Re: Losing Delegated rights
From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 12/07/04
- Next message: Jeremey: "NTP Server and Mulitiple Time Zones"
- Previous message: dbouton_at_fuse.net: "GPO question about syncing"
- In reply to: Jan Vana: "Re: Losing Delegated rights"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 7 Dec 2004 09:42:17 -0700
Most likely, this is AdminSDHolder task stamping the SDs. See
http://support.microsoft.com/default.aspx?scid=kb;en-us;232199
-- Dmitri Gavrilov SDE, Active Directory Core This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Jan Vana" <jan.vana@gopas.cz> wrote in message news:eHvvOpG3EHA.2572@TK2MSFTNGP11.phx.gbl... > Peter Carroll wrote: > > Ok, it happened again. > > > > As far as auditing, what should I turn on? > > > > Thanks, > > > > Peter > > > > "Mark Renoden [MSFT]" wrote: > > > > > >>Hi Peter > >> > >>If it's now in a state where it's working, I can only really suggest > >>auditing as a means of catching the change. > >> > >>Kind regards > >>-- > >>Mark Renoden [MSFT] > >>Windows Platform Support Team > >>Email: markreno@online.microsoft.com > >> > >>Please note you'll need to strip ".online" from my email address to email > >>me; I'll post a response back to the group. > >> > >>This posting is provided "AS IS" with no warranties, and confers no rights. > >> > >>"Peter Carroll" <PeterCarroll@discussions.microsoft.com> wrote in message > >>news:E9E27A92-B942-48E0-B361-E82611633FC3@microsoft.com... > >> > >>>Mark, > >>> > >>>Thanks for the response > >>> > >>>It seems to happen randomly. It will be today, and not again for 7 months > >>>and then not again for 4 months. Its really weird. I don't think it is > >>>anyone messing with it. Not enough people here have access and would know > >>>how to do change it. > >>> > >>>The health of the environment seems ok. I don't get any errors with the > >>>UltraScan FRS monitor. I created the file and created a user and they all > >>>replicated within an Hour (or less) to all our remote sites. > >>> > >>>I was able to fix it, so it seems. I rebooted several of the domain > >>>controllers. So there must have been something that was not getting > >>>replicated and the reboot forced it. > >>> > >>>Peter > >>>"Mark Renoden [MSFT]" wrote: > >>> > >>> > >>>>Hi Peter > >>>> > >>>>Some clarification around "every few months" ... is it a constant > >>>>measurable > >>>>time frame or is it a random length of time that's around about a few > >>>>months? This would provide some indication of whether the cause is > >>>>software > >>>>or a person mucking around with things. Off the top of my head I can't > >>>>think of any kind of maintenance cycle within Windows that would cause > >>>>this. > >>>> > >>>>How's the health of the environment with respect to AD and FRS > >>>>replication? > >>>> > >>>>Simple test for AD health: create a user on a DC - how long does it take > >>>>to > >>>>replicate to all other DC's? > >>>> > >>>>Simple test for FRS health: create a text file in SYSVOL - how long does > >>>>it > >>>>take to replicate to all other DC's? > >>>> > >>>>You could also configure auditing in an attempt to catch the change in > >>>>permissions. > >>>> > >>>>Kind regards > >>>>-- > >>>>Mark Renoden [MSFT] > >>>>Windows Platform Support Team > >>>>Email: markreno@online.microsoft.com > >>>> > >>>>Please note you'll need to strip ".online" from my email address to email > >>>>me; I'll post a response back to the group. > >>>> > >>>>This posting is provided "AS IS" with no warranties, and confers no > >>>>rights. > >>>> > >>>>"Petercarroll" <anonymous@discussions.microsoft.com> wrote in message > >>>>news:63d901c4cb2d$2911b650$a601280a@phx.gbl... > >>>> > >>>>>Our help desk has been granted change password rights to > >>>>>an OU. Every few months, they seem to lose their rights > >>>>>to change passwords and I have to go in an re-delegate it. > >>>>> > >>>>>We are running Win2k3 w/all current SP's. > >>>>> > >>>>>Thanks, > >>>>> > >>>>>Peter > >>>> > >>>> > >>>> > >> > >> > In security policy select audit directory objects for success,failure > > then on the object which U want to audit rightclick, > properties>security>advanced, tab auditing, select groups and type of > audit U want to do.... > > hope this helps > > -- > Jan Vana | MCP Windows Server Systems > please let me know If my post works for you. Thanx
- Next message: Jeremey: "NTP Server and Mulitiple Time Zones"
- Previous message: dbouton_at_fuse.net: "GPO question about syncing"
- In reply to: Jan Vana: "Re: Losing Delegated rights"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
