Sähköpostiosoitteeni muuttuu 31.12.2005, käyttäjätunnusosa pysyy entisenä, uusi
toimialuetunnus on PKSSK.FI. ([EMAIL PROTECTED]).--- Begin Message ---
Hello
list,
I've been using
vbs-script for some time already to add an Employee ID manually through ADUC,
but the problem is that I always h
One way to do this is use Jeff Middleton's Swing Migration to
accomplish this. I have done this many times with great success.
http://www.sbsmigration.com/
The essentials are below. There is more to this process but it is only
an overview. Plan on about 8 hours or more the first time you do it as
I don't know if I made it clear enough but in version one ...the domain
name is the same as the original box, the computer name, etc. The
worksations won't freak.
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Where did I miss this one?
To make an eval of SBS into a real box you put
Where did I miss this one?
To make an eval of SBS into a real box you put SBS retail over the top
let it run and voila [and hit that person for hacking up a box]
www.sbsmigration.com is a package of information/how to/scripts but
mostly support. If you've never done this AD glue suck out and
Title: Message
We have roughly 650 unique nightmare LANs here. I’ve seem some
interesting things. Have a folder full of screenshots and JPEGs from site
visits to prove it.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From:
[EMAIL PROTECTED] [mailto
Title: Message
Yep sorry, didn't intend to say it wasn't a good idea. At
some point the list will catch up and my post that says that will show up.
:)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Wednesday, January 18, 2006 8:39 PMTo:
ActiveDir@mail.ac
And further, I am not trying to say I am always right. Quite the contrary,
fully 50% of what I say is flat out incorrect, made up, or complete opinion.
Your job is to try to figure out what is and isn't in that 50%. Preferably
prior to changing your environment based on something I said. :o)
Or to
389 is the standard LDAP port. 636 is LDAPS - LDAP Over SSL it's
comparable to 80 and 443 ... one is unecrypted and one isn't.
As far as the GC port, this is LDAP too, but, it's only listening on
domain controllers which are global catalogs in your forest. The global
catalog holds a partial replic
For those using character set 409 a possible useful
addition to ADUC for them. Adds "Operating System Service Pack" to the
searchable fields for computers in ADUC, also allows you to select the column to
display.
adfind -config -f
"attributedisplaynames=operatingSystemVersion,Operating Sy
It looked like you asked for the GC ports, those are 3268 and 3269. If you
want the LDAP ports, those are 398 and 636.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ravi Dogra
Sent: Wednesday, January 18, 2006 8:36 PM
To: ActiveDir@mail.activedir.org
Unless Novell's changed what flavor of DNS/feature set they
have since NetWare 5.1 (last time I ever saw Novell) it did not support dynamic
updates. More specifically, it supported "dynamic updates" but only via a
NetWare DHCP server. Also, at the time, the GUI for managing records
didn't
Don't get me wrong though... Sysprep/newsid, follow the process. I am
absolutely not telling people to image machines and deploy them without
cleaning them up. If you have odd things happening and are not following the
recommended processes, it is all on you and you get to take responsibility
for w
I would like to see the details of what the issues are. Windows IT Pro mag
is a nice mag and all, but there is no real technical review of the
articles, you can say about anything you want to and I have seen several
examples. Ditto for Redmond Mag and SearchWindows*, etc.
I don't think the peopl
LOL. It isn't a decimal number though... It is a series of
variable length decimal numbers separated by the period character... Sort of
like an OID
1.2.840.113556.1.4.7000.102.7038
Versioning is a lost art I think though. I am big on
xx.yy.zz. xx.=major, yy=minor, zz=really minor, nn
As a newsgrouper/listserver person who gets massive amounts of OOO...can
I respectfully say that has to be the stupidest reason for network
design in my personal opinion.
