Not really related to the problem at hand, but OP weirdness the same.
If you have a disjointed namespace in your forest, and the domain names are the
same except for the extensions, the OP doesn't indicate which one you are
pointing at.
IE
MyCompany.net is the forest name
MyCompany.com is a su
This is a little more off topic but..
Has anyone been able to decode LDAP on ports other than port 389 view MS
Network Monitor? I have never gotten in to work correctly, even with the
SMS 2003 version.
I have been using ethereal more, because of this restriction.
Though I am also curio
Brian,
Ouch! We don't know why he went with a Tyan system over an HP or Dell.
With the current pricing of Dell servers, they are far below even the Tyan
barebones server chassis.
I used to work for a large international company, and certain international
divisions were only approved to pur
;> Is there no way for the application to use the
recommended alternative,> i.e. where ADAM receives a SASL bind
request and forwards the request to> Active
Directory?>> Tony>> -- Original Message
--> From: "Jef
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer
Sent: 29 September 2006 01:53
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] ADAM bind Redirection with a NULL password
Since there has been talk of LDAP "Authentication" as of
lat
2.microsoft.com/WindowsServer/en/library/7cfc8997-bab2-477
0-aff2-be424fd03cda1033.mspx?mfr=true
Is there no way for the application to use the recommended
alternative,
i.e. where ADAM receives a SASL bind request and forwards the request
to
Active Directory?
Tony
-- Original Message --
Joe,
I have a large Websphere community, which suffers from the single NC for
LDAP binds scenario. Have you had any experience with WS and ADFS? The
WS guys seem very tight lipped on knowing how to setup WS to work with it.
I have been looking at Quests and Netegrity for their ADFS module
of the
spec.
Besides the DCR, I think all you can do is validate on the application
side (but you already knew that).
Joe K.
- Original Message -
From: "Jef Kazimer" <[EMAIL PROTECTED]>
To:
Sent: Thursday, September 28, 2006 7:53 PM
Subject: [ActiveDir] ADAM bind
EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer
Sent: Thursday, September 28, 2006 5:53 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] ADAM bind Redirection with a NULL password
Since there has been talk of LDAP "Authentication" as of late, I figured
I'd
ous if a bit flip to shut down this possibility could be put in
control of the directory Admin, instead of relying on the developers.
Thanks,
Jef Kazimer
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
Just to add some info here..
I am currently in the middle of an "integration" where one IT group
suggested a split the network to clone the AD environment on both sides.
Thankfully this has been abandoned after being evaluated.
I believe Microsoft Consulting Services called this solution
I had posted this today, and I was curious if
anyone knew why an LDAP filter drops the query when searching for a single space
value? Though I was using Joe's ADfind, I did have the same results in
ADSIedit, and thought someone better than I, may know why. It's not really
a problem, just a
Another FYI - Suffix Search List GPO is only available on Windows XP and up OS's.
It was not in Win2000 versions. We had to use scripts/reg keys to man age these back in the day.Jef Kazimer---http://www.jeftek.com
Date: Mon, 31 Jul 2006 10:46:38 -0400From: [EMAIL PROTECTED]To: ActiveDi
I'm not sure how you mean "Unity Server"?
Can you give more details in what context?
I did a quick Live Search on Unity Server and Active Directory and I thought it could possibly be a Cisco product?
http://www.live.com/?q=Unity+Server#q=Unity%20Server%20Active%20Directory&offset=1
The
Speaking of Exchange...
Any good resources for Exchange info? (IE real world lessons, etc) I just got told today that we are going to be leaving a company we just bought on Exchange instead of migrating them to lotus notes (Talk about dodging a bullet). Sadly I have not done Exchange work
Hmm...then you could add -notonlynotdisabled to return disabled users just to keep with the flow...
Subject: RE: [ActiveDir] OldCmp questionDate: Fri, 19 May 2006 17:08:03 -0400From: [EMAIL PROTECTED]To: ActiveDir@mail.activedir.org
+1 for –onlynotdisabled
Thanks,Brian Desmond
[EMAIL
hmmm
How about -onlyenabled? :)
Ya know...just because...
> From: [EMAIL PROTECTED]> To: ActiveDir@mail.activedir.org> Subject: RE: [ActiveDir] OldCmp question> Date: Fri, 19 May 2006 11:41:21 -0400> > Disabled accounts are marked by having bit 1 list on userAccountControl> (valu
http://dictionary.reference.com/search?q=mucker
mucker
\Muck"er\, n. A term of reproach for a low or vulgar labor person. [Slang]
Let the Ragin' begin!
