Title: Compelling arguments?
Are there compelling arguments to use the DNS Domain name of your AD Domain as the primary DNS Suffix versus a different DNS extension from a client functionality perspective?
Clients are still able to resolve the AD DNS Domain but most do not use it as their
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
Sent: Tuesday, March 29, 2005 10:06 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Compelling arguments?
Are there compelling arguments to use the DNS Domain name of your AD Domain as the primary DNS Suffix
Title: .Net Sid conversion Function
Is anyone aware of a .Net function to convert the binary form of a sid to the string form and vice versa? I have found the c++ functions but I am trying to work specifically within the .Net framework.
Title: Ladies and Gentleman, A complex AD/Exchange issue.
Background information:
There is a global Windows 2000 active directory forest with three primary domains Europe, Americas, Asia Pacific as well as an empty forest root.
There is a single global exchange 2003 organization with three
Title: Set Preferred DC
Ok Guys,
I am about to ask a question that may stir up a great deal of conversation about Good Practice and Avoiding Hard Coded Entries, If we could just skip over that whole bit it would be great. That being said, I need to control the logonserver of individual
insure the can only find the DCs you want them to.
--
Regards, Willem
P.S.
If we could just skip over that whole bit it would be great.
That was pretty hard, but I did it!
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
Sent: Tuesday, September 07, 2004
Preferred DC
All right, seriously then. If you really insist on hacking it instead of fixing nameresolution you can use nltest to reset the secure channel to the DC you want. That sound better?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
Sent: Tuesday
Title: Re: [ActiveDir] GPO to copy a file to all machines
If you have a copy of Wise or some other MSI packager, you could just create a simple msi package that writes the .scr file to %systemroot% and install it via machine GPO.
Just something to consider.
From: DL.ActiveDirectory [EMAIL
Title: MIIS Books
Anybody know if there are any good books available for MIIS? The microsoft Documentation is putting me to sleep, or maybe its just the subject matter. ; )
PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
Sent: Wednesday, August 11, 2004 1:04 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] MIIS Books
Anybody know if there are any good books available for MIIS? The microsoft Documentation is putting me to sleep, or maybe its just
Title: Re: [ActiveDir] krbtgt error when joining OS X client
Hmmm,
These directions look strangely familiar ; )
Dont forget to set your timeserver...It is THE most common error.
If you have set the Mac to have a Domain Controller as the time server and you still have errors then you should
You should look at netpro's directory troubleshooter. I am surprised Gil
hasn't already been on this thread ; )
From: Elton Gouvêa Pimentel [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 28 Jun 2004 14:24:48 -0300
To: [EMAIL PROTECTED]
Subject: [ActiveDir] AD diagnostic tools
Title: Re: [ActiveDir] Sarbannes Oxley compliance
Instead of doing a runas on explorer.exe do it on iexplore.exe (Internet Explorer) and then just point the url to the filesystem. You cant do this from the startmenu but it works rather well on the quicklaunch bar.
You can also paste this text
Title: Re: [ActiveDir] AD domain changes
Hi Ken,
Here is the information page for the 2003 domain rename...
http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx
I dont think I would ever want to go through it. But, better now than when directory grows larger.
Brent
From:
2004 13:00:49 -0700
To: 'Brent Westmoreland' [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Samba guest access?
hi Brent,
we're having trouble getting SSH access to that machine remotely today. it lives in LA, and i'm up in Seattle now.
when we can get on there, i can get you the info you've
Title: FW: [ActiveDir] OT: Samba guest access?
Sorry Kirk, I apparently sent this off-list by mistake can you send me the output from the below command?
-- Forwarded Message
From: Brent Westmoreland [EMAIL PROTECTED]
Date: Tue, 15 Jun 2004 21:37:31 -0400
To: Kirk Marple [EMAIL PROTECTED
Title: Re: [ActiveDir] OT: Samba guest access?
I can put it in the lab on Tuesday and probably have you an answer by that afternoon. I just need a little time.
From: Kirk Marple [EMAIL PROTECTED]
Organization: Agnostic Media, Inc.
Reply-To: [EMAIL PROTECTED]
Date: Fri, 11 Jun 2004 09:30:28
appreciated.
