omorrow but can someone shed any light on what specifically this
(0x3) error means .. it's not one I've come across..
Sorry about the conciseness of the description but it's late in Europe :-)
Thanks for any help.
Regards,
Mylo
List info : http://www.activedir.or
ation from my suspected good entries
to overcome this issue
Granted, there's a paucity of information to go on... but I'll try and
elaborate as the night goes along :-)
Many thanks,
Mylo
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/
cated
as well? What form does this need to take?
Hope this helps.
Regards,
Mylo
if you need an initial
Jef Kazimer wrote:
Al,
I apologize, as I am going only on what little information I have. I guess I
was trying to do some pre-meeting recon work since I had seen it metioned here
about
Dave,
Sorry .. being a bit too broadI was thinking of AD replication thru
firewalls rather than a trust scenario the caveats with regards to
File and Print and the rules still apply tho..
Cheers,
Mylo
Dave Wade wrote:
He says he wants :-
"people can use resources in both do
Danny,
Given you're running over an IPSec VPN connection, you may want to check
out this article
http://support.microsoft.com/?id=244474
Regards,
Mylo
Danny wrote:
Hello,
Company A acquired Company B:
A: Windows 2000 SP4 DC's and one Server 2003 SP1 DC
B: Windows Server 20
ay on file and print servers),
bear in mind that the FAP's will also require visibility to the target
domain as well thru the firewall, i.e. rules as well
5. Are you planning on using MIIS/IIFP to GAL Synch between the 2 domains?
Regards,
Mylo
Dave Wade wrote:
1) I think firewall conf
est 'ambivalent'.
Regards the book, looks like the principle of the spoken word holding
more value than the written one
still holds true.. although you have to realise I speak from a position
of selfishness... otherwise I'd be out
of a job :-)
Mylo
joe wrote:
Thanks. :)
Re: the ani
he property sets is doable but it's a big client
and any changes to "defaults" and the
implications support-wise will probably mean that any solution I come
up with (under consultation) will
not fly.
Regards,
Mylo
joe wrote:
Oh no, no bright lights, no big city. No champa
on
as you get your name in print it's 'hello bright lights big city'
THAT must be why the book is on its 3rd edition then Joe ;-)
Thanks again for the heads-up.
Regards,
Mylo
joe wrote:
Mildly ironic... or could it be almost sardonic one wonders...
The proceeds will clear up
read the chapter and check previous archive
posts as you suggested.
Regards,
Mylo
joe wrote:
This isn't a real simple thing to answer in a quick post. Whole chapters in
books have been written on the subject look at the
signature[1].
Luckily the one of the security related chapters of tha
: I'm trying to stop users changing attributes via
tools such as GALMOD32.
Appreciate any feedback!
Many thanks,
Mylo
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
splaylang=en
<http://www.microsoft.com/downloads/details.aspx?familyid=89811747-C74B-4638-A2D5-AC828BDC6983&displaylang=en>
This has saved me a fair bit of time in the past.
Regards,
Mylo
Arthur Freyman wrote:
I’ve seen a similar problem recently, but not exactly the same. The
situation involved
Thanks Gil. Never saw that one!
Regards
Mylo
Gil Kirkpatrick wrote:
Try ADTEST from MSFT. Along with creating an arbitrarily large AD
population, it can also generate authentication and query traffic so you
can load test DCs.
http://www.microsoft.com/downloads/details.aspx?FamilyID=4814fe3f
That's true.. used it once for generating 25,000 users... if I remember
right it'll even do mailboxes (if you can wait)... it's called AD
Populator or something :-)
Regards,
Mylo
Peter Johnson wrote:
If you download the eval of NetIQ DRA there is a tool in there that will
One other thing beyond what Jorge mentioned if you've Enabled
Disable [oxymoron :-)] anonymous SAM enumeration via Group Policy you're
also likely to end up with problems accessing resoures.
