Here
you go.
Set objWMIServices = Getobject
("winmgmts:root\CIMv2")Set objWMIInstances = objWMIServices.InstancesOf
("Win32_OperatingSystem")For Each objWMIInstance In objWMIInstances WScript.Echo
objWMIInstance.CaptionNext
You can also
use an enhanced version of scriptomatic, calle
This error is benign as long as you are not enforcing
quotas for Active Directory objects and if you are the only downside is that a
user may be able to create more or less objects than they should. The
issue can occur on a DC or a GC and one of the ways it occurs is when SDProp
fixes-up mi
Hard to say how much of a problem that is. I've seen references to it being a problem with the GC which is why I asked. It would be something where you'd want to remove the GC role, and then re-add it/rebuild it based on what I've seen. I wouldn't have expected it to go away completely unless it
Hi Al
Yup this is a GC.
Frankly I'm not sure what has been done to this DC as I
just started to takeover the DC yesterday. One of the things that was done most
probabbly was to standardize antivirus to SAV 9 - thats pretty much
it.
Seems like after another reboot this error doesnt appea
Devon, download scriptomatic. It’ll build the code you require.
:m:dsm:cci:mvp marcusoh.blogspot.com
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon
Sent: Wednesday, December 28, 2005
5:41 PM
To: ActiveDir@mail.activedir.org
Subject: [Active
How can I print out the OS Caption from WMI? Trying to
incorporate in a .vbs
Devon Harding
Windows Systems Engineer
Southern Wine & Spirits
- BSG
954-602-2469
__This message and any attachments are sol
Hilarious Steve...I could not have put it better myself.
Cheers and Happy New Year to ALL!
-Nav
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Molkentin,
Steve
Sent: Wednesday, December 28, 2005 4:18 PM
To: ActiveDir@mail.activedir.org
Subject: [Active
So, this year, due to "normal" adjustments in keeping our calendar in
sync with the moon (and no doubt the sun too), 2005 will exist for an
extra second this year.
See: http://msnbc.msn.com/id/8476418/
The clocks will read 11:59:60 before ticking over to 12:00:00
So... How will that affect us? I
And we poke a hole in the firewall for the time service ...udp port 123
Almeida Pinto, Jorge de wrote:
well, yes but it is not needed for the time service
By default the time sync within a forest/domain is automatically configured as
it shoud be...
Each client and server syncs time w
Yes, the Domain Controller holding the PDC Emulator Role is the
Domain-based FSMO which should be configured, ideally for external time from an
atomic clock such as the US Naval Observatory two addresses so long as you have
access through Port 123. Desktops can be configured if desired to
You don’t really need to do all
this. Give the PDC-E an auth source to sync from, and the clients will be taken
care of.
If I were you, I’d undo the policies
you’ve set. Then I’d do net time /setsntp . Yeah, don’t
specify anything after /setsntp. That should clear out whatever is curren
well, yes but it is not needed for the time service
By default the time sync within a forest/domain is automatically configured as
it shoud be...
Each client and server syncs time with the authenticating DC
Each DC syncs time with the PDC in the same domain or with parent DCs (from a
Isn't it best practice to set the entire domain time policy at the domain
level (Default Domain Policy) instead of trying to set every machine or
every OU separately?
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Wednesday, Decemb
why are you using the GPO to configure the time service on the PDC? Why not
just configure the PDC with the commands and info provided?
Jorge
From: [EMAIL PROTECTED] on behalf of Douglas M. Long
Sent: Wed 2005-12-28 18:42
To: ActiveDir@mail.activedir.org
Subject:
I see what you're saying, Joe. I wasn't thinking of the implementation so much as the end state. I can see where it would take a while to implement and integrate into an environment. It's certainly not something you drop in, add water, and let loose expecting great results. The rules would have
OK, so then I am still not synching with
an external time source. I have followed the steps, and still I get the same
thing. I can not figure out what it causing it to not use the server I specify.
I am guessing it has something to do with some group policy setting? Do I need
to block inher
I agree, autodl and autogroup aren't the answers, but they
were the closest MS has gotten to the answer for companies drowning in group
management issues such as the one I have most of my experience with.
I agree that if rubber stamping is all the validation that
is occurring, the company
To keep things simple, doing
Net time /setsntp:pool.ntp.org
then
net stop w32time& net start w32time
and
net time /querysntp
(ALL at the PDC-E) should give acceptable result.
If it doesn’t, then something at the firewall may be blocking 123
Sincerely,
Dè
w32tm /monitor
dc1.domain.com *** PDC *** [10.100.110.12]:
ICMP: 0ms delay.
NTP: +0.000s offset from dc1.domain.com
RefID: 'LOCL' [76.79.67.76]<<
Wasn't different than the one I was thinking of. I wasn't thinking of the gentleman sailor, scholar, and world-traveller from NZ though.
I'm well aware that the Tony you speak of is a Microsoft employee who's considering writing a utility to fill a gap he likely sees among his customers. I was s
MSDE = SQL2005Express isn't it?
