Activedirectory Mailing List Threads

What about isolated networks, how will MKS et al work? (was: Re: OT: KMS on Win2k3 sp1)

Mon, 26 Mar 2007 08:55:52 GMT

Just a little question: What about those computers that are *truly* isolated (ie, they don't have and won't have any kind of connection to the 'net?) I guess they won't be able to *ever* use Vista, am I right?? We do quite a bit of work with the military and defense-related companies. Most, if not all, of the different security guidelines specify no internet connection at all, ever, for *any* of the computers on the network. ...

Password Policy and Adding Account Objects

Sat, 24 Mar 2007 01:43:05 GMT

I have some C that creates accounts. On one customer system apparently the password policy is a problem. From the response to the ldap_add the error is LDAP_UNWILLING_TO_PERFORM error=0000052D which is 1325 in decimal which looks like a Windows error code: ERROR_PASSWORD_RESTRICTION "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement of the domain." ...

OT:WARNING! Windows Server 2003 SP2 ,May Destroy Your ISA Firewall without Warning:

Sat, 24 Mar 2007 01:39:05 GMT

Thomas Shinder Blog � Blog Archive � WARNING! Windows Server 2003 SP2 May Destroy Your ISA Firewall without Warning: http://blogs.isaserver.org/shinder/2007/03/23/warning-windows-server-2003-sp2-ma y-destroy-your-isa-firewall-without-warning/ You cannot host TCP connections when Receive Side Scaling is enabled in Windows Server 2003 with Service Pack 2: http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695 List info ...

OT: KMS on Win2k3 sp1

Fri, 23 Mar 2007 19:07:06 GMT

http://www.microsoft.com/downloads/details.aspx?familyid=81d1cb89-13bd-4250-b624 -2f8c57a1ae7b&displaylang=en&tm Key Management Service for Windows Server 2003 SP1 and later enables enterprise customers to activate Windows Vista Volume Licensing client machines. (36) ...

OT: Testing new Blackberry

Fri, 23 Mar 2007 13:13:24 GMT

Sorry testing new BB posting capabilities. Mark Regards, Mark Parris Base IT Ltd. Active Directory Consultancy Tel +44(0)7801 690596 Registered in England and Wales. Registered Office; 35 Ballards Lane,London, N3 1XW, England. Registered Number 03540460. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: ...

Script for list who changed an user account

Thu, 22 Mar 2007 19:23:59 GMT

Anyone knows if there are available a script to list who account changed an user account? This information is in AD? The event ID 642 not appears for all changes, only for auditables attributes. Cheers, Guido Silva ...

OT: So that's where the wininternals stuff is going...

Thu, 22 Mar 2007 17:23:07 GMT

http://download.microsoft.com/download/e/4/4/e4442c9f-30d9-41f3-9876-82bbfc5aa4e 6/datasheet-drt.pdf SA only http://blogs.technet.com/peteralb/archive/2007/03/22/microsoft-dignostics-and-re covery-toolset-dart-5-0-has-rtm.aspx Microsoft DaRT 5.0 will be available to our Windows Client SA customers via the Microsoft Desktop Optimization Pack (MDOP) More information about MDOP at ...

Software installation Issue

Thu, 22 Mar 2007 16:43:24 GMT

I have a machine that is receiving the event ID's below and are not installing Office 2003 no matter what we try. It says that the installation source is not available but it is available and over 150 other computers can reach it with no problems. Security is correct and has not changed in over a year. Event IDs Event Type: Error Event Source: Application Management Event ...

A hotfix is available that improves the performance of programs that query Active Directory for grou

Thu, 22 Mar 2007 06:59:25 GMT

http://support.microsoft.com/?kbid=914828 A hotfix is available that improves the performance of programs that query Active Directory for group memberships in Windows Server 2003 List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx ...

Sudhir Kaushal/GIS/CSC is out of the office.

Wed, 21 Mar 2007 23:02:26 GMT

I will be out of the office starting 03/22/2007 and will not return until 03/27/2007. I will respond to your message when I return. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx ...

