You can use ADAM for this.
ADAM supports X.500 compliant naming contexts.
http://technet2.microsoft.com/WindowsServer/en/library/0dcb8e13-4ebb-4fae-98
87-c51d9010bede1033.mspx?mfr=true
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Bri
Depends on what you mean "converting"
What are you storing in your AD? Are the users InetOrgPerson or customized?
How are you authenticating users?
Either way you can check out this tool:
http://www.ldapeditor.com
it allows you to "right click - copy" from one directory server to the next.
I use
How big of space?
Not sure what size you are but down here we're Level Platforms, Kasaya,
HoundDog, the brand new SCE beta (just opened Friday from Microsoft),
but like one of the guys at the SBS summit just recently said... the
tool is irrelevant sometimes.. it's the process that counts.
Al
I do not recommend Altiris. At first it was great,
except for the incomprehensible report generator. Gradually, weaknesses
and annoyances started cropping up, and then the death blow: a major upgrade
that destroyed itself, the previous installation, and nearly destroyed the
server. So yo
The query is probably timing out.
Get Joe’s ADfind and run something like this:
Adfind –default –f “(&(objectCategory=person)(objectClass=user))”
displayName samAccountName pwdLastSet
You can tag a –csv on there too
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.73
Any time I try to run a large query using dsquery and dsget
where I pipe it to a text file for output, I eventually get a “dsget
failed:The server is not operational.” error from dsget. I’ve
searched the Internet for this and seen posts from a couple of other people who
have had this issue,
Assuming that you don't want users hitting the DC for
performance reasons, then take a look at the attached doc. It
says it's for Exchange, but can be used for any application. This doesn't
block traffic, but makes the configured DC's to be the least
preferable/discoverable by clients.
M
Dave,
Are you averse to a non-Microsoft approach? I ask because depending
on the make/model of your laptop and/or wireless card, there may be
other options. For example, ThinkPads come with the Access Connection
Manager - an applet that controls a great many detailed configuration
settings pert
And if you think about it they couldn’t – if you have two DCs
running IIS they both have IUSR and IWAM accounts in AD, so SIDs have to be
different.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf
They do not have well known SIDs
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Darren Mar-Elia
Sent: Tuesday, September 12, 2006 2:29 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir
Well what do you want resources on - that's a pretty open ended
question.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Matt Brown
> Sent: Tuesday, September 12, 2006 2:25 PM
>
The programmers are have to learn sooner or later. Tell them to learn
now. Buy them a couple copies of Joe Kaplan & Ryan Dunn's book if
they're using .Net. I'm in the middle of a project to get a large
government client off of SunONE and onto AD. One thing we discovered
during this project is that
Have you seen AD/AM? The x.500 like path you describe is not much different than using the domain context specified below. But it is different I'll give you that. I would think that it would be a great opportunity for your programmers to learn how to use things like rootdse vs. specifying servers
Matt-
I don't think these accounts have well-known SIDs, so I'm
not sure that's going to help. You can easily verify using psgetsid from
Sysinternals. I checked a couple accounts here (though they were domain
accounts) and they were not well-known SIDs.
Darren
Darren Mar-Elia
For compreh
Anybody seen any good resources or info on converting OpenLDAP to Active
Directory?
Thanks,
--
Matt Brown
Information Technology System Specialist V
Eastern Washington University
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
Hi,
I'm wondering if it's possible to make the Active Directory DN like an LDAP
DN?
something like:
o=company,st=wa,c=us
instead of: dc=mydomain,dc=edu
I've been tasked with converting our OpenLDAP system over to an Active
Directory system and it help the programmers out if I didn't chang
Title: Sharepoint in the DMZ
Everything and anything … it was the collaboration environment
for any department/team at the client that requested it.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Yeah, I was thinking a combination of RIS, GPO deployed applications and LANDesk. I've been on projects where we utilized a combination of those methods to manage and deploy software. Worked great and unlike wonderful solutions like SMS, we could put in scripts as part of the application installa
Utilize a separate site for the server and
don’t assign client subnets to that site. If it’s the same physical location
as other DC’ consider utilizing site link change notifications so that it
replicates more quickly then the standard site link interval.
Kurt Falde
From:
I highly recommend that you read http://www.windowsitpro.com/articles/print.cfm?articleid=37935
Then, as a fall-back option, look for the isolation using IPSec whitepapers on Microsoft site. I can't find them now, but I know that they exist. They show you how to restrict communication with a s
I think this is one of those "Why in the heck" things. Like "Why in the heck would you give someone a laptop with wireless if you don't want them connecting anywhere other than work?" and "Why in the heck are you giving them a laptop in the first place?".