Juan Carlos
-Mensaje original-
De: Brent Westmoreland [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 03 de junio de 2004 17:31
Para: [EMAIL PROTECTED]
Asunto: Re: [ActiveDir] In search for duplcate accounts
You will need to know what values you are trying to find
Title: Re: [ActiveDir] Anybody have experience putting an Apple XServe in a Win2K3 domain?
I have detailed instructions for this and will post them a little bit later, once I get to work.
From: Kirk Marple [EMAIL PROTECTED]
Organization: Agnostic Media, Inc.
Reply-To: [EMAIL PROTECTED]
Date:
using an Open Directory group for you group membership.
Make any changes to the protocols area, I usually disable guest access, etc.
Save the configuration.
I think that is about it, if there are egregious errors or you get stuck let me know.
From: Brent Westmoreland [EMAIL PROTECTED]
Reply
Title: Re: [ActiveDir] In search for duplcate accounts
You will need to know what values you are trying to find. For example, people with duplicate surnames and givenNames or duplicate sAMAccountNames in a forest can be determined by using ldifde. The syntax can be a little tricky to the
Yeah, I love/hate that guy
From: joe [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 27 May 2004 19:22:10 -0400
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Domain Controller Security...
Nope but it doesn't matter. If they can install a service (or replace a file
a
Title: Re: [ActiveDir] hitting users
Alternatively, you could just delete all the users. It would have about the same effect as removing localsytem access, but I find it to be a cleaner solution. This would also solve the problem of those nasty little legacy API calls. ; )
But maybe what you
Install adminpak.msi available in the C:\windows\system directory of any server, also it is available on the server cd.
On May 27, 2004, at 9:12 PM, Caple, Andrew wrote:
I'm sure this is an easy one I'm currently setting up some Support Desk PC's and need to give them access to Users
Answers in line to additional questions
From: Noah Eiger [EMAIL PROTECTED]
Organization: PRBO Conservation Science
Reply-To: [EMAIL PROTECTED]
Date: Wed, 26 May 2004 10:36:54 -0700
To: Active Directory List [EMAIL PROTECTED]
Subject: [ActiveDir] SUMMARY: Mixed network PC and Mac - AD or
Couple of questions Tom.
Where do the managers want to access their PCs from?
What is your operating systems base? Are all of your managers machines
windows xp?
Do you have vpn enabled at your site?
Is there a requirement that they be able to access the machines via a web
interface?
a cisco vpn concentrator
4.there's a desire to have them access their machines without any client
software install or config.
minimal involvment on their part is the attraction.
thanks
-Original Message-
From: Brent Westmoreland [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 25
Title: Re: [ActiveDir] Looking for a tool that displays SID
I knew it was a job for joeware :o)
From: joe [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Tue, 25 May 2004 14:26:44 -0400
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Looking for a tool that displays SID
Yeah getsid will
Yeah I have some, I will have to look on Monday to see if it meets those requirements though. Just send me an email to remind me. If memory serves, there is a pci riser card on those things that allows you to get 2 and only 2 full-height cards in horizontally. Or maybe that is the ibm 345's? I
that Exchange adds on. At that point Exchange starts winning. Mostly the calendaring is the big thing.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
Sent: Monday, May 17, 2004 7:09 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Mixed network PC and Mac ->
I am going to knock on wood here, but I have used DFS successfully with the built-in FRS replication.
Others on the list complain, but my experience has been contrary. Let me also clarify by saying that we weren't replicating large files. If you wanted to put all of your ghost images, for
I know that the unicodePwd attributes can never be read by way of ldap, you will probably find that this is true for userPassword also.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;269190
On May 18, 2004, at 6:29 AM, Aitzol Naberan Burgaña wrote:
Hi all
How can I grant read
cs? AD will handle authentication. Will it handle permissions on the XServe shares?
Finally, do you know of any good resources for information about planning this sort of change?
Thanks again.
nme
From: Brent Westmoreland [mailto:[EMAIL PROTECTED]
Sent: Friday, May 14, 2004 1
In troubleshooting, I would say you may want to look at DNS. Had a funky setup in a Windows 2003 test environment where FSMO roles wouldn't transfer because of the SPN registration being bunked. It actually complained about the specific record in the event log. After deleting it and restarting
ave to agree unless thecustomer wants the integrated calendaring or the integrated IM or the other little things that Exchange adds on. At that point Exchange starts winning. Mostly the calendaring is the big thing.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
S
-bigger
x-tad-biggerFrom:/x-tad-biggerx-tad-bigger Brent Westmoreland [mailto:[EMAIL PROTECTED]/x-tad-bigger
x-tad-bigger /x-tad-biggerx-tad-biggerSent:/x-tad-biggerx-tad-bigger Friday, May 14, 2004 1:51 PM/x-tad-bigger
x-tad-biggerTo:/x-tad-biggerx-tad-bigger [EMAIL PROTECTED]/x-tad-bigger
x-tad
I just reread this, and realized it could be interpreted differently than meant...
