We have several DC’s in our environment all of which
are 2003 SP1 servers except for one. I am preparing to demote this one through
DCPromo this weekend. All of our DC’s are also GC’s, including
this last remaining 2000 server. It does not own any FSMO roles. The Exchange
RUS services a
We have always just handled support by purchasing the
5-packs and paid our $250. Generally this has been very good, but more and
more I am finding the first level team isn’t getting the job done. I am
considering the Premier Plus, granted it is expensive, and would like to know
if any of
o it yourself... and they've never taken a week to call me back.
Lucas, Bryan wrote:
>
> I went that route actually. I unplugged, rebooted and it was fine.
> After I browsed some file properties, LSASS sucked up a bunch of RAM
> (caching I presume) and then stabilized ~500MB. Aft
ate. I don’t recall seeing
many memory leaks in lsass.exe in 2000 SP4.
- Roger
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas,
Bryan
Sent: Saturday, November 04, 2006
2:50 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC crashing /
LSASS --> memor
I’ve got a Win2000 SP4 box that I believe has LSASS
crashing leading to a huge run on memory causing the system to page and yield a
Virtual Memory is too low… type error and all access to the server is
cutoff essentially (other than local logon).
After rebooting twice and watching TaskM
I snagged this from my notes on when we deployed XP/GPO's and RA. It
was a beating to get this to work, maybe something in this will spark a
thought on your part.
Edit the new custom GPO to have the following settings
1. CompConfig, Windows Settings, Local Policies, Security Options:
control of the machine
and you're reliant on their co-operation. If someone wants IE7 on their
machine in your environment, they *will* have it.
As you can see from the sig in my last message, I'm quite familiar with
academic environments.
-Original Message-
From: [EMAIL PROTECTED
x27;m really confused. Why make your users admins and then lock down the
ways they can admin the system?
--
Robert Moir
Senior IT Systems Engineer
Luton Sixth Form College
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Lucas, Br
om: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Thursday, October 19, 2006 2:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Blocking IE7
I must be missing something, I read:
* "The Blocker Toolkit will not prevent users from manually installing Inter
That toolkit *is* designed to block both the executable and automatic update
installations.
Laura
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Thursday, October 19, 2006 12:55 PM
To: ActiveDir@mail.activedir.org
Su
I see how to block IE7 from deploying through WSUS, but what
I don’t see is a way to block a user from manually installing it.
(http://www.microsoft.com/downloads/details.aspx?FamilyID=4516A6F7-5D44-482B-9DBD-869B4A90159C&displaylang=en)
Our users are 90% XP SP2 and managed through
authenticated against my application
DC".
On 9/13/06, Lucas, Bryan <[EMAIL PROTECTED]> wrote:
Thanks to all for the responses.
This (isolating via ipsec) is probably the right direction for me.
We're a single site, single domain at a single physical location, but
the idea
Thanks to all for the responses.
This (isolating via ipsec) is probably the right direction for me.
We're a single site, single domain at a single physical location, but
the idea of building another site isn't appealing from a "keep it
simple" perspective.
Are there any technical reasons why a
I’d like to isolate a DC from regular user
authentication. I only want certain applications/processes using it.
Obviously it will need to replicate with the other DC’s. I don’t
have an interface on the firewall to use, so I would probably have to do something
software based on the DC its
Anyone have any thoughts on this?
Thanks,
Bryan Lucas
Server Administrator
Texas Christian University
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas,
Bryan
Sent: Monday, July 31, 2006 4:12
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir
Does anyone know how I force replication through ASP 2.0?
My DC’s are all local (no WANs) and 2003 SP1.
I have a web page that does account creation and then points
the user to a portal which attempts to authenticate against AD. The portal
software (Peoplesoft) can only attempt a
/5022eea0-54bc-422f-b98b-ddb836c8ee851033.mspx?mfr=true
Thanks
Mike
On 7/27/06, Lucas, Bryan
< [EMAIL PROTECTED]> wrote:
I
have 4 DC's that are Win2003 SP1 and 1 DC that is still Win2000 SP4. I'd
like to add a new DC that is Win20
I have 4 DC’s that are Win2003 SP1 and 1 DC that is
still Win2000 SP4. I’d like to add a new DC that is Win2003 R2. Is
there anything special I need to do (i.e. forestprep/domainprep) or can I join
it just like another Win2003 SP1 DC?
Thanks,
Bryan Lucas
Server Administrator
Tex
ng with
DFS. I know that is not what you are asking, sorry.
Anyone disagree?
Kevin
Brunson
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas,
Bryan
Sent: Monday, July 24, 2006 4:07
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Securing DFS
We built a DFS Root on a windows 2000 domain controller and
the root of the share has “Everyone” Full Control. E.g. if I go to
\\domain.com, right click on the dfs root’s
properties, the security tab.
Can I simply take FC away? I’m a bit hesitant because
it lives on the DC and came th
We use this setting heavily for certain
classes of users and it works great. We do exactly what you’re saying,
only put the workstations they should use in the list and it does restrict them
from logging in elsewhere. Maybe replication is your culprit?
From: [EMAIL PROTECTED]
We’re just now rolling into
production with Globalscape’s product. Mixed feelings about it.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Glenn
Sent: Wednesday, July 12, 2006
12:47 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] SFTP with AD
Auth
The actual physical
file folder of the DFS root has "Everyone" with full control. This is how
it was by default which has led to a small amount of garbage files being placed
there by uneducated users.
