Active Directory Monitoring

This post is short but sweet. Meant for the lazy admin who needs to look under the hood of Active Directory. (See below)

www.touchysoftwaresolutions.com

Server CORE

Again, in this post, we are not working directly with Active Directory but yet another very cool option within the Windows Server 2008 family of products. The CORE!

The server core provides a Windows platform without the over head of the user interface. It has been said the user interface is responsible for more that 80% of Windows blue screens. It’s pretty obvious if eliminating this 80%, that your system will be more stable. (Not to mention reduces attack surfaces)
IM writing about the server CORE OS to expand on this topic to include the RODC (Read Only Domain Controller). IM going to stay brief and focus just on the main topics of interest. (preparing the server CORE server for DCPROMO)

Notes:
You cannot use the Active Directory Domain Controller Installation Wizard (Dcpromo.exe) on a server running Server Core installation. You must use an unattend file with Dcpromo.exe to install or remove the domain controller role.

Alternately, you can run Dcpromo.exe on another computer running Windows Server 2008 and use the wizard to save an unattend file that you can then use on the server running Server Core installation.

Dcpromo.exe will restart the computer immediately when the installation is complete or when Active Directory is removed unless RebootOnCompletion=No is included in the answer file.

No support for managed code in CORE server (Limited support for managed code in CORE server R2)(Managed code means = .Net Framework)

Windows Server 2008 R2, a script is available in the \Windows\system32 directory that allows you to configure most of the basic server settings (Sconfig.cmd)

Windows Server Core supports the following GUI's Task Manager,Notepad,Time & Date control panel applet, Regional Settings Applet.

Only clean installations are supported.

No upgrade path from server Core to Full versions of Windows Server 2008

PSEXEC tools can be utilized to run command line tools across the network interfacing with the server CORE system.

Core comes equipped with the necessary VBScript runtime code to launch commands directly from its console.

Windows PowerShell commands can be launched on your local desktop against a Server Core instance but you can't directly launch them within your Server Core instance. (Except in R2)

Server running a Server Core installation of Windows Server 2008 supports the following server roles:

• Active Directory Certificate Services (R2 Only)
• Active Directory Domain Services
• Active Directory Lightweight Directory Services (AD LDS)
• DHCP Server
• DNS Server
• File Services (including File Server Resource Manager)
• Hyper-V
• Print Services
• Web Server (including a subset of ASP.NET R2 ONLY)

Configuring TCP/IP after the OS is installed
Example: (Show interface name, set IP address, set DNS IP)
Netsh interface ipv4 show interfaces (the idx column will be the interface name)
Netsh interface ipv4 set address name=idx source=static address=192.168.0.2 mask=255.255.255.0 gateway=192.168.0.1

Netsh interface ipv4 add dnsserver name=idx address=192.168.0.100
Netsh interface ipv4 add WINSserver name="Local Area Connection" X.X.X.X index=Y

Example: (rename the computer in a domain)
Netdom renamecomputer %computername% /newname:MyNewServerName /userd:MyAccount@Mydomain.com /password:TrustMe /reboot:0
Example: (rename the computer in a workgroup)
wmic computersystem where name="%computername%" rename name="NEWNAME"

Example: Changing Local User Password
Net user USERNAME *

Example: (Join the domain)
netdom join /domain: /userd: /passwordd:*

Example:(Add accounts to local group)
net localgroup administrators /add \

Example: (Turn off the firewall)
Netsh advfirewall set allprofiles state off

Example: (Turn on remote access RDP) (2 Steps)
Winrm quickconfig (Select “Y” to create the listener)

From another computer RUN,
Winrs –r:MyRDPcomputerName cscript \windows\system32\scregedit.wsf /ar 0 Source
Local system = “cscript c:\windows\system32\scregedit.wsf /ar 0”

OR

netsh advfirewall firewall set rule group="Remote Administration" new enable=yes


Example:(Activate the server) (2 Steps)
Enter product key: slmgr.vbs –ipk
Activate: slmgr.vbs –ato

List drivers
sc query type= driver

Installing Drivers
Pnputil –i –a DRIVER.inf

Uninstalling Drivers
sc delete DRIVERNAME

Setting Permissions on File system
Use the command-line tool named “icacls”

Enabling automatic updates (default settings)
Cscript c:\windows\system32\scregedit.wsf /au 4

Disabling automatic updates
Cscript scregedit.wsf /AU /1

Restart the computer
shutdown /r /f /t 0

Install PowerShell (R2 Only)
start /w ocsetup MicrosoftWindowsPowerShell

Launch Powershell
c:\windows\system32\windowspowershell\v1.0\powershell.exe.

