Does
anyone know if the AD DR document located at http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/support/adrecov.mspx
is available as a Word document somewhere? I had thought it was – maybe that
was a previous version?
Mark Creamer
Systems Eng
answer that question.
You can also configure
DNS to point to itself and forward all other queries to the Singapore DNS
Server.
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark
Sent: Thursday, April 22, 2004
9:58 AM
To: [EMAIL PROTECTED
Wasn’t
this one on the exam? The cities sound familiar…;-)
Anyway, why
force a DC to go elsewhere for its DNS info – just make it query itself
and make DNS AD-integrated.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Thursday, April 22, 2
Joe, as usual, your posts are both informative and entertaining. This one gets filed
for the next time
someone comes to me asking for another half-baked schema extension because the app
wasn't designed
right in the first place. Should be in the next hour or so if history would predict...
-O
he other members of the
Adminstrators group remain in this group as well.
/Guido
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Creamer, Mark
Sent: Mittwoch, 21. April 2004
16:55
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
enterprise-wide accounts
Guido, et al…I ha
Glad Rod passed on the pointer to susserver.com. Some of the new name suggestions are
hilarious
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
We’d
like to eventually trim down the number of domains and get to an OU-based
administrative model. But in the mean time, we have identified a couple of
people that we want to have domain admin rights in all domains. I know that
making them an enterprise admin allows them domain admin righ
don't need SQL)
Joe
Pochedley
Weiler's Law - Nothing is impossible for the man who doesn't have to do
it himself.
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: Friday, April 09, 2004 8:51
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Join
other DC
On a
related rant, I completed a small network installation for a friend’s
growing business last weekend. It was my first experience with Small Biz
Server. I’m amazed at the bulk of crap it includes. Seems like I turned
off more features than I turned on. Several patches for SBS-specific bu
art Fuller
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 07, 2004
9:14 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: ntbackup
bks file issue
I'm trying to get a scheduled ntbackup that does the system state
and a few other directories to recognize the line in my
Has anyone
used the DHCP Objects dll that comes with Win2K ResKit? I figured that might be
one way to search all scopes of my DHCP server to look for a given lease
(rather than one by one scope in the GUI). I haven’t been able to find
any examples yet though. Or maybe someone has a better s
Frank, I
believe this is set using the useraccountcontrol flags, which you can read
about here:
http://www.jsiinc.com/SUBL/tip5500/rh5504.htm
You might
look at Joe’s tool secdata available at www.joeware.net.
I believe it will output the useraccountcontrol flag currently set per user,
I’ll
take that bet ;-)
Just picked
it up no problem – Shift-refresh that puppy
-Original Message-
From: Michael B. Smith
[mailto:[EMAIL PROTECTED]
Sent: Thursday, April 01, 2004
9:36 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Released!
Windows Server 2003 Acti
Michael, I
think that’s the old one, isn’t it?
-Original Message-
From: Michael Wassell
[mailto:[EMAIL PROTECTED]
Sent: Thursday, April 01, 2004
8:42 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Released!
Windows Server 2003 Active Directory Branch Office Guide
Sorry if
anyone’s already mentioned this – I may have missed it. A list
member was asking about DNS appliances the other day. I just opened my copy of
March 2004 Windows & .NET Magazine, and there’s a review of several
offerings there. HTH
We use KiXtart as our logon scripting engine. It has this ability, as well as many
others. Basically,
I log pertinent information to a SQL database, and I can query from there.
You can also use VBScript or Perl to query the registry key where updates register
themselves. On a
typical WinXP machi
Active
Directory Users and Computers is the default GUI, but it is designed to
populate the most commonly used attributes, so they are not all there. For one
at a time kind of edits, you can use ADSI Edit, a GUI tool that lets you see
all of the attributes associated with an AD object. For
I think our
WAN guys evaluated some appliance from Infoblox, I didn’t get to see it.