Regards,
Mylo
Almeida Pinto, Jorge de wrote:
No. That domain wide authentication
rdles and resolve
your AD issues, and implemented some sort of AD monitoring solution
(even if its just using the support tools), only then would I consider
looking at the upgrade path to Win2k3 and subsequently implementing GPO.
Regards,
Mylo
Jitendra Kalyankar wrote:
Here is scenario that is
David,
Novell also do a perl-based script in their Cool Solutions archive if
you're interested
http://www.novell.com/coolsolutions/tools/14462.html
Regards,
Mylo
CHIANESE, DAVID wrote:
Steve,
Thanks much for the sample script.
?module=base&page=factsheet#IDAAUZS
I've not used CoreForce but I have used pktfilter under Win2K.. useful
if you already know IPFilter.
If you're on Win2k3 then you're probably best off with IPSec since it's
much improved ...
Regards,
Mylo
Tomasz Onyszko wrote:
Medei
a couple of
others which escape me at the moment :-)
If you need migrate 'settings' such as user rights assignments then
you'll need to use migration tables.
Regards,
Mylo
Tom Kern wrote:
Import/export is the process.
It was imported/exported between 2 Forests
Thank
that bloat adds up replication-wise (still, at
least there was partitioning).
One thing I am curious about though is why MS opted for JET as the DB
of choice for AD.. was it the only viable option at the time ? What's
the ceiling on actual database size before it caves in (performance-wis
Thanks Susan,
Looks like I've got some reading to do :-)
Regards,
Mylo
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Windows Synder [yes that's her name] and Frank somethingorother
the Threat Modeling book
or
Dana Epp's ramblings at the Sanctuary: High Level
ines of
Is it safe ?.. Is it safe ?.. yeah .. yeah .. it's safe.
I'll probably try and wangle a third-party assessment, just for
objectivitys sake..
Mylo
Phil Renouf wrote:
I've seen 500 and 1000 user sites with no DC. They were on the end of
decent network links, but
Mark,
How many users to site are you talking about in the no local DC
scenario. 10, 20..50 ?
Cheers
Mylo
[EMAIL PROTECTED] wrote:
I've looked at using Virtual Server for small sites and it makes sense
to me. The only drawback is that all your eggs are in one basket - lose
the host an
of trusts to the
central sites :0)
4. Live with it and stop worrying
Am I being overly paranoid with this dual/triple role thing or is this
really as bad as it looks ? Does anyone actually advocate this as a
solution if they were given a greenfields choice?
I'd appreciate your candour an
Thanks everybody for your input!
Regards,
Mylo
joe wrote:
As Rick said, it is tight security or ease of use. These things tend to be
mutually exclusive. Good security is rarely easy. You are balancing between
locked down and useability. But yes, in answer to your original question, it
is not
nclude support
for dual core?
Thanks again,
Mylo
Bernard, Aric wrote:
For your first question, you can find Microsoft's Branch Office
Infrastructure Solution (BOIS) here:
http://www.microsoft.com/technet/itsolutions/branch/default.mspx
In short, and more direct for your question, some org
ou get
virtualising... GSX, I get around 50-60% of real life, subject to the
number of Guests running and server role, and can't afford ESX so can't
comment :-)
Regards,
Mylo
Seely Jonathan J wrote:
Thanks, Brad. That i
tions
become. I'll have harsh words with my memory retention department :-)
Thanks for the info.
Mylo
Dean Wells wrote:
My apologies if I appeared to be yelling earlier, that wasn't my intention
... I guess some frustrations came out in my text, sorry about that :o(
The GINA&#x
Dean,
Oh...I was under the impression that external trusts still used legacy
name resolution.. Here's a common misunderstood article about it ;-)
http://www.windowsdevcenter.com/pub/a/windows/2004/05/11/netbios.html
Cheers
Mylo
Dean Wells wrote:
I'm really not certain where
(e.g.
LMHOSTS with 1xB and 1xC entries) enabled and then disable it and
validate the trust afterwards... It could be for the trust creation only
that it needs to be turned on..
