Re: Powershell question - listing groups a user belongs to, and the notes/description of the group

2012-09-26 Thread KenM
With Quest get-qadmemberof USERNAME | Select name, notes On Wed, Sep 26, 2012 at 10:44 AM, Michael Leone wrote: > I have this request to list all the groups a specific set of users > belong to. Since we use groups to control ACLs, this can (effectively) > be a listing of all the shared folders

Re: Powershell reg binary issue

2012-03-26 Thread KenM
By default set-itemproperty creates a REG_SZ value so to create a reg_binary you will need to use new-itemproperty so try this $path="Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" $path2="Registry::HKEY_USERS\.DEFAULT\Software\Microsoft\Windo

Re: H: (homedrive)

2012-03-09 Thread KenM
One share for all home drives. Use ABE so not all folder are visible and use NTFS perms to secure. To much management overhead for a separate share for each user folder. On Fri, Mar 9, 2012 at 12:18 PM, David Lum wrote: > Do you guys create individual shares for each user, or do something > d

Re: A Little Help Needed

2012-03-08 Thread KenM
You will need to change DNS settings on those computers to point to a DNS servers in Domain 1 either static or through the DHCP scope. Also setup a new site in AD and define the subnet. On Thu, Mar 8, 2012 at 9:17 AM, Christopher Bodnar < christopher_bod...@glic.com> wrote: > Not sure you reall

Re: utility to output service status

2012-02-16 Thread KenM
You can use Powershell get-service "Spooler" | Select Name, Status For multiple computers and service $Computers = "comp2", "comp1" $Computers | Foreach { Get-Service "Spooler", "W32Time" -computername $_ } | Select Name, Status | Export-Csv d:\temp\ser.csv -NoTypeInformation On Thu, Feb 1

Re: Powershell Script

2012-01-25 Thread KenM
here is another example for hours, i had days before Get-QADUser -Disabled -ModifiedAfter (get-date).addhours(-3) On Wed, Jan 25, 2012 at 12:17 PM, KenM wrote: > You will not be able to pull that info from AD. The best you could do is > search for all disabled users and th

Re: Powershell Script

2012-01-25 Thread KenM
You will not be able to pull that info from AD. The best you could do is search for all disabled users and then the modifytimestamp attribute something like this with quest ad cmdlets get-qaduser -disabled -modifiedafter 1/24/2012 or Get-QADUser -Disabled -ModifiedAfter (get-date).adddays(-1)

Re: Not even sure how to look this one up

2012-01-06 Thread KenM
there is also one posted on a MS KB http://support.microsoft.com/kb/817433 resetaccountsadminsdholder.vbs On Fri, Jan 6, 2012 at 7:35 PM, Kurt Buff wrote: > On Fri, Jan 6, 2012 at 14:21, David Lum wrote: > > As a matter of fact, yes they were. I think early on messing with these > guys >

Re: Not even sure how to look this one up

2012-01-06 Thread KenM
to use > ADSIEDIT right? > > ** ** > > *From:* KenM [mailto:kenmli...@gmail.com] > *Sent:* Friday, January 06, 2012 1:49 PM > *To:* NT System Admin Issues > *Subject:* Re: Not even sure how to look this one up > > ** ** > > Were these accounts ever membe

Re: Not even sure how to look this one up

2012-01-06 Thread KenM
Were these accounts ever members of a protected group like Domain Admins? Check the admincount attribute and see if it is set to 1 On Fri, Jan 6, 2012 at 4:31 PM, David Lum wrote: > I have two users in AD and if I look at the security tab the permissions > are different. I want to make them t

Re: Can you have all members of and OU automatically not be members of Domain users

2011-11-18 Thread KenM
uot;} Remove-ADGroupMember "Domain Users" $user -Confirm:$False } On Fri, Nov 18, 2011 at 6:13 PM, KenM wrote: > You would need to add the user to another group and set that to the > primary group. Then remove them from "Domain Users". Here is powershell > exa

