Hey, I'm not adverse to the odd conference in Florida (being from Australia)
*grin*
- Original Message -
From: "Missy Koslosky" <[EMAIL PROTECTED]>
To:
Sent: Friday, October 20, 2006 9:36 AM
Subject: RE: [ActiveDir] OT: TechED 2007
I'm SOOO sick of conferences in Florida.
Interesting.
from the article: "Microsoft plans to resolve these problems in the next
version of Windows by rewriting the event logging system from the ground
up." since the last update was Mar 28 2003, I wonder how this applies to
Wndows 2003 R2 and the 64 Bit versions of Windows, or if this wi
rds;
James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
(202) 354-1464 (direct)
(202) 371-1549 (fax)
[EMAIL PROTECTED]
"Glenn Corbett"
<[EMAIL PROTECTED]To:
All,
As per the subject,
we are attempting to delegate management of home directories to another
management area, but have a couple of restrictions in that these users should
actually not have access to the drives once they are
created.
We have looked
at a number of options, and the curre
Thanks Jorge.
The benefits of moving
to AD-I zones will pretty much mean I will need to move DNS onto the DC's.
During the transition process, we will need to have the
DNS servers in and running a couple of months prior to the cutover. Am I correct
in saying that I can install DNS onto
ire
so much downtime? I don't know the specifics of the environment, but often
a zone transfer and reconfiguration of the clients is all it takes. Newer
clients likely wouldn't even need to be rebooted.
Al
_
From: [EMAIL PROTECTED] on behalf of Glenn Corbett
Sent: Tue
All,
Hopefully a quick
one this evening. We are currently insourcing or DNS function from another
organisation (yes, an external org manages our DNS system - not integrated with
our AD environment - long story).
We are running a 2k
domain, and the current plan is to introduce 2 member s
microsoft.com/?id=823659) Especially take a look at the
configuration with the "Network access" words. Maybe you recognize a
configuration that is the source of your problem
Cheers
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Glenn C
emembering the last
logged on user).
Glenn
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Glenn Corbett
Sent: Saturday, 18 June 2005 12:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Nt v4.0 in 2k Domain Issue
Jorge,
Thanks for that.
at the
configuration with the "Network access" words. Maybe you recognize a
configuration that is the source of your problem
Cheers
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Glenn Corbett
Sent: vrijdag 17 juni 2005 12:52
To: ActiveDir@ma
All,
Recently we've added another 6 or so domain controllers to our Windows 2k
(Native Mode) domain. All servers are using the same configuration (SP3,
bunch of hotfixes).
We have started getting reports of NT v4.0 Servers "falling off" the domain.
Users are unable to log onto the server with a
Christine,
Your TS Licensing Server doesn't need to be on a DC (although thats what
most people do). Currently have a Windows 2000 Licensing Server running
on a DC and a 2003 one running on a mamber server in a 2k domain, works
fine.
G.
Christine Allen wrote:
Yes you do and if its a 2000 or 20
Using KVS at my current employer. No real "problems" to speak of,
except during implementation getting KVS behaving nicely on the Citrix
Servers. Couple of minor annoyances though.
User communication has probably been our biggest problem, essentially
hand-holding them through the process "No U
Tom,
First Question. Some of the older Compaq RAID Controllers didn't allow
raid expansion, but all of the new models (52xx, 5i, 64xx, 6i) should
allow this. Check the firmware levels on the card, and also check the
version of the PSP (ProLiant Support Pack) your running on the server.
From w
Transfer the roles, since the existing domain contoller will be running
during this pricess (ie, before you dcpromo it out).
G.
Danny wrote:
One follow-up to my last post:
Should I be transferring or seizing the FSMO roles during this migration?
Thank you,
...D
List info : http://www.activedi
Thanks for the quick response Steve, might keep an eye on it.
