Re: Very big infrastructure - Please help

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 02/12/05 

Date: Sat, 12 Feb 2005 11:04:14 -0700

Your post is a little sketchy as to just where you are
executing relative to where resides the object, but
instead of an ldap moniker try use of a gc moniker,
i.e. start with gc:// instead of ldap:// to get reference
to object defined in different domain of forest from
domain of execution.
Also, sometimes you need to use the reference to get
the sid, and then add to the group with the sid, but if
all are uplevel domains then adding with the AdsPath
should be sufficient. 

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"anonymous" <anonymous@discussions.microsoft.com> wrote in message
news:DDF7A2FB-BCAA-40F0-AF6A-14A188ED5695@microsoft.com...
> Hello!
>
> Please help me with this : if i could do this I prove that Microsoft
> infrastructures can be managed very easy no matter how many chiild domains
> exists.
>
> I have a root domain and 200 child domains Windows 2000 SP4.
> 1)I must add a user from the root domain to Cert Publishers group on every
> child domain- to have  the property permission "write user certificate" on
> every child domain.How to do this with a script or anything else? .
> I found a script in Script Center but I want to run this script from a
> domain controller in root domain to be applied in all 200 child domains
but
> it doesn't work remote it adds only local user in the domain where is the
> server on which the script is executed. Error is  "Server is unwilling to
> process the request"
>
> Const ADS_PROPERTY_APPEND = 3
>
> Set objGroup = GetObject _
>     ("LDAP://cn=Atl-Users,cn=Users,dc=NA,dc=fabrikam,dc=com")
> objGroup.PutEx ADS_PROPERTY_APPEND, _
>     "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
> objGroup.SetInfo
>
> 2) I must add a permission property "write URL (Web page-Others) to a user
> in the root domain on all child domains.How to do this with a script or
> anything else?
>
> Please help me ,
> It's a very big problem
> Thank you in advance,
>
>
>

Relevant Pages

  • Re: Very big infrastructure - Please help
    ... if executing where principal is defined, ... > 1)I must add a user from the root domain to Cert Publishers group on every ... > child domain- to have the property permission "write user certificate" on ... > every child domain.How to do this with a script or anything else? ...
    (microsoft.public.windows.group_policy)
  • fork() and script execution afterwards
    ... Ive got a question about script execution after a fork() which I havnt been ... My question is, for each of the child processes that are spawned, I dont see ... avoid executing the top half of the script each time the child is spawned, ...
    (comp.lang.perl.misc)
  • Re: trying to understand fork and wait
    ... old habits based on learning to script in REXX on the ... > the child reads it. ... situation for me (drop through to bottom/go back to top of loop). ... just to keep a hold of the exit code. ...
    (comp.lang.perl.misc)
  • Re: Questions about perl daemons with child processes and open files / signals
    ... running as daemon which launch a child process. ... I need to run a perl script as a daemon. ... tcpdump output, but I decided to use a pipe ... the parent process. ...
    (comp.lang.perl.misc)
  • Heirarchical path to the net
    ... traced the path of a net from child or leaf cell to the parent. ... script was run and it used .sch files(we use Calibre, ... Why the script traced up is because some signals have fan outs. ... hiCreateAppForm( ...
    (comp.cad.cadence)