We stayed with the OS-based solution
Title: Message
Justin,
have a look at this…
http://www.slipstick.com/outlook/esecup/admin.htm
-Original Message-
From: Salandra, Justin A.
[mailto:[EMAIL PROTECTED]
Sent: Thursday, March 18, 2004
12:43 PM
To: [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: [ActiveDir]
This query
info is extremely helpful. Thanks guys!
Of course
the downside of providing managers this info is gaining the reputation for
being the guy to come to for any info they can’t see in the GUI ;-)
I need to get some information on all of our users for a
manager here. I have a script I can alter to get the information, but can I
assume that if the user has a value in the “mail” attribute that he
or she has an Exchange account? What the manager ultimately wants is a list of
all users,
Collector
System) will do all of that for you and likely much more efficient than what
you'd do yourself (and more secure as well) - should be released soon (I think
with 2003 SP1)
/Guido
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: Dienstag, 16. März 2004
19:18
To: [EMAIL PROT
Has anyone had success putting together something home-grown
to centralize security event logs into a sql database? If so, I wanted to get
some tips on how the tables should be set up – can all events that are
captured in the security log be placed in the same table, or do different
events
> Hey Mark, ancient chinese secret... We could tell you but would have to beat you
> with a bamboo
rod...
Wouldn't be the first time (or likely the last) Joe... :-)
Thanks for the tips!!
-Mark
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.
Tony, what's the 1.1 at the end of the command line? I figured it was just something
extraneous, but
wasn't sure...
-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 10:59 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Finding users who mu
I should have expanded on my reason for asking about the clients. As soon as we went
to SP4, we were
getting a lot of these lockouts, all on Win9x clients (we don't have any NTW). W2K and
above were
fine. I called MS Support and they gave me a new version of the AD Client. With that
installed, t
Mike, what OS is the client running?
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
I need to find which users have their accounts currently
flagged to require a password change on next logon. Can that be done with dsquery
user –stalepwd? If so, what value would I use? Or, is there a different
solution I should be using?
Thanks!
Mark Creamer
Systems Engineer
Cint
Alice, see this article…might be of help.
http://www.winnetmag.com/Articles/ArticleID/38775/pg/3/3.html
Mark Creamer
[EMAIL PROTECTED]
rried about Yesterday? -anon
From: Creamer, Mark
Sent: Wed 2/25/2004 6:17 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Off-topic: ISA Server and WMI
ISA is installed in
integrated mode. As an example, I’d like to chart the number of current
users in Denika Performance tr
o you have ISA deployed
(firewall or proxy or both?)
-Original
Message-----
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 24, 2004
4:42 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Off-topic:
ISA Server and WMI
Am having trouble finding
documentation on WMI as far
Am having trouble finding documentation on WMI as far as
what I can use it for with ISA server. We’re using What’s Up Gold
for basic monitoring and the admin tells me if I can provide WMI objects for
him to collect data on, he can report on it in WUG. Thanks for any help on
that, as always
This may be of help
http://cwashington.netreach.net/depo/view.asp?Index=881&ScriptType=vbscript
-Original Message-
From: J0mb [mailto:[EMAIL PROTECTED]
Sent: Friday, February 20, 2004 12:58 PM
To: [EMAIL PROTECTED]
Subject: R: [ActiveDir] OU/Computer accounts reorganization
ok...than
You could start with something like this as the framework (From MS Script Center)
Set objNewOU = GetObject("LDAP://OU=Finance,DC=fabrikam,DC=com";)
Set objMoveComputer = objNewOU.MoveHere _
("LDAP://CN=atl-pro-03,CN=Computers,DC=fabrikam,DC=com";, "CN=atl-pro-03")
-Original Message-
From
Title: RE: [ActiveDir] Site Configurations and SMS2003
Chapter 9 in Robbie Allen’s AD book
is on site topology. In it, he suggests creating a site per physical location.
