Windows 2000 could best secure with secure Auditor.

Tutorials Win: Microsoft Windows Forum

- Previous
 - 1
 - Script or utility to export/import AD subnets? Hi all, I'm after a script or utility that will allow me to export all the subnet objects in an AD domain, and subsequently import them into another AD domain. So far I've had little success. Has anyone come across such a thing? Several hundred subnets are involved so I'd hate to have to type them all in! :) -- Peter <X-Files fan> Tag: Windows 2000 could best secure with secure Auditor. Tag: 176930
 - 2
 - Zone x-fer event 6525 "refused" error happens frequently But not always. Yes, the zone transfer permissions are set. It's actually set "To any server" I thought it was the throttling thing at first until I read that it was only on the primary DNS. This is actually a secondary zone re-sharing to other DC/DNS servers. Basically it's an AD forest and this is the child DC acting as the "representative" of that root DNS zone to the rest of the DC/DNS's in the child domain. The root admins asked us to do it this way so that they wouldn't have to maintain the zone transfer IP address list every time we add a new DC. In my case, I'm shameless I just say "To any server" just to cut down on these types of problems and to eliminate another step I have to remember when promoting a DC. So, it's a secondary of a secondary. In any event, the SOA is just fine on the root, child "representative" and all the other child DC/DNS servers. It works, they all get the zone transfers and they're all up to date, but I still get these 6525's all the time. I'm in a 2000 SP4 AD/DNS environment. I haven't really attempted to fix it because in reality it does work, but I'd like to silence these 6525's. Any ideas? Tag: Windows 2000 could best secure with secure Auditor. Tag: 176929
 - 3
 - Rearranging OU structure within a single domain? We would like to rearrange our OUs into a hieractical structure that better reflects the structure of the company and departments within as well as better organize the GPOs that are now mostly all at the root of the domain with security filtering used to control who gets what GPO. To do this, we would need to create some new OUs and put some of these new OUs above existing OUs, but the existing OUs are already near the root of the domain. Some othe existing OUs will need to be renamed with more logical names. What problems can be expected renaming and moving OUs around and what are the best ways to avoid these problems? Tag: Windows 2000 could best secure with secure Auditor. Tag: 176923
 - 4
 - DHCP setup I'm in a situation where I came on board with this company not long ago and found that they're running DHCP via sonicwall appliance. This sonicwall appliance has become unstable. I have always run DHCP on a DC and am planning on moving it to the DC. Although I've been in systems admin for a while now, I've never had to do anything like this before and wanted to put this out there for any advice I can get. I'm assumming all I've got to do is after hours disable the DHCP on the sonicwall and install DHCP in add/remove programs windows components. I would then mimic how it is set up on the sonicwall and everything should work okay from there. I know it's going to disconnect everyone for a split second and there's a chance it might change some IP addresses, but I'm wondering what will happen to the current leases? Unfortunately I don't have an environment I could effectively test this in. It's what happens to the current leases that's got me a little concerned. I don't think it would work trying to export from the sonicwall to the DC, it's probably a proprietary format. Again any comments or advice would be greatly appreciated. I know there's a right way to do this. Tag: Windows 2000 could best secure with secure Auditor. Tag: 176918
 - 5
 - Terminal Server License Servers group is not present Hello I have upgrade a active directory 2000 in active directory 2008. I executed adprep forestprep and domainprep. Next, i installed the serveur of license tse, and i noticed that the group Terminal Server License Servers was not present. So, it is impossible to finish the installation Are you idea ? Thanks Tag: Windows 2000 could best secure with secure Auditor. Tag: 176911
 - 6
 - netlogon and sysvol no share on DC Hi All, i have windows 2003 AD domain abc.com on HK , i need setup additional domain controller on new york office, i have question , when i dcpromo on net york office, the setup is success, but i browser the new york server , no create netlogon and sysvol folder for share ? i need rebuild or resetup the domain controller ? i try rebuild, but very difficult , any document for easy rebuild the foler ?? Thanks ALL rebuild for ref. -->http://support.microsoft.com/default.aspx?scid=kb;en-us;315457 Tag: Windows 2000 could best secure with secure Auditor. Tag: 176908
 - 7
 - DNS on Active Directory Hi All, i have windows 2003 AD domain abc.com on HK , i need setup additional domain controller on new york office, i have question on DNS server , when i setup the DNS on New york office is primary zone , secondary zone or Active driectory-integrated ??? if i setup to AD-integrated , when user on new york join to domain abc.com , then the domain should be synchronize the dns record. right ???? Thanks ALL Tag: Windows 2000 could best secure with secure Auditor. Tag: 176906
 - 8
 - Directory Services "McDaav Systems has launched a new website as Internet Directory. The Internet Directory will accepts links and submissions in various categories such as Arts, Science, Internet, Computer etc. McDaav Systems Directory is one of the fastest growing directory in the world. McDaav Systems provides free static link on webpages having higher pagerank(PR). Directory can be visited at: www.directory.mcdaavsystems.com www.mcdaavsystems.com Thank You Priya Jaiswal Tag: Windows 2000 could best secure with secure Auditor. Tag: 176904
 - 9