G.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ramsay, Steve
Sent: Thursday, 24 March 2005 11:05 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] [OT] Another Odd OT Question
ne will
step in and point it out. I just don't recall seeing it. :)
~Eric
____
From: [EMAIL PROTECTED] on behalf of Glenn Corbett
Sent: Sat 12/4/2004 5:31 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Custom Password Filter DLL
*shudder*
Don't forge
Al,
Isn't the underlying technology and the recovery of the data essentially the
same ?. All of the entries (both in Exchange and AD) are simply records
within tables within a database. Exchange basically flags the mailbox
record as deleted and then applies the defined mailbox retention settings
*shudder*
Don't forget however that if you go down this path, make sure you
A) Don't call Microsoft - they will laugh at you, charge your credit card,
then hang up
B) have a rollback plan to the standard GINA
C) remember that the gina will most likely be replaced during a service pack
(and somet
Can't you use the "Restricted Groups" policy setting to set your local Admin
membership on your workstations ?
We do this routinely for about 2500 workstations and 300+ servers with no
problems.
MS Article on it (not a huge amount of help though)
http://support.microsoft.com/default.aspx?scid=kb;
TECTED]
Subject: RE: [ActiveDir] Slightly OT: File Copy of Death - additional
question in the same vein
Would a Perl Rsync implementation be better?
http://search.cpan.org/~cbarratt/File-RsyncP-0.52/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gle
: [ActiveDir] Slightly OT: File Copy of Death - additional
question in the same vein
Would a Perl Rsync implementation be better?
http://search.cpan.org/~cbarratt/File-RsyncP-0.52/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Glenn Corbett
Sent
All,
Sorry to hijack this thread, however in the same vein, is anyone aware of a
(preferably) freeware application that does a similar function to rsync on
Linux ? We are looking at synchronising large amounts of data each night,
including some 200+gb databases. Rsync seems to handle this situati
The problem you may encounter (and I'm not by any means an IP routing
expert) is that unless you do run NAT on the interface connected to the
physical production NIC (as opposed to using straight RRAS), other routers
on the network won't know how to get to your "test" subnet. Unless of
course yo
Noah,
There are a couple of ways to do this, but essentially the
REAL (ie the physical NIC) in the physical server has the Virtual Server
NIC driver bound to it so that Virtual machines can have access to a REAL (ie
non-virtual) network.
Suppose you have a server with two physcial NICs in
Todd,
We simply use the extensionAttrribute1 - 15 (1-10 are visible in the ADUC
GUI). If you have Exchange installed, simply exchange enable the group
object and then you have the additional attributes to play with. Hide the
group from the GAL so ppl don't get confused, and apply an Exchange
rec
What about the existing "Printer Location Tracking" features in AD, and
simply use the app to map printers based on their location ? Even if you
don't autmatically map printers, the PLT features automatically filter
printers for users based on their current location.
The main point in the article
Al,
Version 1 of your proposal is exactly what I have done in the past, and
works quite well (within some defined boundaries). Account managers were
delegated very minimum rights over AD (such as unlock account reset password
etc), and everything else was done via a "tool" (was client-server at t
Ummaybe I'm missing the point here, but why does adding a group to the
local Print Operators group imply that they have local logon to DC's ? (I'm
presuming here that the F&P server is just that...a server and not a domain
controller - mike didn't specify).
Surely this group managing your F&P
this article out.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Glenn Corbett
> Sent: Tuesday, August 10, 2004 18:23
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] 2003 Admin tools on 2000 Domain - any problems ?
>
> All
ema (field length or type), that the 2k3 admin tools are baulking at. Doesn’t appear to be a permissions issue, as performing exactly the same task as the same user on a 2k box works fine.
Any Pointers ?
TIA
Glenn Corbett
Yep, DLT's are still around (although SuperDLT is prolly the better these
days due to the capacity increase), LTO, 9940/9940B, even DAT is still
hanging around. It really depends on your requirements and who your tape
drive / silo vendor is (IBM will try down the LTO path as you discovered).
Wit
Thanks for all the very quick responses. Managed to churn out the reports
with minutes to spare *grin*
Glenn.
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
All,
We are currently undergoing our MS Licensing Upgrade (ugh), and one of the
things I need to know is which version and which edition of windows server
is running on a particular machine.
Getting the version number from the registry is fairly easy, and I've
already configured MS Ops Manager to
hough.
