How to change My Documents folder location for all domain users
Hi all,
I have configured Samba - PDC on ubuntu 8.04 and winXP clients. Domai
logins are working without any problem. How do i map the My Document
folder to a network drive for all users. I know you can do this if i wa
using a ADS on Windows. But, i don't have an ADS on windows but a PDC o
Linux.
Is there a tweak on winxp where i can redirect the my documents folde
to a network drive no matter which user logs into the machine.
Thanks
Avinas
--
Avinash.Ra
-----------------------------------------------------------------------
Avinash.Rao's Profile: http://forums.techarena.in/members/avinash-rao.ht
View this thread: http://forums.techarena.in/active-directory/1019091.ht
http://forums.techarena.i Tag: Event Tag: 134008
After demoting a DC (sites and services)
Hi,
I did a DCpromo today on an old box that is being removed.
In sites and services I can still see the server there (but obviously no
replication partners). The dcpromo demotion was sucessful.
Does it just take a while before it removes the object from sites and
services?
Thanks, Tag: Event Tag: 134002
Event Log
Dear All,
how we can generate an event if a active directory user cut or copy data in
domain environment.
Rgds
Nasir karim Tag: Event Tag: 134001
How can I change the font size of the log-on message text
I have used group policy to set a message text for users attempting to log on
in my Windows 2000 domain controllers. How can I change the font size to a
bigger one? I cannot find any option in the group policy setting in doing so. Tag: Event Tag: 133999
Problem with GROUP report - Domain Users ( more than 15 000 member
I have on Windows 2003 AD ( Native Domain and Forest 2003 ) problem with
report members ( for example all ba* users ) from group Domain Users.
There is more than 15 000 users in AD.
Dsget group -member or VBS ( memberof ) return empty results.
As temporary solution i'm checking all users account for primaryGroupID
atribut ( value 513 )
Is there any chance for direct report from Domain Users group ?
Marek Chladek Tag: Event Tag: 133997
Domain login problem after AD restore
Hope you guys can give me some pointers here. The client is a school and
these are the details of the issue:
The main server (â??server1â??, for staff) was derived from earlier NT4 box that
has been upgraded and moved around over the years. It had exchange 5.5 and
was then upgraded first to windows 2000, then exchange 2000. It's hard disk
has been cloned and moved into a newer server. It was once the only server,
18 months ago it was upgraded to server 2003R2, with some difficulty from
exchange 2000 failing. Its been stable for 18 months.
Server2 (for pupils) was added at some point after the first win2k server
came, and was a domain controller and global catalog with server in the
domain â??schoolâ??. All master and schema roles etc were on server1.
At the end of last term I tried to upgrade exchange to 2003. It failed due
to the domain controllers not being in sync. Looking at the system logs there
has been a problem since April 14th. In looking at the AD connector on
exchange 2000 a permissions message was returned. At this point the users
disappeared from server1, but were still ok on server2. Backups were taken
and a third server (server3) introduced, with some success. The exchange data
was moved to server2. Foolishly I then tried to upgrade the exchange here,
and guess what, the users disappeared on server2 and server3!
I then restored the AD from server2 from July 18th back to server2 (server1
had shadow copy in backup exec but no system state backup). I forcibly did a
dcpromo /remove on server1, so itâ??s a standalone as there did not seem much
point in keeping it, I regret it now. The users reappeared on server2, and
with a little more configuration it looks good, you can create new users
(there are around 200) and share folders etc. All the shares are correct. The
exchange data is however â??stuckâ?? here as the AD restore also restores the
registry, so this is another issue!
The main problems are that you cannot login to server2, even though it
claims to be a DC with all roles â?? things like netlogon, sysvol share etc are
all there. You cannot join server1 (or server3) to the domain. You cannot run
a terminal server session on it. You can login on a workstation, but it's so
slow its obviously not right (dns screams at me here?) Nslookup fails on any
other server looking at server2 as dns. If you ping server2â??s fqdn it fails
(but it's ok on server2 itself). Dcdiag and event logs show very little to
help.