Windows Server 2008 R2, a script is available in the \Windows\system32 directory that allows you to configure most of the basic server settings (Sconfig.cmd)

When the server CORE OS & Networking components are configured to your liking, install some Roles or Features.



Note:



Using netsh on the server CORE, or by remotely using the MMC snap-in’s from another Windows Server 2008 server will assist in the configuration of install ROLES or Features.

The commands below are in reference to server CORE (non R2 systems)



List server Core components
oclist

Example (Installing roles)
start /w ocsetup “ROLEServerCore”
start /w ocsetup DHCPServerCore - (Installs DHCP)
start /w ocsetup DHCPServerCore /uninstall -(Uninstalls DHCP)

FRS-Infrastructure (FRS) DFSN-Server (DFS) Microsoft-Hyper-V (Hyper-V)
Printing-ServerCore-Role (Printing) Ect………

Example: (Creating a domain controller) (More on this later)
dcpromo /unattend:

Note:
The commands below reference install ROLES & Features on server CORE R2 systems

Example:
Dism /online /enable-feature /featurename:DHCPServerCore


(DHCP) (authorize it in Active Directory)



Start & configure startup type


Net start dhcpserver
sc config dhcpserver start= auto



More Example of feature installations


Dism /online /enable-feature /featurename:FRS-infrastructure
Dism /online /enable-feature /featurename:DFSN-Server
Dism /online /enable-feature /featurename:CertificateServices
Note: Uninstall any file server role options by using these commands with the /disable-feature option instead of the /enable-feature option.

For further explains and demonstration of these topic, I highly recommend visiting
http://blogs.technet.com/keithcombs/archive/2007/11/04/windows-server-2008-core-screencast-series-watch-all-eight-parts-here.aspx






www.touchysoftwaresolutions.com

Windows Server 2008 System Recovery Options

This post isn’t so much about Active Directory, but more so about the evolution of Windows. During the install process, it’s never apparent of all the options available. Taking into account a person can literally insert the Windows Server 2008 DVD, press Next about 3-5 times and have a new OS installed while your off doing other things. In my opinion, this deservers allot of kudos’s to Microsoft. Diving into this post look at the screen prints that depicts the recovery options.

These screen captures are pretty self explanatory. Just knowing where the options are in the install process is the main point of this post. Keep in mind the PC Restore option is based on the Windows Backup application VHD file. If you have additional insight on some of these tools within the System Recovery Options, PLEASE respond to this post. Happy computing!

http://www.touchysoftwaresolutions.com/

Windows Server 2008 adds additional attributes to Active Directory objects. This post will demonstrate how to expose some new attributes that may be of interest to system administrators.


Register the dll (acctinfo.dll)
regsvr c:\acctinfo.dll

Open a user account object and select "Additional Account Info"

Some attributes displayed in the interface

Password Last Set
Password Expires
Last Logon Timestamp
SID & GUID

If you have time, you may want to add this to your toolbox. You never know this critical information could be asked of you. Till tomorrow, happy computing

www.touchysoftwaresolutions.com

DFS-R Migration

In writing this blog I chose this topic of discussion due to the fact that a client of mine is migrating to a Windows 2008 Active Directory structure. In this forest many site exist where WAN links are unpredictable, slow with hi latency issues. Making this switch will only benefit the customers replication scheme and produce a better experience.


There's allot of reading material in this topic of discussion, but my attempt is to relay (hopefully the most obvious) topics of how and why we want to migrate too DFSR in its most condensed version.


Terminology:

File Replication Service (FRS): The method of replicating SYSVOL share data between Windows domain controllers. Used in Window 2k & Win2k3.

Distributed File System Replication(DFSR): The method of replicating SYSVOL share data between domain controllers in a Win2k8 Domain Functional Level domain.

Primary domain Controller: The domain controller hosting the PDC Emulator FSMO

Dfsrmig.exe: The utility to initiate state of operation in the domain to eventually migrate from FRS to DFSR (4 states of operation).



Why migrate to DFSR?

Efficient file replication
Available monitoring tools
Scheduling
Differential replication of changes

How?

All domain controllers must be Windows Server 2008 and Windows 2008 domain functional level must be specified.

