SCCM Client : Reassign Sitecode

Hi Friends,

The below is the script which can be used to assign the sitecode for the SCCM Client PC remotely. There will be a scenario of changing the sitecode in the client computers after implementation of new SCCM server with different sitecode, or may be moving all the users from the earlier SMS to SCCM2007 environment of different sitecode. In this case, we can make use of the below VBScript to change the sitecode in the configuration client (SCCM Client) in all the clients remotely. The below scripts can be deployed using the GPO via Logon Script or using the remote execution of the scripts or even use remote script execution tools. The permission for the execution of the script in the client PC is obvious, for better practice can make use of the same SCCM admin account, which in turn will have the appropriate permission for the script execution.

#######

'replace with your Site Code

sSiteCode = "NEWSITECODE"

sMachine = "."

set oCCMNamespace = GetObject("winmgmts://" & sMachine & "/root/ccm")

Set oInstance = oCCMNamespace.Get("SMS_Client")

set oParams = oInstance.Methods_("SetAssignedSite").inParameters.SpawnInstance_()

oParams.sSiteCode = sSiteCode

oCCMNamespace.ExecMethod "SMS_Client", "SetAssignedSite", oParams

#######

Save the above file with the extension .vbs and replace "NEWSITECODE" with your sitecode accordingly.

Thanks

Logan

logu_microsoft@hotmail.com

New Features in Windows server 2008:

Hi Friends,

Getting busy on testing out some appl like SCCM 2007 and SCOM made me to stay away from blogging, so thought of writing one.

It’s been quite a time for windows server 2003, people already started using windows server 2008 and are happy with the new features available. This article gives you the new features available in Windows server 2008.

1. Role based installation

Windows server 2008 has quite number of roles in the server manager, which can be installed as when required. The below are the roles,

Active Directory Certificate Services

Active Directory Domain Services

Active Directory Federation Services

Active Directory Lightweight Directory Services

Active Directory Rights Management Services

Application Server

DHCP Server

DNS Server

Fax Server

File Services

Hyper-V

Network Policy and Access Services

Print and Document Services

Remote Desktop Services

Web Services (IIS)

Windows Deployment Services

Windows Server Update Services (WSUS)

In the above some of them are new features, which I will discuss later. Also some of the above features are specific to certain edition of the windows server 2008. Please check out http://www.microsoft.com/windowsserver2008/en/us/r2-compare-roles.aspx

2. Server core

One of the expected feature and most welcomed feature which going to drive Microsoft server OS forward is the server core feature. Like UNIX server environment, you can have the server core shell windows alone, no need of having GUI with fancy GUI drivers. But the optional GUI option also available. The trend of having the single shell for server operation in a Microsoft was a dream for most of the system administrator. This server core installation option allows us to install specific server role like DHCP or Print server. So all server operation can be done sufficiently in command prompt, no more GUI specific configuration stuffs required unlike previous versions.

3. Virtualization – Hyper V

Virtualization enables you to have multiple logical servers in a single server provided with all functionality like networking, dedicated memory, high performance, etc. Since virtualization as a technology is a revelation in IT because of its cost reduction. Already we have application like VMWARE and virtual PC making ways. Hyper V along with the server OS is definitely good. Just to make it interest, please check out the below link

http://www.milesconsultingcorp.com/Hyper-V-versus-VMware-Comparison.ASPX to find the comparison between the VMWARE and Hyper V.

4. Powershell

Powershell was as expected one. Since Powershell started making news from the release of the exchange 2007. The entire administrative task can be done with ease using the Powershell, which makes the system administrator life easier. Powershell has the built-in active directory related cmdlets which can be effectively used for multiple purposes.

5. Right Management Services

Data security has been taken to the next level by means of this service. We don’t have answers for the security on documents which the end users who have the access or the mails which have the sensitive information can be forwarded to anyone outside the organization. This service helps in preventing the above scenarios. Since it is integrated with the active directory helps in providing security for file level and also emails.

6. RODC – Read Only Domain Controllers

It is one of the new features which have excellent features in terms of both functionality and design. It provides solution for the scenario like most of the branch offices DC server lacks the quality administration, henceforth chance are there for poisoning the Home DC by replicating the faulty data’s. This RODC only acts as a Read only DC; it won’t be chance to write any data and resulting in no need of sending any update to the main office. So it is unidirectional update i.e., only from normal DC to RODC. RODC do wonders for multi-site work environment.

7. IIS 7.0

IIS 7.0 has been improved mainly in terms of security when compared to the IIS 6.0. I don’t know much about this application interiors, I leave it to you people to check out the new features from the link http://learn.iis.net/page.aspx/110/changes-between-iis-60-and-iis-7-security/ . These improvements are with respect to Authentication, Authorization, SSL, Web Service Extension Restriction List and IP restrictions.

