| Author | Messages | |
RamonLinan
Posts:0
 | | 10/02/2006 7:05 AM |
| Hi,
I have a Unix
application that uses LDAP queries.
The developer is
telling me that 2 classes should be available in the GC (they need to query
the whole forest for some information)
The classes are
msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC?
I know how to add an attribute, do I have to go attribute by
attribute?
We only have 200
users and no many AD objects, is there a reason while I should not add those 2
classes, in terms of replication I mean and for small network like
this.
Thanks
Rezuma | | | |
| listmail
Posts:454
| | 10/03/2006 3:24 AM |
| Modifying the schema except for indexing or adding PAS
attributes in a forest with Windows 2000 domain controllers is really a
non-event when done properly with proper OIDs and names. Indexing can work your
DCs a little as the new indexes have to be created but it depends on the attribs
being indexed and what type of index is being created on how much that will hit
your DC. Usually I would say it is minimal impact. WIth Windows 2000 GCs, you
get to enjoy a full PAS refresh which generates a considerable amount of
replication. Simply, if you are running Windows 2000 DCs, why in the world are
you doing so, upgrade already, 2003 has been around for 3 years already and has
a ton of AD enhancements. In a small network like yours, I wouldn't expect even
a small burp even in the worst case unless you have few users and a ton (tens or
hundreds of thousands) of other types of objects. You would mention that
though I expect.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Tuesday, October 03, 2006 8:39 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
thanks for the info, how do I go about adding them to the
GC? and, being a small network, do you see any dramatic effect to doing that? in
terms of replication I mean.
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
joeSent: Monday, October 02, 2006 11:56 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
SFU30 is pretty old. What you really should do is
apply the Windows Server 2003 R2 Schema which has the aux
classes:
posixAccountposixGroup
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Monday, October 02, 2006 3:06 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Hi,
I have a Unix
application that uses LDAP queries.
The developer is
telling me that 2 classes should be available in the GC (they need to query
the whole forest for some information)
The classes are
msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC?
I know how to add an attribute, do I have to go attribute by
attribute?
We only have 200
users and no many AD objects, is there a reason while I should not add those 2
classes, in terms of replication I mean and for small network like
this.
Thanks
Rezuma | | | |
| RamonLinan
Posts:0
| | 10/03/2006 3:52 AM |
| We are using windows 2003 servers. But what I need is, to
add those 2 classes that already exist in the AD schema to the global catalog so
they replicate through the GCs in the forest. How do I add 2 whole classes
with their attributes? changing the "replicate this attribute in the global
catalog" option attribute by attribute?
Thanks
Rezuma
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
joeSent: Tuesday, October 03, 2006 11:25 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
Modifying the schema except for indexing or adding PAS
attributes in a forest with Windows 2000 domain controllers is really a
non-event when done properly with proper OIDs and names. Indexing can work your
DCs a little as the new indexes have to be created but it depends on the attribs
being indexed and what type of index is being created on how much that will hit
your DC. Usually I would say it is minimal impact. WIth Windows 2000 GCs, you
get to enjoy a full PAS refresh which generates a considerable amount of
replication. Simply, if you are running Windows 2000 DCs, why in the world are
you doing so, upgrade already, 2003 has been around for 3 years already and has
a ton of AD enhancements. In a small network like yours, I wouldn't expect even
a small burp even in the worst case unless you have few users and a ton (tens or
hundreds of thousands) of other types of objects. You would mention that
though I expect.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Tuesday, October 03, 2006 8:39 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
thanks for the info, how do I go about adding them to the
GC? and, being a small network, do you see any dramatic effect to doing that? in
terms of replication I mean.
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
joeSent: Monday, October 02, 2006 11:56 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
SFU30 is pretty old. What you really should do is
apply the Windows Server 2003 R2 Schema which has the aux
classes:
posixAccountposixGroup
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Monday, October 02, 2006 3:06 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Hi,
I have a Unix
application that uses LDAP queries.
The developer is
telling me that 2 classes should be available in the GC (they need to query
the whole forest for some information)
The classes are
msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC?
