Neal: Would you like to alter the list because you
would like to add your own custom groups/users to get controlled like that or do
you just want tojust change what is protected at
all?
joe: the
former
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: 20
I know to write a script which will take a username and find that user's
home directory but can I do the reverse? What I want to to is clean up
the home directories folders - I've got nearly 20,000 home folders but
only about 15,000 active accounts so what I want to do is take each
folder name and
Why dont you ask NTFS instead of AD? Why not you use something like subinacl and query the folders of the owner? Assuming all folders that are valid have proper owners, I guess the invalid folders will have unresolvable SIDs or Administrator as the owner against them.
M@
On 21/03/06, Steve
Why dont you ask NTFS instead of AD? Why not you use something like subinacl and query the folders of the owner? Assuming all folders that are valid have proper owners, I guess the invalid folders will have unresolvable SIDs or Administrator as the owner against them.
M@
On 21/03/06, Steve
Sorry for the dumb question, but I can't find any information regarding
this. =20
We are running a windows 2000 domain. We have set up a password policy.
Users have to change their passwords every 120 days. When will they be
prompted to change it? One week before? Two weeks before? Thanks.
Hello there,I have a question regarding Active Directory disaster recovery. I was just curious as to what steps you all take to protect your forest. An example is I back up my System State nightly and these tapes go off to a offsite location. If my building and computer suite was to burn
Check the Default Domain Controllers policy
Computer Configuration
Windows Settings
Security Settings
Local Policies
Security options
Interactive Logon: Prompt user to change password before expiration: 14 days
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior
My home directory is \\servername\ckaiser$. If I use the syntax:
adfind -default -f homedirectory=\5c\5cservername\5cckaiser$
It gives me the LDAP information for the share.
If I want to map share names to folder names, I use the reskit utility
share.vbs. Here's the syntax:
cscript C:\Program
Hi,I am trying to rename a user's RDN Displayname.I have tried using the following command using ADMODadmod -b "cn=HR AsiaPacificMailbox,ou=GMail,ou=AP,dc=SUNINT,dc=com" -rename "HRAP IT Mailbox" "displayname::HRAP IT Mailbox"This renames the RDN, but it does not rename the
You'll need to escape the backslash characters with a \5c (without the
quotes). Use this syntax:
homedirectory=\5c\5ctconwl11\5chome\5c1973
Didn't try it with LDP, but it works with ADFind...
**
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit /
Yes it is. I want to configure it to start
prompting folks 14 days before it expires. Thanks Jorge! That's exactly
what I was looking for.
-Christine
Christine N. Allen
Systems Engineer
BMC HealthNet Plan
2 Copley Place
Boston, MA 02116
617-748-6034
617-293-4407
[EMAIL PROTECTED]
Wouldn't it be, Default Domain Policy??
As that will apply to normal workstations.
--
Kamlesh
On 3/21/06, Almeida Pinto, Jorge de [EMAIL PROTECTED] wrote:
Check the Default Domain Controllers policyComputer ConfigurationWindows SettingsSecurity Settings
Local PoliciesSecurity optionsInteractive
Don't know if you have an access though ...
http://www.windowsitpro.com/Articles/Index.cfm?ArticleID=41666DisplayTab=Ar
ticle
March 2004 (Windows .NET Magazine):
Deactivating Schema Extensions
Reasons for Deactivation
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Hey, that's pretty good! works nicely!
I'm trying to put it all together with
other tools, I can get a listing of all homedirectories easily enough,
now I can get the owners of specific directories. But one last item. How
can I get a listing of all directories if they the shares are hidden with
Hello, colleagues. We're using Windows 2003 Active Directory, not yet
elevated to native 2003 mode. I have a help desk person who needs to be
able to delete print jobs from network printers. She is in the Print
Operator's group, but whenever she tries to delete a job for a user she
gets an access
I do a backup of the C: drive and system state using
NTBACKUP to a file on an alternate DC, then I back up the whole DC (files and
system state) using Legato Networker. Why the NTBACKUP? Just in
case...
