Title: Exchange and disabling accounts
Hello;
Endeed, i use admodify for 1 year because it's a great tool
that feet all my needs without having much knowledge in dev. like me
:)
AD 2003 has this option of bulk modify objects attributes but it's a bit
limitated.
Alex: joe stated that
Thanks for the script Dan.
I am still having problems. The script correctly changes
cn=user-Display but does not appear in the context menu. At first I
thought the problem might be because of cn=409 (USA) and I am in
Spain. So I changed the script to reflect this cn=C0A but no joy. What
am I missi
Title: Exchange and disabling accounts
Tim, Joe,
Alex,
Thanks for the info you guys
provided!
Cheers
#JORGE#
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: dinsdag 7 juni 2005 22:39To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange and
disabling
Works perfectly now!
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Yeah, I have asked this question a lot through the years.
Generally the answer I have heard back is that MS wants to make sure there is a
market for third party tools, etc. I generally hear that and go ok,
whatever. On the positive side there is generally some API exposed to allow
you to do
How much time do you have till they need to be
purged?
Any benefit of lowering the mailbox retention time for the
duration of the removal process (or permanently if that fits?) Maybe lower
it to a day or two and let the system take care of this. You may want to
increase the online main
Title: Exchange and disabling accounts
Hi,
I just did what I posted with
ADMODCMD (from the latest version of ADModify) and it worked like a
charm!!!
These tools (ADFIND, ADMOD,
ADModify) kick ass!
Thanx,
Jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex
F
thanks.
> Hi Fred...
>
> Try User Configuration/Administrative Templates/Windows
> Components/Internet Explorer/Toolbars/Configure toolbar buttons.
>
> You can choose what you wish to show there...I believe
>
> John
>
>
>
>
>
>
> "Freddie Coleman
> III"
> <
I chatted with Brian offline on this. One of the solutions
we discussed that I think he is moving towards was to set up a mailbox DB
and before deleting the users, move them all to this one DB. Then delete the
users and afterward, the DB.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
That'd do it as well as long as replication is accounted
for :)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Wednesday, June 08, 2005 10:14 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Purging
Mailboxes Programatically
I chatted with Brian offline
Hi Everyone:
Win 2k3 in 2000 Mixed mode AD. My DNS
server is throwing this error:
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 7055
Date: 6/7/2005
Time: 6:23:05
PM
User: N/A
Computer:
Return Receipt
Your [ActiveDir] DNS Error?
document
:
Guys
Can someone please repost the HPWorld link from yesterday.
Regards
Mark
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Hi:
We use a group policy to redirect My Documents to a
network share. Is it possible to prevent the redirection of subfolders from My
Documents such as My Music, My Videos, My Virtual Machines, My
Pain in the Ass? If so, how?
Thanks.
-- nme
I remembered seeing this tip on annoyances.org. Maybe it
would help?
http://www.annoyances.org/exec/show/article05-100
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Noah Eiger
Sent: Wednesday, June 08, 2005
11:04 AM
To: ActiveDir@mail.activedir.org
Running these commands on a child domain controller:
nltest /sc_query:anl.gov /server:rhino221
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
nltest /sc_query:anl.gov /server:tiger201
Flags: 30 HAS_IP HAS_TIMESERV
Trusted DC Name \\rhino221.anl.gov
Trusted DC Connection Statu
This one?
http://www.hpworld.com/conference/hpworld2005/hpw05_program_13.jsp
On 6/8/05, Mark Parris <[EMAIL PROTECTED]> wrote:
> Guys
>
> Can someone please repost the HPWorld link from yesterday.
>
> Regards
>
> Mark
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.
Title: Exchange and disabling accounts
Well, from my understanding you have a
choice of either giving SELF the associate external account permission or changing
it via ldif import to: AQEAAAUK
I currently run a script I wrote to find
these accounts and change the attribute every
Thanks
-Original Message-
From: Phil Renouf <[EMAIL PROTECTED]>
Date: Wed, 8 Jun 2005 11:36:07
To:ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Link from yesterday
This one?
http://www.hpworld.com/conference/hpworld2005/hpw05_program_13.jsp
On 6/8/05, Mark Parris <[EMAIL PROTE
I have several laptops that are encrypted per the new campus security
standards in my shop that are being used as desktop computers. I am
now trying to bring them into our AD domain. When joining the
domain all seems fine, reboot, then notice that the domain list does not
include Berkeley.edu (
Is your child site delegation setup properly? Are all the entries for
DCs in your child site correct?