The amount of social engineering data I can get from OOO's that I on the
Internet have no business having at least set
Thanks,
Yeah I’m
trying to set different password policies per domain groups…
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Wednesday, January 18, 2006
4:56 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Accout
policy
Title: Message
Dozen other reasons to run it. Not running sysprep is just a bad idea.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of joe
Sent: Wednesday, January 18, 2006
8:11 PM
To: Acti
Title: Unresolved SIDs in ACL
It sure as heck shouldn't allow you to write an invalid SID
to the ACL though... The interface should kick back an error of that name can't
be resolved and not set anything. The last time I looked the stuff you could use
from _vbscript_ didn't let you see SIDS, i
We need the SBS mom for this one... I am sure she knows someone who can help
with this.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Tesch
Sent: Wednesday, January 18, 2006 12:07 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Move AD f
Yes.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah
EigerSent: Wednesday, January 18, 2006 11:56 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] ADPrep Version
Questions
Oh just what I need:
more of those number-things to confuse me ;-)
But seriously fo
Please explain...
Wht abt port 389 and 636. and GC at 3268.
i m a bit confused here
--
RD
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Title: Unresolved SIDs in ACL
Correct on the method being used not mattering to
whether or not the filter is used, the concern I poorly stated was the feedback
to the script or other programmatic mechansim on why the password change
has been rejected.
From: [EMAIL PROTECTED]
[mailto:[EM
Title: Unresolved SIDs in ACL
Custom password filters can be extremely troublesome. I
know ~Eric has mentioned having to deal with several issues that came down to
custom filters after digging through debug dumps. They are tied in at a very
tender spot of the DCs and the slightest problems in
I would say focusing on the design of big directories is
pigeon-holing a little too much. There are only so many big directories that
need to be designed. I personally find much more fun in diagnosing good
directories that have gone bad than trying to design them. I design if I have to
but i
On 1/19/06, Aaron Visser <[EMAIL PROTECTED]> wrote:
>
> Taken from
> http://www.sysinternals.com/Utilities/NewSid.html under the
> SID Duplication Problem
>
>
> snip
Taken from: http://www.windowsitpro.com/Article/ArticleID/14919/14919.html
At the start of the GUI phase of installation each NT/
Yeah if that is true that sounds like a great DCR or maybe something besides
Exchange handling the EDGE...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Wednesday, January 18, 2006 4:44 PM
To: ActiveDir@mail.activedir.org
Subj
Well I didn't say I don't see the benefit of an empty root.
I just don't see it as a generic best practice. Sometimes it makes a ton of
sense, sometimes someone needs to be slapped for bringing it up.
;o)
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PRO
Title: Message
NetBEUI? Ouch.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Wednesday, January 18, 2006 7:59 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer
accounts being removed
Sysprep
also removes other information which ide
Title: Message
Well not really. The important SID in question is the
Domain SID and that isn't duped. The domain doesn't care about the machine SID.
It is still good practice to newsid the machines though.
If the accounts are disappearing it is one of two
things
1. Someone is deleting it.
Does both the DC in the site and the DCs outside of the
site see that site link object and that it is connected? Are there connection
objects under other DCs that point at the DC that is by
itself?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding,
DevonSent: Wedn
Yep by default I assume you want a subtree search so you get everything, if
you want a base level search (i.e. only object that is the base of the
query) you use -s base. If you want just the children (not the object, not
the grandchildren) you want -s one.
Another assumption - if no filter is sp
Title: Message
Sysprep also removes other information which identifies the computer. For
example, I once had the pleasure of repairing a network where they had used
NewSID to do this and also had bound NetBEUI to every NIC in the LAN. I had 500
computers all claiming the same NetBEUI name.
Mike-
Its a common question. There is currently only one *domain*
password policy supported per AD domain. It does not have to be set in the DDP
but it does have to be set on a GPO that is linked to the domain (if you have
more than one, then the highest in the list wins). So you can't create
Sorry for the
newbie question….
