Search Results

Search found 2908 results on 117 pages for 'ad hock'.

Page 38/117 | < Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >

  • What's the best way to do user profile/folder redirect/home directory archiving?

    - by tpederson
    My company is in dire need of a redesign around how we handle user account administration. I've been tasked with automating the process. The end goal is to have the whole works triggered by the business, and IT only looking in when there's an error reported. The interim phase is going to be semi-manual. That is a level 2 tech inputs the user's info and supervises the process. The current hurdle I'm facing is user profile archiving. Our security team requires us to archive the profile directories for any terminated user for 60 days in case the legal team requires access to their files. Our AD is as much a mess as everything else, so there are some users with home directories and some with profiles. Anyone who has a profile dir in AD also has a good deal of their profile redirected to our file servers over DFS. In order to complete the process manually you find the user in AD, disable them, find their home/profile dir, go there and take ownership, create an archive folder, move all their files over, then delete the old dir. Some users have many many gigs of nonsense and this can take quite some time. Even automated the process would not be a quick one. I'm thinking that I need to have a client side C# GUI for the quick stuff and some server side batch script or console app to offload this long running process. I have a batch script that works decently using takeown and robocopy, but I wonder if a C# console app would do a better job. So, my question at long last is, what do you think is the best way to handle this? I can't imagine this is a unique problem, how do other admins get this done? The last place I worked was easily 10x larger than the place I'm in now. If we would have been doing this manual crap there, they'd have needed a team of at least 30 full time workers to keep up. I have decent skills in C#.net and batch scripting, but am a quick study and I have used most every language once or twice. Thank you for reading this and I look forward to seeing what imaginative solutions you all can come up with.

    Read the article

  • VPN trace route

    - by Jake
    I am inside an Active Directory (AD) domain and trying to trace route to another AD domain at a remote site, but supposedly connected by VPN in between. the local domain can be accessed at 192.168.3.x and the remote location 192.168.2.x. When I do a tracert, I am suprised to see that the results did not show the intermediate ISP nodes. If I used the public IP of the remote location, then a normal tracert going through every intermediate node would show. 1 <1 ms <1 ms <1 ms 192.168.3.1 2 1 ms <1 ms <1 ms 192.168.3.254 3 7 ms 7 ms 7 ms 212.31.2xx.xx 4 197 ms 201 ms 196 ms 62.6.1.2xx 5 201 ms 201 ms 210 ms vacc27.norwich.vpn-acc.bt.net [62.6.192.87] 6 209 ms 209 ms 209 ms 81.146.xxx.xx 7 209 ms 209 ms 209 ms COMPANYDOMAIN [192.168.2.6] Can someone explain how does this VPN tunnelling works? Does this mean VPN is technically faster than without?

    Read the article

  • Windows 2008 Domain Controller - Backup (BDC) to Primary (PDC)

    - by Klaptrap
    I have created a new domain controller with my single domain forest. I have also made it DHCP and DNS ready - all 3 services have synchronised with the existing W2K8 domain controller. I even migrated the FSMO roles and thought everything was fine. Indeed all machines on network appear to obtain DHCP and DNS from new server and the AD is working on the new server as my internal website uses it for login authentication. I have just noticed, via BgInfo - Sys Internals - that the new server is showing as "backup" and the old as "primary" - I thought I had already achieved this. Have the FSMO roles swapped back - as I have yet to have removed the old server from AD (dcpromo). Do I need to do anything before I run dcpromo on the old server? Any thoughts appreciated....

    Read the article

  • Gotomeeting MSI needs elevated privs?

    - by DrZaiusApeLord
    Typically I can deploy MSIs with no issue, but the Gotomeeting one refuses to install. SCE lists it as pending and AD just attempts to install it, gives up, and never tries again. When I tried running it by double-clicking its icon, it told me "needs to run with elevated privs." I don't see how I can get AD or SCE to run it with these higher privs. I can run it by using an elevated command prompt and running msiexec from there. The MSI is the one labeled "GoToMeeting MSI Installer (ZIP)" from here: http://support.citrixonline.com/GoToMeeting/search?search=msi Any ideas? I run an environment where the users are non-admins and would love to be able to upgrade this centrally.

