What type of experiences have you had with renaming DC names?Mark Parris [EMAIL PROTECTED] wrote: Have fun, I have had some great experiences reusing DC names.-Original Message-From: "Simpsen, Paul A. \(HSC\)" <[EMAIL PROTECTED]>Date: Thu, 15 Dec 2005 09:48:53
Had a problem with a DC (2K3; SP1) earlier this week which wouldn't boot
- came up with an error message about AD being unable to start and
suggesting restart in directory services restore mode.
This DC doesn't desperately matter; it holds no FSMO roles; there's no
data on it so I can live
Is everything configured as
mentioned in http://support.microsoft.com/kb/326480
Cheers,
Jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lloyd
WilliamsSent: Friday, December 16, 2005 01:58To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Interforest Password
There must be an error code with that error. Can you post it?
Cheers,
Jorge
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Rochford
Sent: Friday, December 16, 2005 09:47
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Failed DC
Had a
Picking up on point 2 - if you run this via a web interface
then you can use the setpassword approach (because it's not the user who's
changing the password but the web application and that can be given admin
credentials)
Steve
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Yep, that's exactly how it's done.
As for an app that does this via web, there's one included with IIS
called IISADMPWD that has all kinds of information available to you.
As for having problems with the changing of a password, you might have
a look at the error code returned to see if there's
Thanks for the reply. Yes this is the document that I am
using as my guide to do this.
The only part I am not sure about is the part that says the
"users must have administrator rights in both domains."
As far as I can see it is not possible to to add the Domain
Admin from one domain to the
Another possible place where I may be messing up is for
my domain I have a domain policy that disables "Network Server Digitally sign
communications"
and disables "digitally encrypt secure data channels",
As I have many different clients on the network, NT Mac 2000 etc and I have
seems
No. That domain wide
authentication thing you mention is called selective authentication. Although
the selection you made is OK, that isnot what you need in this case to get
admin permissions on the source domain. To read more about selective
authentication see:
Anyone have problems with Mac OS 10.4 binding to Windows 2003 AD? Once
you bind the damn thing successfully and unbind it you cannot re-bind it
again. I have about 10 of these Mac-Crap machines. No problem with OS
10.3 and below. I like to shove all these machines up Apple's azz..or my
upgrade to 10.4.3
- Original Message -
From: Za Vue [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Friday, December 16, 2005 2:13 PM
Subject: [ActiveDir] OS 10.4 and W23k Ad
Anyone have problems with Mac OS 10.4 binding to Windows 2003 AD? Once
you bind the damn thing
I am running 10.4.3.
-Z.V.
Kevin Gent wrote:
upgrade to 10.4.3
- Original Message - From: Za Vue [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Friday, December 16, 2005 2:13 PM
Subject: [ActiveDir] OS 10.4 and W23k Ad
List info : http://www.activedir.org/List.aspx
List
This computer is unable to access the domain controller for an unknown
reason. Why can we all just get along?
-Z.V.
Kevin Gent wrote:
upgrade to 10.4.3
- Original Message - From: Za Vue [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Friday, December 16, 2005 2:13 PM
ZV,
When you unbind from the Domain have your tried deleting the computer
account then rebinding?
We have ~250 10.4.3 machines bound to our domain w/o any problems (thus
far).
Feel free to take this off list if you want.
john
Za Vue wrote:
Anyone have problems with Mac OS 10.4 binding to
but making all users Domain Admins would really simplify
your overall management - you would never have to worry about security again and
wouldn't have to setup all those useless and complex delegated admin permissions
either :-)
P.S.: the minimal permission required to set instead of
What benefits do you get from having your OSX machines binding to the
domain?
Dennis
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Singler
Sent: Friday, December 16, 2005 2:43 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OS 10.4
The account used by the PES does NOT have to have
adminstrative credentials in the target domain! It can be a simple domain
user from the source domain. The difference with the previous PES version is,
that now you don't need to have "Everyone" added to your"Pre-Windows 2000
compatible
some minor corrections/comments
- if you've created a forest trust (requires that source
and target forest running at Win2003 forest functional level), then SIDfiltering
is not enabled by default
- pls. don't add any SIDs to SIDhistory of target domain
admins group to gain rights in the
oh, forgot to add - if you are using SID-History, you do
have to have admin rights in the source domain (either via membership of your
migration user from the target domain in local admin group of source domain, or
by entering a souce domain admin's creds when prompted to do so in
ADMT).
One other thing beyond what Jorge mentioned if you've Enabled
Disable [oxymoron :-)] anonymous SAM enumeration via Group Policy you're
also likely to end up with problems accessing resoures.
Regards,
Mylo
Almeida Pinto, Jorge de wrote:
No. That domain wide authentication thing you
Depp, Dennis M. wrote:
What benefits do you get from having your OSX machines binding to the
domain?
a few:
Home dirs get mapped automagically. Connecting to network resources
does not require additional authentication. No local accts. (besides
admin/root).
-Original Message-
you could still use another workaround method to boot the server into
normal mode without starting AD and then remove AD. But since it's no
longer the preferred method and PSS stopped handing out the information
on how to achieve this (now that you have support to forcedemote a DC
... when it's
I guess some progress now.
I get
Unable to establish a session with the passport export server. The
source passport server and the target passport server do not have the
same encryption key
Now I run ADMT on the source server to do the migration.
I created the key by running
Admt key
nope PES is only required on the source
your install procedure sounds correct.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lloyd Williams
Sent: Freitag, 16. Dezember 2005 21:40
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interforest
We don't have anything that authenticates outside of windows. But the
root is not empty, the 'home office' uses it. So there are users and
computers in that domain. But it sounds like I should see any issues.
Thanks,jb
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
My biggest concern was issues with other domains in the forest. Because
this is the root domain (NOT empty) I wanted to make sure switch to
native domain would be ok. We have a few domains that still have NT DC's
and then are in mixed mode.
Thanks,jb
-Original Message-
From: [EMAIL
I am currently looking at creating a web page that allows onsite tech admin
to create and alter user/group info in Active directory. I want to have
delegated control of a OU but I am looking at a web form so I can apply some
sort of input masks to ensure data consistency when new users are added.
if you have modified the default security settings and user rights you might
wanna have a look at the following to determine what the impact is:
MS-KBQ823659_Client, service, and program incompatibilities that may occur when
you modify security settings and user rights assignments
Cheers,
Hi Dennis,
In response to your question as to what benfits there are in binding a MAC
to AD. The best list I have seen so far is on:
http://www.admitmac.com/admitmac-vs-tiger/index.shtml I like Mac's, but I
also really like playing around with Linux.
However my true expertise is in
Can I also have the info pls :)
Thank you and have a splendid day!
Kind Regards,
Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: [EMAIL PROTECTED]
phone: (+65) 6330-9785
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
30 matches
Mail list logo