RE: [ActiveDir] adsiedit question

2007-01-28 Thread joe
Just an FYI, I kept reading in the responses about "move"... This doesn't "move" the mailbox, it creates a new one at the new HomeMDB URL location and the old mailbox is sitting there disconnected in the old store location. This is something that can be done for normal users to get dialtone back qu

RE: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT

2007-01-28 Thread joe
n admins. Was there an application that wants it? On 1/28/07, joe <[EMAIL PROTECTED]> wrote: I agree that MIIS could be convenient but only if it is already there or you have other plans for it. If this was the only reason for it I would be more apt to put something else together that h

RE: [ActiveDir] Adfind + Admod help

2007-01-28 Thread joe
in programming, the data structures used can make or break the entire solution. I have seen seemingly impossible problems that have been made possible with great ideas about how to structure the data and I have seen simple problems made nearly impossible because of bad data structures. j

RE: [ActiveDir] AD Security Auditing

2007-01-28 Thread joe
thing like G:\Temp>adfind -default -f * -s one ntsecuritydescriptor -sddl++ -resolvesids -sddlnotfilter ;inherited AdFind V01.35.00cpp Joe Richards ( <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]) January 2007 Using server: r2dc2.test.loc:389 Directory: Windows Server 2003 Base DN: DC=

RE: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT

2007-01-28 Thread joe
PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Saturday, January 27, 2007 3:08 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT Ewww. :) Unless there are other

RE: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-28 Thread joe
ard practice since Windows 2000 RTM'ed. They think it is just like the routing subnets where you have to very careful what you are doing or you will break packet routing. I see this question on a pretty regular basis in various forums, at least once per month. joe -- O'Reilly Ac

RE: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT

2007-01-27 Thread joe
pany, Inc. 803.936.8595 Direct Line 800.922.1147 Toll-Free (x8595) 803.739.1176 Fax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan Sent: Thursday 25 January 2007 19:52 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] How to find non-primary SM

RE: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-27 Thread joe
You are mistaking machine subnetting and subnetting defined in AD. They are not connected. The definitions in AD do not have to reflect what is really happening at the routing layer. They are generally close but there isn't any technical reason why they have to be. -- O'Reilly Active Directory T

RE: [ActiveDir] Overlapping AD Subnet Boundaries

2007-01-27 Thread joe
Active directory will use the most specific network address that applies to it. For instance, I set up a class-A address (or multiple in some companies) that applies to all of the network space of the company and assign that to the primary data center location. Then I start making more focused subn

RE: [ActiveDir] How to find non-primary SMTP addresses?

2007-01-27 Thread joe
-csv -csvq \"\" -csvmvdelim , -nocsvheader givenname sn samaccountname mail`; foreach $thisline (@out) { ($mail,$primarysmtp)=($thisline=~/,([^,[EMAIL PROTECTED],]+),.*SMTP:([^,[EMAIL PROTECTED],]+)[\n,]/) ; $disjoint=($mail ne $primarysmtp)?"TRUE":"FALSE"; $thi

Re: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT

2007-01-26 Thread Joe Kaplan
if you like that sort of thing). Joe K. - Original Message - From: "Dave Wade" <[EMAIL PROTECTED]> To: Sent: Friday, January 26, 2007 6:30 PM Subject: RE: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT If you want to query Notes and AD in the same

Re: [ActiveDir] How to find non-primary SMTP addresses? Slightly OT

2007-01-26 Thread Joe Kaplan
nst the NAB and gets the addresses that way. It would probably be less effort in the long run. If I was asked to do the exact same thing, that is definitely how I'd do it. If you do get ADSI/LDAP via VBScript to work against Domino, I'd be curious to hear about it. :) Joe K. - Or

RE: [ActiveDir] How to find non-primary SMTP addresses?

2007-01-25 Thread joe
tory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan Sent: Thursday, January 25, 2007 7:52 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] How to find non-primary SMTP addresses?

Re: [ActiveDir] How to find non-primary SMTP addresses?

2007-01-25 Thread Joe Kaplan
e data and then check for the values that are prefixed with lower case "smtp". Maybe Joe R. has a neat trick with ADFind to make this easier, but LDAP itself doesn't help much. Joe K. - Original Message - From: Ulf B. Simon-Weidner To: ActiveDir@mail.activedir.org S

Re: [ActiveDir] "Who Am I" request

2007-01-23 Thread Joe Kaplan
Thanks for clearing that up. I appreciate it. Joe K. - Original Message - From: "Eric Fleischman" <[EMAIL PROTECTED]> To: Sent: Tuesday, January 23, 2007 5:52 PM Subject: RE: [ActiveDir] "Who Am I" request You can do an x-domain simple bind within the fo

Re: [ActiveDir] "Who Am I" request

2007-01-23 Thread Joe Kaplan
in a DN such as the full DN, GUID or SID. I doubt that helps if you are trying to use use OpenLDAP though. :) Joe K. - Original Message - From: "Alexandr Kara" <[EMAIL PROTECTED]> To: Sent: Tuesday, January 23, 2007 3:12 PM Subject: Re: [ActiveDir] "Who Am I"

Re: [ActiveDir] Search over SSL hangs

2007-01-23 Thread Joe Kaplan
le to help troubleshoot the problem. Joe K. - Original Message - From: "Mauricio de Andrade Ramos" <[EMAIL PROTECTED]> To: Sent: Tuesday, January 23, 2007 11:43 AM Subject: Re: [ActiveDir] Search over SSL hangs Joe, List, yes! It does sound like it is something with Or

Re: [ActiveDir] "Who Am I" request

2007-01-23 Thread Joe Kaplan
depend on the user name format you are using in the bind. If you did a simple bind with the DN, then you already have the path to the user object. :) Joe K. - Original Message - From: "Alexandr Kara" <[EMAIL PROTECTED]> To: Sent: Tuesday, January 23, 2007 11:2

Re: [ActiveDir] Search over SSL hangs

2007-01-23 Thread Joe Kaplan
the server or CRL checking. Does Oracle give you any logs? What SSL stack do they use? Can this issue be reproduced with any other SSL stacks (Windows using ldp.exe for example)? Joe K. - Original Message - From: "Mauricio de Andrade Ramos" <[EMAIL PROTECTED]> To

Re: [ActiveDir] "Who Am I" request

2007-01-23 Thread Joe Kaplan
Cool, thanks Lee. It works. :) Joe - Original Message - From: "Lee Flight" <[EMAIL PROTECTED]> To: Sent: Tuesday, January 23, 2007 5:13 AM Subject: Re: [ActiveDir] "Who Am I" request Using ldp.exe; rootDSE query for supportedExtension will you the O

Re: [ActiveDir] "Who Am I" request

2007-01-22 Thread Joe Kaplan
It there support for WhoAmI in ldp.exe? It sounds useful and I'd like to try it. :) Joe R.: When will this be added to Adfind (or is it already)? Joe K. - Original Message - From: "Dmitri Gavrilov" <[EMAIL PROTECTED]> To: Sent: Monday, January 22, 200

RE: [ActiveDir] Largest AD DIT

2007-01-19 Thread joe
I am aware of a 20GB DIT or two. Generally most of the DITs seem to be 10GB or smaller for many/most companies even with hundreds of thousands of users. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mai

RE: [ActiveDir] Unsubing

2007-01-19 Thread joe
http://www.activedir.org/List.aspx Careful... some affairs can get you jail time... An affair with a tiger or leopard is likely one of them... Plus once you have gone that direction, you may find your overall pool of possible dates shrinks drammatically, especially if you admit where you have bee

RE: [ActiveDir] OT: Apache LDAP authentication oddity

2007-01-19 Thread joe
Get a network trace of the LDAP calls and responses. Possibly it is an apache issue, possibly the developer is a knucklehead. :) -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes

RE: [ActiveDir] Export Group's Members details

2007-01-14 Thread joe
as well. [Sun 01/14/2007 22:06:29.53] F:\Dev\CPP\AdMod>adfind -e -default -f name=administrators member AdFind V01.34.00cpp Joe Richards ( <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]) November 2006 Using server: 2k3dc02.joe.com:389 Directory: Windows Server 2003 Base DN: DC=joe,D

RE: [ActiveDir] Domain Admin

2007-01-12 Thread joe
get blamed for any issues or data theft or damage that may occur before, during, or after my engagement. It's way too easy to ask for the details in a particular format vs. collecting it with DA rights. DA is just way too much IMHO. It's lazy to ask for the keys to the kingdom to gain acce

