If you suspect it's the KerbTray tool, you may wish to use KList (part of the
Reskit) to verify that both are showing the same output.
Ryan
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer
Sent: Thursday, January 25, 2007 1:34 PM
To: ActiveDir@mail.activedi
Title: Restrict CD rom, floppy and USB via group policy?
HOWTO: Use Group Policy to disable USB, CD-ROM, Floppy Disk and
LS-120 drivers
http://support.microsoft.com/kb/555324
Ryan
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Group, Russ
Sent: Friday, November
Whoami.exe should do the trick. The /groups switch will show them what groups
they are in.
Ryan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B Allen
Sent: Wednesday, October 25, 2006 12:47 PM
To: ActiveDir@mail.activedir.org
Subject
dn:CN=Administrator,CN=Users,DC=one,DC=test
>homeDirectory: \\test\test
>sAMAccountName: Administrator
1 Objects returned
Ryan
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Comeau
Sent: Thursday, October 12, 2006 12:51 PM
To: ActiveDir@mail.actived
:
wasChris Ryan/MIS/CORP/KrogerCo
received
by
:
wasChris Ryan/MIS/CORP/KrogerCo
received
by
:
wasChris Ryan/MIS/CORP/KrogerCo
received
by
:
wasChris Ryan/MIS/CORP/KrogerCo
received
by
mimics the legacy Control/SA Workflow tool.
Chris Ryan
The Kroger Company
Corporate Information Security
[EMAIL PROTECTED]
Office (513) 698-1935
Cell (513) 623-5362
"Blo
an AD Health product.
If you don't want to pay, then you can start scripting based upon what you see common among all of the commercial products available.
Ryan
On 3/6/06, Adeel Ansari <[EMAIL PROTECTED]> wrote:
AD Gurus,Can you guys expand on the topic of what should be monitored in
In the NTDS performance object there are two counters: NTLM Authentcations and Kerberos Authentications. They wouldn't be able to tell you "who" is authencating using those methods, but they would be able to provide a better idea. Both counters are in number of requests per second
adfind -default -f "&(objectcategory=organizationalperson)(!attributename=*)" -csv should do the trick.
Ryan
On 2/17/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I'm looking for null values in several attributes of user objects but the result only returns the
we establish a potential MIIS integration with a Ent. DC then I'll toss our ideas out the Window and succumb to the fact that we should save the co. $$$.
Ryan
On 2/14/06, Almeida Pinto, Jorge de <[EMAIL PROTECTED]> wrote:
yes you could have a mix of DCs where some are std. and some are e
with several child domains that we are working on eliminating. Forest is at 2003 FFL.
Thanks again!
Ryan
On 2/14/06, Almeida Pinto, Jorge de <[EMAIL PROTECTED]> wrote:
I these are plain vanila DCs standard edition is OK. However it really depends on what additional features you want to use
e not good enough when it comes to $$$ savings.
Thanks!
Ryan
Coming into this late, but I'm currently hosting a number of dc's on
VMWare so have some other tips you need to be aware of..
I'm assuming you're going to be doing this on ESX and not workstation or
GSX (if you must do GSX, run it on linux and not Windows - as pro-MS as
I typically am (ex-MSFT, so
Use host headers in IIS for WSUS as an DNS
alias, then you can also advertise it on any port you wish.
Servername.domain.com:8159
Alias: wsus.domain.com
You should be able to put both in your
GPO.
-Ryan
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
HKLM\SOFTWARE\Policies\Microsoft\Windows
NT\Terminal Services. Already have tried the deletion but you have to
keep on doing it if you want to make changes to Citrix. I was hoping
there was a “Disable Secure RDP” registry setting that wouldn’t
gray anything out (as in W2K).
-Ryan
settings which
presents a problem. So aside from blocking policy inheritance on the OUs where there
are terminal servers does anyone know of a way to un-gray the settings for
W2K3? This was not an issue in W2K.
