time.
~Ben
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Wednesday, January 10, 2007 2:12 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Client time sync
I have a machine (at least one I know of) that isn't syncing time
I have a machine (at least one I know of) that isn't syncing time with
the domain controller its logging into. I've restarted the win32time
service on it to see if that would sync it and it doesn't. Any
suggestions on where to start? The DC and the client are off by about 9
minutes.
~~
mplain. :)
- Roger
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Wednesday, November 15, 2006 8:03 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DNS Scavenging
We're in the middle of an SMS deployment and SMS is maki
ng is run. So until a DNS server that hosts a
primary copy of the zone performs the scavenging process you can
continue to watch those duplicates accumulate and your SMS admins
complain. :)
- Roger
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
We're in the middle of an SMS deployment and SMS is making us very aware
that DNS scavenging and WINS tombstoning doesn't appear to be happening
as much as it should. Looking through our DNS records for our domain,
there's like 2 and 3 machine names for one IP. Two of them were tossed
in the tra
Looking for the general consensus on best practice for a
domain that was upgraded from 2000 to 2003 and switched to 2003 native
mode.
Looking at http://support.microsoft.com/kb/817470/,
MS recommends that we point the primary dns of all our DCs to a single root
controller in our empty fore
I just did a netlogon AD site cleanup process and want
to delete all netlogon.logs from all DCs in our domain. I noticed you
can't delete it while the netlogon service is running. Is there a better
way to keep these netlogon file sizes down, or delete them regularly than to
stop, delete, a
I think Quest Reporter does this.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Wednesday, September 20, 2006 8:34 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD Reporting Tool?
Our auditors, for the first time, now
be able to replicate all of their partitions (GCs
can replicate partitions they don't own to other GCs).
Laura
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Rimmerman, Russ
It's a Windows 2000 native domain, we're about 4 upgrades
from having all Win2k3 DCs and from what I've read, that should help a lot with
replication.
Automatic site link bridging isnt enabled, and we have 0
site link bridges.
We're a worldwide company with 3 main hubs, but it is a
mes
We
have about 80 AD sites with DCs. All sites are set for a cost of 100 on
the site to site replication, and a replication interval of 15 minutes.
I'm presuming this is probably not a good thing.
One
slow bandwidth site is complaining that their DC is talking to every DC in the
domain
What are the various ways we can control the amount of
replication between a specific DC to other DCs? We have one site that's
wan bandwidth is over utilized and we see that the DC at that site is making
connections to many other DCs (assumably for replication). How can we
control this or
to enable NLA to get the XP sp2 firewall to
consistently
know that the machine was domain joined and thus use the domain profile.
Test first.
Rimmerman, Russ wrote:
> Well I think we figured it out. If we disable the "Network Location
> Awareness (NLA)" service, it cuts the
x27;ve had to enable NLA to get the XP sp2 firewall to
consistently
know that the machine was domain joined and thus use the domain profile.
Test first.
Rimmerman, Russ wrote:
> Well I think we figured it out. If we disable the "Network Location
> Awareness (NLA)" service, it cuts t
veDir] Computer bootup
speeds
Do you have roaming
profiles? Andrew Fidel
"Rimmerman,
Russ" <[EMAIL PROTECTED]>
Sent by:
[EMAIL PROTECTED]
08/09/2006 02:29
PM
Please r
lto:[EMAIL PROTECTED]
On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, August 09, 2006 1:37
PMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Computer bootup
speeds
Do you have roaming
profiles? Andrew Fidel
"Rimmerman,
Russ" <[EMAIL PROTECTED]>
No, just local.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, August 09, 2006 1:37
PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir]
Computer bootup speeds
Do you have roaming profiles?
Andrew Fidel
"Rimmerman,
Is there any easy way to determine why it's taking so long for PCs in
our AD to boot up? It sits at applying settings for quite awhile, so
I'm thinking it may have something to do with GPOs, but most computers
only have 2 or 3 GPOs applied to them. I wouldn't think the GPOs would
take that long
I have a software
installation GPO (published, not assigned) that I have linked to many OUs.
I now want to move it up to the domain level. Will it hurt to have it
linked to both the domain level, and many sub OU levels simultaneously? I
assume the login process is smart enough to see that
Has anyone seen it
where you add a target to a DFS replica set and the target never replicates with
the rest of the targets, and when you look at the eventlog on the target,
there's no errors? The only events are the FRS service starting normally,
no errors at all. There's never an event a
me
Todd Myrick
-Original Message-
From: Rimmerman, Russ [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 15, 2006 10:29 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FRS/DFS woes
When trying to add a new root on the server I'm trying to replicate
from, I get an error "The
t
talking about?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Thursday, June 15, 2006 8:57 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FRS/DFS woes
Also, one more finding - I'm not sure if this helps or not.
root had it's DNS incorrectly configured.
Ultrasound would report any errors sure enough. After decoding what it
all means you'll need a dark room to lie down in for a few hours. :)
Cheers
Danny
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ri
--
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman,
> Russ
> Sent: Thursday, 15 June 2006 12:56 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] FRS/DFS woes
>
>
> Share permissions are everyone full control. NTFS Permissions are
>
is the
sysvol share replicating?
Thanks! :)
themolk.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman,
> Russ
> Sent: Thursday, 15 June 2006 12:56 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir]
other two machines from it? I'm making the assumption that
all 3 machines are in the same domain - this is correct?
themolk.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman,
> Russ
> Sent: Wednesday, 14 June 2006 2:2
We're using this product and extended out schema. No problems to-date.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Tuesday, June 13, 2006 9:06 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Cisco Unity AD schema exten
it
all means you'll need a dark room to lie down in for a few hours. :)
Cheers
Danny
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: 13 June 2006 15:31
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] FRS/DFS woes
I
CTED] On Behalf Of Rimmerman, Russ
Sent: 13 June 2006 15:31
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] FRS/DFS woes
I'm trying to set up a DFS share and having all sorts of issues getting
it to work. I've installed Ultrasound and i'm either not sure where to
look in
I'm trying to set up a DFS share and having all sorts of issues getting
it to work. I've installed Ultrasound and i'm either not sure where to
look in it for the answer or it's not giving me the answer.
I set up a link with 3 targets in a ring replication topology. 2 of the
3 servers are Win2k3
e, a soup-to-nuts resource
for Group Policy information.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Friday, June 09, 2006 12:31 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Another GPO question
If I assign a software
Also check out the Windows Group Policy Guide, a soup-to-nuts resource
for Group Policy information.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Friday, June 09, 2006 12:19 PM
To: ActiveDir@mail.activedir.org
Subject: [Acti
If I assign a software GPO to all users (domain users), how do I ensure
that if one of those users is in the IT department, they won't
unknowingly push the Office Communicator installation to every server in
our server room?
~~
This e-mail is confi
I'm wanting to deploy an MSI (office communicator) to 100% of the
desktops in our domain. These desktops are scattered across the world
over various wan links. I'd like to deploy it with a GPO (assign the
software, not force the install), but I also don't want to kill our wan
links. Is there an
Sorry, you said remotely.
I usually pull it from WMI. In Win32_ComputerSystem there's a property called
"UserName" that stores it along with the domain they're logged into in the
domain\username format.
From: [EMAIL PROTECTED] on behalf of Harding, Devon
Sen
At the dos prompt type "SET USERNAME"
From: [EMAIL PROTECTED] on behalf of Harding, Devon
Sent: Tue 6/6/2006 12:54 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Logged in user
Is there a Command line util., to remotely tell what user is logged into
TECTED]
c - 312.731.3132
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
> Sent: Tuesday, May 23, 2006 9:27 PM
> To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
> Subject: RE: [Activ
What about DHCP on a DC? We just had an issue where our weekly reboot task to
reboot all the DCs failed on one DC and it didn't come back up. Any user at
the site who rebooted their PC was down because they couldn't get an IP from
DHCP. Our standard is to run DHCP on the DCs at each site. H
d I guess...
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Friday, May 19, 2006 11:25 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OldCmp
--- Begin Message ---
Anyone know a way to easibly filter out disabled accounts from the oldcmp
-users report? Would one have to use some sort of bitwise filter from a
translation of a useraccountcontrol 66048 value or something?
<>--- End Message ---
I ended up using
oldcmp -report -age 120
-users -f "(&(objectcategory=person)(objectclass=user)(!(ourAttribute=TRUE)))"
And it
seemed to work.
Thanks
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Monday, May 15, 2006 2:50 PMTo:
ActiveDir@mail.activedir.orgSubj
I've created a new
boolean schema property to flag all of our service accounts in our AD
domain.
I've gone through
and set the boolean to "TRUE" to all the service accounts.
Now I want to use
oldcmp to go through and find all the ones that aren't "TRUE" and meet other
criteria. I've de
ension
Did you flush the schema cache on the schema master?