    Read the article

  • Default Critique branch office setup: VPNTunnel->HQ, subnets for VOIP/PC, + several Q's

    - by CHickenTaragon
    We're setting up a new branch office. * ~10 users. * Each user has a VOIP phone provided by a hosted solution. * Users need access to resources on HQ (located in another state), so setting up VPN tunnel * HQ only supports certain Cisco/Juniper devices. VOIP provider only supports SonicWall, so current plan is to have two routers w/ separate subnets for VOIP vs. PC traffic. * PC's will plug into pass-thru Ethernet jacks on the VOIP phones, but the phones vs. PC's will point to different subnets. * Cable Modem is 50Mbps / 5Mbps DOCSIS 3.0 business line w/ 5 static IP's. * Each of the 2 subnets will map to one of the 5 public IP's. * May or may not also need to support a VPN tunnel with a second branch office because of a file server they have there that some in the new office use. I'm pushing to have them move the files to a server on the HQ's network so we don't have to worry about setting up an additional tunnel. Questions: Do you foresee any issues with the below set-up? Router recommendations by HQ IT staff: Cisco Router 2811, or Juniper SSG5 or SSG20. Any recommendations about these routers? We need Wi-Fi too – looks like the above routers have models that support this, any reason not to use this? Users need to be able to work from home. If so, how is authentication handled? Right now we use AD credentials for the HQ's domain, but we currently don't plan to have an AD system in the new location since it's only 10 users. We can't tie the authentication system from the new location's router to the AD system of the HQ. All the PC's that will be in the new location are currently in the existing office that is closing down, and are already joined to the domain of the HQ. Please confirm: this + the VPN tunnel will be sufficient for them to connect to authenticated resources on the HQ's network from the new location, correct? Mainly SQL servers and file servers, and a few remote desktop sessions. I'm sure I'll have some more questions, but can't think of them right now.

    Read the article

  • Is it possible to restrict fileserver access to domain users using computers that are members of the domain?

    - by Chris Madden
    It seems domain isolation can be used to accomplish, but I'd like a solution that doesn't require IPsec, or more accurately, doesn't require IPsec on the fileserver. IPsec if done in software has a large CPU overhead and our NAS boxes don't support any kind of offload. The goal is to avoid authenticated users using non-managed machines to access network resources. Network Access Protection (NAP) and the various enforcement points looked promsiing but I couldn't find a bulletproof way to use them [which doesn't require IPsec on the fileserver]. I was thinking when a domain user accesses the NAS box it will first need a Kerberos ticket from AD, so if AD could somehow verify the computer that was requesting the ticket was in the domain I'd have a solution.

    Read the article

  • Active Directory Corrupted In Windows Small Business Server 2011 - Server No Longer Domain Controller

    - by ThinkerIV
    I have a rather bad problem with my Windows SBS 2011. First of all, I'll give the background to what caused the problem. I was setting up a new small business server network. I had my job about finished. The server was working great, all the workstations had joined the domain, and I had all my applications and data moved to the server. I thought I was done. But then it happened. I tried adding one more computer to the domain, and to my dismay the computer name was set to the same name as the server. Apparently when a computer joins a domain with the same name as another machine that is already on the domain, it overrides the first one. For normal workstations, this is not a big deal, you just delete the computer from AD and rejoin the original computer to the domain. However, for a server that is the domain controller it is a whole different story. Since the server got overridden in AD, it is no longer the domain controller. The DNS service is not working and all kinds of other services are failing also. So the question is, what are my options? I am embarrassed to admit it, but since this is a new server one thing I did not have setup yet was backup. So I have no backups to work from. I am worried that things are broken enough that I might need to do a reinstall. However, I already have several days worth of configuration into this server, so I would obviously prefer if there was a fix that would prevent me from needing to do a reinstall. All the server components are there and installed correctly, but they are misconfigured (I think it is basically just Active Directory). So I have the feeling that if I did the right thing I could solve the issue without a reinstall. Is there anyway to rerun the component that installs the initial configuration to "convert" the base windows server 2008 r2 install into a SBS? In other words in the program files folder there is an application called SBSsetup.exe, is there anyway to rerun this and have it reconfigure AD, etc. to work with SBS? Any insight will be greatly appreciated. Thanks.