 - Terminal Server License Servers group is not present Hello I have upgrade a active directory 2000 in active directory 2008. I executed adprep forestprep and domainprep. Next, i installed the serveur of license tse, and i noticed that the group Terminal Server License Servers was not present. So, it is impossible to finish the installation Are you idea ? Thanks Tag: Windows 2000 could best secure with secure Auditor. Tag: 176901
 - 10
 - COM instantiation of gpedit not working I am trying to create a group policy on my win2k server in C++ using gpedit via COM. ::CoGetClassObject succeeds but ::CoCreateInstance fails: ::CoInitializeEx(NULL, COINIT_MULTITHREADED); std::stringstream ss; ss << "CGPO Instantiation Test Begin..." << std::endl << std::endl; //////////////////////////// CLSCTX_INPROC_SERVER ////////////////////////// { CComPtr<IClassFactory> groupPolicyObject; HRESULT hr = ::CoGetClassObject(CLSID_GroupPolicyObject, CLSCTX_INPROC_SERVER, NULL, IID_IClassFactory, (void**)&(groupPolicyObject.p)); if (SUCCEEDED(hr)) { ss << "CoGetClassObject CLSCTX_INPROC_SERVER SUCCEEDED: " << hr << std::endl; } else { ss << "CoGetClassObject CLSCTX_INPROC_SERVER FAILED: " << hr << std::endl; } } { CComPtr<IGroupPolicyObject> groupPolicyObject; HRESULT hr = ::CoCreateInstance(CLSID_GroupPolicyObject, NULL, CLSCTX_INPROC_SERVER, IID_IGroupPolicyObject, (void**)&(groupPolicyObject.p)); if (SUCCEEDED(hr)) { ss << "CoCreateInstance CLSCTX_INPROC_SERVER SUCCEEDED: " << hr << std::endl; } else { ss << "CoCreateInstance CLSCTX_INPROC_SERVER FAILED: " << hr << std::endl; } } My server is service pack 4. Anyone got any ideas? Tag: Windows 2000 could best secure with secure Auditor. Tag: 176900
 - 11
 - How to get a single Group Policy report for entire Domain? How do you get a report showing the active group policies on the domain on one screen or printout and also showing which users/ computers have each policy in effect. I only see how to get a report on a single user or computer at a time. Tag: Windows 2000 could best secure with secure Auditor. Tag: 176899
 - 12
 - Very Urgent:: lsass.exe System Error I have recieved the following msg. on the w2k3 Primary Domain controller "Security accounts manager initialization failed because of the following error: Directory Services cannot start. Error status 0xc00002e1." I appreciate the quick response. thx in advance Tag: Windows 2000 could best secure with secure Auditor. Tag: 176895
 - 13
 - Automated changing of local admin password on workstations? We want to ensure that all workstations (XP/2000) in our Active Directory environment have their local Administrator passwords set to our specified value. What would be the best way (best practice) to implement this (Logon/Startup script, GPO, SMS, etc)? Appreciate any advice. Tag: Windows 2000 could best secure with secure Auditor. Tag: 176893
 - 14
 - Adding group/user to local Admins group on all workstations? Somewhat related to my previous post, can anyone recommend how to add an AD group/user to the local administrators group for all workstations (XP/2000) in a domain? I imagine it would be via Group Policy but I welcome any suggestions. Thank you. Tag: Windows 2000 could best secure with secure Auditor. Tag: 176892
 - 15
 - How to remove an orphaned DC that doesn't exist anymore Hello, I have a couple of Domain Controllers that appear in AD that do not exist anymore. How can I remove these orphaned domain controllers from AD? Just as a side note: I will be upgrading to a 2003 AD structure after removing these orphaned domains. Thanks, Eddie Tag: Windows 2000 could best secure with secure Auditor. Tag: 176890
 - 16
 - Non-Authenticated Users unable to change their password Hello All, I am currently seeing an issue that I have not been able to chase down. If a user tries to log in & their password is due to expire within 14 days they get a prompt to change their password. if they click yes, they go to a screen where they have to put in theor existing pword & their new one. if they do this, they get a message You do not have permission to change your password. If they simply log onto their pc with their existing pword & then go to the Windows security screen ( Ctrl/Alt Del) and select Change password they are able to do so. Appears that only the non authenticated attempt to change is failing. I have verified in AD if I check the security for a user the Everyone user is listed with Change Password rights. Only on the user & computer level, NOT for the OU for either computers or users. Running a Win2k domain SP2. Using 5 DCs. Nothing has changed on the Domain in quite a while. Any thoughts? I've been out of the Windows side of things for quite a while ( Linux Admin) so forgive me if my explaination is off. Thanks, Steve Tag: Windows 2000 could best secure with secure Auditor. Tag: 176888
 - 17
 - Identifying service accounts Hi, We are looking to find out what services are running underdomain accounts across over 100 servers. I know the active migration toolkit - service account migration will do this, however it requires a "to domain" to be in place for the wizard to run, even though it is just going to report on service accounts. I don't want to create another domain, configure dns etc just to run this. Anyone know of a way round this cheers Dave Tag: Windows 2000 could best secure with secure Auditor. Tag: 176887
 - 18
 - nonauthoritative restore problem this is how i am doing nonauthoritative restore, tell me if i miss something The backup (system state) was like 3 months old. my hard drive crashes, i replace my hard drive (same drive size and letter) and installed operating system, then i restart my computer >>F8 >> directory services mode>>>ntbackup and restore system state to its otiginal location. after doing i restart the server and in normal mode, i can see my DNS and DHCP, IP configuration.as it was before but i cant see the three consoles in Administration Tools nor did any security policy, (DNS and DHCP are showing lists of user and computers but they are not giving any lease to clients now.) i recreate mmc to add a snap in and it shows Active directory users and computers.but they are not working, users cant login, and they are l,ike not providing services. i creatd a new user to test but it cant login, as there is no user on that name. i am getting no error message ...... Tag: Windows 2000 could best secure with secure Auditor. Tag: 176886
