Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

November 2005 - Posts

Who says snow = fun?!!?!?! ()#&#*

Imagine this... You are sick at home (because of a heavy cold and almost fever)... It's friday morning...sleeping like a baby... suddendly your girlfriend wakes you and you THINK as shitty as you feel that moment "WTF &*^&*%&*%&* are you Read More...
Posted Friday, November 25, 2005 4:39 PM by Jorge | 4 Comments
Filed under:

How to move a DC to another site?

In this case you need to change the IP of a DC and move it to another AD site --> Assuming it only has the DC/GC role.... <-- (steps with a @ are not mandatory but is just a safe measure as I have seen some occasions where those steps were needed...) Read More...
Posted Friday, November 25, 2005 9:49 AM by Jorge | 2 Comments
Filed under:

How to determine on what DC a password was changed for a user?

If account management is enabled and set for success, when changing a password you can look for event IDs 627, 628 or 642. The DC that registers on or more of these event IDs for a certain account is the DC where the change occured. Event ID 627 with Read More...
Posted Thursday, November 24, 2005 10:08 PM by Jorge | 1 Comments
Filed under:

Confidential attributes

Tomek has written some interesting information about confidential attributes... Check it out at: http://blogs.dirteam.com/blogs/tomek/archive/2005/11/21/confidential_bit.aspx Cheers Jorge Read More...
Posted Thursday, November 24, 2005 4:55 PM by Jorge | 0 Comments
Filed under:

How to distribute DHCP scopes among multiple DHCP servers?

For distributing scopes among multiple DHCP servers two well known rules are available. Google for (only the text before the =): 50/50 dhcp = (central setup) and 80/20 dhcp = (local and remote setup) You should make sure only one DHCP servers leases a Read More...
Posted Thursday, November 24, 2005 3:56 PM by Jorge | 0 Comments
Filed under:

What happens when the disconnection of a DC exceeds the Tombstone Lifetime?

DCs protect themselves against Lingering Objects in 2 ways: (1) By implementing strict replication (2) By isolating DCs that have NOT replicated with other DCs for more than the tombstone lifetime AD (1) When an object is created on some DC that object Read More...
Posted Thursday, November 24, 2005 3:47 PM by Jorge | 0 Comments
Filed under:

How to determine logged on users and/or limiting the number of loggins?

Check out LimitLogon from MS. It only works in a W2K3 AD as it needs a separate app partition for its data. It also extends the schema and as the Resource Kit tools it is not supported by MS For more info see: http://www.thincomputing.net/newsitem296.html Read More...
Posted Thursday, November 24, 2005 3:43 PM by Jorge | 1 Comments
Filed under:

How to restore the default GPOs in AD?

With the GPMC you can backup and restore GPOs. Don't forget if you restore a GPO it still needs to get replicated to the other DCs. To reset the Default Domain GPO and/or the Default Domain Controllers GPO tooling is available for windows 2000 and windows Read More...
Posted Thursday, November 24, 2005 3:41 PM by Jorge | 0 Comments
Filed under:

How to find users in AD with dial-in configuration?

Go to www.joeware.net and download ADFIND (=free) To find users within a certain OU that have dial-in = allowed run: AdFind.exe -b "OU=<yourOU>,OU=<yourOU>,DC=<domain>,DC=<tld>" -f "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))" Read More...
Posted Thursday, November 24, 2005 3:36 PM by Jorge | 0 Comments
Filed under:

Considering a domain rename?

For starters, a domain rename is only possible when your forest is at Forest Functional Level Windows Server 2003 and if it contains Exchange, only Exchange 2003 server WITH SP1 are supported! All other situations do not allow or support domain rename! Read More...
Posted Thursday, November 24, 2005 3:54 PM by Jorge | 5 Comments
Filed under:

Connecting the test environment to the production - what is your opinion?

As many of you already have done it, or are doing it right now, or better yet are still thinking about it! What? Well, migrating to Windows Server 2003 with AD. When planning migration, on of the important is topics is thinking about the test environment Read More...
Posted Thursday, November 24, 2005 1:39 PM by Jorge | 2 Comments
Filed under:

How to configure the PDC FSMO in the forest root domain to sync time?