    Read the article

  • DNS Server (2008 r2) MMC The server DC01 could not be contacted. The error was: Access was denied

    - by Silviu-Ionut Radu
    I've just migrated the AD with the whole nine yards, FSMO, PDC, RID, Schema, etc, from an SBS 2003 to a Win 2008 R2 Std. I have managed to have no error in the dcdiag before I demoted the SBS 2003 from the AD, fsmocheck, conectivity, advertising, dns, etc. The SBS 2003 demoted successfully. After this step I have restarted both, the old SBS and the new Win 2008 r2. After restart the new DC (which is the GC) started with an Access denied to the DNS Server MMC, actually it is looking like I would try to connect to the 2008 r2 DNS server from an older server console I can NOT manage DNS server through MMC nor through dnscmd (Command failed: ERROR_ACCESS_DENIED 5 0x5) I cannot even use the Action Option from the DNS Server MMC because all the options are DISABLED but for "Launch nslookup". I've made a lot of research on the internet but no luck, yet. So I come to ask for help. Thank you very much.

    Read the article

  • Preventing 'Reply-All' to Exchange Distribution Groups

    - by Larold
    This is another question in a short series regarding a challenging Exchange project my co-workers have been asked to implement. (I'm helping even though I'm primarily a Unix guy because I volunteered to learn powershell and implement as much of the project in code as I could.) Background: We have been asked to create many distribution groups, say about 500+. These groups will contain two types of members. (Apologies if I get these terms wrong.) One type will be internal AD users, and the other type will be external users that I create Mail Contact entries for. We have been asked to make it so that a "Reply All" is not possible to any messages sent to these groups. I don't believe that is 100% possible to enforce for the following reasons. My question is - is my following reasoning sound? If not, please feel free to educate me on if / how things can properly be implemeneted. Thanks! My reasoning on why it's impossible to prevent 100% of potential reply-all actions: An interal AD user could put the DL in their To: field. They then click the '+' to expand the group. The group contains two external mail contacts. The message is sent to everyone, including those external contacts. External user #1 decides to reply-all, and his mail goes to, at least, external user #2, which wouldn't even involve our Exchange mail relays. An internal AD user could place the DL in their Outlook To: field, then click the '+' button to expand the DL. They then fire off an email to everyone that was in the group. (But the individual addresses are listed in the 'To:' field.) Because we now have a message sent to multiple recipients in the To: field, the addresses have been "exposed", and anyone is free to reply-all, and the messages just get sent to everyone in the To: field. Even if we try to set a Reply-To: field for all of these DLs, external mail clients are not obligated to abide by it, or force users to abide by it. Are my two points above valid? (I admit, they are somewhat similar.) Am I correct to tell our leadership "It is not possible to prevent 100% of the cases where someone will want to Reply-All to these groups UNLESS we train the users sending emails to these groups that the Bcc: field is to be used at all times." I am dying for any insight or parts of the equation I'm not seeing clearly. Thank you!!!

    Read the article

  • OS X clients ignoring Windows print server permissions

    - by Ilumiari
    I'm in the process of testing a Windows Server 2008 R2 print server for a mixed OS X/Windows environment. Any security permissions (AD groups) I set for the printers on the print server are not honoured by the OS X clients. Only if I remove absolutely all permissions for a given printer will an OS X client not print to that printer. The Windows clients honour the permissions as expected. The PrintService log doesn't record any activity when an unprivileged Windows client attempts to print, and records a typical print job when an unprivileged OS X client attempts to print. Has anyone encountered this problem before and have a fix? With 600-700 clients, a number of which are dual-booting, restricting by IP address is not viable. EDIT: The jobs are definitely going through the print server, they show up in the logs with their AD credentials.