Hopefully I’ve explained well enough. Thanks in advance,
Ryan
:
wasChris Ryan/MIS/CORP/KrogerCo
received
by
:
wasChris Ryan/MIS/CORP/KrogerCo
received
by
echo %logonserver%
-Ryan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christine Allen
Sent: Wednesday, August 31, 2005 4:58 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC authentication
Sorry, I'm have a brain hiccup. Does anyone
:
wasChris Ryan/MIS/CORP/KrogerCo
received
by
:
wasChris Ryan/MIS/CORP/KrogerCo
received
by
:
wasChris Ryan/MIS/CORP/KrogerCo
received
by
:
wasChris Ryan/MIS/CORP/KrogerCo
received
by
:
was Chris Ryan/MIS/CORP/KrogerCo
received
by
:
was Chris Ryan/MIS/CORP/KrogerCo
received
by
I’m faced with a bit of a challenge that hopefully someone
can provide some better ideas than I’ve come up with.. my company is
bringing in a fairly complex identity management product that is largely AD-unaware
and I need to make sure it gets adequately tested before it makes it into our
p
Migration Manager for Active Directory from Quest will allow you to migrate
objects from the external domain without setting up a trust. I believe you
do need to be running 2003 in the source domain as it stores information in
ADAM during the migration. Check out the URL below.
http://wm.quest
Title: Account lockout
..might check the event logs on the dc too
– we’ve seen a virus or two lately that really tries hard to brute
force any account names it finds, but usually just ends up locking the accounts
out (which I can tell you, is exponentially annoying when you’re at home
on th
I will be out of the office starting 07/28/2005 and will not return until
08/02/2005.
I will be out of the office 7/28 - 8/1, I will respond to your message when
I return.
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http:
resources.. even if you migrate
a user later – you could always go back and rerun the post processing on
a machine again (at least with quest and netiq, I’m not sure if that
functionality made it down to the free admt version..)
-- Rob Ryan - MCSE, MCSA ([EMAIL PROTECTED])
-- Network Systems
l that might be trying to hit the files that
might be causing issues as well..
-- Rob Ryan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Friday, July 29, 2005 3:32 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Urgh... tr
handle profile/permission
migration though? I thought I remembered testing that last year when admt2.0
came out, but it was incredibly resource intensive and not necessarily reliable
or scalable.
neither Quest nor NetIQ are cheap though,
and both bill per user migrated..
-- Rob Ryan
Make sure the normal user accounts have the logon locally right - IIS in
basic authentication will essentially log a user onto the machine
because windows doesn't recognize basic auth as a valid authentication
mechanism (and rightfully so), and if you don't want them to have to
enter in "domain\use
Thanks Mark and Guido, that was the problem. Everything is working great
now.
Chris
"Grillenmeier,
Guido"
All,
I've been following the Sybex book, Mastering Windows 2003, to test
an inter-forest migration from external.dev to development.dev using the
ADMT. I have not received any errors during the migration and everything
appears to be setup correctly, however, I do not think the SID History
I believe you would still have to prep the forest and the domain in order
to even promote a 2003 DC in a 2000 domain.
"Antonio Aranda"
<[EMAIL
Thanks for the feedback. I thought some of the experts would be able to
better articulate the consequences of changing that value. I read about it
in Eric's Blog and based on the information I had come up with this
response to changing the value.
"Performance issues include increased processor
All,
What are the effects of changing the MaxValRange value? I have a
vendor that does not want to change their code for LDAP queries that exceed
this value. I wanted to know what repercussions I would experience if I
increase it to 4,000.
Chris
List info : http://www.activedir.org/Li
Thanks for all of the responses. I had a chance to look at the KB article
on USN rollback and found it very informative. I will get to the white
paper when I have a little time.
I am still concerned about the Snapshot feature. How do others handle this?
Is it possible to turn it off or apply a
All,
Is anybody currently running Domain Controllers in VMware of Virtual
Server? Have there been any problems with this environment? There is a big
push at my company to virtualize every environment but, I am sure Domain
Controllers should be virtualized.
One of my biggest concerns
That was exactly right. Thanks for the help!
Chris Ryan
The Kroger Company
[EMAIL PROTECTED]
Office (513) 698-1935
Cell (513) 623-5362
"Tony M
All,
I am attempting to delegate full control of one OU to a particular
group of Admins. I have run the Delegation Wizard, selected the group,
customized a task to delegate permissions to the folder, all existing
objects in the folder and the creation of new objects and then selected
Ful
All,
We had a situation yesterday where random A records would disappear
from DNS. All of these records were static so should not be affected by
scavenging. I do not know why records would disappear other than the
restoration of an old backup that did not contain those records. This is a
will allow the user to move
computer objects between OU's but not join computers to the domain.
