LMAO...I thought my Outlook rule was broken for a second...
On 1/25/07 5:12 PM, "Michael B. Smith" <[EMAIL PROTECTED]> wrote:
> I'm guessing you didn't like the answers you got on the exchange list?
>
>
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Stu Packett
> Sent: Thur
Title: Active Directory Health Check tool - where can it run from?
Ahh…the good ‘ol days of being
a premier customer. I miss those days…
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Washington, Booker
Sent: Wednesday, November 01, 2006
7:09 AM
To: ActiveDir@ma
, etc.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Thursday, September 21, 2006
3:04 AM
To: ActiveDir@mail.activedir.org
Subject: How are folks setting
h
object.
The latter is done
by displayspecifiers. More info found here:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/howto/adschema.mspx
/Guido
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Thursday
Hey guys,
I'm curious how people are populating attributes such as employeeid,
employeetype, etc, specifically when creating\modifying accounts using the
GUI (ADUC)? Besides me writing something to populate the fields what other
resources do I have to allow other selected users (account creat
Correct me if I’m over simplifying
things here…but doesn’t 2047GB = 1.99TB (not 2.47TB) since 1024GB =
1TB…right?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Wednesday, June 28, 2006
7:22 PM
To: ActiveDir@mail.activedir.org
Subject: [Activ
Check out service explorer. The trial version will do exactly what you
want...for services anyway.
http://www.scriptlogic.com/products/serviceexplorer/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Tuesday, June 27, 2006 7:32 PM
To
Anyone familiar with SFU out there?
At least half of my users do not have SFU attributes.
I now have the need to create “NIS”
accounts for all of them. Besides hitting the properties of each user and
enabling them for NIS
what other options do I have? I do happen to have the means to
Hahaha…
While reading the very first sentence in
the last paragraph I was thinking to myself, what was that app that our
Engineers used to use (prior company) that wanted all of the users to have this_special_group as primary…
Clearcase...they are notorious.
From:
[EMAIL PR
Definitely a huge thanks to everyone for making this an awesome first DEC for
me! It was great matching up faces to the email addresses I see daily. The
DR, Security and Interopt sessions were a couple of my favorites. The D&J
show was awesome!
For those not able to attend this year, make it a
riginal Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Friday, March 17, 2006 11:57 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS question
You can remove the A records with out any impact (if I remember they were for
legacy LDAP clients) bu
You can remove the A records with out any impact (if I remember they were for
legacy LDAP clients) but this requires more work than just removing the
records. You will have to change the registry entry below to "0" to disable
the registration of ALL A records, this includes some important DNS entr
Anyone know of any
good Windows 2003 mailing lists?
TIA
-Alex
Title: Message
And now I can honestly say that I can
follow this thread and not be “completely” lost…thanks chapter
3 of “the book in the signature” for a great schema refresh! ;-)
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, February 06, 2006
Title: Logon issue
Funny… I just (5 minutes ago) sent
an FYI to our End User Support team regarding this issue.
Here’s the KB: http://support.microsoft.com/?id=244474
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, January 27, 2006
6:21 PM
T
to
test, test, test, then deploy and keep your fingers crossed because there's no
accounting for production. Be ready with a contingency plan in case it all
comes crashing down around your ears.
Wook
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Alex Fontana
Se
As I understand it; the client machine
queries it’s primary DNS server for the SOA of the zone that matches the client’s
primary DNS Suffix. It then attempts to register it’s A/PTR records with
primary for that zone. That said, as long as the client’s primary dns server
knows who the SOA
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
Synch WSUS and get to patch’n
-Alex
final sign off done on
‘production deployable’ hardware?
I’m a big advocate of VM testing,
just to set the record straight.
Rick
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alex Fontana
Sent: Sunday, January 01, 2006
2:07 PM
To: ActiveDir@mail.activedir.org
Subject
I would have to agree…;-) At
work I run completely on VMs using ESX. All my testing is done on a Dell
PE1800 with about 8VMs including AD, Exchange (clustered), SQL, etc.
For those looking to do simple testing of
apps check out VM Player http://www.vmware.com/vmplayer
You can’t
Our main file/print server was set up to run the SFU NFS
server and is a Domain Controller. Having this box as a DC has been
stressing me out since I got here since anyone who creates home directories and
needs to modify permissions (standard practice when creating new users) needs
to have
utes on a DC. But still, in computer and hacking time, that is an
eternity.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Saturday, October 08, 2005 12:45 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Modifying Domain Admin
Call my method crude and archaic...but I have a box that just runs
scripts...all day...nothing else. One of them is to do a simple dump of the
domain, enterprise, and schema admins group once every 30 seconds or
something and diff it against the previous run. If there's a difference I
get an emai
Title: Change AD Passwords
If you’re willing to spend money and
have a solution that scales, i.e. does more than just AD passwords look into
P-Synch from MTech. http://www.psynch.com/
I’ve used them here and at a prior
company for password changes, password expiry notifications, passwo
DFS is site aware, but what about
non-dfs? \\example.com will always
resolve to “some” domain controller, dfs or no dfs, using
round-robin dns, right?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, September 06, 2005
8:59 AM
To
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Alex Fontana
Sent:
For what ever reason all of our users are still in the
cn=users container. Of course after years of being like this everything
ldap refers to cn=users. Part of my master plan is to change this to an
OU structure, but I’m looking for a less intrusive method of changing
this than having to
is not my favorite method if the
> bandwidth can support it. I'd prefer to dcpromo the repaired piece of
> hardware, especially for a smaller DIT. That's just my preference
> though.