    Read the article

  • Windows server 2003 mapping home drive wrong

    - by Sandman2010
    hey all, first question... we have around 30 servers in an Active Directory environment with 600 student computers and 100 staff desktops with XP SP2/3, the win server 2003 has the staff home drives on a NAS and in the last few days after some server updates is now mapping home drives to the \servername\home instead of \severname\home\%username%, its simple to re map the network drive but is annoying. we dont use login script to map home drive but use a VB script for other network drives and if we add the home drive mapping to that it works, but shouldnt the profile option in users AD account map that correctly? which do you all recommend, AD profile mapping or VB Script mapping Home drives? thanks Steven

    Read the article

  • Creating a new Active Directory account with an InfoPath form

    - by ryan
    I am setting up a business partner portal in our Sharepoint server. There will be an AD group with permissions limited to viewing and possibly contributing to the specific business partner site and employees of our business partners will have accounts created for them as needed. Now we would like to let our business development group(BDG) have control over the partner accounts. Ideally they should be able to add and delete accounts and change permissions on them. The BDG are not domain admins so we don't want to give them access to the domain controller. We want to create an Infopath form that will allow them to do all this. Is it possible to create and manage AD accounts from within an Infopath form on the sharepoint server? I searched this site and MSDN and can not find anything specifically related to my question.

    Read the article

  • Active Directory remote versus local computer logon

    - by Jake
    Hi, Hope some one can help a network/server noob understand how domains work in AD. I am in an organisation with 2 AD servers in 2 different countries, e.g. US and UK, and they set up the US and UK domains respectively. the accounts are set up such that all employees in both countries have a US\user and UK\user account. What is the difference if a UK user logon with US\user from a local UK computer, versus RDP (remote desktop) into a US server with US\user? Thanks for your help.

    Read the article

  • How to delete empty folders from a given directory in windows with a script

    - by Nicola Peluchetti
    I'm using r.js as a build tool but as of today that tools doesn't give me the ability to delete empty folders in the build dir. I've found these two scripts for /f "usebackq" %%d in ("dir /ad/b/s | sort /R") do rd "%%d" for /f "delims=" %%i in ('dir /s /b /ad ^| sort /r') do rd "%%i">NUL looking around the net but i always get %%i was unexpected at this time. or %%d was unexpected at this time. And i wouldn't know how to tell the script where my directory is. My build script is @echo off where /q r.js || ( echo requirejs node package is not installed. You must install node, npm and then run npm install -g requirejs goto :eof ) node r.js -o app.build.js :end I need to tell the script to remove all empty directories which are located inside ../../js

    Read the article

  • How to choose which fields are available via LDAP from an Active Directory

    - by Felix Eve
    I'm using PHP to do an ldap search and then pull the attributes out using ldap_get_attributes. This returns an array of data (that can be seen here) however there are some fields that are missing such as Organization Title, department, company, address and telephone number. How to I make these fields available? There is a similar question here: http://www.petri.co.il/forums/showthread.php?t=15227 I've followed the steps outlined there an tried changing some access permissions but am not really sure what I'm doing and can't see any permissions that directly relate to the fields that I can see when I edit a user in the "Active Directory Users Computers" window. I am a PHP developer, not a Windows server administrator so am finding configuring an AD rather challenging so please don't assume any level of knowledge about AD. I've asked the same question on stack exchange but understand this is a more relevant place to ask.

    Read the article

  • ActiveDirectory - LDAP query for objectCategory unexpected results

    - by FinalizedFrustration
    AD is at 2003 functional level, some of our DC's are running Windows Server 2003, some are 2008, some are 2008 R2. When using the following query: (objectCategory=user) I do not expect to see any result where the objectCategory attribute is equal to 'CN=Person,CN=Schema,CN=Configuration,DC=Contoso' I expect only objects where the objectCategory attribute is equal to 'CN=User,CN=Schema,CN=Configuration,DC=Contoso' However, the query does indeed return all objects with the objectCategory attribute equal to 'CN=Person,CN=Schema,CN=Configuration,DC=Contoso' My question then is this: Why do I see the search results that I do? Does AD actively translate queries that include (objectCategory=user) to (objectCategory=Person)? I have looked at the schema definitions for both the Person and the User class, but I cannot see any reason for the query results as I am experiencing them. I know that the User class is a subclass of the organizationalPerson class, which is a subclass of Person, but I can't see an attribute value that would explain this translation.

    Read the article

  • Reverse DNS for two ADs in the same subnet

    - by SpacemanSpiff
    I currently have two separate AD forests that exist within the same subnet. The two forests have independent copies of the reverse lookup zone for that subnet. Example: Domain A DC1: 10.1.1.1/24 Domain A DC2: 10.1.1.2/24 Domain A AppServer1:10.1.1.3/24 Domain B DC1: 10.1.1.11/24 Domain B DC2: 10.1.1.12/24 Domain B Appserver1:10.1.1.13/24 What I'm after, is a configuration that allows this reverse zone to be shared between them so that both sets of DNS servers can make updates to the zone. This kind of thing is a little far from my everday work, so a kick in the right direction is a welcome suggestion as well. Decoupling one AD into new segments is a possibility I'm open to but would like to avoid if possible. If there is a DNS related solution I'd prefer that.

