Re: [Fed-Talk] Fwd: ALERT! Replacement of PICA Domain by Active Directory NAE Domain
Re: [Fed-Talk] Fwd: ALERT! Replacement of PICA Domain by Active Directory NAE Domain
- Subject: Re: [Fed-Talk] Fwd: ALERT! Replacement of PICA Domain by Active Directory NAE Domain
- From: George Polich <email@hidden>
- Date: Thu, 24 Mar 2005 17:15:52 -0500
Title: Re: [Fed-Talk] Fwd: ALERT! Replacement of PICA Domain by Active Directory NAE Domain
First a question to the Apple Reps: Tiger is supposedly about 2 – 4 weeks out from release. Tiger was supposed to implement native NTLMv2 which was the crux of the problem with AD access. Is there any update on this issue?
Our organization went to AD late last fall. I am currently having only moderate problems with that. Also Netcom left it up to regional administrators about allowing Macs; right now, mine does — reluctantly — but doesn’t provide any support over and above what they would ordinarily do to support Wintel machines. And, by the way — the rule is that: the Macs can not “join” the AD. That means they won’t have access to shared servers and folders. But, they can be plugged into the NIPERNET; that was not prohibited.
1. I am using Admit MAC™ to provide NTLMv2 authentication to “join” the AD and have no problem accessing shared drives and folders in the “Finder”. I click the “Network” icon in the Finder window and it displays all the servers. Clicking a server and the “connect” icon will allow connection to any shared folder for which I have permissions, and mount it in the Finder.
2. However. What stopped working, and is a pain in the a__, was Entourage. I was connecting to an Exchange 5.5 server using the IMAP settings in Entourage (can’t use the “Exchange” settings unless the mail server is running Exchange 2003; ours isn’t, yet). Once the mail server was migrated (it actually came later than the users in order to bring a new box on line as well) I could no longer connect. I keep getting a “permissions” not correct error for the new server; yet the system administrators swear on all they hold holy that no changes were made in the parameters of the new server. (And see above — if the PCs aren’t having a problem, they have no obligation to spend time to troubleshoot.)
3. Solution to #2 was to use MS Virtual PC™ and MS Outlook™. That works fine (be sure to use the “Virtual Switch” in the VPC Lan settings so that the PC has its own separate IPA. I am still using VPC 6.1, not the newer version 7 because — even though it is now listed on the Army’s blanket contract along with the other MS products — our people can’t seem to figure out how to order it.
4. If you have a spare Wintel machine, the use of MS Remote Desktop Connection (free download from the Microsoft Mac site) is orders of magnitude faster than VPC. The Mac does not have to be “joined” to AD only plugged into the NIPERNET to access the Windows workstation. The only problem there is that Windows is not truly multitask, multithreaded, multiuser. So, only one person at a time can use the Wintel box. If you are logged in on your Mac, no one else can use that workstation; if someone is using that workstation, you can’t login from the Mac. If you have an extra ethernet cable/port and minimum configured box (laptop works also) to slip under your desk (and you don’t travel like me to need files on your physical Mac) this is the better way to go. The box doesn’t need a display (or even a keyboard except for the initial boot to get past the POST) -- boot it up and leave it running in the closet. They want you to do that anyway so that patches and software can be deployed to the workstations. The Mac’s drive(s) can be made to show up in the Windows “My Computer” window to copy/move files back and forth.
George Polich
Army PA Center
On 24/03/2005 16:12, "John Niles" <email@hidden> wrote:
Does anyone on this list have any suggestions?
Begin forwarded message:
From: "Ju, Wilfred T Dr. [Contr (JCI)]" <email@hidden>
Date: March 24, 2005 3:56:04 PM EST
To: Picatinny Official <email@hidden>
Cc: Picatinny Systems Administrators <email@hidden>, IT CORs <email@hidden>
Subject: ALERT! Replacement of PICA Domain by Active Directory NAE Domain
As was previously announced by LTC Seitz, Picatinny Arsenal is in the
midst of changing our data network communications environment to
Microsoft Active Directory. This action has been mandated by HQDA. The
Network Enterprise Technology Command (NETCOM) has sent experts from
Internosis, Inc. to guide our efforts.
Changes you will see:
1. We will become a part of the North America East Domain, NAE.
2. PICA domain will be decommissioned.
3. Your login id will change from your current PICA login to your
AKO account login ID.
4. Your NAE password will be the same as your PICA password (not
your AKO password).
5. Your local e-mail ID will remain unchanged.
6. Your node name will change to a DA mandated (and boring) AD
compliant nodename, which will probably start with PICAWKxxxxxx.
7. Windows servers will have their names changed, but we will
attempt to maintain applications using aliases back to the old names ...
temporarily.
8. Apple Macintosh machines will not be supported for access to the
Active Directory NAE Domain.
9. LINUX and UNIX machines will not be supported for access to the
Active Directory NAE Domain. Servers will be addressed in a separate
message.
What do you have to do?
1. Check your machine's information in NETREG and make sure all
fields are up to date! THIS IS CRITICAL.
2. Check 411 and ensure that your location, current login ID, and
AKO id are correct.
Consequences if you ignore the conversion to Active Directory: You will
no longer have access to the Army network, including internal to this
installation.
Stay tuned for further missives, announcements, and progress reports.
Dr. Wilfred Ju
Head, IT Infostructure Dept.
Johnson Controls, Inc.
Picatinny Arsenal
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden