no one can help me please ? :o(
Have a nice day :)
Cheers,
Yann
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de TIROA
YANNEnvoyé : vendredi 23 septembre 2005 21:32À :
ActiveDir@mail.activedir.orgObjet : [ActiveDir] Extend the UI
ofADUC on one machine
Hello,
Is there a
All,
I am looking for different ways - How to manually corrupt
1. Mailbox Store
2. Public Store
3. A single Mailbox
4. Public Folder
5. A single message in the mailbox
We have created an application for Exchange and I want to test my
application with by manually corrupting the message/mailbox/
If the PST file is a Unicode PST, then the answer is that you can't
access it with any downlevel client.
-ASB
FAST, CHEAP, SECURE: Pick Any TWO
http://www.ultratech-llc.com/KB/
On 9/26/05, rakesh jakhar <[EMAIL PROTECTED]> wrote:
>
>
> ALL,
>
>
>
> How to access outlook pst 2003 in outlook 20
Hi ALL
I tried a demo of Office 2003 that came on my new laptop and used Outlook 2003 for e-mails. My demo expired and I opted not to upgrade - I installed my licensed copy of Office 2000 Premium.
Can I import/recover the e-mails I received in Outlook 2003 for storage in Outlook 2000.
Thanks
Yes, but you still need OL2003 to do so. The easiest
would be to simply create a new PST file using the option PST 97-2002 PST
Files. Then copy from one PST to another inside OL2003. Other than
third party software, this would be the easiest way. Reminder that OL2003
extends beyond 1.8 G
Thanks Jon. This is done.
-Rakesh[EMAIL PROTECTED] wrote:
Yes, but you still need OL2003 to do so. The easiest would be to simplycreate a new PST file using the option PST 97-2002 PST Files. Then copyfrom one PST to another inside OL2003. Other than third party software,this would be the easiest
I would probably try user configuration/administrative
templates/system/code signing for device drivers:
Determines how the system responds when a user tries to install device
driver files that are not digitally signed.
This setting establishes the least secure response permitted on the syste
I have to agree, separate LDIF files are the best way to go as they are
easiest to QA and trouble shoot. Also makes it easy to script the building
of a test AD rather than having to install the App that would make the
changes which is a pain when you have a lot of schema mods to get through.
---
Title: SSL question
Hello
All,
I have a number of large sites all running
W2K DC's. I want to migrate them to W2K3 and want to do it bit by
bit. I want to deploy the first W2K3 DC to a site, and have only a handful
of users authenticate to that DC as a pilot. I want to repeat this about
Normally, I would look at the restrict anonymous configuration if experiencing
communication issues between NT 4.0 systems and >= 2000 systems. A setting of 2
seems to break legacy communication.
Thanks,
Dave Waller
Booz Allen Hamilton
-Original Message-
From: [EMAIL PROTECTED] [mailto:
There’s a sample in the platform sdk for doing this. You have to
write a little COM shell extension in C++. It’s not trivial, but, it’s
not rocket science either. Takes a lot of patience the first try.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
Fro
Title: SSL question
Hi,
You cannot tell which user
authenticates to which DC. Clients determine their authenticating DC querying DC
for a SRV RR. With SRV RRs you designate a weight factor and a priority factor.
By default the weight is set to 100 and the priority is set to
0.
SRV RRs wi
Title: SSL question
Jorge,
Thanks for the links. I have already got my schema upgrades done, but your
comments light up another possible option. What if I weighted the new DC with a
really low SRV weight such as 5. Would this mean that a very small number
of clients would authenticate agai
Title: SSL question
You can use 32 bit subnets if you want to designate half a dozen IPs or
something in that site.
That said, why not just put one DC in general deployment at a couple of
these sites and let it burn in for a bit? That’s the only way you’re
going to get an accurate pictu
Title: SSL question
IIRC you can do this with a reg hack that
forces the machine to a certain DC. Problem is the machine will not look elsewhere
if that DC is not available AFAIK.
Regards
Peter Johnson
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, B
Title: SSL question
As I know of the clients do not
choose anything. It is the DNS server that makes the choices for the client and
after that the client receives a list of servers in a certain order to
consult.
That is also a way to do it.
Setting the weight of the W2K3 DCs to 5 and letti
You cannot do this from only one machine. As you mentioned the display specifiers determines the contents of menu.
Why not restrict the employeeid to only certain users. That's what we did.
Yves
From: TIROA YANNSent: Mon 26/09/2005 3:24 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [Activ
I have a computer portion gpo at the domain level that is a little flaky.
For some pc's it applies, others take a number of reboots.
All my pc's are win2k.
The gpt has replicated to all DC's in all sites.
When i enable userenv debugging on the affected pc, this is what i get -
USERENV(a8.1e0) 08:
We are looking at making the department directors here a little more
responsible for their users. We are thinking about allowing them to
have the rights to change passwords.
Is anyone else doing this? If so how are you going about doing it?
List info : http://www.activedir.org/List.aspx
List F
Delegate the right/permission to the directors on the OU where the users
are in.
To reset user passwords you need the "Reset Password" extended right on
the user object. This is also available through the delegation of
control wizard using the common delegated task "Reset a user account's
password
I was wondering if it's possible to delegate the ability to change the
settings in the terminal services profile tab on an account. I took a
look, and nothing stood out that might work.
Thanks.
Alan Olegario
Lead Analyst, Systems Engineering
Tiffany & Co.
973-254-7253
[EMAIL PROTECTED]
The inf
To further elaborate, the setting i'm trying to apply is a custom adm file to add the dns search suffix to tcp/ip props.
all clients are win2k.
some get it, some never get it.
the really weird thing is, some clients after being reboot never get it but when you type "ipconfig /release" and then "
ok, last time i reply to my own email :)
I applied a gpo to add 3 domains to the dns suffix search order.
these 3 domains show up in the gui, when you right click a net adapter but the change is not reflected when you do an "ipconfig".
the output of "ipconfig.exe" is different than whats in the g
Jorge answered the how part. To answer the other part of your question, yes,
this is a very common scenario.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Craig Gauss
Sent: Monday, September
When MS introduced that GPO ability, someone forgot to remember where
ipconfig looks for the information it displays. Ipconfig reads the registry
for the information, but the suffix adm/gpo is not stored in the same
location, so ipconfig will never be able to report whatever you are setting
in the
Okay, i've seen that my custom gpo is applying to append a dns suffix search list but the only issue is there is a difference in output between what i see in the gui via network connections and what i see in the output of ipconfig.
In network connections, when i right click the adapter, the dns
thanks.
disregard that last email...
i guess if i find out where ipconfig reads it, i can make a adm to reflect that and push it out?
Does this also apply to the "real" policy that comes with winxp/2k3 as well?
thanks again!!
On 9/26/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
When MS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfa
ces
BTW, does this return the correct suffix for you?
wmic nicconfig get DNSDomainSuffixSearchOrder (from cmd)
I'm just curious, and not at a place where I can test. I won't be able to see
your response for a long t
my gpo sets it at HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
I created a Reg_SZ value called "SearchList" with the suffix values and that shows up when you right click the adapter under "DNS" tab.
However, windows seems to use the other key for things like ping and drive mappings,et
oh yeah,-
wmic nicconfig get DNSDomainSuffixSearchOrder (from cmd) returns the correct suffix order
On 9/26/05, Tom Kern <[EMAIL PROTECTED]> wrote:
my gpo sets it at HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
I created a Reg_SZ value called "SearchList" with the suffix values and th
Sorry for the delay in responding but the issues I keep hearing about center
around the fact that the SCManager ACL has been locked down. So anything you
have monitoring service states, etc may be impacted if they run as
non-admins or don't directly ask for the service by name.
-Original Mes
I thought that is what I said. ;o)
"You need to grant the person the ability to update the
membership list. Now if you have an older version of ADUC, you won't see that
checkbox under the managed by tab"
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Coleman,
HunterSent
Well full access rights is a bit like taking off a hang
nail with a table saw but if it works for you...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mayuresh
KshirsagarSent: Thursday, September 22, 2005 11:24 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Can
You can try delegating userParameter as that is where the info is stored,
but I believe all of the mechanisms that update it use legacy NET style
calls which require Acc Op or Admin rights.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Olegario, Alan
S
On this same subject, is there anything in Service Pack (2003) that
presents client systems from not being able to ping or join a domain? I
have installed a new domain with 3 clients. Setting up DNS/WINS, etc.
The Clients can ping each other, the router and switch, but not the new
AD server. Ser
Cool. Good to know.
In the meantime, this
http://www.akomolafe.com/LinkClick.aspx?link=change-DNS-Suffixes-thru-GPO.txt
&tabid=63&mid=431 is (IMO) as good as the adm you are doing now, and it
*should* take care of the ipconfig discrepancies. Again, I am not able to
test it right now to prove the
This is definitely doable, however you may consider using some sort of proxy
system to do it so you can answer the question who did it and when as those
questions come up.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Craig Gauss
Sent: Monday, September
When looking at group memberships, you will need to look at
the group itself, any groups nested into group (and so on), and any users with
primaryGroupID set to the value of any of those groups. Primary groups are not
represented in the normal group membership with the LDAP interfaces. An
al
I just noticed our
domain-wide operations masters levels all changed. We've had the same
pdc/rid/infrastructure master for years, and suddenly, it's on a different
domain controller. Is there any way this could have changed
automatically? Or did a domain admin have to physically make this
I think Windows Firewall is on by default on new 2003 SP1 installations.
Check the properties of the NIC and see if it is.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pennell, Ronald B.
Se
Two companies sharing the same physical LAN, IP configuration, Windows
2000 servers, two seperate forests, and one DHCP server. In the the
not so distant future they will seperate. In the meantime, is there a
way to point the XP pro clients from CompanyB to a new DHCP server on
the same physical
1. Is the name being resolved?
2. If so is the server actively refusing the connections or is it not
responding at all. You need a network trace for this one, look for returned
packets with RST in them.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pe
> 2) If "Closest GC" registry key set, call UseDsGetDcName()
Yep, fall back to whatever the OS says...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Saturday, September 24, 2005 11:14 AM
To: ActiveDir@mail.activedir.or
Yeah we need a good search mechanism for this list, this
was discussed nearly to death last year or the year before when that
functionality change was introduced.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge deSent: Monday, September 26, 2005 2:25
From my experience it should work fine. It doesn't have to
know if the right hand side is a domain or host IP, it simply needs to try and
look it up in DNS. I believe it will try an MX lookup and failing that, fall
back to a host record lookup.
A simple test would be to enable SMTP on some
thanks alot!!
quick ques-
if i machine already has a static entry in the suffix search order, will this script wipe out that entry or append to it?
same question for the GPO verison- will it add or wipe out?
thanks again
On 9/26/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Cool. Good to
Where can I fine more info on creating LDAP filters? I’m
trying to have Exchange 2003 Address List display users on multiple Mailbox Stores
and Groups. I have to do a custom LDAP search to accomplish this.
Devon Harding
Windows Systems Engineer
Southern Wine &
Not if they are on the same LAN. Why do you want to do this before the
separation? Maybe there is a workaround for what ever problem you are
having.
Regards,
Aric
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Danny
Sent: Monday, September 26, 2005 1:
No automatic change mechanism for OM roles. Someone did it. J
Regards,
Aric
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Monday, September 26, 2005
1:12 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Domain-wide
operatio
I am way late on this thread but my experience with IBM has been horrible.
At the widget factory I was at, we switched from Dell to IBM because the
newish CIO was from IBM. Our DOA rates went up to about 30% from about 0%.
We implemented new procedures to burn in every DC for a couple of weeks
prio
The guy in link using a batch file to call the VBS Script,
You can directly put the VBS file into startup folder, instead of calling it from netlogon.
Also, I guess, %logonserver% might create problem, as it might not be defined by the time, script runs.
On 9/27/05, [EMAIL PROTECTED] <[EMAIL PROT
As far as I can tell, DNS Suffix Search Order is not adapter specific, but
rather, if you set it from the Network Connections applet, it is applied to all
adapters on the system and set in the following registry value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchL
Nop, this also didn't help...
Now I am facing some strange errors,
When I open any admin tool related to AD like dsa.msc or dssite.msc or domain.msc
I get no domain found error, even though DNS is working fine.
If I open adsiedit.msc to see the permission on partitions, it doesn't allow me to see
...
Something that is necessary for almost every one of these tools is an
LDAP query. Active Directory is an LDAP-based directory (LDAP stands for
Lightweight Directory Access Protocol). The queries are based on RFC-2254, “The
String Representation of LDAP Search Filters” (available at http:
This is always a good starting place if
you find it consumable: http://www.faqs.org/rfcs/rfc2254.html
Optionally, using the ADU&C MMC
Snap-in you can build some “Saved Queries” and see how they are
built (Query String) by the snap-in to learn some of the intricacies.
Regards,
Aric
Know of an easy way to find out who? I'm assuming
auditing, but our security logs are unwieldy and if it happened over a couple
days ago, well you know how that goes.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard,
AricSent: Monday, September 26, 2005 3:58 PMTo:
A
It is in the create code. The OS that it must assign SIDs to users,
computers, etc. It may be hardcoded to the existence of that attribute as a
mandatory attribute for the class or it could just be for certain fixed
clases. I have never tested it by creating another class with objectSID as a
requir
I also find this article helpful: http://msdn.microsoft.com/library/default.asp?url="">
Thanks,
-Steve
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Bernard, Aric
Sent: Monday, September 26, 2005
4:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [Ac
Are you asking if there is a way to do
this with out using the event logs?
The only option I can think of is gathering
all of the persons with permissions and beating them about the head until
somebody confesses. Come to think of it that could generate some false
positives. J
If yo
The adm i set, directly sets the HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList value, NOT the policies key.
Its for win2k, so its a tattoo, not a policiy. that other key never comes into play.
as i stated, in the net coonections applet it changed the adapter.
when doing an ipco
I don't have the answer to this other than writing a sink or something that
reads every message of every mailbox, neither of which I would consider
trivial, but
I find this statement to be humorous "Sorry for sending an Exchange question
to an AD group, but I really need an answer to this quic
when i had the smtp connector point to dns, it failed with "remote host did not respond".
when pointing to a smarthost it worked.
maybe exchange while sending to [EMAIL PROTECTED], thinks servername.domain.tld is a domain and when it gets a nxdomain from domain.tld, it fails?
no?
sillier th
Findstr /S /I "string" \\.\backofficestorage\\mbx
It'll be slow. And it requires access to every mailbox. But it'll work.
:-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, September 26, 2005 4:18 PM
To: ActiveDir@mail.activedir.org
S
Why should Exchange not think that servername.domain.tld is
a domain?
Can
you resolve servername.domain.tld from the Exchange server? How about from the
smarthost?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Monday, September 26, 2005 5:32 PMTo:
Active
Be very careful with this. The RUS doesn't actually use
LDAP to execute that filter except for when you test it in ESM. I have seen
perfectly good queries that work great in the test (because it actually submits
the LDAP query to AD) and then the AL is built all wrong. It is usually around
t
I just tested this, I sent to [EMAIL PROTECTED] and watched Exchange query DNS
for the MX record, an SOA record was returned, it then queried the A record and
got that and fired the message off.
If it isn't working, then I expect it is in the name res area as Hunter is
indicating as well.
__
Are you suggesting counseling, Aric? :)
DHCP is based on broadcast. I suppose if you configured your helpers to
point to different subnet segments (assuming the two companies don't
share the same subnet) you might be able to do this.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[E
At least the number of people who could do this at least is very limited and
hopefully trusted. If you ask each of them if they did it and someone doesn't
admit to it, there is obviously an issue.
It could have happened in a demotion too and possibly an admin didn't notice
it. Was the previous
Counseling indeed!
I made the assumption when you said the same LAN that both companies
were sharing the same subnet...and you know what they say about
assumptions...
Of course Marcus is right if my assumption is incorrect. :)
Regards,
Aric
-Original Message-
From: [EMAIL PROTECTED]
[
Sorry to throw that half-baked code at you, Tom. I reposted it. It's tested
and works now - in my VM Lab :)
IPCONFIG sees it correctly. Yes, it will overwrite whatever you have in
there, so you would want to adjust your array to include the current entries.
Again, apologies. BTW, this is a mach
Yeah. what you said ;)
Give me some time - I'll think up an explanation for why I F'ed the whole
thing up.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you
Brian, AD, thanks fot the reply ;)
I will look some codes as suggested Brian. But it is also a good idea to
restrict the view of the attribute for only peolple that is allowed to.
Have a nice day all :)
Cheers,
Yann
De: [EMAIL PROTECTED] de la part de AD
D
Just to be accurate...
During a DEFAULT fresh W2K3SP1 install "Post Setup Security Updates" protects
the server by enabling WIndows Firewall until the first admin logon and the
admin clicks the FINISH button. After that the WIndows Firewall will be
DISABLED. Also remember there are several exc
that is done through the GUI (MMCs) or through a script kicking several
operationa attributes. Both are manually, unless you scheduled a script to do
it ;-)
Another way is if you demote the DC that hosted the FSMO roles whereas you did
not transfer before the demotion. If you demote a DC that ho
74 matches
Mail list logo
