Re: Loss of attribute values
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 14 May 2008 17:07:09 -0500
I think you can do it with repadmin. As a programmer, I tend to do these
things the "programmer" way (via an LDAP query in this case), but repadmin
sounds like the right admin tool for this. Someone else can likely confirm.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Steve C" <Steve C@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6FE40D5A-E0BF-4CB6-8C7B-CC0CCC04C257@xxxxxxxxxxxxxxxx
Would this be using the repadmin tool? I haven't used that before, but
will
check it out. Hopefully the history data is still there.
Thanks
"Joe Kaplan" wrote:
You could also check the replication metadata and see when the change
happened and where it originated from. That may or may not provide any
useful info though.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:uBEa8IctIHA.2188@xxxxxxxxxxxxxxxxxxxxxxx
The only thing that pops into mind for me is adminSDHolder. This
attribute resets ACL's but I am not aware of it resetting other
attributes, but take a look at an article by a former MVP and current
Microsoft employee.
http://www.msresource.net/knowledge_base/articles/info:_protected_groups_and_the_adminsdholder_object.html
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Steve C" <Steve C@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DD36281D-D365-4268-92E7-1DF9359A3080@xxxxxxxxxxxxxxxx
We run a large SQL Server environment and rely on delegation to make
our
Linked Server connections work. To do this, we must manually add
enties
to
the ServicePrincipalName attribute for the account under which our SQL
Servers run. Randomly, one or more entries will just disappear from
the
attribute and cause our linked server connections to fail. This past
weekend,
2 SQL instances from the same server (which actually hosts 5
instances)
disappeared. Last night the entry for a different server disappeared.
I
re-add the entry using ADSIEdit (I could use SetSPN, too) and all is
well
for
that server.
I know that no one on my team is going in and changing/deleting
entries.
Any
ideas where to start looking? Is there some kind of auditing I can
turn
on
that won't bring my AD to its knees? Any specific diags I should be
running
to pick up corruption issues?
Thanks
.
- Follow-Ups:
- Re: Loss of attribute values
- From: Paul Bergson [MVP-DS]
- Re: Loss of attribute values
- References:
- Loss of attribute values
- From: Steve C
- Re: Loss of attribute values
- From: Paul Bergson [MVP-DS]
- Re: Loss of attribute values
- From: Joe Kaplan
- Re: Loss of attribute values
- From: Steve C
- Loss of attribute values
- Prev by Date: Re: ADFS Identity Single Sign On Identity
- Next by Date: Re: User rights
- Previous by thread: Re: Loss of attribute values
- Next by thread: Re: Loss of attribute values
- Index(es):
Relevant Pages
|