8. Enhanced Terminal Services – Remote desktop Services

The former terminal service has been renamed to Remote desktop Services and which has been significantly improved. The features are the following.

RemoteApp – Server based remote application programs can be accessed in the local computer using the terminal services, which looks like normal execution of the local application.

Web Access – Using this they will be able to access the remote app programs through internet via browser.

Gateway – Using this feature the user will be able to take the remote connection from the outside LAN i.e., from public provided the TS gateway is configured.

9. Network access protection

Network access protection is the new features which mainly related the security. This policy enables us to have the control over the connection to domain network based upon some threshold compliance, in case of any systems which are sort of the threshold compliance; it will force the missing compliance and then allow the host to connect it to the LAN. For e.g., we have the deployed some security patches for all the users, one of the user who is not part of this activity came after a long vacation. There is a chance for some security lapse; here comes the role of NAP to enforce the missing one.

10. Group Policy Management Improvements.

Group Policy Management has many improvements in account policies, password policies, etc. We have special query option in the GPMC console in order to list out the policies which are set or also no need to search for a particular policy in the hierarchy can be easily searched with the namespace.

11. Windows Deployment Services:

Using this deployment services we can even able to deploy the OS. In previous version, this option was not available and also it can be achieved by application like SCCM. Windows Deployment service use the TFTP protocol and makes it comparatively faster. Moreover it has the option for Autocast or schedulecast deployment.

The above are main new features which come to my mind; Security of the Server OS is definitely improved much when compared to the earlier versions.

Hope the above information is useful.

Thanks

Logan

Logu_microsoft@hotmail.com

Logon Event 528 Log:

This article explains about finding the user logon details using the normal event log and also how to interpret to event log details. In server side, environment it is always wise to have the user logon and logoff audits. If you check for the event log 528 under the security logs, you will find some of the positive hits. The typical 528 log entry will have the below information,

• user name
• domain
• logon id
• logon type
• logon process
• authenication package
• workstation name

In Particular, logon type is the one which needs to be paid attention.

2	Interactive	User logged on to the computer's console.
3	Network	User logged on to the computer over the network (e.g., through a drive mapping). Note: On Win2K and later systems, event ID 528 doesn't log this logon type; for network logons, Win2K and later OS versions log event ID 540 with logon type 3.
4	Batch	Batch logon (commonly logged when a COM+ server component starts up).
5	Service	Service logon (required by user accounts configured as account for services).
7	Unlock	Workstation unlocked.
8	NetworkCleartext	Network logon, but with a clear-text password. By default, Windows doesn't allow clear-text password logons unless you explicitly enable them. (However, all versions of Microsoft IIS use clear-text passwords for Basic authentication.)
9	NewCredentials	User used alternative credentials to connect to a resource on the network or used the RunAs command to start programs under a different user account.
10	RemoteInteractive	User logged on to the computer remotely using Terminal Services or Remote Desktop.
11	CachedInteractive	Domain user logged on with cached credentials. Usually logged when a traveling user logs on to a notebook with his or her domain account but no domain controller (DC) is available. Note that event ID 537, not event ID 528, logs this event.

Using the above, we can find the exact mode of logon and also the user details.

Hope the above is useful.

Thanks

Logan

Logu_microsoft@hotmail.com | 971552596187

Virtual Memory Fragmentation Exchange

Virtual Memory:

Virtual Memory is nothing but making your hard disk acts as a temp space for swapping the data from the RAM when it is busy or fully occupied. The Process of exchanging/swapping the data back and forth from hard disk and RAM is called Thrashing. The area of the hard disk which stores the RAM data is called Page files, have a .SWP extensions.

In exchange server too allocations of the virtual memory plays a vital role for the efficient functioning of the exchange server. If the virtual memory allocation is not up to the mark, which results in hitting the performance of the exchange server in greater extend.

The below are the way to optimize the virtual memory related issues.

1. Adding the /3GB switch in the boot.ini file.
2. Adding the /userva= where Number value ranges b/w 2970 and 3030. The recommended value is 3030

Eg., boot.ini file

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003" /fastdetect /3GB
or
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003" /fastdetect /userva=3030

The above option can be used only in pre windows server 2003 versions alone. In windows 2000, they have the below option for fine tuning the virtual memory.