“If you have 50 physical WAN
locations, you have 50 sites. If only 30 of these will be used for Active
Directory, y
not a security issue in that case – I don’t think it
is, anyway… perhaps it’s totally unrelated?
Rich
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark
Sent: Wednesday, February 18, 2004
8:29 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] User properties
in
We have a fairly well-locked down terminal server for our
help desk staff to use. Among other things, they can launch ADUC and manage
user accounts. We just noticed that if they choose the user by browsing into
one of the containers, they can bring up the properties of the user. But if
they
I have *NOT* tried this myself, but I found it in my scripts archive. Not sure of its
origin, or if or
how well it will work. Watch the line wraps, etc. It requires wts_admin.dll which is
available here:
http://cwashington.netreach.net/main/tools/default.asp?topic=n-z
I believe this came from Bar
adapter? Are both adapters pointing to the domainA
DNS? Is WINS registering the other adapter?
Just trying to give you
some ideas, not sure if any of these would make a difference as I haven’t
seen this before…
Rich
From: Creamer,
Mark [mailto:[EMAIL PROTECTED]
Sent: Wednesday
ister itself on a regular
interval.
Al
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004
11:15 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] DNS on
dual-home machine
I'm having trouble with a
system which is dual-homed. Both NICs have private a
Title: Message
I’m having trouble with a system
which is dual-homed. Both NICs have private addresses. One NIC is associated
with domainA.com, which is an internal-only AD domain. The other NIC is
associated with domainB.com, which is an Internet presence domain.
The problem is that o
>From what I hear, it's a swastika.
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 9:14 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] MS04-006 - Serious hole that needs patching - thi nk Blaster++
Yeah, but have you seen this
Is there an attribute I can query for that will tell me WHEN
an account was disabled? I can easily tell whether they are disabled, but
couldn’t find out when.
Thanks!
Mark Creamer
I have a ISA server, which is also a DC for its subdomain,
isa.mycompany.com. It has AD-integrated DNS. It is dual-homed, although both
interfaces are “inside” our firewall. NIC #1 handles the requests
from the production subnets and NIC #2 forwards the requests to the firewall to
retrieve
Wouldn’t it be refreshing just once
to read about a merger/acquisition that didn’t contain the word “synergies?”
;-)
-Original Message-
From: GRILLENMEIER,GUIDO
(HP-Germany,ex1) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 28, 2004
10:57 PM
To: [EMAIL PROTECTED]
S
Hi, can someone either confirm or set me straight on this
one…
We have “Secure Cache Against Pollution” enabled
on our Win2K SP4 DNS servers. However, our Retina scans were still showing that
the servers were vulnerable to that type of compromise. One of the other folks
here researched
Debbie, don’t use the dsclient on
the Win2K server CD. There’s a more up-to-date one that includes some
fixes for account lockout issues. You can get it from MS support, or let me
know and I can send it to you off list
-Original Message-
From: Ellis, Debbie
[mailto:[EMAIL
stuff, too. You looking at the Cisco agent stuff or the
802.1x stuff?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark
Sent: Tuesday,
January 20, 2004 10:47 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] forcing a
logoff
Yep, I understand. The
I noticed that there is a WMI core install for Win9x and I installed it on my test
Win95 machine.
However, I can't get the WMI script to reboot that machine. Is it possible that even
though WMI core
is installed, it doesn't give me access to all of the features I'd have on a Win2K
machine?
The
they become infected
and start spreading. Needless to say, the project was still-born :(
Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that
Today is the Tomorrow you were worried about Yesterday? -anon
From
> 2. Win2K and later (I have no NT 4) has cached credentials, so a user could unplug,
> log in, replug
and
> thereby bypass the logon script
But they still wouldn't have access to anything network based. Those
cached credentials will only get them on their local machine.
>>> I would think they
Hi all, can you give me some ideas on how to handle this...we use ScriptLogic to
manage our desktop
environments, which works very well. I have been asked to find a way to force people
who have not
updated or are not running the latest AV (specific approved product) to logoff.
