|
2 Small Networks in one new building
We are about to move into a 75 user building. 1 company has ~50 users and
company #2 has about ~25 users. These two companies have NO relations to
each other except sharing the same server room. I have been managing AD
2003 / Exchange 2003 for the 75 user office, but I must now make sure I
accomodate the other company into our network.
Since they already have their AD / we have ours ...
|
1 |
13.07.2007 08:10:04 |
|
|
Active Directory Domain Rename - Not Difficult At All
Below is an edited version of the document we created after our Domain
Rename project. Hope it's helpful, hope the formatting stays intact.
Introduction
On June 29th our Systems Team successfully performed an Active
Directory Domain Rename. In our research we found that this task
appeared to be one which struck fear in the hearts of Windows
Administrators the world over. It was very eas...
|
2 |
13.07.2007 07:20:48 |
|
|
Vista and loginscript
Hi
I have just aquired a new notebook with Windows Vista Business so that I
could test it with our normal setup. We normally use Windows XP on all client
computers.
I have joined the Vista to the AD and logged on as my self but it doesn't
seem to run the loginscript?
Is there any issues regarding being a administrator and running loginscripts
in Vista?...
|
1 |
13.07.2007 06:36:01 |
|
|
Schema - show attribute
Hello, does someone know how to make an attribute display in an object's
Properties page?
I'm trying to get an attribute to show up as a tab or a field if possible in
the Properties page but have no luck. Not sure which node and object to
modify.
thanks,
Tin Cao
...
|
4 |
13.07.2007 02:12:10 |
|
|
tombstoned objects in AD
Where can i view the tombston objects in active directory? any articles would
be great...
|
3 |
12.07.2007 23:26:01 |
|
|
RADIUS (IAS) and Cisco Concentrator?
Has anyone used a IAS RADIUS server to authenticate users on a Cisco
Concentrator, I'm struggling to get this to work and would like to ask a
couple of questions.
The Cisco forum hasn't been to helpful.
...
|
20 |
12.07.2007 21:38:52 |
|
|
adprep failure, adding 2003 R2 x64 server to 2000 domain Options
I have only 1 DC in my 2000 domain, it is SP4 and up to date (patch
wise). The 2003 R2 server is x64, so I got the hotfix KB919151 from
microsoft. While running the adprep /forestprep (on the current dc
server as administrator) it errors out.
basically it is erroring out on two points.
"Adprep was unable to complete because the call back function (null)
failed.
Error mess...
|
20 |
12.07.2007 21:26:17 |
|
|
Child Domain
Hello,
At our organization, we have the domains, example.com and
win.example.com. It looks like win.example.com was setup as a Domain
in a new forest. Is it possible to make win.example.com a child
domain of example.com?
More specifically, example.com was our initial domain for
administration. Eventually, we created win.example.com for students.
Users were scripted from our SIS and E...
|
5 |
12.07.2007 21:06:48 |
|
|
Question Regarding Microsoft Security Bulletin MS07-039 - Vulnerability in Windows Active Directory Could Allow Remote Code Execution
I was reading through the Microsoft Security Bulletin for MS07-39
(Vulnerability in Windows Active Directory Could Allow Remote Code
Execution 926122); and had a question regarding the deployment of this
patch:
My understanding was that this patch resolves an issue with Active
Directory servers (i.e. Domain Controllers) and that this patch would
only need to be installed on our DCs. Howeve...
|
3 |
12.07.2007 20:55:07 |
|
|
Issue with delegation
Hello All,
I have delegated permissions to some of my staff on certain OUs (including
the default computers containers) to add and remove workstations to domain
yet they are unable to add machines onto the domain. The only way that seems
to work of course is by making the staff Domain Admins and that is certainly
something I do not want to do.
When prompted by the workstation for credent...
|
3 |
12.07.2007 20:53:25 |
|
|
Network Users password expired
Hi,
We have two Windows 2003 DC Servers. We have about 8 Windows Member Servers.
We have about 100 client users.
Out of 100 clients only 20 have access to login to the member servers so
they know when their password is going to expire with the default prompt of
14 days.
However, the other 80 users login to domain using shortcut to map to member
servers. Their workstations are not joi...
|
5 |
12.07.2007 20:27:24 |
|
|
FSMO roles transfer
If a DC that is holding the FSMO roles failed and I have a secondary DC in
the same domain, is there a way to raise the role of this secondary DC to
hold the FSMO roles of the failed DC?
Thanks,
sK ...
|
4 |
12.07.2007 20:18:35 |
|
|
Password Change Policy
Just over two weeks ago I changed my Domain Policy to make sure that
every 28 days my users had to change their password. Shortly
afterwards I started receiving a large volume of calls all relating to
the policy which was stopping users get access to network drives, e-
mails and dialling into the network.