How are you viewing the "user's AD schema properties"?
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: 09 May 2006 15:38
To: ActiveDir@mail.activedir.o
We received our OID from Microsoft this week, so I went ahead and added
an attribute so I could flag service accounts so we won't accidently
'clean them up' during our account cleanup processes.
I then went to the "User" class and added my new attribute to it.
When I view a user's AD schema prop
down, interrogates, then
uploads its data via a component installed on each machine at build.
Runs over a single port, gets proxied over all our firewalls with SSL,
has self healing and local parent discovery. We couldn't live without
it these days.
Rgds,
Tim
On 5/2/06, Rimmerman, Russ <[EM
--- Begin Message ---
What does everyone use for Asset Inventory purposes? We're thinking of having
some sort of script run via GPO at logon to grab WMI info and software
inventory info for our helpdesk in order to be "more armed" with information
when troubleshooting end-user info. What's ever
Is there an attribute that's generally safe to use, or
are you suggesting we request an OID from Microsoft and make our own
boolean "ourcompanyServiceAccount" attribute?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Friday, April 28, 2006 2:44 PMTo:
ActiveDir@mai
Joe - I sent you an
e-mail, I figured maybe going to this list might get more input on this question
as well:
If I wanted to run an oldcmp -report 120 -users -sort cn -f
"(&(objectcategory=person)(objectclass=user))" -format csv -delim
,
and then send it out
to our remote administrato
Any ideas?
NTFS compression isn't turned on. Maybe a impending drive failure?
Internal event: Active Directory could not update the following object
with changes received from the following source domain controller. This
is because an error occurred during the application of the changes to
A
rectory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Tuesday, April 11, 2006 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Extending the schema
We're a native
--- Begin Message ---
We're a native win2k domain and are a few DC upgrades away from going to 2003
native mode.
We're evaluating Live Communications Server, Sharepoint, Biztalk, etc, etc.
Is there any negatives involved in extending the schema if there's a
possibility we may scrap these p
otion. dcpromo, dcpromoui.logs and the err logs.
M@
On 22/03/06, Rimmerman, Russ <[EMAIL PROTECTED]> wrote:
Yes, from the good DC I can browse the bad DC, but not vice versa. The
bad one can't see anything in the domain, no ADUC, can't browse any
correctly in sites and services? Are you
able to connect from the good DC to the bad DC via ADUC or ADSI? Sounds
like maybe it might have been an unsuccessful promotion!
Thanks... ... ...
...
Sergio J. Olivarez -
Contractor
GD-NS
From:
Rimmerman, Russ [mailto:[EMAIL PROTE
hanks... ... ...
...
Sergio J. Olivarez -
Contractor
GD-NS
From:
Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 22, 2006 3:20
PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Weird AD
problem
Have a small Windows 2000 native AD
domain, 2 DCs total. One of the DCs was rebuilt rec
time or did you have to forcefully remove
it? Did you make sure all traces of the old DC were gone in AD before you
re-promoted it, including all DNS records?
Thanks... ... ...
...
Sergio J. Olivarez -
Contractor
GD-NS
From:
Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, M
Have a small Windows
2000 native AD domain, 2 DCs total. One of the DCs was rebuilt
recently. It was demoted, a new server built, and promoted.
Now, from the new
DC, every server or desktop in the domain it tries to browse, you're prompted
for username/password. Trying to use AD User
Can anyone recommend
any tools to find which of our users have weak AD passwords? We used to
use L0phtcrack back in the day, but it doesn't appear to be supported any
longer? Other than enforcing complex passwords (which we do) and 8
character minimum, we'd like to figure out who uses thin
--- Begin Message ---
Richard Mueller ended up helping me fix it. I had to change one line of code
to say:
objCommand.Properties("Timeout") = 120
It increased the timeout value.
Thanks to all
From: [EMAIL PROTECTED] on behalf of Leroy Clark
Sent: Fri 3/10
OK it finally finished, but it says this error and
output.txt is still 0 bytes:
C:\Scripts>cscript //nologo lastlogon.vbs >
output.txtC:\Scripts\lastlogon.vbs(143, 7) Provider: This operation returned
because the the timeout period expired.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTE
doh. We have 12,000 users and 79 DCs. Should be
interesting.
