RE: [ActiveDir] Getting computer name from a username

2005-12-05 Thread Grillenmeier, Guido
hey joe - good questions - let me clarify: 1. no we purposely don't - this would cause excessive replication and as you've mentioned, there's no guarantee that we would be able to write the value. But the goal of this information is not to show who is _currently_ logged on a machine (I wouldn't us

RE: [ActiveDir] Exporting Mailbox rights

2005-12-05 Thread Amy Hunter
Hi Alain,   thanks for your response, it all looks very clever.   I have tried running the following command:   WMIManageSD.Wsf /E2KMailbox:"cn=POTrust,ou=group mailboxes,OU=,DC=spinnaker,DC=org"  /adsi WMIManageSD.Wsf /E2KMailbox:"cn=POTrust,ou=group mailboxes,OU=,DC=spinnaker,DC=org"  /de

RE: [ActiveDir] AD Wish list

2005-12-05 Thread al_maurer
Title: AD Wish list In my experience, if it’s going to be in the ,00s, it’s going to be a script. J   Al Maurer Service Manager, Naming and Authentication Services IT | Information Technology Agilent Technologies (719) 590-2639; Telnet 590-2639 http://activedirectory.it.agilent.com

RE: [ActiveDir] SBS Transition Pack installation experience?

2005-12-05 Thread al_maurer
Thanks, Susan. I imagine if we can establish the trust after applying the transition pack, we'll be good to go. Funny about that "Setup cannot continue because the version of Windows on your computer is newer than the version on the CD." Warning. Had the same warning and ending experience whe

RE: [ActiveDir] Exporting Mailbox rights

2005-12-05 Thread Alain Lissoir
Do you have the Functions folder available? It contains a series of functions used by WMIManageSD.Wsf Next you must register the DLL with REGSVR32  in the resource folder. Then you are all set. By default, WMIManageSD.Wsf must be in Folder XYZ while Functions folder must be at the same lev

RE: [ActiveDir] Exporting Mailbox rights

2005-12-05 Thread Coleman, Hunter
The reference is on line 155 of the script. Go to Alain's site (www.lissware.net) and scroll down to the link for "Script Kit of Volume 2". Download that and extract the whole thing...you should get a directory structure, and the main script is in \Volume_2_ScriptKits\Chapter_04\Sample 4.02

RE: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Medeiros, Jose
Correction. I meant to say: " Esentutl utility with the /d switch ". Not Eseutil /d. Sincerely, Jose Medeiros ADP | National Account Services ProBusiness Division | Information Services 925.737.7967 | 408-449-6621 CELL -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROT

RE: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Brett Shirley
She replied offline, very likely a single bit flip, tragedy, they aren't one release later (Longhorn), where this would've probably been non-disruptively handled, logged, and possibly self-healed: http://blogs.technet.com/efleis/archive/2005/01.aspx Anyway, this kind of thing is usually hardware

Re: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
I did? :-) I think I still said all I know is what the poster said :-) I think I need a course in event log reading because even with the logs, and the default size of the logs, I still don't see a smoking gun. The directory services one is filled with events 'post' blow up. What is intere

Re: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Al Mulnick
Those are fine ideas. You may want to have a closer look at that hardware. Whichever the vendor, they usually have their own diagnostics. It's time consuming, but often worth checking along with checking for known issues with drivers, firmware, etc. In my experience, I've mostly seen this t

RE: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Medeiros, Jose
Well at least the corruption occurred on just a single DC. One thing that has bugged me about Active Directory is not being able to select if you want a DC in a remote office to not have the ability to replicate back in a large enterprise environment. Since most remote offices only have a few pe

Re: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Phil Renouf
Will Read Only DC's take care of this? I don't know much about them yet, but it makes sense that if the copy of the dit that a DC has is RO that it won't try to replicate that anywhere and would only be the recipient of replication. Anyone with more knowledge about how RO DC's will work to comment

RE: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Medeiros, Jose
I was not aware that Microsoft had incorporated such a feature in AD 2003. I know for a fact that Microsoft did not have this feature when AD 2000 was first released because I mentioned it to several Microsoft AD &  premier support specialists and they each confirmed it was not available ( H

RE: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Steve Linehan
We do not replicate corruption so if you have local corruption as noted below there is no worry that it would replicate around to other servers in the environment.   Thanks,   -Steve From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil RenoufSent: Monday, December 05, 2005 1

Re: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Phil Renouf
I was thinking about Longhorn :) It has been brought up here as a possible longhorn feature a couple of times, but yeah that doesn't help much for the immediate future.   Phil  On 12/5/05, Medeiros, Jose <[EMAIL PROTECTED]> wrote: I was not aware that Microsoft had incorporated such a feature in A

RE: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread joe
RODCs are a LongHorn feature. It will be one-way replication to the RODCs. They will not replicate out anything. If you are on the LongHorn beta you should be able to test this right now.   But as Steve (one of the really good PSS guys) said and I can concur as I have seen my share of corrupt

[ActiveDir] remove logon script?

2005-12-05 Thread Harding, Devon
How can I remove the logon.bat from all my user (2000+) accounts at one time in my domain?  I’ve switch to GPO for the logon scripts.   Devon Harding Windows Systems Engineer Southern Wine & Spirits - BSG 954-602-2469   _

Re: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Mark Parris
As far as I can recall the new DC model will be very similar to a DNS model with certain files in a constant replication configuration and the. Information that needs to be kept safe is cached only. Mark -Original Message- From: Phil Renouf <[EMAIL PROTECTED]> Date: Mon, 5 Dec 2005 15:18

RE: [ActiveDir] remove logon script?