I was trying to add humor, not flame
I am still advocating a remove post button, Sir Tony.
On May 17, 2004, at 7:09 PM, Brent Westmoreland wrote:
In regard to cost estimates you probably can get Dell
I'm crying in my breakfast cereal with laughter here.
$ - )
On May 16, 2004, at 10:05 AM, joe wrote:
Oh this is probably going too far but.
No, that three-day old stanky can I would call Exchange. It seems to be
necessary even though there are other things you can use but seems to
be the
most
And to you, have fun with the Jeep...
On May 16, 2004, at 10:54 AM, joe wrote:
:o)
Happy Sunday!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brent
Westmoreland
Sent: Sunday, May 16, 2004 10:16 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] [OT
Let me look it up, It will just take me some time to put it all
together. Just to get my bearings on the subject, let me ask some
questions:
1. What is the Specific OS version on your client mac machines?
2. What is the Specific OS version on your server mac machines?
3. What is the exact
The favorite thing about my job is answering questions for Students and Interns
It gives me the warm fuzzies
On May 13, 2004, at 12:05 PM, DL.ActiveDirectory wrote:
x-tad-smallerHello,/x-tad-smaller
x-tad-smallerI am doing research for a college project, and I would appreciate any
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
On May 14, 2004, at 9:59 AM, Brent Westmoreland wrote:
Let me look it up, It will just take me some time to put it all
together. Just to get my bearings on the subject, let me ask some
questions:
1. What is the Specific OS version on your client mac machines?
2. What
My $0.02
In the existing situation, with 70 machines at one site, half macs and half PCs. The choice is actually a dead giveaway... Xserve's all the way. OS X server with OpenDirectory and Samba 3 can handle the authentication needs of the whole shop. You don't need Active Directory at all.
Mark is absolutely correct, the screensaver setting is a user policy. In order to fix this correctly and still use the default domain policy to set the screensaver you have to use loopback processing. One great thing about active directory is that it is designed to be extensible. Creating
Instead of blocking ports, we opted to delegate creatorOwner group policy permissions to our NOC, and enabled GPOs to keep application executables from running...
for example under
UserConfiguration/Admin Templates/System/Don't run specified windows applications
The sasser variants would be
, 2004, at 1:42 PM, Creamer, Mark wrote:
x-tad-biggerHi Brent, theyre all 10.3.2. Thanks for your help on this/x-tad-bigger
x-tad-bigger/x-tad-bigger
mc>
x-tad-bigger-Original Message-/x-tad-bigger
x-tad-biggerFrom:/x-tad-biggerx-tad-bigger Brent Westmoreland [mailto:[EMAIL PROTECTED
Which version of OS X?
10.3 or above has an Active Directory client built in that can typically be configured to work with AD, if not there are options for using Kerberos for single sign on. Post back the specific version, and I can help you get it going whether it be 10.3 or back.
Brent.
p.s.
Hey Mike,
How about clicking on that last link that Joe provided?
On May 2, 2004, at 8:33 PM, Mike Welborn wrote:
x-tad-biggerJoeIf you are interested in true *nix integration with Active Directory, check out a company named Vintela./x-tad-bigger
x-tad-biggerThey have a great solution but you
environment to use
it for
their applications. If you started with inetOrgPerson I would be just
as
against vendors forcing you to change to use user objects.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brent
Westmoreland
Sent: Friday, April
The AD attribute for a user object password is a unicodePwd. If you
use the inetOrgPerson object (which Joe strongly disagrees with) that
is available in windows server 2003; the password will be concurrently
stored in the userPassword and unicodePwd attribute. The values of
these
Follow the recommendations in the document, for DC's with DNS they will help to avoid the island effect.
http://support.microsoft.com/?kbid=825036
On Apr 22, 2004, at 10:27 AM, Salandra, Justin A. wrote:
x-tad-biggerThe only problem with that is creating a DNS Island. Why not have the DNS
http://www.nsisoftware.com/pro/geocluster/datasheets/
Check this one out, it may do what you need, but the cost would probably be equivalent to a disk cabinet. So what you are buying is flexibility. I haven't used the product, but NSI gets high marks from most places.
