package is run doing some cleanup.
Cheers
Steve
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Sunday, March 28, 2004 4:03
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Quick
question on ADMT
Hi Steve,
Can you clarify a bit? Do you mean
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Saturday, March 27, 2004 10:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] permissions to only disable an AD user account
Oh, I misunderstood you I think Joe. You mean when you update
msds-someotherattribute it does
Title: Message
Hi Steve,
Can you clarify a bit? Do you mean during
a migration? If so, how large is the migration were talking about (how
many users/computers/groups/etc.)?
With that I can probably scrounge up some
anecdotal numbers, but official is tough. Ill see what I can do.
While I (personally, speaking in a position of no power over this) tend
to agree that userAccountControl should be many attributes (IMHO anyway
for Joe's reason as well as others not cited in this thread), the
concept of having it as a constructed attribute (I assume that's what
you mean when you
Title: Server Membership
Also when you VPN in some VPN clients will
kick a pass reset as well. I forget what the process is (Im so not a VPN
guy) but if memory serves me correctly it is only those that support an
interactive logon. Dont quote me on that, and let me know if I should
get an
Of Eric Fleischman
Sent: Mittwoch, 24. März 2004 13:37
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Accidentally deleted OU with lots of users
Guido, you said:
If you are running Win2003 AD at Win2003 FFL (in a single dom-forest), then
you don't have to take any special precautions, as the group
it's finally ready).
/Guido
-Original Message-
From: Eric Fleischman [mailto:[EMAIL PROTECTED]
Sent: Mittwoch, 24. März 2004 18:28
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Accidentally deleted OU with lots of users
I see, so you were just covering a single NC condition. Ok, your
] On Behalf Of Eric Fleischman
Sent: Mittwoch, 24. März 2004 20:39
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Accidentally deleted OU with lots of users
From my procedure:
5) Identify groups that the users affected are a member of
6) Boot DC in to ds restore mode; mark affected groups from step 5
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Eric Fleischman
Sent: Tue 3/23/2004 8:45 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Accidentally deleted OU with lots of users
that is unfortunately the way it is I'm afraid.
~Eric
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Tuesday, March 23, 2004 10:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Accidentally deleted OU with lots of users
It's
This is one of the issues whenever you
have a concept of security context scope. The UG idea is a good one, assuming
you like UGs. :)
Ive seen other things like it, but
anything that spans the DNC boundry can be hit with something like this.
aside
carte blanche is actually
used as a
The definition of the word superior is
probably in the mind of the reader.
The most important thing you need to
decide for patch management is what your goals are. Do you want accounting? Push
abilities? Just getting the patch out there as clients request it? What sorts
of controls? What
It is worth noting that FRS and DFS are
separate solutions. That is, you can use DFS without FRS (roll your own or use
a 3rd party product).
~Eric
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Ayers, Diane
Sent: Thursday, March 11, 2004 10:52 AM
To:
]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Sunday, March 07, 2004 9:45 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] [Lessons Learned]: Schema Mismatch promoting firs t
K3 DC to GC in production forest... Several new experiences.
I support this idea whole-heartedly. That said, let's
)
http://www.cafeshops.com/joewarenet (wear joeware)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Monday, March 08, 2004 2:21 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] [Lessons Learned]: Schema Mismatch promoting firs t
K3
I'll bite.
I wouldn't expect a lot of replication unless you are making lots of
changes, but you can tune it by modifying the schedule to get the max
benefit out of the replication packet compression
What does that mean? I don't see the relationship between frequency of
replication and
Of Eric Fleischman
Sent: Wednesday, March 03, 2004
8:49 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Program Data container
Another approach: if we are talking about
w2k03, application-specific data can be put in an application partition. I love
using app partitions for this sort of stuff
-
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Monday, March 08, 2004 11:43 PM
To: [EMAIL PROTECTED]
Subject: RE
I can speak to the schema mismatch error. Strangeness. I've worked other issues like
this one ('like' being defined as w2k03 dsa disliking something that w2k dsa was a-ok
with and as a result causing a replication problem) but haven't encountered this one
specifically.
Any details you could
say that or he will go away
like JD did.
joe
-
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Sunday, March 07, 2004
I support this idea whole-heartedly. That said, let's look at it objectively.
If you asked me to draft the top list of replication problems among customers, I'd
probably craft the following:
0) DNS - sad but true. DNS is still in bad shape among some customers. Hopefully w2k03
tools will help
There's also msds-replvaluemetadata
Note their system flags: 0x0014. They're constructed attributes. Sweet eh?
There are a bunch of other interesting ones I could dig up again and share out if
you're interested. Also, we added some search controls and inefficient search logging
that I never
If I could correct one thing Neil.
1. Deleted objects can be re-animated from another DC which has yet to
receive the deletion event, perhaps because that DC is in a site
which only replicates with it partner sites at certain times of the
day.
That's not a reanimation. This would be
Another approach: if we are talking about
w2k03, application-specific data can be put in an application partition. I love
using app partitions for this sort of stuff. It lets you have a custom
replication topology such that the data is only on those DCs where required,
across domain
or
replace would be much better.
However, applying restricted groups this
way will already solve many exising issues with this feature... Thanks a lot!
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Montag, 1. März 2004 05:41
To: [EMAIL PROTECTED
adds the one you need. I
believe it works by default on W2003. I just deployed that capability.
--
Regards, Willem
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Namens Eric Fleischman
Verzonden: zondag 29 februari 2004 2:40
Aan: [EMAIL PROTECTED]
Onderwerp
...
Eric Fleischman mailto:[EMAIL PROTECTED] wrote: Willem do you happen to have the article that talks about it handy? I couldn't track it down.This one?810076 - Updates to Restricted Groups (Member of) Behavior ofUser-Defined Local Groups:http://support.microsoft.com/default.aspx?scid=kb;en-us
I'm not a group policy expert but Joe with this point:
3. Do something around restricted groups GPO though this is tough to
do
when you want different admins on different boxes.
Can't you set restricted groups to do an 'add' rather than a 'replace'?
I thought that was a w2k sp4 / xpsp1 / 2003
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Saturday, February 28, 2004 3:59 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] [Slightly OT] Delete inhibit DOMAIN\Remote
Management group from local admins...
I'm not a group policy expert but Joe with this point
For those of us new to the list (such as myself :-)) can you give us the
full problem description with KCC errors you're getting? I do these KCC
errors a *lot* which is why I ask. :-)
~Eric
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aaron Seet
Of Eric Fleischman
Sent: Tuesday, 24 February 2004 23:11
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] KCC complain for sites with 2 different domains
For those of us new to the list (such as myself :-)) can you give us the
full problem description with KCC errors you're getting? I do these KCC
a registry change to
get em to fly, but it's no matter, you can do it anyway.
~Eric
-Original Message-
From: Abhishek Sharma [mailto:[EMAIL PROTECTED]
Sent: Sunday, February 22, 2004 10:43 PM
To: '[EMAIL PROTECTED]'
Cc: Eric Fleischman
Subject: RE: [ActiveDir] Dcdiag.exe giving problems.
Hi
Actually if you want to just understand
what adprep /forestprep is doing in the context of schema changes, youll
find the ldif files on the w2k03 cd itself (I believe in the i386 directory).
See sch*.ldf for them all. All adprep is doing for schema upgrades is importing
those files.
301 - 333 of 333 matches
Mail list logo