(Thought I could have sworn it was a lazy way to say "mofo" :) )
> From: [EMAIL PROTECTED]> To: ActiveDir@mail.activedir.org> Subjec
I think my company users Lotus Notes just because it doesn't integrate with anything so less headaches. :(
> From: [EMAIL PROTECTED]> To: ActiveDir@mail.activedir.org> Subject: RE: [ActiveDir] [OT] DNS on a DC or NOT> Date: Wed, 17 May 2006 15:32:15 -0400> > No I save up my D strength so I
joe,
I had considered the cache issue, but I figured that since it would be an integrated zone, it would exist on multiple DNS servers. So if each DNS server read the record once, it would generate enough audit flags to let us know it is still being used globally. :)
As I said, it was a sta
We have it on all of our DCs as well worldwide and have not seen an issue.
But a question about integrated zones. I had an issue recently where a system owner wanted to know if people were resolving an old CNAME for one of their systems. They wanted to remove it from the zone, but wanted to
John,
Just curious, was these option *ONLY* availiable in XP SP2? Any hope it exists in Windows Server 2003 SP1? :)
Thanks,
Jef
> From: [EMAIL PROTECTED]> Subject: RE: [ActiveDir] GPO> To: ActiveDir@mail.activedir.org> Date: Wed, 10 May 2006 08:49:21 -0500> > Hi Peter...> > If the cli
Hmm.reading the PDF at : http://download.microsoft.com/download/5/8/e/58ededaf-4de0-4fd3-b500-8a8f6bbfe1f4/ADRAP_Datasheet_v1.0t_English.pdf
Is this something to have running where MOM is not running? It seems alot of his can be done via MOM, thought not as slick of a consolidated interfac
Joe,
I don't remember if they told us to check if they are TS users or not to be honest as this was almost 2 years ago. I do remember that he symptoms were quite odd in that the error message dialog box would throw out an obscure error that could not be found in any online resource. They said
I meant that was the advice we were given from PSS on how to solve the problem. :)
Though...we did end up clearing it after finding out they were not TS users.
From: [EMAIL PROTECTED]To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] TScmd helpDate: Thu, 4 May 2006 21:17:34 -0400
My first travesty with said blos, was when an admin could not reset a users password via the MMC. After some PSS support, it turns out it was the NWCLIENT attributes stored in the userParameters field. As it turns out these users in the NT4 days had the Netware client piece, and when they wer
Mike,
Scratch that. It is not the string I was thinking about.
I'm sure Joe will know though :)
From: [EMAIL PROTECTED]To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] TScmd helpDate: Wed, 3 May 2006 16:38:42 -0500
Mike,
Can you use ADfind and ADmod for this?
ADfind -h -De
Mike,
Can you use ADfind and ADmod for this?
ADfind -h -Default -f "(TSpath=Blah)" -dsq | ADMOD tspath::NewPath
Now I don't remember f TS path (I know it's not the attribute name so you will need to look at it) is a string value or if t's contained in that blob value with the other TS set
HmmmI think my links got stripped there :
Security Myths and Passwords by Prof. Spafford
http://www.cerias.purdue.edu/weblogs/spaf/general/post-30/
Ten Windows Password Myths
http://www.securityfocus.com/infocus/1554
> From: [EMAIL PROTECTED]> To: ActiveDir@mail.activedir.org>
This has been making the rounds as of late, so I am not sure if it has been
posted here:
Security Myths and Passwords by Prof. Spafford
and something from 2002:
Ten Windows Password Myths
Now...where I am, Smart Card integration into physical building access is
becoming a reality, so I
Just curious
Does the Vista MCE allow Divx playback for the extender?
The MCE Transcoder is a life saver to play Divx and Xvid on the Xbox 360 MCE-E.
Subject: RE: [ActiveDir] OT: Windows Vista - Windows DefenderDate: Fri, 28 Apr 2006 19:03:07 -0400From: [EMAIL PROTECTED]To: ActiveDi
You have me salivating
What is the program name? I do not see it under the availiable programs listing.