 - 19
 - Group Policy Not Working for just one user... We have a group policy configured on our network that includes a folder redirection policy. Basically it redirects everyone's My Documents folder to a central folder under their name on our server. This makes sure everything gets backed up. We've had this folder redirection in place for the past 7 years and it's worked fine. We discovered today however that one of our users My Documents folders has never been redirected. We only found this out after we formatted this particular user's computer and they ended up with no documents. Their my documents folder on the server was basically empty. Whilst we can't retrieve the data and this is no major problem I'm concerned as to why the folder redirection for this particular user has failed. The user account has been in use for I'd say the last 5 years and many users have been created since and everyone elses account redirects fine. Locally the user is a member of the Power Users group, as is everyone else. All the other group policy settings are working fine - standard desktop icons, standard start menu, standard wallpaper etc. Can anyone suggest some reasons for the issue with the my documents redirection? Thanks in advance. Tag: Windows 2000 could best secure with secure Auditor. Tag: 176884
 - 20
 - Re: active directory problems"naming information cannot be located because the logon attempt failed " In news:, shunjiWang <jaraul2008@163.com> typed: > Message-ID: <781b438693b648e5a05026c0e2b0cdbb@newspe.com> > X-Mailer: http://www.umailcampaign.com, ip log:218.4.146.157 > Newsgroups: microsoft.public.win2000.active_directory > NNTP-Posting-Host: 22.bb.5446.static.theplanet.com 70.84.187.34 > Path: TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl!newspe.com > Lines: 1 > Xref: TK2MSFTNGP01.phx.gbl > microsoft.public.win2000.active_directory:178674 > > complementary > > I use nslookup in the server,result looks right: > C:\Support Tools>NSLOOKUP > Default Server: cck.domain > Address: 172.18.1.2 > > > CCK > Server: cck.domain > Address: 172.18.1.2 > > Name: CCK.domain > Address: 172.18.1.2 > > but In the client computer,the result are: > C:\>nslookup > Default Server: cck.domain > Address: 172.18.1.2 > > > cck > Server: cck.domain > Address: 172.18.1.2 > > *** cck.domain can't find cck: Server failed > > and i am sure the client dns is right(172.18.1.2) > how can I deal with this problems!!! > > url:http://www.ureader.com/msg/13284279.aspx From the looks of the nslookup results, I believe you have a single label DNS domain name. If I am correct, this is a huge problem. But I need to see additional config information to ascertain this. Please post an unedited ipconfig /all from the server and from the client please. Also let us know what the actual AD DNS domain name is. Just some info - A single label DNS name causies resolution and DNS registration problems with Windows 2008, Windows 2003, Windows 2000, XP and Vista . They simpley cannot register into a single label DNS zones. The EventID 5781 is indicative of a single label domain name. Also, please also read the following that explains the issue and a bandaid to get around it and force all of your clients, including the DC to properly use it. But keep in mind, this should only be a temp fix until you make plans on renaming the domain to : Information about configuring Windows for domains with single-label DNS names http://support.microsoft.com/kb/300684 -- Regards, Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft MVP - Directory Services Microsoft Certified Trainer For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers. Infinite Diversities in Infinite Combinations Tag: Windows 2000 could best secure with secure Auditor. Tag: 176883
 - 21
 - active directory problems"naming information cannot be located because the logon attempt failed " this morning when i was in my company , I opened the active directory users and computers,and the server 2000 gave a info "naming information cannot be located because the logon attempt failed" . I restat the server 2000. And everything goes well. But for about 4 or 6 hours, the server gave the same info when I open ad users&computers. I have noted that in the system daily record there were some errors and warning (netlogon 5781 & w32time 54 62 64). I used dcdiag to test the server,it gave the info below: Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CCK Starting test: Connectivity ......................... CCK passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CCK Starting test: Replications ......................... CCK passed test Replications Starting test: NCSecDesc ......................... CCK passed test NCSecDesc Starting test: NetLogons ......................... CCK passed test NetLogons Starting test: Advertising ......................... CCK passed test Advertising Starting test: KnowsOfRoleHolders ......................... CCK passed test KnowsOfRoleHolders Starting test: RidManager ......................... CCK passed test RidManager Starting test: MachineAccount ......................... CCK passed test MachineAccount Starting test: Services ......................... CCK passed test Services Starting test: ObjectsReplicated ......................... CCK passed test ObjectsReplicated Starting test: frssysvol ......................... CCK passed test frssysvol Starting test: kccevent An Warning Event occured. EventID: 0x800004F1 Time Generated: 04/02/2008 08:26:51 (Event String could not be retrieved) ......................... CCK failed test kccevent Starting test: systemlog ......................... CCK passed test systemlog Running enterprise tests on : domain Starting test: Intersite ......................... domain passed test Intersite Starting test: FsmoCheck ......................... domain passed test FsmoCheck url:http://www.ureader.com/gp/1328-1.aspx Tag: Windows 2000 could best secure with secure Auditor. Tag: 176872