Environment: Win2
Rich, I realize this is only an outline, and
you may already know all this, but this presentation may help you get some
ideas on things to specifically research
www.rallenhome.com/conferences/RAllen_Extending_the_Schema_Roundtable.ppt
I guess one of the main things I took away
from
I’ve successfully slipstreamed service packs into a
Win2K install media before, but never looked into adding any hotfixes to it. So
I started looking into how to do it, and was surprised to find dialog from one
of Microsoft’s online tech chats, in which the rep said you can’t
do that. Did I
Title: Message
Travis, the following should query your GC
and return a | (pipe) delimited text file with a few attributes including “mail.”
Have a look to see if that’s what you want. This is adapted from scripts
found elsewhere, created by folks smarter than me ;-) YMMV
Change the dc=
Ron, grab a copy of Robbie Allen's AD Cookbook (O'Reilly). Both are therein.
-Original Message-
From: Pennell, Ronald B. [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 08, 2004 2:00 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Listing passwd information from AD
Does anyone have a qu
ettings
|| from that GPO? Also, you might try enabling verbose userenv logging
|| to
|
|| see if that gives some clue as to why these settings are still
|| getting
|
|| processed.
||
|| -----Original Message-
|| From: [EMAIL PROTECTED]
|| [mailto:[EMAIL PROTECTED] On Behalf Of Creamer,
|| M
|| from that GPO? Also, you might try enabling verbose userenv logging to
|
|| see if that gives some clue as to why these settings are still getting
|
|| processed.
||
|| -Original Message-
|| From: [EMAIL PROTECTED]
|| [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark
|| Sent: Tu
puter is not in the admin group
-Original Message-
From: Creamer, Mark [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 30, 2003 2:26 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] GPO Loopback problem
We're setting up a group policy being applied to an OU which contains 2
pback
policy enabled on that GPO?
Darren
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Creamer, Mark
Sent: Tuesday, January 06, 2004
7:45 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Undoing a GPO
for Domain Admins
I created a GPO to manage
users’ terminal server de
I created a GPO to manage users’ terminal server desktop
settings. I then noticed that those settings were being applied to domain admins,
which I did not want. So on the Group Policy’s security tab, I explicitly
denied the Apply Group Policy to Domain and Enterprise Admins. However, nothin
Mike, is it returning just 1000 objects? You’ll need to use the
Page Size = …as in Robbie’s recipe # 4.7
-Original Message-
From: Mike Hogenauer
[mailto:[EMAIL PROTECTED]
Sent: Monday, January 05, 2004
1:55 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Ldap Access
to Gro
I found a control (wts_admin.dll) that will allow me to set
terminal services properties for a user in a Win2K domain, such as profile
path, home directory etc. These extensions are only available from Microsoft
for Windows 2003 as I understand it (http://msdn.microsoft.com/library/default.
Oh my gosh...Hunter that's a lifesaver. I've been trying to figure that one out
forever. Thanks!!
-Original Message-
From: Coleman, Hunter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 31, 2003 10:04 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] User Display Question
You ha
In GPO\User Configuration\Administrative Templates\Windows
Components\Windows Explorer, there is a policy “Hide these Specified
Drives in My Computer.”
According to the Explain tab for that policy, it “Removes
the icons representing selected hard drives from My Computer, Windows Explor
We’re setting up a group policy being applied to an OU
which contains 2 computer objects, which are terminal servers. Then we want to
set user configuration policies disabling certain start menu options, etc.
As expected, the policy affecting the users only goes into
effect upon selecti
Title: Message
Tom, have you looked for replication
errors betwixt the DCs yet? Might be a start…
-Original Message-
From: Tom.Gray
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 24, 2003
8:39 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Passwords
keep expiring
Hello, to those who haven’t disappeared for the
holidays!
We’re having a problem with a Universal Group. Both
domains are native, and therefore the DL is a Universal group, Security type.
The Univ group exists in Domain A. The purpose of this group is to control who
can go into Address
.SetInfo
End
With
oRs.MoveNext
Loop
Else
'-- empty
recordset
End If
__
Todd Povilaitis
LAN
Administrator
Huntington
Hospital
[EMAIL PROTECTED]
Phone:
(626) 397-3392
Fax:
(626) 397-2901
-Original
Message-
From: Creamer, Mark
[m
ue in your
ADO/ADsDSOObject query.
__
Todd Povilaitis
LAN
Administrator
Huntington
Hospital
[EMAIL PROTECTED]
Phone:
(626) 397-3392
Fax:
(626) 397-2901
-Original
Message-----
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: Friday, December 19, 2003
08:31
Do I want to use ADO if I want to
search all users in a domain and then alter an attribute based on its current
value, or is there a better method? Up to now, I’ve only tried using ADO to return a
result set, not modify.
The part I’m struggling with is making the search
recursive throug
Can you clear something up for me? In ADUC, the default
first column is labeled “Name.” I would like that to always display
as LastName, FirstName (sn, givenName)
I thought this was controlled by DisplayName, but apparently
not. What attribute would I edit to fix the ones that don’t mee
uot;)" & VBTab & "Remote Access
Permission = " & objRecordSet.Fields.Item("DialInState"))
objRecordSet.MoveNext
Wend
fileTxt.WriteLine(vbCrLf)
j = objRecordSet.RecordCount
fileTxt.WriteLine("Total number of dial-in enabled users is " & j)
objRecord
: Thursday, December 18, 2003 11:52 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] attribute for remote access
Mark-
Here's a snippit of a script we use to check that:
userADsPath = adoRecordset.Fields.Item("ADsPath").Value
set objUser = GetObject(userADsPath)
d
, December 16, 2003
3:53 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] finding
GCs
Gil's post should provide
the information they need to do this. Did you catch that one the other
day?
From: Creamer, Mark [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003
2:46
inding
GCs
Gil's post should provide
the information they need to do this. Did you catch that one the other
day?
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003
2:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] finding
GCs
According to the
develop
!
-Original Message-
From: Creamer, Mark
Sent: Thursday, December 11, 2003
3:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] finding
GCs
I think it’s a
compiled application that is called by the web app. But I’ll know more
tomorrow. We’re supposed to meet to discuss it. I’ll at least try
to
Ah ha! Here’s one I can answer
(having asked it myself last week)
In ADSI Edit, with the Domain Selected,
choose View/Filter. Change the number of objects to whatever…
-Original Message-
From: Jannie Esterhuizen - CPX
Mngd Services [mailto:[EMAIL PROTECTED]
Sent: Frid
Thanks Tony. Does the account get created with a blank password if I don't create one
myself? If so,
what would happen if the domain policy is set to not allow blank passwords?
-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]
Sent: Friday, December 12, 2003 9:43 AM
To: [EM
If set to true, then it's a global
catalog. If not, then it's just a DC.
Al
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: Thursday, December 11, 2003
12:41 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] finding GCs
Our developers put together a web
site on our intra
Our developers put together a web site on our intranet last
year that allows privileged users to add members of their staff to various
groups. It works great, except that now we are in native mode and are using some
universal groups. The app will work properly as long as it happens to hit a
Title: Message
Just have them read this…
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q203/6/07.ASP&NoWebContent=1
and then give them something to do J
-Original Message-
From: Gilbert, Daniel L Mr
ANOSC/FCBS [mai
I do, but I exclude the AD files, and I do
not have real-time scanning enabled, just periodic scheduled scans. Does not
seem to cause any problems.