So is it true
you can only apply an account policy, for example a password policy to change
passwords every 90 days only to the default domain policy?
I need to change
my policy setting per groups for password expiration, ex finance, HR, etc, for
com
Just because there is a link defined doesn’t
mean that a connection object will necessarily be generated. For example, if
there are three sites SiteA, SiteB and SiteC all with links to each other and
all at the same cost, the ISTG may only create connection objects linking SiteA
to SiteB an
Title: Message
Well I would agree that is not a safe
practice for most but for my application where all Local accounts are disabled
I do not see a problem.
Taken
from http://www.sysinternals.com/Utilities/NewSid.html
under the SID Duplication Problem
Duplicate SIDs aren't an issue in a
No it is not possible to delete that account. (As far as I know) but there
are times when the account has been disabled thru a Policy (that is how I
disable it) and that program has not worked, I know it doesn't make a lot of
sense because why is the policy being enforced if it will not connect to
Title: Message
Let me find my rolled up newspaper...
:)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Wednesday, January 18, 2006 4:50 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD computer
accounts being removed
NO
NO NO NO NO BAD BA
Defaults:
LDAP 3268
LDAP/S 3269
Jerry Welch
CPS Systems
US/Canada: 888-666-0277
International: +1 703 827 0919 (-4 GMT)
IP Phone (Skype): Jerry_Welch ( www.skype.net )
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ravi Dogra
Sent: Wednesday, January
Title: Message
NO NO NO NO NO BAD BAD BAD
You have to use sysprep. You’re getting duplicate SIDs here –
bad.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Wednesda
Thanks all. I guess I needed the –s base. And yes, David, I omitted the –h.
I checked and that omission was only in my post, not in the actual script.
Thanks again.
-- nme
_
From: Almeida Pinto, Jorge de [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 3:11 PM
To:
I heard you weren't going to make it this year. High
suckage factor.
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, January 18, 2006 4:21
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
OU Delegation
Well, if I were going
Hi all,
Please update me that on which port communication between LDAP and
Global Catalog takes place.
--
RD
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Whoops...sorry...and also "-s
base"
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David
CliffeSent: Wednesday, January 18, 2006 6:07 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] adfind
question
Maybe you want "-h DC1" ? Otherwise
I
Well, if I were going this time, I’d
tell you in person which consulting firm he worked for. HINT: it’s none
of the ones we’ve mentioned in this thread as being AD experts. J
Al Maurer
Service
Manager, Naming and Authentication Services
IT
| Information Technology
Agilent
Technolo
Try:
adfind -schema -s base objectVersion
AdFind V01.27.00cpp Joe Richards ([EMAIL PROTECTED]) November 2005
Using server: :389
Directory: Windows Server 2003
Base DN: CN=Schema,CN=Configuration,DC=domain,DC=local
dn:CN=Schema,CN=Configuration,DC=domain,DC=local
>objectVersion: 30
1 Objects re
Try it as
adfind -h DC1 -b
"cn=schema,cn=configuration,dc=myco,dc=private" -s base
objectVersion
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah
EigerSent: Wednesday, January 18, 2006 3:27 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] adfind
question
Hi
–
On 1/18/06, Doug Ferguson <[EMAIL PROTECTED]> wrote:
> I would use NETDOM JOIN. Type NETDOM JOIN /? To see the syntax.
>
Thanks, I'll look in to that. Would save me lots of time talking
engineers through the process of joining a domain when they turn up to
install new PCs.
I'm also somewhat unhap
On 1/18/06, Aaron Visser <[EMAIL PROTECTED]> wrote:
snip
> I have had to actually ghost computers in order to rejoin the
> domain because I do not have any local accounts active on my computers in
> the school, makes it a little safer J but with that comes more work L
>
Surely it's not possible to
Someone needs to do a cost-benefit analysis. I would guess that 2
forests = 1.6x the operations costs more or less.
I don't know Exchange at all... isn't there some way to constrain the
policy to a subset of mailboxes?
