Use getsid.exe of the support tools.
How come you are using regmon. I thought sysinternals was a no no :0)M@
On 02/04/06, Rodrigo Blanco [EMAIL PROTECTED] wrote:
Freddy,is there any stadard way (tools included in the W2K3 OS) to verify theSID of a machine? I am not allowed to install or use any
Guess what. Not yet! But its out of my hands and the security team will decide how to pursue this.
M@
From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Monitoring DC's Date: Sun, 2 Apr 2006 14:54:23 -0400
The whole point of a site is to have a DC in it isn't it? Therefore you should cleanup the unnecessary sites and associate subnets with sites you want them to be a part of. The DC locator will only do its job correctly if DNS is right. DNS will be correct if you maintain a nice sites and services
You may need to map deeper and delete subfolders. Either use subst (locally on server) or net use * \\server\share\deep_path and delete the subfolders. Then you will be able to delete the parent folders. It looks like users have created a deep folder structure beneath the share.
M@
On 28/03/06,
If its not on the network at the time, it will log messages saying something like the \\domain\sysvol\domain\scripts\** file is inaccessible. Have you made the Gp changes Always wait for the network at computer startup and logon under admin templates/system/logon ?
M@
On 28/03/06,
Check the debug folder for the logs to see if there were any issues during the promotion. dcpromo, dcpromoui.logs and the err logs.
M@
On 22/03/06, Rimmerman, Russ [EMAIL PROTECTED] wrote:
Yes, from the good DC I can browse the bad DC, but not vice versa. The bad one can't see anything in the
Why dont you ask NTFS instead of AD? Why not you use something like subinacl and query the folders of the owner? Assuming all folders that are valid have proper owners, I guess the invalid folders will have unresolvable SIDs or Administrator as the owner against them.
M@
On 21/03/06, Steve
Why dont you ask NTFS instead of AD? Why not you use something like subinacl and query the folders of the owner? Assuming all folders that are valid have proper owners, I guess the invalid folders will have unresolvable SIDs or Administrator as the owner against them.
M@
On 21/03/06, Steve
Noah
Use subinacl to rest the ownership. I would do something like this.
dir /b /s path_to_folder_with_list_of_usernames something.txt
for /f %i in (something.txt) do subinacl /file %i /setowner=domain\%i
for /f %i in (something.txt) do subinacl /subdirectories %i\*.* /setowner=domain\%i
This
PROTECTED] wrote:
Thanks, Matheesha. That is the sort of logic my brain was rejecting last night. ;-) Brian and Irwan, thank you as well, though those settings were for newly created folders going forward (see:
http://support.microsoft.com/kb/288991/en-us).
-- nme
From:
matheesha
The environment I help support quite regularly has offices getting
decommisioned or moved around and the subnets change. When this
happens I need to make modifications to sites and subnets. This
requires EA rights.
M@
On 14/03/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
We're trying to
No kidding. Here at my work place we once needed access to the
enterprise admin password but the safe was not accessible as the
building was damaged and not safe to enter. The chap remotely
connected to the network and used IBM Director to reset the password
of the root administrator account! I
You will also get these records if you demote DCs and if the demotion
didn't do a good cleanup job after itself.
M@
On 08/03/06, Figueroa, Johnny [EMAIL PROTECTED] wrote:
I have an AD 2003 domain and an AD integrated DNS zone. If I look a the
properties of that DNS zone and go to the Name
Personally I wouldnt use cacls/xcacls or the vbscript based
xcacls.vbs. cacls/xcacls are probably not granular enough for your
purposes. Assuming you want to give just modify then cacls/xcacls are
fine. But if you want to give full control except for the modify
perms/takeonership bit, then you
[EMAIL PROTECTED] wrote:
Replmon indicates that even though the USNs are not the same all of the
replication changes have occurred successfully.
So, does replmon trump DCDIAG?
Charlie
-Original Message-
From: matheesha weerasinghe [mailto:[EMAIL PROTECTED]
Sent: Monday, February 20
Have you done a schema update. Can you give some background as to how
you got to this stage? can we have some details of the environment.
Which DCs are replicating OK? Have you built or decommissioned any DCs
recently?
M@
On 20/02/06, Carerros, Charles [EMAIL PROTECTED] wrote:
I have been
,
Charlie
-Original Message-
From: matheesha weerasinghe [mailto:[EMAIL PROTECTED]
Sent: Monday, February 20, 2006 1:52 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Replication Error 8464
Have you done a schema update. Can you give some background as to how you
got
Sorry I should have been more specific. The "group policy refresh interval for computers" setting in the Computer Configuration/Administrative Templates/System/Group Policy if configured at LSDOU levels for a computer or user, how is it used? Is the refresh value configured on each policy
Hi
I had a quick query about GPO refresh interval. Is this an aggregate of all values which apply to Computer/User or is it applicable per GPO it was configured for? I am pretty sure its the former but I'd like it clarified.
thanks
M@Express yourself instantly with MSN Messenger! MSN
101 - 119 of 119 matches
Mail list logo