1) Can I change the
NTFS perms on the root? If so, how or can you point me to a KB, go
On 6/12/06, Lucas, Bryan <[EMAIL PROTECTED]> wrote:
Re-post
Administrator
Texas Christian University
(817) 257-6971
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Lucas, Bryan
Sent: Thursday, June 08, 2006 8:05
AM
To: ActiveDir@mail.activedi
Title: Virtual DCs
Re-post
Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Thursday, June 08, 2006 8:05
AM
To: ActiveDir@mail.activedir.org
Subject: RE
We have discovered several machines that were spitting out SceCli
1202 warnings (Security policies were propagated with warning. 0x4b8) in the
Event Log. We found that our secedit.sdb on one of our sysprep’d
image was corrupted. On the problematic PC’s, we did a
esentutl /p
%SystemRo
Title: Virtual DCs
Along these lines, has anyone seen an
actual best practices whitepaper for MS Virtual Server? How to configure disk
arrays, controller cache, how many VHDs per volume, memory allocation, etc.
Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-
Title: Virtual DCs
Just because it’s a VM, doesn’t
mean you can stop managing it. You still have to patch it, monitor it, upgrade
it, etc. Only thing it buys you from a management perspective is less hardware
to manage. How often are you managing your physical hardware? If the answer
is
Not an answer, but another question. Do any
of those queries find contact objects or do you not use them?
Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Harding, Devon
Sent: Monda
Stretching my memory banks... seems to me one of the steps of upgrading
Exchange 2000-->2003 was to verify the changes made by the LDF import.
Why not just look at the schema and see if the changes have already been
made.
I interpret your email as you never had Exchange 2000, you started with
2003
Any suggestions?
Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971
o support, but it is possible without any 3rd party
components.
Andy
Schan
Titus
International, Inc.
From: "Lucas, Bryan" <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
To:
Subject: [ActiveDir] Allowing users to
manage security groups
Date: Fri, 7 Apr 2006
The “manager can update membership list” is
great, but how does a user do that for a security group? For a Distribution
Group, they can use Outlook, but I don’t want to hand over the ADUC mmc
snap-in to my users to manage security groups.
Does anyone have any recommendations on 3rd par
ript-Kits on Alain Lissoir's site (handling ACLs is part of
Volume 2)
http://users.skynet.be/alain.lissoir/wmibooks/Volume_1_ScriptKits.zip
http://users.skynet.be/alain.lissoir/wmibooks/Volume_2_ScriptKits.zip
/Guido
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] O
Our built in guest account gets locked out from time to time,
generating 644 events in the DC’s security logs. I’m trying
to determine how it can get locked out because the account is disabled.
If I take a test box and hammer away at the guest account with bogus passwords
I never get a lo
Do you believe that any 50-50 situation
(coin toss) ever gone heads-tails-heads-tails-head-tails…and so on for
ever? Of course not. Does that then mean that the odds change? Of
course not. But it does mean that there are small waves of heads and waves
of tails.
Same in blackjack.
y.com. 600 IN A 192.168.0.1
Hope this helps.
-Alex
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Friday, March 17, 2006 8:54 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DNS question
Primary DNS server = 192.168.0.1
Primary DNS server = 192.168.0.1 serves AD zone company.com
Web server for www.company.com = 192.168.50.50
A request is being made to have http://company.com resolve to
192.168.50.50.
My AD zone, company.com, already has an "A" record with no host value
pointing to 192.168.0.1. Specifically, i
Does the report or dsacls distinguish between
delegated and default permissions?
Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Almeida Pinto, Jorge de
Sent: Friday, March 17, 2006
So, does Intrust do these things:
"OU creations/deletions/mods
Critical Security Group Modifications
GPO Creation/deletion/mods and Linking
Domain Administrator Logins and from where
Password changes on critical accounts"
Can you get granular and say show me all the changes to these groups, or
th
I know you can build a dynamic query based distribution
group, but can you do the same for a security group? What is the best way to
accomplish making anyone who is in a particular OU a member of a security group
on a dynamic basis (scheduled task frequency)?
Bryan Lucas
Server Admini
Are you 2003 and dissatisfied with the
IMF? I’ve found for small businesses it is extremely effective when
loaded with the right RBL’s, IP blocks and configured correctly.
Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971
From: [EMAIL PROTECTED]
g=en
(the second link is
for the appendices)
-DaveC
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Thursday, March 02, 2006
8:51 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Delegation
I’ve recently joined this list and
didn’t
Title: Message
I’ve recently joined this list and
didn’t see this post. Is there any list (official or unofficial) that
details what permissions are necessary to delegate certain tasks?
Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971
From:
[EM
security-enabled
groups,
regardless of mail status.
(groupType:1.2.840.113556.1.4.803:=2147483648)
John Roberts
JLR Technology Solutions
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Tuesday, February 28, 2006 10:49 AM
To: ActiveDir
Nevermind, I added "mail" to the filters and then parsed the data
accordingly.
Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lucas, Bryan
Sent: Tuesday, February 28,
I'm trying to export a list of security groups, but not distribution
groups. The string below gets all groups, is there a way I can exclude
DLs?
csvde -f c:\groups.csv -s ad7 -d "dc=tcu,dc=edu" -p subtree
-r(&(objectCategory=Group)(objectClass=group))" -l
displayname,samaccountname,description"
Nothing personal and I appreciate the OT
tag, but this list is already high volume as it is and I could do without the workstation
hardware posts to wade through.
Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971
From: [EMAIL PROTECTED]
[mailto:
Joe,
From what I understand of MS NAP, it only
helps if the machines belong to the domain, is that correct? It doesn’t stop
someone from plugging in and hard coding an IP. I get the impression it is
designed to be used in conjunction with Cisco’s CleanAccess product.
Bryan Luca
49 matches
Mail list logo