This may give you a lead.
http://www.readymaids.com/Portals/1/Remove%20Orphaned%20SMTP%20Addresses%20-R
US-helper%20.txt
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the To
Russ,
The trailing dot issue is a classic nslookup behavior (some call it bug :)).
Nslookup does domain devolution on all lookups and, unless the query is
terminated with a ".", any rlookup for a record will always be submitted by
nslookup in the following fashion: recordname.current.dns.context.
at is that better answer in your opinion?
>
> The better answer is to understand why this needs to be done and explain
> how
> you can get away from it. I have lived the "Fortune 5 argue until you
> are
> blue in the face about giving out too many permissions" life. When I
we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of joe
Sent: Fri 5/20/2005 10:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO not applied - thin
Joe, you pretty much agreed with the lag site proposition towards the end of
your piece. Whether you virtualize it, put it is a different physical
location or just put it on a piece of hardware sitting in the same server
room and configured with a different replication schedule, it all comes down
t
Machine startup script, with something like:
net localgroup|find /i "administrators"
If errorlevel=0 goto :English
net localgroup|find /i "administratoren"
If errorlevel=0 goto :German
net localgroup|find /i "Administrateurs"
If errorlevel=0 goto :French
goto :End
:English
net loca
A script doing ldap query for "objectclass='contact'" and writing that into a
database or to a file (using FSO) would be an option - for me.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize th
The account does not have to be a domain account. Unless the client is
running IIS on the DCs, you can always create a local account on the IIS
server and use that for the FTP. No tangling with AD.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids
It looks like you have more than one DNS servers. It looks like you are
having serial number versioning issues with the zone. It looks like you are
making changes on serverA and serverB has a higher serial number for the zone
than what's on ServerA. It then looks like when the zone converges, the i
If you are auditing Directory Service Access (for success and failure) you
will see a success event of ID 566 whenever an AD-intg record is
created/deleted (or modified).
The clue to the deletion is that you will see the following (in addition to
others):
Accesses: Write Property
Properties: Writ
It's late here, so I'll make this a quick reply. I know you said that MS is
working on "such things", so I'm rooting for you. But, in the absence of any
other feasible mechanism at this time, we are left with coming up with our
own concotion.
Your statement:
>>>- You need to establish trust bound
Neil,
I'm not sure I follow you here. Are you saying people use DNS to do port
redirection for requested records? As in, I go and create an alias called ww2
in a domain called xcompany.com and I am able to specify the port and get DNS
to inspect a request for ww2.xcompany.com:portABC and redirect
No, you can't.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] o
Google-fu to the rescue.
http://windows.about.com/od/tipsarchive/l/bltip002.htm
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?
Can't be SP3. I stopped messing with 2K in SP3 and the Island thing was still
there. I wasn't even aware that SP4 fixed the issue, but I haven't worked
much on an SP4 environment to know for sure.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.
When you migrate a user with SIDHistory in place, the user (in the new
domain) now effectively has 2 SIDs - one from the old domain and one from its
new domain.
OK. You have resources (say fileshare) in the old domain and the resource was
permissioned for users in the old domain. Say the user you
It's very likely because you don't have your exchange forest spanning
multiple domains. The WINS reliance starts to manifest itself in a
multi-domain scenario.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do
I see that the absence of that critical smiley tripped you. Here :) :)
OK, now that we've got that out of the way, here's what I was trying to say
in a round-about way. DNS Islanding is a W2K issue. If my reading materials
and readings glasses are good, then this problem does not afflict W2K3. So
No, you can't do without WINS yet. Maybe "in Longhorn time".
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
_
<[EMAIL PROTECTED]>
To:
Sent: Sunday, May 08, 2005 12:41 PM
Subject: RE: [ActiveDir] OT: e-mail archiving systems
:o)
Good to hear from you, Missy. Even if it was meant to be a private message
to Deji.
Keep in touch, would you?
