RE: [ActiveDir] adsiedit question

It might be easier to delete the AD user objects representing the wrongly homed SystemMailboxes, purge the mailboxes and then recreate them using one of the two methods described here: http://support.microsoft.com/kb/316622 Cheers Tony -Original Message- From: [EMAIL PROTECTED] [mailto

RE: [ActiveDir] Hi All,

Hi Somesh Welcome to the discussion list. Tony www.activedir.org _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Somesh Sahu Sent: Monday, 22 January 2007 6:14 p.m. To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Hi All, Hi all, This is somesh,New member

RE: [ActiveDir] AdminSDHolder orphans

5E388DE-4885-4308- B489-F2F1214C811D   Weblog: http://msmvps.org/UlfBSimonWeidner   Website: http://www.windowsserverfaq.org -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Dienstag, 19. Dezember 2006 02:32 To: [EMAIL PROTECTED] Subject: [Ac

RE: [ActiveDir] [OT] E-Mail Template

Hi Milton In future, please use the [OT] prefix in the subject line for off-topic posts such as this. Have a look at the Exchange 5.5. FAQ here for recommendations for adding disclaimers to email messages. http://www.swinc.com/resources/exchange/faq_db.asp?status=questions

RE: [ActiveDir] OT: Different default GALs for different groups

didn't ask for me to write a white paper. J Thanks, M From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Thursday, January 18, 2007 2:33 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Different default GALs for different groups Hi

RE: [ActiveDir] OT: Different default GALs for different groups

Hi Michael Any idea why Microsoft no longer supports this method? Tony _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Friday, 19 January 2007 6:32 a.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Different default GALs for dif

RE: [ActiveDir] Transactional log files are not deleted !!

Hi Senthil Please use the [OT] prefix in the subject line when posting off-topic. Have you looked at the following KB article describing how to manually remove the transaction log files if they are not successfully removed by a backup? http://support.microsoft.com/kb/240145 Tony _

Re: [ActiveDir] client time sync

Have you checked the Type registry parameter? http://www.activedir.org/article.aspx?aid=74 Tony -- Original Message -- From: "Rimmerman, Russ" <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date: Wed, 10 Jan 2007 20:37:53 -0600 I tried it, it

[ActiveDir] [OT] ORDB shutting down

Some news about ordb.org shutting down for those of you that might use it. http://ordb.org/news/?id=38 Tony Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/List.a

Re: [ActiveDir] Exchange reconnect(OT)

Thanks, I'll give it a test. I hate asking the AD guys for more perms... :( On 12/17/06, Tony Murray <[EMAIL PROTECTED]> wrote: > Does the account you are using to perform the reconnect have Send As > permissions on the user object? See the link below for the correct > applica

[ActiveDir] AdminSDHolder orphans

Just wanted to get your opinion on something. When an object becomes a member of one of the groups protected by the AdminSDHolder, the next run of the SDProp thread will: • Replace the object’s security descriptor with that of the AdminSDHolder; • Disable permissions inheritance on

RE: [ActiveDir] Exchange reconnect(OT)

Does the account you are using to perform the reconnect have Send As permissions on the user object? See the link below for the correct application of Send As permissions. http://msexchangeteam.com/archive/2005/01/07/348596.aspx Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[

Re: [ActiveDir] Join a Domain

Also have a look at DNSLint - a great tool for checking your SRV records are published in DNS correctly. http://support.microsoft.com/kb/321046 Tony -- Original Message -- From: "Al Mulnick" <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date:

RE: [ActiveDir] DNS scavenging question

Hi Daniel If this is an AD-integrated zone, it might be helpful to back-up the zone to file before you go ahead with the change - just in case you lose any records you might later want back. http://www.activedir.org/article.aspx?aid=102 Tony -- Original Message

Re: [ActiveDir] ADU&C - Simple question

Because you need to define the query first. The Query string is display only, i.e. it will display the query that you build using the Define Query option. Tony -- Original Message -- From: [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org Date: Wed

RE: [ActiveDir] Is it possible to determine who created an AD object?

