Hi Guys,
We have a peculiar requirement, that one of the small group of around 300 users will be parting from corporate AD and will be setting up there own forest.
We will be using ADMT 3.0 for migration.
source DFL FFL : windows 2000 native
Target DFL FFL : Windows 2003
Two way trust between
AllJust a quick query. Does anyone know what cn=meetings,cn=system,dc=domainfqdn is for? CheersM@
Maybe I misunderstand the post but why re build in this
scenario?
All the OP needs / wants to do is to add disks and to
expand the existing arrays. He requires no or minimal downtime too. This can be
achieved as the OP described.
FWIW: I have performed this (not in the last 5 years) on
Title: Message
Matt /
Dan - great posts from both of you and this has provided some good material to
start planning.
Thanks
-David
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Matt HargravesSent: 27 Jul 2006
6:36To:
Just curious, but what was the point of migration? Why not create new in the target and have them adhere to your new company standards?
As for what would break. Hmm not sure you'd be able to read the information needed to perform the migration. At a minimum you would want to grant them the
you can migrate most objects from the source even without
admin rights to them - the default auth. user already has plenty of permissions
to read most attributes you would care to migrate.
You could still setup passwords migration without giving
themdomain admin privs to your source domain
To disable cached credentials, simply alter the appropriate
GPOs so that every system in the environment has the Computer Configuration,
Windows Setting, Local Policy, Security Options control of Interactive
Logon: Number of previous logons to cache (in case domain controller is
not available) to
Hi WIlliam
Computer Configuration/Windows Settings/Security Settings/Local
Policies/Security Options/Interactive Logon:Number of previous logons to
cache, setting that to 0 will turn off cached credientals.
Hope that helps,
John
I'm not understanding why the OP doesn't just stick the new drives in, create the new RAID set from those, create the drives and restore from tape to the new RAID drives. As long as he does it on a Sunday, it shouldn't really take more than an hour to get the old drives out and the new ones in
Title: R2 vs w2k3 SP1
Question 1:
Server 1 is built with R2 CD1. CD2 is not used at all.
Server 2 is built with R2 CD1 and r2setup is executed from R2 CD2 as well.
Will these 2 servers be configured differently in any way, other than the additional hooks in 'add/remove programs'?
Title: R2 vs w2k3 SP1
whenthe R2 binaries are installed on the server
the only thing that happens is that the R2 options are INTEGRATED (not
installed). The options still need to be installed additionally. So yes, the
only differenceis the list in Add/Remove Programs.
There is a small
Main point of migration is they don't want to lose their current workstation profile settings, and network share permission.
I have setup a test network, and without giving admin rights on source, I am able to migrate
groups, users without sidHistory.I checked clonepr.vbs and stuff, but that
Laura, yes the restricted group gpo that I
created.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
RobinsonSent: Wednesday, July 26, 2006 4:13 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Question on
"restricted group" policy.
If you
delete what?
Appreciate the quick response,
I was able to migrate groups, users without sIDhistory to target.
I also tried using clonepr.vbs, it also asks for admin rights on source.
And reading further, it made it clear that, can't populate sIDhistory through legitimate APIs without having admin rights on
Title: R2 vs w2k3 SP1
whenthe R2 binaries are installed on the server
the only thing that happens is that the R2 options are INTEGRATED (not
installed). The options still need to be installed additionally. So yes, the
only differenceis the list in Add/Remove Programs.
[Neil Ruston]is that
I have 4 DCs that are Win2003 SP1 and 1 DC that is
still Win2000 SP4. Id like to add a new DC that is Win2003 R2. Is
there anything special I need to do (i.e. forestprep/domainprep) or can I join
it just like another Win2003 SP1 DC?
Thanks,
Bryan Lucas
Server Administrator
Texas
Well for starters:
1.
WhenyoulaydownaGhostimageonthenew drive
array, Ghost will handle the drive
expansion for you; you won't have to run diskpart to expand the
disk.
2.You can retain the disks you removed if there's any
problem you can go back to it with little
headache.
3. You don't
Youwillhavetoexpandyourschema:
http://technet2.microsoft.com/WindowsServer/en/library/509ada1a-9fdc-45c1-8739-20085b20797b1033.mspx?mfr=true
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lucas,
BryanSent: Thursday, July 27, 2006 11:15 AMTo:
run ADPREP /FORESTPREP from the SECOND R2
CD!
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lucas,
BryanSent: Thursday, July 27, 2006 17:15To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Adding the first
Win2003 R2 DC
I have 4 DCs that are
On 7/27/06, Lucas, Bryan [EMAIL PROTECTED] wrote:
I have 4 DC's that are Win2003 SP1 and 1 DC that is still Win2000 SP4. I'd
like to add a new DC that is Win2003 R2. Is there anything special I need
to do (i.e. forestprep/domainprep) or can I join it just like another
Win2003 SP1 DC?