2005-12-05 Thread Ayers, Diane
Try ADmodify for a GUI tool...   Diane   http://tinyurl.com/5ruog From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, DevonSent: Monday, December 05, 2005 12:40 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] remove logon script? How can I remove the logon.

RE: [ActiveDir] remove logon script?

2005-12-05 Thread Brian Desmond
Adfind and admod from joeware.net   Adfind –f “(&(objectCategory=person)(objectClass=user)(scriptpath=logon.bat))” –default –dsq | admod –unsafe scriptpath-   Thanks, Brian Desmond [EMAIL PROTECTED]   c - 312.731.3132     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTE

RE: [ActiveDir] remove logon script?

2005-12-05 Thread Crawford, Scott
This is a fairly old and ugly vbs script, and it only works for one OU in the domain, but it should get the job done.  You’ll need to modify strPathToContainer and strDomain.   Option Explicit Dim strPathToContainer, strDomain Dim oUser, oUserContainer   strPathToContainer = "OU=Stude

RE: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Medeiros, Jose
If that failsafe is built in then I am just being a worry wort and I have to admit, I have yet to experience this particular problem. Sincerely,Jose MedeirosADP | National Account ServicesProBusiness Division | Information Services925.737.7967 | 408-449-6621 CELL -Original Message

RE: [ActiveDir] remove logon script?

2005-12-05 Thread joe
One tiny correction :)   Adfind –f “(&(objectCategory=person)(objectClass=user)(scriptpath=logon.bat))” –default –dsq | admod –unsafe scriptpath:- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian DesmondSent: Monday, December 05, 2005 4:00 PMTo: ActiveDir@mail.actived

RE: [ActiveDir] AD Wish list

2005-12-05 Thread joe
Title: AD Wish list I would have to concur, reporting is pretty heavy duty stuff.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, December 05, 2005 9:50 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD Wish list In my experien

RE: [ActiveDir] Exporting Mailbox rights

2005-12-05 Thread joe
Here is a little code snippet I posted here previously for enumerating mailbox permissions   http://www.mail-archive.com/activedir@mail.activedir.org/msg14221.html     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amy HunterSent: Monday, December 05, 2005 7:41 AMTo: Active

RE: [ActiveDir] Getting computer name from a username

2005-12-05 Thread joe
Ah, sorry I must have missed the intent. :o) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, December 05, 2005 4:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Getting computer name from a username hey j

RE: [ActiveDir] Obsolete Domain groups

2005-12-05 Thread joe
Nope, there is no last used. Kind of hard to define last used for a group anyway, for instance for a security group it would be the last time anyone from the group logged in and the group SID was stuffed in the user's token. If you are talking security groups, the best to do is change the group to

RE: [ActiveDir] Saved Query for Distinguished Name Contains

2005-12-05 Thread joe
It seems I have been answering a lot of questions like this lately...   You can not put parts of the DN into the LDAP query. The only way to control what branches a query looks at are   1. Permissions 2. Search base 3. Search scope.   You need to be the most specific you need to be to either

RE: [ActiveDir] Obsolete Domain groups

2005-12-05 Thread Figueroa, Johnny
Got it. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, December 05, 2005 3:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Obsolete Domain groups Nope, there is no last used. Kind of hard to define last used fo

RE: [ActiveDir] remove logon script?

2005-12-05 Thread Medeiros, Jose
Select all the accounts at once, then select the properties, then remove the logon.bat file name from the AD account attribute. It will change it on all of them at once. This capability was first introduced in NT4 somewhere around sp5or sp6. Or you can of course script it using the command " net

RE: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Carpenter Robert A Contr WROCI/Enterprise IT
Novell. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, JoseSent: Monday, December 05, 2005 11:24 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Ntds.dit file corruption I was not aware that Microsoft had incorporated such a feature in AD 2003. I

RE: [ActiveDir] Saved Query for Distinguished Name Contains

2005-12-05 Thread Dan Holme
Thanks For the scoop, Joe!!!   And yes, I LOVE ADFIND, but it doesn’t provide a result set within the MMC… I’m trying to do an MMC (AD UC snap-in) Saved Query as the basis for a custom Taskpad … Sorry I wasn’t clear about that. Guess I’m out of luck.   Thanks again, though!  At leas

RE: [ActiveDir] Saved Query for Distinguished Name Contains

2005-12-05 Thread Ulf B. Simon-Weidner
Hi Dan,   as joe said you can also modify the search base, so when creating the saved query select the seach base (it’s on the first screen of the dialog which let’s you add a saved query, not in the definition of the query itself). Sorry – don’t have the interface in front of me so I’m n

RE: [ActiveDir] Saved Query for Distinguished Name Contains

2005-12-05 Thread joe
What is this MMC thing you speak of?   ;o)     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan HolmeSent: Monday, December 05, 2005 6:36 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Saved Query for Distinguished Name Contains Thanks For the scoop, J

[ActiveDir] Moral of this story...don't move the log files

2005-12-05 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
When you perform a system state backup on a domain controller that is running Windows Server 2003 with Service Pack 1, Backup may fail: http://support.microsoft.com/?kbid=909265 -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.acti

RE: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Sullivan Tim
BDC From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carpenter Robert A Contr WROCI/Enterprise IT Sent: Monday, December 05, 2005 5:33 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Ntds.dit file corruption Novell. From: [EMAIL PROTECTED] [mailto:[EMAI

RE: [ActiveDir] Ntds.dit file corruption

2005-12-05 Thread Steve Linehan
For full disclosure I am no longer in the Microsoft Services organization, I was the last time Joe talked to me where I was an Advisory Support Engineer (AKA Alliance Support).  I am now a Product Technology Specialist for Directories and Identities in Microsoft's technical pre-sales organiz