1. Edit the "HeapDecommitFreeBlockThreshold" Registry key.
2. Set the “msExchESEParamCacheSizeMax” value via ADSIEDIT.
3. Also the value “msExchESEParamMaxOpenTables” value has to be set appropraitly via ADSIEDIT.
Please let us know if you have any questions.
Thanks
Logan
9841499143

Outlook Web Access – OWA in Exchange 2007:

In this article, we are going to discuss all the new features that are available in the exchange 2007 OWA and also related configuration. The OWA is handy for many users in accessing their email when compared to the outlook client when they are out of their organization, probably when they are travelling different places. They will be able to access their email with ease even though they don’t have the laptop.

Key new OWA features:

1.Web ready documents allow opening office docs.
2.Email headers view.
3.Customizable toolbars.
4.Out of Office configuration.
5.Deleted Item recovery.
6.Instant language options.
7.Cleaner Calendar reminders.
8.Multiple calendars and drag gable appointments.
9.Mobile device configuration options.
10.Change password interface.
11.Open other’s mailbox within OWA.

Light vs. Premium Client

Light Version:
1.For non-IE browsers.
2.For slow connections.
3.For older systems.
4.Most secure/best for kiosks
5.Contains basic access to all resource types.

Full Version:
1.More feature-rich.
2.Deeper interaction with mailbox content.
3.Drag and drop.
4.Access to file servers and SharePoint.

Thanks

Logu

Logu_microosft@hotmail.com
91-9841499143

Address List:

In this article, we are going to discuss about the functions of the address list in exchange server 2007 version. In simple words, address list contains the classified details of the contact address (user’s email address, mail contacts, public folder email address, distribution email address, etc). The address lists are built to make lookups more useable than the basic Global Address List. The Global Address list contains all the address in the exchange directory (in short contains all mail enabled objects), and by default this is available in all email clients. This pre-canned address book will suffice for small-midsized businesses. The custom address list can be created as per your company needs.

Global Address List:

1. A list from the AD with all mail-enabled containers in it.
2. By default, it is provided to every user within Outlook and OWA.
3. Additional GALs can be created for hosting environments that need isolation.

Offline Address Book:

1. Allow users to get AD info while offline.
2. It is available to both internal and external users.
3. Are distributed via web-site and via Public folder.

Dynamic Distribution Group:

1. Groups can be built based on AD properties like Department, State or Company.
2. Dynamic security group is not feasible; one dynamic distribution group is possible. For example, Suppose I need to create a group on the basis of company name and city location (custom attribute1). The above can be done by creating the dynamic distribution group. Any new addition which matches the above condition will be automatically added to the distribution group, that’s the reason why it s called as Dynamic.
3. Especially useful for location-specific communications.
4. Can’t be used as security groups.
5. Create them in the Group sub-node of the Recipient node.
6. Non-wizard filtering criteria can be used if you use the New-DynamicDistributionGroup cmdlet.
#New-DynamicDistributionGroup –Name “Groupname” –Alias “ABC_Company” –IncludedRecipeints “MailboxUsers,MailContacts” – OrganizationalUnit “Domain.com/Users” –ConditionalCompany “Domain”

Best Practice:

1.Address List:

a. Don’t create any unless you really need them, and then keep it simple.
b. Make list names clearly descriptive of contents.

2.Global Address List:

a. Stick with the default one if at all possible.
b. Create new ones only for client based isolation.

3.Dynamic Distribution List:

a. Make use of this group.
b. Don’t forget about the value of the non-wizard Dynamic lists.

Hope the above is informative.

Please feel free to contact me for any questions.

Thanks
Logu

Logu_microsoft@hotmail.com
91-98414 99143.

Public folder in the exchange server 2007:

In Simple words, the Public folder is just like a general forum which is used for posting mails, documents and other common information. Actually, usage of public folder has been overcome by SharePoint portal services. Exchange server 2007 is de-emphasized i.e., there is no change or improvement in the public folder architecture in the 2007 version. Microsoft no more support public folders. This article explains the working of the public folders in the exchange 2007 server.

Public folder function:

1. Public folder data is kept in the public folder database.
2. Multiple replicas of a public folder can be maintained on separate servers.
3. Any sort of folder data can be kept in a public folder.
4. Public folders can be given their own email address.
5. You can configure Send-as permission on a public folder.

Public folder Creation:

In the EMC, go to toolbox PFMC – Public folder management console.

#New-Publicfolder –name TESTPUBLICFOLDER –path ‘\’ –server ‘servername’

Assigning PF Permission and PF Email address:

1.Setting Permission can be done from Outlook or the EMS.

2.There are two ways to give admin permission via EMS:

a.Add-PublicFolderadministratorPermission - Per-PF.
b.Add-ExchangeAdministrator - General Admin rights, including to PF root.