-Original Message-
From: Glenn Corbett [mailto:[EMAIL PROTECTED]
Sent: Friday, June 11, 2004 7:04 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Non DR migration of AD
Hunter,
Agreed, have looked into this, but am waiting for the full release of
virtual server before I start doing things
amp; translate
the ACLs of one AD forest to another to build lab-environments (only OU
permissions). Yes, it is rather tedious, but it can be done - see MSDN
"IADsAccessControlEntry Property Methods".
/Guido
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] O
our production domain.
Rob
-Original Message-
From: Glenn Corbett [mailto:[EMAIL PROTECTED]
Sent: 10 June 2004 16:00
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Non DR migration of AD
All,
We are in the process of constructing a Lab to mimic the production AD
system as closely as possible.
ssage-----
From: Glenn Corbett [mailto:[EMAIL PROTECTED]
Sent: 10 June 2004 16:00
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Non DR migration of AD
All,
We are in the process of constructing a Lab to mimic the production AD
system as closely as possible. Doing a full DR into this environment
All,
We are in the process of constructing a Lab to mimic the production AD
system as closely as possible. Doing a full DR into this environment is
certainly an option, however we have been looking into simply migrating the
AD "structure" and using this as a test bed to cleanup AD (OU's, objects,
Title: RE: [ActiveDir] OT: Compaq Servers
Rick,
I may have been a bit harsh...sorry bout
that.
We did encounter a similar issue with running SS 6.x on
older hardware (like the 3xxx series, 5500, 8000's, G1 series etc), and
yes, I blame HP squarely for this. What we basically did is pull
off-the-wall stuff as the old NETraids were, at least
with the standard tools (HP keeps promising me a boot floppy with some
powerfull RAID magic, but nothing has materialized thus far...)
Am I missing some other magic here?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] O
Ken,
" I know the Compaq RAID array isn't as flexible/forgiving as the old HP
NETRaid, but I think as long as there are no other drives installed, this
*might* work."
Heh, you obviously havent played too much with the Compaq/HP SmartArray
controllers too much. We use them exclusively at my curr
Title: RE: [ActiveDir] OT: Compaq Servers
Rick,
I’m not quite sure what you mean by
this. Sure, SmartStart version 6.x is only *really*
useful for G3 based computers, but there isn’t anything stopping you from
using SmartStart 5.5x on older and newer hardware.
We have a unified bui
They both do a little of the other, too.
>
> At any rate, a hybrid product would be great... one that is as easy to
> use as AppManager (drag and drop scripts on a machine) and one that
> comes with as much "knowledge" as MOM. Hopefully MOM2004 delivers on
> that...
&g
Chris,
I've deployed both of these products in reasonably large
environments.
- Both NetIQ and MOM require a fair bit of setup to get the right level
of monitoring going
- Both require constant attention to be effective monitoring / reporting
platforms (they are not set-and-forget products)
-
Agreed Rick.
We run MOM as well as CIM (Cpq Insight Mgr) - should that now be 'HIM' ???
CIM is great for the low level stuff, disk failures and the like, and MOM is
a fairly acceptable tool for application / OS monitoring.
MOM needs a LOT of looking after as you said, amongst all the other thing
Title: Message
Agreed joe, it would take you away from other
useful things *grin*
However, I've been re-reading the posts, and it
sounds like a damn good idea. With the current virii swarming around, we
are constantly being hounded as to the EXACT patch state of all servers on the
network
Title: Message
I cant say that I have Rick...up until sp3 (which
is the lastest build we currently have) its crap. I'll check
again.
G.
- Original Message -
From:
Rick Kingslan
To: [EMAIL PROTECTED]
Sent: Saturday, September 13, 2003 10:10
AM
Subject: RE:
Title: Message
Darren,
yuo would think so, and this is one thing that
s**ts me about the current way MS handle hotfixes. A number of the
hotfixes installed dont appear to leave any trace in the registry or otherwise,
and cant actually be verified if the patch is installed. Run the base
s
Title: Message
Agreed Rick.
Windows is probably no less secure than other OS
(dons flame suit), however as Windows systems are often in the hands of people
who know nothing about / dont care about security, this will be a continuing
problem. Removing the plethora of "overflow" based exploit
Title: Message
True rodger, MS could stop using it. However
in of itself RPC isnt the bad guy, and MS would need to replace it with
something else, which based on their track record would still have vuln's and
require a fair bit of patching.
