Here is a link to a script written in Jscript that may give you some ideas.
http://calnetad.berkeley.edu/documentation/scripts/index.html#ousetup
This script creates an OU and adds an ACE for delegating rights to the OU.
Regards,
Arden
On 9/15/06, Paul Williams [EMAIL PROTECTED] wrote:
I
Thanks for the correction Joe. Userparameters would be the attribute and the properties can be pulled using the sample code. Of course, this works better if you have a small list or subset of target user IDs (which is how I used the sample code listed in the earlier post). Inspecting the values
I have some code that sets TS parameters for users. What you need to do is bind to the user object and check the TerminalServicesHomeDirectory attribute and TerminalServicesHomeDrive if needed.
Here is the a piece of sample code to set the values. It should be easy enough to check the value and
Title: RE: [MVP-Directory Services] October MVP Awards
Congratulations to our new and re-awarded Directory
Services MVPs!
-Sean
And
congratulations to Marc Scheuner - re-awarded MVP for October!
_
From: Gary Wilson
Sent: Monday,
An IT Pro subscription is $49 / year. The $129
is probably a newsletter cost. (So high because theres no advertising to
defray it.)
https://store.pentontech.com/index.cfm?s=1cid=28promotionid=34
-Sean
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom
?
Thanks
P west
My 2 cents... Implementation of lag sites is a solution that was
recommended to us by our MS Advisory Support Engineer. From what we
have been told, MS is writing a whitepaper on implementing lag sites.
Not sure when that would be officially released.
Arden
On 5/20/05, Myrick, Todd
Not sure if this is what you need. In any case, the GPO setting
related to disabling Generic SRV record registrations and SRV
weighting can be found under the Computer Configuration Node of a GPO:
Administrative Templates
System
Netlogon
DC Locator DNS Records
These settings are
We are implementing lag sites in our production AD environment. We
used to have a lag site which we used to implement a schema change in
a controlled environment but we recently tore it down. However, we
will be recreating the lag site as this is an essential piece of our
infrastructure.
The
I agree. The confidential attributes feature is interesting but
requires better documentation. One important piece of information to
note: You cannot mark base Schema objects confidential.
Arden
On 5/9/05, joe [EMAIL PROTECTED] wrote:
Excellent thanks ~Eric... This looks to be a good
Thats a lot of coffee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Salandra, Justin
A.
Sent: 08 April 2005 14:42
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SLOWW Logons
My user takes over 30 minutes to logon
-Original
Hey people
I know you can expire a user account.
Is there anything like expire a computer account in
AD.
Thanks
A
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: Tuesday, March 15, 2005 1:11 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Can you expire a computer account in AD
P West wrote:
Hey people
I know you can expire a user account.
Is there anything like
: Re: [ActiveDir] Can you expire a computer account in AD
P West wrote:
We are trying to clean up old AD pc accounts. Have used every tool
under the sun to come up with the pwdlastset to show old accounts.
example
One pc says the pwdlast set is feb 2000 when our ad guy looks at
password
want to access it that way else it's
scriptable.
al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of P West
Sent: Tuesday, March 15, 2005 2:28 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Can you expire a computer account in AD
This might help. There is a KB article for the error message you get
when viewing a GPO previously opened on a Windows XP SP2 machine.
http://support.microsoft.com/default.aspx?kbid=842933
There are hotfixes available for Windows 2000 SP3 and Windows XP SP1.
Of course, I you are running
Im a firm believer in the
maxim a pictures worth a thousand words. Can anyone
recommend a tool that maps out a graphical representation of ones AD site
topology? Standalone is best, but if you love one thats part of a bigger
package thats worthwhile knowing too.
Thanks,
Sean
I have to chime in here. Upgrading a DC from W2K to W2K3 won't pull any
FSMO roles to it. Microsoft recommends you do the PDC first because
it'll create a number of new well-known security principals which are
important in the W2K3-based domain. But you don't have to; a simple way
around this is
There are many but the main tools I use are. There are also many 3rd party support
tools available on the internet.
Replmon.exe (Res Kit)
Dcdiag.exe (Support Tools)
netdiag.exe (Support Tools)
Regards,
Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
You would use SMTP if you had an unreliable connection or a slow connection where RPC
traffic would drop. Also, if replication wasn't required to be timely.