3.The easiest way is to use Add-PublicFolderClientPermission to assign ownership

#Add-PublicFolderClientPermission –Identity \TESTPUBLICFOLDER –User USERALIASNAME –AccessRights FolderOwner

4.Check permission of the PF using the Outlook or in EMS with

Get-PublicFolderClientPermission
Set perms with Add/Remove/Set-PublicFolderClientPermission

#Get-PublicFolderClientPermission \TESTPUBLICFOLDER list

5.You can use either the EMC or the EMS to mail-enable a public folder.
#Enable-MailPublicFolder \TESTPUBLICFOLDER

6.Check whether a PF is mail-enabled

#Get-PublicFolder list mailenabled
#Get-MailPublicFolder

7.Send-As Permission can be done in the console.

Hope the above is informative.

Please feel free to contact me for any questions.

Thanks

Logu

Logu_microsoft@hotmail.com

91-98414 99143.

Best Practices for FSMO role placement:

In an Active Directory environment, some of your domain controllers (DCs) must be assigned certain special roles for your network to function properly. These special roles are called flexible single master operations (FSMO) roles, and DCs that hold such roles are called FSMO role holders. If you don't assign these roles properly, bad things can happen, so the focus of this article is on rules for proper placement of FSMO roles on AD-based networks. But before we proceed, please refer my blog session on FSMO roles.

Symptoms of FSMO Problems:

If one or more of your FSMO role holders has problems, bad things can happen. To help you troubleshoot such situations, the table below describes some of the symptoms that can occur when FSMO role holders go missing or don't work properly.

Symptom:

1. PDC Emulator
1. Users can't log on - If system clocks become unsynchronized, Kerberos may fail.
2. Can't change passwords - Password changes need this role holder.
3. Account lockout not working - Account lockout enforcement needs this role holder.
4. Can't raise the functional level for a domain - This role holder must be available when the raising the domain functional level.
2. RID Master
1. Can't create new users or groups - RID pool has been depleted.
3. Infrastructure Master
1. Problems with universal group memberships - Cross-domain object references need this role holder.
4. Domain Naming Master
1. Can't add or remove a domain - Changes to the namespace need this role holder.
2. Can't promote or demote a DC - Changes to the namespace need this role holder.
5. Schema Master
1. Can't modify the schema - Changes to the schema need this role holder.
2. Can't raise the functional level for the forest - This role holder must be available when the raising the forest functional level.

Rules for FSMO Role Placement

Since FSMO roles are crucial for the proper functioning of an AD-based network, it's a good idea to get them right from the planning stage of your deployment. By default, when you install the first DC of your forest root domain, this first DC holds all five FSMO roles. When you install the first DC of any other domain in your forest, that DC will hold all three domain FSMO roles (PDC Emulator, RID Master, and Infrastructure Master). Depending on the complexity of your network, this FSMO role must be placed.

Rule 1: The PDC Emulator and RID Master roles should be on the same machine because the PDC Emulator is a large consumer of RIDs.

Tip: Since the PDC Emulator is the role that does the most work by far of any FSMO role, if the machine holding the PDC Emulator role is heavily utilized then move this role and the RID Master role to a different DC, preferable not a global catalog server (GC) since those are often heavily used also.

Rule 2: The Infrastructure Master should not be placed on a GC.

Tip: Make sure the Infrastructure Master has a GC in the same site as a direct replication partner.

Exception 1: It's OK to put the Infrastructure Master on a GC if your forest has only one domain.

Exception 2: It's OK to put the Infrastructure Master on a GC if every DC in your forest has the GC.

Rule 3: For simpler management, the Schema Master and Domain Naming Master can be on the same machine, which should also be a GC.

Exception: If you've raised your forest functional level to Windows Server 2003, the Domain Naming Master doesn't need to be on a GC, but it should at least be a direct replication partner with a GC in the same site.

Rule 4: Proactively check from time to time to confirm that all FSMO roles are available or write a script to do this automatically.

Tip: If any FSMO role holders at a remote site are unavailable, check first to see if your WAN link is down.

Hope the above is informative.

Please feel free to contact me for any questions.

Thanks

Logu

Logu_microsoft@hotmail.com

91-98414 99143.

SMTP Connectors in Exchange server 2007:

This article explains the working of SMTP Connectors and new SMTP topology in the exchange server 2007 when compared to the previous versions. Simple Mail Transfer Protocol is a protocol used for sending messages between different servers. Because most email systems that are connected to the internet uses SMTP as a messaging standard. In exchange server 2003, SMTP relies on the service provided by the Windows OS, whereas in exchange 2007 has its own built in SMTP with interesting new features.

SMTP Connectors:

In exchange, the SMTP connectors are the logical representations of connections between a source and destination server. In previous version of exchange, SMTP connector is used for both incoming and outgoing message flow, i.e. two way communications for message flow. But in exchange server 2007, the concept of the SMTP Connector is classified into two types Send Connector and Receive Connector. Each of these types of connector represents a one way communication.