Brent
On Apr 22, 2004,
Brent,
this is very easy to accomblish: you just need to add the inetOrgPerson
class to the objectClass attribute of the user using adsiedit or a
script.
Ulf
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brent
Westmoreland
Sent: Dienstag, 20. April 2004
inetorgPerson
better than the user class.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brent
Westmoreland
Sent: 21 April 2004 02:40 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] User to InetOrgPerson Class
Using pure ldap logic, One would assume
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/
217.asp
This is actually a GPO setting.
On Apr 19, 2004, at 1:20 PM, Mulnick, Al wrote:
That's a great question; I wish I had a good answer for you, but I
think you
may have better luck posting this question on a scripting
Does anyone know of a Microsoft endorsed way to change a win2k3 user
object to an InetOrgPerson object without having to export the
information and reimport it? There is a potential that some of our
clients will need to interact with active directory from an alternate
client. This change
I have seen this problem when there is a DNS error that causes the
machine to go to an alternate server for Group Policy processing.
I have also experienced it when their is a firewall between the client
and the server and the appropriate RPC ports were not opened.
Hope that helps.
Brent
are directly authenticating.
Brent Westmoreland
On Mar 23, 2004, at 5:11 AM, Lara Adianto wrote:
Thank you Robbie, but I still can't get it to work :-(
When a win2k client tries to log in using my linux
kerberos realm, it fails with error message:
The system could not log you on. Make sure
: http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Brent Westmoreland
BMW Group - Data Center Americas
Business: 864.989.6567
I am busy researching the Microsoft Operations Manager software,
specifically for AD health. Does anyone have any real world experience
messing with this? I am specifically wondering how much value this
could add to an organization, any gotchas, etc.
Brent
List info :
assant -
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
Brent Westmoreland
BMW Group - Data Center Americas
Business: 864.989.6567
Same thing happened to me the other day... ;o)
On Mar 18, 2004, at 10:20 AM, Mulnick, Al wrote:
Dang. If I'd only waited a minute longer before sending :)
From: Brent Westmoreland [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 18, 2004 10:15 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir
des me working through the problem.
-
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
Brent Westmoreland
BMW Group - Data Center Americas
Business: 864.989.6567
use Robbie's recipe 6.32.
But I can create all the users I want programmatically with any UPN I want without putting that UPN into the uPNSuffixes attribute.
Is the only purpose for this attribute to make it easier in ADUC to pick a UPN value?
Brent Westmoreland
BMW Group - Data Center Americas
-biggerx-tad-bigger/x-tad-biggerx-tad-biggerThanks!/x-tad-biggerx-tad-bigger/x-tad-biggerMark Creamer
Systems Engineer
Cintas Corporation
x-tad-biggerHonesty and Integrity in Everything We Do/x-tad-bigger
Brent Westmoreland
BMW Group - Data Center Americas
Business: 864.989.6567
-tad-smaller
Brent Westmoreland
BMW Group - Data Center Americas
Business: 864.989.6567
there has to be an easier way to do this. /x-tad-smaller
x-tad-smallerAny ideas/x-tad-smaller
x-tad-smallerThanks/x-tad-smaller
x-tad-smallerMark Hocraffer/x-tad-smaller
x-tad-smallerRockwell Collins/x-tad-smaller
Brent Westmoreland
BMW Group - Data Center Americas
Business: 864.989.6567
/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Brent Westmoreland
BMW Group - Data Center
Mark Hocraffer
Rockwell Collins
Brent Westmoreland
BMW Group - Data Center Americas
Business: 864.989.6567
Brent Westmoreland
BMW Group - Data Center Americas
Business: 864.989.6567
ght everything was drawn from the SID but something is blocking the migration of this one particular group.
Brent Westmoreland
BMW Group - Data Center Americas
Business: 864.989.6567
connections, just like I am supposed to. I even rebooted the system to try to clear the problem. Nothing seems to work. It's a small, but aggravating problem. Any thoughts are welcomed. Thanks!
Mike Thommes
Brent Westmoreland
BMW Group - Data Center Americas
Business: 864.989.6567
71 matches
Mail list logo