I know how to add an attribute, do I have to go attribute by
attribute?
We only have 200
users and no many AD objects, is there a reason while I should not add those 2
classes, in terms of replication I mean and for small network like
this.
Thanks
Rezuma | | | |
| listmail
Posts:454
| | 10/03/2006 3:56 AM |
| SFU30 is pretty old. What you really should do is
apply the Windows Server 2003 R2 Schema which has the aux
classes:
posixAccountposixGroup
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Monday, October 02, 2006 3:06 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Hi,
I have a Unix
application that uses LDAP queries.
The developer is
telling me that 2 classes should be available in the GC (they need to query
the whole forest for some information)
The classes are
msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC?
I know how to add an attribute, do I have to go attribute by
attribute?
We only have 200
users and no many AD objects, is there a reason while I should not add those 2
classes, in terms of replication I mean and for small network like
this.
Thanks
Rezuma | | | |
| listmail
Posts:454
| | 10/03/2006 4:24 AM |
| You get the R2 CD and do the forestprep, it will install
the entire R2 schema which includes all of those Unix interop classes and
attributes. You do not really want to do this manually or it could be
troublesome later.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Tuesday, October 03, 2006 11:53 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
We are using windows 2003 servers. But what I need is, to
add those 2 classes that already exist in the AD schema to the global catalog so
they replicate through the GCs in the forest. How do I add 2 whole classes
with their attributes? changing the "replicate this attribute in the global
catalog" option attribute by attribute?
Thanks
Rezuma
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
joeSent: Tuesday, October 03, 2006 11:25 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
Modifying the schema except for indexing or adding PAS
attributes in a forest with Windows 2000 domain controllers is really a
non-event when done properly with proper OIDs and names. Indexing can work your
DCs a little as the new indexes have to be created but it depends on the attribs
being indexed and what type of index is being created on how much that will hit
your DC. Usually I would say it is minimal impact. WIth Windows 2000 GCs, you
get to enjoy a full PAS refresh which generates a considerable amount of
replication. Simply, if you are running Windows 2000 DCs, why in the world are
you doing so, upgrade already, 2003 has been around for 3 years already and has
a ton of AD enhancements. In a small network like yours, I wouldn't expect even
a small burp even in the worst case unless you have few users and a ton (tens or
hundreds of thousands) of other types of objects. You would mention that
though I expect.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Tuesday, October 03, 2006 8:39 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
thanks for the info, how do I go about adding them to the
GC? and, being a small network, do you see any dramatic effect to doing that? in
terms of replication I mean.
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
joeSent: Monday, October 02, 2006 11:56 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
SFU30 is pretty old. What you really should do is
apply the Windows Server 2003 R2 Schema which has the aux
classes:
posixAccountposixGroup
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Monday, October 02, 2006 3:06 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Hi,
I have a Unix
application that uses LDAP queries.
The developer is
telling me that 2 classes should be available in the GC (they need to query
the whole forest for some information)
The classes are
msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC?
I know how to add an attribute, do I have to go attribute by
attribute?
We only have 200
users and no many AD objects, is there a reason while I should not add those 2
classes, in terms of replication I mean and for small network like
this.
Thanks
Rezuma | | | |
| MThommes
Posts:74
| | 10/03/2006 5:18 AM |
| Hi Rezuma,
I suspect
you might run into the same issue I had when I did the R2 forestprep with SFU
3.5 (although you have the earlier SFU 3.0). If so, see the fixup from Steve
Linehan posted to this newsgroup on 8/7/06 (and my comment from 8/12/06).
Mike Thommes
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On
Behalf Of joe
Sent: Tuesday, October 03, 2006
11:25 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
You get the R2 CD and do the forestprep,
it will install the entire R2 schema which includes all of those Unix interop
classes and attributes. You do not really want to do this manually or it could
be troublesome later.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On
Behalf Of Ramon Linan
Sent: Tuesday, October 03, 2006
11:53 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
We are using windows 2003 servers. But
what I need is, to add those 2 classes that already exist in the AD schema to
the global catalog so they replicate through the GCs in the forest. How do
I add 2 whole classes with their attributes? changing the "replicate this
attribute in the global catalog" option attribute by attribute?