Receive Connectors:

1. Acts as an incoming point for SMTP traffic.
2. Actively listens for all incoming connections.
3. The parameters like Number of active connections allowed, Maximum incoming message size and Maximum recipients per message can be set in the Receive Connector.

Send Connectors:

1. Used for relaying outgoing SMTP communications.
2. It is not scoped to single server or single point, the end message is addressed to remote destination and reaches the appropriate Connector.

Hope the above is informative.

Thanks
Logu

logu_microsoft@hotmail.com
91-98414-99143

Information Rights Management:

Introduced in Microsoft Office 2003 products, Information Rights Management (IRM) helps organizations protect digital information from unauthorized use. By integrating with a Windows Server 2003 technology called Microsoft Windows Rights Management Services (RMS), IRM enables workers to define how a recipient can use the information contained in a Microsoft Office document. Users can define exactly who can open, modify, print, forward, or take other actions with protected documents. In addition, users can specify an expiration date, after which the document cannot be viewed or acted upon.

To create IRM-protected documents and email messages, the sending user must be using the Professional or Enterprise version of Office 2007. Users of Office Standard 2007 can still read and use IRM-protected documents, but cannot create them or apply policies to email messages. The exchange server 2003 must have the windows Rights Management Services (RMS) to be installed, so that the end users will be able to protect their mail with the information rights management services.

Thanks
Logu

logu_microsoft@hotmail.com
91-9841499143

Understanding DSProxy, DSReferral, DSAccess and the Categorizer:

This article explains the features and natures of the important topology in Exchange environment called DSPROXY, DSACCESS and Categorizer. We already aware that both AD and Exchange are highly integrated, the relationship b/w AD and exchange is more complex and often misunderstood. Exchange server uses two services – Dsproxy and Dsaccess – to access the GC Global Catalog. We already know what is Global Catalog?, if not please keep in mind that Global Catalog is a database which contains the partial replicas of the directories of other domains and contains subsets of the AD attributes of all the objects in the forest( for e.g., attributes like email address). Dsproxy is an exchange specific service, whereas Dsaccess is a Windows service in turn used by the exchange server.

Dsproxy:

1. In general, Outlook 2000 clients and above can access the GC directly, but the old outlook client doesn’t.
2. To address the above lack of access, exchange server provides a proxy service called Dsproxy, acts as an intermediary b/w client and the GC.
3. Dsproxy works as a facilitator to allow outlook clients to access information within the AD through the Name Service Provider Interface (NSPI).

Dsreferral:

1. Since the dsproxy helps outlook client to reach the GC directly. Dsreferral also enhance or work to facilitate dsproxy.
2. Dsreferaal is used especially when exchange server not running on GC server. In such cases, DS Referral has the capability to update the Outlook 2000 client's MAPI profile with an appropriate GC server.





Dsaccess:

1. In general, the exchange server shares the GC functionality with the other AD services, It is important to reduce the impact of exchange server queries on GC. Dsaccess become solution for this.
2. Dsaccess implement a cache that stores recently accessed information for a configurable length of time. This cache reduces the number of direct query on GC drastically.

Role of the Categorizer:

The SMTP Categorizer is a component of Exchange that is used to submit mail messages to the proper destination. When a mail message is sent, the Categorizer queries the DSAccess component to locate an Active Directory server list, which is then directly queried for information that can be used to deliver the message. Problems with the Categorizer are often the cause of DNS or AD lookup issues. When troubleshooting mail-flow problems, please use message tracking in Exchange Server 2007 to find the course of a message. If the message stops at the Categorizer, it is often wise to start troubleshooting the issue from a directory access perspective.

Hope the above the information is short and informative.

Thanks

Logu
logu_microsoft@hotmail.com

91-98414 99143

Moving 2003 Domain Controller to new machine

Hi friends

This article explains the steps to be followed when moving 2003 DC from to new built server machine. In small organisation, after some period moving DC to new server hardware happens in common. The following gives you the step by step procedure for moving domain controller to the new hardware.

Let us consider the servername as oldserver and newserver and domainname as test.com. The oldserver is the PDC with active directory integrated DNS.

Initail configuration of newserver:

1. Install the server OS, latest SP and patches.
2. Join in test.com domain.

Configure as Additional DC:

Use Dcpromo to promote the newserver as the additional domain controller.

Configuring DNS Server:

Install DNS in newserver as primary active directory integrated by giving the domain name as test.com. Add oldserver as name server and also in vice versa. Allow zone transfer between the name servers. After some time, ie, once the replication is over, change the oldserver as secondary dns server. Now the name resolution part is complete.

