Best practice for Active Directory User Templates regarding Distribution Lists

Hello All
I am looking to implement Active Directory User templates for each department in the company to make the process of creating user accounts for new employees easier. Currently when a user is created a current user's Active directory account is copied, but
this has led to problems with new employees being added to groups which they should not be a part of.
I have attempted to implement this in the past but ran into an issue regarding Distribution Lists. I would like to set up template users with all group memberships that are needed for the department, including distribution lists. Previously I set this up
but received complaints from users who would send e-mail to distribution lists the template accounts were members of.
When sending an e-mail to the distribution list with a member template user, users received an error because the template account does not have an e-mail address.
What is the best practice regarding template user accounts as it pertains to distribution lists? It seems like I will have to create a mailbox for each template user but I can't help but feel there is a better way to avoid this problem. If a mailbox is created
for each template user, it will prevent the error messages users were receiving, but messages will simply build up in these mailboxes. I could set a rule for each one that deletes messages, but again I feel like there is a better way which I haven't thought
of.
Has anyone come up with a better method of doing this?
Thank you

You can just add arbitrary email (not a mailbox) to all your templates and it should solve the problem with errors when sending emails to distribution lists.
If you want to further simplify your user creation process you can have a look at Adaxes (consider it's a third-party app). If you want to use templates, it gives you a slightly better way to do that (http://www.adaxes.com/tutorials_WebInterfaceCustomization_AllowUsingTemplatesForUserCreation.htm)
and it also can automatically perform tasks such as mailbox creation for newly created users (http://www.adaxes.com/tutorials_AutomatingDailyTasks_AutomateExchangeMailboxesCreationForNewUsers.htm).
Alternatively you can abandon templates at all and use customizable condition-based rules to automatically perform all the needed tasks on user creation such as OU allocation, group membership assignment, mailbox creation, home folder creation, etc. based on
the factors you predefine for them.

Similar Messages

Setting disk quota on Mac server for Active Directory users

I'm having trouble setting disk quotas for Active Directory users with home folders on our Mac server.
I've enabled disk quotas on the disk I'm putting home folders on, and I can set disk quotas for local users on the server just fine. But it doesn't seem to work for Active Directory users. I've tried setting disk quotas via Workgroup Manager and via the command line using edquota. But when I use the repquota command there is no quota entry for the AD user. I've run quotacheck and that didn't help either.
I also understand there's a setquota command but there's no man page on how that works.
Has anyone got disk quota for AD users working.
Better still has someone got a shell or perl script for setting quotas they could post.
Thanks
- Cameron

sorry.. I am soooooo stupid... I have to activate "File Sharing" as well.. for the user everything was already pre-activated, not for the AD users, I just saw the Time Machine checkbox grayed out ...

Best practices for setting up users on a small office network?

Hello,
I am setting up a small office and am wondering what the best practices/steps are to setup/manage the admin, user logins and sharing privileges for the below setup:
Users: 5 users on new iMacs (x3) and upgraded G4s (x2)
Video Editing Suite: Want to connect a new iMac and a Mac Pro, on an open login (multiple users)
All machines are to be able to connect to the network, peripherals and external hard drive. Also, I would like to setup drop boxes as well to easily share files between the computers (I was thinking of using the external harddrive for this).
Thank you,

Hi,
Thanks for your posting.
When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
For more and detail information, please refer to:
Best Practices for Adding Domain Controllers in Remote Sites
http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
Regards.
Vivian Wang

Best Practice for Deleted AD Users

In our environment, we are not using AD groups. Users are being added individually. We are running User Profile Service but I am aware that when a user is deleted in AD, they stay in the content database in the UserInfo table so that some metadata can be
retained (created by/modified by/etc).
What are best practices for whether or not to get rid of them from the content database(s)?
What do some of you consultants/admins out there do about this? It was brought up as a concern to me that they are still being seen in some list permissions/people picker, etc.
Thank you!

Personally I would keep them to maintain metadata consistency (Created By etc as you say). I've not had it raised as a concern anywhere I've worked.
However, there are heaps of resources online to delete such users (even in bulk via Powershell). As such, I am unaware of cases of deleting them causing major problems.
w: http://www.the-north.com/sharepoint | t: @JMcAllisterCH | YouTube: http://www.youtube.com/user/JamieMcAllisterMVP

