Title: Re: [ActiveDir] Forestprep Failure
Outstanding response
Steve! That was far more than I could have ever expected. I "almost"
wish I had not taken a vacation day tomorrow just to see if your instructions
will work! I'll certainly work on this Monday morning and let you know if
I
Ben,
The reason for the schema admins empty was in case as part of an install an
application "just" extended the schema - you run the group empty that cannot be
done.
I think Steve has your solution here.
Mark
-Original Message-
From: "Steve Linehan" <[EMAIL PROTECTED]>
Date: Thu, 6
Ben,
These errors generally occur when a third party application has extended
the schema and it conflicts with the base schema we are trying to put in
place. There were many conflicts found during the initial upgrades to
Windows Server 2003 which is why additional information was put int
DCOM Ports, NTFRS ports, Nagios port, some of the other ones on his
list. I'd have to look at the build scripts to remember.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Susan
Brian Puhl's Weblog : AD and DC Builds, tweaks, configurations... The
Registry:
http://blogs.technet.com/bpuhl/archive/2006/07/06/440495.aspx
Brian Puhl's Weblog : AD and DC Builds, tweaks, configurations... (1):
http://blogs.technet.com/bpuhl/archive/2006/07/06/440493.aspx
---
To try and answer everyone’s
question all at once…
At this point, we don’t have
Exchange running in our test environment, we do have copies of the servers
there, but have not re-added them to the domain to bring them up. I don’t
think that having the actual Exchange servers online should
Hello BEN,
Just for info, i already had some trouble after doing a P2V of one DC.
When i tried to install Exchange on it, domainprep was freezing, trying to contact the other DC which i didn't P2V's.
Zeising the role was enough, i needed to remove it from AD.
cheers,
Mathieu CHATEAU
Thurs
Hello BEN,
since you only did one DR, does it mean that the same coputer is both DC and Exchange ?
I now limitations when Exchange is on a DC.
Since you can restore again, can you shoot of exchange before ?
Thursday, July 6, 2006, 10:12:58 PM, you wrote:
>
Hello Mathieu,
Yes, we ru
Ben,
Are you sure SFU has not been installed? Do you run Schema Admins Empty?
Mark
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of WATSON, BEN
Sent: 06 July 2006 21:13
To: Mathieu CHATEAU
Cc: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Forestprep Failur
Hello Mathieu,
Yes, we run a fairly simple domain setup.
Single domain, single forest.
We are running in Windows 2000 native mode
for domain and forest. Exchange 2003 is also in native mode.
And nice catch on SMS, I deployed it
myself and should’ve remembered to mention that. We do ha
But it was a GP misfiring.
Isnt it?
Regards,
Jaspreet Singh Jolly
On 7/7/06, Ravi Dogra <[EMAIL PROTECTED]> wrote:
Hi Nitin / Jolly,I have reviewed event logs then and there when problem arised. I foundvery vital information and problem was resolved before i left for the
day this morning.Nice to
Hi Nitin / Jolly,
I have reviewed event logs then and there when problem arised. I found
very vital information and problem was resolved before i left for the
day this morning.
Nice to hear from both of you. This is a precious mail for me now.
Jolly, You are always very helpful and this time th
Hello BEN,
are you in Windows 2000 native mode ? the forest too ? exchange native mode ?
Do you have SMS ? it extends the schema as well.
Cheers,
Mathieu CHATEAU
Thursday, July 6, 2006, 7:43:21 PM, you wrote:
>
I am working to perform a domain upgrade from 2000 to 2003 R2 and I am r
A service running on ServerA as localsystem or
networkservice will touch remote machines including ServerB with the security
context of DOMAIN\ServerA, not networkservice.
A service running on ServerA in localservice should touch
remote machines as anonymous.
At no point will configuri
I am working to perform a domain upgrade from 2000 to 2003
R2 and I am running into problems right from the start when attempting an
ADPREP /FORESTPREP. The domain also has Exchange 2003 running as
well. Also, we have never extended the schema with Services for Unix 2.0
which I know can c
Will do – thank you very much for all of
your responses.
-James
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]om
Sent: Thursday, July 06, 2006
12:40 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Computer Account in Loc
I see...
If the service runs as LocalSystem, then it already has the highest privilege possible on that system. In this case, the vendor (or the vendor's support rep) may be asking for this simply for the "interact" portion of your statement. Without knowing what the app does, it's hard to tel
www.threatcode.com
Which vendor?
(please don't tell me a crappy accounting app?)
And there's typically ways around this to hack up the registry. We have
to say no to these vendors especially with Vista's UAC right around the
corner.
[EMAIL PROTECTED] wrote:
I’m definitely not wanting to do
Yes, it does. Tell your vendor to fix their POS application.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, July 06, 2006 10:09 AM
To: ActiveDir@mail.activedir.
I’m definitely not wanting to do this –
but a vendor was saying to do it to allow one of their services to run as Local
System and be able to interact with another machine.
I am very skeptical, and not allowing it.
Thanks,
James
From:
[EMAIL PROTECTED] [mailto:[EMAI
Another big benefit to using an Enterprise CA is that you can use
existing Certificate Templates and auto-enroll all your Domain Controllers
via Group Policy.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Thursday, July 06, 2006 4:06
AMTo: Acti
I would add on there take the time to
watch the following webcasts..
Best Practices for Public Key
Infrastructure: Steps to build an offline root certification authority (part 1
of 2): Wednesday, April 20, 2005
http://support.microsoft.com/default.aspx?kbid=896733
Best practices f
Hi Ravi,
If u remember we used to face this problem quite frequently while we were having operations in TS.( Almost once in 2 Months ) but touch wood this problem automatically got resolved when we demoted the ADC of TS.
Also u can always login with ( P--) ID to DC as it can never get locked
I've implemented 3rd party certs on DCs for precisely this
reason (LDAP over SSL). The process was a little convoluted but it works
:)
I don't follow the chaining issue - the DC merely needs to
trust the PKI infra which issued the cert.
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PR
24 matches
Mail list logo