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTEC
Maybe you want "-h DC1" ? Otherwise
I'm not sure of the arg you're passing there.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah
EigerSent: Wednesday, January 18, 2006 5:27 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] adfind
question
Tell him he needs to go to DEC. Its where all the cool AD
people go :)
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, January 18, 2006 3:11
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
OU Delegation
Boy, I just had a
Title: Message
Gary, Brian,
I do not use Sysprep on my images and have
yet to come across any problems, but there may be one big difference with my
images, before I ghost them or create the image I put the said machine into a
workgroup and then create image. After I have imaged a compu
Hi –
I am
trying to write a little batch file that will report various version numbers to
me on each DC to help monitor the W2k3 upgrade process. I am having trouble
getting adfind to report the objectVersion of the Schema. When I run:
adfind –DC1 –b “CN=Schema,CN=Configuration,DC=myco
I would use NETDOM JOIN. Type NETDOM JOIN /? To see the syntax.
-;)
Doug Ferguson
Windows Systems Administrator
Hynix Semiconductor Manufacturing America, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 2:03
Look at netdom.exe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AdamT
Sent: Wednesday, January 18, 2006 3:03 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD computer accounts being removed
On 1/18/06, Crawford, Scott <[EMAIL PROTECTED]
Boy, I just had a consultant recommend an
empty root “as best practice” for a divestiture we’re
doing. Like Gil and Joe, I really don’t see the benefit (nor could
the consultant name anything specifically).
We have a single domain and delegate OU
rights based basically on an administra
On 1/18/06, Crawford, Scott <[EMAIL PROTECTED]> wrote:
> For example, if the
> domain box shows MICROSOFT, change it to Microsoft.com or vice-versa. This
> seems to trigger a domain rejoin without having to join the workgroup.
>
> snip
On a side-note - is there a command line utility which will
> Because they want to have their out-of-office replies go to the
internet
hmm - that puts a whole new meaning to the requirements of a different
forest. So just to get OOO replies configured the way they want, they're
giving up being managed in the same forest and being in the same
Exchange Org,
We have seen the same thing in our
organization, and I am investigating whether our technician that does the
images for our desktop deployments has been using the wrong version of
Sysprep. I read on the MS site that there are versions of Sysprep for
different OS levels (or service packs).
You might enable auditing on the appropriate OU to find out
who is doing the deleting. You need to enable AD auditing in the Domain
Controllers group policy, and then add auditing entries on the security
descriptor of the appropriate OU, e.g CN=Computers to track creation and
deletion of Co
Title: Message
Gary-
Are you implying you don’t sysprep your images?
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Garyphold
Sent: Wednesday, January 18, 2006
3:04 PM
To: ActiveDir@ma
Title: Message
Hi Gary,
Try looking at this article from MS regarding
'Resetting computer accounts in Windows 2000 and Windows
XP'.
http://support.microsoft.com/kb/216393/EN-US/
Also, you join the computer to the domain and then
change its name?
Do you reset the SIDs of the cloned workst
I don’t have any suggestions for why
its happening or how to prevent it, but I do have a tip for speeding up the
rejoin process. I’ve never had a problem ignoring the reboot prompt
after you remove it from the domain. So basically, I just add it to a
workgroup, ignore the reboot prompt, a
Last week,
http://www.emc.com/news/emc_releases/showRelease.jsp?id=3796
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
1:53 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT:
Gauging AD experien
Title: Message
Brenda,
FWIW: It happens to me when I clone a workstation then try to join
that workstation to the domain in order to change the computer name. AD
sees 2 machines with the same name, gives me a notification and lets the 2nd one
in. Then when the original machine with that
Yes, their computer account in AD is actually
gone.
Thanks,
Brenda
Brenda CaseyNetwork
Manager
Billings Public
Schools
[EMAIL PROTECTED]
406-247-3792
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil
KirkpatrickSent: Wednesday, January 18, 2006 11:14 AMTo:
Active
No, there is not any lockdown type of software
on these machines.