G.
- Original Message -
From:
Title: LDAP & LastLogin for Computers
Hunter,
Are you actually querying the workstation, or just
the user accounts ? If your finding out when a computer was last logged onto, I
would LOVE to have a copy of the script as well (so I can kick our desktop
support guys in the bum to clean up *MY
MOM is probably a bit of overkill for something that simple (although thats
what I use)
Justin, the products you've looked at should be able to do it, you just need
to set up some alternative SMTP routing if the email server is down. Can
you send SMTP mail directly upstream to your ISP from anoth
Dean,
thanks for the info.
As you said, the changes dont sound too extreme,
but yes, the SchemaVersion would be the major concern.
I would be interested to see what the MS guys have
to say.
G.
- Original Message -
From:
Dean
Wells
To: AD mailing list (send)
Sounds like a good idea Mark.
Creation of a private VPN over the internet to form the larger Lab would
take care of the "external" security problems, but not the "internal" ones
(ie do you trust the other people).
the main issues I can see with doing this is exactly what people want to
test, and
Can vouch for the Kiwi server. Works great, and even better its free.
G.
- Original Message -
From: "Free, Bob" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 07, 2003 6:49 AM
Subject: RE: [ActiveDir] Anonymous Logon
>Since I'll need a syslog server, I'd like one tha
fications if the mail server is down?
>
> Justin A. Salandra, MCSE
> Senior Network Engineer
> Catholic Healthcare System
> 212.752.7300 - office
> 917.455.0110 - cell
> [EMAIL PROTECTED]
>
>
> -Original Message-
> From: Glenn Corbett [mailto:[EMAIL PROTE
gt; muaahh...Muaahh...MUUAAAHH
>
> :-)
>
> Robbie Allen
> http://www.rallenhome.com/
>
>
> > -Original Message-
> > From: Glenn Corbett [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, August 05, 2003 8:54 AM
> > To: [EMAIL PROTECTED]
> > S
nt time that the workstation authenticated to a domain
controller. I believe the oldest this timestamp would be is the last time
the machine started up. Also, lastlogin is not a replicated attribute, so
you have to check either all of the domain controllers or at a minimum all
of the domain co
John A. Bjelke
> Unisys
> 505.853.6774
> [EMAIL PROTECTED]
> If it's as difficult as pulling teeth through an elephants rump, then
> the approach needs to be reevaluated.
>
>
>
> -Original Message-
> From: Gil Kirkpatrick [mailto:
if you want "hackable" scripts etc, then a good source is
http://cwashington.netreach.net/, has lots of scripts and tools around
network administration. Most are nicely documented, so can work out how to
do things from there.
They have some resources there on undertsanding things like LDAP query
f
ript
- which is where I seem to need it the most..
Better brush up on my mAd VB.net skilz...
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
> -Original Message-
> From: Glenn Corbett [mailto:
Keith,
5 months is a long time to be off the air, and yes, AD does go 'stale' after
a period of time (60 days ?). Had to plan for this on a worldwide rollout
where server may be in transit for several months after being built in head
office. One of the solutions was to send the server to the rem
Agung,
this was covered recently, mainly centered around
the LastLogin attributes in AD.
Tio find out who actually has a connection to the
server, you can use the built in admin tools to see who has a connection to a
share (useful for looking at home drive servers prior to restarts), or u
Title: Message
>I personally think
investing time and money into the native tools for data administers is like
giving children razor blades.
On this point, I have to
disagree. In a number of organisations I've done work where custom or
3rd party tools have been used they have been fine..
Dean,
I'm not quite sure I understand the question (it
may have something to do with it being 1am here)
Running the 2k3 Admin tools on 2000 / XP
machines wont require any mods to the forest schema (and in fact is
the only way you can perform some administrative tasks from XP machines (lik
to groups. Automate Home directory creation in
non-standard ways, have tighter control of the views, delegate GPO
modification and linking.
Then again we have
over 35 delegations to do.
Todd
-Original
Message-From: Glenn
Corbett [mailto:[EMAIL PROTECTED] S
Title: Message
Dean, I've certainly used the uplevel admin
tools, but basically work within the confines of the functionality they give me
without making the schema mods.