:m:dsm:cci:mvp
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Wednesday, June 08, 2005 11:27 AM
To: ActiveDir@mail.activedir.
In the Schema documentation on MSDN, it looks like
whenCreated and createTimeStamp are used for the same thing, but whenCreated is
in the Global Catalog. If I want to report on the date each account was created
in the entire forest, am I safe to use the whenCreated attribute so I can use
th
As far as I know, yes. This child domain had been working OK as of
about a week ago. Some replication issues on one of the child DCs
showed up. That DC was DCpromo'd out. Some time went by and then it
was dcpromo'd in again. The current issue appears to be ldap
connectivity between the child d
If you follow Microsoft's recommendation (see http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/user01.mspx#EHAA), but you grant modify rights with "take ownership" (not full control) folder redirection is happy to create the directories, and user's can't easil
I have
been researching the implication of modifying object CNs for users and groups in
order to provide a) a more consistent cn format for objects in our directory, b)
remove "special" characters such as /, #, and : that make dealing with objects
via scripting difficult.
Courtesy of the A
We
migrated all our users from an NT4 domain to our AD domain. Anyone who was
in "Domain Admins" on our NT4 domain got migrated into "Domain Admins" on our AD
domain. We took them out of Domain Admins on our AD domain, but their
accounts are inheriting the permissions like a normal user
i
Not sure if this is common knowledge but in a session on NAP at TechED they
just stated that there will be Longhorn Server beta's available as of next
month (July).
I assume AD will be part of the base beta.
Regards
Mark
List info : http://www.activedir.org/List.aspx
List FAQ: http://w
You can script this using a tool like dsmod if you can come up with a
list of the CNsthat you want to change to. There are other scripting
options too, and if you want to change the CN to something like
Lastname, Firstname you could even use ADModify.
Phil
On 6/8/05, Frost, David: #CIO-BPI <[EMAI
It ssounds like it's the adminSDHolder behavior that's
getting you. Are the users members of any of the other protected groups? It
varies across versions, IIRC 2003 added more groups. The articles below should
help point in the right direction.
http://support.microsoft.com/default.aspx?scid
Are you sure all the old metadata was removed from AD for that particular DC
(rhino...)?
What does DCDIAG say?
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 6/8/2005 8:27 PM
Subject: RE: [ActiveDir] nltest, adfind errors
As far as I know, yes.
Hi,
Is there any software through which i can read the information such as usb and floppy drivers as disabled in the system bios.
Regards,
K.SENTHIL KUMAR
Discover Yahoo!
Have fun online with music videos, cool games, IM & more. Check it out!
Thanks, Mark. I, too, would believe that AD will be in the initial betas,
but that all remains to be seen.
Glad to see that things are moving along with the next iteration.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Wednesday
When you
say ‘Disk Encryption”, are you referring to EFS (Encrypted file
system)?
If so –
which disk is encrypted, and is your account a recovery agent? Finally,
which OS?
Honestly –
I don’t know of anything that would prevent a system configured with the
basic information that you pro
Does
anyone know where a good list or group is that could answer a question i got in
regards to Office 2003?
Jeff
As Phil states, this can be done. However, some of these characters are in
there for good reason (such as the '/' as an escape character for the ',')
and I would seriously suggest setting up a complete test environment to test
out your proposed changes before you run a script against your producti
Ping me a mail, if I can't answer it I am at Teched and there should be enough
geek power here to generate the gigawatts needed to power up the flux capacitor.
Mark
-Original Message-
From: "Cothern Jeff D. Team EITC" <[EMAIL PROTECTED]>
Date: Wed, 8 Jun 2005 16:56:40
To:
Subject: [Activ
The preferred method would be to use the movehere method. There are
some gotchas when dealing with different languages. As for the gotchas
of changing this, the biggest that jumps out occurs if you're using apps
that rely on RDN or CN. Otherwise, it's a breeze.
http://msdn.microsoft.com/library
Kumar,
you may be able to do this with WMI and a bit of scripting
If you are looking to resctict access to USB devicesn we use Secure Waves, thus
enabling keyboards and mice but disabling drives and flash keys.