I've done a couple of hotsite test recoveries of our DCs
(HP DL380G2) to various other
Using virtual disk file backups or images for AD disaster
recovery has USN-rollback perils that have been discussed several times here.
It's worth a visit to the archives to check those out before staking your
disaster recovery abilities on this strategy.
On the other hand, using AD-aware
In a perfect world that would be good; sadly, this is not a
perfect world :-) I know that we have some (many?) folders where the owner is
"administrators" and even the permissions are wrong (eg "users" have modify
access so the person who should be owner can get in and so doesn't complain
Brilliant! I'd tried doubling up the backslashes but I'd forgotten that
you just put the hex ASCII code in. Weirdly, it doesn't seem to work
with LDP but it works with VBScript and that's what I'm using so that's
OK :-)
Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Hi all,I have a DC running W2K server, with a number of OUs.I want to export the hirerarchy out, possibly to a CSV, or at worst excel (xls) file.Can anyone point me in the direction of where I would find out how to do that?
thanks in advance,b
http://support.microsoft.com/kb/237677/en-ushasinstructionsonexportingtheOUstructure
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard Michael
TyersSent: Tuesday, March 21, 2006 10:13 AMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Export AD user list
in
thanks hunter.works nicely. i also found this: http://www.computerperformance.co.uk/Logon/Logon_CSVDE_Export.htmoption 1 is a little messy tho'.
thanks for the help.bernardOn 3/21/06, Coleman, Hunter [EMAIL PROTECTED] wrote:
http://support.microsoft.com/kb/237677/en-us
Larry-
Ensure the helpdesk user has the ability to Manage Documents in the
ACL of the printer.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Tuesday,
I set mine to prompt people at 21 days. I got a
couple of people who went on two week vacations and then had problems logging
in.
Thanks
Russ
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christine
AllenSent: Tuesday, March 21, 2006 9:53 AMTo:
You can use csvde or adfind to output info to a CSV format
file, you just need to figure out what objects and attributes you want dumped to
the CSV file.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL
1. When using slashes in a query you need to be careful of the characters
following them. Officially you are supposed to specify all slashes that are
part of a query as \5c. However a lot of the times you can skip that, except
if the slash is followed by a valid HEX character 0-9 and A-F. What
This could prove troublesome, I would expect most of the
home folders would have an owner of administrator.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of matheesha
weerasingheSent:
One thing you should try to shoot for is to be
geographically disperse if possible. The more critical AD is to you the more
critical it is to have that in place because cold restore of an entire forest is
not something any but the seriously demented AD Admins are looking to to do.
Even if
You can't easily recover a schema. If you make the changes to a single DC
that is segregated from the rest so that it won't replicate you can have a
little safety in that you can rebuild that one or restore that one. But no
an auth restore of the schema is not possible (i.e. you can't roll back
You would need to do that in two separate ops. A rename and
then an update of the displayname. I don't recall off the top of my head why I
had to do it that way at the time. I have put a note in to go look and see if I
can combine those ops.
--
O'Reilly Active Directory Third Edition -
OK thanks, I have made a note. I will bring it up when I am
with someone who could make a difference with it. I have also made a note in the
folder that has suggestions for future joeware and/or Deviant Software
tools/solutions.
--
O'Reilly Active Directory Third Edition -
One additional comment that seems to have been missed, is that, like previously mentioned, you should carefully consider practicing your restores for the situations you've defined as warranting a disaster recovery. All of the other information about how to do it etc are great, but there's no
This is an interesting topic. I am having loads of issues w/ different
applications as vendors become more and more ldap compatible. It seems
back when we started w/ win2k, the adc was used to import distribution
lists w/ a leading space in the name. Apparently lots of applications
don't know
33 matches
Mail list logo