You could take the view with MS that 'hey, I've
forest prepped my environment for 2k3...but wont be implenenting it for
>Your question goes back to trust, Is someone going to make
> changes on there own with no concern for the other participants?
Possibly not Mark, but as there are a number of aspects in AD that can
affect the whole environment, organising and scheduling the testing of
various components to ensure
] Connection String
> Glenn is that what they make documentation and comments for?
>
> Toddler
>
> -Original Message-
> From: Glenn Corbett [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 05, 2003 9:38 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [ActiveDir] Connect
every login
(time -date - IP - computer name - user name) in one huge text - each
month werename and collect the next month's data. We use KIX
- Original Message -
From:
Glenn Corbett
To: [EMAIL PROTECTED]
Sent: Wednesday, August 06, 2003 6:28
Cindy,
If you are going to retain logs for this period of time (lucky you, we have
to retain them for 7 years!), then I would suggest upping your log size (in
EventVwr) to something more practical like 200mb. 2mb isn't going to keep
you going for 3 years (let alone a couple of weeks).
Since you a
Ernesto,
I've tried to do this sort of thing before and yes, there are ways around
the IE Kiosk mode. What we ended up doing was getting the dev guys to write
a custom application that simply had a webbrowser control in it, and we
disabled the close, minimise, maximise functions of the applicatio
Oops, that should be CreateObject("NameTranslate"), not
Server.CreateObject("NameTranslate").damn ASP
G.
- Original Message -
From: "Glenn Corbett" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 05, 2003 10:36 PM
Subject:
Pablo,
here is some code I use in VB.NET to do a similar thing, should be
convertable to C# without much hassle
strUserName = the fully qualified LDAP path of a user or group, ie
LDAP://CN=GroupName,DC=testdomain,DC=local
'Constants required, rest are in the online doco for NameTranslate
Const A
I can just direct translate using the syntax below...
> I'll have to try that later...
>
> --
> Roger D. Seielstad - MTS MCSE MS-MVP
> Sr. Systems Administrator
> Inovis Inc.
>
> [1] Yeah, I'm still running it
>
>
> > -Original Message-
> > From:
NOOO.damn I hate living on this side of the world sometimes
*adds another checkmark on the 'free beers I missed out on' *
*sigh*
:P
Glenn
- Original Message -
From: "Gil Kirkpatrick" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 04, 2003 2:26 PM
Subject: [Acti
Title: Message
hehe, I'm sure you got a few hundred virtual slaps
upside the head too :P
G.
- Original Message -
From:
Christopher
Hummert
To: [EMAIL PROTECTED]
Sent: Saturday, August 02, 2003 3:50
PM
Subject: RE: [ActiveDir] I sent a virus
on accident..
rship.
Cheers.
Glenn
- Original Message -
From:
Glenn
Corbett
To: [EMAIL PROTECTED]
Sent: Saturday, August 02, 2003 1:23
PM
Subject: [ActiveDir] OT (sort of)
Determining if Group membership is set by policy
All,
(sorry about the OT post)
We are curr
All,
(sorry about the OT post)
We are currently redoing some of the group
membership management on machines in the organisation, and have done up a tool
to set the local admin membership on some of our machines. Problem I have
is that a number of these have the local admin membership set
Title: Message
yep, Change Access (RWXD) is more than enough,
users dont need (or understand) Full control.
My $0.02
Glenn
- Original Message -
From:
rick
reynolds
To: [EMAIL PROTECTED]
Sent: Friday, July 25, 2003 4:30 PM
Subject: Re: [ActiveDir] Space on
In your case, geographic domain names are probably
easier to work with, since its unlikely that the world regions will actually
change anytime soon (but dont quote me on that).
It really comes down to management of the network,
and what your admins feel more comfortable dealing with.
Doma
Option 4, Create a DMZ AD forest with NO ties
(trust or otherwise) to the production AD.
Option 5, Create "proxy" applications to access
certain aspects of the production AD from the DMZ, but control information flow
and access.
An AD is required for some systems (such as
clustering which
ses SQL Server as the authoritative store for
identity information, and populates AD from that.