Well, I've done some more testing and the results are interesting. In both instances I have the policy in place and set to "Object Creator". 1. If the account used for AD object creation is a member of Domain Admins the owner is shown as Domain Admins. 2. If the

RE: [ActiveDir] Is it possible to determine who created an AD object?

I did Laura's test (the thread was wearing me down ;-)). Even with the policy set to "Object Creator" it still shows Domain Admins as the owner if I create an object with an account that is member of Domain Admins. In my case the Domain Admins group is a member of the built-in Administrators

Re: [ActiveDir] Is it possible to determine who created an AD object?

You might be able to find out who created it by looking at the Owner in the Security tab. However if the account used to create the object is a member of Domain Admins it will show this as owner instead of the specific user's name. There was a discussion thread on this a couple of days ago. ht

Re: [ActiveDir] Tombstone.

Hi Ajay Not sure what network objects you are interested in, but you do have the ability to reanimate tombstoned objects. The main issue with this is that not all of the attributes are preserved when the object is tombstoned, which means you won't get back everything that was lost using this m

Re: [ActiveDir] dynamic variables within an event log entry?

Hi Michael If you have Account Management auditing enabled you should see 624 events that show the account used to create new accounts. Here's an example. *** Event Type: Success Audit Event Source: Security Event Category: Account Management Event ID: 624 Date: 1/12/2006

Re: [ActiveDir] Delegate VPN rights

You will need to modify dssec.dat to expose the property. http://www.activedir.org/article.aspx?aid=24#11 Tony -- Original Message -- From: "WATSON, BEN" <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date: Thu, 30 Nov 2006 09:34:39 -0800 I'm

Re: [ActiveDir] Anonymous Access to Virtual Directory or Web Site...

Hi Ravi Have you checked the NTFS security in addition to the IIS settings? I had a similar problem before and it had to do with the policy settings for User Rights Assignments. “Guests” had been added to the list of those denied access in the following setting: Computer Configuration -> Win

Re: [ActiveDir] Exchange 2003 management tasks overview

You could do worse than the Exchange Server Cookbook. It's got most of the common management and support tasks. There is no spreadsheet showing all the tasksbut there is an index :-) http://www.oreilly.com/catalog/exchangeckbk/ Tony -- Original Message

[ActiveDir] A few things [List Admin]

Hi all   Just a couple of things.   I will be out of the country for three weeks from tomorrow, with only intermittent access to email.  While I am away Matty Holland will be looking after the list.  If you see any problems or need help with unsubscribing, etc. then Matty is you

Re: [ActiveDir] list lastlogontime for every user script

Have you looked at this Perl sample from the AD Cookbook? http://techtasks.com/code/viewbookcode/1608 Another alternative is to write your script around Joe's ADFIND (or even OldCMP). ADFIND has the ability to handle the date formats in a user-friendly way. Tony -- Original Message -

Re: [ActiveDir] Apply a Group Policy to all but one user

You can set a security group filter on the GPO. The archive link shows a method described by Darren Mar-Elia. http://www.mail-archive.com/activedir@mail.activedir.org/msg42964.html Tony -- Original Message -- From: "Alberto Oviedo" <[EMAIL PROTECTED]> Rep

Re: [ActiveDir] Latency in List

I'll look into it. Tony -- Original Message -- From: "Paul Williams" <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date: Wed, 18 Oct 2006 09:49:09 +0100 Yeah, I sort of bitched about it last month when I had some time to reply. I see about 9

RE: [ActiveDir] Lingering info following domain rename with rendom

OTECTED] On Behalf Of Tony Murray Sent: Monday, October 16, 2006 9:19 PM To: activedir@mail.activedir.org Subject: [ActiveDir] Lingering info following domain rename with rendom Hi all I've renamed a domain using the rendom utility. All appears to have gone well, but I now get 5781 Netlog

[ActiveDir] Lingering info following domain rename with rendom

Hi all I've renamed a domain using the rendom utility. All appears to have gone well, but I now get 5781 Netlogon errors in the System event log complaining that it can't register DNS records associated with the old domain. This doesn't appear to affect anything, but I'm keen to know why this

