Title: RE: [ActiveDir] File copy with security intact
Great !, thanks for the cmd file.
To all: thanks for the tips !
Best regards,
Yandi
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blair, James
Sent: Wednesday, June 22, 2005
6:47 AM
To: ActiveDir@mail.a
Event Type: Warning
Event Source: NTDS General
Event Category: Internal Processing
Event ID: 1173
Date: 6/21/2005
Time: 10:08:47 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: TheServer
Description:
Inter
On 6/20/05, Tony Murray <[EMAIL PROTECTED]> wrote:
> No. In that case it looks like the two DCs might have conflicting
> information about how the FSMO roles are distributed.
Not sure how that happened.
> What happens when you run the command against both servers? For example,
>
> netdom quer
What I've read regarding R2 is that it's a code rewrite of FRS. Might
be worth trying... it was far too inflexible and incapable of handling
large amounts of data all the way up to Windows 2000 SP4. I gave up on
it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Just a caveat on this KB article. It becomes problematic if you have to make
periodic changes to the local GP as you have to go through this lengthy process
described in the KB each time. The article assumes that the local GP is not
changing and relies on the fact that GPs that aren't changed do
Has anyone had any experience using the Microsoft File Server Migration Toolkit?
http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfsc.mspx
Jose
-
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Medeiros, J
I don't want to seem a like I knocking Robocopy, however from my experience
Robocopy also does the same thing. It will stop when a file is locked or in
use. It does not copy at the block level like rsync. It is a very useful tool
but beware of it's limitations.( Although the version I used was f
Robocopy is my FRS engine for Dfs. :)
:m:dsm:cci:mvp
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Webster
Sent: Tuesday, June 21, 2005 4:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir][OT] File copy with security intact
> -Origina
There is a way to set a policy settin seperately for the users.
see
kb293655
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan
DeStefanoSent: Tuesday, June 21, 2005 8:12 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Lock down server not
in a domain usin
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Jorge de Almeida Pinto
> Subject: RE: [ActiveDir][OT] File copy with security intact
>
> My experience with XCOPY is that with large amounts of data
> it suddendly quits.
Jorge,
Try XXCopy. Work
The user accounts can be migrated without the actual user connecting to the
LAN, no matter what migration tool you use. However to migrate the client
computers and re-acl the client computer the computers must be connected to
the LAN. I'm sure of that if you use ADMT. I'm not aware if there exists
Title: ADMT and Error 7422
As
long as the VPN connection is at the router level and isn't a desktop VPN then
you will be alright.
I just
finished migrating most my of Division with eight different locations being VPN
locations. The only problem I ran into was with our remote users who u
Title: ADMT and Error 7422
I'd
appreciate a quick heads up on this. I have a Windows 2003 native Mode domain
with 150 odd remote users. These users are connected to the domain via client
VPN over Broadband.
Will
it be possible to migrate these users and computers to a new domain using ADM
That path below is not completely correct. The path should be:
User Configuration/Administrative Templates/Windows Components/Internet
Explore/Browser menus/"File menu:
Disable closing the browser and Explorer windows"
Totally freaky, but it points out that even those of us who spend our days
Title: ADMT and Error 7422
I've finally checked my notes on this and my initial
thought was correct (but the online description of movetree's
syntax doesn't make it very clear): you can move a user-object directly
(i.e. you don't have to first move it to a different OU)
also, I've just chec
Title: ADMT and Error 7422
Frustrating … the destination RDN
conflict appears to be a collision error with the OU’s I created for the
MOVETREE. I created them on the RIDMaster’s so I wouldn’t have to
await replication. So I created a newer source OU and moved the account in to
it. I also fo
Title: ADMT and Error 7422
Now I feel I am very close after making
the RIDMasters the source and target DC’s. I get one more error but I
cannot figure it out and the KB isn’t yielding anything. Any ideas
anyone?
ReturnCode: 0x210a The replication
operation failed due to a
collision of o
Title: ADMT and Error 7422
I tried the temp OU
method and got this error:
ReturnCode: 0x2012
The requested operation could not be performed because the directory service is
not the master for that type of operation.
And upon some
research found you have to run this from and to the R
Title: ADMT and Error 7422
Absolutely I only
want to move user accounts. I didn’t research MOVETREE to see that it
only moved an OU, so that was my bad. I do like your idea though and I will
give that a go!
Thanks!
Chris Haaker
ITS Infrastructure
x7841
Fro
Title: ADMT and Error 7422
hmm - I thought it wasn't an issue to pass a user account
to be moved, but after checking again, it looks like movetree will only work
with OUs.
as your ou=cincinnati
obviously contains objects that can't be moved successfully (e.g. global
groups) and that you di
Title: ADMT and Error 7422
So I have removed the umlaut. Still no
dice. I tried movetree and the funny thing is I get a ton of these:
ERROR: 0x2132 Cross-domain move of
account groups is not allowed.
MoveTree object CN=ManufacturingX,OU=Cincinnati,DC=kbc,DC=kaobrands,DC=net
failed the
Title: ADMT and Error 7422
movetree /start /s
kbc-dc4.kbc.kaobrands.net /d kbc-ukdc3.kbe.kaobrands.net /sdn
ou=cincinnati,dc=kbc,dc=kaobrands,dc=net /ddn ou=germany,dc=kbe,dc-kaobrands,dc=net
/u kbc\nbauerle /p 666nb666 /verbose
Chris Haaker
ITS Infrastructure
x7841
that's what I call a surprise ;-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Freddie Coleman
III
Sent: Dienstag, 21. Juni 2005 16:03
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO configuration
Took me a while, but here it is:
User C
1. 2003 Standard
2. Templates are available. The only one failing is the issue to the
DC
3.
Administrator: Administrator
CA: Root Certification Authority
CEPEncryption: CEP Encryption
ClientAuth: Authenticated Session
CodeSigning: Code Signing
CTLSigning: Trust List Signing
DomainController:
Title: ADMT and Error 7422
can you post the exact movetree command syntax you
used?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Haaker,
ChrisSent: Dienstag, 21. Juni 2005 19:14To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] ADMT and Error
7422
So I have remov
A few questions:
1. The Enterprise CA is running on 2003 Sp1 - is this 2003 Standard or
Enterprise editions OS?
2. When you open the MMC for cert templates - do you see the templates
available?
3. If you run this cmd: "certutil -template" what is the output?
4. If you run "certutil -config \ -
My mistake - it was csccmd.exe
steve
- Original Message -
From: "Steve Patrick" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, June 21, 2005 8:09 AM
Subject: Re: [ActiveDir] OT: Missing Offline Files
> Be careful here as you have possible data loss - I suggest contacting PSS
as
> there is som
Hi Hans,
Thanks for the link. This version is in German?
Will it run correctly on a server using English for the operating system ?
Jose
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Hans Halbmayr
Sent: Tuesday, June 21, 2005 8:02 AM
To: ActiveDir@mail.a
OLDCMP from joeware
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: dinsdag 21 juni 2005 16:55
To: ActiveDir (E-mail)
Subject: [ActiveDir] inactive users
How do you query for inactive accounts in a Win2k AD?
I know you can dsquer
Actually, you can't set the "Apply Group Policy" permission on the local GPO,
since its only file system based. You can only set the permissions available
within NTFS (on %windir%\system32\grouppolicy). I think the special account
approach is probably your best bet.
BTW, not that it helps muc
Be careful here as you have possible data loss - I suggest contacting PSS as
there is some experience with this situation and you may be able to recover
the data from the CSC info you mentioned.
If I recall they were adding some switches to CSCUtil to deal with this.
my .02
steve
- Original
As is often the case, it's [joe] to the rescue. :-)
http://www.joeware.net/win/free/tools/oldcmp.htm
oldcmp - users will find/disable inactive user accounts in 2K & 2K3 AD.
- L
> -Original Message-
> From: Kern, Tom [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 21, 2005 10:55 AM
>
Hello,
yes, it's free. You can download it here:
http://www.wintotal.de/softw/index.php?rb=43&id=2339
hans
--- TIROA YANN <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Is the tool free ? If yes where can I get it ?
>
> Thank u
>
> Cheers,
>
> Yann
>
>
>
> D
How do you query for inactive accounts in a Win2k AD?
I know you can dsquery with win2k3 but is there any equivalent for win2k?
thanks
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.acti
WAOOOU !!! How such expensive tool I hope it
can also make coffe. -> sorry, i'm just joking ;-)
So go back to robocopy which done good work for backing-up ACLs,etc.. and with
an AT command, it can also replicate file among servers AND check for delta
diff
Title: Message
Where do you set permissions on a local
policy?
_
Daniel DeStefano
PC Support Specialist
IAG Research
345 Park Avenue South, 12th Floor
New York, NY 10010
T. 212.871.5262
F. 212.871.5300
www.iagr.net
Measuring Ad Effectiveness o
Title: RE: [ActiveDir] File copy with security intact
no, it is not
free
it costs
$5.50 USD
(http://copyrite.dynu.com/buy.htm)
yes the comma is correct! ;-))
see
http://copyrite.dynu.com/
Cheers
#JORGE#
From: TIROA YANN
[mailto:[EMAIL PROTECTED] Sent: dinsdag 21 juni 2005
16:18T
Hello,
Is the tool free ? If yes where can I get it ?
Thank u
Cheers,
Yann
De: [EMAIL PROTECTED] de la part de Comeau, Steven
Date: mar. 21/06/2005 16:06
Ã: ActiveDir@mail.activedir.org
Cc: [EMAIL PROTECTED]
Objet : RE: [ActiveDir] File copy with security
There is a great tool called CopyRITE XP that sits on top of Robocopy
and does it with a GUI.
Steven Comeau
Manager of Corporate IT Systems
Main Tape
1 Capital Drive, Suite 101
Cranbury, NJ 08512
1-800-526-8273 x332
-Original Message-
From: Yandi Harjadi [mailto:[EMAIL PROTECTED]
Se
Took me a while, but here it is:
User Configuration/Administrative Templates/Browser menus/"File menu:
Disable closing the browser and Explorer windows"
> You could prevent users from logging on in the first place - this will
> ensure they can't close any window. The only issue is that they ca
Hi Yandi.
NTBackup with a backup to file, and a restore to alternate location. The
default option is to keep Security Descriptors.
Regards;
James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
(202) 354-1464 (direct)
(202) 371-1549 (fax)
[EMAIL P
I would recommend to ROBOCOPY, its robust (hence the name), has a lot of
possibilities and it does its job very good!
My experience with XCOPY is that with large amounts of data it suddendly
quits.
Cheers
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Be
Title: Message
You
can set the policy permissions to allow the local administrator account to read
but not apply the policy. Or, you can do what we do and create a special
local account for policy administration and set that special account to read and
not apply the policy.
Ken Adams
Has anyone ever had FRSdiag hang indefinitely? It works
great in forcing FRS replication on all of my DC’s except for one. It
has never worked on this particular server and it always hangs while “gathering
upstream partners…”. I can’t seem to find anything on the
web regarding this. My
We have a terminal server we would like to use for clients
to access some of our data that they need and this server should be locked-down
so the clients can only do what they need. The problem is that management would
rather this server not be a member of our domain so we cannot use AD GPO
Hello,
Could any body tell me how do I remove my computer icon
& recycle bin from desktop on windows 2000 through registry key.
Regards,
DISCLAIMER:
This electronic message transmission contains information from Qatar Steel Company (QASCO)
which may be confidential or pri
I have
two domain controllers. Our primary is Windows 2003SP1 and the other is
Windows 2000SP4. All primary roles, FSMO, etc. are on the 2003 DC.
Our Enterprise CA is on our Exchange 2003SP1 server running Windows
2003SP1. My problem is that I'm now logging event ID 77 warnings from
Cer
yes.
The max message size in KB is 400, however there are session size limits to
take into account as well.
The
session size is the next field underneath the size field limits the size of the
message sent per session, and therefore needs to be greater than the largest
message size. You
Dear all,
What will be the maximum message size that can be in Default SMTP Virtual Server.
Is it possible to set 10 MB is the maximum message size that users can be sent through default SMTP Virtual server in IIS (not through Exchange server's SMTP Server).
Regards,
K.SENTHIL KUMAR
Hello,
Just to inform you that 'load balancing"
with low LdapSrvWeight and
LdapSrvPriority values meet my all needs :) That is
successfull implemented in my environnement. The LDAP requests are "equally"
distribute to all my DCs.
While monitoring with netmon, i saw that it was all my exc
50 matches
Mail list logo