SMB access for Active Directory users

Hi there,
My server is an OD Master bound to AD for authentication and my institution's Kerberos realm.
When I try to share files from the server via SMB and connect as an Active Directory user I get the following error in the logs:
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parse_name(myserver$) failed (Configuration file does not specify default realm)
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
I've read something vague about having to Kerberize the SMB service seperately so I'm not sure if that's the problem.
My smb.conf file is as follows:
; Configuration file for the Samba software suite.
; ============================================================================
; For the format of this file and comprehensive descriptions of all the
; configuration option, please refer to the man page for smb.conf(5).
; The following configuration should suit most systems for basic usage and
; initial testing. It gives all clients access to their home directories and
; allows access to all printers specified in /etc/printcap.
; BEGIN required configuration
; Parameters inside the required configuration block should not be altered.
; They may be changed at any time by upgrades or other automated processes.
; Site-specific customizations will only be preserved if they are done
; outside this block. If you choose to make customizations, it is your
; own responsibility to verify that they work correctly with the supported
; configuration tools.
[global]
debug pid = yes
log level = 1
server string = Mac OS X
printcap name = cups
printing = cups
encrypt passwords = yes
use spnego = yes
passdb backend = odsam
idmap domains = default
idmap config default: default = yes
idmap config default: backend = odsam
idmap alloc backend = odsam
idmap negative cache time = 5
map to guest = Bad User
guest account = nobody
unix charset = UTF-8-MAC
display charset = UTF-8-MAC
dos charset = 437
vfs objects = darwinacl,darwin_streams
; Don't become a master browser unless absolutely necessary.
os level = 2
domain master = no
; For performance reasons, set the transmit buffer size
; to the maximum and enable sendfile support.
max xmit = 131072
use sendfile = yes
; The darwin_streams module gives us named streams support.
stream support = yes
ea support = yes
; Enable locking coherency with AFP.
darwin_streams:brlm = yes
; Core files are invariably disabled system-wide, but attempting to
; dump core will trigger a crash report, so we still want to try.
enable core files = yes
; Configure usershares for use by the synchronize-shares tool.
usershare max shares = 1000
usershare path = /var/samba/shares
usershare owner only = no
usershare allow guests = yes
usershare allow full config = yes
; Filter inaccessible shares from the browse list.
com.apple:filter shares by access = yes
; Check in with PAM to enforce SACL access policy.
obey pam restrictions = yes
; Don't be trying to enforce ACLs in userspace.
acl check permissions = no
; Make sure that we resolve unqualified names as NetBIOS before DNS.
name resolve order = lmhosts wins bcast host
; Pull in system-wide preference settings. These are managed by
; synchronize-preferences tool.
include = /var/db/smb.conf
[printers]
comment = All Printers
path = /tmp
printable = yes
guest ok = no
create mode = 0700
writeable = no
browseable = no
; Site-specific parameters can be added below this comment.
; END required configuration.
Any help would be much appreciated!!
Thanks.

I am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
[2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
Not feeling the Mac OS X love tonight.
Bill
System is bound to active directory - green light in Directory Utility

Outlook 2003 mail delivery failed for Active Directory user

Server 2003/Exchange2003
We are using an outside company (Integra) to handle our email and only use Exchange for shared archived email.
When configuring active directory users the wizard automatically sets up email entries in the format: [email protected]
When responding to a meeting invite from outlook to a local AD user, all users receive undeliverable messages for the accounts in the format [email protected] as below...
The example below was a bounce back when I accepted the invite. The invite shows up on my calendar just fine.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected]
    Unrouteable address
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from wsip-70-166-120-183.ph.ph.cox.net ([70.166.120.183] helo=PK01)
   by arelay1 with esmtpa (Exim 4.72)
   (envelope-from <[email protected]>)
   id 1W8D9b-0001kB-24
   for [email protected]; Tue, 28 Jan 2014 10:12:56 -0800
From: "Kevin Simmons" <[email protected]>
To: "miguel saucedo" <[email protected]>
Subject: Accepted: Miguel Chaperone School
Date: Tue, 28 Jan 2014 11:13:05 -0700
Message-ID: <398EA47278F54C9FA9CFFB725FD6C079@PK01>
MIME-Version: 1.0
Content-Type: text/calendar; method=REPLY;
   charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Ac8cSpjUhKBGTbBKQt+PScNbb6MWwAABfTJgAABJyYAAALiiEA==
X-MimeOLE: Produced By Microsoft MimeOLE V6.3.9600.16384
BEGIN:VCALENDAR
PRODID:-//Microsoft Corporation//Outlook 11.0 MIMEDIR//EN VERSION:2.0 METHOD:REPLY BEGIN:VEVENT ORGANIZER:MAILTO:/o=PKArchitects/ou=First Administrative
Group/cn=Recipients/cn=miguel
DTSTART:20140206T070000Z
DTEND:20140208T070000Z
LOCATION:Flagstaff
TRANSP:OPAQUE
SEQUENCE:3
UID:040000008200E00074C5B7101A82E00800000000102573EC0F1CCF010000000000000000100
0000037C3D09157000340AA5D3F23F6A60078
DTSTAMP:20140128T181305Z
SUMMARY:Accepted: Miguel Chaperone School
PRIORITY:5
X-MICROSOFT-CDO-IMPORTANCE:1
CLASS:PUBLIC
ATTENDEE;PARTSTAT=ACCEPTED:MAILTO:[email protected]
END:VEVENT
END:VCALENDAR