There are some ways to do this, none
Your best bet is to place it in a separate site within AD Sites and Services I believe.This is the method that MS recommends for segregating DCs that are used for Exchange servers.
On 9/12/06, Lucas, Bryan <[EMAIL PROTECTED]> wrote:
I'd like to isolate a DC from regular user
authent
I am trying to specify the builtin IWAM/IUSR accounts in GPO settings. We have a set of servers within an OU where they require the account to have rights on the local servers, call them Server1, Server2, Server3. We obviously don't want to create the setting for IWAM_Server1, IWAM_Server2, etc..
Question to you guys... what sort of data do you allow in this DMZ'd
Sharepoint.
Russ said it's SQL port open to the inside and all that...but I'm just
interested if you guys have a policy as to what sort of data lives
there.
Brian Desmond wrote:
Sharepoint in the DMZ
Your
c
Title: Sharepoint in the DMZ
Maybe reverse proxy the web access port to the sharepoint
server running on the internal network?
Either way, put some form of third party auth mechanism
(secureID for instance) in front of the Windows server and the internet so that
only authorized users actual
I’d like to isolate a DC from regular user
authentication. I only want certain applications/processes using it.
Obviously it will need to replicate with the other DC’s. I don’t
have an interface on the firewall to use, so I would probably have to do something
software based on the DC its
Title: Sharepoint in the DMZ
If you go on technet under sharepoint most of the Bill English
resource kit book is online.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Group, Russ
Sent: Tuesday
Title: Sharepoint in the DMZ
Your consultant is smoking the good shit.
Just open the ports between Sharepoint and your DCs. Also open
TCP1433 and UDP1434 for the SQL access.
I spent two years designing & running a half million seat
Sharepoint environment with this setup. It worked
Title: Sharepoint in the DMZ
Hehehehe
Actually, let me explain...
Open the 1433 port from the DMZ to our internal network -
not to the outside world (I should have been clearer).
However, I need technical documents to back up my
response. Can anyone point me in the direction of a white
Title: Sharepoint in the DMZ
Fire him, unless he shares the drugs he is on. A child domain
for one server? Open an SQL port on your outside firewall? Ok on second thought,
just fire him no matter how good the drugs are.
.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Title: Sharepoint in the DMZ
Hi all
I have a consultant that wants to put Sharepoint into our DMZ. Here is what he is proposing to do:
Create a child domain and put the Sharepoint computer account in the child domain
Put Sharepoint server in our DMZ.
Open up the same ports for Share
Have you looked at the beta for System Center Essentials from
Microsoft? I think it would do a lot of what you are looking at. And for far
less money than Altiris. Altiris makes a great product, but it is very
much on the high end price-wise. Another product I would recommend looking at
wo
Alan,
My 2c worth...like the way Brian
thinks...
Should you wish to develop your own
RIS/Unattended CD/DVD image the MSFN forums are a good place to start http://www.msfn.org/board/index.php . A RIS/Unattended CD/DVD is not such a bad idea
especially across a lot of different hardware whe
Folks,
Have I missed
something in the "new" XPSP2 wireless configuration stuff. As far as I can see
you can't prevent users connecting to non-preferred networks, even with Policy
lockdown. Even if you hide the networks page on the adaptor, when the user is in
a location where this no netw
Hi All,
On my file server, why do i get different
modified dates for users main folder and subfolders and even the files
in the subfolders.
My concern is even if a user has changed
or modified a file on any specific date, the parent folder should show
me the latest modified date. Or if w
You make strong points Ken. I will say my concern is not around the
home users nearly as much, but more because that distinction is
completely lost in the message that Jessper puts out. You'll see that
concern realized here:
http://software.silicon.com/security/0,39024655,39130618,00.htm
They're
Thanks for the suggestions. I’ll
go look around further. We’re only around a 100+ user shop and
while a full-featured solution would be nice, I’m very concerned it would
be over-kill and not money well-spent. I want to be a “good steward”
of the church’s money.
Alan
Alan J. Gend
I will be out of the office starting 09/12/2006 and will not return until
09/13/2006.
Please contact the helpdesk for any IT related requests.
Helpdesk Phone: 608-363-1296
Helpdesk Email: [EMAIL PROTECTED]
Helpdesk Website: http://kmagic.kina.kerryad.com
Thanks,
Kevin Bowen
Mastertaste IT
N
"At the risk of repeating what we already know - security is about risk
management. We need to know what risks we're facing. Home users have more
physical security they can rely on than the average corporate cubicle.
Relying on that physical security may be an acceptable risk."
You need to be ca
39 matches
Mail list logo