Re: Loss of attribute values

Would this be using the repadmin tool? I haven't used that before, but will
check it out. Hopefully the history data is still there.

Thanks

"Joe Kaplan" wrote:

You could also check the replication metadata and see when the change
happened and where it originated from. That may or may not provide any
useful info though.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:uBEa8IctIHA.2188@xxxxxxxxxxxxxxxxxxxxxxx
The only thing that pops into mind for me is adminSDHolder. This
attribute resets ACL's but I am not aware of it resetting other
attributes, but take a look at an article by a former MVP and current
Microsoft employee.

http://www.msresource.net/knowledge_base/articles/info:_protected_groups_and_the_adminsdholder_object.html

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Steve C" <Steve C@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DD36281D-D365-4268-92E7-1DF9359A3080@xxxxxxxxxxxxxxxx
We run a large SQL Server environment and rely on delegation to make our
Linked Server connections work. To do this, we must manually add enties
to
the ServicePrincipalName attribute for the account under which our SQL
Servers run. Randomly, one or more entries will just disappear from the
attribute and cause our linked server connections to fail. This past
weekend,
2 SQL instances from the same server (which actually hosts 5 instances)
disappeared. Last night the entry for a different server disappeared. I
re-add the entry using ADSIEdit (I could use SetSPN, too) and all is well
for
that server.
I know that no one on my team is going in and changing/deleting entries.
Any
ideas where to start looking? Is there some kind of auditing I can turn
on
that won't bring my AD to its knees? Any specific diags I should be
running
to pick up corruption issues?

Thanks





.

Relevant Pages

  • error from federation server proxy
    ... the application is not opening and going to federation server ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDAPS connection error on 636
    ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... No suitable default server credential exists on this system. ... The cert s issued from VeriSign and I instaled per the directionsof the KB ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDAPS connection error on 636
    ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... No suitable default server credential exists on this system. ... The cert s issued from VeriSign and I instaled per the directionsof the ...
    (microsoft.public.windows.server.active_directory)
  • Re: using xp credentials for ldap authentication
    ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... password into this method and have the server use that data to ... authenticate the xpuser againts active directory. ...
    (microsoft.public.windows.server.security)
  • Re: Integrated Windows Authentication Timeout?
    ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I'd suggest bumping up the auditing on both the web server and SQL ... Integrated Windows Authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)