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows
Correct.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on beha
>>> True for Windows 2000 as well
To which I trembled and exclaimed:
Don't you mean: True for Windows 2000, but not for Windows 2003? My cheat
sheets say that's what you meant. Maybe they need updating.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.
>>> one thing I would like to try is to see if it would make hosting split
brain DNS zones with out the need to sync them manually.
No. Conditional Forwarding is not the answer to split-brain limitations.
Until MS comes up with something specifically designed for this, you are
still left with
http://www.readymaids.com/Portals/1/Docs/W2K3/DNS/Stub%20Zones%20and%20Condit
ional%20Forwarding.htm
That should give you all you need.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that
>>>2. I believe that KRB5KRB_ERR_RESPONSE_TOO_BIG implies that the response
was too big for UDP
I can second that belief. I only see these in the logs on domains where Kerb
traffic has NOT been forced to TCP. A regular symptom in such domains is the
notorious event Id 5719, the inability to join
It's not always SPAM, dood :) See http://en.wikipedia.org/wiki/Joe_job
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
___
I can only speak to KVS, and I can not say what I think of them in such a
decorous forum.
If you do get to speak with them in the course of your evaluation (you are
going to do a thorough eval, right?), be sure to ask them what happens if you
run out of room on a vault and you want your users to
Try http://www.cexx.org/lspfix.htm
HTH
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
Options? As in what tools can you use to do it?
http://www.klcconsulting.net/smac
Options? As in why do it? Plenty. When I was "growing up" we used it to
"share" connections, although the ISP thought we were stealing bandwidth and
that it was illegal. Whatever! It's been known to also be a favorite
Joe, are the royalty checks coming in yet? LOL. This is the second time on
WinITPro, no?
If you need help spending the million bucks, please remember that I
volunteered first :)
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
One day I told my boss "you just stick to being my boss, and I will figure
out the technical details". Hosts files are now troubleshooting tools or
props for when things are not properly configured and you need to "patch"
them. If your description of your boss' reasons for using hosts files as
DNS-
I used to store the password in the batch file before I got my brains bashed
out on this list. So, I went back and store the password in a DB, read it on
the fly from a vbs and pass it onto bat.
What's taking you guys so long to give us a more elegant solution for this
"must-have"? Until you do,
>From the way I am reading this, it appears that you are yanking out (a copy
of) a child domain and expecting to be able to transfer the Schema (which
existed in the root) to a DC in the child domain. For all intent and purpose,
you now want your newly-minted (DR'ed) Domain to appear as if it never
He is. That is why they are able to resolve xyz.com externally.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
__
rosoft.com Web page that matches your entry.
It is possible you typed the address incorrectly, or the page may no longer
exist. You may wish to try another entry or choose from the links below,
which we hope will help you find what you're looking for.
deji
List info : http://www.activ
That's a good work-around, but it will not make his original problem go away.
He's looking to resolve xyz.com, which happens to be his internal domain
name. Robert, unless your DCs are also your web servers, you will have to
forget about this idea. Your DCs use that address, and if you try to hac
Looks like XP-SP2 FW issue. Did your clients just recently apply SP2?
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
If I have a rule that says Kurt Hill must know the lock code to the server
room, where should I put the lock and set the code? On Kurt Hill, or on the
Server Room door?
If I put the lock on (with the code) on Kurt, and Kurt goes to the server
room, who will validate and enforce the "rule"?
I kn
Then, we can safely conclude that "this is by design". If you want a
different behavior, go ahead and exclude those addresses.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is th
Known issue :) Google "systemced". Look at KB 269075
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
_
It doesn’t prove anything. It just means that there was a problem
somewhere during the separation and the process did not complete gracefully “for
various reasons”.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Dir. Services / Security
www.readymaids.com - we know
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Friday, April 08, 2005 11:17
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SSL on
OWA to change password
Yeah. What he said. ;)
Thanks Deji
Roger Seielstad
E-mail Geek
That goes into a standard default.htm or index.htm page located on the
inetpub/wwwroot folder.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Dir. Services / Security
www.readymaids.com - we know IT
www.akomolafe.