 - 22
 - Measuring Token Size I have been tasked with getting the exact token size for a list of user accounts. I have downloaded and tested the tokensz utility. It will provide a list of groups for a user credential but it will not provide a token size count for any credential but the one I am running it with. Are there any methods for getting the token size report with this utility without asking the users to run it for me? Tag: Windows 2000 could best secure with secure Auditor. Tag: 176871
 - 23
 - Remote Access - VPN vs. Terminal Server vs. 3rd Party Windows 2000 Small Business Server With Windows XP Pro Workstations I am to give users the ability to login remotely (e.g.: from home) and manipulate files (possibly also use software). Can any of you give me a Compare and Contrast between using VPN, Terminal Server, and/or third party software. Also, is one a requirement for the other? In case it makes a difference, there are fewer than a dozen employees and a single private domain. Web and email are off site. Thanks. Fred P.S.: Server has a single NIC (Gigabit) connected to a Linksys WiFi router (Draft 802.11n w/Gigabit, Firewall, and VPN), which is then connected to the T1 Tag: Windows 2000 could best secure with secure Auditor. Tag: 176862
 - 24
 - adprep /forestprep There is a schema conflict with Exchange 2000 Hi All, In my environment only one Windows 2000 DC is there. In this DC running Exchange 2000 Server also. Now I am installing New Windows 2003 ADC on Hardware server. Now i am facing one problem: In exiting windows 2000 DC i have running f:\i386\adprep.exe /forestprep this command: It's showing error: "Adprep was unable to extend the schema. [Status/Consequence] There is a schema conflict with Exchange 2000. The schema is not updated. [User Action] The schema conflict must be resolved before running adprep. Resolve the schema conflict, allow the change to replicate between all replication partners, and then run Adprep. For information on resolving the conflict, see Microsoft Knowledge Base article Q325379." I have read with this article Q325379 and also follow this article procedure. After that i have faced same issue. Please any one give good solution.............. Regards, Anand Tag: Windows 2000 could best secure with secure Auditor. Tag: 176860
 - 25
 - How can I report all inactive user accounts in Windows 2000 AD I need to get a list of all inactive user accounts in Windows 2000 Active Directory Tag: Windows 2000 could best secure with secure Auditor. Tag: 176832
- Next
 - 1
 - all information of computer Dear, sir. please you send all information of computer, 1) clints setups 2) backups 3) any computer information & hardware also raj dev sharma. Tag: Windows 2000 could best secure with secure Auditor. Tag: 176830
 - 2
 - Multiple Access Denied Hello! A Windows 2000 Server as a PDC with Active Directory installed. Logged in to the PDC as a domain admin I cannot access Domain Security Policy. I get Access Denied. Also, if I log on to a Windows XP Pro workstation as the same domain admin, some things I cannot do (like change the system time) even though DOMAIN\Domain Admins is in the local Administrators group. Any idea why? Thanks! Tag: Windows 2000 could best secure with secure Auditor. Tag: 176814
 - 3
 - Current time vs. Local Time, PLease help! Ok. I set my AD Server up as a Time Server for our Network. If I type in net time in command prompt I get back the Current Time at \\SERVER is Correct Time. If I go to a Workstation on my Domain and type in Net Time I get Current Time at \\SERVER is ( a hour back then correct time) and then I get a message Local Time at \\SERVER is the Correct Time. Of course the clock gets set to the Current time which is wrong because it is a hour behind and all the workstations are a hour behind. What is the difference or where is my problem.....between local and current time? Tag: Windows 2000 could best secure with secure Auditor. Tag: 176812
 - 4
 - Deny Simultaneous Logins to All Users EXCEPT Admin? Windows 2000 Small Business Server With Windows XP Pro Workstations I am using roaming profiles and folder redirections. I want to restrict individual users to only one (1) login on one PC at any given time (no simultaneous logins by any given user). However, I want the Admin users to have multiple simultaneous logins possible. Do I simply put a script (see below) in each user's login profile and omit it from the Admin users? Any caveats? Any better suggestions? e.g.: http://windowsitpro.com/articles/print.cfm?articleid=82454 Thanks. Fred Tag: Windows 2000 could best secure with secure Auditor. Tag: 176808
 - 5
 - CSVDE tool usage I have a challenge to move 300 users from being CONTACT to being a AD USER. I have exported all settings so that I can just modify the ObjectClass and OU settings and import all of the other settings into AD Windows 2000. However I have an error stating that "Constraint Violation" "A required attribute is missing". I have run export with -f filename.csv -m -r -s servername. Due to the email address not changing and it appears to have a user account in the contact file, this appears to be the issue. Is there something I am missing about this tool? I have not used this tool for many years so there could be a minor change required in order to make this change. My concern is that I can not edit the csv file, so it would be only a backup and recovery to the same everything. If this is the case, does anyone else have an idea to complete this change without keying in every user? -- Bill Rowland MCSA MCSE 2000 Tag: Windows 2000 could best secure with secure Auditor. Tag: 176801
 - 6