Re: Can you have all members of and OU automatically not be members of Domain users

2011-11-18 Thread KenM
You would need to add the user to another group and set that to the primary group. Then remove them from "Domain Users". Here is powershell example to set the primary group, and you could use remove-adgroupmember to remove "Domain Users". http://social.technet.microsoft.com/Forums/en/winserverpow

Re: Delegation question

2011-11-18 Thread KenM
Have you tested their ability to reset these accounts? I would guess that they are not able to right now due to the adminsdholder\sdprop. http://blogs.technet.com/b/askds/archive/2009/05/07/five-common-questions-about-adminsdholder-and-sdprop.aspx http://theessentialexchange.com/blogs/michael/arc

Re: Show lines in a text file that DONT contain OK

2011-10-26 Thread KenM
*** > > ** ** > > J > > ** ** > > gc c:\test.txt | select-string –SimpleMatch –Pattern “OK” > > ** ** > > Regards, > > ** ** > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com >

Re: Show lines in a text file that DONT contain OK

2011-10-26 Thread KenM
Here is a poweshell example get-content c:\test.txt | Where {$_ -notmatch "OK"} On Wed, Oct 26, 2011 at 7:15 AM, Rankin, James R wrote: > You could probably strim a load of useless crap out of batch files I have > been using and re-using for years. Hopefully my PowerShell will be less > unnec

Re: Who was it, and can I get a link...

2011-10-24 Thread KenM
It was made by Don Hacherl on the activedir.org list a few years ago. "I have to make a comment here, as I've heard this too many times. You do, in fact, have a lab environment. What you do not have is a production environment." ** On Mon, Oct 24, 2011 at 8:47 PM, Kurt Buff wrote: > Sunbelt

Re: Script to fill in last user - ok real Q this time.

2011-10-20 Thread KenM
Info On Thu, Oct 20, 2011 at 11:04 AM, David Lum wrote: > Uh…there’s nothing further to that script, I just saved as .VBS and pointed > a GPO at it as a logon script. If I double-click on it it does nothing > discernible (I realize like a .CMD file it can do stuff while appear

Re: Script to fill in last user - ok real Q this time.

2011-10-20 Thread KenM
n Issues > *Subject:* RE: Script to fill in last user - ok real Q this time. > > ** ** > > Ooo nice, totally overlooked the GPO potential on > this bad boy. > > ** ** > > *From:* KenM [mailto:kenmli...@gmail.com] > *Sent:* Wednesday,

Re: Script to fill in last user - ok real Q this time.

2011-10-19 Thread KenM
How are you running this? I would create a GPO and link to the OU you have the computers in. Under the user config assign this as a login script and also enable loopback processing for the GPO so it is applied to users. On Wed, Oct 19, 2011 at 4:49 PM, David Lum wrote: > OK I’ll try not to k

Re: Granting delegation in powershell

2011-10-14 Thread KenM
Take a look at this blog post. If you do not have the MS AD cmdlets you can modify the functions. http://www.damianflynn.com/2011/08/23/ad-delegating-control-in-powershell/ 2011/10/14 Joseph L. Casale > Anyone know of a native way to grant delegation over an ou to a user > without the QAD cm

Re: Powershell question

2011-01-04 Thread KenM
download the Quest AD cmdlets get-qadgroupmember GROUPNAME | Select Name | out-file c:\users.txt On Tue, Jan 4, 2011 at 4:08 PM, Joseph Heaton wrote: > I found this really simple powershell script that will list all members of > a specified AD group. What I'd like to do is then pipe that to a

Re: PowerShell query

2010-11-23 Thread KenM
There are a few from manning that are realy good http://www.manning.com/siddaway/ http://www.manning.com/payette/ And also the powershell cookbook http://oreilly.com/catalog/9780596528492 And take a look at the powerscripting podcast. http://powerscripting.wordpress.com/ On Tue, Nov 23, 20

