See, I told you the security was the hard part. :) This is no different in
.NET.
Like I said, the first thing to decide is whether you want to use trusted
subsystem or delegation as your security architecture. That will determine
the settings to use and any additional configuration.
Rememb
AuH2O
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi
Sent: Wednesday, October 11, 2006 8:54 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] RE:
Richard Nixon?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Egan
(Temp)
Sent: Wednesday, October 11, 2006 6:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: wikis
Ummm, what's 6 X 9 ??
Steve Egan
Purcell Systems
System/Network
In base 13.
On 10/11/06, Steve Egan (Temp) <[EMAIL PROTECTED]> wrote:
Ummm, what's 6 X 9 ??
Steve Egan
Purcell Systems
System/Network Administrator
desk 509 755-0341 x110
cell 509 475-7682
fax 509 755-0345
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf O
Ok I expect you mean it gets disabled, not
deleted.
What happens if you try to logon to the account normally or
with an ldap bind? I.E. If the service isn't involved, what
happens?
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROT
It will chase through nesting across a forest but not outside of the forest.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter
Sent: Wednesday, October 11,
The users from Domain B in the Domain A groups will be
represented as FSPs (remember you are outside of your forest). So there will be
no direct linkage capability to do this in any single
query.
In order to find the memberships of a Domain B
user (userDomB) in Domain A, you will need to
Ummm, what's 6 X 9 ??
Steve Egan
Purcell Systems
System/Network Administrator
desk 509 755-0341 x110
cell 509 475-7682
fax 509 755-0345
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, October 11, 2006 4:17 PM
To: ActiveDir@mail.active
Admin: It hurts when I do this...
MSKB: Stop doing that.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter
Sent: Tuesday, October 10, 2006 7:13 PM
To: Acti
Dmitri... for you I am tempted... I am not sure how well
the MVP program would treat me afterward though... Maybe if I can somehow do it
with Dean's credentials...
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Title: Account migration within the same Forest...
AdMod will do it.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
RMSent: Wednesday, October 11, 2006 5:46 PMTo:
ActiveDir@mail.activedi
Not really. Certainly it is an option as would any normal AD attribute
(existing or you create), but you would end up binding to a DC to search it
to find a DC to bind to. A DNS record makes the most sense as you simply ask
for the site/domain specific LDAPS record, just like you do for LDAP.
Proba
We're actually using ABE (or will be once we start migrating to this box). It
helped me a ton with a couple situations (home folders being the big one
because of something called FERPA, if you don't know what it is you don't ever
want to know). However I don't see how that helps me here specif
Title: Configuring Logon Hours in time execution
This is, to my knowledge, an unpublished blob. However I
seem to recall it was not very difficult to break apart.
Your real problem is doing that in _vbscript_ because quite
frankly, _vbscript_ sucks for things like this (as well as many othe
42
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Tuesday, October 10, 2006 6:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
That's it!
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Wednesday, October 11, 2006 7:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
>I can't for the life of me recall the name at the moment.
NSPItool.exe ?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, October 10, 2006 3:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Exchange in environment
Can memberof.exe do this? (Another joeware gem.) I've never tried to
run it against multiple domain memberships, but I know it chases
nested memberships beautifully - if I'm not mistaken, that's why joe
originally whipped it up.
- Laura
On 10/11/06, Aaron Steele <[EMAIL PROTECTED]> wrote:
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
Saving and restoring existing Windows shares:
http://support.microsoft.com/kb/125996
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Philobatheer
Guirgis
Sent: Wednesday, October 11, 2006
Title: Account migration within the same Forest...
Hi all, are there any simple 3rd party tools for copying a user account from one domain to another within the same forest? ADMT is overkill and it does way more than I want/need it to do. All I need is a copy of the account and for SI
Have you looked at installing the Access based Enumeration feature pack and
basing the permissioning on this type of model?
Assuming W2003.
Regards,
Mark Parris
Base IT Ltd
Active Directory Consultancy
Tel +44(0)7801 690596
-Original Message-
From: "Steve Evans" <[EMAIL PROTECTED]
Hi Paul, Unfortunately, this server is not clustered. I built another server similar to it. The production server is connected to the SAN. Suppose I want to disconnect the SAN and reconnect it to the new lab server; I think the shared folders will not be shared anymore on the lab server. Do
Ramon Linan wrote:
I decided to go with asp, I exclude a path from SharePoint and use asp,
that will make things easier at first.