Well it looks like none of our outlook installations actually are accessing the exchange email, nor are we able to send to those email addresses even though they exist. I have 2 email inboxes in Outlook, 1 is the Integra inbox - works fine. The
other is called Mailbox - UserName - populated with folder that are and always have been empty. If I send an email to myself at [email protected] I get the following bounce back.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected]
    Unrouteable address
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from wsip-70-166-120-183.ph.ph.cox.net ([70.166.120.183] helo=PK01)
   by arelay2.integra.engr with esmtpa (Exim 4.72)
   (envelope-from <[email protected]>)
   id 1WBtMM-0005N1-Gr
   for [email protected]; Fri, 07 Feb 2014 13:53:18 -0800
Reply-To: <[email protected]>
From: "Kevin Simmons" <[email protected]>
To: <[email protected]>
Subject: test
Date: Fri, 7 Feb 2014 14:53:18 -0700
Message-ID: <F708D49EB6A64BE69891BF9C7B528529@PK01>
MIME-Version: 1.0
Content-Type: multipart/related;
   boundary="----=_NextPart_000_0050_01CF2414.572804A0"
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Ac8kTwKRc8hlRKNXSlye9E4r5UyfJQ==
X-MimeOLE: Produced By Microsoft MimeOLE V6.3.9600.16384
This is a multi-part message in MIME format.
------=_NextPart_000_0050_01CF2414.572804A0
Content-Type: multipart/alternative;
   boundary="----=_NextPart_001_0051_01CF2414.572804A0"
------=_NextPart_001_0051_01CF2414.572804A0
Content-Type: text/plain;
   charset="us-ascii"
Content-Transfer-Encoding: 7bit
test
Thanks!
Kevin Simmons
Project Manager
4515 S McClintock Dr. Suite 206
Tempe, Arizona 85282
p 602 283 1620
f 602 283 1621
c 480 702 9687
[email protected]
------=_NextPart_001_0051_01CF2414.572804A0
Content-Type: text/html;
   charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Dus-ascii" = http-equiv=3DContent-Type> <META name=3DGENERATOR content=3D"MSHTML 11.00.9600.16476"></HEAD> <BODY>
<DIV><FONT size=3D2 face=3DArial><SPAN=20 class=3D831025321-07022014>test</SPAN></FONT></DIV>
<DIV> </DIV><?xml:namespace prefix =3D "o" ns =3D=20 "urn:schemas-microsoft-com:office:office" /><o:SmartTagType=20 namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"PostalCode"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"State"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"City"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"place"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"Street"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"address"></o:SmartTagType>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in = 1.25in; mso-header-margin: .5in; mso-footer-margin: .5in; =
mso-paper-source: 0; }
P.MsoNormal {
   FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
LI.MsoNormal {
   FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
DIV.MsoNormal {
   FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
SPAN.GramE {
   mso-style-name: ""; mso-gram-e: yes
DIV.Section1 {
   page: Section1
</STYLE>
<DIV class=3DSection1>
<P class=3DMsoNormal align=3Dleft><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks!</SPAN></P> <P class=3DMsoNormal> </P> <P class=3DMsoNormal><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Kevin=20 Simmons</SPAN></P> <P