Re: Domain Logon issues when a DC is down

2010-11-17 Thread KenM
Are both DCs DNS servers and the clients pointing to both for resolution? Are your clients XP, take alook to see if this applies? http://support.microsoft.com/kb/939252 On Wed, Nov 17, 2010 at 4:07 PM, Dave Vantine wrote: > Yes > > > On Wed, Nov 17, 2010 at 3:54 PM, Michael B. Smith > wrote

Re: Questions on the Application of Restricted Groups to Local Groups on Servers, Workstations

2010-11-12 Thread KenM
There are a few ways you can do this. One would be in the restricted group settings, create new group. The name would be the local group of the server so Administartors and "Power Users". Add the local admin account and whatever domain accounts in there. The other way would be to add a Domain Group

Re: Restricting groups in Active Directory

2010-09-30 Thread KenM
William Back when Win2k came out the empty root was the recommended setup because the security boundary was the domain. But since then Microsoft's stance has changed and the security boundary is the forest. So they do not recommend the empty root. I have been to several conferences and have listen

Re: Restricting groups in Active Directory

2010-09-30 Thread KenM
"I see. And how many directories have you designed for Fortune 500 companies?" That made me laugh. On Thu, Sep 30, 2010 at 4:38 PM, William Robbins wrote: > I see. And how many directories have you designed for Fortune 500 > companies? > > I'm protecting them from people that think it's n

Re: OT RE: Small server

2010-09-28 Thread KenM
10K is not that long. I did a Olympic distance triathlon a few years ago and the run was 10k. I want to try to do a full marathon some day but can never stick to training that long. On Tue, Sep 28, 2010 at 2:58 PM, Michael B. Smith wrote: > Darn close to 10K! > > > > Regards, > > > > Michael

Re: Handling AD Direct Reports

2010-09-23 Thread KenM
looking at that agian that is incorrect it should be this (get-aduser USERNAME -properties directreports).directreports | %{set-aduser $_ -manager (get-aduser USERNAME)} On Thu, Sep 23, 2010 at 11:21 AM, KenM wrote: > with the AD cmdlets you can do something like this, again not tested

Re: Handling AD Direct Reports

2010-09-23 Thread KenM
with the AD cmdlets you can do something like this, again not tested so syntax maybe incorrect. First user is the old principal and senond would be the new one there ane may ways to do this and this is just one quick one. get-aduser USERNAME -properties directreports | %{set-aduser $_ -manager (

Re: Powershell to get all users details from AD

2010-09-23 Thread KenM
Typo in first MS should be get-aduser. and if you want all users. Test first syntax may not be correct did not test. get-qaduser | %{get-qaduser $_ -properties * | fl} get-aduser -filter * | %{get-aduser USERNAME -properties * | fl} On Thu, Sep 23, 2010 at 10:00 AM, KenM wrote: > Qu

Re: Powershell to get all users details from AD

2010-09-23 Thread KenM
Quest cmdlets get-qaduser USERNAME -includedproperties * | fl MS AD cmdlets get-qaduser USERNAME -properties * | fl On Thu, Sep 23, 2010 at 5:56 AM, Oliver Marshall < oliver.marsh...@g2support.com> wrote: > Hi > > > > Does anyone know of a powershell script/syntax that I can use to get a

Re: DS Commands

2010-08-25 Thread KenM
Not sure if Powershell is an option for you but it is easy with the AD cmdlets or the quest cmdlets. AD get-adgroupmember GROUP1 | %{add-adgroupmember GROUP2 $_} Quest get-qadgroupmember GROUP1 | add-qadgroupmember GROUP2 On Wed, Aug 25, 2010 at 7:53 PM, Sean Martin wrote: > Ok, I thought

Re: script SSID for wireless configs

2010-05-22 Thread KenM
To the OP. I did not read through the whole chain so if this has been posted sorry for the repost. This may work for you. http://technet.microsoft.com/en-us/library/bb878069.aspx The last time I used this was a few years ago on XP so I am not sure about newer OS's. We were migrating from WEP to WP

Re: SBS Server 2003 “The local policy of this syst em does not permit you to logon interactively.”