Thanks,
Brenda
Brenda CaseyNetwork
Manager
Billings Public
Schools
[EMAIL PROTECTED]
406-247-3792
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Wednesday, January 18, 2006 11:02
Avanade is another one—a joint
venture between Microsoft and Accenture. Looking at the same question myself
in the last couple of months, I’ve come to the same conclusion as Gil.
Al Maurer
Service
Manager, Naming and Authentication Services
IT
| Information Technology
Agilent
Technol
Yikes, I missed that one! When did that
happen?
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robinson,
ChuckSent: Wednesday, January 18, 2006 11:09 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Gauging AD
experience
Internosis is now EMC
Microsof
Gil’s thoughts match with mine as
well. AD is a critical infrastructure component and designing it properly
is important. However, the real complexities of AD come into play as the ancillary
systems leveraging the directory increase and as multiple directories need to
be integrated in som
I'm not familiar with Novell's DNS implementation... I
assume it is based on BIND?
See http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/73c0ae36-8058-43d1-8809-046eb03b73fb.mspx and
http://www.microsoft.com/technet/archive/interopmigration/linux/mvc/cfgbind.m
Internosis is now EMC Microsoft Practice.
Doug, contact me offline if you are
considering this option.
[EMAIL PROTECTED]
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, January 18, 2006
12:17 PM
To: ActiveDir@mail.activedir
When you say "lose their account", do you mean the computer
object in AD disappears? Or something else?
-g
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brenda
CaseySent: Wednesday, January 18, 2006 10:42 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD computer
Joe, you’re exactly right, only I DO
have the site link defined. Any other reason why it may not get created
automatically?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, January 11, 2006
8:55 PM
To: ActiveDir@m
Brenda-
I see the k12 email address (I run AD for Chicago Public Schools), first
question I have to ask is do you have any lockdown software on these computers?
DeepFreeze, Fortress, or similar? This will screw with and hose up computer password
sync.
Thanks,
Brian Desmond
[EMAI
Hi Team,
Wanted to know what are the pro's and con's of delegating the DNS zone created in Windows DNS for 2003AD being delegated to Novell DNS as the client wants to use Novell as the primary
Regards,
Chandra Burra
Occasionally computers will lose their
account in Active Directory for no apparent reason. Sometimes it is a
computer that has just joined the domain, while other times the machine has been
a member of the domain for 2 years. The computer can only be logged on by
a local account (not a doma
Title: Unresolved SIDs in ACL
Darren, you are
correct, as usual when it is anything related to GP :)
No, this is not
possible to perform using only CSEs, Specops Password Policy uses a Password
Filter as Joe implicitly stated in another post regarding this. Ill keep this
post as short as
Hiring on with an IT services company that does large
Windows projects would probably be the best way to develop the experience you're
looking for. That way you get exposure to many different environments,
requirements, people, and projects.
HP, Internosis, LogicaCMG, and Microsoft Consulti
I have a friend that has an SBS 2003 Server running in his business.
The server was installed from an eval. disk and then someone used some kind
of hack on it to get it to not expire. The server now cannot be updated to
the latest service packs, etc. and has other problems.
I was asked to help ou
Consulting is the way to see the world (sometimes quite literally) and
figure out what in particular you like most and are best at IMHO.
My biggest project, AD and Exchange for half million users, 80K devices,
650 sites, 70 DCs is really two people running it.
Thanks,
Brian Desmo
Oh just what I need: more of those number-things
to confuse me ;-)
But seriously folks, would you recommend
using this R2 version for the migration from W2k to W2k3? Yes, we plan to
implement R2 on some machines in the domain.
-- nme
From: Jeremy Olson
[mailto:[EMAIL P
I am trying to figure out how one gauges their AD
experience. For example, I have designed, implemented and maintained an
AD/Exchange environment of 5000 users with 1000 workstations from the ground
up, alone. The environment is only 3 sites, with little complexity. I now work
for a company
The versionj of adprep.exe that is included with R2. is 5.2.3790.2075JeremyOn 1/17/06, Noah Eiger <[EMAIL PROTECTED]
> wrote:
Hi-
I am
preparing to upgrade a W2k domain to W2k3. I want to use the latest version of
ADPrep. I have found the following info and am confused:
For
AD
It's a common source of confusion.
Ask a user if version 1.4.4 is newer or older than 1.4.3.4
:)
Some say "34>4 therefore the latter is newer" some say
"4>3 therefore the former is newer"
neil
PS The purist in me would say that without a leading 0, the
196 below looks like 1 thousand 9
Title: Unresolved SIDs in ACL
Amazing what On Error Resume Next will do
for you eh?
---
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, I
That would be nice, but...no, I don't think search will be
any better. I suppose you could consider it a step up that the "new" ADM file
format will be XML. However I think in that case, the equation below would have
been reversed. I don't know about you, but I'm much slower creating well-for
Title: Unresolved SIDs in ACL
This company doesn't provide a large amount of
documentation on how they are doing this password change but it seems like they
are using the MS supported method.
As for scripting password resets, I'm very concerned
especially if this gets implemented I will n
Title: Unresolved SIDs in ACL
I know these guys at Specopssoft and they have done some
cool stuff with GP, but its not clear to me how this could be accomplished with
just some CSEs. This seems like it would require some fiddling at the DCs as
well. Maybe one of them is on this list and can e
Title: Congrat Jorge !
I’m here when you need me.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rich Milburn
Sent: Wednesday, January 18, 2006
9:58 AM
To: ActiveDir@mail.activedir.or
Ah don't worry about it, I figured you were just
disconnected there when I saw the first question at all. That is why I counted
it out. :)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah
EigerSent: Tuesday, January 17, 2006 8:38 PMTo:
ActiveDir@mail.activedir.orgSu
Title: Unresolved SIDs in ACL
Ah. Kind of scary that the script created the ACEs at all,
should have errored every time that you tried to apply a bad ACE.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, January 18, 2006 7:37
AMTo: ActiveDi
Title: Unresolved SIDs in ACL
Ditto whjat Neil said.
These are things you need to test very very very very very
much. They are hooked into a very core part of your DCs. You want to really load
a DC up and stress test the crap out of the tool it to see how it handles things
and try to get as
If you can write one faster than finding it, I saw write
away!
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich
MilburnSent: Wednesday, January 18, 2006 9:53 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Manage Your
Server - Removing from Default User
Ah
Title: Congrat Jorge !
Brian when I need your help I’ll ask
:op
Who would’ve thought there were TWO
people from here on this list?? (I’ll bet there are THREE hehe)
---
Rich Milburn
MCSE, Microsoft MVP -
Direc
Ah Darren you need the Make-or-Buy talk J funny that you could
write one quicker than you could find it. I hope longhorn server includes the
ability to search for a group policy setting the way vista lets you search the
start menu… that would be nice
Title: Unresolved SIDs in ACL
I have not used or assessed a product like this, but I
would guess that a client side GPO extension is required. This may not be
feasible in certain environments.
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carerros,
CharlesSent: 18 J
Everyone, thanks for the replies. Appreciate
the help.
Yes, we deploy new servers almost daily,
and we have developers and application administrators who log in to the
systems.
That being said, I did not want them
to be able to configure server roles (among many other things...) Also
locked th
Title: Unresolved SIDs in ACL
I was
just asked to look at this application that was recently
released:
http://www.specopssoft.com/products/specopspasswordpolicy/Default.asp
It
seems like someone did some good programming around the password filter dll
concept and then tied it into secu
1 - 100 of 102 matches
Mail list logo