[ActiveDir] [OT] Exchange 2007 Schema

Hi all There are apparently schema changes post Beta 2 - just in case anyone was considering pre-loading the schema changes into production [1]. I don't have any further details on what the changes are. Tony [1] Which of course you wouldn't contemplate with a Beta product :-)

RE: [ActiveDir] ADAM on XP Pro

Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Wednesday, October 04, 2006 7:34 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADAM on XP Pro I've been talking to a vendor about an application they are developing. It involves running ADAM instan

[ActiveDir] ADAM on XP Pro

I've been talking to a vendor about an application they are developing. It involves running ADAM instances on XP Pro machines (laptops) that replicate with a centralised ADAM instance running on W2K3. I don't have further details at this stage, but I believe the they are planning to use the lo

Re: [ActiveDir] ADAM bind Redirection with a NULL password

g is that to use features like Fast Concurrent Bind, you have to do simple bind. It isn't supported with SASL. BTW, does FCB work with bind proxies? I've never tried. Joe K. - Original Message - From: "Tony Murray" <[EMAIL PROTECTED]> To: Sent: Thursday, Sep

Re: [ActiveDir] ADAM bind Redirection with a NULL password

My impression from reading the on-line documentation is that the use of ADAM Proxy Objects and bind redirection is frowned upon anyway. "Proxy users are designed for special circumstances and should only be used as a last resort, when Windows principals cannot be used directly." and "ADAM bind

Re: [ActiveDir] Activesync and OMA not working

D]> Reply-To: ActiveDir@mail.activedir.org Date: Tue, 26 Sep 2006 06:11:53 +0530 support code 85010004 Your account does not have permission to sync with your current settings. Contact your Microsoft Exchange administrator. On 9/26/06, Tony Murray <[EMAIL PROTECTED]> wrote: > What

Re: [ActiveDir] Activesync and OMA not working

What error code do you see on the mobile device with ActiveSync? I've found this table to be helpful in the past. http://www.pocketpcfaq.com/faqs/activesync/exchange_errors.php Tony -- Original Message -- From: "Ravi Dogra" <[EMAIL PROTECTED]> Reply-To: Ac

RE: [ActiveDir] [OT] IIFP GAL Sync: X.500 Addresses

Thanks both of you. I understand the concept of X.500 addresses being useful for maintaining the ability to reply to senders whose mailbox has moved elswhere. It doesn't explain why: A) they are required for the IIFP. At a basic level I can manually emulate the GAL sync behaviour by creating a C

[ActiveDir] [OT] IIFP GAL Sync: X.500 Addresses

Two forest scenario. IIFP 1a. Both forests Windows 2003 SP1 and Exchange 2003 SP2. After initial setup and synchronisation I notice that my synced users (and their corresponding Contact objects in the second forest) acquire two new X500 addresses (one for each Exchange org). Simple question

Re: [ActiveDir] I'm Baaaaaaack!

Yeah, good to have you back on board, Rick. What have you been up to? Tony -- Original Message -- From: ASB <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date: Thu, 21 Sep 2006 15:37:45 -0400 Welcome back, Rick. :) -ASB On 9/21/06, Rick K

Re: [ActiveDir] DC Establishing Session to client on TCP139

Are these maybe clients that have printers published in AD. The pruner on the DCs might be trying to contact the print queues on these workstations. Just a thought. Tony -- Original Message -- From: "Brian Desmond" <[EMAIL PROTECTED]> Reply-To: ActiveDi

[ActiveDir] LDAPEditor

Hi all I recently came across this free ldap editor: http://www.ldapeditor.com/ It has some nice features, such as the ability to sort attributes by name, save searches, edit, etc. Might be of interest to this community. Tony __

RE: [ActiveDir] Ad Reporting Tools

Here's an example of a fairly simple VBScript that will create a spreadsheet and list all the computers (plus their details) below a given level. You should be able to tweak it to give you the information you need. Tony set objExcel = WScript.CreateObject("Excel.Application") objExcel.Visibl