    Read the article

  • Move mailbox to public folder

    - by Kim Johansson
    Hello there! I need some help moving a users mailbox to a public folder. I'm not really a sysadmin, I know some AD and Windows Server, but Exchange is new stuff to me. Basically, one user has left the company, so we disabled his account in the AD, but now it's time for the mail. I need to move his old mail to a mailbox which the owern of the company and I can acess, then I would like to forward any new emails to that public folde How can I do this with Exchange 2007?

    Read the article

  • Schedule of Password Expiration to a specific time

    - by elcool
    Is there a way in Windows Server 2003 or 2008 and in Active Directory, to specify in a policy that when a users password expires that day, to have it expire at a certain time, say 4:00am. The issue came up, because the expiration occurs during the middle of the working day, say 9:00am. Then when a user is already logged into Windows in the network, and using different applications, those will start behaving wrongly because of authentication. They have to log out and log back in, in order for Windows to ask for the new password. So, if when they log in early in the morning it would ask for the new password, then they won't have to log back out during the working day. One of the AD Admins said: "Have them check if their password will expire before starting the day".. but really, who does that? And I don't have access to an AD to check these types of policies. So, is this possible?

    Read the article

  • Chrome - Why am I automatically authenticated to a web app even after clearing browser cookies?

    - by Howiecamp
    I am accessing a web application using Chrome. If I sign out of the app and clear all Chrome history/cookies/etc (even Flash cookies which are now handled by Chrome in the same Clear History area) and then re-access the site, I am automatically logged in without being prompted for credentials. I then launched Chrome in Incognito mode and was able to reproduce the same behavior. However, the I was prompted upon the first logon while in Incognito mode. The web application behaves as expected in Internet Explorer 10. Some info about the application: It's a Sharepoint site using NTLM authentication The credentials are Active Directory-based, as the username is domain\username My connection is over the Internet and there is no AD relationship between my local Windows account, my Windows PC. In other words I (meaning my locally logged on user and my PC) are not in any way part of their AD domain. The site is running SSL on port 443 Why might Chrome be automatically authenticating me?

    Read the article

  • Can vCenter 4 authenticate and authorize against a virtual directory server??

    - by iforeman
    Hi I am looking into Identity managment in our environment. We currently use Active Directory and Sun's Enterprise Directory server (6.3). I was wondering if I used the Virtual Directory Server of the Enterprise Directory server, would we be able to point the vCenter clients to this Directory service for authentication and authorization rather than at the AD source. The reason for this is that we have more users we want to add to the management role of this server but not all are in AD, a fair number are in the Sun LDAP v3. directory. Thanks in advance Ian

    Read the article

  • Why is Firefox so slow and heavy?

    - by Tony
    For some reason, when I go to links the pages seem slow and heavy. It also has a lot of lag spikes between page loads. Basically it seems to freeze then load it all at once fast. I'm currently using Firefox 25. But when I use the same Chrome version, it seems to be very fast and smooth page loading. The CPU it takes on average is about 400,000k. Extensions: iMacros Leethax Ad Block Plus 2.4 Ad Block Plus Pop-up Addon 0.9.1 Computer stats: 6 GB RAM Windows 7 Acer Aspire Laptop 500 GB HDD Intel Core i4-2370M How do I make Firefox load like Google Chrome, without much freezing?

    Read the article

  • Download or view a servers wins database

    - by Segfault
    I am trying to troubleshoot a WINS browsing problem in a Server 2008 AD Forest. I am in one domain and the problem is with a sibling domain. What command can i use to dump or view the WINS database on a particular AD server by name, in a different domain than me? I thought one of the subcommands of net would have an option for this, but I can't find it. I also tried browstat.exe getblist but it gives me an error message "The list of servers for this workgroup is not currently available". I am not a domain admin and don't have any rights to the either domain other than a normal user. Anyone know how this can be done?

