Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Parker, Edward
> Sent: Tuesday, March 09, 2004 2:14 PM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] Custom ADM
>
> All,
>
> I am creating a custom ADM file for GPOs to delete a
All,
I am creating a custom ADM file for GPOs to delete a registry Key. I
have found docs to change values, add, or rename via custom ADM files,
but I have not found a way to DELETE a registry KEY.
Does any have a link or a suggestion?
List info : http://www.activedir.org/mail_list.htm
List
that Today is the Tomorrow you were worried about Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Parker, Edward
Sent: Tue 2/24/2004 8:11 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] GPOs and ICF
When I edit a GPO on an OU...I do not see the ICF GPOs l
orried about Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Parker, Edward
Sent: Tue 2/24/2004 8:11 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] GPOs and ICF
When I edit a GPO on an OU...I do not see the ICF GPOs listed. They are suppose to be
under..
Title: Message
When I
edit a GPO on an OU...I do not see the ICF GPOs listed. They are suppose
to be under
Computer | Admin Template | Network | Network and Dial up
connections
All I
see is Prohibit connection sharingNot any of the ICF
ones?
Any
suggestion on how these are l
AD CookBook by R. Allen
p.207 / p.250
2003 forest mode
oUser.Get("lastLogonTimeStamp")
-Original Message-
From: Bruce Clingaman [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 22, 2004 12:56 PM
To: ActiveDir (E-mail)
Subject: [ActiveDir] Logins/logouts
Currently, I have login.vbs
http://cwashington.netreach.net/depo/view.asp?Index=893&ScriptType=vbscr
ipt
-Original Message-
From: Pennell, Ronald B. [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 22, 2004 12:20 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Apply patch's via vbs scripts
Was just looking for
Title: Message
All,
We
have 53,000 user AD environment. The current size of the NTDS.DIT is just
under 2GB.
I am
reading Chapter 9 of the 2003 planning document and on page 368 it
states:
"On
the drive that will contain the Active Directory database, NTDS.dit, provide 0.4
gigabytes
Here is a VBScript. Simple but works.
1) Test in a test lab prior to use.
2) Not responsible for the results of the script. Use at your own risk.
* SCRIPT BEGIN *
Option Explicit
If WScript.Arguments.Count<>1 Then
Wscript.Echo "Param : RemoteHostIP"
WScript.Quit
End If
Title: Message
You
can quickly convert any VBScript into an ASP page and run it off an IIS
server. This will allow you to run the queries from any box (through a
browser) and the work is performed on the server. The results of the
ASP page is displayed in a browser for everyone to see. T
Title: Message
Anyone
have any information on SIZING an enterprise CA?
I
found this for hardware and database size, But what about number of
certificates granted per CA server? Is there a Max per
server?
Hardware Configuration Guidelines
Certificates and certificate publication involv
Title: Message
Way
OT: but couldn't resist the Haiku
(5-7-5)
What
is required?
some of everything MS
MVP
title
-Original Message-From: Diane Ayers
[mailto:[EMAIL PROTECTED] Sent: Friday, October 31, 2003 1:50
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] OUs by se
Title: Message
I have
used this design before. They were generically under a server OU.
Under that, they were separated out by server functions.
Pros
Apply
generic server hotfixes (SUS), Service Packs (GPOs), or configs to
servers.
Since
each function of computer generally ha
This is an ASP page that gives lots of useful info on your windows
systems. Make sure you run in on an IIS box under credentials that have
rights.
I have other ASP pages that will report back Service Pack and hotfixes.
As always
Be sure to test this in test lab first.
I can not be responsible fo
Title: Message
I
wrote this as a VBScript wrapper to NETSH. We have used this to reload
4000 scopes on multiple DHCP servers. You can run this via a batch file
and supply all the required parameters or use it to run interactively for
creating new scopes. Up to you.
As
always test it
Title: Message
Do you
have a link on SUS 2.0 info?
-Original Message-From: Celone, Mike
[mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003
1:26 PMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] SUS Feedback...
We also use SUS with great results. I'm looking fo
...
For the reporting, use the SUS reporting tool.
http://www.susserver.com/Software/SUSreporting/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Parker, Edward
Sent: Tuesday, September 09, 2003 1:27 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS
We use SUS. It works very effectively for us.
We set up the client configuration to install and reboot. The client
services connects and checks for updates. Go to a website and approve.
The client usually gets updated in 24hours.
Some things I wish were better.
1) Reporting needs to be bette
We just installed SP4 on a DC because of two previous DNS issues we were
having. It did indeed fix Q811314 & Q329258. The version in SP4 is
5.00.2195.6715 which is newer than both the previous hotfix version.
