on the internet so take the opinion with that knowledge.
Al
On 8/29/06, Wyatt,
David [EMAIL PROTECTED]
wrote:
Hi Al
I am "pulling" the
statement from a Microsoft chat transcript found here:
http://www.microsoft.com/technet/community/chats/trans/
Title: Message
Hello
Imagine the
following scenario, you have an internal W2K3 forest and an external W2K3 forest on
the DMZ. Management wish to create one-way trust between the two forests
so the DMZ forest trusts the internal forest for an
application.
I have read that
this is
Title: Message
"I am drinking my secondLabatt's not
having to make any difficult decisions"
now thats funny!
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joeSent: 17 Aug 2006 20:26To:
ActiveDir@mail.activedir.orgSubject: RE:
Title: Message
What are people's
views on whether to enable or disable hyper-threading on a Proliant box running
Windows 2003 as a DC. I remember Intel advised HT to be disabled on
Windows 2000 but has this changed for Windows 2003?. Are the performance
benefits significant for a DC?
Title: Message
Are
you able to RDP to the DC when it "hangs"?
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNASent: 04
Aug 2006 14:36To: ActiveDir@mail.activedir.orgSubject:
RE: [ActiveDir] LDAP
Title: Message
Matt /
Dan - great posts from both of you and this has provided some good material to
start planning.
Thanks
-David
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Matt HargravesSent: 27 Jul 2006
6:36To:
Title: Message
I'd be interested to
hear peoples strategy for permissioning windows based file servers when the
server is in a Windows 2003 domain. I have read the best practices about
putting users into global groups then put the global groups into local groups
then permission the resource
:[EMAIL PROTECTED] On Behalf Of Wyatt, David
Sent: Monday, July 24, 2006 10:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Issue
Hi Steve
Interesting findings. Firstly, yes I am clearing the DNS Cache and not
doing ipconfig /flushdns on the DC.
I have shown the d2 output
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Wyatt, David
Sent: Monday, July 24, 2006 10:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Issue
Hi Steve
Interesting findings. Firstly, yes I am clearing the DNS Cache and not
doing ipconfig
Hi Steve
Interesting findings. Firstly, yes I am clearing the DNS Cache and not
doing ipconfig /flushdns on the DC.
I have shown the d2 output below but also see the following:
1. Clear the DNS cache on DC
2. Submit query for server1.nyc.test.com - success
3. Explicitly delete the record
; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Issue
What version of the DNS binary are you running and if you clear the
cache instead of restart DNS does it resolve the issue?
Thanks,
-Steve
From: [EMAIL PROTECTED] on behalf of Wyatt, David
Sent: Fri
Title: Message
We have a single
Windows 2003 SP1 forest/domain. DCs run AD integated zones. We
haveForwarders configured for a domain e.g. test.com with 2 IP addresses
entered for the DNS servers in test.com.
We have seen a
strange issue where queriesfor a host inthe sub-domain
To all single DC folks - when you perform a restore of your single DC
from an image, as part of your procedure do you increase the value of
the RID pool or just restore and resume working?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
Title: Message
Now here's the problem. The
"just restore and resume approach" could be, in a very specific situation, a bad
idea. I'm sure everything would "work" as such, but as
desired?After a
backup is taken, new security principals might have been created in the domain.
These security
Title: Message
OK, so
are we saying that WINS (yes, we have a WINS infrastructure)is returning
the SPOKEDC (maybe alphabetically too???)
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Free, BobSent: 24 May 2006 18:17To:
Title: Message
This
maybe overkill but you could use aGPO to do this. You can configure
service permissions, one of which is:
Change
Template - Change the configuration of a service. This permission is required so
that the user can change the startup type
-David
-Original
Title: Message
Good
point! Thanks.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joeSent: 23 May 2006 5:15To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Group
audit
I would set the output up for csv output (see -csv)
Title: Message
Thanks
Joe. I have now used your great adfind tool to find what I'm looking
for. Now have one more question on how to use the
output.
This
is a sample output:
dn:CN=Group1,OU=Groups,OU=Production,DC=help,DC=com
dn:CN=Group5,OU=Groups,OU=Production,DC=help,DC=com
member:
Title: Message
Hi
I have a text file
holding a list of approx 400 global groups such as:
Group1
Group2
Group3
Group4
etc
I need to query the
membershipto find out which of the above global groups have other global
groups as members and then to list the group names, output
example:
Title: Message
Thanks
Ulf.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Ulf B. Simon-WeidnerSent: 24 Mar 2006
23:09To: ActiveDir@mail.activedir.orgSubject: RE:
[ActiveDir] Copying OU permissions
Hi David,
my script at
Title: Message
I need to find a way
to dump the ACLs of an OU structure, then use that dump to re-apply the same
permissions to a different OU. Anyone know of the best way to do
this? I have seen DSACLS but cannot see a way to use a report to
permission a different OU.
cheers
David
Cheers Tomasz.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: 08 Mar 2006 21:39
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Lag Sites
Wyatt, David wrote:
What MS paper?
http://www.microsoft.com/downloads
Title: Message
Hi
Paul, do you use the disk snapshots to provide the ability to restore an object
or the whole DC (and therefore the whole Active Directory database), or
both?