RPC traffic is highly effected by latency. SMTP replication would work better on
slower or unstable link since SMTP doesn't care about
Title: Ldap - linux slowdown in searching
Jennifer,
I
would take a network trace at some interval during the day when you do not see
the slow down and then again when it starts to occur. If it is in fact the
Linux box causing the slowdown (either due to increased queries or network
I know this is reaching far for an answer from this list but since our ISA array is
integrated into AD it's worth a shot for a solution from this group.
Anyone have experience with ISA arrays in a domain array and how to make the SSL
connections maintain persistence when both nodes of the ISA
testing. Please do not reply.
This e-mail and any accompanying attachments are confidential. The information is
intended solely for the use of the individual to whom it is addressed. Any review,
disclosure, copying, distribution, or use of this e-mail communication by others is
strictly
]
Subject: RE: [ActiveDir] test, no reply
Oh sre like I'm the only wise arse on this list.
I just happen to be the first one to lie down the whoopee cushion today
is all. :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chianese, David
P.
Sent
As Al
mentioned, why not convert the zone to Std. Primary and take a copy of the zone
files that are written to disk. Then revert it back to ADI. I have
done this before without incident to supply ourBIND unixservers
copies (or pieces) of our zone files. I have done this in the past for
If
your DNS zone is Active Dir Integrated then a copy will be retained on another
DC running DNS. If you only have one DC running DNS, simply add the
service to another Domain controller and let it replicate all of the DNS zone
information from active directory integrated zones before
I am looking for a plan for a 2000 to 2003 AD upgrade:
1) Best Practices Approach (articles, url's or documented installs)
2) Personal Scenario's (Tell me the pitfalls you have encountered and how you overcame
them)
3) Outcome of your migration
Thanks in advance,
David Chianese
IT - Server
Title: 2k Active Directory Metaturd from NT4 domain upgrade
This is a screenshot of a pop-up that is displayed while using the ADUC to view user account properties. There is an associated fix for this pop-up, but I am reluctant to apply it as Microsoft cannot tell me what the removal of the
Title: Message
Exchange 5.5 or 2000? I will assume (I know, a$$-outta-u-me)
2000.
Try
this article for 2000: http://www.msexchange.org/tutorials/Creating_a_list_of_Users_and_their_email_addresses_in_Exchange_2000_2.html
unfortunately I do not think csvde is going to get you all of them, but
Title: RE: [ActiveDir] net time
net
time \\DC1 /setsntp:DC2
NET
TIME [\\computername | /DOMAIN[:domainname] | /RTSDOMAIN[:domainname]]
[/SET] [\\computername]
/QUERYSNTP [\\computername]
/SETSNTP[:ntp server list]
-Original Message-From:
[EMAIL PROTECTED]
PROTECTED]'Subject: RE: [ActiveDir] net
time
But
you shouldnt have to do that, shouldnt they find the PDCE on their
own?
-Original
Message-From: Chianese,
David P. [mailto:[EMAIL PROTECTED]Sent: Friday, December 19, 2003 1:08
PMTo:
[EMAIL PROTECTED]Subject: RE
I've had good luck with this free CLI tool:
Log Analyzer
This tool is written for quick analysis of log files from any source - Windows,
Unix, CISCO, etc. This is done by searching the log files for desired patterns.
By Network Intelligence India Pvt. Ltd.
I wish I could
Hello all,
I hate re-inventing the wheel and know someone out there already has a script to do
these tasks:
1. import users via a bulk import from a csv and/or have an optional (switch) to
create one user at a time
2. change password to
3. set the password to
://cwashington.netreach.net
mc
-Original Message-
From: Chianese, David P. [mailto:[EMAIL PROTECTED]
Sent: Monday, December 08, 2003 12:28 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Scripting Help
Hello all,
I hate re-inventing the wheel and know someone out there already has a script to do
Title: Message
Yes, I
would be interested in that script.
Thanks,
Dave
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Ken
CornetetSent: Friday, December 05, 2003 12:19 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Telephone
In the
View / Filter, Max number of items per container. Default is
1, increase to your desire.
Regards,
Dave
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Creamer,
MarkSent: Thursday, December 04, 2003 3:36 PMTo:
[EMAIL
I
cannot recall ever seeing it remove the object in Sites Services after a
dcpromo down to a member server.
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Simpsen, Paul
A. (HSC)Sent: Wednesday, December 03, 2003 3:31 PMTo:
[EMAIL
Title: Message
FEATS
OF STRENGTH!...FEATS OF STRENGTH!..AHH!
For
those who don't know, it's from the Seinfeld Festivus episode. Festivus is
for the restivus.
