What? Like simplesync?
I was beginning to wonder if anyone was going to bring up perl for this
particular application. It strikes me as the common glue for this
particular application that doesn't require the gnotes client software to be
installed. i.e. self-sustaining.
I think if I were not
It could also mean you have a problem with the tool, right?
Are you seeing some other symptoms that caused you to look at this tool?
Time? you can check that pretty easily by checking the time on your machine
and comparing to a DC in your environment.
What do you see in your system event log?
O
That's what I would expect. But since the original poster called it a
"zone" I figured I'd ask. What are you doing up so late? :)
On 1/24/07, Ulf B. Simon-Weidner <[EMAIL PROTECTED]> wrote:
No Zone – no properties ;-)
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PR
Microsoft product using
Microsoft security (AD).
Al
On 1/24/07, Antonio Aranda <[EMAIL PROTECTED]> wrote:
It users IIS 6 on windows 2003 and it has all patches.
--
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Wednesday,
What are properties of the 1 zone?
On 1/24/07, EIS Lists <[EMAIL PROTECTED]> wrote:
Hi -
Under one of our forward lookup zones (AD-integrated), we have the usual
folders (_msdcs, _sites, _tcp, _udp, DomainDnsZones, ForestDnsZones) as
well
as a single folder just named: "1" (without the quote
The server virus app is up to date and I just ran a scan and there are no
infected files. Other then this issue the server seems to be work great.
Once people change there password there is no issue.
Antonio
--
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTE
I do.
That sounds a lot like a bug to me. What version of IIS?
On 1/23/07, Antonio Aranda <[EMAIL PROTECTED]> wrote:
If you mean the command-line, yes.
--
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Tuesday, J
Thanks for your help
Antonio
--
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Monday, January 22, 2007 7:40 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] ftp access
Can you provide some more details?
What are
It's been a while since I've been responsible for mail systems, but I'm
happy to help if you like. Due to the nature of the list, it might be best
to ping off-line.
Al
On 1/23/07, Al Lilianstrom <[EMAIL PROTECTED]> wrote:
We're looking at moving to Exchange 2007 (currently on Sun JES IMAP). I
r the answer.
~Ben
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Tuesday, January 23, 2007 10:21 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] Adfind + Admod help
I believe you know how, but may not have the programmatic tool knowledge
ye
27;t know how to yet apparently.
~Ben
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Tuesday, January 23, 2007 9:05 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] Adfind + Admod help
What are you comfortable with for administr
too was hoping I could lure Joe out to respond and see if Adfind + Admod
could meet this challenge. I'm certainly hoping so. J
Thanks,
~Ben
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Monday, January 22, 2007 5:38 PM
*To:* ActiveDir@mail.active
Can you provide some more details?
What are they using to access their shares? (client?)
What are you using to provide ftp access? (IIS?)
How did you prove that this is the case? Log files? Trial and error?
Anything else that's relevant?
Al
On 1/22/07, Antonio Aranda <[EMAIL PROTECTED]> wrote:
Do you already have the department names in a list? Or is that something
that you have to gather first?
If you have to gather, then I assume you'll have to iterate each user object
and determine the department value. Then, you'll create a group for every
single unique instance of department value
Size on disk or number of objects?
On 1/19/07, Isenhour, Joseph <[EMAIL PROTECTED]> wrote:
I'm curious about a production DIT. A DIT that some poor soul is losing
sleep over at night ;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
S
at Today is the Tomorrow you were worried about
Yesterday? -anon
------
*From:* Al Mulnick
*Sent:* Tue 1/16/2007 1:35 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] Computer accounts getting deleted by unknown
process
In that case, you'll want to
onal, Inc.**
**4551 W. 107th St**
**Overland Park, KS 66207**
**913-967-2819**
**--**
**"I love the smell of red herrings in the morning" - anonymous*
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Tuesday, January 16, 2007 1:22 PM
*To:* ActiveDir@mail
What's unique about the domain this is happening to? That strikes me as odd
that it's occurring in one domain, but not all.