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of PAUL
Title: Message
Hi
Paul, do you use the disk snapshots to provide the ability to restore an object
or the whole DC (and therefore the whole Active Directory database), or both?
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of PAUL MAYESSent: 08
What MS paper?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 08 Mar 2006 13:46
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Lag Sites
The MS paper illustrates a way to achieve this without the USN issue.
Title: Message
I remember seeing a
posting that listed the ACLs required on User objects so that a Help Desk could
perform duties such as resetting password, unlocking accounts
etc.
The posting
mentioned the following permissions:
* allow Reset
Password permission for user objects-grants
Title: Message
Goto
the list archive below and type in the search criteria forpast
postings:
http://www.mail-archive.com/activedir@mail.activedir.org/
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Lucas, BryanSent: 02 Mar 2006
Title: Message
Add
the account that is used to perform the migration to theAdministrators
(local) group in the other domain (found in the Builtin container). This
should give you the rights.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of
Title: Message
Scenario
You have 2 separate
Windows 2003forests (FFL) and each forest has a single domain (Windows
2003 domain functional level).
Question
You want to create a
trustrelationship. What is the difference in functionality/security
if you create an external trust between the 2
Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: [EMAIL PROTECTED] on behalf of Wyatt, David
Sent: Mon 2/27/2006 5:08 AM
To: ActiveDir@mail.activedir.org
Subject
Title: Message
You
can but not with the MOM AD Management pack specifically. You will need to
setup a custom alert based on the Event ID (632 I think) that corresponds toa group membership change. You can then get alerted via
email.
-Original Message-From:
[EMAIL PROTECTED]
-Original Message-
From: Wyatt, David [EMAIL PROTECTED]
Date: Mon, 20 Feb 2006 09:51:16
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: MOM/Auditing Group Membership changes..
You can but not with the MOM AD Management pack specifically. You will
need to setup a custom alert based
Can you use the builtin security principle called SELF?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: 09 Feb 2006 11:53
To: ActiveDir.org
Subject: [ActiveDir] Delegation of permissions
Dear All,
I have been asked to delegate some
Title: Message
Hi
Frank
Are
they not able to click Start Logoff from the TS session? If they forget to do this then configure a GPO to reset a disconnected TS session after
x minutes/hours/days
cheers
Dave
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL
Title: Message
Hi
Simon
I was
referring to the procedure for extending the schema (i.e. controlling outbound
replication from the Schema Master etc) rather than designing extensions.
But thanks anyway for this useful info.
Regards
David
-Original Message-From:
[EMAIL
Title: Message
Does anyone know of
a supported procedure to extend the schema in Windows 2003 SP1 FFL
AD?
This message contains confidential information and is intended only
for the individual or entity named.
Title: Message
Thanks, I'll review the articles and see if they answer my
questions.
Regards
-David
-Original Message-From:
Almeida Pinto, Jorge de [mailto:[EMAIL PROTECTED] On Behalf
Of Almeida Pinto, Jorge deSent: 31 Jan 2006 12:14To:
ActiveDir@mail.activedir.orgSubject: RE:
Message -
From: Wyatt, David [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Thursday, January 26, 2006 11:12 AM
Subject: RE: [ActiveDir] NETLOGON.DNS
Hi Paul
I asked Microsoft the same question as we were controlling SRV record
registration. Read the email below, its an internal
Title: Message
By
default a Windows 2000/XP client will register its A record and the DHCP server
will register the clients PTR record. This can be changed so by using the
3rd party DHCP server you won't lose DDNS, you would configure your clients to
register both A and PTR records.
Prevention is better than a cure. Do as the previous poster suggests
and apply the appropriate NTFS permissions so that users can create and
write files/folders but not delete, move or rename???
-Original Message-
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:[EMAIL
Title: Message
Hi
all...
Scenario:
We have 2 Windows 2003 forests (forest functional
level set at Windows 2003) and each forest has a single domain. There is a
one-way trust between the two forests, Forest A trusts Forest B.
Question:
We need to grant users in Forest B access to
resources
Title: Message
Which
backup program are you using?
-Original Message-From: Frank Abagnale
[mailto:[EMAIL PROTECTED] Sent: 24 Nov 2005
16:39To: ActiveSubject: [ActiveDir] Outlook installed on
a DC
Hi all,
I have a problem whereby our I've been asked by a manager
You'll have to monitor all the DCs that could authenticate the user and look
out for Logon events in the Security Log. MOM 2005 is great at doing this.
-Original Message-
From: Rocky Habeeb [mailto:[EMAIL PROTECTED]
Sent: 23 Nov 2005 14:35
To: ActiveDir@mail.activedir.org
Subject:
If you delete the netlogon.dns and netlogon.dnb file, restart the DC, it
will recreate the files on startup. If it can't recreate the files,
someones been playing with NTFS permissions.
-Original Message-
From: Al Mulnick [mailto:[EMAIL PROTECTED]
Sent: 18 Nov 2005 15:26
To:
44 matches
Mail list logo