Location: Home

Welcome

Welcome

ActiveDir.org is the home of the Active Directory Discussions Mailing List which was started in January 2001 with the aim of providing a forum for discussing various aspects of Microsoft's Active Directory technology. Since then the list has grown to a membership of over 1000 subscribers and 3000 site members.  The list has become extremely active, and includes many of the foremost experts in Active Directory.

The focus here at ActiveDir.org is the mailing list, but we now also offer a range of useful resources (see left navigation options).

You can also share your knowledge and experience with the wider community by creating your own articles using the site's Wiki-style functionality.  Click here for more information.

What's happening on our Mailing List

What's happening on our Mailing List

  • gilvicente.araujo just posted 'Re: [ActiveDir] Check Duplicate EmployeeID field'

    Thanks All, Finishing, The Final Vbscript Code. dim oVar, oUsr, tmp, title, text1   set oVar = wscript.arguments   set oUsr = getobject(oVar(0))   title = "Cadastro do CPF"   text1 = "CPF Atual: " & oUsr.employeeID & vbcrlf & vbcrlf & "Informe o CP...

  • Techman06 just posted 'RE: [ActiveDir] Curiosity - DNS and DHCID'

    Windows "machines" automatically update their own host records without any help from DHCP even if they get their IP address from DHCP. Non-Windows hosts don't have the ability to do this so DHCP adds the host record for them if the default options a...

  • Techman06 just posted 'RE: [ActiveDir] DNS Records loading slowly in win 2008 R2'

    I would have to do some additional checking but Brian may be on to something. Server 2008 by default uses port 9389 for AD DNS queries. Server 2008R2 introduced DNS Socket Pooling which effectively uses random ports to query DNS requests. Unless y...

  • Jithendra just posted 'Re: [ActiveDir] DNS Records loding slowly in win 2008 R2'

    Yes it’s an AD integrated DNS server, all are active records (and Scavenging is also enabled) Coming back to the issue, this happens in any windows 2008R2 domain controller (logged-in locally) or in my windows 7 client (which I have a local...

  • sl just posted 'Re: [ActiveDir] DNS Records loding slowly in win 2008 R2'

    I've got ~60K in the main production zone and Windows 2003 MMC displays the zone records in just over a minute, roughly same time as using RSAD on W7. Jithendra the OT didn't clearly state whether he's accessing same DNS server (indicating M...

  • BrianB just posted 'Re: [ActiveDir] DNS Records loding slowly in win 2008 R2'

    70 k does not sound like that much. If we were using ADDNS, I am sure it would be more than that. I am told by some MS folks that there are much larger orgs. Using ADDNS without the trouble. Is the issue with the DNS console or with DNS itself. I ...

  • rmscheck just posted 'Re: [ActiveDir] DNS Records loding slowly in win 2008 R2'

    I dunno.. is 70K really ridiculous? anyone have an environment with that sort of number? I've 20-30K meeself... I dont recall them having issues then, but now you got me going... On Wed, Feb 1, 2012 at 2:42 AM, Jeremy Saunders <...

  • Bitzie just posted '[ActiveDir] Lion update out'

    http://support.apple.com/kb/HT5048 * _Directory Services_ * Improve binding to read-only Active Directory Domain Controllers * Improve binding and login speed for Active Directory users in a domain whose name ends in ".local" * Imp...

  • kurtbuff just posted '[ActiveDir] Curiosity - DNS and DHCID'

    All, This isn't terribly important, but I'm still curious about it, and after perusing RFC 4701 I still have a question about it. I was adding a host statically to DNS, and noticed that only a few of my hosts (some with static or DHCP reserve...

  • robertsingers just posted 'RE: [ActiveDir] collapsing two domains into 1 domain'

    Here are some things for your consideration 1. How healthy are the domains? 2. Does either of the existing domains constitute an appropriate or neutral namespace for the organisation going forward? 3. Have a consistent, a...

Join in the fun by subscribing here

New Stuff

New Stuff

List Avatars... did you know... - Thursday, January 24, 2008

If you are feeling particularly expressive you can assign a picture to be displayed next to each post you make to the mailing list.  How?  Login to the site, visit the List Archives tab, hit 'My Profile', at the bottom of the page hit 'Edit Profile' and there you can either upload a picture or link to an existing picture of yourself and however you want to be represented.

 

Search the Archives is now available - Monday, January 14, 2008

Yes we finally got around to it.  It's now possible to search the archives.  Its fully text indexed so you should be able to find what it is you are looking for.

To access the search function, click on Advanced Search beneath the normal Site Search button.  (You must have javascript enabled in your browser to Search).

 read more ...

Latest Articles

Latest Articles

Powershell 2.0 script to bulk create test user accounts
Author: Tony Murray :: Date: Monday, November 09, 2009 10:35 PM
Categories: Active Directory, Scripting, Windows Server

This script uses Powershell 2.0 with the Windows Server 2008 R2 Active Directory service provider and CMDlets.  Use the script to bulk create test user objects in AD.


How do I get to my external website when my AD domain internal name is the same as my external name? Or From inside the office, I can't get to http://domain.com, but can using http://www.domain.com after creating an "A" 'www' record.
Author: Ace Fekay :: Date: Monday, July 06, 2009 10:51 PM
Categories: Active Directory, Tips and Tricks, DNS

Is your internal domain name and external domain name the same? If so, it's called a split zone.

This is a common dilemma resulting when the internal AD name and the external public names are the same. Users inside the office, including VPN users connected from an external location to the office, cannot get to their externally hosted website.



 


Considerations when using a domain-based service account with AD LDS
Author: Tony Murray :: Date: Monday, April 13, 2009 9:39 PM
Categories: Active Directory, Tips and Tricks, Windows Server

When creating an AD LDS instance you are prompted to specify an account to use as the service account. At this point you can specify either the Network Service account or another account. Unless you have a particular need, you should choose the built-in Network Service account. If you opt for a domain-based service account you have to jump through a whole lot of hoops to get things working. Also, you typically end up giving your domain-based service account more permissions than are strictly necessary (as described later in this article). The Network Service account on the other hand provides an easy set up option and is a good choice from a security perspective given that the account has limited access to the local computer.

 
 
 
So why bother to use a domain-based service account at all? Well, if you have a number of services on your server all running under the context of the Network Service account there is potential for security compromise. In this scenario you may want to consider isolating the services from each other using dedicated service accounts.
 
What follows is a discussion of the steps required to configure AD LDS to use a domain-based service account.

Vbscript to determine domain and forest functional levels
Author: Alexei Segundo :: Date: Wednesday, April 08, 2009 7:09 PM
Categories: Active Directory, Scripting

This script was created to help when raising domain and forest functional levels, especially in larger environments. The script uses an authoritative DC to enumerate all the DCs in the forest. Each DC is then contacted in turn to determine what it thinks is the current domain and forest functional level. The goal is to ensure that the information is consistent across DCs before raising the functional level, and to ensure that replication distributes the changes successfully after raising the functional level.


The (Almost) Definitive Active Directory Blogroll
Author: Tony Murray :: Date: Saturday, November 01, 2008 8:42 PM
Categories: Active Directory

I subscribe to a number of Blogs with Active Directory content. As it took me a while to accumulate the list, I thought I would share it here.

Let me know if I have missed any out there that should be on this list.


LDAP tips #3: Searching for Computers
Author: Tony Murray :: Date: Thursday, September 25, 2008 10:57 PM
Categories: Active Directory, Tips and Tricks

This article is the third in a series providing tips for common LDAP searches.


Multiple Domain Forests: Still a Valid Design Model?
Author: Tony Murray :: Date: Monday, July 21, 2008 2:52 PM
Categories: Active Directory, Windows Server
On the ActiveDir.org list there has been some good discussion about whether the multi-domain forest is still considered a valid design option. This article attempts to crystallise the discussion for use as a reference for those involved with the design or review of forest models.
 
The general consensus is that single domain forests are now the preferred design option for all but the most marginal cases. Note that this does not preclude the use of multiple forests within a single organisation. For example, the use of the Exchange Resource forest in environments that have a distributed NOS architecture but a centralised messaging architecture is common in larger organisations.

Bulk Updates to Active Directory User Attributes
Author: David Wiseman :: Date: Thursday, June 12, 2008 3:52 PM
Categories: Active Directory

Describes how to make bulk updates to Active Directory User Attributes using freeware tools (from WiseSoft.co.uk).


How to Enable, Disable and Maintain OCS 2007 (Office Communications Server) User Attributes using VBScript.
Author: Matty Holland :: Date: Thursday, May 15, 2008 4:51 PM
Categories: Active Directory, Scripting

This script will enable and configure Active Directory users for OCS 2007.  This is an updated version of the re-written LCS reskit script published in article: How to Enable, Disable and Maintain LCS (Live Communications Server) User Attributes using VBScript.


How to delete corrupt mail items with MFCMAPI
Author: Alexei Segundo :: Date: Tuesday, April 22, 2008 12:58 AM
Categories: Exchange
I recently encountered a situation where Outlook could not open two emails within a mailbox located within an Exchange mail store. Not only could I not open the items, I couldn’t move or delete them either. It was frustrating as it was causing some problems for an email archiving product. 
 
I eventually managed to delete the two emails using the MFCMAPI tool. This article explains the method used and provides screenshots to guide you through the process.

Copyright 2009 ActiveDir.org
Terms Of Use