Yes,
make sure you run adprep /forestprep and /domainprep from the second r2(windows 2003) discit's located in i386\cmpnts\r2\adprephttp://blogs.dirteam.com/blogs/jorge/archive/2006/05/06/930.aspx
follow jorge's blog entry on how to identify if R2 has updated the schema version.On 7/27/06, Lucas, Bryan
There is an adprep folder on the R2 cd. Run
it just like you would for 2000 to 2003 upgrade.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Thursday, July 27, 2006
10:15 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Adding the
first
You need to run forestprep from the R2 CD on your schema master.
Paul has a nice summary here:
http://www.msresource.net/content/view/60/47/
and more from Microsoft
http://technet2.microsoft.com/WindowsServer/en/library/5022eea0-54bc-422f-b98b-ddb836c8ee851033.mspx?mfr=true
Thanks
Mike
Title: R2 vs w2k3 SP1
(1) I remember seing it somewhere (while writing this,
I remembered the location which can be found in the link below! ;-)) ).
INTEGRATING R2 onto a server does impact that server. It just adds options to
the Add/Remove Programs list. Installing one of the new options
Is there a way to set a restricted group
membership, yet allow for additional members to not be removed when the group
policy is refreshed? We have a number of engineers that we grant local
administrator privileges on a case by case basis, and the initial reason I
dismissed the use of
MS NetMeeting uses the Meetings container to publish network meeting
objects.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matheesha
Weerasinghe
Sent: Thursday, July 27, 2006 12:31 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir]
[unlurk]
Hi Justin,
Right-click on the Distribution Group that you'd like the QBDG to be a
member of and select "Add Exchange Query-based Distribution
Groups".
HTH,
Katherine
[/unlurk]
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin
(ITS)Sent: 26 July 2006
I have a few correcting comments on this (see
below).
Darren
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
HargravesSent: Wednesday, July 26, 2006 9:39 PMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Question on
"restricted group" policy.
From my
Title: Exchange rollout - How much larger does NTDS.DIT become?
NTDS.DIT is currently 650megs. Once Exchange has been fully deployed, any guesses as to how much larger it will become? Just looking for a ballpark figure...thx,RM
What you've described can be done with the "This
group is a member of" portion of restricted groups. This allows you to put a
particular group into another group without caring what other memberships are
contained in that group.
Darren
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Title: Exchange rollout - How much larger does NTDS.DIT become?
How many domains, how many users, is it
650 meg on a GC or non-GC? Is this 650meg after an offline defrag? If not
when was the last time it was defragged? I am not sure it is answerable even
with that info, but it certainly
Anything from about 700 up. You can actually find the numbers to figure out how much larger you can expect it to get based on the fields you use. If you don't use any, or don't have any addresses, etc, then it's very small bump. If you do have a lot of Exchange data that you intend to populate,
Wow Katherine, thanks! I cant
believe we missed such an obvious context menu!
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katherine Coombs
Sent: Thursday, July 27, 2006
11:23 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Query
Based
Thanks to all for the responses.
Bryan Lucas
Server Administrator
Texas Christian University
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mike kline
Sent: Thursday, July 27, 2006
10:44 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Adding
Guido, which changes to you want to see in dsacls in B3?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Tuesday, July 25, 2006 6:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] ldp in ADAM-SP1
well, for Win2000
Hi,
When user on VPN network, they can not apply Group Policy since there
is a firewall between VPN network and Internal network. Now, I need to
find out how many ports are required to allow clients to successfully
apply group policy.
Based on KB832017, To successfully apply Group Policy, a
Check out this article for restricting the range of dynamic
ports used by RPC/DCOM.
http://msdn.microsoft.com/library/default.asp?url="">
Darren
Darren Mar-Elia
For comprehensive
Windows Group Policy Information, check out www.gpoguy.com-- the best source for GPO FAQs,
video training,
Hi,I have two queries:1. What is the difference between the Users Container and Builtin Container off the root of AD. What do the different groups do?2. What is the difference between the Administrators group and the Domain Admins group. which has higher permissions within the forest?
The article below works well. I push the registry to my machines via
GPO. My ports used are 5001-5051.
-Z.V.
Darren Mar-Elia wrote:
Check out this article for
restricting the range of dynamic ports used by RPC/DCOM.
http://msdn.microsoft.com/library/default.asp?url="">
Interesting
CN=Users = default container for users
CN=Builtin = default container for builtin objects such as administrators.
IIRC.
Domain Admins vs. Administrators? It's a toss up because either can become the other. By default however, domain admins has rights to more objects because by
I was just curious what the different security groups were in each container, wondered if the users container was the default for users, why have various security groups in there as well. Why not have them all residing in the one container.Thanks for respondingAl Mulnick [EMAIL PROTECTED]
41 matches
Mail list logo