I have yet to see accounts get deleted in Active Directory (any version)
without a process that removes them. This could be a new experience for me,
but I'm skeptical that
When you say that they cannot see the shares, how are you checking?
FQDN\path or Computer Browser or some variation of that?
On 1/12/07, Za Vue <[EMAIL PROTECTED]> wrote:
Win23 AD:
From workstations in subnet A:
I can not map to server shares in subnet B. But if I log in to the DC-1
in subne
'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
----------
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Thursday, January 11, 2007 7:56 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] Domain Ad
Am I the only one that would suggest escorting the consultant out the door?
Asking for domain admin level privs to access two servers is WAY over the
top IMHO. Heck, just to read and report and make suggestions (consultants
tend to do that from what I recall) the consultant doesn't need anywhere
It would also be interesting to know what the event log has in it regarding
the startup of w32time. If this fix doesn't resolve it anyway.
-ajm
On 1/10/07, WATSON, BEN <[EMAIL PROTECTED]> wrote:
Try the command...
w32tm /resync /rediscover
See if that helps the client figure out where it s
[mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Monday, January 08, 2007 7:53 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] DNS Comments
Weird name but they get good press. I haven't tried them myself, but I've
heard of them.
Most of the others out there
*
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Sunday, January 07, 2007 1:35 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] DNS Comments
Backup a second - how do you plan to manage the zones?
I ask because this might be a good time
Just one?
I prefer the on|off bit to be flipped. What was your method? :)
On 1/8/07, Michael B Allen <[EMAIL PROTECTED]> wrote:
On Mon, 8 Jan 2007 15:33:01 -0500
"joe" <[EMAIL PROTECTED]> wrote:
> A dirty trick I have used in the
> past to disprove how secure an environment was was to set up
rather than a user
account. More bang for the buck.
On 1/8/07, Al Mulnick <[EMAIL PROTECTED]> wrote:
>
> I haven't tried it, but I would have assumed (I know, I know) that if
> somebody *could* gain the computer account password:
> 1) you have much bigger issues
> 2) th
I haven't tried it, but I would have assumed (I know, I know) that if
somebody *could* gain the computer account password:
1) you have much bigger issues
2) they would have access to a machine. See #1
3) they would have access to anything that authenticated users have access
to. See #1
4) they kn
"However, in some scenarios, you may have trouble logging on to the PDC
emulator locally to manage the GPOs. In this situation, follow these steps:
1. Configure Terminal Services on the PDC emulator. 2. Log on to the PDC
emulator in a terminal server session. "
Nope, that's small shop thinking (n
Backup a second - how do you plan to manage the zones?
I ask because this might be a good time to re-evaluate the metadata concept
of the zones.
In BIND you see that information because of the way you manage the zone. In
AD there is a different way to manage the zone information that doesn't
in
up. Of course HR practices means these should get caught and a
term notice should be processed, but in the real world HR and the hiring
manager will often forget the paperwork for fairly long periods of time.
Thanks,
Andrew Fidel
*"Al Mulnick" <[EMAIL PROTECTED]>*
Sent by: [EMAIL PROT
rd yet.
Helpful?
Merry Christmas to everyone who leans that way, Happy Holidays to everyone
who doesn't.
take care and let's look forward to a good and profitable 2007,
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
---
I have the distinct impression that Kamlesh is trying to solve a layer 8
problem with lower layer components. :)
I think it's very interesting that those attributes can show when it was
last changed, but I have to ask: will that show the difference between what
was changed? Is it possible to diff
mode". Our network folk don't allow
that (long story).
It isn't an SSL VPN, it is ipsec.
--
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Thursday, December 21, 2006 3:30 PM
*To:* ActiveDir@mail.activedir.org
to lock the workstation.
Unlock the workstation using your DOMAIN user ID, not the local user ID
(This will cause the local user id to be logged off).
Log in with your domain user ID.
Run GPUDATE /FORCE
--
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Beh
and inherited down.
According to the MS docs, we really have more perms than we need.
None of the users are protected(AdminSDHolder).
Thanks
On 12/19/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
> Which version of Exchange?
>
> Are the users you want to connect to in the same OU'
Good riddance.