Subject: RE: [ActiveDir] OT: Windows Vista - Windows DefenderDate: Fri, 28 Apr 2006 19:00:32 -0400From: [EMAIL PROTECTED]To: ActiveDir@mail.activedir.org
Do you have access t
We use "employeeType" with values of
EMPLOYEE
CONTRACTOR
VENDOR
SERVICE
OTHER
ADMIN
Jef
Subject: RE: [ActiveDir] Cleanup of AD accountsDate: Fri, 28 Apr 2006 16:04:42 -0500From: [EMAIL PROTECTED]To: ActiveDir@mail.activedir.org
Is there an attribute that's generally safe to use, or are y
e.> > You also mentioned self-registration and this kicks off an entirely > different thread (in my mind anyway)... > > 1. What are you providing access to?> 2. Whom are you registering and for what ?> 3. What authentication mechanism do you wish to use (username/password, >
sername/password, > certs, OTP).> 4. Do you need to provide some form of authorisation once authenticated > as
well? What form&nb! sp;does this need to take?> &nb sp;> Hope this helps.> > Regards,> Mylo> > if you need an initial> > Jef Kazimer wro
works nice...but still no Xbox 360 support :(
I want to test that piece :)
Subject: RE: [ActiveDir] OT: Windows Vista - Windows DefenderDate: Fri, 28 Apr 2006 12:15:52 -0400From: [EMAIL PROTECTED]To: ActiveDir@mail.activedir.org
Have you tested MCE on it? 5342 MCE on a beefy box
Neil,
In some ways they may be even more harmful. Network outages have their own fixes, hardware failures have replacements, deleted data (should) have backups.
Solutions for bad process and policy due to architecture decisions? Not as cut and dry, and could be most costly in the long ru
ss to?> 2. Whom are you registering and for what ?> 3. What authentication mechanism do you wish to use (username/password, > certs, OTP).> 4. Do you need to provide some form of authorisation once authenticated > as
well? What form&nb! sp;does this need to take?> &nb sp;> Ho
wish to use (username/password, > certs, OTP).> 4. Do you need to provide some form of authorisation once authenticated > as well? What form does this need to take?> &nb
sp;> Hope this helps.> > Regards,> Mylo> > if you need an initial> > Jef Kazimer wrote:>
Tom,
Unfortunately No, this is a domain wide setting.
This may help: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx
look under the "Storing Password Policy Information" section.
More than just AD utilize thi
re information?> > For example, these public internet sites?
> Are they web only? What type> of authentication is needed? What were your
> plans for authorization?> Are you planning to use something like SiteMinder
> or Tivoli or ?? to> help you deal with authorization if
I was wondering if anyone had any suggestions for workflow applications built on top of MIIS for iDM? We have a rather robust MIIS architecture that utilizes custom coded applications as a front end. We are starting to evaluate off the shelf products, and I was wondering if anyone had any su
I have noticed it is not always in the system tray, except when it had a message for me.
I found the icon (looks like a little castle) on my main Programs Menu on the Start menu.
Jef
> From: [EMAIL PROTECTED]> To: ActiveDir@mail.activedir.org> Subject: Re: [ActiveDir] OT: Windows Vista - W
Ok, here is something I'm just starting to research, and I thought maybe someone here has some pointers or a direction they can steer me in.
We are looking at a potential consolidated directory/database to contain user registrations (Self registration and possible bulk load) for multiple public
Gil,
I think he was looking for other reasons besides the obvious ones (More hardware, license, etc.).
It would be interesting to quantify the hidden costs related to administration, data consistency, application integration, security, etc..
But that is a task for a better man than I...
RH,
It comes in the management issues. I currently deal with people creating a secondary account in the peer domain because they do not want to bother (or understand that they can) to use the existing account. I think alot of this stems from lack of centralized policy and process that was n
My brother I welcome you into RDA :)
Root Domain Anonymous :)
Though, if the business requires the separation it still has it's place today in certain environments. I would just be more adamant at evaluating those business requirements as it relates to the directory.
Jef
Subject: RE: [
Guido,
My thoughts exactly. I always start my complaining with "It was designed with what we knew at the time.butif I could it again today, blah, blah".
I think the decisions that would use this model today will most likely stem from political and administrative decisions, where as
The problem I always had with the idea of a tighter security for a root domain for admins is that it doesn't always flow down correctly for all tasks in the child domains.
