In a windows network enviroment, what could be causing all the PC's
clocks to be shifted 10 minutes for example? which clock do they
follow? firewall? GC? DC?
Even if fixed manually the clock shifts later.
Thanks,
List info : http://www.activedir.org/List.aspx
List FAQ:
Thanks everybody for your input!
Regards,
Mylo
joe wrote:
As Rick said, it is tight security or ease of use. These things tend to be
mutually exclusive. Good security is rarely easy. You are balancing between
locked down and useability. But yes, in answer to your original question, it
is not
Hi Rubix
Computers within an AD domain will synchronise their time with a nearby DC.
DCs within a domain sync time with the DC holding the PDCE role. Within a
forest, PDCE role holders sync with the forest root PDCE holder. The forest
root PDCE holder should be configured to sync with an
Hi
When I try to connect to terminal services and it says limit reached
(2), how can I disconnect one of the sessions which I know that
administrator didn't log off he just only closed the window and kept
the session opened.
Thanks
List info : http://www.activedir.org/List.aspx
List FAQ:
Hi,
Sorry for the OT, I have a HP server with an MSA enclosure attached which is complete with 14 x72gb disks. The enclosureuses4 x 72gbdisksin a RAID5 set which are used to store backups. I need to upgrade these 4 disks withnew 300gb disks. The disks are not used for any other purpose besides
Thank you Tony,
PDCE is ?
Where do you configure the PDCE time synchornization option?
On 8/23/05, Tony Murray [EMAIL PROTECTED] wrote:
Hi Rubix
Computers within an AD domain will synchronise their time with a nearby DC.
DCs within a domain sync time with the DC holding the PDCE role.
rubix cube wrote:
Hi
When I try to connect to terminal services and it says limit reached
(2), how can I disconnect one of the sessions which I know that
administrator didn't log off he just only closed the window and kept
the session opened.
You can use logoff.exe or reset session command to
PDCE = PDC Emulator (one of the flexible single master roles)
Here's the KB article that describes how to set the synchronisation with
either an internal clock or an external source.
http://support.microsoft.com/kb/216734/EN-US/
Tony
-Original Message-
From: [EMAIL PROTECTED]
Deat All,
My Name is Sameer Karawan, i have Windows server 2003 Standard Edition and
we have internal Domain installed with Active Directory.
I did not make any Group Policy at all, and all of my users have working
under the domain and without make thing on the group Plociy.
My Manager
RC,
From the TS or through remote session
Start - Settings - Control Panel - Administrative Tools - Terminal Services
Manager
This Computer - Right Mouse Click RDP Session - Choose Disconnect
James
From: [EMAIL PROTECTED] on behalf of rubix cube
Sent: Tue
Sameer,
Not knowing your domain setup this is pretty hard to answer. Have you tried
just making users member of the Users group on the local workstation. Should
you be looking at a group policy setting you can find one under Computer
Configuration - Administrative Templates - Disable Windows
Hi james,
Thanks For your reply.
I have only one internal Domain with this name ( SPOTMARKET.COM), and this
domain have a One Domain Controller 2003 and No any other Domain Controller
or No any other member servers except 2 Member server , one for File server
onther one for ISA Server.
what
Title: [ActiveDir] Terminal Services
You can also do it through the command line if you like. I
describe how here:
http://blogs.brnets.com/michael/archive/2004/12/17/266.aspx
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Blair,
JamesSent: Tuesday, August 23, 2005 5:40
If I am reading this thread correctly, just disconnecting a user is not enough
(unless you want to connect back as that same user). Disconnecting will not
free up one of your allowed 2 administrative TS connections. You must log off
the connection to free up the slot. And, yes, Terminal
Ok little confused here.. I was under the impression that As far as WMI
filtering for OS that 2000 would ignore this and still run the GPO. Even
though you had it filter to only apply on XP.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hunter,
I believe that since they are backups, you have some flexibility. For one
thing, you can move the data around and store it on just one disk if you wanted
to ([EMAIL PROTECTED] ~216GB vs. one 300GB disk) and then after the upgrade,
move it back. I'm sure there are other variations.
It would
Hopefully it's just an index that's taken one for the team.
Take the advice and ensure that the hardware is solid before declaring things
well enough to be restored etc. This was the type of error in the Exchange
world that would bug you till the end. It was associated with everything from
Hi Tony:
Try to use the NT version of group naming
ie. ForestB\Group
I have done this with users (also used the
UPN for users and it works too)
HTH,
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Monday, August 22, 2005 8:38
PM
Scripts and joeware (www.joeware.net) would also come to mind. Especially for
bulk user creation.
Scripts would be my preferred for bulk user as it provides a lot of flexibility
without the burden of ldif syntax (although, you can write a script to create
the ldif files making it almost
Good
morning,
Can anybody explain
the purpose of the site folder server in an Exchange 2003 native mode
organization. The reason I am asking is becauseI recently ran the Exchange
Best Practices Analyzer and the only critical issue it found was the Admin Group
Site Folder Server deleted. My
We're using ActiveRoles, too, and I like it a lot. The problem with a proxied
account these days is that auditors want to know who did what and being able to
pin it down to some service account acting as account operator doesn't quite
cut it.
Al Maurer
Service Manager, Naming and
Return Receipt
Your [ActiveDir] OT-Exchange 2003 Site Folder Server
document:
Exchange supports the concept of a native mode organization
as well as native mode admin groups. Its non-intuitive, but you can have a
native mode organization without all your admin groups being native
mode.If Irecollect properly, the only native mode admin groups are
those created in ESM
Anytime a proxied account is being used, whatever automated system is using
it in the background absolutely needs to be logging everything it does. It
really is the better way to get logging because native logging in AD of
people making changes with native rights is not optimal and if you enable
Site Folder Considerations
The first Exchange server that is installed into an administrative group
contains the administrative group's site folders. The site folders maintain
copies of the offline address list and the free and busy data for that
administrative group. The site folders also
Hey all,
I'm having issues with my DHCP scope on a Windows 2003 Standard server.
I'm trying to push out a domain suffix search order however that option
doesn't seem to be available on my server and I can't make it show up.
I'm working with a freshly installed copy of Windows 2003 that I fully
Sorry,
I forgot to change the subject.
Charlie
-Original Message-
From: Carerros, Charles [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 23, 2005 9:33 AM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] Bulk users
Hey all,
I'm having issues with my DHCP scope on a
Hello,
I'm running windows 2000 ad sp4 and I use SUS to deploy my patches. I have
enabled the No Auto-Restart for scheduled automatic updates installation,
however it seems to only give admins to their local machine the option to delay
the reboot. Is this a function by design or am I doing
During the Exchange 5.5 to Exchange 2003 migration, all
public folders and system folders were moved to the first Exchange 2003 server
and then removed from the Exchange 5.5 server using pfmigrate. Public folders
and system folders were then replicated to other Exchange 2003 servers. The
A couple of notes:
VS 2005 will not install on an X64 version of windows. If you use a
server with an AMD CPU, install 32 bit windows.
Do not install server 2003 SP1 on the virtuals (the host is ok). It will
slow your virtuals into what seems like 66MHz 486 machines.
-Original
Two good points - VS2005 SP1 (R2) will relieve both these issues. The
beta version is very stable and I actually know some running it in
production.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Tuesday, August 23, 2005 8:04 AM
Return Receipt
Your RE: [ActiveDir] OT-Exchange 2003 Site Folder Server
document:
Hmm... Are you trying to set options other than your AD domain name?
What made you choose 135 as the option number?
Last I had checked (and it's been a short while) you couldn't set the suffix
search order with DHCP. I don't have one handy to see it to see if it's
changed recently,
Hmm.. It's possible that the clients are using one of those replicas then.
It's also possible that some clients take longer than they should to get/update
their data.
I may have misread the first time to read the folder itself. In your case, it
sounds like the attribute didn't update and I
I have the procedure to update the DN of the
siteFolderServer, but I am not familiar with sending "a meeting request for the
AG to accept to cause it to update." Could you please point me to the
specific KB you are referring to.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Title: [ActiveDir] DHCP Issue
When I
go to the DHCP MMC on all but two of my W2K3 DHCP servers and select "Configure
Options" on the scope or server options. Under the General tab I have an
Available Options Of 135 "Domain suffix search order".
I'm
trying to get this option configured on a
http://support.microsoft.com/default.aspx?scid=kb;en-us;284200
The idea is to get the clients to update their information in a controlled
manner vs. allowing it to happen over time.
Al
From: [EMAIL PROTECTED] on behalf of Rittenhouse, Cindy (Police)
Sent:
You are correct.
The best you can do is setting the filter to apply only to W2K, which only XP
will process and therefore ignore. The W2K machines won't see the filter, but
it'll be ok since they're the ones you want to run it anyways.
Of course, this would imply creating an 'inverse' GPO of
Return Receipt
Your RE: [ActiveDir] OT-Exchange 2003 Site Folder Server
document:
If all your clients are XP, you use GPO to set multiple suffixes.
If you have pre-XP clients in the mix, you use a script to stuff multiple
suffixes in there. I thought I had a sample script for this on my site, but
it's not there right now. When I'm less busy, I'll whip something up and post
Title: long-running query
Hopefully someone can assist. I vaguely recall seeing somewhere that a DC can be set to write an event when it detects a long-running query? Does anyone have information on doing this?
Title: long-running query
Answered my own question. J http://support.microsoft.com/kb/314980
Thanks all.