Thanks
Rezuma
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: Tuesday, October 03, 2006
11:25 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
Modifying the schema except for indexing
or adding PAS attributes in a forest with Windows 2000 domain controllers is
really a non-event when done properly with proper OIDs and names. Indexing can
work your DCs a little as the new indexes have to be created but it depends on
the attribs being indexed and what type of index is being created on how much
that will hit your DC. Usually I would say it is minimal impact. WIth Windows
2000 GCs, you get to enjoy a full PAS refresh which generates a considerable
amount of replication. Simply, if you are running Windows 2000 DCs, why in the
world are you doing so, upgrade already, 2003 has been around for 3 years
already and has a ton of AD enhancements. In a small network like yours, I
wouldn't expect even a small burp even in the worst case unless you have few
users and a ton (tens or hundreds of thousands) of other types of objects.
You would mention that though I expect.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon Linan
Sent: Tuesday, October 03, 2006
8:39 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
thanks for the info, how do I go about
adding them to the GC? and, being a small network, do you see any dramatic
effect to doing that? in terms of replication I mean.
Thanks
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: Monday, October 02, 2006
11:56 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
SFU30 is pretty old. What you really
should do is apply the Windows Server 2003 R2 Schema which has the aux
classes:
posixAccount
posixGroup
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon Linan
Sent: Monday, October 02, 2006
3:06 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] 200 users
network. Adding 2 classes to the GC
Hi,
I have a Unix application that uses LDAP queries.
The developer is telling me that 2 classes should be
available in the GC (they need to query the whole forest for some
information)
The classes are msSFU30PosixAccount and msSFU30PosixGroup.
How do I add a whole class to the GC? I know how to add an attribute, do I have
to go attribute by attribute?
We only have 200 users and no many AD objects, is there a
reason while I should not add those 2 classes, in terms of replication I mean
and for small network like this.
Thanks
Rezuma | | | |
| RamonLinan
Posts:0
| | 10/03/2006 6:15 AM |
| I don't think I am making myself clear.
I already have those classes in the schema, I just want to
add the properties that those classes have to the global catalog so they
replicate throughout the forest, I don't need to install those classes in the
AD, I already did that.
Do I have to add attribute by attribute to the
GC?
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Thommes, Michael
M.Sent: Tuesday, October 03, 2006 1:18 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
Hi
Rezuma,
I suspect you might run into the same issue I had when I did the R2 forestprep
with SFU 3.5 (although you have the earlier SFU 3.0). If so, see the fixup
from Steve Linehan posted to this newsgroup on 8/7/06 (and my comment from
8/12/06).
Mike
Thommes
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Tuesday, October 03, 2006 11:25
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
You get the R2 CD and
do the forestprep, it will install the entire R2 schema which includes all of
those Unix interop classes and attributes. You do not really want to do this
manually or it could be troublesome later.
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Tuesday, October
03, 2006 11:53 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
We are using windows
2003 servers. But what I need is, to add those 2 classes that already exist in
the AD schema to the global catalog so they replicate through the GCs in
the forest. How do I add 2 whole classes with their attributes? changing
the "replicate this attribute in the global catalog" option attribute by
attribute?
Thanks
Rezuma
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Tuesday, October 03, 2006 11:25
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Modifying the schema
except for indexing or adding PAS attributes in a forest with Windows 2000
domain controllers is really a non-event when done properly with proper OIDs and
names. Indexing can work your DCs a little as the new indexes have to be created
but it depends on the attribs being indexed and what type of index is being
created on how much that will hit your DC. Usually I would say it is minimal
impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which
generates a considerable amount of replication. Simply, if you are running
Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has
been around for 3 years already and has a ton of AD enhancements. In a small
network like yours, I wouldn't expect even a small burp even in the worst case
unless you have few users and a ton (tens or hundreds of thousands) of
other types of objects. You would mention that though I
expect.
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Tuesday, October
03, 2006 8:39 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
thanks for the info,
how do I go about adding them to the GC? and, being a small network, do you see
any dramatic effect to doing that? in terms of replication I
mean.
Thanks
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Monday, October 02, 2006 11:56
PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
SFU30 is pretty old.
What you really should do is apply the Windows Server 2003 R2 Schema which
has the aux classes:
posixAccountposixGroup
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Monday, October 02,
2006 3:06 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Hi,
I have a Unix application that uses
LDAP queries.
The developer is telling me that 2
classes should be available in the GC (they need to query the whole forest
for some information)
The classes are msSFU30PosixAccount
and msSFU30PosixGroup. How do I add a whole class to the GC? I know how to add
an attribute, do I have to go attribute by
attribute?
We only have 200 users and no many
AD objects, is there a reason while I should not add those 2 classes, in terms
of replication I mean and for small network like
this.
Thanks
Rezuma | | | |
| listmail
Posts:454
| | 10/03/2006 8:01 AM |
| Yes. You have to mark each attribute you want in the GC to
be part of the PAS. Basically set the attribute isMemberOfPartialAttributeSet to
TRUE.
Ex:
G:\>admod -schema -rb cn=uid
isMemberOfPartialAttributeSet::TRUE
AdMod V01.07.00cpp Joe Richards (joe@xxxxxxxxxxx)
October 2006
DN Count: 1Using server:
r2dc2.test.loc:389Directory: Windows Server 2003Base DN:
cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc
Modifying specified objects... DN:
cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc...
The command completed successfully
To find out which attributes are involved, run
this
adfind -sc s:*posix* -af objectcategory=classschema
maycontain
the output should be something like
G:\>adfind -sc s:*posix* -af objectcategory=classschema
maycontain
AdFind V01.32.00cpp Joe Richards (joe@xxxxxxxxxxx)
October 2006
Using server: r2dc2.test.loc:389Directory: Windows
Server 2003Base DN:
CN=Schema,CN=Configuration,DC=test,DC=loc
dn:CN=PosixAccount,CN=Schema,CN=Configuration,DC=test,DC=loc>mayContain:
description>mayContain: gecos>mayContain:
loginShell>mayContain: unixUserPassword>mayContain:
userPassword>mayContain: homeDirectory>mayContain:
unixHomeDirectory>mayContain: gidNumber>mayContain:
uidNumber>mayContain: cn>mayContain: uid
dn:CN=PosixGroup,CN=Schema,CN=Configuration,DC=test,DC=loc>mayContain:
memberUid>mayContain: gidNumber>mayContain:
description>mayContain: unixUserPassword>mayContain:
userPassword>mayContain: cn
2 Objects returned
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Tuesday, October 03, 2006 2:16 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
I don't think I am making myself clear.
I already have those classes in the schema, I just want to
add the properties that those classes have to the global catalog so they
replicate throughout the forest, I don't need to install those classes in the
AD, I already did that.
Do I have to add attribute by attribute to the
GC?
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Thommes, Michael
M.Sent: Tuesday, October 03, 2006 1:18 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
Hi
Rezuma,
I suspect you might run into the same issue I had when I did the R2 forestprep
with SFU 3.5 (although you have the earlier SFU 3.0). If so, see the fixup
from Steve Linehan posted to this newsgroup on 8/7/06 (and my comment from
8/12/06).
Mike
Thommes
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Tuesday, October 03, 2006 11:25
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
You get the R2 CD and
do the forestprep, it will install the entire R2 schema which includes all of
those Unix interop classes and attributes. You do not really want to do this
manually or it could be troublesome later.
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Tuesday, October
03, 2006 11:53 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
We are using windows
2003 servers. But what I need is, to add those 2 classes that already exist in
the AD schema to the global catalog so they replicate through the GCs in
the forest. How do I add 2 whole classes with their attributes? changing
the "replicate this attribute in the global catalog" option attribute by
attribute?