class=3DMsoNormal><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Project=20 Manager</SPAN></P> <P class=3DMsoNormal><o:p> </o:p></P>
<P class=3DMsoNormal><IMG src=3D"cid:831025321@07022014-2937" = width=3D130 height=3D130=20 v:shapes=3D"_x0000_i1025"></P> <P class=3DMsoNormal><?xml:namespace prefix =3D "st1" ns =3D=20 "urn:schemas-microsoft-com:office:smarttags"
/><st1:Street=20 w:st=3D"on"><st1:address w:st=3D"on"><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">4515 S McClintock Dr. = Suite=20 206</SPAN></st1:address></st1:Street></P>
<P class=3DMsoNormal><st1:place w:st=3D"on"><st1:City w:st=3D"on"><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Tempe</SPAN></st1:City><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">, <st1:State=20 w:st=3D"on">Arizona</st1:State> <st1:PostalCode=20 w:st=3D"on">85282</st1:PostalCode></SPAN></st1:place></P>
<P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">p</SPAN></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 602 283 1620</SPAN></P> <P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">f</SPAN></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 602 283 1621</SPAN></P> <P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">c</SPAN></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 480 702 9687</SPAN></P> <P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">[email protected]</SPAN></P></DIV>
<DIV> </DIV></BODY></HTML>
------=_NextPart_001_0051_01CF2414.572804A0--
------=_NextPart_000_0050_01CF2414.572804A0
Content-Type: image/jpeg;
   name="image002.jpg"
Content-Transfer-Encoding: base64
Content-ID: <831025321@07022014-2937>
/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a
HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy
MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCACCAIIDASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QA
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+HwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3++iii
gAooooAKKKKACq97dGzg81bae4O4DZAoLfXkjirFFAHltr8ZNKtPtNteadrU00V1OhZbdCABIwA+
+OgwPwqf/hdmg/8AQI13/wABk/8Ai68juv8AkL6t/wBhG5/9GtTKxdVp2PKqY+cJuKS0PfvB
+Xiwe
JdNFylnqHlyXE4WaeNVVVEjYU4bqBgdO1dZXA/Bz/knsP/X5c/8Ao1q76tkepF3SYUUUUDCiiigA
ooooAKKy9S1yz017ZZJ4B5twIWLzKuzIJyc/T9ak/t3R/wDoK2P/AIEJ/jQBoUVjXfibTLc2yxX1
nM006Q4W4XKhu/XtWvHIkqB43V1PdTkUAOoqhqWqRad9nDFC0s6QkFwpUMcZq6jpIu5GVh6g5oAd
RRRQB8sXX/IX1b/sI3P/AKNamU+6/wCQvq3/AGEbn/0a1Mrkl8TPnK/8WXqz2z4Of8k9h/6/Ln/0
a1d9XA/Bz/knsP8A1+XP/o1q76upbH0MPhQUUUEgDJOAKZQUVU0/UYNTt2uLUs0O8qshXAkx/Evq
voe+OKG1G3GqLpysz3JjMjKi5Ea9ix7Z7euD6GgC3RRRQB5X8atNsF8N2EosbYSy6pH5jiJd
voe+z5R8
5OOa8g/s2x/58rf/AL9L/hXtPxs/5FXS/wDsKRf+gSV4vPMfMECZyeWK9ceg9/ft+VYVdzyce5e0
ST6EKCHT9Rsbuy06zlmtrlJNskYEZx/C2Oo9q3L7Xtd1NDHdarNFbEki0sP9GgXPbamCfxJrHkiY
JEC21RIoCJwB+PWtbQfDq+I9Ua0zJFaRY+0SwjdK7HlYogf4yASSeFHJ7VMXJ6IypTqztTgz
JEC21RIoCJwB+PWtbQfDq+I9Ua0zJFaRY+nbyD
SYHQTi3Ehdc+Y2Wx+JzV6yjht2FxplxLav2ls7hoz+amvZZfh/aaZZWRtlXSzLdQx+TaHd/F
SYHQTi3Ehdc+Y2Wx+JzV6yjht2FxplxLav2ls7hoz+96R2
yXb3GB9etUPFPw2sLiALa2NppusAn7NdQKVt7xv+ecqnO1j2Jzz0J6Vp7N9Gdbwc0rxm7nPa
yXb3GB9etUPFPw2sLiALa2NppusAn7NdQKVt7xv+F8Tv
E2hsqXzjW7MdVmwlwo/2XAw30YfjXsvhvxRpXivTftulXBdVO2WJxtkhb+669j/PtmvmaONWVsxy
W8qMUkjPDRupwykeoIIq3pesal4a1ePV9OkC3CYVweEuE/55yD09G7GlGo07MzoYyUZclUS6/wCQ
vq3/AGEbn/0a1MqG3vV1GS7vVjaIXF3PL5b9U3SMcH3GamrKXxM4K/8AFl6s9s+Dn/JPYf8Ar8uf
/RrV31cD8HP+Sew/9flz/wCjWrvWZUUsxCqBkknAArqWx9DD4UDMqKWYhVAySTgAV8/eNvFv9uX0
1hoWo6iukgss9x9sc/aieqoCeIx69+3HW98QPiA/ieSXR9HlZNEUlZ7hDg3hHVVP/PP1P8X068no
+j6h4i1aPR9HjUzkAyysP3dtH/eb+i96zlN35YnFiMRJy9lR3J9Gi8U+INVi0bRtd1nztoMk
+hv5P
LtY+m5sH8l7/AEr3bRPB1pokMQTUNUuJwyyTTTXjkzuMfM4zg5wOOmOKn8K+FdO8I6OthYKW
LtY+Zjvn
uH5knfuzH+nQDgVuVcVZanVSpuEbSd2FFFFUanmfxvcR+EdOdui6nGT/AN8SV4zaRMkW+Ufv
uH5knfuzH+nQDgVuVcVZanVSpuEbSd2FFFFUanmfxvcR+pPmf
2J7fhXsnxvCS+E9MTcP+QrETg+ivXkeR6isKu55OYv30vIr3sqwQCZ/uowY/QV7r8KfDDaL4
2J7fhXsnxvCS+E9MTcP+QrETg+Ttb2
9jxqN6puHDDmMPg7frjbn6Adq8JvIBdi2te091DEfozgH+dfUt1fpZ3FhAqqVuZjDndjYAjN
9jxqN6puHDDmMPg7frjbn6Adq8JvIBdi2te091DEfozgH+n/x3
H41VJaXNcuguRyK3iD/V6d/2EIP/AEKtK5toby2kt7iMSQyLtZT3FZfiB0MenfOv/H/B3/2quajq
K2MEcoCvvnihxuxje4XP4ZzWp6J4B4+06TR/HMsUuSbuISFz/wAtSvAf6suAfVkY96wSARgj
K2MEcoCvvnihxuxje4XP4ZzWp6J4B4+Ir0z
44WUZTw7qiFfMju2tmweSroT+hX9a8zyPUVz1V7x4mPhy1brqZcGbLWXt+fJuU8xP95eo/LH
44WUZTw7qiFfMju2tmweSroT+hX9a8zyPUVz1V7x4mPhy1brqZcGbLWXt+5VqV
Q1PC/ZJ/4orhOfZvlP8AOrryLGAzfdzgn0+tQ9Tmn7yUj234PMqfDuNmIVRd3JJJwAPNauJ+IHxA
bxNJJo+kTFNFVik9wpwbwjqqn/nn6n+L6deStPE2oXPg1PDcG6200XE73Mit811ukYhBjomO
bxNJJo+vr06
daNxGWg8qNQCcBT2T0P4VrKelkejXxfLFU4PXq+xoaPo+oeItWj0fR41M5AMsrD93bR/3m/o
daNxGWg8qNQCcBT2T0P4VrKelkejXxfLFU4PXq+xoaPo+vevo
Twr4V07wjo62FgpZmO+e4fmSd+7Mf6dAOBXL/By50h/CLWtlAIdSt5MakGO55JT0kJ7qw6en
Twr4V07wjo62FgpZmO+e4fmSd+I7V6
JVwikjqw1CNKGmrfUKKKKs6QooooA8n+M+laZZ+G9PuYrC2ilk1WMPIkQDNlXzk98mvKPs0H
JVwikjqw1CNKGmrfUKKKKs6QooooA8n+M+laZZ+/PGP
/vkV7F8cE8zwjpyZxnU4xn0+SSvHLaYzQgtgSL8rj0Ydawq7nk5hfnTXYjljtoJ7KV4YvLS8gL5U
Y2+Yuc+2K+k73wlpM11p8kOk6eEhnLyjyFG5fLdcdOeSp/CvmzUYRc2hgPHmELn0zX0J8N/E
Y2+Yuc+2K+x8Q+
EbE3T/6fDEEmB6vtO0t+YIPuPpVUnpY2y+d4OJNrvh3RY47DZpNku6+hU4gUZBbp0qzqnhLSrm2i
S20iwV1uIXb9yo+VZFLdvQGrXiD/AFenf9hCD/0KtZ3WNGd2CqoyWJwAPWtT0Dxr4z2Ok2Nt
S20iwV1uIXb9yo+4fs7
SxtIJ571pG8uJVJRIznoOmWFebfZoP8AnjH/AN8iul+Imqtr3jwT5PkWdsEhQjoHOQT7sPm+jLXP
1z1X7x4uPnerZdDM1OGER20SxIGluEUYXsDk/oKvPbxPEYtoEZPzKvAPsaoA/bdcRwcw2qEj0LNw
D+Wf8mtSoZzTbikvmUtPFxDAi3ETJFM8ptZD0lVXKsM+qnqPQg1dr0fwp4Th8X/B1bPcsV7D
D+Wf8mtSoZzTbikvmUtPFxDAi3ETJFM8ptZD0lVXKsM+e3Mt
ncEf6uUStjP+yehHoa83AmjklguYWguoHMU8LdY3HUf4HuMVU421N8VQ5LTWz/MvaHrl34X1
ncEf6uUStjP+6DWr
NWfyxsuYFP8Ar4SeV/3h1X3HvX0npuo2ur6bb6hYzLNa3EYkjkXoQa+X67b4YeLf+Ef1caHeyY0v
UJM27MeILg/w+yv+jfWqpz6M3wOIt+6l8j3Siiitz1QooooA81+Nn/Iq6X/2FIv/AECSvF5YzHJ5
yHbnhj2+p9q9o+Nn/Iq6X/2FIv8A0CSvH6wq7nkZg7VF6FWaYARCQGM+YvXofoa6Pwj4ki8N
yHbnhj2+p9q9o+6o32
qd4dOuH3/aYvmazlxjeV/ijYAB19ge1c89tcyXFpbWMPnyz3CRxwbgu5j0AJ4H48U65VLG6NtqNo
9hdA8xXcXlt+GeD9QTUxutUY0XOnapBaHuur+LrNbfTRevGWN3DKk1mfPimUHOV25I+jD6E1
9hdA8xXcXlt+GeD9QTUxutUY0XOnapBaHuur+LrNbfTRevGWN3DKk1mfPimUHOV25I+R8Ye
OLO004PcPFI8mfsukxzK0lw3ZpypwkY6kd+5P3a8UWJbbDWM89qHlUsLWdowxzwcKQM+9NMW
OLO004PcPFI8mfsukxzK0lw3ZpypwkY6kd+5P3a8UWJbbDWM89qHlUsLWdowxzwcKQM+n2YZ
pPIQsdzvKwLMfUk8k1o6qtodkswjy+6ncsPdNJPNcXlyJ7y5kaadxyXduuAO3YDsAKakN5qN
pPIQsdzvKwLMfUk8k1o6qtodkswjy+1BY2
ls8tzcvsht1+9Kff+6o6k+laug+Gtc8TOq6JpjC3Y4N7cIYoFHqCRl/oor2/wX4C0/whA0oc
ls8tzcvsht1+9Kff+6o6k+laug+3mqT
DE97IoDEf3UH8K+w/HNTGDbuzGjhZ1Jc9TT8z53srOWx+1W1wyPcRXMscrp0Zlcrx7cce1Wq
DE97IoDEf3UH8K+fdf8
hfVv+wjc/wDo1qZWct2cdf8Aiy9T2z4Of8k9h/6/Ln/0a1Y3xa8IEqfFmnREywoF1GJBzJEO
hfVv+kgH9
5O/qv0FbPwc/5J7D/wBflz/6Nau9ZQ6lWAKkYII4IrptdWPe5FOnyy2aPlUEMoZSCpGQR3FNliSe
JopBlWGDXR+N/CZ8HeIPKgQ/2RfMz2Tdom6tCfp1X247Vz9c0k4ux4NWnKjPlZ7Z8MPGT+IN
JopBlWGDXR+LbSt
Sl3avYKA7HrcRdFl+vZvf6iu+r5bsr+80fVLXVtOYLe2jbkBOFkU/ejb2Yce3B7V9IeHdes/
Sl3avYKA7HrcRdFl+vZvf6iu+r5bsr+Euh2
2q2LHypl5RvvRsOGRvQg5FdEJcyPZwuI9tDXdGpRRRVnUea/Gz/kVdL/AOwpF/6BJXj9ewfGz/kV
dL/7CkX/AKBJXj9YVdzx8x/iL0Lug/8AI4eHf+wpB/OvpW8sbTUIDBe2sFzCesc0YdT+Br5q0H/k
cPDv/YUg/nX07V0vhOrL/wCF8ziNV+FvhO7MDW/h3T42FwjS7E8vKZ+YfLWvp/gXwppcgksvD2mx
SDo/2dSw/EjNHh3xpovim/1Sy0u4eSbTZfKnDJtGckZX1GVPNc3qfxq8IaRqt5pt098J7SVoZdls
SoZTg856Vodx6IAAMAYAqte2n22DyvtFxB8wO+B9jfTPpWLN478OQeEU8UPqSf2TIPklAOWb
SoZTg856Vodx6IAAMAYAqte2n22DyvtFxB8wO+ONoX
ruyCMexql4X+JnhvxdNc2+nTzpdW8Zle3uItjlB/EB3HT86AMG2+Dei3P2i4vbnWI55bqZyF
ruyCMexql4X+JnhvxdNc2+vOCD
IxB6dxg/jU//AApXw1/z/a1/4G//AFq6K08daLe+CpfFkLTnS4ldmJiw+Fbafl+oqtd/Ejw/Zm3E
rXWZ9M/tVNsJP7jGf++valZEOnB6tIk8G+Eo/DVgIIri/Ecc85SGW43qVaRtrEY6kYP1rqq81tfj
n4Nu7yK1ibUDLK6xqDanqTgZ5qfVPjT4R0jVrzTLlr/7RaTNDLstiwDKcHBzTLOh8SeDNO8U2k9v
qE975cuGVUuGCxuPusq9AQea5Sw+DWgSWaG+/tSO5GVkCagxViDjcPY9cdRnFdDe/Efw5p3h
qE975cuGVUuGCxuPusq9AQea5Sw+DWgSWaG+Oz8S
XVzLFZXv/HvGYz5spyRgJ+H0qnY/FjwrqPh7UdZgnuPK07b9pgaEiZAzBQdvcZPUGlZEuMXuin/w
pbwr/wA9tW/8Dnq3pXw+tvDN6i6Rdap9huWJuYvtzAq+OJPfptI+h7Gqel/Gvwjq+q2um2rX5uLm
ZYYw1qQNzHAyc8danv8A4x+DtO1+TSJrycyRTCCa4SEmGJ84IZvY9SMiiyBRitkd9RSAhlDK
ZYYw1qQNzHAyc8danv8A4x+DtO1+QQRk
Ed6KZR5t8bP+RV0v/sKRf+gSV4/XsvxK0TXvENjYWEB02NDqSNC0jyZOFfG7C+npXH/8Kh8Y
Ed6KZR5t8bP+f8/e
hf8Afyb/AOJrKpByeh52Mw9SrNOC6HL6D/yOHh3/ALCkH86998ca8PDPgrVtW3ASQQN5We8jfKn/
AI8RXlUPw28U6LrWjX9xcaM6xahCwWOSXJbPHVelem+JPCbeMtHtLDWbjyEhuluJY7Q5SYLn
AI8RXlUPw28U6LrWjX9xcaM6xahCwWOSXJbPHVelem+CksM
455qqaaVmb4SlKnT5Zb3PD/hdr+h6J458ORabePLJqdi1pqgdGUC5LF1OT15IXI9PerMniHxX4a1
Lx/qGiaZp91pqatILuS4Qu0RJIBCgjK888GvafFHgjTPE2n21uf9BltrlLmG4to1Do6dO3TmjSfB
Gn6Y3iHfLJdRa7O81zHKBtG4EFRjtyas6jyWDQrXSofhZpst3DqGm3N9NdSSqP3UkrbWQAHsM4wf
f6V6pq1v4VXxfFNOLdfExsJBbDcQ7RYbPA4P8XXnrWbB8J9JXwR/wi11fXlzaxTm4tJ2KrLat/sE
D1J6+pqTwt8MNP8ADmoXWp3Gp3+q6pPCYBd3sm5o4z2X/GgDxrSZPHQ+B90lpBpJ8M+VNvdy
D1J6+pqTwt8MNP8ADmoXWp3Gp3+ftG3
ed2OcZznHFdt4cAPxL8CgjI/4RJP5Gu4sfh5Y2Hw6m8GJe3LWkqSIZ2C+YN7Fj2x3qWw8B2Wn+IN
H1dLy4aXS9MGmxowXa6D+I8daAOd8Hov/C7PHo2rgR2mOOnyVy3h0eOD4w8bf8IpForwf2vJ
H1dLy4aXS9MGmxowXa6D+5x1D
du3ZONu3tivV9L8J22leLta8RR3Mzz6qsQkibG1Ni4GO/wCdcjffBuC61rUdTtvFWuWDX9w1xLFa
zBF3E57devegCldx3dx8ZPBcPiOO1NxHpMsgSIZh+0/Nu2A+gAI+grtrS28KJ48v3thbjxK9
zBF3E57devegCldx3dx8ZPBcPiOO1NxHpMsgSIZh+qv2p
VJ3mLIwSOn93nr0rM1L4Y6fq3hjTdKu9T1F7zTWZ7XVfN/0lGJyfm7jp+Qq14L+H2n+DZby7S7u9
Q1O8x9ovbt90jAdB7D/PYUAYPw2Rf+E3+IXyjjVFxx04auM+y6p4e0rXLzRBpPinwJPdS3F7bsds
0YyC4zwcqMc89M4r2DQPClt4f1fXNRguJpZNXuRcSq4GEIzwuO3PeuRv/grpF3qt1PBq+qWenXk3
nXemQTbYZWzkjHYH9O2KAPQtLmtrjSbOazXbayQI8K4xhCoKj8sUVYhhjt4I4YUCRRqERR0UAYAo
oAcVVsblBwcjI6GloooARlVsblBwcjI6GloooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP
/9k=
------=_NextPart_000_0050_01CF2414.572804A0--
beyond that - the Global Address Book does not update!

10.7.4 Web Access for Active Directory Users

Does anyone know how to permantly set the AuthType in Web Services to Basic ?
The reason I ask is I have a web site I want to protect and allow active directory users access to it.
I have added the users to a local group, added the group to the Who Can Access option.
Local users can log in but not Active Directory. If I edit the conf file for the site in /etc/apache2/sites and change the AuthType from Digist to Basic it works fine until I change something in the server app then the conf file gets rewritten.
Dan

I am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
[2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
Not feeling the Mac OS X love tonight.
Bill
System is bound to active directory - green light in Directory Utility

Different privelege level for Active directory users

Hi,
We have integrated Acs 4.1se with windows active directory.now we need to give certain users full privige to some client devices and only show level privilege to some devices.what is the neccessary steps required in ACS and ACS clients.Also how much time the dynamic users will remain in ACSthanks in advance

Hi,
If you are using command authorization then privilage doesn't matter.
Best way to set it up is to give all user priv lvl 15 and then define what all commands user can execute.
Note : Having priv 15 does not mean that user will able to issue all commands.
We will set up command authorization on acs to have control on users.
This is how your config should look,
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization config-commands
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
Check out this link
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
Regards,
~JG

Activating TimeMachine Server for Active Directory Users

Currently we'd like to switch to Active Directory and I tried it out with our Test environment, setuped an Active Directory Server and joined a OSX Mavericks Server. So far so good I can manage all my AD users, but when I click on "Edit Access to Services" I can activate anything for my AD user BUT not Time Machine!
Does anyone knows why and if there is any workaround to make it work? For other Network (Open Directory) and Local Users I can activate it.

sorry.. I am soooooo stupid... I have to activate "File Sharing" as well.. for the user everything was already pre-activated, not for the AD users, I just saw the Time Machine checkbox grayed out ...

Best practices for package directory structure?

I've only compiled a few java programs & while I find the language itself very easy to adapt to from C++ and Javascript, I get confused about the directory structure and classpaths & such.
My main method of operation is to build small tools and test projects, and I would like to follow good practices for organizing my directory structure, so it will (a) work well with java, and (b) work well with my source control software.
Let's say I am developing packages named "com.example.test.test1", "com.example.test.test2", "com.example.tools.flapper", and "com.example.tools.spinner".
I know I can use this structure:
/java/test/test1/com/example/test/test1/* (files for com.example.test.test1 including test1.java)
/java/test/test2/com/example/test/test2/* (files for com.example.test.test2 including test2.java)
/java/tools/flapper/com/example/tools/flapper/* (files for com.example.tools.flapper including flapper.java)
/java/tools/spinner/com/example/tools/spinner/* (files for com.example.tools.spinner including spinner.java)
But the directories seem unnecessarily deep & lead to a hassle in source control that makes it difficult to browse.
Can I use this? and if so, how do I run "javac" and "jar" properly to compile/jar-ify each package?
/java/com/example/test/test1/* (files for com.example.test.test1)
/java/com/example/test/test2/* (files for com.example.test.test2)
/java/com/example/tools/flapper/* (files for com.example.tools.flapper)
/java/com/example/tools/spinner/* (files for com.example.tools.spinner)
also is it recommended to leave the .class files in the same dirs as the .java files, or better to have a separate tree for compiled .class files?

hmm, there's a lot to absorb here...
I found these articles online that seem good:
http://www.onjava.com/pub/a/onjava/2003/12/17/ant_bestpractices.html
http://www.kevinboone.com/classpath.html
I'd like to use ant if possible & understand it; I've had troubles with IDEs in the past and would like to just stick with basic build mechanisms.
I guess as a practical example let's say I have two different applications that use the serial port, that I want to release separately, each in separate .jar files. One is called com.example.applications.serial1 and the other is com.example.applications.serial2. They both use rxtx.org's gnu.io.* libraries. Serial1 uses some packages that I have developed: com.example.tools.spinner and com.example.tools.flapper, whereas Serial2 uses com.example.tools.spinner and com.example.tools.flopper
I think I want to organize things this way: (everything below under /java/src/)
com
example
applications
serial1
serial1.java
serial2
serial2.java
tools
spinner
spinner.java
flapper
flapper.java
flopper
flopper.java
and I think I want to compile to /java/classes/:
com
example
applications
serial1
serial1.class
serial2
serial2.class
tools
spinner
spinner.class
flapper
flapper.class
flopper
flopper.class
but I'm sort of lost on where to put the ant buildfiles, which directories to be in to run javac, and how to get the jar files right. From what I've searched for online, the external libraries (RXTX's jar files & .dlls for windows) are "interesting", and the easiest thing is to tell users of my .jar files to put the rxtx libs in the same library as the .jar files so I can set the Class-Path: in the .jar manifest to point to them.

Best practice for managing unofficial user repo with git?

G'day Archers,
(I hope this is the right subforum for my question -- feel free to move.)
I am currently playing around with setting up an unofficial repo. So far so good, except I am trying to make sure I do things "properly".
I am currently deploying my website according to this tip I've seen recommended. I.e. on the server, set up a bare repo in say ~/src/www.git with a post-receive hook that states something like
GIT_WORK_TREE=$HOME/www_public git checkout -f
where ~/www_public is the apache directory root for the website.
Doing it this way, I can push and pull changes between my desktop, the server and my laptop and the .git files don't end up visible to the public.
Now I want to add my repo to this system, but repo-add creates ".tar.gz" files. According to github help, these are better off ignored by git.
One solution that occurs to me is to add a pre-commit that decompresses the db into plain text and a post-receive that recompresses to a form that pacman will understand. However, I wonder if there is a simpler solution that I'm missing? I notice that Debian seems to have a tool that will do what I want, for Debian users. Does something equivalent exist for Archlinux, or do any Archers who run unofficial repos have any tips for me based on their experience/mistakes/successes of the past?

G'day Archers,
(I hope this is the right subforum for my question -- feel free to move.)
I am currently playing around with setting up an unofficial repo. So far so good, except I am trying to make sure I do things "properly".
I am currently deploying my website according to this tip I've seen recommended. I.e. on the server, set up a bare repo in say ~/src/www.git with a post-receive hook that states something like
GIT_WORK_TREE=$HOME/www_public git checkout -f
where ~/www_public is the apache directory root for the website.
Doing it this way, I can push and pull changes between my desktop, the server and my laptop and the .git files don't end up visible to the public.
Now I want to add my repo to this system, but repo-add creates ".tar.gz" files. According to github help, these are better off ignored by git.
One solution that occurs to me is to add a pre-commit that decompresses the db into plain text and a post-receive that recompresses to a form that pacman will understand. However, I wonder if there is a simpler solution that I'm missing? I notice that Debian seems to have a tool that will do what I want, for Debian users. Does something equivalent exist for Archlinux, or do any Archers who run unofficial repos have any tips for me based on their experience/mistakes/successes of the past?

What is a best practice for our end users submitting their completed forms?

I've created an application with fillable fields using Adobe 10. I'm trying to figure out the best way to get the info back. I really don't want them emailing it as it will have sensitive data. I've seen others on this forum referring to using "servers" but I can't seem to find any additional info on this solution. Any advice?

If the data is sensitive, email is an absolute no-no.
In addition to being on a server - that is, a web server - you need to have a secure connection.
That in turn is a web address starting https not just http.
On the web server, an experienced programmer installs a "script".
When the form filler clicks SUBMIT, the information from the form is sent to the script.
The script, in turn, being a program, does whatever the programmer thinks, such as
- put it in a database
- check the data and reply immediately
- email it (very bad idea in this case)
Typically it's in a database, and you - the person in charge - visits a different script on the
same server, to get stuff out of the database and process the information.
I underline experienced. This is no job for a beginner or amateur, or even someone who
has never worked with web scripts. Bad scripts are the main reason that web sites get
hacked and details stolen, or your site defaced or otherwise bought into disrepute.

OIM 10g: Best practice for updating OIM user status from target recon?

We have a requirement, where we need to trigger one or more updates to the OIM user record (including status) based on values pulled in from a target resource recon from an LDAP. For example, if an LDAP attribute "disable-flag=123456" then we want to disable the OIM user. Other LDAP attributes may trigger other OIM user attribute changes.
I think I need to write a custom adapter to handle "recon insert received" and "recon update received" events from the target recon, but wanted to check with the community to see if this was the right approach. Would post-insert/post-update event handlers be a better choice?

Thanks Nishith. That's along the lines of what I was thinking. The only issue in my case is that I might need to update additional custom attributes on the OIM User in addition to enable/disable. Because of that requirement, my thought was to call the API directly from my task adapter to do the attribute updates in addition to the enable/disable. Does this seem like a sound approach?

Advice re best practice for managing the scan listener logs and list logs

Hi friends,
I've just started a job as a RAC dba administrator for some big 24*7 systems, I've never worked with clusterware and RAC.
2 Space problems
1) Very large listener_scan2.log in /u01/11.2.0/grid/log/diag/tnslsnr/<server name>/listener_scan2/trace folder
2) Heaps of log_nnn.xml files in /u01/11.2.0/grid/log/diag/tnslsnr/<server name>/listener_scan2/alert folder (4Gb used up)
Welcome advice on the best way to manage these in the short term (i.e. delete manually) and the recommended practice and safest way (adri maybe not sure how it works with scan listeners)
Welcome advice and commands that could be used to safely clean these up and put a robust mechanism in place for logfile management in RAC and CLusterware systems.
Finally should I be checking the log files in /u01/11.2.0/grid/log/diag/tnslsnr/<server name>/listener_scan2/alert regulalrly ?
My experience with listener logs is that they are only looked at when there are major connectivity issues and on the whole are ignored.
Thanks for your help,
Cheers, Rob

Have you had any issues that require them for investigative purposes? If not, just remove them. Are the logs required for some sort of audit process? If yes, gzip them to a location where you can use your OS tape backup policies to retain them for n-days. Once you remove an active file, it should recreate the file and continue without interruption.

ThumbnailPhoto Attribute Active Directory Users & Computers

Hi, I have successfully imported user pictures within the AD in respect of the thumbnailphoto attribute and this is being replicated as part of the GC. Does anyone know of any extensions for Active Directory Users & Computers so that an administrator
can view the photo in the way of an extra tab etc. The Domain and Forest are currently 2012 functional mode. Any help of viewing the photos within AD users & Computers would be great.
Carl Smith MCITP-EA

Below thread might be helpful,
http://social.technet.microsoft.com/Forums/scriptcenter/en-US/c9f7385f-8d34-47a6-a789-6d240541b5da/ad-user-properties-tab?forum=
Regards,
Gopi
JiJi
Technologies

Best practice for Active Directory User Templates regarding Distribution Lists

Similar Messages

Maybe you are looking for