Configure Domain Controller Time Syncronization with External Source


Clock

The PDC Emulator in your domain is the only system you should need to run this on. The rest of the systems should sync with this DC. I’ve included the commands below that you can run against your secondary DCs just to make sure they know what they should be doing. This is a rare thing to have to do … but I ended up having to do it today because the time source configured on our domain (long ago) stopped serving up time. WARNING: To much time skew between your current time and the updated time could cause serious headaches for your clients. WARNING!

On your PDC Emulator from an elevated command prompt:

Continue reading

Advertisements

Upgrade Steps Outline – DPM 2010 to 2012 SP1


System Center

What follows is the basic outline I followed to upgrade System Data Protection Manager 2010 – DPM – running on a Windows Server 2008 R2 host to DPM 2012 SP1. Obviously each step has small libraries of documentation you could read, warnings you could ignore, and whatnot – but if you’re simply looking to make sure you’ve got the right steps planned out, this is what I did to upgrade our setup:

Please note – I did this same set of steps across both of our systems (primary site and secondary site).

  1. Ensure Windows is up to date.
  2. Ensure DPM 2010 is up to date.
  3. Ensure you are running SQL Server 2008 R2 (I have SP1 — 10.50.2550.0)
  4. You are set to install DPM 2012 at this point. Install was simple – put in the disk, provide some passwords… next, next, next. Continue reading

Upgrade Steps Outline – SCVMM 2008 SP1 to 2012 SP1


 

System Center

What follows is the basic outline I followed to upgrade System Center Virtual Machine Manager 2008 SP1 running on a Windows Server 2008 R2 host to SCVMM 2012 SP1. Obviously each step has small libraries of documentation you could read, warning you could ignore, and whatnot – but if you’re simply looking to make sure you’ve got the right steps planned out, this is what I did to upgrade our setup:

  1. Make sure your OS / Data drive are at least 60 GB. You’ll need this for all the upgrades.
  2. Download SCVMM 2012 as well as SCVMM 2012 SP1. You can’t go straight to 2012 SP1 from 2008 SP1
  3. Upgrade SQL 2008 to 2008 R2 if you aren’t running it already. SCVMM 2012 SP1 doesn’t support 2008.
  4. BACKUP BACKUP BACKUP!
  5. Upgrade SCVMM to 2012
  6. Install SCVMM 2012 RU3  (http://support.microsoft.com/kb/2756127)
  7. Uninstall SCVMM 2012.
    I know, I know, but SCVMM 2012 does not support installation on Server 2012 and because there’s no direct upgrade path to SCVMM 2012 SP1 from 2008, you have to update the SCVMM database. Continue reading

Delete An Email From All Mailboxes – Exchange 2007


Ex-Mgmt-Shell

Another day, another user who decided to give away their username and password to a phishing email. Thankfully this time it happened on a Monday morning, the spammer was kind enough to send to my internal users, and even better sent a spam to our helpdesk email. In other words – they basically told me they were sending spam from one of our mailboxes.

I did the usual – disabled the account/changed the password, blocked the spam/phishing site, purged our (growing) mail queues. But this time I really wanted to get rid of the email. So…
Powershell (Exchange Management Shell) to the rescue. Continue reading

Script to Compare List of Email Addresses in Exchange


I was provided a list of email addresses of employees in a system that doesn’t interface with AD/Exchange and asked to validate those email addresses exist within our Exchange server. I figured the easiest way was to just script it (the list was close to 1000 people).  Total run time to compare the list was just a few seconds.

Here’s the (quite simplistic) script to accomplish the task.


$logFile = 'c:\scripts\IsAccountValid.log'

# Uncomment the entry below if not running from the EMS
# Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin

# Import the email addresses from text file
$Import=Get-Content "c:\Scripts\emailaddresses.txt"

ForEach ($address in $import) {
     $valid = get-mailbox -an $address
          If ($valid) {
          "$address is Valid" >> $logFile
          } else {
          "$address is Not Valid" >> $logFile
          }
}

WSUS 3.0 SP2 will not run after installing update 2720211


Let me clarify that post subject up there. KB2720211 FAILED to install on my server and at the same time absolutely FUBAR’d the entire thing to the point where Update Services wouldn’t even start. I had our lead programmer stop by this morning and tell me that his computer kept complaining about not being able to download updates… (Note to self — add that into Nagios as I appear to have forgotten).

Anway, what a mess. I logged onto the server and along with the MMC not opening, and being greeted with an IIS worker crash warning the event log was chock full of errors:

Event ID 1011: A process serving application pool ‘WsusPool’ suffered a fatal communication error with the World Wide Web Publishing Service. The process id was ‘7540’. The data field contains the error number.
Event ID 7031: The Update Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
Event ID 18456: Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’. [CLIENT: <named pipe>]
Event ID 7032: The WSUS administration console was unable to connect to the WSUS Server via the remote API.

I’m sure you get the point…

Anyway, it appears this was a fairly widespread issue (great QA work MS). I found one solution that worked for me – copied here (just in case):
Continue reading

Bulk Migrate User Home Directory in Active Directory


This summer I’m decommissioning an old file server that is no longer under warranty, and we have plans for it along with the iSCSI SAN it’s connected to. Slight problem though – even though I’ve configured our user shares to replicate around using DFS, for years the user creation script that was used for creating accounts hard coded the user home directory to this file server. With thousands of accounts – I’m not about to go and do all this by hand.

Enter Quest ActiveRoles Management Shell (free). Sure I could have used other tools – but I’ve got this one and I like it. Anyway, here’s the script I wrote to do this. Note:  It is likely not perfect, maybe not the most efficient way to handle this (definitely a bit slow), but it works and was ran against a few thousand user accounts.
Continue reading