DNS Best Practise

I thing i see at many client’s where i come is. Enable Automatic scavenging of stale records is forget to enable. This is a best practise. See: https://technet.microsoft.com/nl-nl/library/ff807390(v=ws.10).aspx

DC01

Use the Microsoft Best Practice Analyzer Winking smile

Powershell Smile

Set-DnsServerScavenging –ScavengingState $True –RefreshInterval  7:00:00:00 –NoRefreshInterval  7:00:00:00 –ScavengingInterval 7:00:00:00 –ApplyOnAllZones –Verbose

Incompatibility between Windows 8 roaming user profiles and roaming profiles in other versions of Windows

Roaming user profiles on Windows 8-based or Windows Server 2012-based computers are incompatible with roaming user profiles in other versions of Windows.
Profiles are compatible only between the following client and server operating system pairs: 

  • Windows 8.1 and Windows Server 2012 R2
  • Windows 8 and Windows Server 2012 
  • Windows 7 and Windows Server 2008 R2
  • Windows Vista and Windows Server 2008 

Note In this article, when the client operating system is referenced, the same issue applies to its corollary server operating system.
For example, if you try to deploy Windows 8 in an environment that uses roaming, mandatory, super-mandatory, or domain default profiles in Windows 7, you experience the following:

  • After you use a user account that has an existing Windows 7 profile to log on to a Windows 8-based computer for the first time, the components from Windows 8 read and modify the profile state.
  • Certain Windows 8.1 features may not work as expected because the expected profile state is not present.
  • When you try to use the same user account to log on to a Windows 7-based computer, the user profile modification that was performed in Windows 8 may not work as expected in Windows 7.

The issues occur because the profile will contain values that are used differently between the versions of Windows. The user profile will be missing default profile configuration information that is expected by the operating system, and could contain unexpected values that are set by a different operating system version. Therefore, the operating system will not behave as expected. Additionally, profile corruption may occur.

 

Hotfix: Download

Change default Windows network Icon to something Cool!!

To change the network type please do the following:

Hit Winkey + R to open Run prompt and type gpedit.msc

Navigate to: Computer Configuration | Windows Settings | Security Setting | Network List Manager Policies

Choose your Network name from the right pane. In my case network name was wardvissers.local

image

image

So the policy look likes

image

Now we have a Smiley for my wardvissers.local domain Smile with tongue out Cool!!

image

Configuring disks to use VMware Paravirtual SCSI (PVSCSI) adapters

PVSCSI adapters are high-performance storage adapters that can result in greater throughput and lower CPU utilization. PVSCSI adapters are best suited for environments, especially SAN environments, where hardware or applications drive a very high amount of I/O throughput. PVSCSI adapters are not suited for DAS environments.

This table shows the support matrix for use of Paravirtual SCSI adapters for data disks and boot disks for the various guest operating systems and ESX versions. Support shown in the table is from the listed ESX/ESXi version and later versions.

Guest operating system

Data Disk

Boot Disk

Windows Server 2012 (64 bit only)

ESXi 5.0 Update 1, ESXi 5.1

ESXi 5.0 Update 1, ESXi 5.1

Windows Server 2008 R2 (64 bit only)

ESX/ESXi 4.0 Update 1, ESX/ESXi 4.1, ESXi 5.x

ESX/ESXi 4.0 Update 1, ESX/ESXi 4.1, ESXi 5.x

Windows Server 2008 (32 and 64 bit)

ESX/ESXi 4.x, ESXi 5.x

ESX/ESXi 4.0 Update 1, ESX/ESXi 4.1, ESXi 5.x

Windows Server 2003 (32 and 64 bit)

ESX/ESXi 4.x, ESXi 5.x

ESX/ESXi 4.x, ESXi 5.x

Windows 7 (32 and 64 bit)

ESX/ESXi 4.1, ESXi 5.x

ESX/ESXi 4.1, ESXi 5.x

Windows Vista (32 and 64 bit)

ESX/ESXi 4.1, ESXi 5.x

ESX/ESXi 4.1, ESXi 5.x

Windows XP (32 and 64 bit)

ESX/ESXi 4.1, ESXi 5.x

ESX/ESXi 4.1, ESXi 5.x

Because the default type of newly hot-added SCSI adapter depends on the type of primary (boot) SCSI controller, hot-adding a PVSCSI adapter is only supported for those versions that support booting from a PVSCSI adapter.

Paravirtual SCSI adapters also have these limitations:

  • Hot add or hot remove requires a bus rescan from within the guest.
  • Disks with snapshots might not experience performance gains when used on Paravirtual SCSI adapters if memory on the ESX host is overcommitted.