Re: [ActiveDir] Moving Users Between Domains

ADMT should be used for moving objects between domains. Movetree should now only used for objects that cannot be moved using ADMT (e.g. Contacts) Tony -- Original Message -- From: HBooGz <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date: Th

Re: [ActiveDir] [OT] Exchange 2003 ADC Time Sync Issues - Event 8139

Yann Did you see this?: http://www.mcse.ms/message568787.html Tony -- Original Message -- From: Yann <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date: Thu, 7 Sep 2006 20:25:02 +0200 (CEST) Hello all, I have 2 sites Exchange 5.5 Environ

Re: [ActiveDir] seeAlso

I've not seen it used by any specific app. Bear in mind that it is: multivalued not indexed not a member of the partial attribute set (i.e. not replicated via GC) Tony PS. I've always wanted to extend the schema with a new attribute named tracesOfPeanuts, simply so I can see "May Contain: trac

Re: [ActiveDir] [OT] W. in hell [List owner]

blocking someone from sending until something like this is resolved, but he hasn't been receiving anything from the list either. Apparently this is a zero tolerance zone. Oddly enough, that's not in the FAQ, maybe it should be added. Matt On 9/3/06, Tony Murray <[EMAIL PROTECTED]> wrote

Re: [ActiveDir] [OT]The last departmental picnic [list owner]

Not sure what's going on so I have temporarily suspended his subscription. Tony List owner and humourless [EMAIL PROTECTED] Sent via the WebMail system at mail.activedir.org List info : http://www.activ

Re: [ActiveDir] W. in hell [List owner]

Hey Brandon Amusing though it is, the list is not really the place for this. Tony (list owner) -- Original Message -- From: "Brandon Pierce" <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date: Sat, 2 Sep 2006 23:13:41 -0600 George Bush has a

Re: [ActiveDir] Log File Sizes

Hi Mark Yes, I found out about this recently. A customer I am working with has the Maximum Event Log Size for DCs set to 4GB for the security event log. Their log was overwriting existing events at about 470MB and I couldn't figure it out. After some digging I found the following information

RE: [ActiveDir] Printers & AD GUI

Not if pruning is disabled, no. -- Original Message -- From: "joe" <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date: Mon, 28 Aug 2006 01:20:09 -0400 Even if the pruning is disabled? -- O'Reilly Active Directory Third Edition - http://www.

RE: [ActiveDir] Printers & AD GUI

It's not well documented. The best source I found is the whitpaper: Integration of Windows 2000 Printing with Active Directory http://www.microsoft.com/windows2000/docs/printad.doc Here's an extract. "The pruning service, which runs on each domain controller, performs this automatic removal o

RE: [ActiveDir] Server Performance Advisor

s. You can change to expert level to 10 which will cause the report to have all entries in it. Thanks, -Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Thursday, August 24, 2006 10:23 PM To: [EMAIL PROTECTED] Subject: [ActiveDi

[ActiveDir] Server Performance Advisor

Hi all I've been looking at SPA and have been trying to get it to report all LDAP searches. I've managed to get it to report searches, but the results are inconsistent. For example, if I kick off the performance capture and then run an LDAP search that exceeds the configured warning levels I

RE: [ActiveDir] FMSO roles split, patch question.

I agree with Jorge. Seizing is not a for the faint-hearted, as Brett's post from a while back shows... http://www.mail-archive.com/activedir@mail.activedir.org/msg39683.html Tony -- Original Message -- From: "Almeida Pinto, Jorge de" <[EMAIL PROTECTED]> R

RE: [ActiveDir] ADFind Query

-- Dean Wells MSEtechnology t Email: [EMAIL PROTECTED] http://msetechnology.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Tony Murray > Sent: Monday, August 14, 2006 8:03 PM > To: ActiveDir@mail.activedir.org > Subject: R

Re: [ActiveDir] ADFind Query

Have a look at Dean's SchemaDiff on the download page: http://www.activedir.org/Downloads/Downloads.aspx Tony -- Original Message -- From: "WATSON, BEN" <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date: Mon, 14 Aug 2006 14:28:47 -0700 Hey g