Mark
-Original Message-
From: Senthil Kumar <[EMAIL PROTECTED]>
Date: Wed, 8
Good points, I should have mentioned that as it is always an important
thing to test scripts before running them in production. Thanks Rick
:)
Phil
On 6/8/05, Rick Kingslan <[EMAIL PROTECTED]> wrote:
> As Phil states, this can be done. However, some of these characters are in
> there for good re
The MS Newsgroups are usually pretty helpful for a lot of information.
Phil
On 6/8/05, Mark Parris <[EMAIL PROTECTED]> wrote:
> Ping me a mail, if I can't answer it I am at Teched and there should be
> enough geek power here to generate the gigawatts needed to power up the flux
> capacitor.
>
I know of off the shelf solutions that
do peeks and pokes to report the BIOS information but no idea how to intergrate
them through scripting but WMI is definitely your best approach. Is there
something in more particular you are looking for like port 1900 (USB broadcast)?
That might help mak
I'm using a product call safguardeasy. Encrypting the entire hard
drive. You must enter a username and password just after POST just
to get the OS to load. The OS on the laptop is W2K the domain is
2003. I am joining an OU in the campus domain (campus.berkeley.edu)
which includes the campus,
Also keep in mind that if you were ever a
member of one of these ‘protected groups’ that your inheritance
will not be “turned on” again, nor will the admincount attribute be
reset to 0….so you can change those back when you know the user isn’t
a member of one of the ‘protected groups’ (chan
I’m setting the mail store retention to 0 days tonight, when I get
in tomorrow morning I’ll sit in ESM and kick off the cleanup agent.
Simple solution, will take me ten minutes to do.
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From:
[EMAIL PROTECTED
MS Newsgroups – tons of Office MVPs and my experience with them is
that they generally know more than you’ll ever want to know about the
various apps in the suite.
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From:
[EMAIL PROTECTED] [mailto:[EMAIL PR
Hi senthil,
Give me a call. I think we have some more topics to discuss.
--
Ravi Dogra
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
--- Begin Message ---
OK looks like ya'll are on the right track. I found the script in the KB
article to reset all the admincounts to 0, but that sounds scary. Can't I
selectively set admincounts to 0 on a user-by-user basis somehow? Or is it
safe to reset all users' admincounts to 0? I see
Well…I guess you can reset it for
all of them and count on the AdminSDHolder thread to reset them to 1 in about
an hour or so…other than that, the logic needed in a script to
differentiate between users who are / are not currently in one of the ‘protected
groups’ would be astounding. You s
Can I just use ADSIEDIT and go to individual users and set the admincount to 0?
Will that stick? If that works, I could write a winbatch that will prompt for
a username, and set their admincount to 0 automatically.
From: Robert Williams (RRE) [mailto:[EMAIL P
In fact, yes it will, Russ.
Looking back at the thread, I don't see any discussion about HOW these users
came to have the admincount attribute set to 1. Do you have a root cause?
The reason that I ask is because I've dealt with this before when someone
(who I never caught) added a group to a Pro
Oh Certainly...that would work quite well.
Joe, how much should he charge for that ;-)
Robert Williams, MCSE NT4/2K/2K3, Security+
Infrastructure Rapid Response Engineer
Northeast Region
Microsoft Corporation
Global Solutions Support Center
-Original Message-
From: Rimmerman, Russ [mail
Hi All,
I have a question? Can i have an ghost image for my server and if in a
situation of server crash i can rebuild it using ghost image.
But this all is to be done remotely, so i dont have any physical
access to the server. Can i have another server configured as dhcp so
that i can run this i
The type of server is going to be of great importance. If you are planning
to do this with a Domain Controller - just don't. It's not worth the
trouble, and is technically not a sound practice.
If you are talking about a member server, are you thinking of imaging just
the base build and then app
Title: RE: [ActiveDir] Alternate install Directory for W2K3 load
A simple solution to this problem is to install to \windows and then create a junction point from \winnt to \windows for the legacy apps.
Kim
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
54 matches
Mail list logo