-Original Message-
From: Thommes, Michael M. [mailto:[EMAIL PROTECTED]
Sent:
Title: Message
Public
DNS service:
Does
your SOA (primary DNS server) have to be accessible to the internet. Could
you have your primary DNS server be completely blocked by a firewall from the
internet. However configure both your secondaries to respond to internet
requests. I could re
Title: Message
You
need them if you are upgrading AD to .NET as well. (Using a different EXE
than the Exchange ones)
-Original Message-From: Pelle, Joe
[mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 8:52
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir]
/domainp
I know we had this discussion on this list before. I am not sure of the
results. Here are my "real world" numbers
I ran the script below on my domain for the Domain Users Group and got the
following:
There are 23954 users in that group.
Since this is a built in group, I ran it on a manually cr
Title: Message
Not to
install Exchange Server
Exchange Enterprise Server requires Adv Server
-Original Message-From: Sheri Brown
[mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 13, 2002 11:26
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir]
OT: Exchange install
Do yo
Title: Message
Does anyone know how the Exchange ADC works during the first Sync
process? If I setup a two connection agreement, however there is a
conflict between the infomation stored in 5.5 and AD, which one "wins" during
the initial sync process.
EX.
5.5 DisplayName Smith, John
1) Has anyone scripted adding subnets in "AD sites and services"?
2) Has anyone scripted adding a subnet to a specific site in "AD sites and
services"?
Thanks in advance for your time
--EP
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
Has anyone implemented a directory sync tool between AD and PeopleSoft? I
am not sure if iPlanet or MMS does this, but anyone have experience doing
this?
Thanks
--EP
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.m
Title: Message
You can do a backup from
production and restore in the lab. That is probably the
easiest. You will have to run NTDSUTIL and get the FSMO roles back.
You will also have to reset the NTFRS on the first server you bring
online.
You could bring systems up in
production and ma
There is a gotcha. If I remember correctly, When you UPromote a DC, It
brings the server down to a standalone server. All the SAM information is
transferred to the local account info. It re-ACLs everything to the new
local accounts. You can join the server back to the domain as a member
server
Are you using IPX by any chance. We had a problem like this too.
Q260399
-Original Message-
From: [EMAIL PROTECTED] [mailto:rrutherford@;dek.com]
Sent: Tuesday, October 22, 2002 4:27 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] 98 user account lockouts
Hi All,
We have just perform
iginal Message-
From: Hutchins, Mike [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 15, 2002 4:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Create a buttload of DNS zones with PERL
Primary/secondary
-Original Message-
From: Parker, Edward [mailto:[EMAIL PROTECTED]]
Se
Are they Active Directory integrated or primary/secondary?
-Original Message-
From: Hutchins, Mike [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 15, 2002 1:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Create a buttload of DNS zones with PERL
If anyone out there has any info on
We use WMI in VBS scripts regularly. Your sources says it is unreliable,
but we have not had any problems.
-Original Message-
From: Hutchins, Mike [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 15, 2002 1:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Create a buttload of DNS zones
o all other DCs so there would be no reason to set each DC.
Could be wrong thoughwouldn't be the first time
-Original Message-
From: Parker, Edward [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 05, 2002 8:42 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] 1000 row
oup in the strictest sense of the word.
Correct away... (crossing
my fingers ;)
T.
---
Tony Bowman, MCSE, MCSA, CCNA
Harvest, AL
[EMAIL PROTECTED]
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Parker, E
Yes it is called LDAP policy and is set on each DC.
-Original Message-
From: Darren Sykes [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 05, 2002 2:11 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] 1000 row limit
Yes, there is, though I thought it was a domain wide setting rather t
it
was that one) isn't
actually a group in the strictest sense of the word.
Correct away... (crossing
my fingers ;)
T.
---
Tony Bowman, MCSE, MCSA, CCNA
Harvest, AL
[EMAIL PROTECTED]
-Original
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Title: Message
Does this apply to the "Domain Users"
group ?!?
I ran a script against our Domain and
returned over 10,000 users that are a member of "Domain Users"
-Original Message-
From: Hutchins, Mike
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 2:46
PM
To: '
You can do the same thing with 2000. You will have to run NTDSUTIL to move
all the roles to the "UP" systems in the lab, once you move it. If you move
more than one, then you may want to manually setup a connection between them
so they start to sync once they are out of production. (Site and Ser
You do not need sp6 for workstations or member servers in native mode.
These will continue to work. You will need SP6a if you are installing the
Active Directory Client extensions for NT 4.