 - Problem with DC browsing another DC... We have a small network with 4 x Win2000 Servers using Active Directory. All servers have been promoted to be Domain Controllers. I just built the last box to replace one of the older servers, and I have a problem with it. It wont browse into one of the other servers on the network - and - the same server cannot browse into the new server! Both of these servers can browse to all of the other servers on the LAN. Here is some info from the new box: Windows 2000 IP Configuration Host Name . . . . . . . . . . . . : VPN-Server Primary DNS Suffix . . . . . . . : xx.yyy.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : xx.yyy.com yyy.com Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop Adapter Physical Address. . . . . . . . . : 00-0E-0C-74-9B-13 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.1.9 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.9 Primary WINS Server . . . . . . . : 192.168.1.6 Secondary WINS Server . . . . . . : 192.168.1.3 DCDIAG: Error: No record of File Replication System, SYSVOL started. The Active Directory may be prevented from starting. ......................... VPN-SERVER passed test frssysvol NETDIAG When I run this, all I get is a line of dots ................................................ and it hangs. I let it sit for 4 hours - no change. <sigh> What the HECK is going on! All assistance greatly appreciated! :) Tag: Windows 2000 could best secure with secure Auditor. Tag: 176800
 - 7
 - Roaming Profiles and Redirected Folders Inconsistent I'm Running Windows 2000 Small Business Server as a PDC/DC/AD, DNS, and Terminal Server with a Windows 2003 Server running DHCP, DNS, and File Server. Clients are Windows XP Pro. On the W2K SBS, I set the default policy to include folder redirection of the users' "My Documents", etc. folders. In AD, I set the users profiles to be redirected (different path, same server, W2K3) as well. The redirection is not working consistently. I've had cases where a user logs in from one computer and their folders are redirected. The same user goes to another computer and logs in - the folders are NOT redirected. It is "hit and miss" as to whether the folders/profiles are redirected or not. What should I check to diagnose and fix these problems? What needs to be changed? Tag: Windows 2000 could best secure with secure Auditor. Tag: 176797
 - 8
 - FYI: Remote Server Administration Tools (RSAT) available for Windows Vista SP1 This is a multi-part message in MIME format. ------=_NextPart_000_004E_01C88ECD.4DBB75B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable FYI: Remote Server Administration Tools (RSAT) available for Windows = Vista SP1 see: http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/remote-server-adm= inistration-tools-rsat-adminpak-for-windows-vista-sp1.aspx --=20 Cheers,=20 (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Windows Server - Directory Services BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx -------------------------------------------------------------------------= ----------------- * How to ask a question --> http://support.microsoft.com/?id=3D555375 -------------------------------------------------------------------------= ----------------- * This posting is provided "AS IS" with no warranties and confers no = rights!=20 * Always test before implementing! -------------------------------------------------------------------------= ----------------- ################################################# ################################################# -------------------------------------------------------------------------= ----------------- ------=_NextPart_000_004E_01C88ECD.4DBB75B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.6001.18000" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV> FYI: Remote Server Administration Tools (RSAT) available for Windows = Vista=20 SP1 see:</DIV> <DIV><A=20 href=3D"http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/remote-se= rver-administration-tools-rsat-adminpak-for-windows-vista-sp1.aspx">http:= //blogs.dirteam.com/blogs/jorge/archive/2008/03/26/remote-server-administ= ration-tools-rsat-adminpak-for-windows-vista-sp1.aspx</A></DIV><FO= NT=20 face=3DVerdana size=3D2> <DIV> -- Cheers, (HOPEFULLY THIS INFORMATION HELPS = YOU!)</DIV> <DIV> </DIV> <DIV># Jorge de Almeida Pinto # MVP Windows Server - Directory = Services</DIV> <DIV> </DIV> <DIV>BLOG (WEB-BASED)--> <A=20 href=3D"http://blogs.dirteam.com/blogs/jorge/default.aspx">http://blogs.d= irteam.com/blogs/jorge/default.aspx</A> BLOG=20 (RSS-FEEDS)--> <A=20 href=3D"http://blogs.dirteam.com/blogs/jorge/rss.aspx">http://blogs.dirte= am.com/blogs/jorge/rss.aspx</A> --------------------------------------= ---------------------------------------------------- *=20 How to ask a question --> <A=20 href=3D"http://support.microsoft.com/?id=3D555375">http://support.microso= ft.com/?id=3D555375</A> ----------------------------------------------= -------------------------------------------- *=20 This posting is provided "AS IS" with no warranties and confers no = rights! *=20 Always test before=20 implementing! --------------------------------------------------------= ---------------------------------- ###################################= ############## ################################################# --= -------------------------------------------------------------------------= ---------------</DIV></BODY></HTML> ------=_NextPart_000_004E_01C88ECD.4DBB75B0-- Tag: Windows 2000 could best secure with secure Auditor. Tag: 176790
 - 9
 - Active Directory Specialist position available in Gaithersburg MD Hi My name is Firdosh Bhathena and I am a Technical Recruiter with Altek Information Technology Inc. We are looking for acandidate to fill the Active Directory Specialist position in Gaithersburg MD for our client Marriott International This is a long term contract position working for one of our direct clients. Attached is the job description for your reference ,please review the job description and let me know if you are interested . Job Description: *****WE ARE LOOKING FOR AN ENGINEER AS THIS POSITION IS NOT GEARED TOWARDS AN ADMINISTRATOR***** Experience: -Significant experience Administering Active Directory, with very large, multi-domained networks. -Significant experience Programming custom Maintenance/Migration/ Disaster Recovery Scripts and Tools for Active Directory. Core Skills: -VBScript (core language) -ADSI (Active Directory Services Interface, the primary API) -Automation of windows 2000 AD functions (user populations, group/ domain maintenance, bulk loading, DR) -Exchange (Scripting, troubleshooting, integration) -Knowledge of Meta directory structure and JNDI scripting -LDAP protocol (operations and syntax) (Non-proprietary protocol) Kerberos (Architecture, understanding) Please call me when you can to discuss this position in further details and email me a word copy of your resume at the earliest . Thanks Firdosh Bhathena Technical Recruiter ALTEK Information Technology, Inc. Main Number: 301-695-4440, Ext: 108 Cell Phone: 240-447-7742 Fax: 301-695-9390 Email: fbhathena@al-tekinc.com Website: http://al-tekinc.com "ALTEK is a WBENC Certified Women Owned Firm" Tag: Windows 2000 could best secure with secure Auditor. Tag: 176789
