Thanks Guido. That helps a lot. I was going to create the role
structure but leave them unpopulated and do most of the work myself.
I.e I am all roles!!
I was then going to populate them as and when I found skilled and
trusted chaps. I'll keep it very simple now.
Cheers
M@
P.S. Thanks again to
Personally I like to find a find a good
tool if it makes my life easier. In the area of user/group reporting one
such tool is Hyena from Systemtools.com. I'm not sure how (in) efficient
it's ldap queries are when it's asked for nested group membership but I've
never had to run it against an AD en
On 22/07/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I'm curious what, if anything, anyone else is doing to use some sort of
federated system so that user management is left at the hands of the
third-party companies. I'm curious also if anyone is aware of any
consulting groups that have
Title: Message
I'd be interested to
hear peoples strategy for permissioning windows based file servers when the
server is in a Windows 2003 domain. I have read the best practices about
putting users into global groups then put the global groups into local groups
then permission the resource
What are the rules for nesting QDGs? Most of the MS
documentation we see says that you can nest QDGs in other Universal
Distribution Groups, but when we try to add a QDG to a Universal DG, we are
unable to find the QDG. We’re running Exchange 2003 Native Mode and 2003
FFL for AD. Our Exchan
Steve - latest update from Microsoft regarding the DNS issue, install
hotfix 919218 which is the latest build of DNS.EXE with the KB article
dated July 19, 2006!
I'll keep you updated after the usual routine of testing the hotfix then
deploying in production then keeping fingers crossed while loo
Whoops, folks, I need to amend one statement below- ADFS does construct SAML
1.1 tokens (assertions), but not 2.0.
Thanks!
Laura
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Laura A. Robinson
> Sent: Tuesday, July 25, 2006 3:49 PM
> To: Ac
Hello,
First, please excuse my english written
After, the script below enumerates all groups (and their members) of a user.
Perhaps, this can help you for your needs
Bye
Set FSO = CreateObject("Scripting.FileSystemObject")
Set WSHShell = WScript.CreateObject("WScript.Shell")
Set WSHNetwork =
Having went through this quite a bit recently, I'll see if I can give you some help on this. Every security group on a user's token adds about 45 bytes to the token and sometime around 80 security groups, you can expect a token to break 4k and bump up to 8k. This will have the most impact to Excha
Somehow I avoided answring your question the first time...Going global role-based group and local task-based group is pretty standard in larger environments.You create the global group to hold users and the local group to hold users. The purpose for this is so that you can nest multiple role-based
Hi, I have a HP ML370 Proliant Server. It currently has 4 x 36GB in a RAID 5 set. I want to upgrade the disk capacity of this server. I have bought 4 x 300gb disks as replacements. At present I have 4 x 36GB disks in the server. I was told I could replace one disk in the RAID with a 300
James,
Have been in a similar situation on
numerous occasions with HP ML350 G3/G4’s. In our case we installed a
firewire card and a Lacie drive or utilised the native USB to portable HD and
Acronis True Image. We imaged the disks and then pulled them out and put the
new ones in and imag
If you do it that way, I would make sure
you’ve got the network cable unplugged when you boot it after
imaging. Depending on what you are using the server for it could cause
problems.
I had a customer follow this path with a
domain controller. He booted the server from the old drives a
This sounds like the safest way to do it, but you will have
some downtime. I've done it (on a Dell box) the way you described:
swapping one disk at a time, and there is downtime that way, too. (in addition
to the severe performance hit of the array having to rebuild several
times)
From:
Hi James,
I can tell you that I've used the method
you were suggested below [replace one disk at a time] on a DL380 G1 running
Windows 2003. I did exactly as you described, but I may have taken very
slightly different steps afterwards (it's been awhile). After the disk
swaps I think
Hey,
Created a restricted group policy for my domain
that's adds some groups to the local administrators group of the workstations.
My question is now management wants me to delete it. If I understand the way
this works is that if I delete it then it will delete the groups that were
ass
If you
delete what? The GPO?
Laura
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
StrongoskySent: Wednesday, July 26, 2006 7:08 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Question on
"restricted group" policy.
Hey,
Created a
When I wanted to do this with my domain
workstations, I simply used a group policy object to deploy a startup script
that added the proper security groups to the local administrators group. If I
wanted to then remove these groups, I would simply edit the script and switch
the /add to a /de
This somewhat depends upon which side of Restricted Groups
you're using (i.e. "Members of this Group" or "This group is a member of"). If
its the former, and you clear out the users in the list but leave the local
Administrators group under control, then it will clear out the members of that
I would use the ghost method, I’ve
done this numerous times with servers and never ran into a problem. All in all
it really is a fast solution. And since you’re doing it over the wire you
can speed the process up by using gigabit components.
From:
[EMAIL PROTECTED] [mailto:[EMA
Yes -- I've done that, and that's how it worked for
me.
From: Darren Mar-Elia [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 26, 2006 5:23 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Question on
"restricted group" policy.
This somewhat depends upon which side of Restricted
Title: Message
Local groups are “so 1990s” …
because they exist on individual systems, they are virtually un-manageable
(save via Restricted Groups policies). Fugghedaboutem.
DOMAIN LOCAL groups are what you probably mean, or should mean.
They exist as a single instance in Active Dire
Title: Message
That’s what I get for reading my inbox “up”… David: do read my
treatise in my earlier email.
But Matt Hargraves response did raise the one technical issue
I only alluded to: token size. He’s right to raise a ‘flag’ about Exchange.
Depending on the complexity of yo
>From my experience, Restricted Groups settings simply state what the computer (or domain controller if you stick the setting in your DCs GPO) will make sure what the group memberships are going to be when it checks the GPO. If you set the "Administrators" group to be "Domain Admins; groupa; group
FYI:
http://blogs.msdn.com/jolson/archive/2006/07/27/679801.aspx
Read-Only Domain Controller and Server Core
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
There are some considerations when you get to multidomain forests:Domain Global groups can only contain user or global group objects from the domain they actually reside within. In other words, if your global group resides within
corp.company.com then you can have *only* members that are within t
26 matches
Mail list logo
