Title: Storing dates in AD
What that google doesn’t tell you is
that NT got it because Dave Cutler used it in his other operating system, VMS. It
probably has it’s origins even before VMS though I’d have to check
to be sure. We ex-Digits (a.k.a. DECcies oddly enough) have been using 64 bit
Title: Storing dates in AD
That’s just the thing. There
are way too many string choices. You have general string, teletex,
printable, IA5 and Unicode. I basically don’t have any idea when it
would be more appropriate to use the ones besides Unicode. Unicode is by
far the most prevalent
Title: Compelling arguments?
Just the service records. I don't care about the A
records, our process for getting those statically created is pretty
painless. It's the ACLs for dynamic updates that cause us
pain.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger
Seiels
Title: Compelling arguments?
What are you trying to delegate - PTR creation or the A
record creation?
Roger SeielstadE-mail Geek & MS-MVP
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Isenhour,
JosephSent: Wednesday, March 30, 2005 7:49 PMTo:
Act
Title: Compelling arguments?
This is a bit off the topic of the thread, but since we are
talking about using BIND DNS with AD I'll go ahead and ask. Has anyone
figured out a good way of delegating the update DNS right to your DCs? At
my company the DNS admins are on a completely different t
Title: Compelling arguments?
True,
I've had the same experience with SQL and Kerberos.
On the bright side the issues forced all of our server admins to understand
Kerberos and engage my team to make sure that it's working
properly.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Be
> The latter could be optimized when a client asks
> for the global list of all DCs for the domain (=
> all DCs that have registered the domain specific
> resource records) the list is ordered, compared
> to the clients site, from the lowest
I am not sure I like that idea, it mucks with how D
Title: Compelling arguments?
SQL Server has all sorts of dorked up issues with SPNs, you
have to always check them anyway. Someone was on crack that worked out that
functionality for SQL Server, I have had my share of arguments with PSS over
that. Instead of trying to do things through the co
Title: Storing dates in AD
I am not sure it is limited to SAM, I think it may be when
it is likely they will be doing comparisons and modifying by a delta or finding
a delta. I could be wrong though.
What kind of conversation on strings are you looking for?
Generally use case insensitive u
Always good advice. You can read some details and the registry keys about
it here (for 2000 in this case):
http://www.microsoft.com/technet/archive/windows2000serv/technologies/active
directory/deploy/adguide/adplan/adpch02.mspx
I would have to say to the original poster's question that the likel
A common thing to do in a 'hub and spoke' network is to configure the
DCs in 'spoke' sites to NOT register domain-wide SRV records. That way,
if the DC in a spoke site goes down, the client will discover
domain-wide SRV records for only DCs in the hub site. This prevents the
client from authentic
Title: Storing dates in AD
My observation is that MS uses integer8
when they are representing OS data that is manipulated as FILETIME in normal
Windows routines. I’m guessing that the SAM functions use FILETIME
internally, so it was natural to store them natively in AD this way for
compati
Title: Storing dates in AD
I really appreciate all of the opinions on this. I've
been playing around with these different types in my sandbox. I've used
VBS, C#, VB.NET, and pretty much all of the languages that we hack programmers
use :)
The generalized date type worked really well. From
Title: Compelling arguments?
Not only is being able to register it important, but also
that DNS resolves to the correct SPN. Let's say you have a SQL server that
is a member of the us.widget.net domain; however, in DNS it is registered as
sql1.sea.widget.net. If you look in AD it's likely t
Actually, found it. There’s an
actual accountExpires perm that I must’ve blown by.
Thanks anyways.
From: Olegario, Alan
Sent: Wednesday, March 30, 2005
11:37 AM
To: ActiveDir@mail.activedir.org
Subject: Delegating ability to
read/write account expiration
Is it possib
I would argue that WINS is required when setting up some applications. SMS
and Exchange come to mind.
Using the child WINS servers is more than enough for what you're talking
about. I wouldn't take them away completely, but rather just use the
existing. I do that now and don't usually recommend
Is it possible? I tried giving the Read/Write
expirationTime perms, but that doesn’t appear to be working.
Thanks.
