Title: Message
Shouldn't be a problem. Just make sure the DC doesn't hold any FSMO roles
when you pull it. After that, use NTDSUTIL to clean up the metadata, and be sure
to delete the related DNS records as well. There are at least a couple of KB
articles on doing this. http://support.microso
can you do a backup of one of your existing DC's
and then DR it to a new (already offline) machine ??
G.
- Original Message -
From:
Simpsen,
Paul A. (HSC)
To: [EMAIL PROTECTED]
Sent: Friday, July 04, 2003 7:31 AM
Subject: [ActiveDir] Taking DC
Offline
Title: Message
How
are they planning on doing those tests? If they just want to test the password
complexity/strength it isn't required to give them a whole DC, only a hash dump
of the password in the DIT which can be done via pwdump3. Then they can use
lc3/4 to go through the text file hash
Paul,
I'm somewhat mystified by the request. I might be
completely missing the point, but unless the scan is going to be destructive,
what is the value of giving the Security Director a DC that has been taken
off-line? I do agree with what others have said here to this point (remove
conn
: RE: [ActiveDir] Taking DC
Offline
Paul,
I'm somewhat mystified by
the request. I might be completely missing the point, but unless the scan
is going to be destructive, what is the value of giving the Security Director a
DC that has been taken off-line? I do agree with what others have
o:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Taking DC
Offline
Paul,
I'm
somewhat mystified by the request. I might be completely missing the
point, but unless the scan is going to be destructive, what is the value of
giving the Security Director a DC that has been taken off-line? I do a
: Joe
[mailto:[EMAIL PROTECTED] Sent: Friday, July 04, 2003 11:14
AMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Taking DC Offline
How
are they planning on doing those tests? If they just want to test the password
complexity/strength it isn't required to give them a whole DC, o
riginal
Message-From: Rick
Kingslan [mailto:[EMAIL PROTECTED]] Sent: Friday, July 04,
2003 4:51
PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Taking DC
Offline
Paul,
I'm
somewhat mystified by the request. I might be completely missing the
point, but unless the scan is going
say no! J
Thanks for all the
responses, there might be some other options.
Paul
-Original
Message-From: Rick
Kingslan [mailto:[EMAIL PROTECTED]] Sent: Friday, July 04,
2003 4:51
PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Taking DC
Offline
Paul,
I&
: Monday, July 07, 2003 9:24
AMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Taking DC Offline
The
security folks *shouldn't* be admins. Kinda defeats the purpose in a lot of
ways.
--
Roger D. Seielsta
: Joe
[mailto:[EMAIL PROTECTED]
Sent: Friday, July 04, 2003 10:14 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Taking DC
Offline
How are they planning on
doing those tests? If they just want to test the password complexity/strength
it isn't required to give them a whole DC, only a
ven dump enhanced id's with a few extra calls though it would slow the program
down a bit.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Simpsen, Paul A. (HSC)Sent: Monday, July 07,
2003 4:09 PMTo: [EMAIL PROTECTED]Subject: RE:
long they will plug away
at the security database before declaring that a password is deemed to be
secure enough ?
Glenn
- Original Message -
From:
Joe
To: [EMAIL PROTECTED]
Sent: Tuesday, July 08, 2003 7:54
AM
Subject: RE: [ActiveDir] Taking DC
Offline
e-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of GRILLENMEIER,GUIDO (HP-Germany,ex1)Sent:
Monday, July 07, 2003 9:41 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Taking DC
Offline
In a
way you should be happy they asked you, before just running a password
ople thinking about other
things which can be done easily with a batch file :-)
Steve
-Original Message-From: Joe
[mailto:[EMAIL PROTECTED] Sent: 07 July 2003
20:26To: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Taking DC Offline
Check out unlock at www.joeware.net. Its free
d save it as a .cmd file
It's
hardly elegant but it's easy to create and might get people thinking about
other things which can be done easily with a batch file
:-)
Steve
-Original Message-From: Joe
[mailto:[EMAIL PROTECTED] Sent: 07 July 200
ilto:[EMAIL PROTECTED]
Sent: Tuesday, July 08, 2003 8:33 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Taking DC
Offline
nice
tool Joe, but you should add a time filter. In an attack-scenario (be it
hacker or auditors), you don't necessarily want to unlock all the locked
, July 07, 2003 7:37
PMTo: [EMAIL PROTECTED]Subject: Re:
[ActiveDir] Taking DC Offline
Personally I dont see a problem with the audit /
security guys attempting to crack high-level user ID's, as these are
potentially the greatest threat to the security of the
environment.
Th
n an admin.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Steve RochfordSent: Tuesday, July 08, 2003 7:53
AMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Taking DC Offline
I
know that your program is far better than any script but an unlock
]Subject: RE: [ActiveDir] Taking DC
Offline
nice
tool Joe, but you should add a time filter. In an attack-scenario (be it
hacker or auditors), you don't necessarily want to unlock all the locked
accounts you find - instead you want to unlock the ones that were locked after
a spe
(Joost)Sent: Tuesday, July 08,
2003 10:05 AMTo: '[EMAIL PROTECTED]'Subject:
RE: [ActiveDir] Taking DC Offline
This
vbscript unlocks all users in a OU, modify for your needs
while
TRUE
Set objOU =
GetObject("LDAP://OU=Spider,OU=Betalingsverkeer,DC=rnbvu,DC=r
21 matches
Mail list logo