many of you ponged me about the VLV thingy, actually it was a new concept for me, searching a little bit and found this amazing link:
http://technet.microsoft.com/en-us/library/cc540446(EXCHG.80).aspx
VLV basiclly is a concept to retrive the data for a VLV aware application and prestage them in theview rather making he server commit an LDAP query to the AD.
Exchange uses VLV to retrive objects from Active directory, VLV must be enabled since objects created with Exchange 2003/2007 are not stamped with the new attribute after Exchange 2010 installation thus VLV must be enabled.
Showing posts with label Deep in Active Directory. Show all posts
Showing posts with label Deep in Active Directory. Show all posts
Sunday, May 9, 2010
Friday, May 7, 2010
Exchange 2010 and VLV
and intersting not for those who might miss it
Install Exchange 2010 in an Existing Exchange 2003 Organization: Exchange 2010 Help: "Exchange 2010 now creates system address lists in a new container. Recipients created or modified using Exchange 2003 or Exchange 2007 management tools won’t be stamped with these system address lists. As a result, they won’t be seen by the Get-Recipient cmdlet.
To fix this issue, you must enable Active Directory virtual list view (VLV). After you have completed the upgrade of an existing Exchange 2003 organization to Exchange 2010 and have decommissioned your Exchange 2003 servers, you must enable Active Directory VLV. To enable VLV for Exchange 2010, run the Enable-AddressListPaging cmdlet. For more information, see Enable-AddressListPaging."
Install Exchange 2010 in an Existing Exchange 2003 Organization: Exchange 2010 Help: "Exchange 2010 now creates system address lists in a new container. Recipients created or modified using Exchange 2003 or Exchange 2007 management tools won’t be stamped with these system address lists. As a result, they won’t be seen by the Get-Recipient cmdlet.
To fix this issue, you must enable Active Directory virtual list view (VLV). After you have completed the upgrade of an existing Exchange 2003 organization to Exchange 2010 and have decommissioned your Exchange 2003 servers, you must enable Active Directory VLV. To enable VLV for Exchange 2010, run the Enable-AddressListPaging cmdlet. For more information, see Enable-AddressListPaging."
Monday, October 20, 2008
Blog Post: you cannot use GFI Endpoint security due to Remote HW/Registry locdown policy by Windows Vista SP1
Hi,
I have been working with GFI support team for that last couple of weeks to diagnose a problem that looks so hard in the first place but it was so easy to spot once we identified the cause, I have several Windows Vista SP1 laptops since all of them comes shipped with it, we wanted to deploy GFI Endppoint security and we were testing the product, everything works fine on XP SP3 machines, but on windows Vista SP1 it didn’t work, the problem that we couldn’t detect the drivers on the machine that runs Vista Sp1, the error was “Failed to enumerate devices on the machine”; if we try to deploy the agent manually it yells at us saying that you don’t have permissions to install this product so what the heck going on?
After several hours of regmon and filemon, I found that the agent access the machine using remote registry, so you have to:
- Start the remote registry service.
- On Vista SP1 machines, you need to allow the access for HKLM hive totally remotely.
- The GFI agent service needs to run as domain admin!!!
1.Go to Computer Configuration \ Administrative Templates \ System \ Device Installation
2.Double click on "Allow Remote Access to the PnP interface" and enable the policy
Finally it works, now we need to test it out, please read more about the security lockdown settings of windows Vista and the new registry access restrictions for windows Vista.
Friday, March 21, 2008
what to do: parent/child domain trust is lost, TDO object is corrupted
Here is a nice tip.
We had a lot of issues where customer is losing the parent/child trust, this is caused by a lot of reasons, either a corrupted TDO object, faulty AD or an admin who is playing with the wrong tools, so here is 2 things to do:
- Search the TDO about similar accounts with the same name that may cause the trust to be lost and remove them:
o Use the ldifde -r (saMAccountName=domainname*)
o Check the ldifde dump for the accounts that has the same SAMACCOUNTNAME of the domain and might be conflicting with the TDO object “don’t ask what causes that”
- Now delete the trust from the parent domain and from the child domain. You might need to delete the TDO object, those are here:
CN=Childdomain$,CN=User,DC=parentdomain,dc=com
CN=childdomain,parentdomain.com,CN=System,DC=parentdomainl,dc=com
- Make sure that changes has been replicated.