2010-05-01 Thread KenM
How are you trying to login, through the console or over RDP? It sounds like you changed a GPO or local policy to allow the new BE account to login local to the server. By doing this you only allowed this account and denied all others. Are you able to logon to the server with the new BE account?

Re: Deleting extend.dat while outlook is open

2010-04-30 Thread KenM
I agree with Ben on this one. I have run into this a few times and just put it in the users login or computer startup script through gpo On 4/30/10, Ben Scott wrote: > On Fri, Apr 30, 2010 at 2:23 PM, Erik Goldoff wrote: >> The issue at hand is after removal, when outlook starts, the SAV9 plug

Re: replication-received latency warning - DC 3 months behind

2010-04-26 Thread KenM
If exchange is installed I would not dcpromo. I would do a nonauth restore if the ss is good. On 4/26/10, David Lum wrote: > I see Brian Desmond already answered this question, but the server I just > brought back to life is an SBS machine - should I still DCPROMO demote then > promote this ser

Re: Security - Marc Maiffret

2010-04-17 Thread KenM
I agree that TEC is a great conference to go to. This will be my third year going. Lots of really smart people to meet and listen to. I saw Brett's presentaion last year at Vegas and thought the same thing as you. I saw Brian Desmonds presentaions last year and thought they were excellent, looing f

Re: log levels

2010-02-19 Thread KenM
"Crashing", is this just an app or is the computer itself crashing. If it is the computer configure it to create a dump file and look at that. If it is a app you can use adplus. On Fri, Feb 19, 2010 at 9:26 AM, John Aldrich wrote: > Is there any way to increase the verbosity of the informatio

Re: Easy way to scan all security logs on Domain connected PC's

2010-02-08 Thread KenM
You could use eventcombmt On Mon, Feb 8, 2010 at 11:13 AM, Michael Waltonen wrote: > If you have remote administration access enabled workstations (GPO > firewall exception needed, if you don’t), you could perform a WMI query to > Win32_NTLogEvent for the pertinent event IDs and username. >

Re: Issue with Seeing ALL OU's in Tree from LDP.exe

2009-12-08 Thread KenM
Check your version of LDP, i had some strange issues with older versions not showing all OU's. On Tue, Dec 8, 2009 at 11:16 AM, Ziots, Edward wrote: > All, > > > > I am trying to search and view all the Objects with the LDP.exe Utility > from Windows Support Tools, and only get it to return

Re: Trying to save myself a bit of work

2009-11-30 Thread KenM
You can use powershell to find out. http://richardsiddaway.spaces.live.com/Blog/cns!43CFA46A74CF3E96!2617.entry On Mon, Nov 30, 2009 at 8:30 AM, James Rankin wrote: > I was just wondering if the leap year made much difference to it - just > done some calcs and it makes no difference whatsoe

Re: Google Wave Invite Available

2009-11-25 Thread KenM
I have a few also. Email me off list if interested. On Wed, Nov 25, 2009 at 10:51 AM, Sherry Abercrombie wrote: > Hmm, I guess some of us are more special than others, I got 8 invites to > hand out immediately.;) > > Anyone interested, email me off-list please. > > On Wed, Nov 25, 2009 at

Re: Google Wave Invite Available

2009-11-23 Thread KenM
I would like one if anyone has any still avalible. On Mon, Nov 23, 2009 at 12:16 PM, Andrew Laya wrote: > I also have some available. > > Andrew > > > > On Mon, Nov 23, 2009 at 12:01 PM, Steve Ens wrote: > >> OK >> >> >> On Mon, Nov 23, 2009 at 10:57 AM, Haralson, Joe (GE Comm Fin, non-GE) <