Just wondering if anyone can give me some pointers. I have eliminated any
physical possibilities like NIC drivers, switching, cabling etc and am pretty
sure it's DNS (things like this always seem to be DNS!) but I am kind of
banging my head against a brick wall here. In essence, I need to get Server2
to accept logins and allow server1 (or server3) to be a AD server. Then I can
tackle the Exchange issue on server2.
Thanks a lot guys. Tag: Event Tag: 133992
keytab multiple SPN-s
How can I generate keytab file for unix service with multiple SPNs?
I don't want to produce lot of service accounts and prefer having similar
services with one service account and keytab file with multiple SPN. Tag: Event Tag: 133991
Group name not updating when accessing from Outlook Calendar
Hey,
I have a bunch of Groups in AD with various members in each. When I
open Calendar in Outlook (Office 2003) and click Share My Calendar, I'm
able to add Users or Groups. However, for some reason when I add a new
Group or edit the name of an existing group to something else, the
change is not being picked up and I'm not able to find/select this new
Group to add. I am able to edit a Group name, search for the old name,
add it and it will show the new Users that I have added to the Group,
however I really want to be able to add new Groups as well.
Any ideas?
Thanks!
--
Duracelll
------------------------------------------------------------------------
Duracelll's Profile: http://forums.techarena.in/members/duracelll.htm
View this thread: http://forums.techarena.in/active-directory/1018953.htm
http://forums.techarena.in Tag: Event Tag: 133986
Any good books/resources for ADAM and AzMan?
Hi,
What are the good books/resources to learn ADAM and AzMan?
I searched Amazon.com and I couldn't find any!
Any help would be appreciated,
Max Tag: Event Tag: 133965
Script to read Computers in AD
Hi,
I need some help with this script. I've been trying to read a file with
computer names, have it select the computer and write the Name and
Description to a file. I can get the Name and write it to a file, but I can
not seem to get the Description. Here is my code:
**********************************************
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Const ForReading = 1
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("C:\admin\Computers.txt")
Set objFS = CreateObject("Scripting.FileSystemObject")
Set objNewFile = objFS.CreateTextFile("fsoutput.txt")
Do Until objFile.AtEndOfStream
strComputer = objFile.ReadLine
objCommand.CommandText = "SELECT Name, Description FROM
'LDAP://DC=fabrikam,DC=com' " & _
"WHERE objectCategory='computer' AND Name = '" & strComputer & "'"
Set objRecordset = objCommand.Execute
If objRecordset.RecordCount = 0 Then
objNewFile.WriteLine strComputer & " does not exist."
Else
objNewFile.WriteLine strComputer & " " &
objRecordSet.Fields("Description").Value
End If
Loop
objNewFile.Close
*****************************************************
Any help is greatly appreciated. Tag: Event Tag: 133959
folder redirection error
My Setup:
Windows Server 2003R2 File Server
Active Directory Domain
I have a policy set up to redirect the user's my documents to their 'home
folder'
On the user's account properties their home folder is set to 'connect u to'
\\usd\homedirs\staff\hs\%username%' for example. So I have my user
s home folder pointing to the home folders share via dfs. The folder was
created by AD
This works perfect with windows xp my users documents are redirected no
problem.
In windows vista this is not the case. The documents are not being
redirected, in sync center there is an error
staff (\\usd\homedirs) - Access is denied.
Why would this be happening? What is different about the way vista does
folder redirection that could cause it to work in xp but not vista and
appear to be a permission issue? Tag: Event Tag: 133958
View number of objects in entire OU?
Is there a way within AD to show the number of objects within a certain OU
including sub containers? I know if I go to each subcontainer it will show
the number but I would like to be able to click the upermost OU and then be
able to set the type of objects to count and then get that total. Can this
be done? This is a 2003 native domain. Thanks! Tag: Event Tag: 133956
Filtering on a Security Group to Apply a Group policy
Instead of applying a Group Policy to an OU, what is the proper way to apply
it to just a security group of users or computers to ensure the policy is no
applied to any other computer or user. If you have a good article. I am
reading about how to apply but does it really work without affecting other
computers or users? This is because moving users or computers in and out of a
specific OU that has policy's attached to it causes custom applications to
break that are tied into Active Directory.
tina Tag: Event Tag: 133954
adfind search
using adfind what would be the best way to show a single users
attributes
adfind -default -f "(&(objectcategory=person)
(objectclass=user))" ????? Tag: Event Tag: 133952
Failed DCPROMO??
This morning to promo'd out what I believed to be a NT BDC promoted to
PDC, then upgraded to Win2000.
The demotion I guess went ok, users can log in, no calls etc . .
But when I look at our AD-DNS, the old DC is still listed as a name server.
When I look at ADSites and Services, he's still listed in my site, but
there is no NTDS listed.
If I look at Computer Mangement\Sessions there are a handful of users
connected, but no open files.
And what's the deal in Sites and Services when links aren't
automatically created? I forget. But I have a handful of links that
were manually created...
So - should I wait for my four sites to replicate for that old DC to
drop out of DNS, and sites and services or do I have a problem??
Tia,
RandyH Tag: Event Tag: 133947
Default Homepage IE6
We use the Default Domain Policy GPO that changes the default home page and
doesn't allow the end users to change it.
We now have a need to exclude 1 specific user from this policy. So I stuck
them in a new OU and told that OU to block inheritence so that we could
change the default home page.
No luck. Any suggestions on how to do this?
Mike Tag: Event Tag: 133946
Converting LastLogonTimestamp to a readable format
Hi Everyone
I have done a dump of directory attributes using csvde. One of the
attributes Im after is the lastlogontimestamp which is obviously in an
interger8 format.
How do I convert this to a normal readable date format? I don't want to run
other scripts against our AD. I would rather have a script that ran against
the export file if there is one.
I do seem to remember being able to use Excel to convert this to a readable
format but I can't seem to get this to work now.
Your help is appreciated Tag: Event Tag: 133926
Rename a DC
Hi,
I've got a DC that i wish to change the name of (I have a few other DCs
within this domain).
How would i go about this? Any issues in doing this?
Thanks, Tag: Event Tag: 133921
change a global group to a domain local group
Hello,
It is not possible to change a global group directly to a domain local group
however it is possible to change the global group into an universal group and
then change the universal group into a domain local group.
There are people that say that it is not a recommended way to do this, other
say that it is no problem.
I can imagin that there will be problems when GC's are nested in other
groups. But if the groups are not nested, what kind of issue's can I expect?
Can anyone give me some feedback or links where I can find more information
about this subject?
Kind regards,
Peter van der Laarse Tag: Event Tag: 133919
server 2000 (single domain name) to server 2008 migration + domain rename
So I have a windows 2000 domain controller with a single label domain
name.
Nobody uses it as a domain controller, just to access shares stored on
it.
but now we need to migrate it to windows 2008 and make it work like a
domain controller without loosing the user passwords and share
permissions. (all users have accounts on it, they just type their
passwords when accessing shares).
I tried to add a secondary domain controller with windows 2008 to it
and wanted to rename it later. but even after transfering all the roles
to it it didn't work.
Tried to follow this article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684
about working with single domains. But that broke my DNS server, it
won't start anymore. and doesn't start after reverting the changes
also.
dcdiag says that Global Catalog, PDC, and KDC could not be found. The
DNS zone was active directory integrated.
I do have backups, so I could try to do this again if I can find out
where did I go wrong an what precautions should I take next time.
THenks.
--
zux
------------------------------------------------------------------------
zux's Profile: http://forums.techarena.in/members/zux.htm
View this thread: http://forums.techarena.in/active-directory/1018297.htm
http://forums.techarena.in Tag: Event Tag: 133918
Documentation/Tutorial for anyone new to Active Directory
Anyone just getting started with Active Directory may find the two documents
available for download near the bottom of the page at
http://members.shaw.ca/bsanders/WindowsGeneralWeb/DomainAndActiveDirectory.htm
interesting or helpful.
Installing Windows Server 2008 and making it a Domain Controller - explains
how to configure a simple network, install Windows Server 2008 and make it a
Domain Controller for a new domain in a new forest.
Getting started with Windows 2008 Domains - explains Domain concepts and
objects plus detailed instructions setting up a "starter set" of OUs, user
accounts, groups, and GPOs, including delegation of authority within Active
Directory.
No adds, no gimmicks; just some hopefully useful information derived from
some years of experience.
Comments and suggestions are welcome!
--
Bruce Sanderson
http://members.shaw.ca/bsanders
It is perfectly useless to know the right answer to the wrong question. Tag: Event Tag: 133910
Group Policy Windows 2000 domain Security Page-Site to Zone assign
I have a Windows 2000 active directory domain and I would like to set the
following group policy settings.
Group Policy-User Configurations-Administrative Templates-Internet
Explorer-Security Page-Site to Zone assignment List
But I am unable to find this settings in the current group policy. How do I
go about it?
This setting is available in XP local policy.
Thanks Tag: Event Tag: 133909
Display the user permission on a share folder
Hi,
Is it possible to scan the share folder and report the user permission
on that folder?
I ever tried the "ShareEnum" and it only showed the domain login name.
Possible to show the User Name (from AD) instead of the login name?
thanks
huang Tag: Event Tag: 133906
1 user gets no logon server at logon attempt
I have an XP pro sp2 in an AD network. when 1 user attempts to logon to
the domain she gets no logon server available. Other users can logon that
machine. No restrictions for that PC or user. What could cause this?
corrupt profile is about all I can think of.
Carl
-- Tag: Event Tag: 133905
ADSI Get Users Groups
I have a linked server setup so that I can query Active Directory and ADAM. I
have veiws for Users and Groups, and have even written a query to return the
members of a given group. The problem is, I need to write the reverse, a sp
to return the groups a given user is a member of.
Does anyone know how to do this? Environment is SQL Server 2005, Win 2K3 R2.
Thanks,
Mark Faulcon Tag: Event Tag: 133902
Granting user right to add workstations to domain?
I have a helpdesk technician who needs to be able to add new workstations to
the domain. This person does not need domain admin rights, only this
particular right. I'm trying to make sure that he can do this without any
trouble, so I'm looking for advice on best practices? I see that I can add
him here:
Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignment
Is this the best method though? I've been reading the specifics of this in
the "Explain This Setting" tab and it's a little murky... Apparently,
Authenticated Users can add up to 10 workstations already? Didn't realize
that, but what gets me is part about who is owner of the account once it's
created?
Anyway, can somebody explain this to me, or maybe give me another
alternative?
Thanks! Tag: Event Tag: 133900
2003 DC hangs at 'applying computer settings' on reboot
I have a strange problem. 1 of 2 DCs (not the PDCe or FSMO)
rebooted/crashed yesterday and it looked like a power failure as the reason
came up unknown and there were no errors/warnings in event log. I also
checked the HP logs
as this is a Proliant server ML350. I removed the network connection and
it booted up OK- notwithstanding the expected errors. I was able to start
the sevrices manually and get the DC online. Now I am trying to find the
problem. I am leading towards a GP or DNS issue. Otherwise, the only
possible issue was
that it had been pointing to itself as the time source and not the PDCe. I
corrected that but didnt reboot yet as I am letting it run overnight.
Anything else possible with above scenario- oh, I know about the old APC
issue and we fixed that years ago.
Much regards
Cranky Tag: Event Tag: 133895
Backup/restore ADAM database
Hi,
Is there a way to backup/restore only the ADAM database (including
passwords) without backing up/restoring the system state ? (the instance may
be created manually or by a script before prior to restoring the database).
I tried to check this by backing up on machine1 and then trying to restore
it on machine2 in the most straight-forward way, but obviously this doesn't
work:
1) Backup the database files (%program files%/%instance dir%) on machine1.
2) Install an instance (manually / using a script) on machine2.
3) Copy the backup file from machine1 to machine2.