RE: [ActiveDir] Domain Admin

2007-01-11 Thread joe
Hopefully the guy means the person needs administrator rights over the two servers. Not sure how you would give domain admin rights over two servers and even what that would buy you. At the member level a domain admin isn't any more powerful than a local admin. The domain powers come in with the GP

RE: [ActiveDir] Adfind and ADMOD question

2007-01-11 Thread joe
se -f whatever_filter member -qlist Like so G:\>adfind -default -f name="domain admins" member -qlist "CN=user\, test,OU=Users,OU=TestOU,DC=test,DC=loc" "CN=$joe,OU=Users,OU=My,DC=test,DC=loc" "CN=Administrator,CN=Users,DC=test,DC=loc" And if it doesn't return

RE: [ActiveDir] Win 2000 Remote Desktop Users

2007-01-11 Thread joe
veDir] Win 2000 Remote Desktop Users joe, YMYMYM Thanks. RH __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of joe Sent: 11 January, 2007 2:11 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Win 2000 Remote De

RE: [ActiveDir] Win 2000 Remote Desktop Users

2007-01-11 Thread joe
tor group it doesn't work... joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: Thursday, January 11, 2007 12:55 PM To: activedir@mail.activedi

RE: RE: [ActiveDir] Decode the msExchMailboxSecurityDescriptor attribute.

2007-01-09 Thread joe
What is the version? Current version of AdFind that is publicly available is V01.35.00. The -resolvesids option made it into AdFind around V01.31.00 or so which was a year ago. Plus if you really want something readable you likely want -sddl++ joe -- O'Reilly Active Directory

RE: [ActiveDir] ADfind to find locked accounts

2007-01-08 Thread joe
p "LOCKED" That would be a list of currently locked accounts. It would be relatively efficient unless you have a lot of accounts that have passed the lockout duration but no one ever logged into them afterward. joe -- O'Reilly Active Directory Third Edition

RE: [ActiveDir] Risks of exposure of machine account passwords

2007-01-08 Thread joe
bject: Re: [ActiveDir] Risks of exposure of machine account passwords On Mon, 8 Jan 2007 15:33:01 -0500 "joe" <[EMAIL PROTECTED]> wrote: > A dirty trick I have used in the > past to disprove how secure an environment was was to set up a web site on a > workstation, enable

RE: [ActiveDir] Risks of exposure of machine account passwords

2007-01-08 Thread joe
1-639-3505 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 08, 2007 3:33 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Risks of exposure of machine account passwords If an attacker gets access to a machine account passwor

RE: [ActiveDir] Decode the msExchMailboxSecurityDescriptor attribute.

2007-01-08 Thread joe
encoded secprins decoded use -resolvesids. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yann Sent: Monday, January 08, 2007 5:42 PM To: ActiveDir@mail.activedir.org Su

RE: [ActiveDir] Risks of exposure of machine account passwords

2007-01-08 Thread joe
ontrol. In far too many cases I think you will find admins are user's too... :) joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mr Oteece Sent: Monday, January 08, 20

RE: RE: [ActiveDir] SID Deleted users remains in NTS permission.

2007-01-08 Thread joe
-1-9-etc). I had not seen an example of this until a few months ago when I noticed such SID appearing in DSACLS output in an Exchange 2007 deployment[1]. Lee Flight [1] See Table 3 in http://technet.microsoft.com/en-us/library/315d9c42-1ab4-4ef4-9292-12cdcb9c9 8cf.aspx On Sun, 7 Jan 2007, joe

RE: RE: [ActiveDir] SID Deleted users remains in NTS permission.

2007-01-07 Thread joe
thing is that the only folks who need SIDs to be resolvable to names are people, Windows doesn't resolve a SID to a name to figue out if someone has access to something, SIDs are compared, not names. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.

RE: [ActiveDir] ADFind help

2007-01-05 Thread joe
above. So you could specify -default and -rb cn=users. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Saturday, January 06, 20

RE: [ActiveDir] Filter out a certain group of users from the GAL

2007-01-05 Thread joe
Excellent, good to hear. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor W. Sent: Thursday, January 04, 2007 3:15 PM To: ActiveDir@mail.activedir.org Cc:

RE: [ActiveDir] ADFind help

2007-01-05 Thread joe
on releasing a new version of AdFind (V01.35.00) in the next day or three (may even upload it tonight still if I don't run out of gas). It has a couple bug fixes around the ACL output and some additional ACL options. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net

RE: RE: [ActiveDir] SID Deleted users remains in NTS permission.