The information contained in this email message may be privileged,
confidential, and protected from disclosure. Any unauthorized use, printing,
copying, disclosure, d
Just a note - you can find the where the
object was deleted from in 2k or 2k3 by looking at the metadata via repadmin
/showmeta on the deleted object. You can pass it the objectGuid had via
looking at the deleted object. If you had auditing cranked up for AD then you
should be able to hit
Title: Message
Your assumptions are correct… thanks
to all who posted. I am going to try and stop the WINS service and see if
that breaks anything. Otherwise I can just point it back to the child
WINS server.
Joe
Pelle
Senior Infrastructure Architect
Information Technology
Valas
Title: Message
Joe,
Your initial posting stated that your root
domain is empty. I assume that there are no applications or users in the domain
beside the admin users, i.e. service administrators. I also assume that you’re
using W2K or later to administer this domain. If this is the case
Title: Message
WINS
like DNS, is domain agnostic.
You
may host a DNS zone abc.com (corresponding to AD domain abc.com) on
a
UNIX server, which exists in some Kerberos realm, perhaps. Similarly, WINS may
be hosted on a Windows NT server which is not part of any Windows
domain.
In
answer
I see no reason why WINS would be needed in an empty root domain. If
you did decide to use WINS in this domain, I see no problem with using
the WINS from a child domain.
In our environment, we have three separate AD forests and only one set
of WINS servers.
Dennis
On Wed, 30 Mar 2005 08:09:24
Hi,
Our production environment has no WINS and works fine.
On Wed, 30 Mar 2005 13:56:21 + GMT, Mark Parris
<[EMAIL PROTECTED]> wrote:
> But why? Say there are no applications in the root domain. It's just DC's
> -Original Message-
> From: [EMAIL PROTECTED]
> Date: Wed, 30 Mar 2005 08
They make perfect sense, Joe.
Cheers,
-ajm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, March 30, 2005 12:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Compelling arguments?
Ah not really for hire. Well unle
But why? Say there are no applications in the root domain. It's just DC's
-Original Message-
From: [EMAIL PROTECTED]
Date: Wed, 30 Mar 2005 08:27:35
To:ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] WINS topic
You should consider having at least one WINS server in the empty root do
I see no particular reason that WINS should care what domain it's in. WINS
job is to do name resolution similar to the function of DNS. Neither really
cares where it lives as long as it lives.
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pelle
You should consider having at least one WINS server in the empty root
domain. You will need WINS for NetBIOS name resolution that is still
required by many applications.
Chuck Gafford
Architect 2
Unisys
Imagine It. Done.
Is an empty root with one domain under it still considered a
multi-domain forest? What is the reasoning for the BHS being a GC?
On Tue, 29 Mar 2005 11:48:37 -0500, Myrick, Todd (NIH/CC/DNA)
<[EMAIL PROTECTED]> wrote:
> One more point to add and I will consider the matter closed. The BHS should
I know there has been some debate in this group recently
about WINS in AD but I wanted to get your feedback regarding an empty root
domain:
Do you need a WINS server in an empty root domain? If
so, would pointing WINS back to the child domain WINS server be a bad
idea? Other than AD t
thanks, I was missing (it's on the first panel of the query editing).
Shawn
>>> "Mulnick, Al" <[EMAIL PROTECTED]> 03/29/05 04:12PM >>>
The filter I used was
(&(objectClass=User)(objectCategory=Person)) and I set the filter to the OU
I wanted (it's on the first panel of the query editing). The
This happens when those user accounts are member of some protected groups.
Permissions on and inheritance of permissions of protected groups are
controlled by the AdminSDHolder object under the SYSTEM container. Every
hour a process on the PDC Emulator checks the permissions settings of all
protect
Hi!
I have a problem regarding security on user objects, I have an OU call users
and under this I have several other OU's which contains user objects.
In 2 (Out of 15) of these child ou's I have some problems with the user
objects, the problem is that for some reason the user object don't inherit
"Quite honestly, you really shouldn't need to run AV software on DCs, there
shouldn't be vectors for them to be infected. If they get infected, it usually
means an Admin was careless - actually in every case of an infected DC I have
investigated it has been an admin being careless."
I disagree. Al
Yes you can configure different
proxy servers for different users through GPOs
Two ways:
(1) Put users that need the same
proxy into the same OU. Create for each different proxy a new OU. Create for
each different proxy config a new GPO with the proxy config and link that GPO
accordingly t
34 matches
Mail list logo