4) Stop the instance service on machine2.
5) Try to restore the database on machine2.
6) Start the instance service on machine2.
--> The service starts and then immediately stops.
Is there a way to do this? Tag: Event Tag: 133889
DHCP Server Reboots and Acts Like Domain Controller
We have a Windows 2000 DHCP controller with two scopes that was well-behaved
for about 18 months. We rebooted it today after a power outage and we got
a rude awakening when the computer refuses to reboot giving a modal dialog
on reboot that says something like:
"Directory services could not start because of the following error: the
event log is corrupted. Error status: 0xc00018e."
So what is interesting here is that this is a dedicated DHCP server and is
NOT a domain controller. The DHCP server has woken up as a domain
controller, or at least it is attempting to become one. No one ever
attempted a DCPROMO on this computer.
If you hit OK on the dialog the computer reboots.
If you attempt to boot in safe mode, the computer will not reboot and gives
the same modal error.
If you reboot in directory services recovery mode, it becomes quickly
obvious that the event viewer logs are NOT corrupted in any way. You can
wipe them clean and start them all over and it won't change the behavior in
any way.
If you scan the event logs while logged into the directory services recovery
mode, what is strange is that the Directory Services log has one message
that is an error 1473 that says something like:
"Intersite Messaging Service failed to read the configuration of the
Intersite Transports out of the Directory."
and the reason given is the computer doesn't have authority. So this
message further reinforces the idea that the DHCP server is trying to behave
similar to a domain controller.
This is the second time in six months we have lost a DHCP server to this
behavior. The first time it was a Windows 2000 DHCP server in a lab
environment. Does anyone have any insights on how a computer gets into
this strange mode and how we can reverse the behavior to recover the
computer as a member server?
--
Will Tag: Event Tag: 133886
tool to list DCs
I have a couple of XP sp2 clients who are unable to login to the domain.
They get 'there are currently no logon servers' When I login to these
machines as local admin I can see the domain and all resources- after
entering proper credentials. I was looking for a tool to run from these
machines to see what they see for logon servers for our domain
Thnaks
Arlie Tag: Event Tag: 133873
Active Directory "ignoring" Apple Macbook Pro
Recently we attempted to bind an Apple Macbook Pro to Active
directory. We accidentally named the MBP as the name of the Domain
Controller. This, of course, set in motion a week's worth of fun.
However, now that everything is fixed, this MacBook Pro is unable to
access the exchange server while on the network through MS Entourage.
It cannot be bound to the network. When attempting to do so we get an
immediate response that there is no connectivity to the domain.
However, the machine uses the network resources to browse the network,
connect to windows shares, use networked printers, and connect to the
internet. The laptop, when not connected to the network, can connect
to the Exchange server.
We have reset the computer in Active Directory, as well have having
completely rebuilt the MacBook Pro. We're at a loss as to where
Active Directory is somehow blacklisting or ignoring the machine. We
thought it might be MAC address of the network interface, so for a few
hours this morning the user was hard wired, vs wireless, and was
working, however somehow that network interface is blocked now as
well.
Please help, as the user having the issues is the VP of IT. We are at
a complete loss and tempers are starting to flare. :)
Thanks. Tag: Event Tag: 133869
2nd ldap server not authenticating in extranet
We have an LDAP server in an extranet that authenticates users for web
applications coming from multiple web servers in the same extranet. We are
trying to have another LDAP server that is in place for failover purposes. I
have this working and replication has been proven. However we have an ISAPI
filter that allows us to use two ldap servers. They have to be enter by a
tool and they have to be FQDN's . This has been done. However I can't seem to
force authentication to the fail-over in a outage scenario. The management
want an active-passive multiple ldap server setup. Not multiple
authenticating ldap servers. I have called our supplier of the ISAPI filter
they feel it is not their product and that it has something to do with my
certificates ?
Anyone got any idea's. I did not expect this to be such a headache. Tag: Event Tag: 133865
1539 warning
I am getting this on 3 new Dell 2950 domain controllers-
warning-1539
the local domain controller could not disable the software-based disk write
cache on the following disk:
hard disk:
c:
data might be log during system failures.
any reason for concern? raid-1 C:/D:, and raid-5 on remaining drives (e:).
thanks. steve Tag: Event Tag: 133860
Profile issue
I just built a latitude d531 with windows xp on it. The user logs in
and can access file on the network. When he tries to rename a file on
the network he gets access denies. I then log the user onto an inspiron
1150 and he is able to rename files on the network. I have also renamed
his profile on the d531 and logged back in but still same issue. Any
suggestions? Tag: Event Tag: 133852
Secondary DC failed
Hello,
In our small network (Windows 2003 Standard) , the secondary DC hardware
failed and we can't bring that back. Now, we are planning to bring another
box as a secondary DC. Failed DC was holding the GC, AD intergrated DNS and
Wins. Could some one advice me how to remove the failed DC from the domain
and add the new box as sencondary DC.
Any advice will be appreciated.
Thanks
--
Eric Tag: Event Tag: 133841
Ping servers that are on secondary DNS server list?
Hi,
I have a domain trust between my domain (A) and another domain (B). On
domain B I have created a secondary zone with the domain name of domain A
etc and they and the list is populated.
Now should I be able to ping ther server names that are in domain A from
Domain B?
In domain B if I type ping server1 I get no response, but if I type ping
server1.domainA.com for example it works. Is this correct or do I need to
add s DNS suffix to the users in domainB? Tag: Event Tag: 133835
Global Catalogue
I have a small network with 3 servers. 1 is a PDC and the other 2 are
members. When the PDC was last upgraded the Global Catalogue was not
replicated to the new PDC, the old PDC is now decommissioned and removed from
service. I am now receiving errors saying the Global Catalogue could not be
contacted. If I look in AD I can still see the old PDC listed and it has the
Global Catalogue ticked.
How can I move the Global Catalogue to the new PDC now that the old PDC is
no longer available. Can I just deselect this on the old and select it on
the new or is there more work involved?
Thanks in advance for any assistance you can provide. Tag: Event Tag: 133823
VBA Script execution in AD
Hi,
We have a novell 6.x enviroment. We are planning to migrate it to active
directory. Before migration i need to understand key risks and issues to
consider in terms of the migration of VBA Script execution (such as Excel
macros) into an AD security environment.
Please suggest if any known risks and issues exisit with VBA migration to AD.
Thanks, Tag: Event Tag: 133821
Secondary DNS and DC caused networking problems..
HI..
Our organization had untill yesterday just one server acting as a DNS and
DC.. Now we decided to get a new server and configure it as secondary server
for this services..
So I installed Windows Server 2003 sp2. Then I installed DNS and configured
it as a secondary DNS server, so it replicated the data from the first DNS
server succesfully...
Next I ran DCPROMO on this machine, and selected the options to make the
server a secondary DC of the existing domain.
Since then, some user started having networking problems.. for example when
trying to access the Intranet, they wer asked for user credentials.. When
running our ERP app which is based on AD authentication they were getting
connection failure and things like that... This morning all our users started
having this problems..
Only when I shut down the secondary server, all services started working
again...
Any ideas what can be happening here??
thanks.. Tag: Event Tag: 133819
Wallpaper Policy
Hi,
I intend apply a Desktop Wallpaper policy but I would like to know which
level it must be applyed.
Is it in Domain Level?
Thanks.
Luiz Tag: Event Tag: 133816
RODC deployment in DMZ,
I am in the middle of migration AD and Exchange. This environment will be AD
08 and exchange 2007 soon. The client is asking if RODC is supported in DMZ.
I am not able to locate any information so far if MS is supporting the RODC
deployment in Perimeter Network.
I am aware of a risk putting RODC in DMZ
â??The Read-only Domain Controller functionality in Windows Server 2008 (both
full installations and server core installations) offers a one-way
replication method for selected information from your internal network to the
DMZ, with limited risk towards your internal network when the box gets
compromised.â??
