DC 與 File Server 在同一台時,而同一個 OU 裡,委派權限以及 Server Operator 群組權限同時存在的條件下,此 OU 的使用者繼承權限會受影響,帳號裡的 Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here 勾勾會被拿掉.
微軟有 KB 說明這樣問題的解決方式 AdminSDHolder Thread Affects Transitive Members of Distribution Groups ,但是修改 AdminSDHolder 會有不預期的問題發生.
另外,建議兩個解決方法,但是前提下,OU 內的使用者不能加入 Server Operator 群組 :
1. DC 和 File Server 需使用2台不同的獨立 Server,使用者可以設定 Full Control OU ,OU 內的使用者可加入 File Server 的 Power User 群組.
2. 如果 DC 兼 File Server 的情況,需要額外建立一個使用者帳號,例如: OUadmin 給某個使用者使用,並設定 OUadmin 可 Full Control OU,所以使用者在 AD 中有 2 組使用者帳號,一個是普通權限的用途,一個是可以管理 OU 的用途.
2011年2月25日 星期五
2011年2月22日 星期二
The Name on the Security Certificate is invalid or does not match the name of the site
公司內部的使用者,透過Outlook 2007 or Outlook 2010 MAPI Client 連線 Exchange 2010 時,發生如圖的安全性警告訊息,主要的原因是內部使用者使用 https 連線 Exchange Server 時,內部 Exchange Server 連線名稱跟外部憑證名稱不符造成的.
解決方法:
1. 透過EMC來修改 Internal Url,此 Internal Url 要與 External Url 名稱相同
2. 或者透過 Exchange Power Shell 來修改 Internal Url,執行指令如下
Set-OWAVirtualDirectory –Identity ServerName\OWA (default web site) -InternalURL https://XXX.XXX.XXX/OWA
Set-OABVirtualDirectory –Identity ServerName\OAB (default web site) -InternalURL https://XXX.XXX.XXX/OAB
Set-WebServicesVirtualDirectory –Identity ServerName\EWS (default web site) -InternalURL https://XXX.XXX.XXX/ews/exchange.asmx
Set-ActiveSyncVirtualDirectory –Identity ServerName\Microsoft-Server-ActiveSync (default web site) -InternalURL https://XXX.XXX.XXX/Microsoft-Server-ActiveSync
另外,Exchange 2010 還須執行下列指令,如果是 Exchange 2007 的話,可以省略
Set-ECPVirtualDirectory –Identity ServerName\ECP (default web site) -InternalURL https://XXX.XXX.XXX/ECP
執行完成後確認上述設定是否透用
如果上述設定還未套用,以及憑證的錯誤警告訊息持續產生,請透過 Exchange Power Shell 再執行下列指令修改 CAS 的內容,此錯誤訊息的問題即可解決
Get-ClientAccessServer –Identity ServerName | Set-ClientAccessServer
–AutodiscoverServiceInternalUri https://XXX.XXX.XXX/autodiscover/autodiscover.xml
解決方法:
1. 透過EMC來修改 Internal Url,此 Internal Url 要與 External Url 名稱相同
2. 或者透過 Exchange Power Shell 來修改 Internal Url,執行指令如下
Set-OWAVirtualDirectory –Identity ServerName\OWA (default web site) -InternalURL https://XXX.XXX.XXX/OWA
Set-OABVirtualDirectory –Identity ServerName\OAB (default web site) -InternalURL https://XXX.XXX.XXX/OAB
Set-WebServicesVirtualDirectory –Identity ServerName\EWS (default web site) -InternalURL https://XXX.XXX.XXX/ews/exchange.asmx
Set-ActiveSyncVirtualDirectory –Identity ServerName\Microsoft-Server-ActiveSync (default web site) -InternalURL https://XXX.XXX.XXX/Microsoft-Server-ActiveSync
另外,Exchange 2010 還須執行下列指令,如果是 Exchange 2007 的話,可以省略
Set-ECPVirtualDirectory –Identity ServerName\ECP (default web site) -InternalURL https://XXX.XXX.XXX/ECP
執行完成後確認上述設定是否透用
如果上述設定還未套用,以及憑證的錯誤警告訊息持續產生,請透過 Exchange Power Shell 再執行下列指令修改 CAS 的內容,此錯誤訊息的問題即可解決
Get-ClientAccessServer –Identity ServerName | Set-ClientAccessServer
–AutodiscoverServiceInternalUri https://XXX.XXX.XXX/autodiscover/autodiscover.xml
2011年2月9日 星期三
About the SMTP Connector
2011年2月7日 星期一
關於 Shared Folders and Shared-Folder Permissions
關於 Shared Folders and Shared-Folder Permissions 在 Member Server 與 Domain Controller 所需要的權限:
Members of the Administrators or Power Users group can share folders on a Windows member server. You have to be a member of the Administrators or Server Operators group to share folders on a domain controller of a domain.
Members of the Administrators or Power Users group can share folders on a Windows member server. You have to be a member of the Administrators or Server Operators group to share folders on a domain controller of a domain.
What is the Server Operators?
關於Server Operators的權限範圍如下:
Members of this group can perform server management tasks such as creating, changing, and deleting shared printers, shared directories, and files. They can also back up and restore files, lock the server console and shutdown the system. They cannot modify system policies or start and stop services.
Members of this group can perform server management tasks such as creating, changing, and deleting shared printers, shared directories, and files. They can also back up and restore files, lock the server console and shutdown the system. They cannot modify system policies or start and stop services.
2011年2月5日 星期六
Migration from Office Communications Server 2007 R2 to Lync Server 2010
Before You Begin the Migration
Phase 1: Plan Your Migration from Office Communications Server 2007 R2
Phase 2: Prepare for Migration
Phase 3: Deploy Lync Server 2010 Pilot Pool
Phase 4: Merge Topologies
Phase 5: Configure the Pilot Pool
Phase 6: Verify Your Pilot Migration
Phase 7: Add Lync Server 2010 Edge Server and Director to Pilot Pool
Phase 8: Move from Pilot Deployment into Production
Phase 9: Complete Post-Migration Tasks
Phase 10: Decommission Legacy Site
Migrate Using Lync Server 2010 Management Shell (optional)
Phase 1: Plan Your Migration from Office Communications Server 2007 R2
Phase 2: Prepare for Migration
Phase 3: Deploy Lync Server 2010 Pilot Pool
Phase 4: Merge Topologies
Phase 5: Configure the Pilot Pool
Phase 6: Verify Your Pilot Migration
Phase 7: Add Lync Server 2010 Edge Server and Director to Pilot Pool
Phase 8: Move from Pilot Deployment into Production
Phase 9: Complete Post-Migration Tasks
Phase 10: Decommission Legacy Site
Migrate Using Lync Server 2010 Management Shell (optional)
訂閱:
文章 (Atom)
Skype for Business 相關問題
Microsoft Teams 擴展了 Skype for Business 功能,將聊天、會議、通話、協同合作、應用程式和檔案儲存整合到一個介面中。這個新的團隊合作中心可以幫助簡化使用者完成工作的方式,提高使用者滿意度,並加速業務結果。作為一個現有的 Skype for Bus...
-
錯誤訊息如下: 解決方法: 試試看檢查下面幾項動作 1.Netlogon Service有沒有啟動或者服務重新啟動 2.是否有此值 HKLM\System\CCS\Services\NTDS\Parameters 底下的 "DSA Not Writable...
-
問題描述 : OfficeScan 伺服器中的 Bsdiff.exe 占用過高的 CPU 使用率 解決方法 : Bsdiff.exe 是整合式雲端截毒伺服器的程序之一,功能為建立不同的 Smart Query Pattern 。 若 CPU 突然飆升,有可能是它正在...