At this time I decided to edit the policy to the following:
Enforced Password histo...
|
3 |
12.07.2007 20:10:45 |
|
|
Password Reset function in AD
>From what I understand, if an administrator uses the 'reset password'
function in AD, they are able to bypass the security setting requiring
that password to be different than the previous X amount. Is there any
way to prevent this?
For instance, if I have the password policy requiring a change every
90 days, and it can't be one of the last 24. An admin can bypass this
and just set it ...
|
2 |
12.07.2007 20:00:24 |
|
|
Is it possible to have a user account in two OUs
My colleague and I are creating accounts for our "External Users &
Groups" OU in Active Directory. The issue is that there are 20+
users
in another OU called "FTP Customers" that we also want to put in the
External Users & Groups OU and we don't see anything in the AD menus
that looks like it would give us the capability to do so.
The "External Users & Groups" OU is for people who are imp...
|
6 |
12.07.2007 19:32:29 |
|
|
External Trust and Sid Filtering...
Hi,
I would like to create an external trust with another domain (Windows 2000).
I did a search online and found a Technet article that I don't quite
understand. In the article it says:
Impact of SID filtering
SID filtering on external trusts can affect your existing Active Directory
infrastructure in the following two areas:
• SID history data that contains SIDs from any domain ...
|
1 |
12.07.2007 19:12:01 |
|
|
Preparing a DC for a remote site.
I have prepared a server to become a DC at a remote site for DR. At our main
office i have 2 DC's both global catalog servers, DNS and DHCP. I have
created a system state backup of on of the main DC's to restore to the DR
site using dcpromo /adv.
The DR site is a seperate subnet. I will be setting the DC up as a global
catalog server. I have already installed DNS on the server, i will ...
|
4 |
12.07.2007 18:24:00 |
|
|
Effective Permissions Confusion
I've been using the Effective Permissions tab to look at Read/Write
permissions of User attributes in Active Directory. However, what I'm
seeing there doesn't seem to reflect the actual permissions. For
example, we have an account that is a member of the Account Operaters
group. It's used to make nightly synchronizations of various user
fields like phone number, etc. from our ERP system. ...
|
3 |
12.07.2007 18:08:55 |
|
|
Need help setting up resticted groups correctly
I have some questions setting up the restricted groups policy.
My OU Structure is like so
Domain
|
Devices
|----------------Restricted groups GPO is applied here
Workstations
|
Desktops
I have the restricted groups setup to allow local domai...
|
2 |
12.07.2007 17:28:18 |
|
|
restore user object that has been deleted 4 months ago...
Hi..
I have a user accts that has been deleted several month ago , perhaps about
4 months ago.. However, I have been asked to restore this user acct, is this
possible ?? I assume I would not be ale to since the default tombstone date
has been exceeded (60 days)..
Is there anyway I can restore this user object . I do have a systemstate
backup from 4 months ago..and I am running Win2003 SP...
|
2 |
12.07.2007 17:22:52 |
|
|
Deployed VS Scripts _never_ executes - HELP!
Hi,
I have a bunch of .VBS files that I have deployed through Active Directory
to run when a user log on a system. I have deployed applications and they
work great. But the VBS? Never even runs, I dont even get as much as an error
when I log on and they are supposed to kick in.
Is it something Ive forgotten. Ive followed the routine to do this very
carefully and tested my scripts, an...
|
3 |
12.07.2007 16:54:19 |
|
|
Alternative to renaming AD domain
Hello,
We have Windows Server 2003 Standard and Exchange Server 2003.
Currently the domain name is company.com but it should be
corp.company.com. Our website is hosted externally so right now I
have to create a DNS entry to have it forward any www.company.com
requests to our website. Having company.com be our domain is causing
other domain issues. I am unable to have an "A" record for h...
|
2 |
12.07.2007 16:38:07 |
|
|
Granting rights to shutdown, and restart services
I need to grant an operator to to shutdown, and restart services of
about 300 Windows 2003/windows 2000 Servers without granting Admin
rights..
Can someone please guide me the specific rights I can use to do it
using a group policy?
thanks
...
|
4 |
12.07.2007 16:11:26 |
|
|
Active directory 2003 migration
I am testing migration for inter-forests. I can migrate computer but it
doesn't change domain membership after migration.
Please help
--
vu...
|
5 |
12.07.2007 15:12:05 |
|
|
multivalued RDN in ADAM
Hello,
does someone know if there is any way to ADAM supports a multivalued RDN ?
I got a ldif files that have the multivalued RDNs, and I have to import them
into ADAM server directory tree. Does it possible?.
I've tried to use a utility ldifde.exe but I got an error 0x209e: The
directory service encountered an error parsing name.
0000209e: UppErr: DSID-030502c2, problem 6001 <NAME_...
|
2 |
12.07.2007 15:02:46 |