Re: AD Reports

2009-11-16 Thread KenM
For group membership I like using the Quest AD powershell cmdlets. To get the OU's I would use ADFIND with the OU as a base, this could also be done with powershell or a vbscript. Or you could output all the users DN's and have a script parse all of them. On Mon, Nov 16, 2009 at 12:46 PM, Tres

Re: Network diag software

2009-11-15 Thread KenM
Can you provide some more detail as to what you are trying to accomplish. Maybe what equipment you are working with. On Sun, Nov 15, 2009 at 12:52 AM, HELP_PC wrote: > Is there a tool that can make a diagnostic on a network but also giving > suggestions on abnormal values and interpreter the

Re: Constantly getting locked of 2003 domain

2009-10-21 Thread KenM
I didnt read through all the replies so I do not know if this was recomended or not http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en On Wed, Oct 21, 2009 at 7:40 PM, Jimmy Tran wrote: > Joe: When I go to control panel > user account

Re: Query Terminal Service Roaming Profiles

2009-10-21 Thread KenM
you can do this pretty easy in VBScript Set objUser = GetObject(LDAP://DNofUser ) WScript.Echo Objuser.TerminalServicesProfilePath And if you want all users you can search AD using ADO. On Wed, Oct 21, 2009 at 6:06 PM, Sean Martin wrote: > I'm sure this has been asked

Re: Delegate permission: Reset Domain Admin passwords

2009-10-05 Thread KenM
> > * * > > *c - 312.731.3132* > > * * > > *Active Directory, 4th Ed** - http://www.briandesmond.com/ad4/* > > *Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian* > > * * > > *From:* KenM [mailto:kenmli...@gmail.com] > *Sent:* Monday, October

Re: Delegate permission: Reset Domain Admin passwords

2009-10-05 Thread KenM
Are all of you DA accounts in the same OU? If so just delegate the right to reset passwords for the helpdesk on the OU. On Mon, Oct 5, 2009 at 11:26 AM, Christopher Bodnar < christopher_bod...@glic.com> wrote: > We have a requirement that our helpdesk be delegated the right to reset > passwo

Re: Why is Windows Time service crap?

2009-09-18 Thread KenM
For the most part the windows time service is pretty reliable. For the problems you discribed it is either misconfigured or hardware. Take a look at these links. I have 75+ DC's and over 20,000 workstations across the US and windows time runs fine. http://blogs.dirteam.com/blogs/jorge/archive/20

Re: Copy profile utility

2009-08-27 Thread KenM
I have never used the CopyProfile utiliy but I have used moveuser and several others. One of the biggest problems I have seen with all the utilities are permissions or files in use. Beofre running the utilities check permissions and reboot the computer to clear any files that are in use. And when y

Re: Managed Services

2009-07-20 Thread KenM
I have a friend who sells managed services. In my opinion they are great fro the small company who does not have an IT staff or are under staffed and do not have the time to make sure AV is updated, Backups are completing and several other things the managed service provides. email me off list and

Re: Installing Outlook 2007 on a server?

2009-07-13 Thread KenM
you really > want to check on the server. Then you are just using IE which is installed > anyway, and rules run when the messages show up without having Outlook on > the DC, or exchange server. > > > > -Original Message- > From: KenM [mailto:kenmli...@gmail.com] >

Re: Installing Outlook 2007 on a server?

2009-07-13 Thread KenM
I would highly recomend against either. You should not be checking mail on a DC. and outlook should not be installed on an exchange server becuase of the mapi.dll. If I were you and needed outlook to be running all the time I would create a VM or get a old workstation. On Mon, Jul 13, 2009 at

Re: Win2003 DC on Win2000 domain

2009-07-07 Thread KenM
m Admin Issues > *Subject:* Re: Win2003 DC on Win2000 domain > > Agreed. The only difference is since you have Exchange on a DC you might > want to make a 2000 DC on some desktop as a fall back. Once the fall back > is finished with the sync turn it off. Do the domain/forest prep