I have exactly what you are looking for. But
describing and commenting it all is such a pain I don’t want to go
through the exercise again. I can share the code, but being a spaghetti coder,
I’m not sure you’d be able to decode it. I shared it with someone
(who shall remain nameless J) on t
In DNS, look at the _msdcs.CSG-IT.NET zone and see if you can find that
GUID in there.
Look in your Site and
Services and go to the server “VMDC”.
Look at the NTDS Settings for that server and see if you can find a connection
with that GUID.
In either case, if you find
that GUID, just
I agree it is most likely anything else but DNS problem. If you are
able to, copy one of those accounts and log in with the new copy. Does the
problem follow the new account? Could you post back with your finding?
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Dir.
Did you follow the link James provided? I think that doc should answer
all 3 qs.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Dir. Services / Security
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worri
Yes, it came out, didn’t see its shadow …..looong
winter J
Seriously, it’s finalized and ratified, but I’ve yet to see
the compatible hardware in store.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Dir. Services / Security
www.readymaids.com - we know IT
Check your inbox
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Dir. Services / Security
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
-Original Message-
From:
Would putting the output into a dictionary set and then sorting and
writing them out not be feasible? Would this not be easier (and on-the-flyish)
than dumping it into SQL?
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Dir. Services / Security
www.readymaids.co
you rebooted (or performed ipconfig /flushdns or net stop/start
dnscache) on the clients who are still returning the old info. Have you
restarted DNS services on the DNS servers? Is your DNS zone being properly
transferred/updated on all the DNS servers?
Deji
-Original Message-
From
the KB offered by Mark Parris?
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brahim Bouchaiba
Sent: Friday, April 01, 2005 10:20 AM
To: ActiveDir@mail.activedir.org
Cc: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Win 2003 DNS issues
the
Virus actually did, that, too, may not be a good cure since it’s possible
that the infection had replicated to the “clean” DCs. But, rather
than trying to chase your tails, a reinstall is my best recommendation.
Deji
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
Al, you know that a resolution problem
will sometimes prevent SID translations. So, the mere fact that you see SIDs
(rather than names) listed in your ACL does not necessarily indicate that those
accounts are dead. So, verification is in order here, IMO.
Deji
From:
[EMAIL
I believe that the Host will tell you when your VM addition is out of
date. I don’t know where it pulls the info from, but I’ve had to
update several guests a couple of times.
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carlos
Install SP1 on the Host as well. See if the guests start crawling after
that.
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Thursday, March 31, 2005 1:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir
unusable
since then because of the painful response. Again, I’ve always blamed it
on R2 because prior to SP1->R2 install, the guests were all happy. Yes, VM
additions are always applied.
Deji
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Grillenme
I have the same issue, but I have always blamed it on R2.
Deji
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Grillenmeier, Guido
Sent: Thursday, March 31, 2005 12:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] 2003 SP1
, EDC membership is what makes this possible. I am not
sure that that is a good description because I am sure that there are other
things that are considered, but …..
Deji
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Kern, Tom
Sent: Thursday, March 31, 2005
12:00 PM
OK, this is news – to me. Do you
want it chased, or are you in a position to get a direct MS opinion on it
yourself? Since ~Eric has chimed in, I think we should hand it off to him J
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega
Sent: Thursday
Look for S-1-5-9 in the “Foreign SecurityPrincipals”
container.
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Thursday, March 31, 2005 10:14 AM
To: ActiveDir (E-mail)
Subject: [ActiveDir] Enterprise
domain controllers
n, the
domain in question.
It is COMPUTED.
>>> You're not telling me that there is an inherited
membership in EDC are you?
YES
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb
Sent: Thursday, March 31, 2005 8
Lou, what security fix are you asking about? I am in Security, and I’ve
been doing SP1 for a while now, so I may be able to respond in less that 11
words ;) Or, I may be able to chase it up for you.
