 2 weeks
period, we need to sync both GAL
any views?
- Original Message -
From:
Mayuresh Kshirsagar
To: Siddharth Sawkar
Cc: activeDir@mail.activedir.org
Sent: Monday, February 28, 2005 2:06
PM
Subject: Re: [ActiveDir] Problem using
Certificates to connect to AD machine
Hi,
I tried to g
I think you might want to investigate using a VPN to connect your DC to the
other DC's.
http://infosecuritymag.techtarget.com/2003/mar/surgeongeneral.shtml
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/ac
tivedirectory/deploy/depovg/advpnddd.mspx
Couple words of cau
I´m working on an application for listing contacts and address lists
in active directory. But I get an error everytime I execute a query.
I´m using the DirectoryServices namespace in .NET (which encapsulates
the Active Directory Service Interfaces) to communicate with Active
Directory
1. I bind t
Hi,
I tried to generate a certificate using the w2k CA,
but smehow, I am not able to correctly generate one. The s/w (CP MDS server) is
not able to connect to the server using this certificate.
The name of the PDC is "kaling" in the domain
"meta.test". But this machine is accessible from
Title: OT: VERY STRANGE ISSUE - Windows 95 and Long File Names
Hello Jorge and Paul,
...but it happens on all Win95 clients
?
well, first of all, it may be wise to get rid of Win95, but
I'm sure you've been through all of that ("no time and budget to do so right
now", "it worked before, s
Hi,
I have installed a CA on my PDC. and now I want to
connect to this PDC from a different machine to change the "unicodePwd"
attribute. I created a certificate and exported it and installed it on the
connecting machine, but dont seem to be able to connect.
Can you tell me how do I issue
just to clarify the "machine" part for Dennis: this means that some
process is either running as "Local System" or "NT
AUTHORITY\NetworkService" - this would typically be some service
installed on the machine. It is then able to leverage the
machine-account's credentials from AD to connect to resou
57 matches
Mail list logo