If you want to query Notes and AD in the same script you don't need to use
LotusScript you can use VBSCRIPT. There is a a set of objects that allow access
to NOTES provided you have the notes client installed. They are documented in
the Notes help file. Basically they are the same as the inter
> this can cause GP not to be applied.
>
> There is a hotfix but I cannot look it up at the moment and I
> am not sure if it was fixed in SP2 or not.
>
>
>
>
> Regards,
>
> Mark Parris
>
> Base IT Ltd
> Active Directory Consultancy
> Tel +
clean loaded on most machines. I was
trying to avoid re-building her profile as she has a lot of odd apps installed
and It might take a while to get everything right.
Dave Wade
0161 474 5456
From: [EMAIL PROTECTED] on behalf of Darren Mar-Elia
Sent: Mon 15/01/2007
:24
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Policy Failing to apply
Dave-
Does that same proxy policy work for any other users correctly?
Darren
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTE
amiss there. Has any one any idea why this is happening before I start
turning on userenv debugging?
Not this is an isolated incident, and it appears to follow the user
rather than being machine specific.
Dave Wade
0161 474 5456
You need sites. Check out:-
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog
ies/directory/activedirectory/stepbystep/adsrv.mspx#EFE
Sorry if the URL its a bit long you may have to glue it back together
...
From: [EMAIL PROTECTED
Check the event log to see why the profile doe not unload. On our
machines something keeps the registry open. Installing this fix seems to
cure it for us...
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4
E18-B570-42470E2F3582&displaylang=en
Dave.
> -Original Message
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Javier Jarava
> Sent: 08 January 2007 12:20
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Likely OT: :) Managing/preventing
> "rogue" DHCP servers? (or how do you find it?)
>
> Hi all!
>
I have read all this, and it seems any thing but straight forward to me.
It looks like we are going to have to invest a lot more money in
managing licenses.
I could also find nothing about what happens if we need to re-install
Windows. It appears we need to re-activate, and it appears as its a ne
My two cents (these could euro cents or dollar cents). Exchange and Outlook are
designed to work together. Despite having declared MAPI dead several times
Microsoft continues to enhance and expand it, for example with RPC over HTTP. I
am pretty sure you will either see reduced functionality, or
Why not disable the KCC?
See http://support.microsoft.com/kb/242780
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Drew
BurchettSent: 14 November 2006 13:27To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Help with topology
I’ll have to look up
how to set the c
I'm with Sue on this one. Attempting to By-Pass the proxy is attempting
to subvert the security systems. In out Policy this is a dismissible
offence, regardless of having accessed any restricted sites.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan
iting bits from:-
http://users.skynet.be/alain.lissoir/default.html
Hope this is not too much information
overload,
Dave Wade
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Stu PackettSent: 09 November 2006
15:00To: ActiveDir@mail.activedir.orgSubject: [Acti
Its not to do with "SIZE ON DISK" against "amount of data"? For small files on
a large disk the overhead per file on 4k clusters will be on average 2k. If
there a lot of files of 5K there over head will be typically 3k per file. Not
sure if quota counts actual data or clusters...
_
IMHO Boss's should be included to protect them from their own silliness. Why
not give him a prived account. You could also use permissions on the GPO but
thats gets to be a real mess
From: [EMAIL PROTECTED] on behalf of Alberto Oviedo
Sent: Thu 19/10/2006 22
PROTECTED]>
wrote:
Separate
"Trees"? That seems a little excessive. Or are we just mixing terms?
On 9/21/06, Dave
Wade <
[EMAIL PROTECTED]> wrote:
I
prefer to keep them in seperate trees. In fact we are just doing that at
present... ___
ms a little excessive. Or are we just mixing
terms?
On 9/21/06, Dave Wade < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >
wrote:
I prefer to keep them in seperate trees. In fact we are just
doing that at present...
__
AD
Thanks for your help. really useful.
Is it a good practice to move computer objects to OU where the user of the
computer resides?