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
that when I locate it.
Deji
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Kern, Tom
Sent: Tuesday, March 29, 2005
11:54 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS
should point to...?
can you explain to me how "island
dns" cannot
I meant to say, “no root/sub-root _msdcs
ISSUES to factor in”
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deji Akomolafe
Sent: Tuesday, March 29, 2005
11:41 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS
should point to
itative for the zone and, therefore, consider themselves the “Start
of Authority” for that zone.
HTH
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Tuesday, March 29, 2005
10:41 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS
s
12 words??? I thought it was 11!!! I need to cut down on that next time
â thereâs no room for 2 Joes[1] on this list J
Deji
[1] I still need to respond to that âinverseâ thread â as soon I can
wrap my head around that wacky equation :-p
-Original Message
Yes.
This *may* be a useful primer for you: http://www.readymaids.com/Portals/1/FSMO-xfer.htm
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala
Sent: Tuesday, March 29, 2005 9:51 AM
To: ActiveDir@mail.activedir.org
Subject
In this scenario, I’d recommend
Primary to another and secondary to self.
Deji
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Noah Eiger
Sent: Tuesday, March 29, 2005 9:32
AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DNS should
point to
%ScriptPath%\myscript.vbs
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark
Sent: Tuesday, March 29, 2005 6:29
AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] startup
scripts not running
Good point Joe, I don’t know.
I’m basing the “not
Clients will still be able to contact DCs if resolution is functional. Also,
in a single-domain config, the absence of a GC will not stop a client from
locating resources at other sites. Even in a multi-domain config, such absence
will not result in an absolute stoppage.
Deji
Jorge, my response was to Guido’s “intentions”
when he made the cross-AG statement that he has now clarified. I was not
responding to the original poster because. I am seriously behind on this list,
so I am mostly breezing through.
Deji
From:
[EMAIL PROTECTED] [mailto
Is it a vbs? If yes, have you tried calling
it from a bat file? Does it work if you do that? What you can do depends on the
outcome of that test.
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark
Sent: Monday, March 28, 2005 11:54
AM
To
I think he meant “servers”, and this also is now possible
in E2K3-SP1.
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Monday, March 28, 2005 6:24 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Recover
Almeida
Pinto
Sent: Monday, March 21, 2005 7:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Have fun at DEC
Fun at DEC?
Yeahh it was fun. It was also great to meat Gil, Guido, Dean, Joe, Rick and
Deji in person.
No chicken as I hoped for, but a t-shirt (that not even said "I went to DEC
You can do it remotely, like so:
http://www.readymaids.com/Portals/1/Enable%20DHCP%20on%20Active%20NIC.txt
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you wer
devaluation of its usefulness and I can then understand why someone would need
to outsource. But when you have an essentially “install, configure and
forget” solution, outsourcing becomes incomprehensible, again IMO.
Now, we just need to arrange a location
for my six-pack pick up. :-p
Deji
.
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Friday, March 11, 2005 6:55
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] VERY OT
-WAS Binding to ldap process..- NOW is De ji Rants
You could add FUD to that list for many
orgs
not clog your users mailboxes either.
I will see your solution and raise you a
six-pack J
Anti-SPAM != rocket science. It needs not
be advertised or implemented as such.
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Friday, March 11
simple task as SPAM
protection. Could this be because most of the solutions out there suck in one
form or another? What is it?
Deji [getting off his soap-box now]
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter
Sent: Friday, March 11, 2005 10:12
AM
To
having with SP2 when it is deployed?
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark
Sent: Friday, March 11, 2005 7:10 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Blocking SP2 rollout
My apologies for posting this
ew NS info].
There is still manual update involved in that scenario.
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, March 10, 2005 11:53 AM
To: ActiveDir@mail.activedir.org
Subject: RE:
your question?