Global States (See below) (States represent your migration path)

Start (0)

(FRS is primary replicating SYSVOL data)


Prepared (1)

(FRS is replicating SYSVOL data, but DFSR is incorporated to replicate FRS copied data to DFSR peers)


Redirected(2)

(DFSR is replicating SYSVOL data, but FRS is incorporated to replicate SYSVOL data to non DFSR peers)



Eliminated (3)

(DFSR is replicating SYSVOL data)



Task:

Verify the domain is at Windows Server 2008 Domain functional level.(All domain controllers must be Win2k8) In Active Directory Domains MMC, Right click the domain and select "Raise Domain Functional Level"

Backup the SYSVOL Share on the PRIMARY domain controller

Verify DFSR is installed and running on all domain controllers

A) Verify replication is working between all domain controllers
(Change your AD account web page attribute (or any attribute) and connect to all DC's and verify changes replicated)

B) Verify all domain controllers are sharing the SYSVOL share
Run \\servername (SYSVOL should be available)

** Run the example command on the PRIMARY domain controller in the domain. (Moving to the PREPARED STATE)
dfsrmig /setGlobalState 1

C) Force Active Directory replication on a domain controller
(‘repadmin /syncall /AeD’)

D) Force the DFS Replication service to poll Active Directory
(‘dfsrdiag PollAd /Member:DCNAME’)

E) Verify all domain controllers are in the PREPARED STATE


dfsrmig /GetMigrationState (Get local DC specific state)
(SYSVOL data & ACL is copied into the newly created ‘SYSVOL_DFSR’ folder)
(‘HKLM\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating SysVols\Local State’ will exist)

Check the event viewer for DFSR or FRS errors

At this state (PREPARED), FRS is still being utilized for SYSVOL replication and DFSR is being utilized for "SYSVOL_DFSR" folder content replication. If all indications appear normal I would suggest waiting a day or two between states.
All Active Directory information is primarily dependant of your environments replication. If any domain controller does not receive the PREPARED STATE information, investigate possible replication / connectivity issues. Do not move to the REDIRECTED state.

Special Note: dfsrmig /CreateGlobalObjects (In short, if the prepared state is initiated, then RODC "READ ONLY DOMAIN CONTROLLERS" are introduced before getting to the Eliminated state, this command must be run on each RODC)

Special Note: State rollback is possible but not when the ‘ELIMINATED’ state is initiated.

Special Note: dfsrmig /getGlobalState (Get the Primary domain controller AD value)

---------------------------------------------------------------

Moving forward, perform TASK item A & B before initiating the REDIRECTED state.

** Run dfsrmig /setGlobalState 2

Perform TASK item C & D

Verify all domain controllers are in the REDIRECTED STATE
** Run dfsrmig /GetMigrationState

Check the event viewer for DFSR or FRS errors

The SYSVOL share replication is now the ‘SYSVOL_DFSR’ folder making DFSR the primary replication mechanism.


NOTE: FRS is replicating SYSVOL content as well.

--------------------------------------------------------------------


Special Note: rollback is not possible when the ‘ELIMINATED’ state is initiated.

Moving forward, perform TASK item A & B before initiating the ELIMINATED state.

** Run the example command on the PRIMARY domain controller in the domain. (Moving to the ELIMINATED STATE)
dfsrmig /setGlobalState 3

Perform TASK item C & D

Verify all domain controllers are in the ELIMINATED STATE
dfsrmig /GetMigrationState (Get local DC specific state)

Check the event viewer for DFSR or FRS errors

DFSR is the only replicating mechanism for the SYSVOL share.
All newly introduced domain controllers will default to DFSR.


www.touchysoftwaresolutions.com

Active Directory Insider

Welcome to Active Directory Insider where specific topics of the never ending story of technology continue. Hi, my name is Duane Joseph; I’ve been working in the technology field of Information Technology since 1993. From manufacturing system components, micro soldering, implementation engineering to programming I’ve made great strides to gain a well rounded industry knowledge.

I’ve been MCSE certified since NT 4.0, MCITP: Enterprise Administrator, MCITP: Enterprise Messaging Administrator, CISSP, CEH, and Security + certified just to name a couple. My thirst for knowledge has lead me to this point of using the tools at hand to share, communicate, and create open dialog for other inspiring IT workers.

In this open forum, we will explore and examine any related technologies that interface in the world of Active Directory. As broad as this topic may be; we can only do our best to focus on relevant topics that provide real world explanations. Till tomorrow, happy computing.

http://www.touchysoftwaresolutions.com/