 - 10
 - List AD attributes? How would i export all avilable attributes (be they populated or not) for a user object? I can view them by scrolling through an accounts properties in ADSI Edit, but i'd like to have them in a single list i can view and make notations on. Even better would be a link that lists all the attributes along with an explanation for each one. ..But i'm not greedy, i'll settle for only the list at this point. Thanks in advance. Tag: Windows 2000 could best secure with secure Auditor. Tag: 176787
 - 11
 - export a list of all users including the value of the "pager" field Hi everyone, I want to export a list of all users including the value of the "pager" field, so that I can edit it with Excel for example. Does anyone know how to? Ithink it can be done with an LDAP query? Many thanks, Remco. Tag: Windows 2000 could best secure with secure Auditor. Tag: 176786
 - 12
 - moving accounts retaining SID Is there a way to preserve the SID to user and computer accounts? What i wish to attempt is to dismantle a domain then to recreate it as a child domain in another forest. However, there is mission critical software that is sensitive to the SID of an account in relation to an extensive SQL database. I dont want to orphan several hundred account refences within that database for the loss of the SID. The domain is currently Server 2000 and will be joined under 2003. Because its 2000 the option to rename/reasign it itsnt there. Id like to export the accounts with the SID and import them once the domain is restored while retaining the original SID's. Thanks in advance Eric Twing Tag: Windows 2000 could best secure with secure Auditor. Tag: 176778
 - 13
 - HELP - Cannot add DC to existing domain... I'm trying to add a secondary DC to my existing domain. The existing DC is running W2k Server with SP4 and all patches. The new server is running W2003 Server R2 Standard edition with SP2 and all patches. I have successfully run adprep /forestprep and adprep /domainprep on my W2K server but I still am getting an error message that the forest is NOT prepared!!! Error message: "The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep command-line tool to prepare both the forest and the domain. For more information about using the Adprep, see Active Directory Help. The version of the Active Directory schema of the source forest is not compatible with the version of the Active Directory on this computer." Any ideas what might be the issue here? Thanks, /Adde -- fantamejthisisgoodvarjedag Tag: Windows 2000 could best secure with secure Auditor. Tag: 176775
 - 14
 - GPO is not reflacting to client machine HI I have created GPO which is appied to OU for logon script. the logon script is appied under computer configuration. but it is not loading on client machine. also the OU created is new for local machine please help Thanks Tag: Windows 2000 could best secure with secure Auditor. Tag: 176761
 - 15
 - parent child user hi all, Any one plz help me regarding.... I intend to create a parent-child scenerio in my organisation. as parent.com , child1.parent.com , child2.parent.com. Is it possible to login the users across these all three domain or not???? As per the MS docs the users in this scenerio can authenticate to any domain cause two way transitive trust exist in this scenerio by default..... But in my test scenerio it is not working plz help me....... Tag: Windows 2000 could best secure with secure Auditor. Tag: 176758
 - 16
 - Win 2000 Folder Move Restictions and Delete Questions Hello, I have a customer who is becoming impossible to work with. She's requesting things I've never had to deal with before. The first is: She wants everyone (5 users) to read, access and update files and folders that they would normally would given their access rights on the shares etc.. She wants to be the only one to have the ability to move folders from one directory to another for fear of a user moving things and not knowing where it went. Is this possible??? The other thing is, she wants to know if a file or folder deleted from a network drive (from a mapped drive on the users PC) could go into a recycle bin or be retrieved in any way. Sorry if these are dim witted, but I've really never been asked to do these things. Any help or suggestions would be greatly appreciated. Thank you, George Tag: Windows 2000 could best secure with secure Auditor. Tag: 176757
 - 17
 - Domain name on install I'm finally moving my NT 4.0 SBS to Windows 2003. We have a small network with one internal domain "NTDOMAIN" (not ntdomain.anything). I have DNS running on a Windows 2000 server. I'm a little confused as to what i'm going to end up with when I switch us to the Windows 2003 Server. Because the SBS server hardware will not handle an upgrade, i'm going to install NT 4.0 server on a new box and upgrade it to Windows 2003 and retire the SBS server. I'm walking through the steps of the install to ensure i have all my ducks in a row prior to the install. When i get to installing AD I understand it will ask me to create a new domain (Domain in a new forest).. 1. will it use "NTDOMAIN" at this point? 2. When it asks me to type full DNS name of the domain. do I use ntdomain.loc (we don't have a registered name and have no need for one) 3. Can i change my domain to something else "newdomainname.loc" at any point or am i stuck with NTDOMAIN.loc? appreciate any help... not very good with domain name stuff. Diane Tag: Windows 2000 could best secure with secure Auditor. Tag: 176748