On 12/18/06, Tony Murray <[EMAIL PROTECTED]> wrote:
Some news about ordb.org shutting down for those of you that might use it.
http://ordb.org/news/?id=38
Tony
Sent via the WebMail system at mail.activedir.org
Which version of Exchange?
Are the users you want to connect to in the same OU's?
Any customizations to your Exchange org?
How long in between the operations are you waiting?
I wouldn't expect Send As rights to make a difference. I would expect
inherited permissions to make a difference. I wou
ten and that you could
actually modify the dns conf by editing those files, like in Linux, I was
wrong I guess, is there a way to force that file to be written?
Thanks
--
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Wednesday, D
Should mention a few other things, though right?
If you're using cached mode, that's great, but you need to know where the
timeout and loss of connectivity occur. It doesn't have to be the Exchange
server that is timing out.
Protocol makes a big difference, as does which servers they're utilizi
For starters, what version of Windows Server are you using? Is it fully
patched?
What's in the event logs (system, application, and dns event logs)
before/during/after the dns server goes wonky [1]?
Is this AD-Integrated DNS? If so, no dns files are going to be written out.
If so, they'll be in
Sounds like this is a carry over from another thread then?
On 12/11/06, Akomolafe, Deji <[EMAIL PROTECTED]> wrote:
John,
now that your DNS is working on the server, you need to make sure that
your clients are using ONLY this server as their DNS server.
Reconfigure your clients' "Primary DNS"
Based on that, you *should* have other issues going on with your domain
controllers.
That SRV record is a way for the client (your workstation you're trying to
join) to find the domain controllers in it's site. But it's not finding them
as expected, and therefore is unable to contact the domain.
that would make a great blog subject. :)
Why do you say that they're caught in the check? You never delegated the
right for the domain did you? (that can be done via GPO by the way).
If you only delegated the right at the OU then that's where they need to add
the computer account, but using t
If you immediately (with respect to using the ageall switch) tell the
scavenging server to scavenge all records, wouldn't you expect all the
records to be scavenged at that point? Wouldn't it be better to mark them
all, and wait a cycle or two of refresh prior to pushing the issue?
Otherwise, the
How long ago was it dcpromoed out?
DEL:357e1f2d-65bf-4a6d-8399-ce536b6da174 (deleted DSA) via RPC
On 12/7/06, Thompson, Elizabeth <[EMAIL PROTECTED]> wrote:
Check and see if it still has the "dead" server listed under its the NTDS
Settings in AD Sites and Services. Had this happen once to me
I'm not sure what Brian said or thought, but there was not enough
information in your question, Mark.
What I mean by that is that if the security strategy is to use the juniper
device, then I'm not sure I understand what the point of introducing ISA is
in this situation? Just for SMTP?
Why? What
I would go with option 3 - send and receive directly from your trusted
external partner, message labs. The only benefit to having a DMZ based
relay is that you don't have to open tcp25 to/from your trusted network to
the outside vendor. Not sure there is enough of a risk there to warrant a
DMZ a
Brett, because of the way the question was asked it might be a good idea to
mention why that's important vs. just deleting an object and replicating
that.
My $0.04 for the day.
Al
On 12/4/06, Brett Shirley <[EMAIL PROTECTED]> wrote:
By default it is not possible to recover an AD object from a
who can benefit from
your article will necessarily know all those things you take for granted.
So a summary of all that wouldn't be a bad idea.
I hope this is helpful.
-Original Message-
*From:* Al Mulnick [mailto:[EMAIL PROTECTED]
*Sent:* Monday, November 27, 2006 6:57 AM
*To:* Active
Site definitions - are your site definitions up to date?
How are your clients connected - Are they ethernet, 802.11x, tokenring, ??
On 12/2/06, Kamlesh Parmar <[EMAIL PROTECTED]> wrote:
Am sorry, I didn't follow what you are asking.. could you be more
specific.
On 12/2/06,
How are your clients connected? Site definitions?
On 12/1/06, Kamlesh Parmar <[EMAIL PROTECTED]> wrote:
Appreciate the efforts taken.