-Original Message-From: Glenn
Corbett [mailto:[EMAIL PROTECTED] Sent: Thursday,
July 03, 2003 7:00 AMTo:
[EMAIL PROTECTED]Subject: [ActiveDir]
5:30 PMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Identity Management using AD
MSFT internally uses SQL Server as the authoritative store for
identity information, and populates AD from that.
-Original Message-From: Glenn
Corbett [mailto
Title: Message
Personally I dont see a problem with the audit /
security guys attempting to crack high-level user ID's, as these are potentially
the greatest threat to the security of the environment.
That being said, if they DO crack the admin
accounts, they then have a "back door" into th
can you do a backup of one of your existing DC's
and then DR it to a new (already offline) machine ??
G.
- Original Message -
From:
Simpsen,
Paul A. (HSC)
To: [EMAIL PROTECTED]
Sent: Friday, July 04, 2003 7:31 AM
Subject: [ActiveDir] Taking DC
Offline
All,
We are in the process of redefining our
Internet-enabled applications with a view to a centralised customer/client
database. There has been quite a bit of discussion regarding using AD as
this "customer store", since AD will already be in this
environment.
I'm a bit hesitant to rec
Hence why its a good idea to NOT include the actual company name in the
forest or domain names. Means you dont have to change it when the comany
names changes (except for your Exchange smtp addresses, which can be done
independant of the domain name anyway).
Been down this road too many times, it
Title: Message
Joe,
comments inline
- Original Message -
From:
Joe
To: [EMAIL PROTECTED]
Sent: Monday, June 30, 2003 1:07 AM
Subject: RE: [ActiveDir] MMS 2003 and
ADAM 2003
No
problem on the ramble.
-
*grin*
It
sounds like you have an
Title: Message
Joe,
The operations team which is responsible for AD,
Server Images, Exchange, Fax Gateways, Group Policy, Backups, Data Management,
Systems Monitoring, and some Security is about 7 people + 1
manager. Supporting about 2000 staff across the country and
overseas (and growing
Title: Message
Rick,
Agreed, VMware does has some advantages, however MS
dont seem to be a big fan of it in production (funny that). Suggested
(jokingly) that we would deploy our MOM configuration on two VMware instances on
a server, and that would be supported by them.correct ?. The
Title: Message
I agree, VMWare is certainly cool (use it at home
for testing new software), however we dont support it for the work environment
(mainly due to licensing costs). My single user license wasnt too expensive, but
when you start doing the multiplications for 70+ application develop
;s or LDAP type
directories. You don't want to end up with the same mess NT 4
domains created for applications. I would find out if the
application does authentication via the directory, and if it does,
encourage the developers to use an infrastructure Single Sign On
out if the application does
authentication via the directory, and if it does, encourage the developers to
use an infrastructure Single Sign On product.
Just my humble
opinion.
Todd
-Original
Message-From: Glenn
Corbett [mailto:[EMAIL PROTECTED] Sent: Friday,
Title: Message
ADAM is also good for those applications that want
to start doing some AD integration functionality without actually having to set
up an AD forest.
Makes us Infrastructure guys nice and happy, don't
have to keep setting up and pulling down AD forests every week or so for the
Title: Message
yep, use MOM here for our AD infrastructure (2
Forests, 4 domains total). I've deployed both NetIQ and MOM.
A repost of something similar asked on the exchange
lists:
Essentially both products can perform the same levels of monitoring
andreporting, however MOM requires a L
RE: [ActiveDir] Single sign-onThat used to be the case, not sure if MMS 2003
has the same sort of requirements.
The main reason they had consulting attached was that MMS was fairly clunky
to set up and configure, and unless you knew what you were doing, could tie
youself up in knots fairly quickly
Roger,
I must agree with you and the others here...I guess my question is, have the
people involved actually been informed of the risks and consequences of
delegating management of Sites and Services to a "junior" admin ?
Basically, without a properly configured sites and services you can bring A
Agreed. Sounds a waaay to complicated a
method to upgrade your servers.
Sounds like your new AD domain is not going to be
the same as your NT v4 domain. If this is the case, best bet is to rebuild
your servers from the ground up with Win2k and be done with it. Recreation
of print queues
1 - 100 of 109 matches
Mail list logo