-Dave
(I should really have a string of letters here for effect but my filter keeps
taking them out *chuckle*)
the child
domain added to the GCs are nothing more than pointers. So, I don't see a
problem in making all DCs in the child domain GCs.
I hope this eases your decision making process...
Cheers!
John
-Original Message-
From: Chianese, David P. [mailto:[EMAIL PROTECTED]
Sent: Thursday
We are having a debate on whether or not to make all of our DC's gc's in our
new e2k environment. I would like to hear feedback from current e2k
administrators. It is my contention that we have sufficient DC resources to
NOT make all of our DC's gc's for exchange. Is there any drawback to doing
Title: NTLDR Not Found
RAID
array degraded perhaps? OS drive not spinning / amber? I would power
down, reseat all drives and then look in your RAID config on the controller
(Usually Ctrl-M or Ctrl-A) to make sure all disks are present and
spinning.
-Original Message-From: Juan
Title: RE: [ActiveDir] SUS does SPs now
We
abandoned our SUS project until this functionality is added. It was
proposed for the next version so I am surprised to see that functionality
now. Does it also support Office SP's now as well?
Regards,
Dave
-Original Message-From:
Title: Message
RPC
over http is an absolute dream come true. Exchange 2003 boasts this
feature extensively. I plan on implementation early 1st Qtr. next
year. (Right after our E2k upgrade is completed).
Regards,
Dave
-Original Message-From: Michael B. Smith
[mailto:[EMAIL
Title: Message
See the following KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;817433
I know the heading says 2003 Server, but it also
applies to W2K server after applying a certain hotfix. Anyways - this caused a
minor headache for me after applying SP and I noticed
Title: Message
Answer
to question #1.) type "set" at the command prompt, look for LOGONSERVER=server
name.
Answer
to question #2.) \\HKEY_CURRENT_USER\Volatile
Environment\LOGONSERVER
I'm
not sure about changing the reg key or if it defaults back as the environment
variable is loaded.
Check the Maximum users at the share level perhaps. That is the only place
I can think of to limit it. The other option is to look in perfmon and see
if it is an actual I/O issue. Also, make sure the NIC(s) are set to
100/Full duplex.
Hope this helps,
Dave
-Original Message-
From:
NTDSUTIL.EXE, follow the prompts to seize the roll. NOTE: Once you seize
this roll make sure the dead RID is offline and fdisk'd as you never want
that server to come back and start servicing DC's with its old RID pool.
The new RID master will artificially inflate the RID pool to a higher number
the idea is to have a couple of nice
sized Physical Servers running multiple virtual servers that are domain
controllers for all Domains in the Forest. Every night one of the P-Servers
shuts down all of the Virtuals and copies off the disk images to some other
location for backup to tape. The next night
I use
the old NT 4.0 server manager to determine what shares are in use. That
give's you some visibility.
Dave
-Original Message-From: Agung Kuswanto NCS
[mailto:[EMAIL PROTECTED]Sent: Thursday, August 07, 2003 6:40
AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir]
Who's online
shop
here.
Don Guyer
IS Dept
Citadel FCU
Ph: 610.380.7072
Fax: 610.380.7008
[EMAIL PROTECTED]
-Original Message-
From: Chianese, David P. [mailto:[EMAIL PROTECTED]
Sent: Friday, August 08, 2003 1:17 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Disaster recovery scenario comments
Title: Message
you
can always use the Command Line tool repadmin /syncall However, if
replication is failing for another reason this will fail as well.
-Dave
-Original Message-From: Dipowarga Wirawan
[mailto:[EMAIL PROTECTED]Sent: Wednesday, August 06, 2003
2:52 PMTo:
Argh! Turn off your read receipt please.
Thanks,
Dave
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, August 01, 2003 9:45 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir]
Return Receipt
Title: Is this a bug or part of the design
Simply
hiding the screensaver tab should do it. This way the users cannot even
get to the tab and see it to change it. If your using a custom .scr,
define that as well.
Regards,
Dave
-Original Message-From: Jennifer Fountain
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] dcdiag error when joining a new child domain
Well - since I am from Philly and come home quite often - I hope my
email helps :)
-Original Message-
From: Chianese, David P. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 29, 2003 1:48 PM
To: '[EMAIL
Do you have a GC (Global Catalog) in each domain? It is probably an issue
of being on a different DC than the GC whilst doing lookups in AD. Doing
queries from GC is recommended. I would actually have a GC in each resource
domain as well.
Regards,
Dave
-Original Message-
From:
55 matches
Mail list logo