On 9/20/06, Dave Wade <[EMAIL PROTECTED]> wrote:
Alberto,
Even though we made our users "PowerUsers" we found th
Alberto,
Even though we made our users "PowerUsers" we found
that we needed to make a number of "tweaks" to cater for poorly written
applications. I think we now have about a dozen settings for various ill-behaved
applications. The majority of these are to cater for applications that wri
Actually "Vista" is supposed to make things better. It provides "partial
re-direction" for system folders and registry so applications "think" they are
writing to system areas, when in fact they are not. I am not sure how well this
will work in practise, as I have not tried it
_
tly than one with 10 objects. I use it
here because I find it to be interesting info and it is good for not chasing
into empty containers. I have never seen it wrong when it says there are 0
objects.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
a fairly simple request. We would like a simple report that lists how many PC's
there are in each OU into an Excel Spreadsheet. Well I have managed to do this
with CSVDE and the summary report in Excel. Is there a better (low cost)
solution?
Dave
Wade
E-Services
0161 474
5456
*
and the summary report in Excel. Is there a better (low cost)
solution?
Dave
Wade
E-Services
0161 474
5456
**This
email and any files transmitted with it are confidential andintended solely
for the use of the individual
Folks,
I am struggling with
a fairly simple request. We would like a simple report that lists how many PC's
there are in each OU into an Excel Spreadsheet. Well I have managed to do this
with CSVDE and the summary report in Excel. Is there a better (low cost)
solution?
Dave
>-Original Message-
>From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] >On Behalf Of Rob MOIR
>Sent: 15 September 2006 13:50
>To: ActiveDir@mail.activedir.org
>Subject: RE: [ActiveDir] OT: Protecting against Spyware/Adware
>
>> 2) Spy ware hangs around for a long time. Our users used to hav
Ebitz - SBS Rocks [MVP]
Sent: 15 September 2006 14:53
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: Protecting against Spyware/Adware
www.threatcode.com
and those business critical apps are?
Have you tried hacking up the registry to get them to work?
Dave Wade wrote:
> Ch
I guess it depends on what you mean by "display". Its pretty easy
to build a custom MMC console that contains a "Services" snap-in for each DC.
and then use "runas" to launch with the rights needed. You can still only see
the services on a single DC at once, but its pretty easy to flip round
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Wade
Sent: Thursday, September 14, 2006 3:54 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Block Inheritance on DC OU
You say "Obvious" but is this obvious? What happens in the case of
password policy. Thi
Chris,
I guess I have three "comments" on
this:-
1) Putting user in "Power users" does "cut down on the potential",
however even on a properly configured machine users can usually install personal
browser extensions containing SpyWare.
2) Spy ware hangs around for a long time. Our use
Chris,
I gather we tweaked ours so it only used a certain % of system
resources (20% I think) and while it does have some impact on performance it
does seem "livable with" now they have done that..
Dave.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chris
Pohlschneide
You say "Obvious" but is this obvious? What
happens in the case of password policy. This can only be set at the top level of
the domain. Does this block actually prevent it being applied? I would guess
that is does, but I wonder if any one has tested it or has any docs on what actually happe
It prevents you locking yourself out of DC's due to policy being
applied at the domain level. I think its a "good thing". Only trouble is I
am not sure it protects against site policies.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of WATSON,
BENSent: 13 September 2006 17:37
import/export the connection profiles, as to facilitate
larger rollouts.
Thanks,
Wilson
On 9/12/06, Dave Wade <[EMAIL PROTECTED]> wrote:
>
> Have I missed something in the "new" XPSP2 wireless configuration
> stuff. As far as I can see you can't prevent users connecting to
n where this no network, the connection wizard still pops up. Any one
any solution to this?
Dave
Wade
Stockport MBC
**
This email and any files transmitted with it are confidential and
intended solely for the use of the indiv
<<< Note insane ramblings follow. These are off the top of my head and
un-tested>>>
If the user name and password are know then there are a whole host of
places you can use the account to conceal your identity. If the user can
logon with it then it must have "logon locally" rights. Wonder if you
c
Even though Compaq "let me go" these are still my favourites...