Now the problem that I am having is, how do I configure IIS so the
authenticated users can see/modify some of their attributes in AD?
If I use the default AD IUSR f
I decided to go with asp, I exclude a path from SharePoint and use asp,
that will make things easier at first.
Now the problem that I am having is, how do I configure IIS so the
authenticated users can see/modify some of their attributes in AD?
If I use the default AD IUSR for that server (IUSR_
I have one for you guys. I have been puzzling over for a
while. Seems simple, but I haven’t found a good solution.
Domain A one way trusts Domain B
Group in Domain A, contains members from Domain B.
Enumerate groups in Domain A, include membership for all
members in Domain B.
O
I've had difficulty finding a better forum in which to ask this. And since
it involves AD Security Groups I thought I could get away with it.
We're in the process of migrating to a new file server. Our shared drive
has a basic structure of:
Shared\Department\Sub-Department\
Our original thou
The actual code for programming AD in .NET is pretty similar to ADSI
(since it uses ADSI under the hood). There is a more powerful,
strongly typed search interface called the DirectorySearcher that is
actually much more powerful an easier to use than ADO for searching.
All in all, it really isn't
On 09/10/06, Matt Hargraves <[EMAIL PROTECTED]> wrote:
I'd go with just disabling the service and setting it so that only Domain
Admins and System can even manage and/or see the service. This is a
10-minute solution, whereas the others could take quite a bit of time to
research how to do correct
You'll have to download the Sharepoint templates from Microsoft for
Visual Studio and work on making a web part.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Ramon Linan
> Sent
Title: Configuring Logon Hours in time execution
Hi everybody,
I need to configure the logon hour option of the user object in my _vbscript_. I know it is possible by copy but I need to give more flexibility in hour configuration. Somebody can help me?
Any suggestion will b
In this context, would it make sense to write/use a servicePrincipalName
value? (maybe even using admod/adfind 8-) )
Mike Thommes
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, October 11, 2006 9:42 AM
To: ActiveDir@mail.activedir.
The alternate solution I previously mentioned to David and his cohorts in
crime was a distasteful but functional solution of writing their own service
or script to register the records based on that script/service querying the
DCs and getting their LDAPS capability at any given point and then being
Frustrating!, :) sounds very hard to do for a .net newbie like me. I
have work with Zope and Plone before and everything is much easier...
Unluckily, we cant use Plone or other CMS I am more familiar with, and I
need to create this "tool", webpart or whatever so the users can update
their contact i
Title: RE: Flags Attribute?
That did it. Thanks joe!
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Tuesday, October 10, 2006 5:02 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Flags
Attribute?
For the first part, what about just using LDIFDE to expo
I will be out of the office starting 10/11/2006 and will not return until
10/16/2006.
If you have an urgent question concerning Active Directory please contact
JHRH or DSC On-call.
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive
... Dutch men :-))
On 10/11/06, Paul van Geldrop <[EMAIL PROTECTED]> wrote:
You only have yourself to blame for pointing me to it, young man!
That brings the amount of possible ways to annoy you to.. 7. Muahaha.
Getting scared yet ? :P
Paul
-Original Message-
From: Almeida Pinto, Jorge
How exactly do you plan to failover to
this server (at least, that’s what I presume you want to do) ?
First option that springs to mind is setting
up a two-node cluster, letting the cluster-resources reside on the SAN disks. That
way, if one of the servers fails, everything’ll smoothly tr
You only have yourself to blame for pointing me to it, young man!
That brings the amount of possible ways to annoy you to.. 7. Muahaha.
Getting scared yet ? :P
Paul
-Original Message-
From: Almeida Pinto, Jorge de [mailto:[EMAIL PROTECTED] On
Behalf Of Almeida Pinto, Jorge de
Sent: Wedn
I didn’t read Harvey’s comment “ForestB DCs are physically landed at various Company A locations in
pocket networks that can talk back” as something that already
exists today. I would have thought is part of his plan and that today there
are no DCs from Company B in any of Company A locati
very very true
interim forests...
AND another part is responsability...first it's mine and
THEN it is yours (and there is very little to nothing in between). In other
words... a clear hand-over moment.
although the selling company is responsable for the first
phase the buying company sh
The project that I'm working on makes heavy use of LDAPS. However, at the
moment, we favour the latter statement - the built DCs don't leave "staging"
until the certs are pulled. They must be signed off, and that's one of the
last items on the deployment check list.
We'll probably automate t
41 matches
Mail list logo