AFAIK, this would be more of a DFS issue then authentication, as clients
are pulling policies and files from PDCe.
When I look into details of DFS link targets
Easy enough: stop using wireless devices. If that's not an option, bring in
some equipment to measure the rfi and see what you can do to reduce it.
I've seen mobile phones and microwaves interfere with such devices as well.
Not always resulting in the same symptoms you saw, but...
On 12/1/06,
placing the Nortel IPSec VPN with an SSL VPN (which I presume will have
the same issue).
--
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Wednesday, November 29, 2006 12:42 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [Ac
entials, start the VPN,
then run GPRESULT.
--
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Wednesday, November 29, 2006 11:56 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] Updating cached credentials
Curious. After trying th
Curious. After trying those, how did you validate that the user's group
membership wasn't affected?
On 11/29/06, Ken Cornetet <[EMAIL PROTECTED]> wrote:
Ok, this is really strange...
I tried Al Munick's suggestion of having the user change their password
via a three-finger salute. That did
he blog, I would appreciate comments.
Anything I can do to make things better, I'm happy and eager to do.
Al
On 11/24/06, Albert Duro <[EMAIL PROTECTED]> wrote:
Could I bother you for a link to your blog? Searching on 'al mulnick
blog mailnickname' (and various combinatio
Neil, this would seem to indicate that something else is going on: "Just to
add to the strangeness of this issue, if I execute the same scripts above
but against a different domain (same service account) the 3rd party app
functions fine in that other domain :/"
What is the domain it works again
i have illusions about
companies this size and that they would somehow get the better support
from MS and other vendors.
Thanks for your responses and help.
On 11/22/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
> I think I see the reason that it hasn't been as big a problem as it
could
>
sync up
with AD with MIIS soon.
I'm not sure what all this has to do with mailNickName format, but it
may provide some backround or potential trouble in the future.
Thanks for all your input.
On 11/22/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
> Other than being used for access by oth
It's a test environment? Knowing that you won't be testing performance
related issues in this configuration, I'd opt for the expandability.
My $0.04 worth anyway.
On 11/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I posted this on the VMWARE forum as well but I am very interested in
t
I *thought* the behavior of that was modified by a patch/or service pack,
but it's been a long time. RUS is notoriously picky and fragile, but I don't
recall this being a stopping point. Exchange 2000 was certainly even more
fragile. Upgrading would be in your best interest regardless.
Have a lo
As I understand it, The nortel vpn client is a shim that works at layer 3
and does not take effect until after the user session has begun. This
prevents much of the normal node processing you'd like to see happen such as
control of the windows firewall, caching of group membership and so on.
Sin
Other than being used for access by other protocols such as pop, imap, and
owa, last I checked it's also the value used for the x.400 like address
which is used for mail delivery internally by Exchange. You wouldn't want
that to be non-unique else you might have to call somebody like joe to come
For the purposes of your test, you can follow Guido's suggestion about
creating a DC in a VM and breaking it off from the hive for further
testing. That would give you a point in time clone. If you really wanted to
get slick about it, you *could* create them in VM's and just shut them down,
and c
Boaz, what were you going to use to get valid test data if it was never on
the same network? More precisely, how will you certify that your test
environment is a valid representation of the production environment such
that you can use this test to mitigate your risks sufficiently?
I had to laugh
Neil, for my curiosity, what would be the obvious reasons of using like
hardware vs. vm's?
I can easily agree that either would work, but I've found in the past that
keeping up with production like hardware that mimics everything in
production is a tough task in many environments. Hardware comes
Do you have identically named hosts? Maybe nic teaming gone wrong?
Clustering?
Strange DNS?
What exactly is the hostname supposed to be? host/phprint1? That's not the
same as the host name you're reporting from (SPN?)
Al
On 11/16/06, hboogz <[EMAIL PROTECTED]> wrote:
I am having continue
You're right. It is funnier when you use it. On 11/13/06, Brett Shirley <[EMAIL PROTECTED]
> wrote:We had to compile in bbisw.lib (Big Brother Is Watching). You might think
that's against your rights, but you signged them away when you acceptedthe 5k larger eula.txt below (which you didn't read).