2007-01-04 Thread joe
oking for unresolvable SIDs and clean them up, but I would be shy on how agressive you are with the cleanup. You can easily screw yourself up. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTE

Re: [ActiveDir] DirectoryServices vb.net is broken.

2007-01-02 Thread Joe Kaplan
sting question and one that I never really thought much about before, so don't be disappointed when you don't find it discussed in ch 3 or 6. :) Joe K. - Original Message - From: "AD" <[EMAIL PROTECTED]> To: Sent: Tuesday, January 02, 2007 10:30 AM Subject: RE

Re: [ActiveDir] Cross-Forest Kerberos Delegation

2006-12-29 Thread Joe Kaplan
That is what I was thinking of. I couldn't find where I read that and went from memory. Thanks for the clarification. Joe K. - Original Message - From: "steve patrick" <[EMAIL PROTECTED]> To: Sent: Friday, December 29, 2006 6:07 PM Subject: Re: [ActiveDir]

Re: [ActiveDir] DirectoryServices vb.net is broken.

2006-12-28 Thread Joe Kaplan
usually cycles with Visual Studio but sometimes cycles with Windows). However, these are pretty low key. Joe K. - Original Message - From: "AD" <[EMAIL PROTECTED]> To: Sent: Thursday, December 28, 2006 1:40 PM Subject: RE: [ActiveDir] DirectoryServices vb.net is broken.

RE: [ActiveDir] DirectoryServices vb.net is broken.

2006-12-28 Thread joe
PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan Sent: Thursday, December 28, 2006 12:24 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DirectoryServices vb.net is broken. They aren't equivalent. Try using the .Value property instead: user.Properties("descri

Re: [ActiveDir] DirectoryServices vb.net is broken.

2006-12-28 Thread Joe Kaplan
Ch 6. Thanks for buying it and I hope it helps more than hurts. There is an inevitable amount of hair loss that must occur with any new LDAP programming project, but hopefully it won't require prescription drugs or surgery to replace. Joe K. - Original Message - From: "

Re: [ActiveDir] DirectoryServices vb.net is broken.

2006-12-28 Thread Joe Kaplan
d compatibility with previous DS APIs. That might be part of the problem here. In any event, it is generally always good practice to use the .Value property to set a single value. There is more info on this in ch 6 of our book (www.directoryprogramming.net). Joe K. - Original Message -

Re: [ActiveDir] Mapping Groups within AD

2006-12-24 Thread Joe Kaplan
ip in ch 11 and has followed up with a few additions on his blog showing other techniques. I can't help with the Visio stuff, but if you can find some samples that show how to plug data into the model to produce diagrams, it shouldn't be too hard to put it all together. Best

RE: [ActiveDir] Automatic user disable based on criteria

2006-12-24 Thread joe
I didn't read the whole chain of responses, I was just skimming and saw these questions "Hey joe, is there a way to see replication meta data using adfind? ;-) If yes, I could take a peek at originating date/time for attributes." Yes it can show you the metadata from AD (as

RE: [ActiveDir] Schema Extension Question

2006-12-23 Thread joe
You won't need anything other than a normal userid unless you have put weird ACEs in place to hide user objects and then you just need to have the normal userid in the right group and that right group shouldn't have to be Administrative level. Note though that no group membership is going to give

RE: [ActiveDir] Automatic user disable based on criteria

2006-12-23 Thread joe
helpdesk had resetted their password and set "Change Password at next logon" I hope I am not confusing you all. :-) I know, simple solution would be to change criteria to say 15 days, raise DFL and use LLTS, but I am taking this as a scripting challenge at Win2k-native DFL. Hey jo

RE: [ActiveDir] Built in Security groups

2006-12-23 Thread joe
ry to verify someone is a member of that group directly to continue on. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday,

RE: [ActiveDir] Filter out a certain group of users from the GAL

2006-12-23 Thread joe
n,DC=com) ) (objectClass=user) (! (homeMDB=*) ) (! (msExchHomeServerName=*) ) ) (& (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com) (objectClass=user) (| (homeMDB=*) (msExchHo

