Location: Home

Welcome

Welcome

You may have noticed that we've added a few changes to the site.  Yes a complete site re-write!  Hopefully the site navigation still appear somewhat similar to the old site.  If you need a hand in figuring where everything went then worry no more, just visit our site map.

If you notice anything we have missed during our migration, or may be a broken link then please get in touch, either through the mailing list or using the feedback form on the about page.

ActiveDir.org is the home of the Active Directory Discussions Mailing List which was started in January 2001 with the aim of providing a forum for discussing various aspects of Microsoft's Active Directory technology. Since then the list has grown to a membership of over 1000 subscribers and 3000 site members.  The list has become extremely active, and includes many of the foremost experts in Active Directory.

The focus here at ActiveDir.org is the mailing list, but we now also offer a range of useful resources (see left navigation options).

You can also share your knowledge and experience with the wider community by creating your own articles using the site's Wiki-style functionality.  Click here for more information.

What's happening on our Mailing List

What's happening on our Mailing List

  • PARRIS just posted 'Re: AD: Re: [ActiveDir] Clients Fail To Logon...Eventually!'

    A question I meant to ask last week, do you use your internet domain name as the name for your AD domain running in a split brain DNS scenario and perhaps your PC is going external to resolve internal addresses? Just a thought? Regards, ...

  • Chris-Dent just posted 'RE: [ActiveDir] ADDNS: Stub vs Forwarder'

    It would be... except the Microsoft DNS Client is a Stub Resolver, it is incapable of iterative resolution. I wish I could find an MS source for this, if I do I'll post it back. Chris From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDi...

  • danholme just posted 'RE: [ActiveDir] Large Single Forest/Single Domain DNS Growth'

    This summarizes a recommendation that arose out of consensus of a team of engineers I worked with: A critical requirement for system manageability is accurate DNS name resolution. This implies all types of records, but especially A, C...

  • rmscheck just posted 'Re: [ActiveDir] Large Single Forest/Single Domain DNS Growth'

    Thanks for the info!! I would love to hear more about disjointed namespaces and its impact on AD... For one, how can you have a machine joined to contoso.com, yet its DNS suffix be fabrikam.com.. Wont that cause all sorts of problems with dy...

  • listmail just posted 'RE: [ActiveDir] Large Single Forest/Single Domain DNS Growth'

    Ditto. The biggest environments (6 figure) I'm used to seem to use disjoint spaces with third pary DNS so the DNS management can be easily delegated to the local sites which is, for the most part, where the resources are managed. Overall t...

  • bdesmond just posted 'RE: [ActiveDir] Large Single Forest/Single Domain DNS Growth'

    So the DNS MMC UI sucks when you need to manage large volumes of records. Dnscmd however does the job, as does nslookup. You have to understand the output of nslookup in particular to make it (and dnscmd) a suitable replacement for the MMC. If you ne...

  • danholme just posted 'RE: [ActiveDir] Large Single Forest/Single Domain DNS Growth'

    I can speak for two of my big (five figure user base) clients who have single domain/forest topologies, and they use MS DNS with great success. Having a "disjointed" DNS (which one other client has), in which clients receive DNS suffices ...

  • rmscheck just posted '[ActiveDir] Large Single Forest/Single Domain DNS Growth'

    Hi there again.. While striving to maintain a global single forest/single domain topology in the effort of keeping it simple; I am wondering what are the limitations behind having a single DNS zone for something like this? Say you get to an ob...

  • Gil just posted 'RE: [ActiveDir] OT: How to control the proliferation of unintended user access to information'

    Providing a set of template users (basically a user representing a role) is a step in the right direction, but it leaves so many things undone, particularly deprovisioning and exception handling. It also leaves all the responsibility for managing ent...

  • davewade just posted 'RE: [ActiveDir] OT: How to control the proliferation of unintended user access to information'

    I think that using "template" users might help, So that you have to define rolls and responsibilities, and you never "clone" an existing user, you only ever clone roles. Then when a new person starts they get the rights appropriate to the base role. ...

Join in the fun by subscribing here

New Stuff

New Stuff

List Avatars... did you know... - Thursday, January 24, 2008

If you are feeling particularly expressive you can assign a picture to be displayed next to each post you make to the mailing list.  How?  Login to the site, visit the List Archives tab, hit 'My Profile', at the bottom of the page hit 'Edit Profile' and there you can either upload a picture or link to an existing picture of yourself and however you want to be represented.