The time service on the forest root domain PDC emulator FSMO holder can be configured to point to an external NTP time source or it can be configured to use its own internal hardware clock. (1) configuring the forest root domain PDC FSMO to use an another Read More...
Posted Sunday, November 20, 2005 1:48 AM by Jorge | 6 Comments
Filed under:

What needs to be done additionaly when disabling a mailbox enabled user account?

When using the Associated External Account (AEA) in an account forest and resource forest scenario the account in the resource forest that is mailbox enabled is AD disabled and the account in the account forest is assigned the AEA right on the mailbox. Read More...
Posted Sunday, November 20, 2005 1:27 AM by Jorge | 0 Comments
Filed under:

Considerations when creating an AD Test environment - Part 2

When you are part of an AD forest and being in one of the child domains, it may also be important you keep track of forest wide update made by the forest root domain owners/admins. For this to work those owners/admins should notify you when changes occur Read More...
Posted Sunday, November 20, 2005 1:18 AM by Jorge | 2 Comments
Filed under:

What information is available when UPGRADING from W2K/E2K to W2K3 (R2)/E2K3?

The following articles will helps you in your migration from W2K/E2K to W2K3 (R2)/E2K3 and especially when doing an in-place upgrade of the domain: * MS-KBQ314649_W2K3 ADPREP Command Causes Mangled Attributes in W2K Forests That Contain E2K Servers ( Read More...
Posted Sunday, November 20, 2005 1:41 AM by Jorge | 0 Comments
Filed under:

Renaming W2K3 DCs

As you may know with W2K it was not possible to rename a DC, besides demoting the DC, renaming the server and promoting it back to a DC. With W2K3 it is possible to rename a DC and two different options exist: (1) In all DFLs: you can use the Control Read More...
Posted Sunday, November 20, 2005 1:32 AM by Jorge | 0 Comments
Filed under:

Considerations when creating an AD Test environment - Part 1

When thinking about a testlab using a virtual environment you might be bitten by 2 different issues: (1) USN rollbacks (2) Time between replication cycle before the snapshot and the replication cycle after starting the VMs again (1) USN rollbacks.... Read More...
Posted Sunday, November 20, 2005 12:26 AM by Jorge | 0 Comments
Filed under:

Duplicating FSRM quota and file screen templates and settings to multiple servers

With R2 Microsoft introduces, amongst others, the File Server Resource Manager (FSRM). With that MMC you define, configure and manage quotas and file screens. On a R2 server with the FSRM installed you can configure the following: * FSRM Global Options Read More...
Posted Saturday, November 19, 2005 4:06 PM by Jorge | 0 Comments
Filed under:

Script to set/clear INHERITANCE flag on AD objects

I have seen several questions regarding setting the inheritance flag on AD objects. Possible reasons were: * Inheritance was disabled on sub OUs for some reason * Inheritance was disabled on CUSTOM users or groups that previously were members of default Read More...
Posted Wednesday, November 16, 2005 11:10 PM by Jorge | 12 Comments
Filed under:

Microsoft Product Licensing Advisor

The Microsoft Product Licensing Advisor (MPLA) is an easy-to-use online tool that helps you find and select Microsoft products, find the right Volume Licensing program, and determine estimated retail pricing (ERP) based on your software needs. Read more Read More...
Posted Tuesday, November 15, 2005 10:05 PM by Jorge | 0 Comments
Filed under:

Configuring the NICs ("Load Balanced" or "Fault Tolerant") on your DCs

Most servers bought at this moment have two NICs. With that you have three possibilities of configuration and use: (1) Configure the NICs on the server as a "load balanced" team This is used to distribute network traffic accross NICs to acchieve maximum Read More...
Posted Tuesday, November 15, 2005 10:55 AM by Jorge | 0 Comments
Filed under:

It works on physical hardware and it does not in VMware virtualization software

Have you ever been in the situation where you had to make a choice which Virtual Software to use for your own Infrastructure? I can imagine yes, because at this moment you can choose between a Microsoft solution and an EMC VMware solution. One of the Read More...
Posted Monday, November 14, 2005 2:53 PM by Jorge | 22 Comments
Filed under:

Well this is the first personal post!

Hello Everyone! Well... as you can see I have started my own blog and this is the first post on it. Interested how this started? (Actually.. the first post was a TEST message to see how it looks, but Carlos wasn't happy with that...[<:o)]) After "meeting" Read More...
Posted Tuesday, November 08, 2005 9:28 PM by Jorge | 4 Comments
Filed under: