Not an AD blog, but I quite enjoy Raymond Chen's blog:
http://blogs.msdn.com/oldnewthing/
Interesting stuff, even if you're not a Win32 API guru.
And let's not forget the blog of the SBS Diva ;-)
http://msmvps.com/blogs/bradley/
On 09/06/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
<[EM
No, that's a layer 8 issue - operator error.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Friday, June 09, 2006 7:26 PM
To: ActiveDir@mail.
And when you put ISA on a DC... we prob go into negative layers...
;-)
Brian Desmond wrote:
*When I think of a firewall I think of a layer 4 contraption. Layer 7
is like putting ISA or something on the box.*
* *
*Thanks,*
*Brian Desmond*
[EMAIL PROTECTED]
* *
*c - 312.731.3132*
* *
*F
What you need to do is get your file servers at strategic points on your WAN
(hub, edges, etc) setup and use DFSR to replicate the MSI. Then you can
deploy the MSI from the DFS path and your clients will use the local copy.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original
That is correct. XP and newer only.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Figueroa, Johnny
Sent: Friday, June 09, 2006 1:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] W
You can use SPA, or you can use logman and tracerpt to get
detailed LDAP stats. SPA does a lot of analysis for you and diagnoses several
classes of AD perf problems. Tracerpt will give you a fairly raw look at all the
LDAP traffic. I covered all three in my DEC AD Performance session (which I
Well, both really. If you User Assign an application, it can be installed at
logon or just advertised (i.e. install on first use). It will also appear in
ARP unless you check the box for it to not appear.
Darren
Darren Mar-Elia
For comprehensive Windows Group Policy Information, check out
www.gp
Generally speaking, no, they won't break. It gets a little complicated.
Let's say that the application is a single MSI with embedded files. That MSI
gets cached on the workstation during install. So if, for example, the app
needs to be repaired or removed, then it will find that cached MSI and life
One more question - if you assign a software package to users, does it
push to their PC when they login next or when they click "add" in
add/remove programs?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Friday, June 09, 2006 3:38
Are you saying that if I deployed an MSI to a bunch of users from a
single fileshare and later get rid of that share, all those users GPO
installed apps are going to break even though they completely have the
software installed?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PR
Password policy changes for domain user accounts can only take affect if
they are linked to a GPO at the domain level. I have a short video training
session that explains this at www.gpoguy.com/training.htm if you're
interested in understanding more.
So, bottom line is that if you're making passwo
It is 1/2 a dozen of one, 1/2 a dozen of the other ...
We "store forward links", but AD defines a table, with indices such that
we have an efficient way to lookup backlinks for a given object. Don't
have time right now to show you what I mean, but my Daddy says there are
24 usable hours in the da
Hello,
When the default domain controller policy is changed in respect to
password complexity, length, etc., how long is it before the change
takes affect? We have an automated system that is trying to change
passwords but is getting bounced back that the password doesn't meet
complexity. I change
First I wouldn't use such a wide-open group as Domain Users to target your
install. If you do, then you pick up a lot of unwilling victims. I would try
creating a special group just for this deployment and use that to security
filter either the GPO or the individual app.
But, if you need to use D
Yes, definitely true. Win2K is blind to WMI
Filters...
Darren
Darren Mar-Elia
For comprehensive
Windows Group Policy Information, check out www.gpoguy.com-- the best source for GPO tips,
tools and whitepapers. Also check out the Windows
Group Policy Guide, a soup-to-nuts resource for Gr
Russ-
The right answer with Software Installation is pretty much to always use
DFS. That way if the package ever has to physically move off of a server,
the path doesn't have to change. Path changes aren't supported in GPSI
without a re-install. So,to answer your question, yes, I would use DFS to
d
Active Directory Discussion : Introducing the Active Directory
Discussion Blog:
http://blogs.technet.com/ad/archive/2006/06/09/434604.aspx
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
The SBS product team wants to hear from you:
http://msmvps.com/bl
If I assign a software GPO to all users (domain users), how do I ensure
that if one of those users is in the IT department, they won't
unknowingly push the Office Communicator installation to every server in
our server room?
~~
This e-mail is confi
I'm wanting to deploy an MSI (office communicator) to 100% of the
desktops in our domain. These desktops are scattered across the world
over various wan links. I'd like to deploy it with a GPO (assign the
software, not force the install), but I also don't want to kill our wan
links. Is there an
Hi,
I was just reading Tony's
article
(http://www.activedir.org/article.aspx?aid=92)
on linked attributes, and encountered something that I wondered about. This
section "Why have linked attributes?" says:
"I haven't seen an
official explanation, but I can think of two reasons why
It is true that SPA is not localized but I
believe the French version will be ok. The problem comes about with the
localization of the perfmon data. If you have problems post back and we can
try a few work arounds because we are only really interested in the trace data
at this point which
That would explain it!
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Figueroa,
JohnnySent: Friday, June 09, 2006 1:20 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] WMI
Filter
I thought WMI filters could only be evaluated by XP or 2003
?, 2000, NT will ignore
I thought WMI filters could only be evaluated by XP or 2003
?, 2000, NT will ignore the filter and apply.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin
(ITS)Sent: Friday, June 09, 2006 10:55To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] WMI
Filter
I t
I think I did
something wrong... I was using this WMI filter on a GPO:
"select * from
Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional" OR
Caption = "Microsoft Windows 2000 Professional""
I was doing this to
keep this GPO from applying to server operating systems,
Thank you for your answer Steve. I will install spa on monday and see if i can log some ldpa activities (errors, connections pb,etc...). Will this version of spa work on a w2k3 sp1 French version ? Regards, YannSteve Linehan <[EMAIL PROTECTED]> a écrit :
I would sugg
The limit on the number non-linked multi-values (~800 - ~1300 depending)
probably wouldn't apply (even if you put each post for a given thread it's
own value) ... the max LDAP packet size (10MBs) would apply though, your
posts can get Looonnngg.
Cheers,
BrettSh
On Thu, 8 Jun 2
Thanks. I’ll take a look.
-- nme
P.S. Susan, I will get my nominations in order!
From: Brian Desmond
[mailto:[EMAIL PROTECTED]
Sent: Thursday, June 08, 2006
11:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT:
Security Policy Thoughts
NAC != .1x.
Credentials should be unique within an organization.
Mail attributes, logons of any type, and any identifying information such as samaccountname, alias, cn, etc should be the same across a user for the sake of troubleshooting and preventing duplicates and the issues that come along with that.
Not that I've run into, as far as accessing subfolders via
OWA. Again, this would be very easy for you to confirm in your environment and
throw back at the CA tech, though you might consider this a good indicator of
what you're in for support-wise from them.
From: [EMAIL PROTECTED]
[mailto
Perfomon trace logs will generate the raw
binary trace data but it has to be processed. The easiest way to get at this
data is to use SPA which will collect the binary trace data and process it into
human readable format.
Thanks,
-Steve
From:
[EMAIL PROTECTED] [mailto:[
I would suggest taking a look at Server
Performance Advisor (SPA), assuming these are Windows Server 2003 DCs and using
it to collect and analyze the data for the DCs in question. This tool combines
performance counters and the tracing data that Joe is referring to which will
allow you to
We make mailnickname=alias=samaccountname. I'm pretty sure
that we started making most of this happen when we renamed accounts a long time
ago (possibly NT4/Exchange 5.5 long ago!) because we did get problems if the
alias wasn't the same as samaccountname.
We do have an email address matchi
Ok thanks.
When you said "..use event tracing ...", do you mean using Perfmon Trace Logs ?
- Message d'origine De : joe <[EMAIL PROTECTED]>À : ActiveDir@mail.activedir.orgEnvoyé le : Vendredi, 9 Juin 2006, 4h34mn 33sObjet : RE: [ActiveDir] AD LDAP Logging.
Unfortunately the logging is v
Thanks.
What about mailNickname?
Are there any issues if mailNickname is different than sAMAccountName in re: to WebDAV?
Thanks again
On 6/9/06, Coleman, Hunter <[EMAIL PROTECTED]> wrote:
Empirical evidence suggests that he shouldn't be insisting so much. Very few of our users have a proxy ad
Empirical evidence suggests that he shouldn't be insisting
so much. Very few of our users have a proxy address of [EMAIL PROTECTED], and
we have no problems getting to subfolders via OWA. I'm sure you could take a
test user account in your environment and duplicate
this.
From: [EMAIL PROTE
Unfortunately the logging is very basic, it will not log
LDAP errors from anything I have seen. This is something I have asked for from
MSFT as well, very detailed LDAP logging like you can enable with some of the
other directories. Usually I hear a response of use event tracing but I haven't
Good point Joe.
I will use perfmon to monitor the health of my DC.
An nother question.
The Web app timed out with this generic error "the serveur is down", where "the server" = mydc.
At the time of the web app timed out, i saw no errors about ldap connections between my dc and the zope server.
My company wants to use a mail stubing app called "Mailbox Manager" from CA.
I've been going back and forth with the tech there.
He claims that, according to him, due to a limitation in WebDAV, one of the user's proxy addresses needs to be in the format of [EMAIL PROTECTED], for users to be able
Totally agree on the points said by Susan. Practive is important though, it's even documented by MS and that works just fine. And I use the built in backup, no issues poped up and I had the server up and running in now time!
On 6/8/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <[EMAIL PROTEC
When you change that threshhold you are specifying how
expensive you want the query to be before AD reports it.
Changing "Expensive" to 1, according to the docs means that
as soon as a query has to look at one or more entries it will be logged.
So when you turn down that value, you are tell
Hi, This is a bit off topic but one
of my colleagues is trying to establish if anyone has any experience of the
following issue when using OMA. This is his posting from other
newsgroups. As yet he has had no response. I know this list
is quite good even off topic so I offered to post
Hello Tony,
Very usefull information ! Thanks.
i enabled this config:
15 Field Engineering to 5
Expensive Search Results Threshold to 1
Here are the LDAP operation, :
1644 INFORMATIONAL NTDS General Fri Jun 09 09:55:16 2006 childdomain\user1 Internal event: A client issued a search operation
42 matches
Mail list logo