> Good luck,
>
> Al
>
>
>
>
r and re-promote to a domain controller to ensure a good fresh
> copy of the DIT. YMMV as the specific requirements at your location
> may prevent this. We have only run into this once early in our AD
> days and this was the approach we used with good success.
>
> Diane
Started getting the error below a few weeks ago on one of
our DCs. My first reaction is to run a non-auth restore from a day before
this started happening and let replication take care of everything else.
Any reason NOT to do this? I’m concerned that this may happen again
and wasn’t able
Oddly enough, one admin here had a
ridiculously slow running ADUC, he updated his display driver and it started
responding as it should…
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Tuesday, July 12, 2005 11:15
AM
To: ActiveDir@mail.activedir.o
(inc DCs), believe me, I don’t use the CD in
every one of them. :)
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Friday, July 08, 2005 11:37
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir
9, 2005 12:55 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Sysprep Win2k3 Servers...maybe a DC?
I always avoid using images on servers and instead opt for automated
builds. If I was pushed I might use an image for a server, but never
for a DC.
Phil
On 7/9/05, Alex Fontana <[EM
servers and machines all day long. I
deploy hundreds of servers (inc DCs), believe me, I don’t use the CD in
every one of them. :)
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Friday, July 08, 2005 11:37
I know “imaging” and “ghosting” has
been talked about before, especially in regards to backing up DCs and the
conclusion is don’t. I totally understand this and agree, but what about
a base image of a win2k3 server, non-domain member, that has had sysprep run
for all servers, including may
But what about setting the msExchangeMasterAccountSid attribute to self ? Is it the
-grantselffullandread switch ?
Regards,
Yann
De :
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Alex Fontana
Envoyé : mardi 7 juin 2005
23:21
À : ActiveDir@mail.activedir.org
Objet
Title: Exchange and disabling accounts
I wrote a batch file used during
terminations that included granting the SELF account the associate external account
permission. I used a tool called admodcmd. I believe this is the
site: http://blogs.technet.com/exchange/archive/2004/08/20/208045.as
same problem and haven’t noticed it. I
just make sure that I start it manually.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Monday, June 06, 2005 8:31
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Permissions
needed to modify UNIX
ailto:[EMAIL PROTECTED]On Behalf Of Alex Fontana
Sent: Monday, June 06, 2005 5:31
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Permissions
needed to modify UNIX attributes SFU 3.5
Trying to delegate control to a group of admins for user
account creation, simple enough… However at this po
Trying to delegate control to a group of admins for user
account creation, simple enough… However at this point I can not get
past the UNIX attributes tab with out the following error message:
Unable to modify the property object values:
Check credentials
There could be network probl
If the DB is dismounted and only the system mbxs are left (no user mbxs) you
can right-click the db and delete, you'll most likely get a message that it's
been removed from ESM, but that you have to manually delete the edb and stm
files. Then you can go to explorer and delete those two files.
-e
the UNIX Attributes tab when viewing a user's
properties in the AD Users and Computers tool.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alex Fontana
Sent: Wednesday, May 25, 2005
12:07 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] SFU and ADUC
While vpn'd in can you browse/access file shares? I remember having a
similar issue and the fix being the following:
http://support.microsoft.com/default.aspx?scid=kb;en-us;244474
-Alex
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Thur
Anyone know what I need to install on an XP workstation to
manage the Unix attributes of a user? SFU 3.5, AD2003.
-Alex
de of the safe period.
I would have to leave that to Eric or someone who has actually played with this
and seen it though.
Either way, I think it is good you are
shooting it.
joe
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Saturday, May 2
ctionality so that the resolution is 1 minute so you need to schedule
something for the following minute.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alex Fontana
Sent: Friday, May 20, 2005 1:32 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveD
ition like that,
I agree with Rick, mow the DC down and start over.
joe
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Tuesday, May 17, 2005 4:53
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Replication
failures - lingering objects
I h
Try:
at 10:29:00 /interactive ldp.exe
not sure on how to get around the time…?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Friday, May 20, 2005 10:06
AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] The at
/interacive command
Woops,
60day tombstone lifetime, not garbage
collection.
From: Alex Fontana
Sent: Tuesday, May 17, 2005 1:53
PM
To: 'ActiveDir@mail.activedir.org'
Subject: Replication failures -
lingering objects
I have a DC that appears to have had some time sync
I have a DC that appears to have had some time synch
problems before I got here… Subsequently, all other DCs have
discontinued replication for the cn=configuration (per repadmin) with this
DC. My question is; the first event I can see showing replication
problems with this DC is on April
So what are some clever methods ya’ll use to not
expose the password in a script?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rick Kingslan
Sent: Sunday, May 08, 2005 9:52 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO not
applied - thinks it
I don’t think you’re ever
gonna get SYSTEM to shutdown any system but it’s local one – it has
no authority on any system but itself. Only thing I can think of is throwing
some credentials into the script your writing that does have the authority over
other machines, but then your askin for
It sounds like the question is:
What is the proper method for adding a new
machine (new image, reimage, whatever) to the domain using a NetBIOS name
that already exists in the domain?
Reset the machine account and then add the
new machine (what Jorge said). In a single site you sh
m:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Tuesday, March 01, 2005
12:48 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Querying for
all users
Is there any attribute that is unique to real user accounts
only (mail enabled and non-mail enabled)? We tried t
Is there any attribute that is unique to real user accounts
only (mail enabled and non-mail enabled)? We tried teaming up objectclass=user
and givenname=*, but of course not all users have to have a given name. Then
tried teaming up the objectclass with useraccountcontrol=5*, then we foun
http://support.microsoft.com/default.aspx?scid=kb;en-us;318584
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Monday, January 10, 2005 7:39 AM
To: ActiveDir (E-mail)
Subject: [ActiveDir] OT:winsock
I keep getting an error on a win2k pro s
We've seen this, unfortunately there are thousands of variants of this
worm. First things first...
Make absolute sure you are completely cleaning a machine!!! No matter
how much patching is done if the machine has already been compromised it
WILL get reinfected. We found that Mcafee, even whe
Interesting issue
with Netscreen 204 Firmware v5; on three occasions we have had AD replication
break between sites connected by VPN. As of now we have reverted back to
our v4 box which has worked fine for the past year. The problem seems to
be in LDAP queries, no response when using portq
Title: Message
Thanks all for your replies. My concern isn't so much
with the Event 1000s, or with the folks that this has already happened to as
much as it is preventing this, possibly by using "uphclean.exe", or
understanding why all of a sudden folks are having this happen. Anyone
have
Hello
all,
we've had a few
calls this week (more this week than last) about folks' profiles being corrupt,
i.e: they are having a new profile created when they log on. User bob now
has bob.domain or in some instances even bob.domain.00, etc. I've looked
at a few machines and notice no n
In an effort to
improve file server security and group management as a whole I find myself
curious about what other folks do in similar situations.
The environment: 1
File Server, 1 Win2k3 Forest, 3 domains, Exchange 2k
Current config: A
bunch of global security groups that are pretty mu
My GPO is as follows:
Activate Screen Saver: Enabled
Screen Saver EXE Name: NOT CONFIGURED
Password Protect Screen Saver: Enabled
Screen Saver Timeout: Enabled (1200 sec)
That config will allow the user to choose their own screen saver but not
allow them to change the lock screensaver feature or
ubject: RE: [ActiveDir] AutoDL
Why can't they use the OS search/admin baked-in tools?
Al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana
Sent: Friday, July 30, 2004 5:05 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AutoDL
I'
jì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
____
From: [EMAIL PROTECTED] on behalf of Alex Fontana
Sent: Fri 7/30/
Doesn't the subject
say it all???
Has anyone gotten
AutoDL to work? I have it all setup but when I load the webpage the two
bottom panes don't display; "Page Not Found". I'm thinking there is some
sort of security misconfig or something, but documentation is so scarce that I
have no clu
The two responses make good points; can you send an email
to the address, do you get an NDR? And has the RUS stamped the
mailbox with the addresses? I've had the RUS stop stamping addresses,
which caused the mailbox not to be created (can't log in) and have had to run a
rebuild, you may wa
First question is:
Do you have ANY access to the box? You can't log on locally, but can
you netsvc and start the telnet service? Can you use psexec and run
"psexec \\hostname cmd" to get a shell? (www.sysinternals.com look at
pstools in the utilities section, great tools and free!) Can you get to
Title: DC GPO not applying event log settings
Sorry, Win2k/SP4 all current patches
applied.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric
FleischmanSent: Tuesday, July 20, 2004 8:06 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DC GPO not
applying event log setting
Title: DC GPO not applying event log settings
Here's the situation,
Editing the Default Domain Controllers policy:
Max Size for Event Logs (for all): 16384KB
Retention Method (for all): As needed
Audit Policy: custom settings
Windows Updates: Disabled
69 matches
Mail list logo