IE
You have your Admins in the ROOT domain which has a tighter security policy than your child domain. Yet you can't pl
Al,
If you had asked me in the year 2000, I could see issues that would drive a root domain to anchor multiple domains. I would caution against it now. I believe MS had the same stance, and now thinks it may not make as much sense as it once did.
Maybe they should re-evaluate their service
I would tend to agree that a single domain is optimal with the current AD and infrastructure that is available. Other than security, legacy, and most importantly political issues, for most a single domain should be considered.
Where I am, we have 3 domains in a single forest, with one being
The thought of a complete PKI has put us off this
--- Many people tend to be in the same boat. We are looking at integrating our Badge IDs and Smart Cards so I see a a full blown PKI initiative in the works.
This seems O.K. We generated a cert internally, and this is how we inten
My recent favorite was a rather "popular" software vendor told me I needed to increase my maxIdleConnectionTime for the Directory higher than 900s (15 mins)because their connection was timing out while processing the first page of 1000 users, and having the connection dropped before they went bac
Dave,
The certs can be used in fifferent ways. If you are using EAP-TLS which uses the Certs to authenticate the user and the server, you will need a CA to issue this. This would require a PKI solution to be in place. While not hard or impossible in 2003, just something you want to be cauti
ww.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about> Yesterday? -anon> > > > > From: [EMAIL PROTECTED] on behalf of Jef Kazimer> Sent: Wed 4/19/2006 2:37 PM> To: ActiveDir@mail.activedir.org> Subject: RE: [ActiveDi
I'm curious, how would you show activitity other than the last time the user authenticated? Since disabling the account would only affect the ability to authenticate (not including any external logic or process built on account status), I'm curious what other ways you would show account inactiv
We are using IAS, with PEAP authentication to AD. This allows them to use their logged on user credentials to the workstations to authenticate to the WLAN. The whole authentication is behind the scenes if they are in the Domain. I still have some network folks who fear being a domain, so they
Myke,
You could write a script to do such a thing I suppose. Something to the effect of if lastLogonTimeStamp value is greater than 180 days, disable account kind of thing.
We utilize MIIS in house for this and for SOX deactivations, but it is certainly something you could write a script or
It seems like an obvious idea to implement. Sad we never thought about it. :)
Has anyone done any tests to reveal what performance gains this yields on queries?
Thanks,
Jef
Subject: RE: [ActiveDir] stupid ldap queriesDate: Tue, 18 Apr 2006 17:03:35 -0400From: [EMAIL PROTECTED]To: ActiveDi
Does the SCHTASKS.EXE do what you want?
perhaps with the /V switch
SCHTASKS /Query [/S system [/U username [/P password]]] [/FO format] [/NH] [/V] [/?]
Description: Enables an administrator to display the scheduled tasks on the local or remote system.
Parameter List: /S sy
expire at the end of. That is, the Active Directory Users and Computers MMC snap-in will display the account expiration date as one day earlier than the date contained in the accountExpires attribute." Hunter From: Jef Kazimer [mailto:[EMAIL PROTECTED] Sent: Friday, August 06, 20
I was brought this little problem today, which doesn't make alot of sense to me so far.It appears that ADUC displays the User Expiration date differently than a VBS script does. An in house coded application is being questioned because these values do not match.ADUC says 8/8/2004VBS says 8/9/200
ed. It appears to have
>3 values:
>
>TRUE = Already tombstoned and will be replicated
>FALSE = Not tombstoned yet, but can be
> = Will not be scavenged.
>
>This is not 100% though, so I think I am missing something else.
>
>Thanks,
>
>Jef Kazimer
>
&g
We have some servers with "slow" connections due to some political site link
connections times. What I believe is happening is that the replication window is not
sufficient to propagate all the changes, and when the changes reach to the box, the
files it's expecting to change are no longer th
I've been looking at ways for tracking static DNS record changes. So far
I've been focusing on the "dnsTombestone" property which has 3 values of
NULL, TRUE, and FALSE.
Perhaps you can see if that object has a similar property? I'm not at an AD
terminal now, so I can't check, but it might be so
f poor documentation both publicly and internally.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer
Sent: Friday, January 16, 2004 11:54 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [ActiveDir] MNS user flag - fixed
Last week
ree
Sr Network Specialist
PG&E Auburn, Ca.