 - 18
 - How to transfer AD between domains... I have a box running Windows Server 2000 that is part of an old domain setup. I would need to transfer all the user accounts in the AD to the new Windows 2003 Server setup in a different domain. How do I accomplish that? Thanks, /Adde -- fantamejthisisgoodvarjedag Tag: Windows 2000 could best secure with secure Auditor. Tag: 176738
 - 19
 - AD global catalog server query delay in application. Greetings to all, I have a question that is perplexing me (novice) Please help :-) I am basically looking for direction or specifics. Our organization has a vendor's server which needs to query group policy information from AD in order for it to work with documents. If a user is accessing a document at a remote location (say America) the query takes 20 seconds which has to complete before they can view the document. Many test have been performed to rule out the network (so it seems :-) My question is based on AD querying remote locations for group information what would be the best approach at isolating this issue or is there a known issue within AD query? The servers are windows 2003. Could it be based on user access to the global catalog? (someone mentioned that it worked fine under the pre-windows2000domain admin group - but this isn't from a good source so it may be suspect) If so we don't want to give an outside vendor that kind of power so maybe we can create a special group? I know I don't have all the details listed but based on this limited information what would you suggest? I would greatly appreciate any and all responses. Thank you in advanced. Tag: Windows 2000 could best secure with secure Auditor. Tag: 176731
 - 20
 - Shutdown computer using GPO HI I am looking for soultion to Shutdown Domain computer after Hour by using GPO Plese help TP Tag: Windows 2000 could best secure with secure Auditor. Tag: 176724
 - 21
 - AD replication problem with removed DC This is a multi-part message in MIME format. ------=_NextPart_000_0006_01C88624.20BAB230 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: quoted-printable Hi All We recently have a DC which failed to operate normally and unable to = demote normally. Therefore I follow the steps show in = http://support.microsoft.com/?id=3D216498 to remove all its relevant = data from the AD. Everything seems working fine except the following = replication errors being logged periodically. I remember before the = failed DC was removed from my DNS server manually, the address = 41991cc7-779a-4d4c-9137-17bed1fcb075 is referring to the removed DC. I = have tried to look through our AD everywhere with adsiedit but failed to = locate the above anywhere. I also removed all the relevant failed DC = records with Active Directory Sites and Services. Does anyone have any = ideas where else should I look to have this replication task completely = removed. Normal replications can be done between all DCs.=20 Hope someone can help me with this. Event Type: Warning Event Source: NTDS Replication Event Category: (5) Event ID: 1085 Date: 3/12/2008 Time: 4:56:43 PM User: Everyone Computer: AX-DC01 Description: Replication warning: The directory replication agent (DRA) couldn't = synchronize partition DC=3Dmydomain,DC=3Dcom with partition on directory = server 41991cc7-779a-4d4c-9137-17bed1fcb075._msdcs.mydomain.com. The error was:=20 The DSA operation is unable to proceed because of a DNS lookup failure. Please verify that the address can be resolved with DNS, and that it is = reachable via the transport. If this error persists, the KCC will = reconfigure the links around this server.=20 The record data is the status code.=20 =20 =20 Event Type: Warning Event Source: NTDS Replication Event Category: (5) Event ID: 1061 Date: 3/12/2008 Time: 4:56:43 PM User: Everyone Computer: AX-DC01 Description: Internal error: The directory replication agent (DRA) call returned = error 8524.=20 =20 =20 =20 ------=_NextPart_000_0006_01C88624.20BAB230 Content-Type: text/html; charset="big5" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dbig5"> <META content=3D"MSHTML 6.00.6000.16609" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV> <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Hi All <FONT=20 face=3DTahoma color=3D#000080 size=3D2>  <FONT=20 face=3DTahoma color=3D#000080 size=3D2>We recently have a DC which = failed to operate=20 normally and unable to demote normally.  Therefore I follow the = steps show=20 in <A=20 href=3D"http://support.microsoft.com/?id=3D216498">http://support.microso= ft.com/?id=3D216498</A> to=20 remove all its relevant data from the AD.  Everything seems working = fine=20 except the following replication errors being logged=20 periodically.   I remember before the failed DC was = removed from=20 my DNS server manually, the address 41991cc7-779a-4d4c-9137-17bed1fcb075 = is=20 referring to the removed DC.  I have tried to look through our=20 AD everywhere with adsiedit but failed to locate the above=20 anywhere.    I also removed all the relevant failed DC = records=20 with Active Directory Sites and Services.  Does anyone have any = ideas where=20 else should I look to have this replication task completely = removed.  =20 Normal replications can be done between all = DCs.  <FONT=20 face=3DTahoma color=3D#000080 size=3D2>  <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Hope someone can help me with=20 this. <FONT=20 face=3DTahoma color=3D#000080 size=3D2>  <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Event Type: = Warning <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Event Source: NTDS=20 Replication <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Event Category: = (5) <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Event ID: 1085 <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Date: =20 3/12/2008 <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Time: =20 4:56:43 PM <FONT=20 face=3DTahoma color=3D#000080 size=3D2>User: =20 Everyone <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Computer: = AX-DC01 <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Description: <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Replication warning: The = directory replication=20 agent (DRA) couldn't synchronize partition DC=3Dmydomain,DC=3Dcom with = partition on=20 directory server=20 41991cc7-779a-4d4c-9137-17bed1fcb075._msdcs.mydomain.com.</= P> <SPAN=20 style=3D"mso-spacerun: yes">  <FONT=20 size=3D2><SPAN=20 style=3D"mso-spacerun: yes"> The error was:=20 <FONT=20 size=3D2><SPAN=20 style=3D"mso-spacerun: yes"> The DSA operation is unable to = proceed=20 because of a DNS lookup failure. <SPAN=20 style=3D"mso-spacerun: yes">  <FONT=20 size=3D2><SPAN=20 style=3D"mso-spacerun: yes"> Please verify that the address = can be=20 resolved with DNS, and that it is reachable via the transport.<SPAN=20 style=3D"mso-spacerun: yes">  If this error persists, the = KCC will=20 reconfigure the links around this server. = <FONT=20 size=3D2><SPAN=20 style=3D"mso-spacerun: yes"> The record data is the status = code.=20 <SPAN=20 lang=3DEN-US><?xml:namespace prefix =3D o ns =3D=20 "urn:schemas-microsoft-com:office:office" /><o:p> </o:p> <o:p><FONT=20 face=3DTahoma color=3D#000080 size=3D2> </o:p> <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Event Type: = Warning <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Event Source: NTDS=20 Replication <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Event Category: = (5) <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Event ID: 1061 <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Date: =20 3/12/2008 <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Time: =20 4:56:43 PM <FONT=20 face=3DTahoma color=3D#000080 size=3D2>User: =20 Everyone <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Computer: = AX-DC01 <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Description: <FONT=20 face=3DTahoma color=3D#000080 size=3D2>Internal error: The directory = replication agent=20 (DRA) call returned error 8524. <o:p><FONT=20 face=3DTahoma color=3D#000080 size=3D2> </o:p> <o:p><FONT=20 face=3DTahoma color=3D#000080 size=3D2> </o:p> <o:p><FONT=20 face=3DTahoma color=3D#000080=20 size=3D2> </o:p></DIV></BODY></HTML> ------=_NextPart_000_0006_01C88624.20BAB230-- Tag: Windows 2000 could best secure with secure Auditor. Tag: 176717
 - 22
 - Testing - Can Administrator login as a user without the user's password? I'm reconfiguring and setting back up a domain. I want to test configuration changes across the board and want to confirm changes made in System Policies, User Policies, and Active Directory. I want to know if I can login as a particular user or several users (I am primary Administrator) on clients without having their passwords and without resetting their passwords also? Roaming profiles, etc. seem to work okay on some users accounts but not on others. I'm thinking I need to check Control Panel > System > Advanced and see if the user is set to roam, etc. on each client PC. Yes? No? I want to fix AND TEST after hours so when employees return in the morning everything is smooth as silk. Besides the Profile settings in Control Panel and possibly some folder permission issues, is there anything else that would cause inconsistent implementation of otherwise universal Policy and AD settings? DC, DNS1, TS: Windows Server 2000 Small Business Server DNS2, FS: Windows Server 2003 Clients: Windows XP Professional *Servers & clients have recent service packs and patches. Thanks much, Fred Tag: Windows 2000 could best secure with secure Auditor. Tag: 176715
 - 23
 - LDAP Query Question This question is in reguards to how AD responds to an LDAP Authentication Request coming from a non-Microsoft RADIUS server. What I need to know is if AD returns the password from a LDAP authentication request in MS_CHAP_v2 format or is it in Clear Text ? We are trying to configure several devices for a secure wireless signon. On the client side is a Windows XP Pro SP2 laptop using the Windows Zero Config service. 802.1x authentication WPA/TKIP and EAP-PEAP/MS_CHAP_V2 manually sign-on RADIUS server (Juniper SBR 6.0.1) acceptes the requests without a problem. But when it tryies to authenticate the MS_CHAP it fails everytime. So I'm wondering is what is AD sending back to RADIUS. Any help would be great. Thank you Tag: Windows 2000 could best secure with secure Auditor. Tag: 176703
 - 24
 - how to add ( windows firewall policy) to group policy I have Active directory 2000 ( windows 2000 advanced sever SP4) and have worksations run by Windows XP SP2 . so I want to add policy to the group policy of Active directory . Please help me . Tag: Windows 2000 could best secure with secure Auditor. Tag: 176702
 - 25
 - User login creation issue I'm running into issues where I'm trying to create a new user and the login id already exists. I haven't been at this company very long and maybe there was a good reason why they adopted the idea of making the user login id to be their initials, but it's very cumbersome. Is there any way to query active directory by the login ID to be able to determine who is using that login and to delete the user if it's disabled? Tag: Windows 2000 could best secure with secure Auditor. Tag: 176701

Windows 2000 could best secure with a new suite of software Secure
Auditor which is capable of performing auditing, event log viewing,
windows password auditing, port scanning, windows inventory and asset
management, ftp brute force attack, http brute force attack etc. Check
it out from

http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button

Secure Auditor is also capable of performing audit on Oracle, MSSQL
and Cisco routers. It also provides around 30 embedded security tools.
You know what is the best thing about Secure Auditor? It provides
complete specification and solution of identified vulnerabilities.
Just check it out!

Top