Thanks
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Creamer,
MarkSent: Friday, March 10, 2006 8:05 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Richard
Mueller's LastLogon.vbs
Yeah – it’s bu
Has anyone used
this? I kicked it off about a half hour ago and I can't tell if it's doing
anything. The output.txt is still 0 bytes and the command line hasn't
returned to me yet. It's acting hung but I dont know if it just takes a
very long time or not. Any experiences with this
scrip
It's odd, the replicate FROM is different than the
replicate TO on these two DCs. Every other DC we've deployed to date is
the same DC for both from and two (always the same DC for all) and these two
decided to pick something different.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
repadmin /showreps for that DC says last replication @
(never). So this DC isn't replicating for some reason. Not sure why
yet, the subnet is defined properly and everything else looks
good.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge deSent: Wedn
I see the problem, this remote DC has a "replicate from"
correctly but the replicate to was a different DC. I deleted the
replication link to that DC and now there's nothing in the "Replicate to" blank
for that DC. So it will repopulate within 15
minutes?
From: [EMAIL PROTECTED]
[mailto
All our remote sites automatically pick the same DC at DHQ,
but this site picked a DC that is our primary DNS server at DHQ for some
reason. We've never had that DC be selected by the KCC before, and I'm not
sure why it picked that one instead.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTE
If you promote a new
domain controller and it doesn't automatically generate the right replication
links, is it safe or recommended to delete the link it generated and manually
create the replication link? Or if you delete it will it try to
automatically generate it again?
If you were a 20
user non-profit organization that were having a serious problem with SPAM, had
an Exchange server in-house but an external internet provider that was
"filtering" and forwarding your e-mail but not doing a good job, what
product or solution would you recommend? The problem i
On 2/28/06, Rimmerman,
Russ <[EMAIL PROTECTED]>
wrote:
We found out all our AD accounts got messed
up sometime over the last few days and now none of the accounts in our AD have
the "inherit permissions from parent" enabled so no one has rights to modify
accounts. Is there an
We found out all our
AD accounts got messed up sometime over the last few days and now none of the
accounts in our AD have the "inherit permissions from parent" enabled so no one
has rights to modify accounts. Is there an easy way to re-enable the
inherit parent permissions checkbox en mass
Through the "Restricted Groups" GPO provided out of the
box. It replaces membership of groups on local desktops and/or servers
with selected users/groups so that no one can modify the local adminsitrators
group without it changing back to our standard. See http://www.windowsecurity.com/arti
True, but theoretically no users know the local
administrator password on their PCs.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah
EigerSent: Tuesday, February 14, 2006 1:06 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Local admin
priviledges
Also, pi
Ahh yes, we do have all users in one global group, and that
global group is auto-added to every local administrators group on each PC
through GPO. I guess that explains that.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander
KooiSent: Tuesday, February 14, 2006 9:4
Well someone just
realized that since all our users are local admins on their PCs that they can
map to another users C$ share and see all their data. They asked mgmt if
they knew about that, and now of course, they're concerned about it. It's
been this way for years, but I digress.
SO, w
--- Begin Message ---
Is anyone using any single sign-on products that they can recommend? Our new
CIO is interested in bringing this project back to life. We looked into it
awhile back and it was cost prohibitive. We've looked at Protocom and
Passlogix in the past, and they both seemed to be
eting contacts via script
Rimmerman, Russ wrote:
> What's the easiest way to delete a bunch of contacts in AD with a
> script? I've added AD accounts in the past via a script but never
> deleted or added contacts via a script. Is there anything available
> tod
What's the easiest
way to delete a bunch of contacts in AD with a script? I've added AD
accounts in the past via a script but never deleted or added contacts via a
script. Is there anything available today to make this
easy?
~~
This e-mail i
Well he's a helpdesk guy that needs to be able to reset
passwords for everyone in the domain, so I would need to delegate him
permissions at the highest level OU, whereas right now he's in account operators
so he automatically can do it. Once I remove him from account operators,
I'll have t
I did just find that he's a member of a group which is a
member of Account Operators group. So I need to remove him from this group
in order for his adminCount to stay ? If that's true, then
I will have to delegate him permissions at the top since he can't be an Account
Operator anymore.
The user was removed from all protected groups long
ago. The problem is, his adminCount attribute is still getting set back to
1. I set it to , enable ACL inheritence and set his default
permissions back, and an hour later I re-check his account and adminCount is set
back to 1, and the sec
I have a user that
was migrated from our old NT4 domain into our AD domain as a domain
admin. We removed him from domain admins on the AD
side.
I set his
'adminCount' attribute to from 1 so others could modify his
account.
Every time I blank
out the 1 setting, I look the next day an
I just installed this and looked at it for the first time. Very cool.
How does it work on Win2k3 and Exchange2k3? It does seem a bit slow,
but it works good. Is anyone using this in a production environment
today?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] O
here are some things like this one that you don't see in the GUI when
you enable them.
It applies to XP and 2003, not 2000 The explanation text in the policy
specifies that.
John
"Rimmerman, Russ"
<[EMAIL PROTECTED]
|Setting
|
|---+---
--|
|Dynamic Update |Disabled
|
|---+---
--|
"Rimmerman, Russ"
<[EMAIL PROTECTED]
rcameron.com&g
I recall some
discussions about this before and understand Windows 2003 offers a lot better
options, but what are the current best solutions for allowing users to backup
their PDF, DOC, XLS, PPT type important files, and also backing up their e-mail
(PST)? I could quickly script something,
In
Windows 2000 I was able to create a legal notice caption with carriage returns
in it by editing the binary of the registry key and adding a 0D00 value
(carriage return hex). This doesn't appear to work for me in Windows 2003
- it just shows a square box instead of doing the carriage retu
erver2003/library/ServerHelp/1050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman, Russ <[EMAIL PROTECTED]>
wrote:
What's the easiest and
quickest way to rename a large (1000+) number of AD user accounts? LDIFDE?
AD.NET? Or is there something
easier? I&#x
ce you have the
information in Excel already:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/1050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman, Russ <[EMAIL PROTECTED]>
wrote:
What's the easiest and
quickest way to r
Subject: Re: [ActiveDir] Renaming AD
accounts en masse
CSVDE is probably a good bet since you have the
information in Excel already:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/1050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman
he
information in Excel already:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/1050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman, Russ <[EMAIL PROTECTED]>
wrote:
What's the easiest and
quickest way to rename a large
CSVDE is probably a good bet since you have the
information in Excel already:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/1050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman, Russ <[EMAIL PROTECTED]>
wrote:
What's t
rodtechnol/windowsserver2003/library/ServerHelp/1050686f-3464-41af-b7e4-016ab0c4db26.mspx
Phil
On 11/17/05, Rimmerman, Russ <[EMAIL PROTECTED]>
wrote:
What's the easiest and
quickest way to rename a large (1000+) number of AD user accounts? LDIFDE?
AD.NET? Or is there something
eas
What's
the easiest and quickest way to rename a large (1000+) number of AD user
accounts? LDIFDE? AD.NET? Or is there something easier? I'm
going to be importing 1000+ AD accounts that are first.last for the username and
will want to rename them to a specific username listed in an excel
Title: [ActiveDir] Automatically created replication links
What if we think it should have left that replication link
there so we don't have to wait hours for our AD data to replicate
overseas? Do we have to just manually create the replication link after it
decided to delete it without noti
We had one of our remote sites that had an automatically generated (by
KCC) replication link have its automatically generated link disappear.
Can this happen without anyone physically deleting it? Also, what would
cause it to not automatically regenerate itself? It's set up just like
all our oth
When you're doing a computer account cleanup in an AD domain using
something like OldCmp from JoeWare.net, if you have users who rarely
connect to the domain more than 1 or 2 times per year, how do you
prevent from deleting their computer accounts? I am guessing there's
not a way, other than to j
Is there any way to add "Authenticated Users" built-in group to the
local administrator group on every PC using restricted groups GPO?
Basically I want an easy way to make sure all users are local admins on
their PCs without creating a custom group. Should I just use xxx\domain
users instead?
LastLogon timestamp
I used 3rd party software Hyena.
Rimmerman, Russ wrote:
>What's the easiest way to find out the last logon time of a user
account? And if you have 50 domain controllers, would you have to query
each one for it, or is this replicated some how? We're in a native
w
What's the easiest way to find out the last logon time of a user account? And
if you have 50 domain controllers, would you have to query each one for it, or
is this replicated some how? We're in a native win2k domain with mostly win2k3
DCs.
Thanks
~~~
Know of an easy way to find out who? I'm assuming
auditing, but our security logs are unwieldy and if it happened over a couple
days ago, well you know how that goes.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard,
AricSent: Monday, September 26, 2005 3:58 PMTo:
A
I just noticed our
domain-wide operations masters levels all changed. We've had the same
pdc/rid/infrastructure master for years, and suddenly, it's on a different
domain controller. Is there any way this could have changed
automatically? Or did a domain admin have to physically make this
1 - 100 of 312 matches
Mail list logo