But Also I ran into this statement from MSFT
1. The site is not Physically Secure,
2. Need to reduce Attack surface (not replicating all password, not allowing
outbound replication from the site).
Also, Do *not* yet deploy RODC in DMZ or Internet. Microsoft will publish
detailed guidance on the DMZ deployment sometime by mid-08 ... Follow that
guidance for DMZ deployment For internet deployments - wait for a word from
Microsoft - on the guidance
http://forums.technet.microsoft.com/en-US/winserverDS/thread/e610a5d7-a198-43b3-90a7-fd33e1350cc6/
Does anyone has any experience or MS link refers to this subject, would be
greatly appreciated
Regards,
Oz
--
Oz Ozugurlu
MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
oz@SMTp25.org
http://smtp25.blogspot.com (Blog) Tag: Event Tag: 133812
Search for Vista Comp without Bitlocker Keys
Hi All,
Is there a way to search the AD for Vista Machine Objects that do not have a
bitlocker key in the AD. And is there a way to search for them and export
those that do with their key/s? Not much in the AD add in, I presume command
line maybe or scripting may be required.
Thanks much Tag: Event Tag: 133810
Access Denied (Security Filtering)
Hello all,
I have run into a bit of a stumper for me. I have a GPO that I have created
to block the Internet from some lab computers where I work. For what ever
reason thou, I cannot get them to apply. When i run the RSOP I get the error
Access Denied (Security Filtering). I have created a security group and put
the computers that I dont want access to the Internet with in the group. I
also put it in the security filtering section of the GPO. I have the loopback
processing applied.
Any ideas?
Thank you all in advance for your help and support. Tag: Event Tag: 133785
GPO to add user/group to local machine admins?
Can I configure a GPO to add a domain user or group to every local machine's
local admins group? I'm thinking that maybe I need to run a script or
something at boot to accomplish this?
I have a group that I would like to give administrative access to all
machines in my domain.
Thanks,
Mark Tag: Event Tag: 133784
Rename user login IDs
Hi,
We have a mix of Windows 2000 / Windows 2003 domains in a single forest. We
are upgrading to 2003 & expected to complete soon.
Currently the user login ID in our organization follows
<firstname><first letter of last name>
If it conflicts with any existing users, various permutation & combinations
are tried :-)
Now our management want to standardize on creating AD login IDs based on
user's employee ID.
They want it to be rolled out for exisiting users aswell, where in all their
exisiting login IDs need to be changed to their respective employee IDs.
Please let me know the best way to achieve this. Also share if there are any
best practices & field experience of this sort.
Thanks in advance!!
--
Best Regards,
Buddi Tag: Event Tag: 133783
Duplicated servers on isolated networks
Hello,
We have duplicated a few servers (using virtualization) off the live network
for testing applications.
We are looking to bring these duplicated servers online (total of 6,
including three DCs, one IIS, one terminal, one Sql server). We have
requested the network team to separate & isolate these duplicated servers on
a different vlan, but still allow a few live production workstations on the
network to be able to remote (RDP) in these duplicate machines for testing.
My concern is as follows:
What if the live and duplicate servers somehow able to communicate with each
other? What potential problem are we looking at? The servers will contain
identical names but with different IP addresses.
We are on Windows 2003 infrastructure with DNS/WINS running.
Thanks in advance,
Tnt Tag: Event Tag: 133778
Vista GPO: Disable File Sharing
Hi all,
I cannot find a GPO setting to disable File sharing of local
folders/printers and to turn off network discovery. Also, for XP there is a
setting "No computers Near me in Network Locations". is there anything for
Vista clients? I do not want people to browse the internal network.
Thank you in advance Tag: Event Tag: 133771
Request info
My situation is:
Many sites and relative subnets
1 dc for every site
1 site is the principal site for replication
Other sites replicate only with dc in the principal site (there's only
bi-directional connection between principal and secondary)
Sometimes kcc recreate connection between secondary sites
Can you help me about better confugration for sites link and dns transfer
and notifies? Tag: Event Tag: 133770
Dear,
i want to write self define event for event viewer. How it is possible.