-Original Message-
From: [EMAIL PROTECTED] on behalf of Alain Lissoir
Sent: Tue 06/06/2006 21:41
To: ActiveDir@mail.activedir.org
Cc:
Subject: RE: [ActiveDir] sample vbs scr
Title: AD lag sites and replication
Joe,
I thought" (and its a long time since I looked) that you needed to
be an enterprise admin to force replication in AD Sites and Services... You can
force replication in the domain context in replmon. I guess that this begs another question
1. Are y
g. An easy argument that anyone with DA
should be able to be that trusted, but reality often differs from desire.
Admins, by design have rights to the system. As such, they have rights to make those changes that allow them to, well, make changes.
Al
On 5/30/06, Dave Wade
<[EMAIL PROTEC
Title: AD lag sites and replication
Neil,
1) If you start setting firewall rules then I am pretty
sure you will break things as you will block urgent replication. What happens if
some one changes their password and then goes to the home site? What about group
membership changes? Do you real
me different in exchnage *in term of
feature* ?.
> And thanks for giving me details in same.
>
>
> Regards,
> Ajay
>
>
ng care to concentrate on the bits that you are interested in.
2, If you are considering an upgrade describe your existing system and ask
whats in it for you, or highlight areas of concern
3. If you are considering a new deployment, deploy 2003.
Dave Wade
-Original Message-
From: [EMAIL PRO
Title: RE: [ActiveDir] [OT] RAID 5 Best Practice
Joe,
Well all agree on that, however we are pretty much stuck
with the apps in question "as-is" as the software is supplied "from
above" (e.g. the stuff from www.ncer.org).
These days I copy the database onto a users PC and they run the repo
1) Exchange Hard Drive Config.
a) Many Drives, prefereably Raid 0+1. At least one miror pair per 250 users
for database.
b) Seperate data that is accessed sequentially (logs) from random access
data (data bases)
c) Use one of the manufactueres tools. I know the HP one (see below) will
consi
read ops. Access doesn’t cache report output.
Thanks,
Brian Desmond
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
c - 312.731.3132
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf O
For file sharing, I would consider 0Ư but 5 would be more likely since you
probably want/need the space more than the speed. File sharing doesn't
really beat the disks up relative to a busy DC even in large multi-thousand
user file servers I have seen.
What about when some idiot user sets up an
] RAID 5 Best Practice
What’s a reason for using a local group or account on a file server?
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Wade
Sent: Thursday, May 18, 2006 11:42 AM
ay is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Dave Wade
Sent: Thu 5/18/2006 11:12 AM
To: ActiveDir@mail.activedir.org
Subject:
Sorry for grotty format OWA2000...
-Original Message-
From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Thu 18/05/2006 20:52
To: ActiveDir@mail.activedir.org
Cc:
Subject: Re: [ActiveDir] [OT] RAID 5 Best Practice
These days I am much more curious as to the benifits of RAID5? It slows the I/O
down. It can really crawl if you loose a drive and the server has to rebuild
the missing volume?
As for multiple partitions, I can't actually see any real advantage on a file
server. You can easily move the files
It does not even have to be a logon script. I remember years ago some
one put a trojan on one of our Pr1me's. It was a simple game, unless you
ran it from a privileged account. All was well until the operators ran
it at 2am from an operators account. It removed all the ACL's from the
file system. V
Providing you have up to date scripting engines loaded you can encrypt
the script to keep casual eyes away:-
http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4
873-B1B0-21F0626A6329&displaylang=en
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
You can set the password in the startup script, but it's a bit open to
hacking. You can use an encrypted VB Script but those are pretty easy to
decrypt. There is also a tool around that will let you do it remotely.
You could also assign the "logon locally" rights to say "domain users" &
"administra
Surely its OK to image a base install, sysprep, & DC promo?