-Original Message-
From: Mike Santopietro [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 03, 2002
That is it. Just make sure you can successfully do NSLookups to the server
from the inet. Make sure you secure the server and lock it down. Make sure
you are setup as the primary server for your zone. Make sure you have all
your records "copied" over from the ISP for your zone. That should be
I have not tried going from AD Integrated to Primarybut
AD integrated will not replicate to an AD integrated DC in another domain
within the same forest. This is because the DNS info is stored in the
domain partition in AD.
So your replication may not work because you are trying to do ADI
Title: Message
Also Aelita has a product that is called ERDisk
fo AD. It will allow you to be very granular with your restore. You
can restore individual objects or a group policy. You do not have to take
the DC offline in restore mode. You can restore remotely. Also you
can centrally
server?
LCD
-Original
Message-
From: Parker, Edward
[mailto:[EMAIL PROTECTED]]
Sent: Fri 5/17/2002 10:58 AM
To: '[EMAIL PROTECTED]'
Cc:
Subject: RE: [ActiveDir] /3GB
switch
This basically allocates 3GB to User mode apps and 1GB
to Kernel. By
default this wo
This basically allocates 3GB to User mode apps and 1GB to Kernel. By
default this would be 2GB / 2GB. So without the switch the Store.exe will
run out of RAM sooner even if there is additional memory available, since it
is not allocated to user mode apps. If Store.exe runs out of addressable
s
Aelita has a product called Exchange Migration Wizard. The newest version
(3.0) is slated to be released June 1st.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 15, 2002 6:10 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] migration tools - 2
You could use LDAP via VBScript to make the changes. Or you could use the
ADO object to make the changes via VBScript. All you would need was the
logon name and the modification in a TEXT or EXCEL file and you could make
this change to all users listed in the file.
-Original Message-
F
Unicorns aside
If you are going to run separate internet and intranet DNS servers, it
really does not matter if the name spaces are the same. In other words, If
you run a SOA for the same name space, one internal and one external, then
You are fine having them the same. Keep in mind that yo
EMAIL PROTECTED]'
Subject: RE: [ActiveDir] DNS,
WINS, DHCP on same server
I always run those
services on the same box and I have never had a problem
-Original
Message-----
From: Parker, Edward
[mailto:[EMAIL PROTECTED]]
Sent: Friday, May 03, 2002 10:11
AM
To: '[EMAIL PROT
I seem to remember a Q article stating that there is an
issue running DNS, WINS, and DHCP on the same server. Does anyone else recall
this or have any information on this topic?
Thanks --EP
termialServer adsi property with a True/False or
True/Null value that can be set.
The Null value simply means that the property has not been set (the same as
false).
Updating this property will allow or deny Terminal service access.
-Original Message-
From: Parker, Edward
To: '[EMAIL P
Here is a good website for that information, however it appears that info is
kept in the "User Parameters" Field. This would make it difficult to query
update this attribute.
http://home.apu.edu/~captin/ldap/software/activedirectory/attributes/propert
ies/general.php
-Original Message-
F
You would want connection to the FSMO servers from your DCs.
RID...hands out the pool of update IDs, so if your local DC could not
communicate with it then, no more updates for him.
PDC Emu...Password change, lockouts are all sent to him straight away, so
they need to talk.
Etc
I hope this
To ensure query the root servers is working, run the following from the
console of your 2000 DNS server.
>From a CMD prompt
>Nslookup
>Set norec
>Set nosearch
>www.compaq.com. <---Yes use the trailing "."
this should list root serverssince you are hitting the local DNS server
that is non-auth
Within Users and Computersyou can
drag and drop them into the correct OU.
Or
You could pre-create the computer accounts
in the correct OU, and when the computers join, they are already there. This
requires all PC names to be known upfront.
-Original Message-
Fr
We have done this. It is OK to do. FYI: users can access most objects and
attributes via LDAP. You can place security on these items. However, If an
application is expecting to read this item, it will fail. Example would be
exchange. If you block certain attributes, users can not authenticat
e server name there is no
option for replication.
-Original Message-
From: Parker, Edward [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 25, 2002 10:29 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Synchronizing NT 4.0 BDC's
Keep in mind that this is a pull operation.
Keep in mind that this is a pull operation. So the NTDS object will be
pulling from the server in the connection object.
-Original Message-
From: SALANDRA, JUSTIN [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 25, 2002 9:23 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Synchronizi
Try \\DC\sysvol\domain\policies and all the subdirs. The GPO files are
listed there...
-Original Message-
From: Abbiss, Mark [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 8:32 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Group Policy Object and registry keys
How can I loca
I had a similar problem with the lsass.exe with SP2 and an invalid entry for
replication. There is a Q article that states that replication could be set
prior to SP2 with a valid number, however with SP2, this valid range is
smaller and the system give a similar error and reboots. Try finding th
59 matches
Mail list logo