- For the parent domain do the folloing command : netdom trust childdomain.parentdomain.com /domain:ttsl.com UserD:parent_admin /PasswordD:*
/UserO:child_admin /PasswordO:* /add
- Make sure that changes has been replicated.
- Not sure from the restart requirement, in my case I had to reboot the PDC
Monday, March 10, 2008
التيتا في الننا و الننا في التيتا
برغم انه المفروض انه بلوجي يكون محترم لاني اسعى لدرجة ال MVP فالمفروض انه اضفي صيغة علمية على البلوج و احترم نفسي بس للاسف انا مش عارف احترم حد لانه حد مش بيحترم نفسه مع احترامي لكل حد و اتنين و خميس
امس كنت في احد الشركات الكبيرة اوي عند صديق لي طلب مساندتي في تركيب exchange 2003 و روحت و بم اني بركب اكستشينج على كلاستر مرتين في الاسبوع على الاقل فالموضوع كان كيكة سهلة (انا كنت متصور كده) يا لسذاجتي
المهم روحت حطيت الاسطوانة و اشغل ال setup الخاص بال forestprep السيت اب يختفي و يروح ميرجعشي
غيرنا السي دي درايف
غيرنا السي دي
جبنا دي في دي
و طبعا في عباقرة في الخلف (العيب في الدرايفرات) و (العيب في الويندوز) واحد افتى انه العيب في الماذر بورد
ردوا انتوا انا مش حرد
المهم من خبرتي انا حسيت انه الاكتيف دايرمكتوري ملعوب فيه ، لانه الاكستشينج حساس جدا ليه، ففتحت الاكتيف دايركتور و ال evet viewer لقيته متخربق احمر يا مرسي
ابص الاقي انه الدومين كونتروللر dc1 مش عارف يعمل replication مع الدومين التاني home (واحد ذكي حيقوللي طب الدومين الكونترولر الاولاني اسمه dc1 يبقا التاني المفروض اسمه dc2 حقوله يعني هو السيت اب باظ علشان عيب في المازر بورد
)
المهم انه اكتشف انه الدومين كونترولر معملشي ريبليكشيت بقاله 3 شهور (حد يقول اي حاجة) قولتله هو فين الدومين كونرولر التاني) قاللي هو ليه لزمة قولتله انت عملت فيه ايه فرمته ؟؟؟ قاللي لاء بس طفيته لانه ملوش لزمة
واحد يقوللي انا لو مكاني اعمل ايه
ما علينا
قضيت وقت لطيف وانا بصلح في الدنيا (طبعا الاكتيف دايركتوري وقف الريبليكشين بين الاتنين دومين كونترولر لانه في objects على السيرفر الجديد تم مسحها و تحديثها و السيرفر القديم لا زال محتفظ بيها لذا تجنبا للعك تم وقف الريبليكشين)
جبت السيرفر المطفي اون لاين
و مشيت كما في المقالة دي
http://technet2.microsoft.com/WindowsServer/en/library/34c15446-b47f-4d51-8e4a-c14527060f901033.mspx
قمات كل حاجة اشتغلت زي الفل و تم عمل ال replication و الدنيا قامت و اشتغل السيت اب
طالما انتوا مش قد افلام الرعب بتتفرجوا على تشانل تو ليه
مع اعتذاري لصاحبي و عزيزي
حاجة غريبة !!!
الاكسبلورر كعادته وقف و حرن و قرر عدم العمل يعني اما كنت بختار لينك و اقوله openlink in new window مكانشي بيفتحها
و بم اني خبير
طلعت العدة و اديلوا ركبت الجافا و شيلتها الفيرتشوال ماشين و حطيتها و كل حاجة و برضوا حرنان
الى ان قمت بعمل ديفراجمنت النهاردة للجهاز لقيته اشتغل زي القرد
غريبة دي مش كده
Subscribe to:
Comments (Atom)
