I've seen consultants ask for that level of access before to gain access to
the local machine. They reason that because the domain admins are added to
the local administrators group that they'll have full access to the
machine. They also are not aware of the rights needed to view or otherwise
ad
Hopefully the guy means the person needs administrator rights over the two
servers. Not sure how you would give domain admin rights over two servers
and even what that would buy you. At the member level a domain admin isn't
any more powerful than a local admin. The domain powers come in with the
GP
Am I the only one that would suggest escorting the consultant out the door?
Asking for domain admin level privs to access two servers is WAY over the
top IMHO. Heck, just to read and report and make suggestions (consultants
tend to do that from what I recall) the consultant doesn't need anywhere
AdMod will not populate membership that way currently unfortunately. You
could populate a list of groups with a single member or export membership
for a group to a CSV file, change the DN on the group and then use AdMod to
import. It is something that I think about occasionally on how to get it in
lol, n/p
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb
Sent: Thursday, January 11, 2007 2:27 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Office autorecover will write to the share fairly frequently...
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael Miller
Sent: Thursday, January 11, 2007 4:45 PM
To: ActiveDir@mail.activedir
I can't find an explanation and thought some of this august body might
know or can point me to some resource...
When viewing sessions in the Shared Folders MMC snap-in for an AD member
file server, there is a column labeled Idle Time.
What events reset this timer? I sometimes see very short
Joe got an idea on how to use Adfind and Admod to do this one.
I have a group with an _ in it, that I cant seem to dump the members
from the group with the dsget group and dsmod group commands.
The syntax of the command I am using is such, and I have tried it with
other groups with _ and it wor
joe,
YMYMYM
Thanks.
RH
__
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of joe
Sent: 11 January, 2007 2:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Win 2000 Remote Desktop Users
You can't use it Rocky.
You can't use it Rocky.
You hit the nail on the head with "built-in". It has a well known SID
(S-1-5-32-555) which has no domain affinity so adding that to a member
machine is useless as the member machine would not be able to chase it back
to anything. I.E. If you have a forest with 4 domains an
http://blogs.technet.com/james/archive/2007/01/11/daylight-saving-partner-webcast.aspx
Further to my recent post about Daylight Saving updates to Microsoft
products, partners are encouraged to join the webcast on this very
subject.
You can sign up for the webcast here:
http://msevents.microsoft
Guys,
I am trying to add the Remote Desktop Users group (Builtin Domain Local
Group) to the Power Users group on my Windows 2000 Server SP4 Terminal
Server.
I can't. I can't navigate to it, I can't see it. Would anyone be able to
tell me why?
I would be grateful.
_
I posted before on how to debug the Windows time service, which will
write a debug.log file in a location of your choice. This is quite
helpful in tracking down client-time issues.
EZ
Edward E. Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP+I,M.E,CCA,Network+, Security +
email:[EMA
Russ-
In my experience recent versions of W32time will not correct an offset
that large (> 5 minutes) and will issue the exact message you quoted. By
far the easiset thing to do is a "net time /set /yes" to the closest DC.
Once the clock is pulled in within W32time's sanity checking parameters
it
As of w2k3 there is a setting that prevents the installation of IIS,
when enabled of course...
Computer configuration\Administrative Templates\Windows
Components\Internet Information Services\Prevent IIS Installation =
[ENABLED | DISABLED]
-Original Message-
From: [EMAIL PROTECTED]
[ma
I'm having a hard time installing the IIS. It said that it can copy files.
Other then bad CD what could be keeping it from installing? Is there a GP
setting that I'm not aware of that will keep the IIS from installing?
Antonio
List info : http://www.activedir.org/List.aspx
List FAQ: h
You don't need to re-install windows. Forced demotion (offline) (using
out-of-band management solution) and promotion of the DCs is enough with
a metadata cleanup before the promotion however as the DCs have
already been online you might as well use a normal demotion. After that
MAKE SURE all r
On 11/01/07, Almeida Pinto, Jorge de
<[EMAIL PROTECTED]> wrote:
Also see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/373.aspx
from: http://support.microsoft.com/?id=255504
Thanks Jorge,
Nothing about three days of darkness or locusts or the massacre of
first-borns, but I think i
Also see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/373.aspx
from: http://support.microsoft.com/?id=255504
A domain controller whose FSMO roles have been seized should not be
permitted to communicate with existing domain controllers in the forest.
In this scenario, you should either
Dear collective,
I am at a site where somebody has panicked, and all 5 roles have been
seized in the last month, and have then been transferred back to the
DCs they were previously on.
I had thought that certain roles (RID, Schema and possibly Domain
Naming) being seized meant you had to wipe th
It would also be interesting to know what the event log has in it regarding
the startup of w32time. If this fix doesn't resolve it anyway.
-ajm
On 1/10/07, WATSON, BEN <[EMAIL PROTECTED]> wrote:
Try the command...
w32tm /resync /rediscover
See if that helps the client figure out where it s
James - don't thank me yet - you still have the problem and I don't
think I helped too much! ;)
themolk.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Thursday, 11 January 2007 4:07 PM
> To: ActiveDir@mail.activedir.
22 matches
Mail list logo