From:
[EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Al Mulnick
Sent: Thursday, November 09, 2006
7:41 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT:
Exchange/Outlook Address Attributes
I do have to ask, since
the field of country is already included
I do have to ask, since the field of country is already included, why you would want to do that. Why? As for the attributes, search Microsoft's technet site for that. There is a complete list of attributes added/modified by Exchange on their site. If you have a hard time finding it, please post
One of the "nice to have's" that was left out of Microsoft's integrated implementation was the ability to easily gather this type of information. IIRC, DNSCMD coupled with dsacls will give you some of that information. There are also some api's that are available to try and roll your own, but noth
that your company's security is a nightmarish web of DL/security groups.
One important thing though, your privileged groups that grant special access to servers should always be managed by the IT persons, never let them turn into a mail-enabled security group.
On 11/7/06, Al Mulnick <[EMAIL PROTE
fulfill an additional task. Mail exclusive DLs serve a number of purposes, one of them being to keep the higher-up muckity mucks out of the data that there is a *very* good chance that they don't understand anyway, but still allow them to be 'in the loop' on information that they do un
To quote Roger: "In other words, I'd suspect malicious activity (could be viral/worms/Trojans)
as a prime candidate. I don't recall seeing many memory leaks in
lsass.exe in 2000 SP4."at the same time, I'm wondering about third party utils as well. There are a lot of environmental variables to weed
nslookup works the same on linux as it does on Windows. You can specify nslookup ip address and it'll do the reverse dns lookup for you. If you need to see more information, set query to any and set the debug information (set d2 and set q=any after nslookup)
AlOn 11/3/06, Michael B Allen <[EMAIL
nslookup ip.add.re.ss Why? On 11/3/06, Michael B Allen <[EMAIL PROTECTED]> wrote:
Can someone tell me how to do a reverse DNS lookup?The following: C:\>ping -a
192.168.1.15returns only the first label of the name. Is there a way to return afully qualified DNS name?Mike--Michael B AllenPHP Active
at really worked well for you has been dropped, or
tweaked into your trouble zone. I can testify to ALL these
experiences. I think others can too.
- Original Message -
From:
Al Mulnick
To:
ActiveDir@mail.activedir.org
Sent: Thursday, November 02, 2006 3:27
P
Original Message -
From:
Al Mulnick
To:
ActiveDir@mail.activedir.org
Sent: Wednesday, November 01, 2006 6:11
AM
Subject: Re: [ActiveDir] Exchange Log
files --Disk Full--
Well put Albert. Thanks for that feedback.
What still has me curious is why BE woul
rn, and I applaud. And it does
push me in that direction. But the only path there goes through 'make the
best of what you've got'. It's bumpy and often
barricaded.But after all is said and done, the REAL point is that I am
preserving my clients' data and keeping them
an* happen, and for me, why take the chance when one-job/one-task is easy to do.
Good point about the media, and that may explain my case, but, hey, sub-optimal media situations are part of the real world.
- Original Message -
From: Al Mulnick
To: ActiveDir@mail.activedir.org
Sent: Sa
The permissions is part of it, but there's also the part where the registry has to be adjusted (assuming winxp) to direct to the legacy data.
If you have the following:
1) forest 1 computer
2) forest 1 user profile
and you want to migrate to forest 2 then admt will do that translation for y
I've not had that same experience. Granted, it's a limited feature utility (note the use of the word utility vs. tool as requested) but it's still capable of doing more. There were some fixes to ntbackup in service packs and such. You might want to verify you're using the latest version of that'
I could very easily do without the dhtml and be quite happy about it. As a general rule, I'm doing all I can to keep up with the cli options, and don't really like to be distracted by that kind stuff. :)
On 10/28/06, joe <[EMAIL PROTECTED]> wrote:
Those zero's mean the value isn't set.
There ar
I believe at last count it was way more than half the world was using joe's tool. Likely because it's fast, free, easy to use and the best around. (-;
Well, half the world I tend to live in anyway.