Thanks
Rezuma
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Tuesday, October 03, 2006 11:25
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Modifying the schema
except for indexing or adding PAS attributes in a forest with Windows 2000
domain controllers is really a non-event when done properly with proper OIDs and
names. Indexing can work your DCs a little as the new indexes have to be created
but it depends on the attribs being indexed and what type of index is being
created on how much that will hit your DC. Usually I would say it is minimal
impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which
generates a considerable amount of replication. Simply, if you are running
Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has
been around for 3 years already and has a ton of AD enhancements. In a small
network like yours, I wouldn't expect even a small burp even in the worst case
unless you have few users and a ton (tens or hundreds of thousands) of
other types of objects. You would mention that though I
expect.
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Tuesday, October
03, 2006 8:39 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
thanks for the info,
how do I go about adding them to the GC? and, being a small network, do you see
any dramatic effect to doing that? in terms of replication I
mean.
Thanks
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Monday, October 02, 2006 11:56
PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
SFU30 is pretty old.
What you really should do is apply the Windows Server 2003 R2 Schema which
has the aux classes:
posixAccountposixGroup
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Monday, October 02,
2006 3:06 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Hi,
I have a Unix application that uses
LDAP queries.
The developer is telling me that 2
classes should be available in the GC (they need to query the whole forest
for some information)
The classes are msSFU30PosixAccount
and msSFU30PosixGroup. How do I add a whole class to the GC? I know how to add
an attribute, do I have to go attribute by
attribute?
We only have 200 users and no many
AD objects, is there a reason while I should not add those 2 classes, in terms
of replication I mean and for small network like
this.
Thanks
Rezuma | | | |
| RamonLinan
Posts:0
| | 10/03/2006 12:38 PM |
| thanks for the info, how do I go about adding them to the
GC? and, being a small network, do you see any dramatic effect to doing that? in
terms of replication I mean.
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
joeSent: Monday, October 02, 2006 11:56 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
SFU30 is pretty old. What you really should do is
apply the Windows Server 2003 R2 Schema which has the aux
classes:
posixAccountposixGroup
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Monday, October 02, 2006 3:06 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Hi,
I have a Unix
application that uses LDAP queries.
The developer is
telling me that 2 classes should be available in the GC (they need to query
the whole forest for some information)
The classes are
msSFU30PosixAccount and msSFU30PosixGroup. How do I add a whole class to the GC?
I know how to add an attribute, do I have to go attribute by
attribute?
We only have 200
users and no many AD objects, is there a reason while I should not add those 2
classes, in terms of replication I mean and for small network like
this.
Thanks
Rezuma | | | |
| RamonLinan
Posts:0
| | 10/04/2006 12:46 PM |
| pretty cool Joe!, thanks for the
info
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
joeSent: Tuesday, October 03, 2006 4:01 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
Yes. You have to mark each attribute you want in the GC to
be part of the PAS. Basically set the attribute isMemberOfPartialAttributeSet to
TRUE.
Ex:
G:\>admod -schema -rb cn=uid
isMemberOfPartialAttributeSet::TRUE
AdMod V01.07.00cpp Joe Richards (joe@xxxxxxxxxxx)
October 2006
DN Count: 1Using server:
r2dc2.test.loc:389Directory: Windows Server 2003Base DN:
cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc
Modifying specified objects... DN:
cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc...
The command completed successfully
To find out which attributes are involved, run
this
adfind -sc s:*posix* -af objectcategory=classschema
maycontain
the output should be something like
G:\>adfind -sc s:*posix* -af objectcategory=classschema
maycontain
AdFind V01.32.00cpp Joe Richards (joe@xxxxxxxxxxx)
October 2006
Using server: r2dc2.test.loc:389Directory: Windows
Server 2003Base DN:
CN=Schema,CN=Configuration,DC=test,DC=loc
dn:CN=PosixAccount,CN=Schema,CN=Configuration,DC=test,DC=loc>mayContain:
description>mayContain: gecos>mayContain:
loginShell>mayContain: unixUserPassword>mayContain:
userPassword>mayContain: homeDirectory>mayContain:
unixHomeDirectory>mayContain: gidNumber>mayContain:
uidNumber>mayContain: cn>mayContain: uid
dn:CN=PosixGroup,CN=Schema,CN=Configuration,DC=test,DC=loc>mayContain:
memberUid>mayContain: gidNumber>mayContain:
description>mayContain: unixUserPassword>mayContain:
userPassword>mayContain: cn
2 Objects returned
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Tuesday, October 03, 2006 2:16 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
I don't think I am making myself clear.