I'd really prefer not to introduce yet another DB technology into the mix if possible.
Joe, I think that some logic to prevent the creation of too many sids is needed in the product regardless, but I think some level of self-service is needed. I've seen too many
This post is darn near impossible not to respond to in some way :-)
joe wrote:
The old MS Solution which just did DLs is called AutoDL and it has
been available externally but as Al points out, depends on SQL Server.
Then came AutoGroup which MS would not give out to anyone but handled
Tony Bailey
Senior Product Manager
Security and Compliance Solutions
http://www.microsoft.com/security/guidance/default.mspx
Sorry possibly a different Tony that what you may be thinking?
Al Mulnick wrote:
Wouldn't Tony already be aware of such things?
DL/DG management is not a new
I have Run w32tm /config /update /syncfromflags:MANUAL /manualpeerlist:
"navobs1.oar.net" and also verified
HKLM\System\CCS\Services\w32time\Parameters
Type=NTP is set. I stopped and started w32time, and still the PDC-E points
to itself. Or at least that is what I think it is saying. Isn't LOCL in
Oh yeah, to add some more issues-
Some users don't get their home directory drive mapped either(the one defined as an attribute of the user object). The server their home drive is on has been double ACL'ed to have both accounts.
Not sure why this wouldn't work for some users.
The strange thin
No problem. :o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Wednesday, December 28, 2005 10:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] command line tool to display object owner?
Right under my nose! Tha
The old MS Solution which just did DLs is called AutoDL and
it has been available externally but as Al points out, depends on SQL Server.
Then came AutoGroup which MS would not give out to anyone but handled Sec and
Non-Sec AD groups, I know I tried for over a year to get it and was finally t
dscals with the "/A" switch
On 12/28/05, joe <[EMAIL PROTECTED]> wrote:
Adfind with the -owner switch.-Original Message-From:
[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Thommes, Michael M.Sent: Wednesday, December 28, 2005 10:02 AM
To: ActiveDir@mail.activedir.orgSubject: [Ac
Right under my nose! Thanks for the Xmas present, joe! 8-)
Mike Thommes
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, December 28, 2005 9:12 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] command line tool to display
Thanks. I already did the secondary of target on source and source on target dns, James. Sorry forgot to mention that.
I'll look into the kerberos over tcp, Jeff.
Thanks.
Another issue, is that some of the clients DHCP servers are still in the old domain(clients update their own A records) so t
Adfind with the -owner switch.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Wednesday, December 28, 2005 10:02 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] command line tool to display object owner?
Can someone
Can someone point me at a command line tool to display an AD object's
owner? I know I can see the object's owner with
ADSIEdit/Properties/Security/Advanced.
TIA!
Mike Thommes
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://
Hi Douglas,
To configure domain members and DCs to use the default behavior, either
Run w32tm /config /update /syncfromflags:DOMHIER
Or check the following registrykey
HKLM\System\CCS\Services\w32time\Parameters
Type=NT5DS
To configure a server to use a NTP-Timesource (what you
Hi Tom
Is it possible to put secondary zones for the new forest on the old forest
DNS servers - so instead of double forwarding (to bind and back) clients
can look up the new domain directly. In our migration we did it both ways.
The servers in the new forest contain secondaries for the old fores
I'm running Quest's AD Migration Manager and some workstations are experiencing issues post migration.
Their login scripts don't run(legacy not GPO scripts) and hence their drive mappings don't work.
This is sporadic as some users are fine.
The only thing these non working users have in common
Hi,
My users connect through ICA session
to couple of Citrix desktop servers ( all windows 2000 ). The profiles
they are using are mandatory. In those profiles the IE security settings
for Internet Zones\Navigate subframes across different domain are
set to "Prompt". I want this settings to be ch
I have read the Time Service white paper from Microsoft and am still
confused. I have set the default domain GPO to use NT5DS under Configure
Windows NTP Client, and set an external time server (navobs1.oar.net,0x1)
for NTPServer. I have also set Enable Windows NTP Server to enabled. There
are no o
Freddy, is this also a global catalog server?
It is a concern as this should not be something you see on normal servers. Also, can you describe what changed in the environment recently and what else is running on that server?
Al
On 12/28/05, Freddy HARTONO <[EMAIL PROTECTED]> wrote:
Hi all
Wouldn't Tony already be aware of such things?
DL/DG management is not a new issue by any stretch. It gets new life because the DG can now also be a SG which makes it more important to understand the ramifications of creating a new DG.
The Dev team should well aware of such things and shoul
Is the account the built in admin account (-500) or a newly created account
with the original account renamed. If so then normal account lockout
procedures should be followed.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: 28 Decembe
Title: Event 2069 - AD Quota tracking table?
Hi all
Found an interesting events, havent been able to find any additional info on this yet, but from the look of it its only happening in this domain controller and it seems to be responding well.
Is this much of a concern?
Event Type: E
41 matches
Mail list logo