play
one on the internet so take the opinion with that knowledge.
Al
On 8/29/06, Wyatt,
David <[EMAIL PROTECTED]>
wrote:
Hi Al
I am "pulling" the
statement from a Microsoft chat transcript found here:
http://www.micros
ct
access to the application. From a network perspective, that's often seen
as an issue because the firewall is then configured for any -->DMZ host.
That really does defeat the purpose of a DMZ in most cases.
My added $0.04 anyway.
-ajm
On 8/25/06, Wyatt,
Davi
Title: Message
Hello
Imagine the
following scenario, you have an internal W2K3 forest and an external W2K3 forest on
the DMZ. Management wish to create one-way trust between the two forests
so the DMZ forest trusts the internal forest for an
application.
I have read that
this is obviou
Title: Message
"I am drinking my second Labatt's not
having to make any difficult decisions"
now thats funny!
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joeSent: 17 Aug 2006 20:26To:
ActiveDir@mail.activedir.orgSubject: RE: [Activ
Title: Message
What are people's
views on whether to enable or disable hyper-threading on a Proliant box running
Windows 2003 as a DC. I remember Intel advised HT to be disabled on
Windows 2000 but has this changed for Windows 2003?. Are the performance
benefits significant for a DC?
T
Title: Message
Are
you able to RDP to the DC when it "hangs"?
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNASent: 04
Aug 2006 14:36To: ActiveDir@mail.activedir.orgSubject:
RE: [ActiveDir] LDAP P
Title: Message
Matt /
Dan - great posts from both of you and this has provided some good material to
start planning.
Thanks
-David
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Matt HargravesSent: 27 Jul 2006
6:36To: ActiveDir@mai
ailto:[EMAIL PROTECTED] On Behalf Of Wyatt, David
Sent: Monday, July 24, 2006 10:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Issue
Hi Steve
Interesting findings. Firstly, yes I am clearing the DNS Cache and not
doing ipconfig /flushdns on the DC.
I have shown the d2 o
Title: Message
I'd be interested to
hear peoples strategy for permissioning windows based file servers when the
server is in a Windows 2003 domain. I have read the best practices about
putting users into global groups then put the global groups into local groups
then permission the resource
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Wyatt, David
Sent: Monday, July 24, 2006 10:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Issue
Hi Steve
Interesting findings. Firstly, yes I am clearing the DNS Cache and not
doing ipconfig
Hi Steve
Interesting findings. Firstly, yes I am clearing the DNS Cache and not
doing ipconfig /flushdns on the DC.
I have shown the d2 output below but also see the following:
1. Clear the DNS cache on DC
2. Submit query for server1.nyc.test.com - success
3. Explicitly delete the record fo
; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS Issue
What version of the DNS binary are you running and if you clear the
cache instead of restart DNS does it resolve the issue?
Thanks,
-Steve
From: [EMAIL PROTECTED] on behalf of Wyatt, David
Sent: Fri
Title: Message
We have a single
Windows 2003 SP1 forest/domain. DCs run AD integated zones. We
have Forwarders configured for a domain e.g. test.com with 2 IP addresses
entered for the DNS servers in test.com.
We have seen a
strange issue where queries for a host in the sub-domain nyc.te
Title: Message
Now here's the problem. The
"just restore and resume approach" could be, in a very specific situation, a bad
idea. I'm sure everything would "work" as such, but as
desired?After a
backup is taken, new security principals might have been created in the domain.
These security
To all single DC folks - when you perform a restore of your single DC
from an image, as part of your procedure do you increase the value of
the RID pool or just restore and resume working?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CP
Title: Message
OK, so
are we saying that WINS (yes, we have a WINS infrastructure) is returning
the SPOKEDC (maybe alphabetically too???)
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Free, BobSent: 24 May 2006 18:17To:
ActiveDir@mail
Title: Message
Seem to have an odd
issue when using the net time command...
Scenario:
Windows 2003 FFL,
single domain, single forest
Hub/spoke site
topology, London hub, other offices spokes
I have logged onto a
Windows 2000 Pro desktop (that is joined to domain) in the hub site.
Title: Message
Good
point! Thanks.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joeSent: 23 May 2006 5:15To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Group
audit
I would set the output up for csv output (see -csv) wh
Title: Message
This
maybe overkill but you could use a GPO to do this. You can configure
service permissions, one of which is:
Change
Template - Change the configuration of a service. This permission is required so
that the user can change the startup type
-David
-Original Mes
Title: Message
Thanks
Joe. I have now used your great adfind tool to find what I'm looking
for. Now have one more question on how to use the
output.
This
is a sample output:
dn:CN=Group1,OU=Groups,OU=Production,DC=help,DC=com
dn:CN=Group5,OU=Groups,OU=Production,DC=help,DC=com
>memb
Title: Message
Hi
I have a text file
holding a list of approx 400 global groups such as:
Group1
Group2
Group3
Group4
etc
I need to query the
membership to find out which of the above global groups have other global
groups as members and then to list the group names, output
example:
Title: Message
Thanks
Ulf.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Ulf B. Simon-WeidnerSent: 24 Mar 2006
23:09To: ActiveDir@mail.activedir.orgSubject: RE:
[ActiveDir] Copying OU permissions
Hi David,
my script at http://www.wind
Title: Message
I need to find a way
to dump the ACLs of an OU structure, then use that dump to re-apply the same
permissions to a different OU. Anyone know of the best way to do
this? I have seen DSACLS but cannot see a way to use a report to
permission a different OU.
cheers
David
Cheers Tomasz.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: 08 Mar 2006 21:39
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Lag Sites
Wyatt, David wrote:
> What MS paper?