-Original Message-
From: Douglas M. Long
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 10, 2003
11:17 AM
To: [EMAIL P
David, try recipe 6.2 from Robbie Allen's AD Cookbook. If you don't have the book, I
highly recommend
it, but you can also find what you need at www.rallenhome.com
There are also some create user scripts at Clarence Washington's site at
http://cwashington.netreach.net
-Original Message
Does anyone have experience with a product called Softerra
LDAP Administrator? If so, does it offer any significant advantages over
ldp.exe that would warrant the hundred bucks?
Mark Creamer
Systems Engineer
Cintas Corporation
Honesty and Integrity
in Everything We Do
:35 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir]
UserAccountControl Bitwise question
Shouldn't that be changed
to 8389120 instead (512 + 8388608)?
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2003
4:22 PM
To: [EMAIL PROTECTED]
Subj
I thought flagging an account to require password change
would change the UserAccountControl attribute from 512 to 8388608 (0x80).
(per article KB 305144) But it’s not happening. Accounts that are flagged
for that are still 512. Am I misunderstanding something? likely J
Mark Creame
annoyance
In the View / Filter,
Max number of items per container. Default is 1, increase to your
desire.
Regards,
Dave
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Creamer, Mark
Sent: Thursday, December 04
How do I increase the maximum number of items that ADSI Edit
will display? It stops after x number in the Users container and tells me to
increase the maximum…
Thanks!
Mark Creamer
Systems Engineer
Cintas Corporation
Honesty and Integrity
in Everything We Do
That did help with my understanding of the dsquery logic, but unfortunately it also
will include those
whose passwords are set to never expire... still got some of those I'm trying to get
rid of :-(
-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]
Sent: Thursday, Decembe
Not sure of the circumstances, but given
your desktops are 2K/XP, can the installations be done over the LAN? You can do
that in AD, which will install with elevated privileges. Alternatively, you
could use a product like Script Logic, which can do installs, although they’ll
tell you it’s
Hi, can someone suggest a quick way to obtain a list of all accounts where the
password is expired?
I was thinking dsquery user -stalepwd 0 but that didn't give me what I was expecting
(maybe I just
don't have the right logic there?)
Or, if someone already has a script that does this, that woul
This article may also be of interest...
http://techrepublic.com.com/5100-6265-1052000.html
-Original Message-
From: Creamer, Mark
Sent: Wednesday, December 03, 2003 3:08 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD Diagraming
Ahhh...that explains why I didn't know tha
wanted.
-----Original Message-
From: Creamer, Mark [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 03, 2003 1:26 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD Diagraming
What about just buying a copy of the appropriate Visio release on eBay? Which version
had it, 2002?
There are many o
What about just buying a copy of the appropriate Visio release on eBay? Which version
had it, 2002?
There are many of those listed out there right now...
-Original Message-
From: Steck, Herb [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 03, 2003 2:06 PM
To: [EMAIL PROTECTED]
Subje
Rich, I think there are some easier ways to do this, including a script from MS that
reads the data
from an Excel file. You could create the Excel file from the csv you already have and
go from there.
See Clarence Washington's Win32Scripting site at http://cwashington.netreach.net for a
number o
how ldap works and how ldap queries should be formulated in order to get
efficient queries. This is important from a DC load AND from a network load
point of view.
Cheers!
John
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: woensdag 19 november 2003
15:14
To: [EMAIL PROTEC
with problems/challenges/whatever that force you to make a move from one
model to another ... or is your infrastructure too stable and are you looking
for a new challenge ;-)?
Cheers!
John
From: Creamer, Mark
[mailto:[EMAIL PROTECTED]
Sent: dinsdag 18 november 2003
20:37
To: [EMAIL PROT
I’d like to revisit our site design, and am looking
for some advice if possible. Right now we have a couple hundred physical sites
in terms of individual IP subnets, but only a few sites defined in AD. The ones
defined are the sites that actually have a domain controller located there. The
Has it replicated to the netlogon share of
each dc? Are you sure the script is assigned to each user’s account?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003
4:06 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Gro
201 - 300 of 333 matches
Mail list logo