RE: [ActiveDir] Delegate Password Resets

2006-12-23 Thread joe
hange-pw actions, since these are not handled/replicated the same way as pw-resets. /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Freitag, 22. Dezember 2006 18:33 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Delegate Password Resets You

Re: [ActiveDir] Delegate Password Resets

2006-12-22 Thread Joe Kaplan
g a program to do this seems a little crazy to me, but I'm also a good developer, so a lot of things that seem easy to me might not be easy to other people. Joe K. ----- Original Message - From: joe To: ActiveDir@mail.activedir.org Sent: Friday, December 22, 2006 11:34 AM Subject

RE: [ActiveDir] Delegate Password Resets

2006-12-22 Thread joe
Good ol .NET. :) Honestly you can probably throw a pretty simple ASP.NET app together to do this. Doubt there is a reason to buy anything and then when it dorks up you can fix on your own. JoeK probably has this code on a web site somewhere. -- O'Reilly Active Directory Third Edition - http://w

RE: [ActiveDir] Delegate Password Resets

2006-12-22 Thread joe
You will either delegate or you will proxy. That is about it for the choices. And quite frankly, the proxy is just a delegation to a specific account that does the authentication/authorization of the support folks on its own. To be most honest, I prefer proxy over delegation. It is much easier t

RE: [ActiveDir] Delegate Password Resets

2006-12-22 Thread joe
That is precisely why that group existed in NT4. Now it is a holdover for the migration periods when you have NT4 and AD deployed. Honestly I wish the group would vanish the instant you clicked native mode. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm

Re: [ActiveDir] Cross-Forest Kerberos Delegation

2006-12-19 Thread Joe Kaplan
hat either. However, giving out unconstrained delegation privileges is a bit icky. This may be one of those situations where it is easier to just pass the plaintext credentials around between the tiers using basic auth/SSL and such. Joe - Original Message - From: Ken Schaefer To: ActiveDi

RE: [ActiveDir] Filter out a certain group of users from the GAL

2006-12-19 Thread joe
at someone made up about the RFC standards etc but that "reason" was, as I said, crap. It is just something you have to be aware of when working with those filters. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message---

RE: [ActiveDir] LDAP query assistance

2006-12-16 Thread joe
istance Great answer Joe. I completely missed the multi-domain issue, thinking (as I wrote) that was only an issue for DLGs. Oh well, you've certainly refreshed my memory and answered the question admirably. As you can tell from this, and from our off-line conversation, I'm just using

RE: [ActiveDir] Send As(OT)

2006-12-16 Thread joe
group(security or distribution). I think this was some weird replication/info store cache issue that for some reason took 4 days to resolve itself. Thanks On 12/16/06, joe <[EMAIL PROTECTED]> wrote: > In Exchange nothing comes from the DL, it comes from the user who sent to > the

RE: [ActiveDir] AB Views Export/Import

2006-12-16 Thread joe
Hey Jerry, I am not exactly sure what you are asking for here. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jerry Welch Sent: Thursday, November 02, 2006 9:26 AM To: ActiveDir@mail.

RE: Deleting an OU in AD and AD/AM with 1,000,000++ users (WAS: RE: [ActiveDir] )

2006-12-16 Thread joe
Hmm I swear I responded to this but I don't see it... So... The progress dots is only for reading in the CSV pipe... Not for what it is currently working on. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED]

RE: [ActiveDir] supportedsaslmechanisms

2006-12-16 Thread joe
I am not aware of being able to do so no. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom Sent: Monday, November 06, 2006 2:30 PM To: ActiveDir@mail.activ

RE: [ActiveDir] Is it 2000 or 2003?

2006-12-16 Thread joe
27; *** ' Sub echo(String) ' ' Sub prints the passed string to the console ' (if run from CSCRIPT) or to the shell via ' message box (if run from WSCRIPT). ' ' *** Private Sub echo(sOuputStr

RE: [ActiveDir] ActiveDir.Org Web Site Update [List Admin]

2006-12-16 Thread joe
Hmmm I almost missed this post Ok Matty goes on the list ;o) -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matty Sent: Wednesday, November 22, 2006 5:24 PM To: ActiveDir

RE: [ActiveDir] OT: Find a use of an account in AD

2006-12-16 Thread joe
I seem to recall Dean Wells posting a batch file to the list to gather all of the service accounts being used across a forest, might want to peek at the archives. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMA

RE: [ActiveDir] mailNickName(OT)

2006-12-16 Thread joe
road. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, November 22, 2006 4:21 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] mailNickName(OT) I have to admit some surprise that you have that large of an org and haven

RE: [ActiveDir] mailNickName(OT)

2006-12-16 Thread joe
gt; some *process* that allows for making those unique. I've worked in much > smaller shops that had such policies (sadly, no strong nepotism rule, but > that's another story altogether.) > > I second what joe says about not taking their word for anything. I'll go so &

RE: [ActiveDir] Tombstone.

