Search Results

Search found 17950 results on 718 pages for 'directory listing'.

Page 101/718 | < Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108 | Next Page >

Domain Controller Placement

- by Matt

I've been working through some Exchange training documentation (the official MS e-learning package) and all of the design scenarios allude to placing at least one DC from your forest root domain in every site. I'm not sure whether this just relates to Exchange, but I can think of a number of issues we experience in our forest that would be resolved by this. For example, a Microsoft support engineer has stated that EVERY client in a child domain (i.e. all workstations and member servers) need access to a forest root DC to check certificate/template permissions, even on a subordinate CA. I have attempted to locate documentation or guidelines from Microsoft on this, but have not been able to find anything. I found the Domain Controller Placement guide, but it's only a form - you would use it to document where you will place your DCs, but it doesn't give any guidance on where you should deploy them. Does anyone know where, or if, I can find any such documentation?

Read the article
Using Folder Redirection GPO and Offline Files and Folders

- by user132844

I want to use Folder Redirection to redirect user's My Documents to a network share. First question is: What is best practices for mapping the drive? Should I use the profile tab in AD with the %username% variable, or a net use logon script, or something else? Second question is: How do I deal with laptops and syncing the network with the local storage? I want to have 2-way syncing so if they manually map their networked home drive and edit it from a different computer, it will sync the newer version to their My Documents folder the next time they connect their normal work computer. I also want to be sure that if they edit a file offline on their laptop while away from the office, that the network version syncs the changes the next time they connect that laptop. Please advise best practices for this scenario in a 2008 R2/Win7 environment. I am also interested in Mac clients for this environment, and while I am very Mac savvy, I would like to hear what others consider to be best practices for Mac network homedirs in a Win environment.

Read the article
Windows AD: Is loopback processing absolutely necessary in order to apply a user policy to users logging into computers in the OU?

- by Brett

I've had our AD setup running on server 2008r2 and now 2012, and I swear, a user policy applied to an OU containing only computers actually does apply to users logging into those computers, without loopback processing enabled. Everything I read seems to say that is not how it should work, but it does. Is this normal behavior? Just tested again - created a policy with a drive map (which is a user policy), applied it to an OU containing my terminal server, forced a gpupdate, logged out/in, and sure enough, the drive is mapped. I did NOT turn on loopback processing.

Read the article
PowerShell - Finding all of users' group memberships and kicking it out of them

- by NirPes

as title says, I have to find all the groups that the user is a member of, and deleting its membership from all of them. I've tried this: get-adgroup -filter * | where {(Get-ADGroupMember $_ | foreach {$_.PrimarySmtpAdress}) -contains "[email protected]"} but it doesnt return anything (although THERE ARE some items that have to be returned) as for the deletion I found no way to do it, could someone give me an example of a code that does this? Im talking about security groups.

Read the article
Moved servers running Windows Server 2003

- by Charles

Our company has two locations and each location has a Windows Server 2003 machine as the DC and several servers, running on two different sub-nets. We are consolidating the locations. I changed the IP address on one of the web servers prior to moving to the main location. I didn't change the IP address on either the DC or the other web servers prior to moving to the main location. Now, only the web server whose IP was changed is able to serve pages. The other web servers are not able to serve pages, cannot be pinged, or be accessed via RDP. Since we don't need the second DC, it has been powered down. When I tried to ping it, the previous IP address was received. My colleague changed the IP address in the DC's DNS, but when I ping it, a timeout error is received. I know that I should have read a lot more before doing this. What can I do to fix it? Thanks, in advance, for your help! Update MarkM, thanks for the info on demoting a DC. That's one of the things I want to do after everything is working. Is there a good, clear article you recommend? Rusty, there are no DMZs involved at this point. I need to set up a DMZ, but that's another project.

Read the article
Encrypt shared files on AD Domain.

- by Walter

Can I encrypt shared files on windows server and allow only authenticated domain users have access to these files? The scenario as follows: I have a software development company, and I would like to protect my source code from being copied by my programmers. One problem is that some programmers use their own laptops to developing the company's software. In this scenario it's impossible to prevent developers from copying the source code for their laptops. In this case I thought about the following solution, but i don't know if it's possible to implement. The idea is to encrypt the source code and they are accessible (decrypted) only when developers are logged into the AD domain, ie if they are not logged into the AD domain, the source code would be encrypted be useless. Can be implemented this ? What technology should be used?

Read the article
Encrypt shared files on AD Domain.

- by Walter

Can I encrypt shared files on windows server and allow only authenticated domain users have access to these files? The scenario as follows: I have a software development company, and I would like to protect my source code from being copied by my programmers. One problem is that some programmers use their own laptops to developing the company's software. In this scenario it's impossible to prevent developers from copying the source code for their laptops. In this case I thought about the following solution, but i don't know if it's possible to implement. The idea is to encrypt the source code and they are accessible (decrypted) only when developers are logged into the AD domain, ie if they are not logged into the AD domain, the source code would be encrypted be useless. How can be implemented this using EFS?

Read the article
How to bulk mail-enable contacts from AD in Exchange 2007?

- by George Hewitt

Hello, We have several thousand 'contacts' setup in AD already for a faxing system. We're migrating to an online fax provider that uses e-mail rather than plain old telephone. So, we've bulk edited all the AD records so that the 'mail' attribute is populated with the right e-mail address in the right format. Now, how do we enable these contacts within Exchange 2007? I've looked through http://technet.microsoft.com/en-us/library/bb684891.aspx but that only seems to talk about manually editing the CSV output to specify the external addresses. AD already knows the external e-mail addresses - I just need the info in Exchange! Any thoughts?

Read the article
How to access original files from before a symlink gets updated, which have since been moved to another dir

- by Luke Cousins

We have a website and our deployment process goes somewhat like the following (with lots of irrelevant steps excluded) echo "Remove previous, if it exists, we don't need that anymore" rm -rf /home/[XXX]/php_code/previous echo "Create the current dir if it doesn't exist (just in case this is the first deploy to this server)" mkdir -p /home/[XXX]/php_code/current echo "Create the var_www dir if it doesn't exist (just in case this is the first deploy to this server)" mkdir -p /home/[XXX]/var_www echo "Copy current to previous so we can use temporarily" cp -R /home/[XXX]/php_code/current/* /home/[XXX]/php_code/previous/ echo "Atomically swap the symbolic link to use previous instead of current" ln -s /home/[XXX]/php_code/previous /home/[XXX]/var_www/live_tmp && mv -Tf /home/[XXX]/var_www/live_tmp /home/[XXX]/var_www/live # Rsync latest code into the current dir, code not shown here echo "Atomically swap the symbolic link to use current instead of previous" ln -s /home/[XXX]/php_code/current /home/[XXX]/var_www/live_tmp && mv -Tf /home/[XXX]/var_www/live_tmp /home/[XXX]/var_www/live The problem we are having and would like help with is that, the first thing any website page load does is work out the base dir of the application and define it as a constant (we use PHP). If then during that page load a deployment occurs, the system tries to include() a file using the original full path and will get the new version of that file. We need it to get the old one from the old dir which has now moved as in: System starts page load and determines SYSTEM_ROOT_PATH constant to be /home/[XXX]/var_www/live or by using PHP's realpath() it could be /home/[XXX]/php_code/current. Symlink for /home/[XXX]/var_www/live get updated to point to /home/[XXX]/php_code/previous instead of /home/[XXX]/php_code/current where it did originally. System tries to load /home/[XXX]/var_www/live/something.php and gets /home/[XXX]/php_code/current/something.php instead of /home/[XXX]/php_code/previous/something.php I'm sorry if that is not explained very well. I'd really appreciate some ideas on how to get around this problem if someone can. Thank you.

Read the article
How to collect Security Event Logs for a single category via Powershell

- by Darktux

I am trying to write a script which collects security log from all of our domain controllers hourly and stores them remotely; i can collect the security logs , but is there a way to collect the security logs by category or event number from the DC? please do let me know if any additional questions. My Code: $Eventlogs = Get-WmiObject -Class Win32_NTEventLogFile -ComputerName $computer Foreach($log in $EventLogs) { if($Log.LogFileName -eq "Security") { $Now = [DateTime]::Now $FileName = "Security" +"_"+$Now.Month+$Now.Day+$Now.Year+"_"+$Now.Hour+$Now.Minute+$Now.Second $path = "\\{0}\c$\LogFolder\$folder\$FileName.evt" -f $Computer $ErrBackup = ($log.BackupEventLog($path)).ReturnValue if($clear) { if($ErrBackup -ne 0) { "Backup failed" "Backup Error was " + $ErrBackup } } } } Copy-EventLogsToArchive -path $path -Folder $Folder }

Read the article
NIS AD password synch for new accounts

- by user135004

I have a Win2k3R2 DC with NIS. All is working well but its no longer synching the passwords for new accounts. When creating a new AD user, NIS does its thing and sends its Unix account to the synched linux server. It's doing everything its supposed to do but not the users password to the server (getent passwd returns the ABCD!efgh12345$67890 password for the new account). Thinking that password synchronization is not working, I changed the password of an existing working account and it synchs the new password. If I delete a new or old AD user, it deletes it on the linked linux server as well. All this tells me that NIS is doing its thing (at least with existing accounts) No updates have been installed on the DC. I am not even sure where to start here.

Read the article
Users are getting a temporary profile

- by Serhiy

A bit about current setup: It is windows 2008 R2 AD servers (all of them are 2008R2) and couple locations which set as Sites. Each location has DFS on AD server. Roaming profiles are not used nor configured. Users have their home folder configured as mapped S: drive to DFS shared folder. For example: in profile tab user has: Home Folder - connect - S: to \\domain.com\dc\users\%username% We also have redirected Desktop, Documents and Downloads folders to \\domain.com\dc\users. Everything was fine. Suddenly (today), users in most locations lost their local profile (both XP and W7 desktops) and got temporary profiles. Also, it looks like local profile was created today (from folder properties). I checked events at couple machines and there is not errors related to profiles or logon process. I do not see issues in event logs at servers as well. Basically, I run out of ideas what is wrong and why machines lost their local profiles. PS: Laptop users do not have their folders redirected, but lost profiles as well.

Read the article
Can't find windows 2000 domain after PDC Change

- by Mark A Kruger

This is a windows 2000 domain issue. I had an old win2000 PDC that was beginning to fail. So, trying to be pre-emptive, I installed a new BDC, then "demoted" the old PDC and took it off the network. Now it appears that no member server can "find" the domain anymore. No logins work (for services or a RDP or anything). What I've tried (based on googling): Verified sysvol is shared on all servers. Used nslookup to verify that DC's are being found. netdiag /fix meta data cleanup routines. verified no firewall issues (port 389 etc) seizing all roles to new PDC (I did that as part of the original promotion). LMHOST file and Netbios settings. At the moment it seems like I can get the DC's returned but cannot contact them. I'm at a loss. My latest attempt was to remove a member server from the domain and try to "re-add" it. When I do that I get this message: The query was for the SRV record for _ldap._tcp.dc._msdcs.cfwebtools.com The following domain controllers were identified by the query: db-dev1.cfwebtools.com file-prod1.cfwebtools.com cfwt-pdc2.cfwebtools.com However no domain controllers could be contacted. It then goes on to ask if I've checked my A record and made sure they are running. Is there a way to force this domain to be seen? I also shared sysvol (or double checked it) and restarted the dfsr service. More information. I got looking at sysvol and found it was not shared on 2 of these servers. Only one of them (db-dev1) has a "good" or at least "populated" sys vol store. So I tried doing a "d2" recovery of my PDC against that good sysvol. But it never synchs - or at least it does not seem to synch. I'm guessing if I could get sysvol and netlogin to kick in and replicate that would fix my issue. I think these DC's aren't responding because they are waiting for replication which is broken somehow. Would taking down all the DC's except for db-dev1 fix the issue - at least temporarily? I know I can't just copy the sysvol stuff over to the other 2 can I?

Read the article
Cannot add Windows 7 client to SBS 2008

- by Sandokan

I have just installed SBS 2008 R2 Standard on VMware Workstation 9 along with Windows 7 Pro N. Both are activated and running fine. I have followed the steps to configure SBS 2008 and am now at the point where I'm to add a computer to the domain. Here is where the problem begins. I have gone through the steps of using the webinterface. On the client I downloaded Launcher.exe. I then run it and get the error "Check computer requirements - Failed" (translated from swedish): "This computer doesn't reach the requirements for connecting to the network." "The computer doesn't reach the maximum requirements for the operating system with regards to connect to the network" The provided link for More information only leads to a general supportpage and doesn't handle this specific error. I have also checked the time settings and they are correct. Any clue as to what this problem could be?

Read the article
Log into AD account through Command Line

- by CranialPain

Our SBS2003 server likes to lose connection every so often. This appears to 'kick' everyone out, so that no-one can access the server or its shared folders without a log off log in. It usually brings up an error message stating that Windows 7 (on the client machines) cannot find the server, even though its ping-able. Is there a way to login through the command line so I can just write a batch file and have the users double-click it and enter their credentials instead of closing down programs and logging out/in over and over?

Read the article
How to bypass Forefront TMG for downloading from Adobe Cloud

- by user1006272

I hope that this question has not been asked as I've spent a couple of days googling around trying to find a solution. I have one computer that needs to download from Adobe Cloud to install applications like Photoshop etc... The issue I'm having is that Adobe uses a download manager program (AdobeApplicationManager.exe) that just keeps incrementing the time left on the download of any app like Photoshop. Is there a way to allow just the download manager from that one computer to bypass any filtering settings in Forefront TMG 2010? I have very little knowledge of servers / ISA servers / Forefront TMG and have been thrown into this position by luck I guess. Any help with this would be highly appreciated. Thanks in advance.

Read the article
Where are AD registry settings

- by erdogany

As you might already know AD does not let you change the password through LDAP if you don't have a secure connection to AD. I heard that there is a registry setting to change this behavior but so far couldn't find where it is... Anyone of you know how can I can change this behavior?

Read the article
Add Bookmark to IE automatically for new users on a computer

- by Kyle Brandt

When I set up a PC, I would like to be able to have it so when anyone logs into that PC from the domain a couple of IT bookmarks will be in IE. I read I can do this with a Domain-Level group policy, but unfortunately, with my current domain group policies have not gone well, so I have fear (Rather not get into this in this question). Can I do this at the PC level when I deploy a new computer? So any domain users who log into the PC will have these bookmarks added when their profile is created (no roaming profiles). These are XP machines, and the domain is run by 2003 controllers.

Read the article
Exclude certain files or directories from redirected folders

- by jao

We have a windows 2003 AD and are using Folder redirection to redirect the users My Documents to a share. Is there a way to save certain filetypes (*.mp3, *.avi) or folders (My Music, My Pictures) on the user's hard disk instead of saving on the netwerk share? I'm aware of the GPO setting 'Exclude directories in roaming profile' but I'm not sure if that will do what I want (we're using redirected folders)

Read the article
PowerShell - Limit the search to only one OU

- by NirPes

Ive got this cmdlet and I'd like to limit the results to only one OU: Get-ADUser -Filter {(Enabled -eq $false)} | ? { ($_.distinguishedname -notlike '*Disabled Users*') } Now Ive tried to use -searchbase "ou=FirstOU,dc=domain,dc=com" But if I use -SearchBase I get this error: Where-Object : A parameter cannot be found that matches parameter name 'searchb ase'. At line:1 char:114 + Get-ADUser -Filter {(Enabled -eq $false)} | ? { ($_.distinguishedname -notli ke '*Disabled Users*') } -searchbase <<<< "ou=FirstOU,dc=domain,dc=com" + CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBi ndingException + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Comm ands.WhereObjectCommand What Im trying to do is to get all the disabled users from a specific OU, BUT, there is an OU INSIDE that FirstOU that I want to exclude: the "Disabled Users" OU. as you might have guessed I want to find disabled users in a specific OU that are not in the "Disabled Users" OU inside that OU. my structure: Forest FirstOU Users,groups,etc... Disabled Users OU

Read the article
Time until Members added to Group Policy is Replicated

- by Kyle Brandt

If I have a group policy, and add a group/user/machine etc to that group policy, how long is it until all domain controllers have that change in effect? This is a Windows 2003 Domain set up with controllers at different geographic locations (Each with a different L3 network). I realize it probably depends, but how do I figure out how long it generally takes for my given setup? Also, is there an event I can check to see if it has a reached a particular domain controller?

Read the article
How to export AD security list to Excel

- by r0ca

How can I export the security member's list from a security group to an excel sheet. I've found some code on the web but I would need an UI or a software that can do this. I'm open to Powershell tho... Regards, D.

Read the article
Do best-practices say to restrict the usage of /var to sudoers?

- by NewAlexandria

I wrote a package, and would like to use /var to persist some data. The data I'm storing would perhaps even be thought of as an addition for /var/db. The pattern I observe is that files in /var/db, and the surrounds, are owned by root. The primary (intended) use of the package filters cron jobs - meaning you would need permissions to edit the crontab. Should I presume a sudo install of the package? Should I have the package gracefully degrade to a /usr subdir, and if so then which one? If I 'opinionate' that any non-sudo install requires a configrc (with paths), where should the package look (presuming a shared-host environment) for that config file? Incidentally, this package is a ruby gem, and you can find it here.

Read the article
Scripting help - need to get phone number of AD accounts and then add them to contacts in trusted domain

- by TheCleaner

I have domain accounts that I have created as contacts in another trusted domain so that they can see them in their Exchange GAL. I need a way to extract the phone number field from UserA (user account) in DomainA and import it into UserA (contact) in DomainB. I get the logic, it's just the code (vbscript/powershell/whatever) that eludes me. The logic as I see it: Connect to source AD (ou/subtree) Extract user accounts from OU and subcontainers including first name, last name, display name, and phone number Connect to target AD (ou/subtree) Verify/match contact with extract in #2 above based on display name Update phone field with phone number in extract Write log of success and failures Anybody able to help?

Read the article
Prevent folder deletes at top level only on Server 2008

- by DomoDomo

I'm trying to prevent folders moves, really folder delete in NTFS parlance, for series of folders within a network share. So let's say I have: FolderA, FolderB, FolderC. Each folder has various files and subfolders. I want the Domain Users group to have modify access to all files and folders beneath FolderA, FolderB, and FolderC. However I don't want them to be able to delete these three top level folders. The issue we are having right now is people keep accidentally dragging one top level folder into another. I've tried used advanced NTFS permissions to deny domain users delete access to these top level folders, and set the permissions to apply to "This folder only", however it seems to only affect sub-folders, and not the top level. Platform is Server 2008 Standard. Thanks in advance.

Read the article

< Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108 | Next Page >