Cheers
Mylo
Tom Kern wrote:
I can't find a clear answer-
when you form a trust between the root of a win2k3 forest a
Erk.. ignore that... just read the original thread.. sorry!
[EMAIL PROTECTED] wrote:
Yes
*Holland + Knight*
*Travis Abrams*
IT Security & Systems Manager
Holland & Knight LLP
*From:* [EMAIL PROTECTED]
[mailt
What's the error message Travis ?
[EMAIL PROTECTED] wrote:
It is a setup.exe and you select the extension and click install. That
is why I feel it is the installer. We are planning to use the LDIF
files next.
*Travis Abrams*
-
is an AD group ;-)... but I suspect, short of building a PoC environment
or answers from the group, finding out things like mailbox
delegation...whether FE/BE topology works etc, means test test test :-)
Mylo
Rick Kingslan wrote:
Mylo,
I'll answer this, and when joe gets back onl
e customer tools and
(proxied) interfaces. I realise there are shortcomings... a domain admin
is a domain admin after all but i'm interested in hearing comments.
Cheers
Mylo
Rick Kingslan wrote:
joe - no need to apologize. You're absolutely correct. Once I read your
e-mail, I had doubts
single points of failure with MIIS/IIFP, added
complexity etc surely that single AD forest/domain is more
preferable :-)
Cheers,
Mylo
joe wrote:
In my last job we sort of did. I say sort of because you get the point where
you are going against AD best practices in how many ACEs you are
ything GP-wise then maybe the first scenario has a bit of
credence, otherwise go with (2).
If you can post a bit more info, it'd be useful.
Good luck,
Mylo
PS: Just curious, but this sounds like you've got some ex-Novell ppl there,
as this is the sort of holy war I recall with NDS :0)
t just the changes that are not being applied when they roam, or the
whole profile ?
Cheers,
Mylo
- Original Message -
From: "McGhee , Maurice" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 12, 2002 5:22 PM
Subject: RE: [ActiveDir] Roaming Profiles
Thanks for the info Rick.
Regards
Mylo
- Original Message -
From: "Rick Kingslan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 16, 2002 7:03 AM
Subject: RE: [ActiveDir] Forest-wide DNS records
> See inline below.
>
> (I'm cu
figuration, front-end/back-end servers etc) and maybe a few others will
post additional pointers. I would also strongly recommend a make and break
session with Exchange 2000 by installing it within VMWare/Virtual PC and
enabling rollback so that you can play around with it quite freely.
Have fun
How about IPSEC ... block all IP ports ?
- Original Message -
From: "Facundo Chamut" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 30, 2002 4:12 PM
Subject: RE: VERY OT Re: [ActiveDir] Program for blocking of websites
>
>
> http://64.205.178.90/b5/rant/spec/1234567.jp
www.surfcontrol.com
SuperScout for Corporate web filtering
CyberScout for Home web filtering
- Original Message -
From: "Christopher Hummert" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, April 29, 2002 8:53 PM
Subject: RE: [ActiveDir] Program for blocking of websites
> We
preciated.. the
only other suitable product I've seen is Omnitool from Baltimore.
Thanks
Mylo
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Regards
Mylo
- Original Message -
From:
Lomas, Chris
To: '[EMAIL PROTECTED]'
Sent: Friday, March 15, 2002 4:18
PM
Subject: [ActiveDir] Active Directory
Replication
Hello,
Does anybody know of a way to allow a user
account which is
And if you're migrating from 5.5, read about the Migration Wizard in SP1
onwards... it'll save a lot of pain :)
Good Luck,
Mylo
- Original Message -
From: "Ellis, Debbie" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 22, 2002 4:31 PM
S
Absolutely, unless someone knows a way to get around the limitation of one
Type 15 domain name per DHCP scope.
- Original Message -
From: "SALANDRA, JUSTIN" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 21, 2002 8:15 PM
Subject: RE: [ActiveDir] Two Domains, One Subn
45 matches
Mail list logo