Re: Win2003 DC on Win2000 domain

2009-07-07 Thread KenM
Why not just install 2003 on the new hardware run dcpromo /forestprep and /domainprep and run dcpromo on 2003 servers and transfer roles. On Tue, Jul 7, 2009 at 9:54 AM, Erik Goldoff wrote: > Client wants to bring in two new servers ( forklift new hardware ) into > their current Windows 200

Re: Problem joining domain from DMZ

2009-05-20 Thread KenM
Your security guys will not like the answer but you will have to open all ports above 1024. RPC uses a random port. Or you could assign a static port and have them open that up. Check out this KB. http://support.microsoft.com/kb/832017/ When you use RPC with TCP/IP or with UDP/IP as the tran

Re: Mapping drive to a computer outside of its domain

2009-05-16 Thread KenM
Why would you have a local user account that matches your domain account on a isolated network? Dont you change your domain password, if not that would be hard to keep them all insync? I am guessing the issue you are having is this. When you log into your laptop you are using a cached domain

Re: 2003 R2

2009-04-30 Thread KenM
(objItem.OtherTypeDescription, "R2") Then > WScript.Echo "This computer is running Windows Server 2003 R2." > Else > WScript.Echo "This computer is not running Windows Server 2003 R2." > End If > Next > ' > = > On

Re: 2003 R2

2009-04-30 Thread KenM
or > > HKLM\SOFTWARE\Wow6432node\Microsoft\Windows NT\Currentversion > > > > My R2 servers show this minor revision number at 4478. > > > > -Bonnie > > > > *From:* KenM [mailto:kenmli...@gmail.com] > *Sent:* Thursday, April 30, 2009 7:10 AM > *To:

Re: 2003 R2

2009-04-30 Thread KenM
no WSUS for the servers. I need to do this with a script, a few hundred servers. On Thu, Apr 30, 2009 at 10:34 AM, Carol Fee wrote: > If you are running WSUS you will see it there > > *CFee* > > > ------ > *From:* KenM [mailto:kenmli.

Re: 2003 R2

2009-04-30 Thread KenM
eratingSystem and/or the operatingSystemVersion attributes on the computer > account in AD would be different for 2003 R2 machines. > > > On Thu, Apr 30, 2009 at 10:09 AM, KenM wrote: > >> I need to find all 2003 R2 servers in my domain. Is there any easy way of >> doin

2003 R2

2009-04-30 Thread KenM
I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~

Re: Win2k8-Gold Build Question

2009-04-23 Thread KenM
I have a single forest with three domains, one root and two child. The roor is empty so I am not to concered about that. The 2 childs have 1-30k users and 2 has 200k users. I have about 80+ DC's and all are GC's. The DIT size is about 1.5 gig in one and 2gig in the other domain. On Thu, Apr

Re: Win2k8-Gold Build Question

2009-04-23 Thread KenM
Just curious of your forest\domain setup. Are you single forest single domain? How many users? how large is your DIT file? I am trying to plan partition sizes for 2008 now as well. On Thu, Apr 23, 2009 at 8:18 AM, Christopher Bodnar < christopher_bod...@glic.com> wrote: > I am not recommend

Re: Replacing Win2k3 DC

2009-04-22 Thread KenM
If you are talking about FSMO roles netdom /query fsmo On Wed, Apr 22, 2009 at 12:56 PM, David W. McSpadden wrote: > I have 3 DC's in my Domain. I am at the life's end of one of them. I am > building a server to replace it. > I need to know how to determine what roles this server has so

Re: So let's say...

2009-04-14 Thread KenM
In order for IFM to work you need a DC up and running. You can not use IFM to do a recovery for a whole domain or forest. You may want to take a look at this http://support.microsoft.com/kb/263532 On Tue, Apr 14, 2009 at 5:38 PM, Phil Brutsche wrote: > All you need is the system state data. I

Re: Script problem...

2009-03-09 Thread KenM
If this is a vbscript I can take a look. Email me off-list. On Mon, Mar 9, 2009 at 3:02 PM, Eustace Doc wrote: > Ladies and Gents, > > I've got a script that was created by another Admin that suppose to pull > information from AD about each user and then populate a CSV file with the > informati

Re: Changing Account Settings en Masse

2009-03-05 Thread KenM
John It sounds like you do not like the command line. There are a few other options for this. I am assuming you are running 2003. Using DSA you can highlight multiple users in a OU and make this change. You could also create a search query for user objects and highlight the ones you want and make

Re: A simple yet...not so simple ??

2009-02-25 Thread KenM
ory=Person)(objectClass=User)(homeDirectory=\5c\5cmyServer*))" > -csv sAMAccountName givenName homeDirectory > c:\temp\scripts\adinfo\hd.csv > > I've tried this with and without the commas. > > thanks > > On Wed, Feb 25, 2009 at 1:20 PM, KenM wrote: >

Re: A simple yet...not so simple ??

2009-02-25 Thread KenM
is: > > > > > > dsquery * domainroot -filter > "(&(objectCategory=Person)(objectClass=User)(homeDirectory=\5c\5c\myserver))" > -attr sAMAccountName homeDirectory > c:\temp\scripts\adinfo\hdprofile.txt > > > > > > and with this: > > > >

Re: A simple yet...not so simple ??

2009-02-24 Thread KenM
try (homedirectory=\5c\5cdirectorypath) On Tue, Feb 24, 2009 at 9:48 PM, MarvinC wrote: > dsquery * domainroot -filter > "(&(objectCategory=Person)(objectClass=User)(homeDirectory=\\directorypath))" > -attr sAMAccountName homeDirectory > c:\temp\hdir.csv > > This "simple" query is suppose to

Re: Another scripting question

2008-09-05 Thread KenM
Can you post your script so we can see what it is doing. Also why are you taking ownership, If these folders were created using the users home drive path in ADUC then the local admins should have access and your can just run the script as a users who is in the local admins group. On Fri, Sep 5

Re: MS DHCP

2008-09-04 Thread KenM
services request on the production side > or lots will break J > > jlc > > > > *From:* KenM [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, September 04, 2008 2:51 PM > *To:* NT System Admin Issues > *Subject:* Re: MS DHCP > > > > If you do not have routing

Re: MS DHCP

2008-09-04 Thread KenM
If you do not have routing enabled how are you routing traffic from one subnet to another. On Thu, Sep 4, 2008 at 4:44 PM, Joseph L. Casale <[EMAIL PROTECTED]>wrote: > I need to implement a management vlan on a few HP switches, none of them > have IP routing enabled. > > Anyone got two dhcp ser

Re: Block Xobni through GPO

2008-09-03 Thread KenM
linked as an Add-in? > > On Wed, Sep 3, 2008 at 4:07 PM, KenM <[EMAIL PROTECTED]> wrote: > > Yes, I tried the software hash in both the computer and user policy and > > Xonbi still runs in outlook. The policy is in place because I am not able > to > > run the s

Re: Block Xobni through GPO

2008-09-03 Thread KenM
; But did you try it in the User GPO? > > On Wed, Sep 3, 2008 at 3:43 PM, KenM <[EMAIL PROTECTED]> wrote: > > That is what I tried already on the .exe files and some .dll files. > > > > > > > > On Wed, Sep 3, 2008 at 2:54 PM, Gavin Wilby <[EMAIL PROTECTE

Re: Block Xobni through GPO

2008-09-03 Thread KenM
That is what I tried already on the .exe files and some .dll files. On Wed, Sep 3, 2008 at 2:54 PM, Gavin Wilby <[EMAIL PROTECTED]> wrote: > Hash based software policy rule! > > > On Wed, Sep 3, 2008 at 6:16 PM, KenM <[EMAIL PROTECTED]> wrote: > >> Do you know

Re: Block Xobni through GPO

2008-09-03 Thread KenM
Do you know how to disable it through a user GPO. On Wed, Sep 3, 2008 at 11:17 AM, Micheal Espinola Jr < [EMAIL PROTECTED]> wrote: > My money is on being able to disable it via User GPO. > > On Wed, Sep 3, 2008 at 10:56 AM, KenM <[EMAIL PROTECTED]> wrote: > > I am

Re: Block Xobni through GPO

2008-09-03 Thread KenM
I am trying computer GPO, but if the user GPO will work I can use that to. Forgot to mention that we are running outlook 2007 and XPSP2. On Wed, Sep 3, 2008 at 10:46 AM, Michael Ross <[EMAIL PROTECTED]> wrote: > User gpo or machine gpo? > > > > *From:* KenM [mailto:[EMA

Block Xobni through GPO

2008-09-03 Thread KenM
Does anyone know how to block Xobni through group policy. I have tried all the .exe files and some .dll files through software restrictions and disabling the service but it still runs. I have blocked the installer but I can not figure out how to block it once it is installed. ~ Finally, powerful e

Re: Migration from Novell to Microsoft

2008-07-03 Thread KenM
2nd the quest NDS-Migrator. Used this to migrate a similar Novell environment to AD. And I am assuming if they have 100 Novell servers they have a few people on staff that can help you on the Novell side. On Wed, Jul 2, 2008 at 8:58 PM, lists <[EMAIL PROTECTED]> wrote: > http://www.quest.com/n

Re: Make a member server a domain controller

2008-06-23 Thread KenM
If you only had a single DC I would recomend to try and recover the box first. If that does not work rebuild the same server with same name and restore the system state backup. If that is not an option you will neeed to build a new server with the same name and follow this KB http://support.microso

Re: R: How to logon to 2 domains question

2008-06-12 Thread KenM
:43 PM, HELP_PC <[EMAIL PROTECTED]> wrote: > That is the case. I don't know if they will want to add a Corporate DC, > but in the meantime the DC is only for the local domain.(45 users ,were SBS) > > *GuidoElia* > *HELPPC* > > > -- &g

Re: AD reports

2008-06-12 Thread KenM
Just a word of warning if you decide to use this. This will not get the users Primary group or any nested groups the users may belong to. I do not know PS well enough to tell you how to get those but would be interested to see how this is done with PS if anyone knows. On Thu, Jun 12, 2008 at 12:

Re: How to logon to 2 domains question

2008-06-12 Thread KenM
Why dont you have a local DC from corp at your location. I would think you would have one so logins do not have to go across the WAN. Unless you only have a few users at your site, like 50 or less. On Thu, Jun 12, 2008 at 12:27 PM, HELP_PC <[EMAIL PROTECTED]> wrote: > > > > I moved some machines

Re: Still can't replicate (was Hosed DNS??)

2008-06-05 Thread KenM
If there is a 13509 warning following the 13508 it can be safly ignored. On Thu, Jun 5, 2008 at 3:24 PM, James Edwards <[EMAIL PROTECTED]> wrote: > Ken Schaefer wrote: > >> When you see errors in the event log, please open the event, and there is >> a little button that looks like two pieces o

Re: Still can't replicate (was Hosed DNS??)

2008-06-04 Thread KenM
]> wrote: > KenM wrote: > >> Have you seen this KB article. http://support.microsoft.com/?kbid=839880 >> >> > > Yes, I ran the diagnostics (except dcdiag, it says it can't find a dll, I > need to reinstall it) mentioned in my earlier post, but it doesn&#x

Re: Still can't replicate (was Hosed DNS??)

2008-06-04 Thread KenM
Have you seen this KB article. http://support.microsoft.com/?kbid=839880 On Wed, Jun 4, 2008 at 2:45 PM, James Edwards <[EMAIL PROTECTED]> wrote: > Terry Fryrear wrote: > >> I would check my sites and services to see how you are replicating. Then >> try >> replmon >> >> > > I've been runni