Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » LDAP issues - mimesweeper for web & Active Directory
LDAP issues - mimesweeper for web & Active Directory [message #156894] Thu, 25 June 2009 11:43 Go to next message
Emma K  is currently offline Emma K
Messages: 4
Registered: June 2009
Junior Member
Wondering if anyone could help... I'm having trouble with some LDAP
connections for Mimesweeper for Web and wondering if i've missed something in
AD...

AD - Version: 5.2.3790.3959 / Machine environment - XP SP3

Created a test OU under the Accounts root folder and linked my new GPO's to
it. Users are getting the policy ok when logging in except for access to the
internet.

Internet access is through a proxy server and website access is controlled
through Mimesweeper for web. Existing LDAP connections to MS4Web are working
correctly and the new LDAP connection for my test OU can see the test OU &
the users underneath but MS4W thinks they are "non users"

same LDAP server & log in credentials are being used as existing connections
and any permissions on the test OU & GPO's appear to be the same.

Em
RE: LDAP issues - mimesweeper for web & Active Directory [message #156913 is a reply to message #156894] Fri, 26 June 2009 03:23 Go to previous messageGo to next message
Garry Starck-MCITP En  is currently offline Garry Starck-MCITP En
Messages: 69
Registered: July 2009
Member
Hi Emma

Can you elaborate on the "Accounts root Folder" part of "Created a test OU
under the Accounts root folder and linked my new GPO's to
it. Users are getting the policy ok when logging in except for access to the
internet.
'
--
Garry Starck
MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


"Emma K" wrote:

> Wondering if anyone could help... I'm having trouble with some LDAP
> connections for Mimesweeper for Web and wondering if i've missed something in
> AD...
>
> AD - Version: 5.2.3790.3959 / Machine environment - XP SP3
>
> Created a test OU under the Accounts root folder and linked my new GPO's to
> it. Users are getting the policy ok when logging in except for access to the
> internet.
>
> Internet access is through a proxy server and website access is controlled
> through Mimesweeper for web. Existing LDAP connections to MS4Web are working
> correctly and the new LDAP connection for my test OU can see the test OU &
> the users underneath but MS4W thinks they are "non users"
>
> same LDAP server & log in credentials are being used as existing connections
> and any permissions on the test OU & GPO's appear to be the same.
>
> Em
RE: LDAP issues - mimesweeper for web & Active Directory [message #156916 is a reply to message #156913] Fri, 26 June 2009 05:04 Go to previous messageGo to next message
Emma K  is currently offline Emma K
Messages: 4
Registered: June 2009
Junior Member
Hi Gary,

The Account roots OU is the default (?) OU under the domain - our
(simplified) structure is:

Domain
- Accounts
- Admin Users (Admin User accounts OU)
- Wiltshire (Existing User accounts OU)
- Finance Users
- XP Group Policy Test (My test OU, XP GPO applied here)
- Finance Users XP (test users in here)
- Computers
- Groups
- Workstations...
etc...

Em

"Garry Starck-MCITP Enterprise Admin" wrote:

> Hi Emma
>
> Can you elaborate on the "Accounts root Folder" part of "Created a test OU
> under the Accounts root folder and linked my new GPO's to
> it. Users are getting the policy ok when logging in except for access to the
> internet.
> '
> --
> Garry Starck
> MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
>
>
> "Emma K" wrote:
>
> > Wondering if anyone could help... I'm having trouble with some LDAP
> > connections for Mimesweeper for Web and wondering if i've missed something in
> > AD...
> >
> > AD - Version: 5.2.3790.3959 / Machine environment - XP SP3
> >
> > Created a test OU under the Accounts root folder and linked my new GPO's to
> > it. Users are getting the policy ok when logging in except for access to the
> > internet.
> >
> > Internet access is through a proxy server and website access is controlled
> > through Mimesweeper for web. Existing LDAP connections to MS4Web are working
> > correctly and the new LDAP connection for my test OU can see the test OU &
> > the users underneath but MS4W thinks they are "non users"
> >
> > same LDAP server & log in credentials are being used as existing connections
> > and any permissions on the test OU & GPO's appear to be the same.
> >
> > Em
RE: LDAP issues - mimesweeper for web & Active Directory [message #156958 is a reply to message #156916] Sat, 27 June 2009 20:09 Go to previous messageGo to next message
Garry Starck-MCITP En  is currently offline Garry Starck-MCITP En
Messages: 69
Registered: July 2009
Member
Hi Emma

I take it the "Default (?)" means that these user accounts are withing the
OU called Users which is built-in. If so, move them out, GPO's don't apply in
this case and also, LDAP bin path is not OU=Users,DC=DOMAIN,DC=COM, but
rather CN=Users,DC=DOMAIN,DC=COM as well as the default "Computers OU and any
other Built-in OU. They are CN=?????, Not OU=?????

Please advise if I am understanding your issue

Regards
--
Garry Starck
MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


"Emma K" wrote:

> Hi Gary,
>
> The Account roots OU is the default (?) OU under the domain - our
> (simplified) structure is:
>
> Domain
> - Accounts
> - Admin Users (Admin User accounts OU)
> - Wiltshire (Existing User accounts OU)
> - Finance Users
> - XP Group Policy Test (My test OU, XP GPO applied here)
> - Finance Users XP (test users in here)
> - Computers
> - Groups
> - Workstations...
> etc...
>
> Em
>
> "Garry Starck-MCITP Enterprise Admin" wrote:
>
> > Hi Emma
> >
> > Can you elaborate on the "Accounts root Folder" part of "Created a test OU
> > under the Accounts root folder and linked my new GPO's to
> > it. Users are getting the policy ok when logging in except for access to the
> > internet.
> > '
> > --
> > Garry Starck
> > MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
> >
> >
> > "Emma K" wrote:
> >
> > > Wondering if anyone could help... I'm having trouble with some LDAP
> > > connections for Mimesweeper for Web and wondering if i've missed something in
> > > AD...
> > >
> > > AD - Version: 5.2.3790.3959 / Machine environment - XP SP3
> > >
> > > Created a test OU under the Accounts root folder and linked my new GPO's to
> > > it. Users are getting the policy ok when logging in except for access to the
> > > internet.
> > >
> > > Internet access is through a proxy server and website access is controlled
> > > through Mimesweeper for web. Existing LDAP connections to MS4Web are working
> > > correctly and the new LDAP connection for my test OU can see the test OU &
> > > the users underneath but MS4W thinks they are "non users"
> > >
> > > same LDAP server & log in credentials are being used as existing connections
> > > and any permissions on the test OU & GPO's appear to be the same.
> > >
> > > Em
RE: LDAP issues - mimesweeper for web & Active Directory [message #157001 is a reply to message #156958] Mon, 29 June 2009 05:33 Go to previous messageGo to next message
Emma K  is currently offline Emma K
Messages: 4
Registered: June 2009
Junior Member
Hii Gary,

On closer inspection the "Users" folder is still in the tree so the
"Accounts" folder will have been created vs being built-in.

Mimesweeper for Web generates the LDAP bin path and we don't have the option
to edit them - they appear to be correct though:

LDAP for the OU:
OU=XP Group Policy,OU=Accounts,DC=domain,DC=domain1,DC=domain2,DC=uk

LDAP for a user:
CN=copyjack,OU=XP Group
Policy,OU=Accounts,DC=domain,DC=domain1,DC=domain2,DC=uk

Em

"Garry Starck-MCITP Enterprise Admin" wrote:

> Hi Emma
>
> I take it the "Default (?)" means that these user accounts are withing the
> OU called Users which is built-in. If so, move them out, GPO's don't apply in
> this case and also, LDAP bin path is not OU=Users,DC=DOMAIN,DC=COM, but
> rather CN=Users,DC=DOMAIN,DC=COM as well as the default "Computers OU and any
> other Built-in OU. They are CN=?????, Not OU=?????
>
> Please advise if I am understanding your issue
>
> Regards
> --
> Garry Starck
> MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
>
>
> "Emma K" wrote:
>
> > Hi Gary,
> >
> > The Account roots OU is the default (?) OU under the domain - our
> > (simplified) structure is:
> >
> > Domain
> > - Accounts
> > - Admin Users (Admin User accounts OU)
> > - Wiltshire (Existing User accounts OU)
> > - Finance Users
> > - XP Group Policy Test (My test OU, XP GPO applied here)
> > - Finance Users XP (test users in here)
> > - Computers
> > - Groups
> > - Workstations...
> > etc...
> >
> > Em
> >
> > "Garry Starck-MCITP Enterprise Admin" wrote:
> >
> > > Hi Emma
> > >
> > > Can you elaborate on the "Accounts root Folder" part of "Created a test OU
> > > under the Accounts root folder and linked my new GPO's to
> > > it. Users are getting the policy ok when logging in except for access to the
> > > internet.
> > > '
> > > --
> > > Garry Starck
> > > MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
> > >
> > >
> > > "Emma K" wrote:
> > >
> > > > Wondering if anyone could help... I'm having trouble with some LDAP
> > > > connections for Mimesweeper for Web and wondering if i've missed something in
> > > > AD...
> > > >
> > > > AD - Version: 5.2.3790.3959 / Machine environment - XP SP3
> > > >
> > > > Created a test OU under the Accounts root folder and linked my new GPO's to
> > > > it. Users are getting the policy ok when logging in except for access to the
> > > > internet.
> > > >
> > > > Internet access is through a proxy server and website access is controlled
> > > > through Mimesweeper for web. Existing LDAP connections to MS4Web are working
> > > > correctly and the new LDAP connection for my test OU can see the test OU &
> > > > the users underneath but MS4W thinks they are "non users"
> > > >
> > > > same LDAP server & log in credentials are being used as existing connections
> > > > and any permissions on the test OU & GPO's appear to be the same.
> > > >
> > > > Em
RE: LDAP issues - mimesweeper for web & Active Directory [message #157038 is a reply to message #157001] Mon, 29 June 2009 21:17 Go to previous messageGo to next message
Garry Starck-MCITP En  is currently offline Garry Starck-MCITP En
Messages: 69
Registered: July 2009
Member
Hi Emma

Confused: I have worked on on one 3rd party (Non MS Proxy/Firewall) and it
was called SQUID. It would just import members of the Internet Access Allowes
group once a day. Does Mimesweeper do the same?

What is the exact requirement for GPO's, is this how you are assigning the
Proxy and port addresses to these clients.

How do you rate you GPO skill 1 to 10? Do you run RSOP.MSC on each client
machine whilt the user in the test ou is looged in. Just incase you do not
know, RSOP is Resultant Set of Policies. It will give you the same look as
when you edit a GPO, but one shows the "Defined Entries" and next to each
field, it has the GPO the was responsible.

Are you maybe editing the Computer part of the GPO, and applying linking the
GPO to an OU that has User objects/account as opposed the Comuter accounts.

Like wise, if you make changes on the user part of a GPO and link it to an
OU that only has PC accounts, nothing will happen.

If both user and computer sections of a GPO are configured, then you would
link the gpo lower down eg: link it to the London OU, because London has to
sub OU's, a Users Accounts OU and a Computer accounts OU.

So If this is the case, then remember, set the corresponding section of the
GPO to the type of object that show get it.

Advised please
--
Garry Starck
MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


"Emma K" wrote:

> Hii Gary,
>
> On closer inspection the "Users" folder is still in the tree so the
> "Accounts" folder will have been created vs being built-in.
>
> Mimesweeper for Web generates the LDAP bin path and we don't have the option
> to edit them - they appear to be correct though:
>
> LDAP for the OU:
> OU=XP Group Policy,OU=Accounts,DC=domain,DC=domain1,DC=domain2,DC=uk
>
> LDAP for a user:
> CN=copyjack,OU=XP Group
> Policy,OU=Accounts,DC=domain,DC=domain1,DC=domain2,DC=uk
>
> Em
>
> "Garry Starck-MCITP Enterprise Admin" wrote:
>
> > Hi Emma
> >
> > I take it the "Default (?)" means that these user accounts are withing the
> > OU called Users which is built-in. If so, move them out, GPO's don't apply in
> > this case and also, LDAP bin path is not OU=Users,DC=DOMAIN,DC=COM, but
> > rather CN=Users,DC=DOMAIN,DC=COM as well as the default "Computers OU and any
> > other Built-in OU. They are CN=?????, Not OU=?????
> >
> > Please advise if I am understanding your issue
> >
> > Regards
> > --
> > Garry Starck
> > MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
> >
> >
> > "Emma K" wrote:
> >
> > > Hi Gary,
> > >
> > > The Account roots OU is the default (?) OU under the domain - our
> > > (simplified) structure is:
> > >
> > > Domain
> > > - Accounts
> > > - Admin Users (Admin User accounts OU)
> > > - Wiltshire (Existing User accounts OU)
> > > - Finance Users
> > > - XP Group Policy Test (My test OU, XP GPO applied here)
> > > - Finance Users XP (test users in here)
> > > - Computers
> > > - Groups
> > > - Workstations...
> > > etc...
> > >
> > > Em
> > >
> > > "Garry Starck-MCITP Enterprise Admin" wrote:
> > >
> > > > Hi Emma
> > > >
> > > > Can you elaborate on the "Accounts root Folder" part of "Created a test OU
> > > > under the Accounts root folder and linked my new GPO's to
> > > > it. Users are getting the policy ok when logging in except for access to the
> > > > internet.
> > > > '
> > > > --
> > > > Garry Starck
> > > > MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
> > > >
> > > >
> > > > "Emma K" wrote:
> > > >
> > > > > Wondering if anyone could help... I'm having trouble with some LDAP
> > > > > connections for Mimesweeper for Web and wondering if i've missed something in
> > > > > AD...
> > > > >
> > > > > AD - Version: 5.2.3790.3959 / Machine environment - XP SP3
> > > > >
> > > > > Created a test OU under the Accounts root folder and linked my new GPO's to
> > > > > it. Users are getting the policy ok when logging in except for access to the
> > > > > internet.
> > > > >
> > > > > Internet access is through a proxy server and website access is controlled
> > > > > through Mimesweeper for web. Existing LDAP connections to MS4Web are working
> > > > > correctly and the new LDAP connection for my test OU can see the test OU &
> > > > > the users underneath but MS4W thinks they are "non users"
> > > > >
> > > > > same LDAP server & log in credentials are being used as existing connections
> > > > > and any permissions on the test OU & GPO's appear to be the same.
> > > > >
> > > > > Em
RE: LDAP issues - mimesweeper for web & Active Directory [message #157053 is a reply to message #157038] Tue, 30 June 2009 06:08 Go to previous message
Emma K  is currently offline Emma K
Messages: 4
Registered: June 2009
Junior Member
Hi Gary,

I believe it to be similar with Mimesweeper.

The GPO is user config only and sets the Proxy/Port settings for internet
access & locks down the computer (run command etc). I don't believe the GPO
to be the issue here.

I think there is a permissions issue between AD and mimesweeper but am at a
loss - Mimesweeper can browse the folder structure in AD fine and can see
users, but it denies access to those users and classes them as "non-users"
when they try to access the intenet.

Em

"Garry Starck-MCITP Enterprise Admin" wrote:

> Hi Emma
>
> Confused: I have worked on on one 3rd party (Non MS Proxy/Firewall) and it
> was called SQUID. It would just import members of the Internet Access Allowes
> group once a day. Does Mimesweeper do the same?
>
> What is the exact requirement for GPO's, is this how you are assigning the
> Proxy and port addresses to these clients.
>
> How do you rate you GPO skill 1 to 10? Do you run RSOP.MSC on each client
> machine whilt the user in the test ou is looged in. Just incase you do not
> know, RSOP is Resultant Set of Policies. It will give you the same look as
> when you edit a GPO, but one shows the "Defined Entries" and next to each
> field, it has the GPO the was responsible.
>
> Are you maybe editing the Computer part of the GPO, and applying linking the
> GPO to an OU that has User objects/account as opposed the Comuter accounts.
>
> Like wise, if you make changes on the user part of a GPO and link it to an
> OU that only has PC accounts, nothing will happen.
>
> If both user and computer sections of a GPO are configured, then you would
> link the gpo lower down eg: link it to the London OU, because London has to
> sub OU's, a Users Accounts OU and a Computer accounts OU.
>
> So If this is the case, then remember, set the corresponding section of the
> GPO to the type of object that show get it.
>
> Advised please
> --
> Garry Starck
> MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
>
>
> "Emma K" wrote:
>
> > Hii Gary,
> >
> > On closer inspection the "Users" folder is still in the tree so the
> > "Accounts" folder will have been created vs being built-in.
> >
> > Mimesweeper for Web generates the LDAP bin path and we don't have the option
> > to edit them - they appear to be correct though:
> >
> > LDAP for the OU:
> > OU=XP Group Policy,OU=Accounts,DC=domain,DC=domain1,DC=domain2,DC=uk
> >
> > LDAP for a user:
> > CN=copyjack,OU=XP Group
> > Policy,OU=Accounts,DC=domain,DC=domain1,DC=domain2,DC=uk
> >
> > Em
> >
> > "Garry Starck-MCITP Enterprise Admin" wrote:
> >
> > > Hi Emma
> > >
> > > I take it the "Default (?)" means that these user accounts are withing the
> > > OU called Users which is built-in. If so, move them out, GPO's don't apply in
> > > this case and also, LDAP bin path is not OU=Users,DC=DOMAIN,DC=COM, but
> > > rather CN=Users,DC=DOMAIN,DC=COM as well as the default "Computers OU and any
> > > other Built-in OU. They are CN=?????, Not OU=?????
> > >
> > > Please advise if I am understanding your issue
> > >
> > > Regards
> > > --
> > > Garry Starck
> > > MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
> > >
> > >
> > > "Emma K" wrote:
> > >
> > > > Hi Gary,
> > > >
> > > > The Account roots OU is the default (?) OU under the domain - our
> > > > (simplified) structure is:
> > > >
> > > > Domain
> > > > - Accounts
> > > > - Admin Users (Admin User accounts OU)
> > > > - Wiltshire (Existing User accounts OU)
> > > > - Finance Users
> > > > - XP Group Policy Test (My test OU, XP GPO applied here)
> > > > - Finance Users XP (test users in here)
> > > > - Computers
> > > > - Groups
> > > > - Workstations...
> > > > etc...
> > > >
> > > > Em
> > > >
> > > > "Garry Starck-MCITP Enterprise Admin" wrote:
> > > >
> > > > > Hi Emma
> > > > >
> > > > > Can you elaborate on the "Accounts root Folder" part of "Created a test OU
> > > > > under the Accounts root folder and linked my new GPO's to
> > > > > it. Users are getting the policy ok when logging in except for access to the
> > > > > internet.
> > > > > '
> > > > > --
> > > > > Garry Starck
> > > > > MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
> > > > >
> > > > >
> > > > > "Emma K" wrote:
> > > > >
> > > > > > Wondering if anyone could help... I'm having trouble with some LDAP
> > > > > > connections for Mimesweeper for Web and wondering if i've missed something in
> > > > > > AD...
> > > > > >
> > > > > > AD - Version: 5.2.3790.3959 / Machine environment - XP SP3
> > > > > >
> > > > > > Created a test OU under the Accounts root folder and linked my new GPO's to
> > > > > > it. Users are getting the policy ok when logging in except for access to the
> > > > > > internet.
> > > > > >
> > > > > > Internet access is through a proxy server and website access is controlled
> > > > > > through Mimesweeper for web. Existing LDAP connections to MS4Web are working
> > > > > > correctly and the new LDAP connection for my test OU can see the test OU &
> > > > > > the users underneath but MS4W thinks they are "non users"
> > > > > >
> > > > > > same LDAP server & log in credentials are being used as existing connections
> > > > > > and any permissions on the test OU & GPO's appear to be the same.
> > > > > >
> > > > > > Em
Previous Topic:MSDTC event warning after AD transition
Next Topic:Active Directory is down
Goto Forum:
  


Current Time: Fri Oct 20 10:14:33 EDT 2017

Total time taken to generate the page: 0.06055 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software