Test Connectivity with DCDIAG:

Use Dcdiag.exe support tool to test the connectivity between the DC's.

Role Transfer:

Now using the ntdsutil, we transfer the roles from the oldserver to the newserver.

C:\ntdsutil
Ntdsutil: roles
Fsmo maintenance: connections
Server connections: connect to server servername
Server connections: q
Fsmo maintenance: Transfer domain naming master or
Transfer infrastructure master or
Transfer PDC or
Transfer RID master or
Transfer schema master


Test the role transfer succesful completion sattus using the below command

dumpfsmos servername (here in our eg, dumpfsmos newserver)

Now, the newserver is your primary domain controller for the domain test.com

Thanks

Logu
logu_microsoft@hotmail.com
91-98414-99143

Group policy update forcing

Hi friends

To force the client machine to get the recent group policy from the server use the below options,

For 2000 Clients :

* SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE:

Immediately imposes group policy object settings located within the "machine" node of relevant group policy objects.

* SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE:

Immediate imposes group policy object settings located within the "User" node of the relevant group policy objects

For XP Clients:

gpupdate - To update the group policy in the client machine.

gpresult - To view the resultant set of applied policy to the client machine from the server.

Thanks

Logu
logu_microsoft@hotmail.com
91-98414-99143

Server NT Vs Server 2000

Hi friends

This articles give the compare and contrast chart of features between server NT and server 2000. The following points in each category makes comparison respectively.

SERVER NT:

1. SAM(Security account manager) database for user acc creations
2. No AD
3. PDC, BDC(has no write permission) env
4. No fsmo roles
5. Dhcp works independently
6. No ICS,NAT,VPN,RRAS,ATM
7. No IE 4.0 and IE 5.0
8. No NLB and Clustering
9. No predictable end to end ,QOS
10. No IAS,RADIUS,Kerberos V5
11. No EFS
12. No development support
13. No terminal services
14. No IIS 5.0 ,ASP
15. No IPP(Internet printing protocol)
16. No disk quota,DFS,etc

SERVER 2000 :

1. No SAM Database, inspite AD is used
2. AD Env (adv features integrates features like ease mgmt,centralized replication,etc)
3. PDC,ADC environment
4. Fsmo(flexible single master operation role) for replication b/w DC
5. Dhcp works paralelly with dns and AD
6. ICS,NAT,VPN,RRAS,ATM are added features
7. IE 4.0 and IE 5.0 supports Http compression
8. Supports NLB(network load balancing) and Clustering
9. Has predictable end to end ,QOS(quality of services)
10. Has improved authentication strategy like IAS,RADIUS,Kerberos V5
11. Support EFS(Encryption file system)
12. Has development support (VB 6.0)
13. Has terminal services
14. IIS 5.0, ASP are present
15. IPP(Internet printing protocol) are present
16. Disk quota mgmt,DFS are available

Thanks

Logu
logu_microsoft@hotmail.com
91-98414-99143

Windows Shortcut Run Commands:

Hi friends,

I have seen many system administrator use to work fast while using their desktops and used to admire it. They never use mouse or surf through the start menu for reaching the particular application. So this article gives you the idea about the shortcuts for the run commands.

Working of Run Commands:

Each and every application will be having a executable file for its application and the respective core content will be stored in some executable path. Initially PATH variable will be set in the environmental variable settings tab.
(in my PC, it may have more values also in your PC)
$PATH = C:\Program Files\Support Tools\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;
C:\WINNT\Microsoft.NET\Framework\v2.0.50727;C:\sbin\svn\bin;C:\Program Files
\QuickTime\QTSystem\

Creating Shortcuts:

Creating shortcuts of your wish for particular application and for folders or files is also possible. Let me give a quick example suppose you want to create a shortcut for particular folder in some path.

1. Create folder say c:\shortcuts
2. Open Environmental settings tab of your computer and add "c:\shortcuts" to $PATH.
3. Right Click the folder you want to make shortcuts and create shortcut.
4. Rename the shortcut if you wish.
5. Paste the shortcut into "c:\shortcuts"

To test Open --> Run --> "shortcut name" . It will open the folder for which we have created the shortcut before.

Some Windows Run Commands:

1. Accessibility Controls - access.cpl
2. Add Hardware Wizard - hdwwiz.cpl
3. Add/Remove Programs - appwiz.cpl
4. Administrative Tools - control admintools
5. Automatic Updates - wuaucpl.cpl
6. Bluetooth Transfer Wizard - fsquirt
7. Calculator - calc
8. Certificate Manager - certmgr.msc
9. Character Map - charmap
10. Check Disk Utility - chkdsk
11. Clipboard Viewer - clipbrd
12. Command Prompt - cmd
13. Component Services - dcomcnfg
14. Computer Management - compmgmt.msc
15. timedate.cpl - ddeshare
16. Device Manager - devmgmt.msc
17. Direct X Control Panel (If Installed)* - directx.cpl
18. Direct X Troubleshooter - dxdiag
19. Disk Cleanup Utility - cleanmgr
20. Disk Defragment - dfrg.msc
21. Disk Management - diskmgmt.msc
22. Disk Partition Manager - diskpart
23. Display Properties - control desktop
24. Display Properties - desk.cpl
25. Display Properties (w/Appearance Tab Preselected) - control color
26. Dr. Watson System Troubleshooting Utility - drwtsn32
27. Driver Verifier Utility - verifier
28. Event Viewer - eventvwr.msc
29. File Signature Verification Tool - sigverif
30. Findfast - findfast.cpl
31. Folders Properties - control folders
32. Fonts - control fonts
33. Fonts Folder - fonts
34. Free Cell Card Game - freecell
35. Game Controllers - joy.cpl
36. Group Policy Editor (XP Prof) - gpedit.msc
37. Hearts Card Game - mshearts
38. Iexpress Wizard - iexpress
39. Indexing Service - ciadv.msc
40. Internet Properties - inetcpl.cpl
41. IP Configuration (Display Connection Configuration) - ipconfig /all
42. IP Configuration (Display DNS Cache Contents) - ipconfig /displaydns
43. IP Configuration (Delete DNS Cache Contents) - ipconfig /flushdns
44. IP Configuration (Release All Connections) - ipconfig /release
45. IP Configuration (Renew All Connections) - ipconfig /renew
46. IP Configuration (Refreshes DHCP & Re-Registers DNS) - ipconfig /registerdns
47. IP Configuration (Display DHCP Class ID) - ipconfig /showclassid
48. IP Configuration (Modifies DHCP Class ID) - ipconfig /setclassid
49. Java Control Panel (If Installed) - jpicpl32.cpl
50. Java Control Panel (If Installed) - javaws
51. Keyboard Properties - control keyboard
52. Local Security Settings - secpol.msc
53. Local Users and Groups - lusrmgr.msc
54. Logs You Out Of Windows - logoff
55. Microsoft Chat - winchat
56. Minesweeper Game - winmine
57. Mouse Properties - control mouse
58. Mouse Properties - main.cpl
59. Network Connections - control netconnections
60. Network Connections - ncpa.cpl
61. Network Setup Wizard - netsetup.cpl
62. Notepad - notepad
63. Nview Desktop Manager (If Installed) - nvtuicpl.cpl
64. Object Packager - packager
65. ODBC Data Source Administrator - odbccp32.cpl
66. On Screen Keyboard - osk
67. Opens AC3 Filter (If Installed) - ac3filter.cpl
68. Password Properties - password.cpl
69. Performance Monitor - perfmon.msc
70. Performance Monitor - perfmon
71. Phone and Modem Options - telephon.cpl
72. Power Configuration - powercfg.cpl
73. Printers and Faxes - control printers
74. Printers Folder - printers
75. Private Character Editor - eudcedit
76. Quicktime (If Installed) - QuickTime.cpl
77. Regional Settings - intl.cpl
78. Registry Editor - regedit
79. Registry Editor - regedit32
80. Remote Desktop - mstsc
81. Removable Storage - ntmsmgr.msc
82. Removable Storage Operator Requests - ntmsoprq.msc
83. Resultant Set of Policy (XP Prof) - rsop.msc
84. Scanners and Cameras - sticpl.cpl
85. Scheduled Tasks - control schedtasks
86. Security Center - wscui.cpl
87. Services - services.msc
88. Shared Folders - fsmgmt.msc
89. Shuts Down Windows - shutdown
90. Sounds and Audio - mmsys.cpl
91. Spider Solitare Card Game - spider
92. SQL Client Configuration - cliconfg
93. System Configuration Editor - sysedit
94. System Configuration Utility - msconfig
95. System File Checker Utility (Scan Immediately) - sfc /scannow
96. System File Checker Utility (Scan Once At Next Boot) - sfc /scanonce
97. System File Checker Utility (Scan On Every Boot) - sfc /scanboot
98. System File Checker Utility (Return to Default Setting) - sfc /revert
99. System File Checker Utility (Purge File Cache) - sfc /purgecache
100. System File Checker Utility (Set Cache Size to size x) - sfc /cachesize=x
101. System Properties - sysdm.cpl
102. Task Manager - taskmgr
103. Telnet Client - telnet
104. User Account Management - nusrmgr.cpl
105. Utility Manager - utilman
106. Windows Firewall - firewall.cpl
107. Windows Magnifier - magnify
108. Windows Management Infrastructure - wmimgmt.msc
109. Windows System Security Tool - syskey
110. Windows Update Launches - wupdmgr
111. Windows XP Tour Wizard - tourstart
112. Wordpad - write
113. Microsoft Outlook - Outlook
114. Microsoft Word - Winword
115. Acrobat Reader - Acrord32
116. Active Dir Users and Comp - Dsa.msc
117. Routing and remote access - Rrasmgmt.msc
118. DNS - Dnsmgmt.msc
119. Add/remove Programs - Appwiz.cpl
120. Display property - Desk.cpl

Thanks

Logu
logu_microsoft@hotmail.com
91-98414-99143

Important Port Numbers

Hi friends

This articles gives you the list of important port numbers. The knowledge of the important port numbers are vital in terms of managing the domains and services. The below are list of important port numbers,

FTP(DATA) 20,21

TELNET 23

SMTP 25

HTTP 80

Kerberos 88

POP3 110

NNTP 119

RPC 135

IMAP4 143

LDAP 389

HTTPS 443

SMB 445 - Log shipping and DB seeding

SMTP(SSL) 465

LDAP(SSL) 636

Routing Group Master 691

IMAP4(SSL) 993

POP3(SSL) 995

Global Catalog 3268,3269

RDP 3389

Tcp/ip - 64327 - for exchange DAG log shipping and DB seeding

Thanks

Logu

Logu_microsoft@hotmail.com

91-9841499143

FSMO Roles

Hi friends

In active directory , FSMO roles plays a pivotal part. The analogy behind this concept is very interesting and also gives you the whole picture of whats happens when new object is created and how it is replicated to all parts.

In windows NT, we have the concept of single master operation.PDC(primary domain controller) will have the write copy of the SAM(Security accounts database manager) database and other DC(called BDC-Backup Domain Controllers) will have the read copy alone. Active Directory overcomes this by allowing the write copy for all domain controllers in windows 2000/2003 server environment. Any change in one DC is automatically replicated to all DCs, referred as multi-master replication. Why we need FSMO roles? , the answer is what happen when we make same changes in different DC at the same time, will result in conflicting data in the AD database. To avoid this conflict, they derived out concept called Flexible Single Master Operation roles, shortly called as FSMO roles. There are five distinct roles available each have its own functions. They call first two roles as forest level roles and the other three roles as the domain level roles.

Schema Master :
1.Controls all updates and modifications to the AD schema.
2.Schema update completed, schema master replicate all data to other DCs.
3. There can be only one schema master in the whole forest.

Domian Naming Master :
1.Controls the addition or removal of domains in the forest.
2.add or remove domain can be possible only by domain naming master.
3.There can be only one domain naming master in the whole forest.

Infrastructure Master :
1.Responsible for updating an object's security identifier and distinguished name in a cross domain object references.
2.At any one time, there can be only one infrastructure master in each domain.
3.DC with infrastructure master should not be a global catalog server. This is because GC holds a partial replica of every object in the forest and updating the object in the cross domain object reference in that domain will not be updated and threw error in the event log.This is not the case when all DCs in the domain are global catalog.

RID Master :
1.Responsible for processing RID(Relative Identifier) pool requests from all DCs in a particular domain.
2.unique RID = RID pool range + SID(security identifier)
where
RID pool range = allocated number range for all DC in the domain
SID = unique identifier each and every object created in any DC within a particular domain.
3.There can be only one RID master for that particular domain.

PDC Emulator :
1.Responsible for synchronizing time with in an enterprise.
2.PDC(Primary Domain Controller) emulator of a domain is authoritative for that domain and the forest root domain becomes authoritative for the enterprise.
3.Password changes in any DCs are replicated to PDC emulator.
4.Authentication failure and account lockout are all processed by PDC emulator.
5.Support the Windows NT 4.0 based PDC environment and earlier clients also.
6.There can be only one PDC emulator for that particular domain.

Commands for checking the FSMO roles :

The following are the commands through which you will be able to get the information of the different roles and their respective domain controllers.

1. dumpfsmos {servername}

2. dsquery server –hasfsmo {schema|rid|pdc|infrastructure}

3. dcdiag /test:knowsofroleholders /v

4. netdom query fsmo

To find the global catalog servers in your domain

dsquery server –isgc

dsquery server -domain damacholding.home –isgc

repadmin.exe /options * and use IS_GC for current domain options.

nltest /dsgetdc:corp /GC

Finally the functions of this roles been illustrated. Transferring and seizing of roles is the next step for the readers.

Please do post me if you have any questions.

Thanks
Logu
logu_microsoft@hotmail.com | 91-98414-99143