 

Search the Archives is now available - Monday, January 14, 2008

Yes we finally got around to it.  It's now possible to search the archives.  Its fully text indexed so you should be able to find what it is you are looking for.

To access the search function, click on Advanced Search beneath the normal Site Search button.  (You must have javascript enabled in your browser to Search).

 read more ...

Latest Articles

Latest Articles

LDAP tips #3: Searching for Computers
Author: Tony Murray :: Date: Thursday, September 25, 2008 10:57 PM
Categories: Active Directory, Tips and Tricks

This article is the third in a series providing tips for common LDAP searches.

Multiple Domain Forests: Still a Valid Design Model?
Author: Tony Murray :: Date: Monday, July 21, 2008 2:52 PM
Categories: Active Directory, Windows Server
On the ActiveDir.org list there has been some good discussion about whether the multi-domain forest is still considered a valid design option. This article attempts to crystallise the discussion for use as a reference for those involved with the design or review of forest models.
 
The general consensus is that single domain forests are now the preferred design option for all but the most marginal cases. Note that this does not preclude the use of multiple forests within a single organisation. For example, the use of the Exchange Resource forest in environments that have a distributed NOS architecture but a centralised messaging architecture is common in larger organisations.
Bulk Updates to Active Directory User Attributes
Author: David Wiseman :: Date: Thursday, June 12, 2008 3:52 PM
Categories: Active Directory

Describes how to make bulk updates to Active Directory User Attributes using freeware tools (from WiseSoft.co.uk).

How to Enable, Disable and Maintain OCS 2007 (Office Communications Server) User Attributes using VBScript.
Author: Matty Holland :: Date: Thursday, May 15, 2008 4:51 PM
Categories: Active Directory, Scripting

This script will enable and configure Active Directory users for OCS 2007.  This is an updated version of the re-written LCS reskit script published in article: How to Enable, Disable and Maintain LCS (Live Communications Server) User Attributes using VBScript.

How to delete corrupt mail items with MFCMAPI
Author: Alexei Segundo :: Date: Tuesday, April 22, 2008 12:58 AM
Categories: Exchange
I recently encountered a situation where Outlook could not open two emails within a mailbox located within an Exchange mail store. Not only could I not open the items, I couldn’t move or delete them either. It was frustrating as it was causing some problems for an email archiving product. 
 
I eventually managed to delete the two emails using the MFCMAPI tool. This article explains the method used and provides screenshots to guide you through the process.
Tracking LDAP Searches with Windows Server 2008 Reliability and Performance Monitor
Author: Tony Murray :: Date: Tuesday, February 26, 2008 4:39 PM
Categories: Active Directory, Windows Server

Windows Server 2008 ships with the Reliability and Performance Monitor (RPM) snap-in.  On DCs, RPM incorporates an Active Directory Diagnostics feature that includes the abilility to track LDAP searches against a DC.  The amount of information captured can be very useful when troubleshooting LDAP issues.

This article provides a step by step guide on how to use RPM to track LDAP searches.

Making bulk changes to Active Directory users with ADModify.NET
Author: SuperUser Account :: Date: Tuesday, December 18, 2007 5:09 PM
Categories: Active Directory

Provides a step-by-step tutorial of how to make bulk changes using the ADModify tool

ADMT v3 sets the "User must change password at next logon flag" on migrated user objects
Author: SuperUser Account :: Date: Tuesday, December 18, 2007 5:03 PM
Categories: Active Directory

This article describes an unexpected behaviour of ADMT v3 and how to work around it.

How to authenticate to Active Directory from Cisco IOS
Author: SuperUser Account :: Date: Tuesday, December 18, 2007 5:00 PM

This article describes the steps necessary to setup authentication and authorization to Active Directory from a Cisco device running IOS.

How to remove the Shared Folders feature of VMWare Tools
Author: SuperUser Account :: Date: Tuesday, December 18, 2007 4:54 PM
Categories: Active Directory

There are known problems with performing certain Active Directory tasks with DCs running on VMWare, such as DC promotion and trust establishment. This article provides instructions on how to remove the shared folder feature, which is part of VMWare Tools.

Friends

Friends

Namescape
AdventNet Banner
Copyright 2008 ActiveDir.org
Terms Of Use