RE: [ActiveDir] OT: Command line for exchange

2006-07-15 Thread Brian Desmond
> Command line for Exchange.. .yuck ? There isn't one to speak of now, although Monad had some fundamental issues last I saw/heard as far as the utility of the commands in large environments. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 > -Original Message- > From: [EMAIL

[ActiveDir] OT: Command line for exchange

2006-07-15 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Download details: Introduction to the Exchange Management Shell: http://www.microsoft.com/downloads/details.aspx?familyid=1dc0f61b-d30f-44a2-882e-12ddd4ee09d2&displaylang=en Command line for Exchange.. .yuck -- Letting your vendors set your risk analysis these days? http://www.threatcode.com

Re: [ActiveDir] Object Auditing

2006-07-15 Thread Matt Hargraves
I am simply pointing out his options.  If you noticed, my first recommendation was to ACL his AD structure so that only a very small number of people could perform that type of task.I'm definitely not going to say that tools should be the savior for people who make mistakes, but they're darned nice

Re: [ActiveDir] AD Sites Rename

2006-07-15 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
...don't I know it dearwe should be the shining light..the beacon of secure software... and instead we're the poster child of crappy apps... www.threatcode.com (And the Secure Development Lifecycle book from Howard/Lipner only served to make me more ashamed of my industry's software) Bri

RE: [ActiveDir] AD Sites Rename

2006-07-15 Thread Brian Desmond
The software you CPA folks use is actually particularly well known for being crappy.   Thanks, Brian Desmond [EMAIL PROTECTED]   c - 312.731.3132   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Saturday,

RE: [ActiveDir] AD Sites Rename

2006-07-15 Thread joe
I am not sure how many there were but I am sure there are some number of them. I used to deal with a lot of finance folks and legal folks at a large financial company, with the exception of one financial guy who was responsible for the work to maintain the company's credit rating by figuring

Re: [ActiveDir] AD Sites Rename

2006-07-15 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
...just don't tell me how many of those clients are CPAs and Attorneys... joe wrote: LOL. :)   I have seen those. Especially A (and the general we don't have time to check out our app) because the DA's didn't want to lose their DA rights because they weren't going to be able t

RE: [ActiveDir] AD Sites Rename

2006-07-15 Thread joe
LOL. :)   I have seen those. Especially A (and the general we don't have time to check out our app) because the DA's didn't want to lose their DA rights because they weren't going to be able to convert their domain, they would get migrated into the corporate domain.   The answer to all of th

RE: [ActiveDir] Object Auditing

2006-07-15 Thread joe
Again, this is after the fact and requires you to bring things back so there is going to be a period where someone somewhere isn't doing the job they are being paid to do and depending on the person and the company the consequences could be dire.   Much better to disallow the mistake in the f

Re: [ActiveDir] Object Auditing

2006-07-15 Thread Matt Hargraves
There are tools out there by Quest software (www.quest.com) that will allow both auditing (InTrust for AD) and recovery of altered or deleted items (Recovery Manager for AD).  RMAD is really nice in that you can restore a deleted userID or group and get back all of the properties, including things

RE: [ActiveDir] AD Sites Rename

2006-07-15 Thread Richard Kline
Amen.   Does anyone else have departments which refuse to: A)  Migrate from old NT 4 domain B)  Apply SP2 on Windows XP workstations C)  Insist that Word Processing technology reached it’s zenith with Word Perfect 5.1 (for DOS) D) Fill in the blank E)  All of t

RE: [ActiveDir] SFTP with AD Auth

2006-07-15 Thread joe
The person to ask on why they don't would probably be Alun Jones (think WSFTP). He is a former and now again I believe MVP who worked on the FTP IIS team for a while and I know has quite a bit of insight into what they are doing.   Honestly, personally it doesn't surprise me that MSFT does

RE: [ActiveDir] Log On To...

2006-07-15 Thread joe
Could be multiple things. The way I understand that that capability is implemented is that the GINA code on the machine that a user is logging onto looks at that info in the domain and then makes a decision on whether to log on or not. Any authentication that doesn't go through the GINA code

RE: [ActiveDir] AD Sites Rename

2006-07-15 Thread joe
I love Brian's responses. I expect some people may think responses like this are harsh but the reality of the situation is that Brian, although young, has been involved in running some seriously large environments and seen a lot of stupid crap and learned the lesson that you need to remove s

RE: [ActiveDir] Object Auditing

2006-07-15 Thread joe
I have to say I agree quite strongly with this. Auditing is nice and all but it only points at who made mistakes, it doesn't help prevent them (what of the fine admin had deleted the OU instead of moving, auditing sure would have helped there...). If you have an entirely ad hoc fly by the sea

RE: [ActiveDir] Group Policy won't rerun

2006-07-15 Thread Darren Mar-Elia
Title: Group Policy won't rerun If you don't want to have to re-ghost, there is no harm in deleting the orphaned reg. entries. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stu PackettSent: Friday, July 14, 2006 5:13 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDi

Re: [ActiveDir] Object Auditing

2006-07-15 Thread Kamlesh Parmar
You will find this blog entry by ericfitz helpful.http://blogs.msdn.com/ericfitz/archive/2006/03/07/545726.aspx On 7/14/06, Matt Hargraves <[EMAIL PROTECTED]> wrote: Well, you could always ACL your AD better and make it where only a small number (2 or 3 accounts) of users can make AD organizational