Chris Ryan
The Kroger Company
[EMAIL PROTECTED]
Office (513) 698-1935
Cell (513) 623-5362
"M
server.
Chris Ryan
The Kroger Company
[EMAIL PROTECTED]
Office (513) 698-1935
Cell (513) 623-5362
Christine Allen
CV in the UK is like Resume in the US.
-Ryan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Monday, May 09, 2005 1:01 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] All
Accenture? Compucom? CSC?
I don't think MS
system events|Success, Failure |
|---+-|
Chris Ryan
The Kroger Company
[EMAIL PROTECTED]
Office (513) 698-1935
Cell (513) 623-5362
List info : http://www.activedir.org/List.aspx
List FAQ
i have the SAME issue. i decided screw it it takes about a full minute to
log on to the domain. i belive it has something to do with the DNS when the
server was first setup. i just go get a cup of coffee after i logon and when
i get back its up and running fine..
- Original Message -
F
Set the time source on your Root PDC with net time /setsntp:SERVERNAME
On all other DC's do not set a time source with net time /setsntp:
By not setting a time source the DC's should all default to the Forest Root
PDC.
Or you can manually set the other DC's to sync with your forest PDC with
I have installed it on some production domain Controllers and have only had
one minor problem with McAfee 7.1. I received Event ID 1002 in my system
log from DCOM.
The launch and activation security descriptor for the COM Server
application with CLSID
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}
is
Thanks for all the feedback.
Our Citrix users are the primary affected users and we are debating whether
to make this change for the company or just for the Citrix users. I think
we may implement a script in the NFUSE logon page that will redirect the
user to the appropriate website to change
Thanks for the explanation, I really appreciate it. This is the first time
I have attempted a domain consolidation so I want to be sure I have all the
background information. I have a VMware lab environment with production
data in it for testing and I will begin testing the products.
I think during an intraforest migration it is a copy, as the source user
accounts are left intact and the users can continue to use them. This makes
for an easy roll back if something goes wrong. I have not yet looked at
using other tools as they, of course, will cost money and this tool is
fr
I have checked the help files in the ADMT and it appears that it will only
replace the account in the target domain with the account in the source
domain. As a result, the users will be removed from the groups in the
target domain and they will loose access to their applications. I want to
comb
These are the same users in the same forest, but in different domains.
"Mulnick, Al"
<[EMAIL PROTECTED]
Yes, all of these domain are in the same forest. We have an empty root
domain, MSROOT.domain and one tree in the forest, DOMAIN.com and 3 child
domains, FM.domain.com, MI.domain.com and RA.domain.com. The forest
functional level is Windows 2000 while the domain functional level of
MSROOT.domai
We are currently trying to migrate all of our child domains into one
single domain. There are 3 child domains, 2 of which are Windows 2000
native and 1 is Windows 2000 Mixed. The target domain is Windows 2003
Native. We plan to use ADMT v2 for the planned migrations.
There were man
Your users will not be immediately prompted to change their password to
meet the complexity requirements. They will be forced to use a complex
password the next time a password change is required.
"Greg
ere the original was. Any
thoughts ?
Please advise,
Ryan Gallegos
McMath,Woods P.A
- Original Message -
From: "Jorge de Almeida Pinto" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, March 22, 2005 8:07 AM
Subject: Re: [ActiveDir] Scheduling online DIT file defrags
List info : ht
In our environment we use a product called Passport to synchronize
password changes across multiple accounts. Our users are aware of this
product and the procedures required for making a password change, however,
the Default Domain GPO specifies that the user will be notified to change
th
Can anyone help??
I'm Running 2000server,w/Raid 5
I seem to have a problem with files replicating them
self's. If I move a document in to a folder the next day I have the
document in the folder and a new one where the original was. Any thoughts
?
Please advise,
Rya
Can anyone help??
I'm Running 2000server, I seem to
have a problem with files replicating them self's. If I move a document in to a
folder the next day I have the document in the folder and a new one where the
original was.