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, March 10, 2005
10:14 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DNS - Stub
Zones -vs- Referral Zones
Hey everyone, DNS question:
On our Forest
Justin,
I am tempted to patch a copy of, say, getroot.exe and email that to you
as instsrv.exe. I’d love to see the look on your face when you launch it.
I don’t think it is “safe” to ask for executables in public
places like these.
My $.50
Deji
-Original Message
things there.
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph
Sent: Wednesday, March 09, 2005
12:21 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Problem:
Limit Domain Admins and Administrators
How would you get around AD
dmin. And, I can do things you can’t track.
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph
Sent: Wednesday, March 09, 2005
10:21 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Problem:
Limit Domain Admins and Administrators
If
Get a Proxy Server and use it to control outbound internet access.
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Tuesday, March 08, 2005 7:22 PM
To: ActiveDir (E-mail)
Subject: [ActiveDir] deny internet
hi all
these people he is trying to lock down (out) are members of those groups in
the first place. A well-known solution to Mark’s problem is to remove the
people from those groups. He’d be fine ever after.
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Title: OT: VBScript Question
I am not trying to imply that there is
something wrong with your practice, so don’t take offence. But, what is
the correlation between violations and defrag? I am trying to understand what
the defrag is supposed to do, post-violation.
Deji
From
Title: LDAP and related Exchange question
I haven’t read the blog yet –
I will – but uniqueness is enforced by ADUC (or any other provisioning
mechanism that has the intelligence built into it). You can certainly shove
colliding values into this attribute by other means.
Deji
script and delete the batch file to prevent people from
seeing the password.
If you know how to script adsi, then this
is easy to do in vbscrpt.
You could also get Hyena from systemtools.com
and use that to change all the admin password graphically.
HTH
Deji
From: [EMAIL
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, March 02, 2005 7:51 AM
To: ActiveDir (E-mail)
Subject: [ActiveDir] worm/bot issues
Hi all, i have users that keep getting infected with a worm Symantec
calls &quo
is indeed receiving and routing.
If I were you, though, I’d take the
easy way out and do what has been suggested several times here – let a
plain vanilla SMTP server do the storing for you during this outage.
Deji
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
See http://support.microsoft.com/?kbid=839880
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Oytun
Sent: Thursday, February 24, 2005 1:20 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] NO MORE ENDPOINT AVAILABLE FROM
domain, it then utilizes its
components to resolve the mailbox and route the email for delivery based on the
resolution. It’s more involved than that, but you get the gist.
When you get to the Exchange Library site, be sure to look for the “Exchange
Technical Reference” doc.
Deji
Ex1:
shrflags \serversh1
Display current settings for share sh1 on server
Ex2:
shrflags \server.
Display current settings for all shares on server
Ex3:
shrflags \serversh1 /abe true /forreal
Set access-based enumeration on share sh1 on server
Ex4:
shrflags \server. /abe true /fo
Dunno if this response is urgent enough, but a good place to look at is
TCP/IP properties and see if the client is configured to use lmhosts. Uncheck
that option and try again. HTH
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
Assuming that the necessary components (SMTP, NNTP, ASP, etc) are already in
place on the Exchange server, the only thing I have seen that causes that
error is where there is no GC at the site where the Exchange server is
located. I have no explanation for why it is so, but I ran into this twice
al
Since you are just starting out with AD and DNS, let me encourage you to get
familiar with the MS DNS Center:
http://www.microsoft.com/Windows2000/technologies/communications/dns/default.
asp
Spend a day with the White Paper here:
http://download.microsoft.com/download/f/2/f/f2fc9f59-d90a-4dbc-83
Let's see exactly what you are looking at on your screen. Copy and paste
everything you see on the command line. Or, describe all the steps you took
before you got that error. For example, did that error come up as soon as you
type nslookup and press enter?
Sincerely,
Dèjì Akómöláfé, MCSE+M MC
501 - 600 of 967 matches
Mail list logo