Also this says :-
"In order to keep a good backup of the Domain Controller, this process should
be repeated periodically so that the image available for redeployment"
Assuming this is for backup purposes, is this a BAD idea. Its been so
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Wade
Sent: Monday, May 08, 2006 4:59 AM
To: ActiveDir@mail.activedir.org
Subject: RE: OT [ActiveDir] Optimize Exchange Pagefile
Al
ayout has the biggest
benefit, but it's SBS and as such it's "special". Just ask SBS-Lady ;)
Al
On 5/4/06, Dave Wade <[EMAIL PROTECTED]> wrote:
> If you have 4gig of RAM then you should get minimal paging. (I know
> this is a great generalization)
>
> 1) Log
why don't you ask on the Exchange2000 or Exchange2003 Yahoo group..
-Original Message-
From: [EMAIL PROTECTED] on behalf of Dan DeStefano
Sent: Thu 04/05/2006 20:16
To: ActiveDir@mail.activedir.org
Cc:
Subject: [ActiveDir] Optimize Excha
Dan
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Wade
Sent: Thursday, May 04, 2006 4:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Optimize Exchange Pagefile
There is no point in messing about with me
There is no point in messing about with memory config if you only have a three
drive RAID 5 array. Disk config is critical. How many users do you want to put
on this box. less than 100?
-Original Message-
From: [EMAIL PROTECTED] on behalf of Dan DeStefano
Sent: Thu 04/05/2006 20:16
This was a bug in the schema in 2000. The OID is still the same,
which is I think what the Outlook Addres Book uses but the LDAP names have changed.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: 26 April 2006
23:50To: ActiveDir@mail.activedir.orgSubj
-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dave Wade
> Sent: Wednesday, April 26, 2006 10:29 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Root Place Holder justification
>
>
>
> Number "1" of these really drive
Number "1" of these really drive me nuts and at this point I usually
start shouting. As domains do NOT limit resource access, i.e. users in
Domain "A" can access resources in domain "B" (In fact that's the usual
reason for have trusts between domains) and together way round, how can
you justify d
nning on using
MIIS/IIFP to GAL Synch between the 2 domains?
Regards,
Mylo
Dave Wade wrote:
> 1) I think firewall config is beyond the scope of this group. However
> my thoughts are that
> a) if you trust the other party enough to trust their
> domains, then
>
Title: Replication and branch office considerations
1) I think firewall config is beyond the scope of this
group. However my thoughts are that
a) if you trust the other party enough to trust their domains, then
b) you should trust their firewall enough to keep nast
Ravi,
I wonder if you could probably do this the old fashioned way with the NET
command. You could have a "MKPROF.BAT" file something like:-
NET USER %1% /PROFILE //server/profiles/%1% /DOMAIN
Then if you export all the users to a second file and edit it so that each line
contains :-
CAL
More questions in line
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Jef KazimerSent: 20 April 2006
14:10To: ActiveDir@mail.activedir.orgSubject: RE:
[ActiveDir] Setting Wireless Config via GPO
Dave,
The certs can be used in fifferent ways. If you are using EAP
COM tool and their proprietary security. As they have stopped supporting
this we need to move on. Thanks for any input on this.
Dave
Wade
**This
email and any files transmitted with it are confidential andin
Folks,
Is any one setting wireless
configurations using the features in AD 2003? We currently use the 3-COM tool
and their proprietary security. As they have stopped supporting this we need to
move on. Thanks for any input on this.
Dave
Wade
Joe,
The problem is that, as some
one else mentioned your OU structure serveves two purposes:-
1) To delegate
authourity
2) To apply rights and restrictions
via GPO's
Now if you are going to delegate
authourity, as far as I can see, the only way to do that is via OU's. You could
apply
You can't. Its one of the things thats changed in
2003. Prior to that is was vanilla domain lookups
- Original Message -
From:
Milton
Sancho
To: ActiveDir@mail.activedir.org
Sent: Friday, March 31, 2006 4:48
AM
Subject: Re: [ActiveDir] Selectively
over
69 matches
Mail list logo