I already have those classes in the schema, I just want to
add the properties that those classes have to the global catalog so they
replicate throughout the forest, I don't need to install those classes in the
AD, I already did that.
Do I have to add attribute by attribute to the
GC?
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Thommes, Michael
M.Sent: Tuesday, October 03, 2006 1:18 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
Hi
Rezuma,
I suspect you might run into the same issue I had when I did the R2 forestprep
with SFU 3.5 (although you have the earlier SFU 3.0). If so, see the fixup
from Steve Linehan posted to this newsgroup on 8/7/06 (and my comment from
8/12/06).
Mike
Thommes
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Tuesday, October 03, 2006 11:25
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
You get the R2 CD and
do the forestprep, it will install the entire R2 schema which includes all of
those Unix interop classes and attributes. You do not really want to do this
manually or it could be troublesome later.
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Tuesday, October
03, 2006 11:53 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
We are using windows
2003 servers. But what I need is, to add those 2 classes that already exist in
the AD schema to the global catalog so they replicate through the GCs in
the forest. How do I add 2 whole classes with their attributes? changing
the "replicate this attribute in the global catalog" option attribute by
attribute?
Thanks
Rezuma
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Tuesday, October 03, 2006 11:25
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Modifying the schema
except for indexing or adding PAS attributes in a forest with Windows 2000
domain controllers is really a non-event when done properly with proper OIDs and
names. Indexing can work your DCs a little as the new indexes have to be created
but it depends on the attribs being indexed and what type of index is being
created on how much that will hit your DC. Usually I would say it is minimal
impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which
generates a considerable amount of replication. Simply, if you are running
Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has
been around for 3 years already and has a ton of AD enhancements. In a small
network like yours, I wouldn't expect even a small burp even in the worst case
unless you have few users and a ton (tens or hundreds of thousands) of
other types of objects. You would mention that though I
expect.
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Tuesday, October
03, 2006 8:39 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
thanks for the info,
how do I go about adding them to the GC? and, being a small network, do you see
any dramatic effect to doing that? in terms of replication I
mean.
Thanks
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Monday, October 02, 2006 11:56
PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
SFU30 is pretty old.
What you really should do is apply the Windows Server 2003 R2 Schema which
has the aux classes:
posixAccountposixGroup
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Monday, October 02,
2006 3:06 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Hi,
I have a Unix application that uses
LDAP queries.
The developer is telling me that 2
classes should be available in the GC (they need to query the whole forest
for some information)
The classes are msSFU30PosixAccount
and msSFU30PosixGroup. How do I add a whole class to the GC? I know how to add
an attribute, do I have to go attribute by
attribute?
We only have 200 users and no many
AD objects, is there a reason while I should not add those 2 classes, in terms
of replication I mean and for small network like
this.
Thanks
Rezuma | | | |
| listmail
Posts:454
| | 10/10/2006 10:33 AM |
| n/p Glad to assist.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Wednesday, October 04, 2006 8:47 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
pretty cool Joe!, thanks for the
info
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
joeSent: Tuesday, October 03, 2006 4:01 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
Yes. You have to mark each attribute you want in the GC to
be part of the PAS. Basically set the attribute isMemberOfPartialAttributeSet to
TRUE.
Ex:
G:\>admod -schema -rb cn=uid
isMemberOfPartialAttributeSet::TRUE
AdMod V01.07.00cpp Joe Richards (joe@xxxxxxxxxxx)
October 2006
DN Count: 1Using server:
r2dc2.test.loc:389Directory: Windows Server 2003Base DN:
cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc
Modifying specified objects... DN:
cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc...