OT - For those who dislike Vista's excessive 'IPconfig /all' output

Wed, 21 Mar 2007 20:37:28 GMT

Per the subject line, I put this together to trim the output to something that resembles XP's 'ipconfig /all'. Hope it proves useful to someone . Regards, Dean -- Dean Wells MSEtechnology ( Tel: +1 (954) 501-4307 * Email: dwells http://msetechnology.com :: ...

Group Policy Question

Wed, 21 Mar 2007 19:52:31 GMT

Has anyone found a reliable resource that discusses the decision making process of when a GPO should create configurations that can't be read by native tools? Situation: Environment that uses third-party NTP servers for time sync. Goal: I want to configure the clients to use the NTP servers. Since the DC's are no longer advertising time sync, the clients can't use nt5ds time. They must use NTP for their time. ...

GPO for Proxy and dial up connections

Wed, 21 Mar 2007 15:42:33 GMT

Hello Can anybody shed some light on how to push the proxy setting to all connections and not just Internet explorer. In my testing with the proxy enabled and users unable to change it , they can create PPPOE or dial up connections and avoid the proxy all together. If anybody has a similar experience and can point to a solution it would be appreciated Thanks kaiser ...

DC Whole Disk Encryption

Wed, 21 Mar 2007 14:45:32 GMT

All, I have remote offices requiring AD authentication who's physical security I cannot routinely verify. Given the ease in cracking a DIT file offline, does anyone have suggestions as to the best approach to this problem? Are any whole disk encryption products (PGP comes to mind) supported when encrypting DC volumes? As always, thank you all for your insight and expertise. -James List info : ...

Re: DC Authentication

Wed, 21 Mar 2007 09:43:51 GMT

Hi, Wondering if anyone can help: At a remote site I have a Windows 2000 DC (configured as a GC and a DNS server) and an application server. When logging into the application server at this site the logon request goes to the local DC - great However when running IBM's DB2 on this application server and trying to connect to a database (still on the local server) using network credentials the authentication ...

OU

Wed, 21 Mar 2007 03:33:08 GMT

I have to reorganize the OUs for the company that I work for 1. is there any pitfalls that I should lookout for? 2. is it wise to remove computers from the computer container and not live to regret it going forward? The reason for these questions is this - I want to do a Office 2007 deployment using group policy but only to the MIS group of which there are 3 sites with MIS groups. I want to install on there computers and not to ...

Lcoked down PC - looking for ideas

Tue, 20 Mar 2007 16:28:05 GMT

One of my technicians has set a variety of local GPO and NTFS settings to lock down a machine. Now I find that I cannot use ADUC to "manage" the computer, by right clicking on the machine name inside of ADUC. When I right click on a machine and choose the manage option, as I try to expand the Event viewer and view a specific log, I get an "Access denied" error (Logging on as a domain admin) Any ideas, which settings to ...

Missing NTDS Settings Object

Tue, 20 Mar 2007 10:30:05 GMT

We have a problem whereby replication is only working in one direction between two DC�s in different sites. Basic rundown of the DC�s: DC1 � W2K3, hub site bridgehead, replication partner with DC2 DC2 � W2K3, spoke site, replication partner with DC1 (no other DC�s at this site) DC1 can�t replicate (pull) changes from DC2. DC2 can replicate (pull) changes from DC1 I found that both servers are in their correct ...

OT: VPN, SecureNat/Nat and Outlook clients not working after installing Windows Service Pack 2 in SB

Tue, 20 Mar 2007 05:11:34 GMT

Apologies for the OT ..we're seeing this the most on those Broadcom nics that have TOE enabled

Schema Extension for Cognos 8

Tue, 20 Mar 2007 00:29:52 GMT

We have a new BI app (Cognos) that wants to extend our schema in order to facilitate SSO. Like most diligent admins, we are approaching this with much fear and trepidation. ADPREP for Exchange or R2 or whatever is bad enough. A 3rd party attribute worries us quite a bit. Does anyone have Cognos in their shop? RM ...