2006-12-16 Thread joe
Difficult to replicate a deleted object... If you send a null to your replication partner, it doesn't know what to remove. :) You can get around the whole tombstone thing though if you use dynamic objects. Those really and truly do delete with no chance of reanimation. However, the time to die in

RE: [ActiveDir] Tombstone.

2006-12-16 Thread joe
I believe I ran into that while doing mass testing of AdMod which will also reanimate tombstones. The bug is officially bugged and should be corrected eventually. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [

RE: [ActiveDir] AD Schema Extensions and Exchange System Manager

2006-12-16 Thread joe
I am not positive on this, but I think you need to look at mAPIIDs. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Waters, MW (Mike) Sent: Tuesday, December 05, 2006 5:26 AM To: Activ

RE: [ActiveDir] Send As(OT)

2006-12-16 Thread joe
In Exchange nothing comes from the DL, it comes from the user who sent to the DL. I believe you cannot in actualality (sp?) send from a DL because a DL is an alias, not a mailbox. I could easily be wrong not being an Exchange guy but I don't expect I am. -- O'Reilly Active Directory Third Editi

RE: [ActiveDir] Resending because I kept sending via the wrong account.

2006-12-16 Thread joe
Ah. And the PDC verus non-PDC? Red Herring? Cross-contamination? Crossed the streams and the sta-puff marshmallow man wasn't in sight. ;o) -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTE

RE: [ActiveDir] Is it possible to determine who created an AD object?

2006-12-16 Thread joe
So what was the overall outcome here? Did the PDC -vs not-PDC end up making a difference? Administrators -vs- Domain Admins? etc etc etc -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On

RE: [ActiveDir] Possibility of writing to ntSecurityDescriptor with LDAP and Unix

2006-12-16 Thread joe
Administrators, I am curious what exactly they want to do from UNIX and Java with machine accounts and whether they are chatting with anyone as they may find they really don't have rights to do what they are wanting to do or are specifically disallowed from mucking with it. joe -- O

RE: [ActiveDir] LDAP query

2006-12-16 Thread joe
2. But that wouldn't be a query, that would be running and collecting info and then you generate the report from the output generated. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[E

RE: [ActiveDir] SBS Dies Twice in Four Days

2006-12-16 Thread joe
SBS... uh oh there goes the neighborhood... This one could possibly get the [OT] badge I expect and/or go to the SBS specific groups. If an SBS server died, AD would be one of the last things on it I would suspect with everything it runs. ;o) joe -- O'Reilly Active Directory Third Ed

RE: [ActiveDir] AD admin tool for Vista

2006-12-16 Thread joe
Any answers would simply be guesses but I honestly wouldn't expect anything until Longhorn release time frames. Note that those Petri instructions initially were posted to this list by Steve Linehan (Microsoft). -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm

RE: [ActiveDir] Vista GPO

2006-12-16 Thread joe
e binaries. I wouldn't be surprised to see most large companies deploying Longhorn heavily into production before Vista even. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL P

RE: [ActiveDir] Group Membership Update Frequency

2006-12-16 Thread joe
in as above and then query the tokenGroups attribute of the rootdse like so adfind -h ADAMSERVER -rootdse -resolvesids tokengroups joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: [ActiveDir] Quest Recovery Manager

2006-12-09 Thread joe
M to reanimate deleted objects (This seems to be a favorite topic of Gil's to use to fill in spots at DEC)... did I forget anyone... hmm maybe Robbie might take time away from work on his fields medal or latest cookbook to write you a Monad shell script that Joe will find a way to compile into a

RE: [ActiveDir] Global Catalog /DNS Question

2006-12-09 Thread joe
g. Not so evolved eh? But it is open source, someone could always quickly and easily add proper SRV lookup capability. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mi

RE: [ActiveDir] OT:What is Websence

2006-12-09 Thread joe
1:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:What is Websence You don't know I though you knew it all, this is sad day. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, December 08, 2006 12:51 P

RE: [ActiveDir] Delegate join computer to domain

2006-12-09 Thread joe
additional perms at the OU level and let them inherit down so they don't have to deal with it. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WATSON

RE: [ActiveDir] running scripts via group policy using alternate accounts

2006-12-09 Thread joe
it. My suggestion is that you rethink your process because this sounds like a really crappy plan that you've got. I believe Joe Richards' cpau utility on joeware.net supports some type of encryption of credentials that you could use if you must do this. Thanks, Brian Desmond [EMAIL

RE: [ActiveDir] running scripts via group policy using alternate accounts

2006-12-09 Thread joe
companies, police departments, governments, and universities that use it for automated install packages as well. I would be curious what didn't work for you, feel free to email me separately if you haven't already. joe -- O'Reilly Active Directory Third Edition - http://www.

RE: [ActiveDir] running scripts via group policy using alternate accounts

2006-12-09 Thread joe
f the user who runs it. My suggestion is that you rethink your process because this sounds like a really crappy plan that you've got. I believe Joe Richards' cpau utility on joeware.net supports some type of encryption of credentials that you could use if you must do this. Thanks,

RE: [ActiveDir] What is Websence

2006-12-08 Thread joe
I don't know but I bet it deserves [OT] in the subject. :o) -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ravi Dogra Sent: Thursday, December 07, 2006 6:30 PM To: Acti

RE: [ActiveDir] [OT] Can you run DHCP on a XP computer??

2006-12-03 Thread joe
a A. Robinson Sent: Saturday, December 02, 2006 4:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] [OT] Can you run DHCP on a XP computer?? Which would probably be a licensing violation. :-) _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Saturday,

RE: [ActiveDir] [OT] Can you run DHCP on a XP computer??

2006-12-02 Thread joe
Yes, I believe there are at least one or two DHCP Server Open Source projects that will run on Windows XP. The Windows DHCP server won't from my knowledge, though I would surmise it may be possible to hack a machine to do so if someone really wanted to. -- O'Reilly Active Directory Third Edition

RE: [ActiveDir] 100% CPU utilization when querying Win32_Account on DC

2006-12-02 Thread joe
Good post but yuck. Amazing how many issues you avoid by avoiding ADSI, WMI, CDOEXM, and the other MSFT frameworks designed to make life "easier"... -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]

RE: [ActiveDir] Bulk of client going to PDC

2006-12-02 Thread joe
I would recommend doing a trace of one of the problem clients logging on and watch the whole referral process, etc. Actually I would probably just turn on a sniffer and let it watch everything from one of those machines from boot up for some time so you catch refreshes and everything else. At least

Re: [ActiveDir] Child domain for external SharePoint users

2006-11-30 Thread Joe Kaplan
ement though. From a security perspective, though, Brian is right. If you just want to do this with AD and trusts, you should do a separate forest and do a forest trust. Otherwise, you aren't buying much in terms of real security. You might as well just put the accounts in a separate

Re: [ActiveDir] Scaling up with AD or ADAM?

2006-11-24 Thread Joe Kaplan
that might not be a huge deal. I don't think ADFS uses that either. :) Joe K. - Original Message - From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: Sent: Thursday, November 23, 2006 10:24 PM Subject: Re: [ActiveDir] Scaling up with AD or ADAM? Thanks,

Re: [ActiveDir] Scaling up with AD or ADAM?

2006-11-23 Thread Joe Kaplan
rather not have to get a new account in your system to use it if they can avoid it. Just a thought... :) Joe K. - Original Message - From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: Sent: Thursday, November 23, 2006 2:54 PM Subject: [ActiveDir] Scaling up with AD or A

RE: [ActiveDir] mailNickName(OT)

2006-11-22 Thread joe
11/22/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > Other than being used for access by other protocols such as pop, imap, and > owa, last I checked it's also the value used for the x.400 like address > which is used for mail delivery internally by Exchange. You wouldn't want &

RE: [ActiveDir] Enterprise Domain Controllers group missing...

2006-11-22 Thread joe
1-5-9 joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 22, 2006 9:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir]

  1   2   3   4   5   6   7   8   9   10   >