-----Original Message-
From: Jef Kazimer [mailto:[EMAIL PROTECTED]
Sent: Friday, January 16, 2004 8:49 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] 2003 NTDS.DIT size
If anything, We just did a 2003 upgrade of our DIT wit
Last week I posted here questioning what the UF_MNS_ACCOUNT user flag was and how it
got on my users. We were getting the "Procedure cannot be found" error when resetting
their passwords.
After talking with MS, they looked at the source code to determine it is related to
the Netware services
If anything, We just did a 2003 upgrade of our DIT with live data in the lab.
We did an upgrade of 2003, and then Compact in NTDSUTIL
in 2 seperate domains:
Went from 2.68gig to 1.1gb
Went from 1.0gb to 890mb
Also, removing the ADM templates from all but the PDCE, we went from a SYSVOL of
3
#x27;m with you, I'm not sure where to find it in the GUI, or what exactly it's
>for. I think the references I've seen to it have been copied from others
>(defining constants in VBScripts).
>
>Do you have Windows Server 2003 clusters there? Could it be related to
>t
Does anyone know what the "UF_MNS_LOGON_ACCOUNT" Userflag is, and how it's set in a
GUI? I'm seeing weird errors with some users and noticed they have this userflag
set. I don't know what it is, and all documentation I can find gives a description
of "Not an MNS user" on the web.
What is an
Usually a Failure of 5 is "Access Denied"
turn on Winlogon Logging, and then use secedit to reapply security policies. It will
create the winlogon.log in the C:\winntt\security\logs directory.
Read through the log and you should see where the error is happening.
Search Technet for the keywords
Actually I just used the ADmap 1.6.2 utility last night. I believe it came out of MS
consulting services from Germany. (it says so in the about)
It reads your Sites structure and builds it into a rather unwieldly VISIO map. You
will need a Plotter to print it out, and it's not perfect. Not b
> -Original Message-
> From: Jef Kazimer [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 26, 2003 8:53 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] DNS, Reverse and Limit, and
> Searching for Static Records
>
>
> Roger,
>
> Thanks for th
inistrator
Inovis Inc.
> -----Original Message-
> From: Jef Kazimer [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 25, 2003 4:17 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: [ActiveDir] DNS, Reverse and Limit
>
>
> okTry to stick with me, as
-------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
> -Original Message-
> From: Jef Kazimer [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 25, 2003 4:17 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: [ActiveDir] DNS, R
okTry to stick with me, as I explain this mess.
Having inherited DNS, it appears that scavenging was never put on for the DHCP
scopes, and there are over 60k of "dead" PTR records to clean up. Unfortunately it
was never turned on, since the fear of static records being wiped in the process
ture to Test
>Date: Fri, 21 Nov 2003 14:00:43 -0700
>http://support.microsoft.com/?kbid=237677 has an example of how to do this
>with LDIFDE. Very easy and fast
>
>Hunter
>
>-Original Message-
>From: Jef Kazimer [mailto:[EMAIL PROTECTED]
>Sent: Friday
Hi all,
I have an urgent need to mirror our production OU structure to our Test Platform. Is
anyone aware of a script or tool where I can export and import the structure?
If sowould they share? :)
I think I can write something, but if anyone has a pointer in the right direction to
an alr
Sooo...
I've finally deployed the latest FRS version (june 2003) and already I am seeing
things clean up nicely!
Only problem has been with Ultrasound (I LOVE free tools like these!) that once the
provider is deployed, I can't get data and the provider gives these errors:
Recording NtFrs Per
I'm currently using the DNSresource.vbs to dump zones to a text file, then I use
another VBS I wrote to parse the text file, and re-import the Reverse zones.
The syntax I am using is:
DnsResource /LIST PTR %2.%1.10.in-addr.arpa /S /O zone\%2-%1-10.dns
%1 and %2 are the B and C octets since
n, I'm talking W2K not W2K3.
>
>Do you know if that will work in W2K?
>
>Thanks for responding.
>
>RH
>
>_
>
>
>
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] Behalf Of Jef Kazimer
>Sent: Fri
HmmI think the setpwd was a "hack" they threw together to address the issue
quickly. You'll now found this ability to reset the password in the ntdsutil command
on win2003. the setpwd doesn't exist in 2003 either.
I am not running SP4, but if you are, you might want to check ntdsutil to s
Cindy,
Verify the Subnet data is replicated, and then trigger the KCC (repadmin /kcc
or in Replmon)
you can just delete the connection that was created by the KCC, and whe nti rusn again
it will add them if needed.