The command completed successfully
To find out which attributes are involved, run
this
adfind -sc s:*posix* -af objectcategory=classschema
maycontain
the output should be something like
G:\>adfind -sc s:*posix* -af objectcategory=classschema
maycontain
AdFind V01.32.00cpp Joe Richards (joe@xxxxxxxxxxx)
October 2006
Using server: r2dc2.test.loc:389Directory: Windows
Server 2003Base DN:
CN=Schema,CN=Configuration,DC=test,DC=loc
dn:CN=PosixAccount,CN=Schema,CN=Configuration,DC=test,DC=loc>mayContain:
description>mayContain: gecos>mayContain:
loginShell>mayContain: unixUserPassword>mayContain:
userPassword>mayContain: homeDirectory>mayContain:
unixHomeDirectory>mayContain: gidNumber>mayContain:
uidNumber>mayContain: cn>mayContain: uid
dn:CN=PosixGroup,CN=Schema,CN=Configuration,DC=test,DC=loc>mayContain:
memberUid>mayContain: gidNumber>mayContain:
description>mayContain: unixUserPassword>mayContain:
userPassword>mayContain: cn
2 Objects returned
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ramon
LinanSent: Tuesday, October 03, 2006 2:16 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
I don't think I am making myself clear.
I already have those classes in the schema, I just want to
add the properties that those classes have to the global catalog so they
replicate throughout the forest, I don't need to install those classes in the
AD, I already did that.
Do I have to add attribute by attribute to the
GC?
Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Thommes, Michael
M.Sent: Tuesday, October 03, 2006 1:18 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users
network. Adding 2 classes to the GC
Hi
Rezuma,
I suspect you might run into the same issue I had when I did the R2 forestprep
with SFU 3.5 (although you have the earlier SFU 3.0). If so, see the fixup
from Steve Linehan posted to this newsgroup on 8/7/06 (and my comment from
8/12/06).
Mike
Thommes
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Tuesday, October 03, 2006 11:25
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
You get the R2 CD and
do the forestprep, it will install the entire R2 schema which includes all of
those Unix interop classes and attributes. You do not really want to do this
manually or it could be troublesome later.
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Tuesday, October
03, 2006 11:53 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
We are using windows
2003 servers. But what I need is, to add those 2 classes that already exist in
the AD schema to the global catalog so they replicate through the GCs in
the forest. How do I add 2 whole classes with their attributes? changing
the "replicate this attribute in the global catalog" option attribute by
attribute?
Thanks
Rezuma
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Tuesday, October 03, 2006 11:25
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Modifying the schema
except for indexing or adding PAS attributes in a forest with Windows 2000
domain controllers is really a non-event when done properly with proper OIDs and
names. Indexing can work your DCs a little as the new indexes have to be created
but it depends on the attribs being indexed and what type of index is being
created on how much that will hit your DC. Usually I would say it is minimal
impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which
generates a considerable amount of replication. Simply, if you are running
Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has
been around for 3 years already and has a ton of AD enhancements. In a small
network like yours, I wouldn't expect even a small burp even in the worst case
unless you have few users and a ton (tens or hundreds of thousands) of
other types of objects. You would mention that though I
expect.
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Tuesday, October
03, 2006 8:39 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
thanks for the info,
how do I go about adding them to the GC? and, being a small network, do you see
any dramatic effect to doing that? in terms of replication I
mean.
Thanks
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of joeSent: Monday, October 02, 2006 11:56
PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 200 users network.
Adding 2 classes to the GC
SFU30 is pretty old.
What you really should do is apply the Windows Server 2003 R2 Schema which
has the aux classes:
posixAccountposixGroup
joe
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ramon
LinanSent: Monday, October 02,
2006 3:06 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 200 users network.
Adding 2 classes to the GC
Hi,
I have a Unix application that uses
LDAP queries.
The developer is telling me that 2
classes should be available in the GC (they need to query the whole forest
for some information)
The classes are msSFU30PosixAccount
and msSFU30PosixGroup. How do I add a whole class to the GC? I know how to add
an attribute, do I have to go attribute by
attribute?
We only have 200 users and no many
AD objects, is there a reason while I should not add those 2 classes, in terms
of replication I mean and for small network like
this.
Thanks
Rezuma | | | |
|
|