>
http://www.microsoft.com/dow
What MS paper?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 08 Mar 2006 13:46
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Lag Sites
The MS paper illustrates a way to achieve this without the USN issue.
neil
Title: Message
Hi
Paul, do you use the disk snapshots to provide the ability to restore an object
or the whole DC (and therefore the whole Active Directory database), or both?
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of PAUL MAYESSent:
Title: Message
Hi
Paul, do you use the disk snapshots to provide the ability to restore an object
or the whole DC (and therefore the whole Active Directory database), or
both?
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of PAUL MAYES
Title: Message
Add
the account that is used to perform the migration to the Administrators
(local) group in the other domain (found in the Builtin container). This
should give you the rights.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf
Title: Message
Goto
the list archive below and type in the search criteria for past
postings:
http://www.mail-archive.com/activedir@mail.activedir.org/
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Lucas, BryanSent: 02 Mar 2006
Title: Message
I remember seeing a
posting that listed the ACLs required on User objects so that a Help Desk could
perform duties such as resetting password, unlocking accounts
etc.
The posting
mentioned the following permissions:
* allow Reset
Password permission for user objects-grant
ctory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: [EMAIL PROTECTED] on behalf of Wyatt, David
Sent: Mon 2/27/2006 5:08 AM
To: ActiveDir@mail.activedir.org
Su
Title: Message
Scenario
You have 2 separate
Windows 2003 forests (FFL) and each forest has a single domain (Windows
2003 domain functional level).
Question
You want to create a
trust relationship. What is the difference in functionality/security
if you create an external trust between the
-Original Message-
From: "Wyatt, David" <[EMAIL PROTECTED]>
Date: Mon, 20 Feb 2006 09:51:16
To:
Subject: RE: [ActiveDir] OT: MOM/Auditing Group Membership changes..
You can but not with the MOM AD Management pack specifically. You will
need to setup a custom alert based on the
Title: Message
You
can but not with the MOM AD Management pack specifically. You will need to
setup a custom alert based on the Event ID (632 I think) that corresponds to a group membership change. You can then get alerted via
email.
-Original Message-From:
[EMAIL PROTECT
Can you use the builtin security principle called SELF?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: 09 Feb 2006 11:53
To: ActiveDir.org
Subject: [ActiveDir] Delegation of permissions
Dear All,
I have been asked to delegate some
Title: Message
Hi
Simon
I was
referring to the procedure for extending the schema (i.e. controlling outbound
replication from the Schema Master etc) rather than designing extensions.
But thanks anyway for this useful info.
Regards
David
-Original Message-From:
[EM
Title: Message
Hi
Frank
Are
they not able to click Start > Logoff from the TS session? If they forget to do this then configure a GPO to reset a disconnected TS session after
x minutes/hours/days
cheers
Dave
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROT
Title: Message
Does anyone know of
a supported procedure to extend the schema in Windows 2003 SP1 FFL
AD?
This message contains confidential information and is intended only
for the individual or entity named.
Title: Message
Thanks, I'll review the articles and see if they answer my
questions.
Regards
-David
-Original Message-From:
Almeida Pinto, Jorge de [mailto:[EMAIL PROTECTED] On Behalf
Of Almeida Pinto, Jorge deSent: 31 Jan 2006 12:14To:
ActiveDir@mail.activedir.orgSubject:
- Original Message -
From: "Wyatt, David" <[EMAIL PROTECTED]>
To:
Sent: Thursday, January 26, 2006 11:12 AM
Subject: RE: [ActiveDir] NETLOGON.DNS
> Hi Paul
>
> I asked Microsoft the same question as we were controlling SRV record
> registration. Read the
Hi Paul
I asked Microsoft the same question as we were controlling SRV record
registration. Read the email below, its an "internal process"
apparently!
-David
Hi David
The information I have received so far, indicate it's internal processes
in our sou
Title: Message
By
default a Windows 2000/XP client will register its A record and the DHCP server
will register the clients PTR record. This can be changed so by using the
3rd party DHCP server you won't lose DDNS, you would configure your clients to
register both A and PTR records. Confi
Prevention is better than a cure. Do as the previous poster suggests
and apply the appropriate NTFS permissions so that users can create and
write files/folders but not delete, move or rename???
-Original Message-
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:[EMAIL PROT
Title: Message
Hi
all...
Scenario:
We have 2 Windows 2003 forests (forest functional
level set at Windows 2003) and each forest has a single domain. There is a
one-way trust between the two forests, Forest A trusts Forest B.
Question:
We need to grant users in Forest B access to
resourc
Title: Message
Which
backup program are you using?
-Original Message-From: Frank Abagnale
[mailto:[EMAIL PROTECTED] Sent: 24 Nov 2005
16:39To: ActiveSubject: [ActiveDir] Outlook installed on
a DC
Hi all,
I have a problem whereby our I've been asked by a manager
You'll have to monitor all the DCs that could authenticate the user and look
out for Logon events in the Security Log. MOM 2005 is great at doing this.
-Original Message-
From: Rocky Habeeb [mailto:[EMAIL PROTECTED]
Sent: 23 Nov 2005 14:35
To: ActiveDir@mail.activedir.org
Subject: [Act
If you delete the netlogon.dns and netlogon.dnb file, restart the DC, it
will recreate the files on startup. If it can't recreate the files,
someones been playing with NTFS permissions.
-Original Message-
From: Al Mulnick [mailto:[EMAIL PROTECTED]
Sent: 18 Nov 2005 15:26
To: ActiveDir
47 matches
Mail list logo