If you moved it to a new site, and you created the proper site-link, it wl
ate if ageallrecords step is missing. Is this
>correct ?
>I will need to back up my DNS first , before making any changes. Please
>advise if I am mis-interpreting anything. Thanks
>
>
>
>
>Sandy
>+-+
>
>
>
if ageallrecords step is missing. Is this
>correct ?
>I will need to back up my DNS first , before making any changes. Please
>advise if I am mis-interpreting anything. Thanks
>
>
>
>
>Sandy
>+---
Have you done the Age All Records (DNSCMD /AgeAllrecords command)
Records with TS before Scavenging was turned on at the server/domain level will not be
scavenged, so you need to AgeAllRecords after enabling scavenging.
It will inherit the scavengeing attributes from the zone itself.
your new t
It's that Mysterious error they talk about in the ADMT 2.0 docs, that they say is
unknown cause of it.
Do a shutdown and reboot of your workstations before you migrate them, and it solves
this problem. I meant to send out verification and reboot scripts this week since
someone asked this earl
Nov 2003 14:11:31 -0500
>Jef,
>
>Can you share the "pre-test" code?
>
>-Ted-
>
>
>-Original Message-
>From: Jef Kazimer [mailto:[EMAIL PROTECTED]
>Sent: Friday, November 07, 2003 1:50 PM
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject:
I would second that about making sure the users are logged off. The earlier betas of
2.0 really flaked out on that, so make sure you did use the 2.0 release.
We've had issues with RPC timeouts and not finding PCs on the net, but we think it's
related to a global networking layout.
When mig
ia ADSIedit, which doesn't filter any permissions in
>the UI.
>
>I don't have anything to test around here right now so I can't compare what
>the ACL should be.
>
>-Original Message-
>From: Jef Kazimer [mailto:[EMAIL PROTECTED]
>Sent: Mittwoch, 5. N
ECTED]
>Subject: RE: [ActiveDir] DHCP - DNS - DnsUpdateProxy Group
>Date: Wed, 5 Nov 2003 22:15:07 +0100
>look at the ACL with ADSIedit - it should not be empty. Is there an
>"Everyone" ACL?
>
>-Original Message-
>From: Jef Kazimer [mailto:[EMAIL PROTECTED]
>
commendation 4 years ago, when they didn't know
>the product themselves - but you'll not hear that recommedation today.
>
>Have a look what permissions Authenticated Users have in Advanced View - may
>not be Full Control afterall, but at least write access to most of the
>a
ds. It's not as
>simple as running the service under an account, but it's some option of the
>DHCP service - I'd have to look it up, but I'm sure others will fill in the
>details.
>
>/Guido
>
>-Original Message-
>From: Jef Kazimer [mailto:[EMAIL
When specifying DHCP servers in the DnsUpdateProxy, should the ACL For the record
show the machine account (DHCPSERV1$) or should it show (DNSUPDATEPROXY)?
I'm looking at some Zones, and I see that the DHCP server as having FullControl, and
the owner as SYSTEM.
Would a 2nd DHCP server in the D
Well, this is more of a blanket suggestion, than a solution to your problem.
After coming to find many tasks that remote admins should be able to do, but that I
don't want to give them rights to do, I tend to try and centralize tools. I've
created ASP driven "admin portal" which is nothing m
Thanks for the help yesterday with this, and MS got back to me today. I thought I'd
share the info, for those out there that might be interested.
--
This is the latest version for Windows 2000.
File Replication Service Does Not Log Errors on Sharing Violations WGID:583
ID: Q815473.KB.E
Rich,
I just create a file object, and output Text with HTML code to it to format the HTM
file for making web based report. Since HTML is just text anyway you can
programatically format it.
Here is just a snippet for example:
'[Create ASP log file]
Set WshShell = WScript.CreateObject("WScrip
his without contacting MS with a need to do so
>(if they even have anything newer at all)
>
>What kind of replication problems are you experiencing?
>
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer
>Sent: Monday, November
Hi all,
I'm using Ultrasound to diagnose some Replication problems. One thing I am trying to
do is bring FRS up to date on all the DCs.
What is the msot current release version of FRS?
The latest I am reporting is May-07-2003, but I know where is newer. If I am going to
upgrade them, I want
1 - 100 of 106 matches
Mail list logo