[ActiveDir] Share your knowledge with the AD community

Hi all This a reminder that there are a couple of methods by which your can share your AD knowledge and experience with the wider community.In addition to the ability to create your own acticles on ActiveDir.org (http://www.activedir.org/Register.aspx) you can also have your own blog s

Re: [ActiveDir] Different (open)LDAP Question

msDs-User-Account-Control-Computed is a constructed attribute. Constructed attributes cannot be set manually because they are automatically maintained by the system. Tony -- Original Message -- From: "David Aragon" <[EMAIL PROTECTED]> Reply-To: ActiveDir@

Re: [ActiveDir] LDAP query struggle

It depends a little on what you're looking for. Let's say you have a meeting room (MR1) and a user (Bob Smith) has Send on Behalf of permissions for the meeting room. A search using MR1 would use publicDelegatesBL (the back link attribute) and would look something like this: (&(objectclass=u

Re: [ActiveDir] OT: A saturaday getaway.. ?

We'll write this off as a one-off addressing error, shall we? Tony PS. Is Saturaday a wet Saturday? -- Original Message -- From: HBooGz <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org Date: Mon, 31 Jul 2006 15:53:02 -0400 Since we're all prett

RE: [ActiveDir] OT: Domain List

Have you thought of creation a custom administrative template for the registry change for deployment via Group Policy? http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog ies/management/gp/admtgp.mspx Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PRO

RE: [ActiveDir] Forest trust - domain drop down list

mA2, you'll lose the benefit of kerberos authentication from your forest trust (when choosing DomA2 in the logon window). If that's ok for you, this is a solution, but then you might as well get rid of the forest trust... /Guido -Original Message- From: [EMAIL PROTECTED] [mail

[ActiveDir] Forest trust - domain drop down list

Here's the scenario Forest trust between ForestA and ForestB. ForestA has two domains DomA1 (placeholder root) and DomA2 ForestB has one domain DomB Users from DomA2 sometimes log into DomB member machines. DomA2 is not shown in the drop-down list of domain names in the login dialog. DomA1 is sh

RE: [ActiveDir] Replication Problem After DC Demotion

Title: Replication Problem After DC Demotion Are the DNS client settings on the DC in the remaining site maybe pointing to the old DC?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Riley, Devin Sent: Friday, 14 July 2006 12:35 p.m. To: ActiveDir@mail.activedir.org

RE: [ActiveDir] [List Owner] [OT] OOFs from Steven Comeau

http://blog.joeware.net/2006/07/11/445/ ---  I'm serious, you will learn absolutely nothing about Defending Security Infrastructures.       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, July 11, 2006 9:56 PM To: ActiveDir@mail.act

[ActiveDir] [List Owner] OOFs from Steven Comeau

Hi all   I have temporarily suspended Steven Comeau’s subscription, which should stop the out of office replies hitting the list.   Tony This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me

RE: [ActiveDir] [OT] Active Directory Cookbook 2e

have had a look at the O'Reilly website and cannot see what the > differences between the 1st and 2nd editions are. Is it Errata or new > content? > > > > So I am now wondering - why should I buy this, apart from the Authors > and the Blue Fin Tuna on the front?

RE: [ActiveDir] Cross forest issue

You can only add members to Domain Local groups across the forest trust.  Behaviour by design.   Tony   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Friday, 16 June 2006 7:56 a.m. To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Cross fores

RE: [ActiveDir] Active Directory Cookbook 2e

ok at the O’Reilly website and cannot see what the differences between the 1st and 2nd editions are. Is it Errata or new content?   So I am now wondering – why should I buy this, apart from the Authors and the Blue Fin Tuna on the front?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]

RE: [ActiveDir] gpo and script

c.chm file in the %programfiles%\gpmc\scripts folder. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Thursday, 15 June 2006 9:38 a.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] gpo and script Hi Myke Yes it is pos

RE: [ActiveDir] gpo and script

Hi Myke Yes it is possible. Have a look at the sample scripts that come with the Group Policy Management Console (GPMC). http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4 b35-9272-dd3cbfc81887&DisplayLang=en Tony -Original Message- From: [EMAIL PROTECTED] [mailto

[ActiveDir] Active Directory Cookbook 2e

…is now out.    http://www.oreilly.com/catalog/activedckbk2/   Tony This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this com

RE: [ActiveDir] UserName & Psswd Script

I have manually unsubscribed the address.   Tony   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Wednesday, 14 June 2006 8:12 a.m. To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] UserName & Psswd Script   Hi Pete,   Have you

RE: [ActiveDir] bitwise filters

Hi M@ Responses in-line. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe Sent: Tuesday, 13 June 2006 8:08 a.m. To: ActiveDir@mail.activedir.org Subject: [ActiveDir] bitwise filters Guys, I have a few questions on bitwise fil

RE: [ActiveDir] DNS - How to tell the static DNS IP-addresses per server

Here’s another option.   http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=45   There is a Group Policy setting that allows you to override any DNS Servers configured in client IP settings (either manuall or via DHCP).  Unfortunately, it only works on XP.   Computer Configu

RE: [ActiveDir] User Accounts

Great info ~Eric! The link to the start of the thread is: http://www.activedir.org/ml/msg08620.aspx We've just moved the archive onto the ActiveDir.org web site and we're having one or two teething problems with the search feature. :-) Tony -Original Message- From: [EMAIL PROTECTED

RE: [ActiveDir] AD LDAP Logging.

Hi Yann   One option would be to enable logging of all LDAP searches against the DC.   http://www.activedir.org/article.aspx?aid=97   Tony PS.  We’re just loading a new version of the site, so it might take a few minutes before you can load the page.   From: [EMAIL PROTECTED] [m

[ActiveDir] OT: Move Enterprise CA

Hi all   I have to move an Enterprise CA from one DC to another.  The following article appears to show the required steps.   How to move a certification authority to another server http://support.microsoft.com/?kbid=298138   For those of you that have done this, is the process as st

RE: [ActiveDir] setting the regional settings with GPO or other scripts...

You can set the default language and prevent users from changing the regional settings in Control Panel using the following setting: USER\Administrative Templates\Control Panel\Regional and Language Options Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Beha

RE: [ActiveDir] Deny Read Permissions to Group Policy

On the Scope tab of the GPO in the GPMC look at the Security Filtering section. The default is to have the policy applied to "Authenticated Users". Probably the easiest option for you is to: - Create a group and add the 55 users as members. - Remove "Authenticated Users" from the Security Filter

RE: [ActiveDir] Query for user AD info from web application

> Third, an X500 address would be unusual,... Not an everyday occurrence, I agree, but I see these pretty frequently with organizations that have migrated within Exchange 5.5 and then have migrated to Exchange 2000/2003 (or an ADC is in place). Typically, they are used to support replies to email

RE: [ActiveDir] Query for user AD info from web application

The search filter shown below would not be the cause of any issues associated with an X.500 address. We probably need to see more of the code. The attribute "mail" is single-valued, so the X500 address is stored in the "proxyAddresses" attribute. Once the displayName attribute is returned from

RE: [ActiveDir] ADMod - add to memberOf attribute

No, the memberOf attribute, as a back-link to the member attribute, is own by the system and cannot be written to.  You will need to modify the member attribute on the group object you want to add to.   Tony   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Teo De Las H

RE: [ActiveDir] How To Determine What GC a Server is Using?

Title: How To Determine What GC a Server is Using? How about “netstat –b” ?  Look for mad.exe connecting to port 3268 (or 3269 for SSL).   Tony   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stu Packett Sent: Friday, 26 May 2006 1:13 p.m. To: ActiveDir@mail.act

RE: [ActiveDir] OT: Mailing problem exchange 2003 server

As James correctly points out - we do need a little more information to go on.  However, as this is the same Exchange Organization (single forest) we're talking about there may be no need for an SMTP connector.  It depends on how the routing groups are configured.  Perhaps Ajay could provide

RE: [ActiveDir] OT: Exchange Cache Mode -Help

Milton (and everyone else), it would be good if you can use “OT:” in the subject field if you plan to post something off the topic of AD.  That way others can use Inbox rules to filter the messages out if they don’t want to see them.   In response to your question, I think we need a littl

RE: [ActiveDir][OT] Is there a way to force users to logon to domain?

esse - Sincerely, Ulf B. Simon-Weidner   Profile & Publications:   http://mvp.support.microsoft.com/profile="">      Weblog: http://msmvps.org/UlfBSimonWeidner   Website: http://www.windowsserverfaq.org     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of T

RE: [ActiveDir] Is there a way to force users to logon to domain?

I have a rule that auto-deletes Al’s emails as a matter of course.  J   I can confirm what others have said – that the emails are visible in Outlook 2007.   Still checking to see if there is a way to resolve this on the list server side, but haven’t found anything yet.   Tony  

RE: [ActiveDir] OldCmp question

Hi Russ   Just out of idle curiosity, I would be interested to know why you decided to extend the schema to flag all service accounts.  I’ve seen organisations use a specific naming convention to identify service accounts before, but never adding a new attribute.   Tony   From

RE: [ActiveDir] OT: Microsoft Audit Collection System

30 Apr 2006 21:08:56 -0500 It's part of the next MOM release... forget everything you used to know about it. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray > Sent: Sunday, April 30, 2006 8:48 PM > To: activedir@mai

[ActiveDir] OT: Microsoft Audit Collection System

Hi all Does anyone know the story of what happened to the Microsoft Audit Collection System (MACS)? It doesn't appear to have made it as a free download (as was suggested in some TechEd presentations a few years back). Some references indicate that it has been rolled into MOM 2005, but I haven'

RE: [ActiveDir] How to verify which DC authenticated a user account?

You work for an imaginary company? :-) You can check the secure channel using nltest, as follows: Nltest /sc_query: /server: e.g Nltest /sc_query:MYDOM /server:MYSRV Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Friday,

RE: [ActiveDir] how to display DC services on a single line?

Nltest perhaps? C:\Documents and Settings\Administrator.SRDC2>nltest /dsgetdc:north DC: \\DCN1 Address: \\192.168.5.2 Dom Guid: 3efc188a-c7bb-4c72-9129-262d4a4b8fba Dom Name: NORTH Forest Name: north.com Dc Site Name: NORTH Our Site Name: NORTH Flags: PDC GC D

RE: [ActiveDir] Extending the schema

You could look at it the other way and ask what the benefit would be of performing the schema extensions now as opposed to later. The full GC sync that used to cause a replication storm (in certain AD environments) does not occur with 2003 DCs. Given that, historically, Microsoft is not exempt fr

RE: [ActiveDir] IIFP GAL Sync

PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIFP GAL Sync I'm pretty sure it it works fine with W2K AD. MIIS itself needs to run on WS2K3 though.   -gil   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, April 11, 2006

[ActiveDir] IIFP GAL Sync

Hi all   I was discussing GAL sync using IIFP with someone today and he said he thought there was a requirement for the DC that IIFP uses to be 2003.  I can’t see this requirement in the product documentation.  Can anyone confirm this?   Tony     This communication, including any

[ActiveDir] List problems - resolved

You will have noticed that messages are now coming through again.   The problem has been resolved and all should be back to normal.  Any emails sent to the list during the outage will not have been queued, so please send again.   Thanks to the 732 of you who alerted me to the fact that th

RE: [ActiveDir] Daylight savings query

Sounds like a good registry setting to apply via GPO (as you indicate further down in your original email). One option would be go link the policy at the site level, as long as these correspond to the correct time zones you need. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:

RE: [ActiveDir] OT: Microsoft Announces New Price, and Availability of Linux Support, for Virtual Server 2005 R2:

I think that was always on the cards after VMWare made their entry-level server product free. http://www.vmware.com/products/server/ Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, 4 Apri

RE: [ActiveDir] ADAM - logging inefficient and expensive searches

refund on the Cookbook, but seeing that a) I didn’t pay for my copy and b) I was one of the tech reviewers, I would not be coming from a position of strength J   Thanks Joe.   Tony   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Monday, 3 April 2006 4

  1   2   3   4   5   6   7   8   >