Please
advise,
ext = _
"<LDAP://dc=bob,dc=foo,dc=com>;(&(objectCategory=User)" & _
"(samAccountName=" & strUserName & ));displayName;subtree"
Set objRecordSet = objCommand.Execute
Wscript.echo objRecordset(0)
Its definitely not as clean as ADFind, bu
I agree with Neil. I've seen good results with ERDisk from Aelita, which is
now called Recovery Manager for AD from Quest.
-Ryan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil
Sent: Thursday, February 17, 2005 10:17 AM
To: '
Check this reg key HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions
For value: ProductType
If the value is "Winnt" then it's the workstation not the server.
YMV.
Hope this helps.
Ryan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
query the DB for the last logon value
and have it pop up on their screen. You could also query a web page to get the
values if you didn't want to worry about odbc and sql calls from the client
machines.
But you have to be a scripter to get this done I
believe.
Ryan
From: [EMAIL PROT
ed to an application: Dec PathWorks.
Ryan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of J0mb
Sent: Friday, May 14, 2004 1:42 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] 04-011 Issues
Hello all,
Anybody working on 2000 server-based networks would
y auditing but would like to attempt this method first as it would be faster and hopefully provide real time information.
Thanks!
Ryan Durant
Great! I ended up getting ahold of the guy and nailed down exactly what I
needed.
Thanks!
Ryan
-Original Message-
From: Coleman, Hunter [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 27, 2004 5:14 PM
To: '[EMAIL PROTECTED]'
Subject: RE:
Anyone else have any ideas? I appreciate the link to the dsacls page and will
definitely use that in the future. It doesn't quite seems to do what I'm
looking for though.
Thanks,
Ryan
-Original Message-
From: Woerth, Ryan
Sent: Friday,
erty. Any clues?
Thanks,
Ryan
Ryan Woerth
Capitol Indemnity
Lead Network Specialist
608-232-0497
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
find out what is in the queue, or what could be potentially blocking
the queue.
Thanks!
Ryan
Ryan A. Conrad
Windows
2000 MCSE
Windows Server
2003 MCSA MCSE
CCNA Network+
IMSS Platform Engineering
Wintel Analyst
Bristol-Myers
Squibb Company
Does anyone know the MS WWF part number for Office 2003?
Ryan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, August 19, 2003 10:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] FYI - Office 2003 went RTM today
Heh
chines
are XP pro. All of this is a problem because periodically during the
night I get security events that the user is trying to log on during the
night after their logon time has expired; giving a false impression that
someone is trying to hack in. Any ideas?
Thanks,
Ryan
List inf
Title: Message
BizTalk would also cost a lot more.
Ryan
-Original Message-
From: Roger Seielstad
[mailto:[EMAIL PROTECTED]
Sent: Thursday, March 27, 2003
10:47 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir]
Synchronization with Unix and Oracle
Si
Title: Message
I have worked with them and they have very
good support. We had to sync Novel NDS, 8 Active Directory Forests and a people soft
database.
Ryan
-Original Message-
From: Martin Tuip
[mailto:[EMAIL PROTECTED]
Sent: Thursday, March
27, 2003 4:40 PM
To
Why can I find examples of an AD design for an international origination?
I am working an a new AD design for when we deploy Windows 2003
Ryan
Finnesey
Diversified Solutions Group
72 Spring Street
New York New York 10011
212-274-1465
Phone
212-274-1452 Fax
917-667-4812 Mobile
Tacacs can use AD has it user database no
problem.
Ryan
-Original Message-
From: Marc Zukerman
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 2:02
PM
To: Active Directory List
Subject: [ActiveDir] TACACS
support
All,
Does anyone know what
running domainprep in the root domain, as would
be necessary if this domain
were to be used for e2k migration.
Darren.
-Original Message-
From: Ryan, John [mailto:[EMAIL PROTECTED]]
Sent: 31 May 2001 15:03
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Pros and Cons f an "
Title: RE: [ActiveDir] Pros and Cons f an "empty" top level domain
If you are plannning the deployment as part of an NT4-Win2K migration, another advantage of the empty root domain is the ability to set the domain in Native Mode immediately. A native mode domain is important in an Exchange 20
83 matches
Mail list logo