    Read the article

  • New-ManagedContentSettings - not working properly under Exchange 2010

    - by mfinni
    I have a client that is divesting a business unit into a new AD forest, Exchange org, etc. We're using Quest tools to migrate users and mailboxes. However, I have to build the new infrastructure to match the old one. In the old one, we're using Managed Folder Mailbox Policies to limit (or allow) retention. They started with Exchange 2007 and never upgraded to Retention Policies; oh well. So, in the old environment, when you use a 2007 server to define a new Managed Content Setting, you can pick "Email" from the dropdown for MessageClass. This is a display name; the actual MessageClass values are thus: MessageClass : IPM.Note;IPM.Note.AS/400 Move Notification Form v1.0;IPM.Note.Delayed;IPM.Note.Exchange.ActiveSync.Report;IPM.Note.JournalReport.Msg;IPM.Note.JournalReport.Tnef;IPM.Note.Microsoft.Missed.Voice;IPM.Note.Rules.OofTemplate.Microsoft;IPM.Note.Rules.ReplyTemplate.Microsoft;IPM.Note.Secure.Sign;IPM.Note.SMIME;IPM.Note.SMIME.MultipartSigned;IPM.Note.StorageQuotaWarning;IPM.Note.StorageQuotaWarning.Warning;IPM.Notification.Meeting.Forward;IPM.Outlook.Recall;IPM.Recall.Report.Success;IPM.Schedule.Meeting.*;REPORT.IPM.Note.NDR If I take that and try to mangle it into a new cmdlet for Ex2010 in my new environment here's what I get New-ManagedContentSettings -Name "Delete Messages older then 90 days" -FolderName "Entire Mailbox" -RetentionEnabled $True -AgeLimitForRetention 90 -TriggerForRetention WhenDelivered -RetentionAction DeleteAndAllowRecovery -MessageClass "IPM.Note","IPM.Note.AS/400MoveNotificationFormv1.0","IPM.Note.Delayed","IPM.Note.Exchange.ActiveSync.Report","IPM.Note.JournalReport.Msg","IPM.Note.JournalReport.Tnef","IPM.Note.Microsoft.Missed.Voice","IPM.Note.Rules.OofTemplate.Microsoft","IPM.Note.Rules.ReplyTemplate.Microsoft","IPM.Note.Secure.Sign","IPM.Note.SMIME","IPM.Note.SMIME.MultipartSigned","IPM.Note.StorageQuotaWarning","IPM.Note.StorageQuotaWarning.Warning","IPM.Notification.Meeting.Forward","IPM.Outlook.Recall","IPM.Recall.Report.Success","IPM.Schedule.Meeting.*","REPORT.IPM.Note.NDR" -whatif Invoke-Command : Cannot bind parameter 'MessageClass' to the target. Exception setting "MessageClass": "The length of t he property is too long. The maximum length is 255 and the length of the value provided is 518." At C:\Users\MFinnigan.sa\AppData\Roaming\Microsoft\Exchange\RemotePowerShell\pfexcas02.fve.ad.5ssl.com\pfexcas02.fve.ad .5ssl.com.psm1:28204 char:29 + $scriptCmd = { & <<<< $script:InvokeCommand ` + CategoryInfo : WriteError: (:) [New-ManagedContentSettings], ParameterBindingException + FullyQualifiedErrorId : ParameterBindingFailed,Microsoft.Exchange.Management.SystemConfigurationTasks.NewManaged ContentSettings So, the config object can store all that mess, but I can't fit it in through the cmdlet to create the object. Lovely. Any ideas?

    Read the article

  • Convert SQL Query results to Active Directory Groups

    - by antgiant
    Are there any quality products (ideally open source) that allow me to run an arbitrary SQL query that results in 2 columns (username, group name) and they adds that username in AD to a group of that name in AD? If the username doesn't exist it is ignored. If the group name doesn't exist ideally it gets created. Updated for Clarity: I have a MSSQL based system that is the authoritative source for some of the Active Directory Security groups, and their members. I want to be able to to have those Active Directory Security Groups populated by a one-way sync originating from MSSQL. Sadly the MSSQL based system does not have a good API, so I will have to do this with direct SQL calls. Is there anything that does this well?

    Read the article

< Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >