... Or check the Schema version - version 30 should be shown if w2k3 forestprep
has been executed successfully.
neil
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: 09 July 2005 21:04
To: ActiveDir@mail.activedir.org
Subject: RE: [Ac
Thanks Darren & Matty,
I'm going to try your suggestions out and I'll let you know how it turns out.
Darren
I just picked up the resource kit. Your group policy book is great.
Excellent work!!
Thanks
Mike
On 7/10/05, Darren Mar-Elia <[EMAIL PROTECTED]> wrote:
> That's part of it. That do
Title: RE: [ActiveDir] Keep existing attributes from users restored.
realize that this search-flag can't be applied to all
attributes (e.g. linked attributes such as member/memberOf) => as such you
will always require a combination of actions to successfully recover users to a
previous state.
works fine - done it many times - that's what sysprep is
for (no matter what the future role of machine is supposed to be - even a
DC)
even works nice with sysprepped VMware images
;-)
/Guido
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex
FontanaSent: Samstag, 9.
wait until you have to handle many virtual servers - even DCs...
/Guido
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf
Sent: Samstag, 9. Juli 2005 09:55
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Sysprep Win2k3 Servers...maybe
Title: RE: [ActiveDir] Keep existing attributes from users restored.
> BTW, Win2003 SP1 has updated some
search flags, so as to add the SIDhistory and Password attributes to the
tombstone (I believe this
> is only valid for new installation
of AD).
Actually, not quite. For sidHistory,
Chuck - what exactly are you trying to achieve/monitor?
AD itself doesn't provide a real event-driven model for notification of
changes to objects, but for single object monitoring you can get quite
far with WMI event queries (which in the background read the instance of
an object and then conti
Grillenmeier, Guido wrote:
Chuck - what exactly are you trying to achieve/monitor?
I need to monitor for creation, deletion, renaming and moving of user
objects, group objects and for objects based on 2 or 3 other
application-specific object classes in AD. Additionally, I need to monitor
f
I'm moving to exchange 2k3 and i'm starting off with a fresh new server
We use HP proliant DL's here.
My questions are -
I want to use raid 0+1 or raid 10(deoending on price) for the trans logs.
I want to keep the exchange binaries and db seperate from the logs on a raid 5.
To do this, do i need
We are adding an employeeID in batch, connect to a specific DC to make
the change. Then when I try to search in ADUC pointing to the same DC,
doing an advanced search and the presence of the attribute. The changes
seem to take a long time to show up in ADUC. The attribute is not in the
GC if that
We use a DL380 with 6 drives for our E2K3 server. One RAID 1 set for
OS/Logs, one 3-drive RAID 5 set for the DBs, and a hot spare available
to both arrays.
Given our E2K3 org size (single server, DB of around 17gb, under 200
mailboxes, low PF usage), this setup works fine.
We only use one controll
Thanks.
My old exchange 2k box was a active/passive cluster. It had 2 storage groups,
together ~80gig.
The new server will not be a cluster and the old one will be reitred after the
mailbox move.
I was wondering if i could attach the MSA 1000 box to the new server and use
that for more drives.
WMI can be used for the monitoring but the capabilities are quite limited
with the current WMI provider implementation.
Despite this, it could be useful is some very specific pin-point monitoring
cases.
However, in your case, you definitively need something else.
NETPRO solution seems to me the be
What's your reason for using RAID 0+1 or RAID 10 for the transaction
logs? RAID 1 should be more than adequate in terms of redundancy and
performance.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Monday, July 11, 2005 9:50 AM
To: Active
Should work, AFAIK. That's the setup we use on our current backup
system... Test, of course.. :-)
I seem to remember running into issues with older 380s (G1) and some
RAID cards being incompatible, but testing will verify your
configuration... Should only be an issue if you're buying an additional
Alain Lissoir wrote:
WMI can be used for the monitoring but the capabilities are quite limited
with the current WMI provider implementation.
Despite this, it could be useful is some very specific pin-point monitoring
cases.
However, in your case, you definitively need something else.
NETPRO sol
well, in Exchange server 2003 24/7, he recommends putting the trans logs on a
sperate raid1+0 if you can.
So i thought i'd place the binaries on raid 5, trans logs on raid 1+0, and the
db on raid 1+0 or 5 depending on disks i have.
I figure i'll use the msa 1000 which has about 10 drives in it ri
Hi
all,
I would like to
setup a branch office theat connects to our domain via a vpn so that the branch
office can resolve our internal ad intrergrated domain and use thier local
isp dns for external instead of looking to the HQ dns servers and have
them resolve the external name (which t
Hi Tom,
I hope you do mind if I throw in my two cents. I strongly agree with Charlie.
HP Proliant controllers are rock solid, I really like the 5304 controllers and
the newer replacement 6404. In answer to your question, yes you can have
multiple raid arrays off the same controller, and in fac
I'm installing exchange 2k3 on a win2k3 sp1 member server in a native mode
exchange 2k org.
Forest prep was already run months ago for an exchange 2k3 install in the root
domain.
I've run domain prep in the exchange domain i'm about to install exchange2k3.
i've checked the exdeploy.log and all l
thanks!!
I agree with you on HP's controllers. I've been only working with them for 5
years, but i've never had a failure.
we use smart array 5i/6i controllers.
Medeiros, Jose wrote:
> Hi Tom,
>
> I hope you do mind if I throw in my two cents. I strongly agree with
> Charlie. HP Proliant con
Assuming you have windows 2003 dns you can use conditional forwarding
I suppose you could configure forwarding for certain internal domains to the HQ
DNS servers if needed and for all other DNS domains forward to the local ISPs
Cheers,
#JORGE#
From: [EMAIL PROT
A
client is using DSQUERY is to dump a list of the Domain Admins group every 15
minutes or so. They’re finding that it ‘misses’ some members—they’ll
be there in one query, gone the next, then reappear. Has anyone seen this
behavior with this command?
dsquery group -name "%GRP%" | dsg
Actually had a 5i crap out Friday afternoon. First time here.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Monday, July 11, 2005 2:00 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir
Could it be that one of your DCs is out of sync with the rest?
Would this happen if you used the '-s' option to explicitly connect to the same
server each time? (not that *that* would solve a DC out of sync, but at
least you'd understand why)
-DaveC
Reuters IS&T Service
Delivery
From:
Is this a single domain forest?? If not Does the Domain Admins Group contain
users from other domains in the forest. I;m wondering if it might be a
cross-domain name resolution issue? MAybe intermittent?
From: [EMAIL PROTECTED] on behalf of Dan Holme
Sent: Mon 2
I am looking for a suite of either scripts
or tools that have pretty good documentation and will allow our administration
staff to be able to make mass changes to user/group objects.
Does anyone have any recommendations
?
Thank You ! And have a nice day !
***
Admod.
www.joeware.net
Make sure to check out the other Joeware tools...
**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
You have two Domains. There is a two way non-transitive trust between
those domains. The workstations are in one domain and user accounts in
another domain. There is a policy in the domain with the users that is
linked to an OU the users are in. Part of that policy is a login
script.
When the
Hmmm...every 15minutes or so
Are you sure it's DSGET that's reporting things incorrectly
or could it be that this is the true state?
Al
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan
HolmeSent: Monday, July 11, 2005 3:15 PMTo:
ActiveDir@mail.activedir.orgSubjec
does anyone have an issue where win2k3 servers running remote desktop don't
show up in Terminal Services Manager on a remote win2k/2k3 or win xp box?
thanks
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive
Have you already seen these?
DHCP
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/3040afd1-e82b-4ded-8fcd-aa8fe021fcc1.mspx
DNS
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/949f3a45-84e2-487f-80d7-bce184b28a06.mspx
For th
actually the server doesn't show up in the object picker either.
when i want to make the server a member of a group and try to look for the
server by typing in the name, it can't be found.
i assume the object picker is connecting to a gc.
when i run aduc, i can see the server in the computers cont
Ok last time i reply to my own email( i promise).
i also get an event id 5790 on my dc/gc as follows-
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5790
Date: 7/11/2005
Time: 1:29:02 PM
User: N/A
Computer: SUALB-USR1
Descri
yep!
are you asking because of: http://support.microsoft.com/?kbid=823862
Cheers
#JORGE#
From: [EMAIL PROTECTED] on behalf of Cothern Jeff D. Team EITC
Sent: Mon 7/11/2005 10:08 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] GPO question
You have
Title: RE: [ActiveDir] Keep existing attributes from users restored.
thanks for the useful information, Eric. You've only
mentioned sidHistory - does the same apply for the password?
/Gudo
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric
FleischmanSent: Montag, 11. Jul
Hi Tom
Have you looked in the Exchange setup log to see if there was any additional
information?
You can normally find the log in the root of where you performed the setup,
e.g.
C:\Exchange Server Setup Progress.log
You should see some lines similar to the following.
[18:04:16] Checking to see
Title: RE: [ActiveDir] Keep existing attributes from users restored.
No.
--Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
GuidoSent: Monday, July 11, 2005 5:05 PMTo:
ActiveDir@ma
If you look at my other email post(the terminal services issue one), I think
that elaborates my issue more.
I'm talking about the same server in both.
The exchange(not yet) server can't be found in Term Services Man or the object
picker and I get that 5790 eventid.
Thanks and sorry for cross post
Thanks that helps greatly.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Monday, July 11, 2005 4:51 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO question
yep!
are you a
Title: RE: [ActiveDir] Keep existing attributes from users restored.
Having been in this code before, I never
noticed this applying to passwords. I don’t believe we keep them on
tombstones today.
Can you confirm that we do in fact keep
them on tombstones as of SP1? If so I’ll take a peak a
it's a global group, which can't have accounts from other
domains as a member. I very much doubt you have an issue with DSQUERY -
more likely some DC that's out of sync => which DC is DSQUERY connecting to?
Are you getting different results from different DCs or the same
one?
I'd say it's
That is normal behaviour.
The group is the forward link (authority)
and the user being a member of group is a back link.
Thank You ! And have a nice day !
**
Mark Lunsford
KAISER PERMANENTE
Security Operations
Remedy Group: NOPS SECURI
Hi All:
Currently, we have nine w2k domain controllers (remote sites, corp,
etc). We want to upgrade them all to 2k3. I have been googling but
haven't find the right q-article or step by step that will help me
accomplish this. We want to one replace of the servers with new
hardware but the oth
Sorry if this has been covered in the past. I checked the archives and really
couldn't find anything related. We are in a discussion about what permissions
are really required for users' home directories. I contend that users' home
directories should be private. The "backup operators" group
Jennifer-
Following a forestprep and domainprep of your environment 2003 DCs will
coexist peacefully with 2000. There are some Exchange 2000 issues you must
be aware of though:
Before you convert to 2003 native mode, the RUS must be running on Exchange
2003
You must import the inetorgpersonfix.ld
Here is a very good resource.
How to upgrade Windows 2000 domain controllers to Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;325379
Very generally, after you run 2003's ADPrep /forestprep and /domainprep (to
extend the schema and prepare the Domain for 2003 DC's) y
Ok, i'm going thru this one more time because its driving me nuts-
i win2k3 sp1 server was made a domain member by an admin.
I then was called to install exchange 2k3 on it.. i term serviced to the server
and ran domainprep(forestprep was run ages ago) and i got a "exchange2k3 is not
compatibile
Just a couple of things to add to what Brian has said.
- When all your DCs within a domain are at 2003 the domain won't
automatically be at 2003 domain functional level. You need to flip the
switch using the Domains and Trusts snap-in.
- When all your domains are at 2003 domain functional level y
Just a few additional things to clarify. The only time a Global Catalog
full Sync occurs is when attributes are added to the Partial Attribute
Set(PAS). The Windows Server 2003 schema changes do not make any
additions to the PAS as part of the upgrade. Instead the attributes we
would have added
Tom,
Can you enable netlogon debug logging on both the W2k3SP1 machine and the GC
logging the errors. I would recommend setting a dbflag entry of 0x2080.
On the W2k3SP1 machine after setting the flag can you restart the netlogon
service so I can see the startup parameters on the GC a res
51 matches
Mail list logo
