Re: Very big infrastructure - Please help

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 02/12/05

  • Next message: Arch Willingham: "What policy sets HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\NameServer?" 
    Date: Sat, 12 Feb 2005 11:13:52 -0700

    I should have added . . .
    You need to be aware of where you execute and where
    the manipulated object lives.
    Ex. if executing on domain where group is and the
    principal to be added is elsewhere, you can get the
    principal with GC://, and use its DN stripped out
    from the AdsPath property, to add to the local group
    obtained with LDAP://
    Ex. if executing where principal is defined, to add
    to groups in other domains, you can use the ability
    of ADSI monikers to specify what server to bind to
    ldap://<server>/<dn-of-object> to get reference to
    the group
    Check the MSDN library docs on ADSI 

    -- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"anonymous" <anonymous@discussions.microsoft.com> wrote in message
news:DDF7A2FB-BCAA-40F0-AF6A-14A188ED5695@microsoft.com...
> Hello!
>
> Please help me with this : if i could do this I prove that Microsoft
> infrastructures can be managed very easy no matter how many chiild domains
> exists.
>
> I have a root domain and 200 child domains Windows 2000 SP4.
> 1)I must add a user from the root domain to Cert Publishers group on every
> child domain- to have  the property permission "write user certificate" on
> every child domain.How to do this with a script or anything else? .
> I found a script in Script Center but I want to run this script from a
> domain controller in root domain to be applied in all 200 child domains
but
> it doesn't work remote it adds only local user in the domain where is the
> server on which the script is executed. Error is  "Server is unwilling to
> process the request"
>
> Const ADS_PROPERTY_APPEND = 3
>
> Set objGroup = GetObject _
>     ("LDAP://cn=Atl-Users,cn=Users,dc=NA,dc=fabrikam,dc=com")
> objGroup.PutEx ADS_PROPERTY_APPEND, _
>     "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
> objGroup.SetInfo
>
> 2) I must add a permission property "write URL (Web page-Others) to a user
> in the root domain on all child domains.How to do this with a script or
> anything else?
>
> Please help me ,
> It's a very big problem
> Thank you in advance,
>
>
>
  • Next message: Arch Willingham: "What policy sets HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\NameServer?"

    Relevant Pages

    • Re: Very big infrastructure - Please help
      ... executing relative to where resides the object, ... instead of an ldap moniker try use of a gc moniker, ... > child domain- to have the property permission "write user certificate" on ... > every child domain.How to do this with a script or anything else? ...
      (microsoft.public.windows.group_policy)
    • Re: Please help...very big infrastructure
      ... I think your account must be a member Enterprise Admins to be able to ... Domain Admin in the root domain likely isn't enough. ... >every child domain.How to do this with a script or anything else? ...
      (microsoft.public.windows.server.scripting)
    • fork() and script execution afterwards
      ... Ive got a question about script execution after a fork() which I havnt been ... My question is, for each of the child processes that are spawned, I dont see ... avoid executing the top half of the script each time the child is spawned, ...
      (comp.lang.perl.misc)
    • Very big infrastructure - Please help
      ... 1)I must add a user from the root domain to Cert Publishers group on every ... child domain- to have the property permission "write user certificate" on ... every child domain.How to do this with a script or anything else? ... server on which the script is executed. ...
      (microsoft.public.windows.group_policy)
    • Very big problem-please help
      ... 1)I must add a user from the root domain to Cert Publishers group on every ... child domain- to have the property permission "write user certificate" on ... every child domain.How to do this with a script or anything else? ... server on which the script is executed. ...
      (microsoft.public.win2000.active_directory)