:m:dsm:cci:mvp
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Oh, Marcus (CCI-Atlanta)
Sent: Tuesday, August 23, 2005
2:03 PM
To:
For when you have non-XP clients, you can put the following code into a
machine startup script and apply the policy at the appropriate level.
On Error Resume Next
strComputer = .
Set objWMIService = GetObject(winmgmts:\\ strComputer \root\cimv2)
Set objNetworkSettings =
Can shawdown copy be undo once it has been run?
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
That is Shadow Copy
Za Vue wrote:
Can shawdown copy be undo once it has been run?
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info :
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Server
Help/1e8b6cc0-a434-47d8-84f3-5ee8806a8711.mspx
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the
Hi
-
I must be missing
something very basic. Why is it that when I run one of the following queries, I
only get seven of the 11 objects that show up inthe Domain Admins when
using the dsa.msc?
adfind -b
dc=company,dc=com -f "objectclass=group" memberdsquery group -name "Domain
Admins" |
Has anybody had issues with using the File Replication
Service associated with DFS? We have tried to replicate certain DFS directories
and our users ran into issues when two people would try to open / update files
in these directories at the same time. Any advice?
Thanks in advance,
It would appear that 4 of your DAs have domain admins as
their primary group. Primary group membership is maintained differently due to
the issues with large linked value attributes in Windows 2000. Instead of the
membership being recorded with the group, the group's RID is stuffed in the
Title: Re: [ActiveDir] DHCP Issue
I've never gotten that DHCP option tag to work.I'd recommend using Group Policy (which does work) or else creating CNAMEs for the foreign servers. It's OK for CNAMEs to point to another DNS domain.RM -Original Message- From: Carerros, Charles
Thanks. That explains it. (With some poking around, I
discovered the correlation but not the reason.) How would I construct a query to
capture both the Group and Primary Group membership? Is there a way (besides
clicking) to simply set the Primary for all users back to Domain Users? Is this
I don't remember seeing these come across the list, but then again I
have a hard time keeping up with all the list mail... I just came
across these two articles while looking for something else and thought
they were a great pointer to common issues when upgrading Exchange and
Active Directory:
That's my understanding as well Al. When we first looked into doing
this (because DHCP does seem like the logical place to do this) I
think we discovered that we could set that option using 3rd party DHCP
servers as they had that feature active and working, but we never got
it working with Windows
Unfortunately no this isn't corrected in 2003 but I have
made a request for it to be changed. I expect it won't be changed because it
would impact anyone who figured out how to get the membership properly before.
Basically something dumb that has to go on staying dumb because of legacy
We just upgraded our 2k3 DC's to SP1 this last weekend after several months
of testing and re-testing. Shortly afterwards I noticed that the time
service was stopped with error ID 7023 46 (see below). I went through the
steps listed in kb892501 but to no avail. This issue did not appear in any
Title: Message
Last I
checked, Group Policy won't set this either.
FWIW,
I usually suggest using a DNS structure that allows your clients to find all
hosts. Suffix search order is an expensive way to get name resolution for
non-primary domains and if it's short name, I'm thinking a cname
Well you need to stash the data somewhere while you change out the disks.
Having your DAS unit being tapped out just makes this a more time consuming
process. If you have some sort of enterprise backup solution (e.g. netbackup)
you could just do a one time job and grab the entirety of the
see http://support.microsoft.com/?kbid=892501SD=tech
Mike Thommes
From: [EMAIL PROTECTED] on behalf of David Aragon
Sent: Tue 8/23/2005 6:40 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Win2k3 SP1 vs. W32Time
We just upgraded our 2k3 DC's to SP1
*cough* That's the KB he referenced. :)
David, did you try both workarounds or just one of them? Did you try
rebooting after making the changes? Can you described the exact things you
did?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
RESEND:
Unfortunately no this isn't corrected in 2003 but I have
made a request for it to be changed. I expect it won't be changed because it
would impact anyone who figured out how to get the membership properly before.
Basically something dumb that has to go on staying dumb because of
Al,
GPO will indeed set it, but only XP clients can leverage it through GPO. The
script option is for pre-XP clients only. Trust me - I work for the
government (wellnot really. but trust me anyway ;))
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
David,
Yes, I tried them both, step by step, exactly as the KB described the first
on DC1, the second on DC2, and both on DC3. Each time with no joy). There
was nothing about rebooting in the article, but I did restart Net Logon
Service after each workaround was attempted. I won't be able to
Who's had time to upgrade to something as new as XP? ;)
Trust you? Hmm
Thanks for the correction. I suppose I'm sometimes too focused on solutions
that will work cross platform that I forget that the new stuff can be
different.
Can't wait for the next rev and a whole new support
63 matches
Mail list logo