On 10/27/06, Almeida Pinto, Jorge de <[EMAIL PROTECTED]> wrote:
>I used Joe's tool (no sex
o a resource like sharepoint, they would use the same thought process as when they're sending mail: Do I want everyone in this group to get this mail | have this access?
- Harvey
On 10/21/06, Al Mulnick <[EMAIL PROTECTED]
> wrote:
My first reaction is, "NOOO" don
I don't think that's a safe consideration. The rest of the consideration is how the groups will be used over time. Immediate benefit is that your sharepoint system will be able to find them in the gal and see the groups. Great. The long term impact is that you will no longer be able to tell what i
My first reaction is, "NOOO" don't do that. That's silly. I absolutely abhor the concept of convenience to this level when it comes to access to secured resources. Saying that, DG's are often created by default as a security group. I'd actually be surprised, and I would applaud the person
Microsoft has been shying away from PF's for years. When it happens, it'll be a happy day. But I may be retired by then if I eat right and continue to exercise and get plenty of sleep. :)Between Exchange 5.5
and Exchange 200x there was a major change to the way that permissions for folders were
The amusing part is the disparity of information. For example, if I look at the kerb troubleshooting docs, it recommends a maximum group depth of 70-120 but that's more focused on the PAC size. That's a far cry from the 1000 in that article (if memory serves Dean had a lot to say about that in a
Good point but not always the case, for what it's worth. The problem can also manifest itself as not able to logon to some (random) resources as well. Very tricky when in that state. Topology and architecture make a big difference here as well.
There's also some tools such as ntdsutil (Brett?
As someone who's currently battling token size issues (migration and legacy issues), I can vouch for that approach as well. There really is no great single method that will fit everyone unfortunately. One thing that seems a pretty good idea is to ensure that resources are acl'd for the largest com
Sometimes saying it won't be supported comes across as an argument to be won. Sometimes it gets won by those with more money/prestige which seems to indicate that the idea of supportability is fluid.
Can you write such a document on an etch-a-sketch? Just to keep it fluid? Maybe BrettSH coul
Agreed that the risk is there. Good idea to spell it out, but I got the sense that much gnashing of teeth was already had over the decision to create a one-way trust or not.
And because the dc's already share a network (even though firewalled from time to time) I'm not seeing how the forest C to
Somebody else may have beat you to it, by the looks of it. Maybe you should write a book instead? ;)
On 10/10/06, joe <[EMAIL PROTECTED]> wrote:
LOL that is great...
I have thought about using my MVP Super Powers to write small KBs like that in the past so I could point at it for people to re
curious.
I'm not seeing the same things as Guido here.
PDC/RID will remain on the forest, but it will be blocked for the duration of the migration while A forest and B forest are not firewalled in that one site. (as I read it).
But what makes me curious is this:
The risk has already bee
Why would you have to reassign network ACL's? You can change that name, however be aware that anything that specifies that for logon may not be smart enough to realize you've changed it. Services that use that account would be the first that come to mind. Also, it is a coordination effort with the
It's tough to decide what to do with so much information. The symptoms or introduction section really does overload one's information bucket. :)On 10/9/06,
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <[EMAIL PROTECTED]> wrote:
Do not run a service by using a service account that belongs to adi
I'd be interested to hear how it turns out.
On 10/9/06, Harvey Kamangwitz <[EMAIL PROTECTED]> wrote:
We're going to run a test in the lab in the next few days, then a dry run with the real forest B and a dummy forest B shortly after that.
On 10/9/06, Al Mulnick <[EMAIL PROT
the access control from scratch. Sorry, I should have mentioned that.
On 10/9/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
I don't think I see what you really want to accomplish? Why, if you're going to firewall the networks off anyway, do you need to migrate vs. Microsoft shuffle (cr
I don't think I see what you really want to accomplish? Why, if you're going to firewall the networks off anyway, do you need to migrate vs. Microsoft shuffle (create new on target, delete legacy) ? Are other resources coming with that rely on these? Or are those being migrated as well? Is it just
1 - 100 of 812 matches
Mail list logo