Active Directory Replication Status Tool

The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest. ADREPLSTATUS displays data in a format that is similar to REPADMIN /SHOWREPL * /CSV imported into Excel but with significant enhancements.
Specific capabilities for this tool include:

    • Expose Active Directory replication errors occurring in a domain or forest
    • Prioritize errors that need to be resolved in order to avoid the creation of lingering objects in Active Directory forests
    • Help administrators and support professionals resolve replication errors by linking to Active Directory replication troubleshooting content on Microsoft TechNet
    • Allow replication data to be exported to source or destination domain administrators or support professionals for offline analysis

System Requirements

Supported Operating System

Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista, Windows XP

      • ADREPLSTATUS does not install on server core installs of Windows
      • Windows 2000 not supported due to lack of support for .NET Framework 4.0

    Domain membership requirements:

      • Must be joined to the Active Directory domain or forest you intend to monitor

    .NET Framework requirements:

      • .NET Framework 4.0 (you may be prompted to install .NET Framework 3.5.1 first on Windows Server 2008)

    Required User Credentials:

      • Target forest/domain user account

    Supported DC OS versions that can be monitored by ADREPLSTATUS:

      • Windows Server 2003
      • Windows Server 2003 R2
      • Windows Server 2008
      • Windows Server 2008 R2
      • Windows Server 2012

      image

OS not starting after removing extra bitlocker boot partition

If you remove the 300mb hidden partition your system does not start anymore.

Solution 1:

Open command prompt
bcdboot c:\windows /s c:
Open diskmgmt.msc & Mark Partion as Active.
Reboot the VM.
Delete the BDEdrive partitie.
Extend the C-Disk with the empty space

Solution 2:

Boot with Windows 7 or WIndows 2008 R2 installation DVD, select repair and open a command prompt.
Type diskpart
Type select disk 0
Type list partition
then note the partition number where you installed windows 7.
Type select partition X (X is the partition number where Windows is installed)
type active
type exit
type bcdboot.exe c:\windows (if C is your windows partition)

Setup KMS Server for Windows Server 2008 R2 or Windows 7

Open the command prompt and run the following command:

cscript c: \ Windows \ System32 \ slmgr.vbs / ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

Enter the product key xxxxx Windows Server 2008 R2. It is also able to activate Windows 7. The following text appears when the command is successful.

Microsoft ® Windows Script Host Version 5.7
Copyright © Microsoft Corporation. All rights reserved.
Installed product key xxxxx-xxxxx-xxxxx-xxxxx-xxxxx successfully.
The installation of the KMS server is complete. The server installs itself on port 1688. This port must be opened to be put in the firewall. To change the port the following command can be used.

Slmgr.vbs / SPRT xxxx
Once the firewall is open and the key is installed, the KMS server service has to be restarted. Do this by using the following command:

slsvc & net stop & net start slsvc

To check whether the data will be registered correctly in the DNS, the following command:

nslookup-type = srv _vlmcs._tcp

Here, the following output should appear:

_vlmcs._tcp.test.local SRV service location:
priority = 0
weight = 0
port = 1688
svr hostname = kms.wardvissers.local
internet address = 192.168.150.7 kms.wardvissers.local

Clients / Servers

The clientele / servers need to connect to the KMS host will automatically find the host by dns. When the client / server using a MAK key is activated. Should this be put back to a KMS client key. These keys are released by Microsoft. When this key is set on the client / server will automatically look for a KMS host. When not present, the client / server activation.

KMS client keys:

Windows 7 Enterprise: 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows Server 2008 Standard: TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Windows Server 2008 Enterprise: YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
Windows Server 2008 R2 Standard – YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Server 2008 R2 Enterprise – 489J6-VHDMP-X63PK-3K798-CPX3Y

The following commands can the key be changed from MAK to KMS here are the xxxxx is one of the above keys.

slmgr.vbs / ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Note: To ensure that the client is forced to activate the command to be executed on the client.
slmgr-ato

It can happen that the RMS server returns the following message. This is because the KMS server is just beginning to work with 25 clients and 5 servers.

You can find here the list with error codes & solutions: http://support.microsoft.com/kb/938450

Special thanks to:Harm Hoekstra

MMC could not create the snap-in. CLSID: FX:{18ea3f92-d6aa-41d9-a205-2023400c8fbb} error

I was able to solve this problem by the procedure below.

1. Navigate to the following directory:

x64 OS
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG

x86
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG

2. Copy the ‘machine.config’ file to desktop just in case before you go to 3rd step.

3. Rename machine.config to machine.config.old which is locating in the directory above.

That’s it Winking smile

GAL Photos in Exchange 2010 and Outlook 2010

With Microsoft Exchange 2010 and Outlook 2010 & Lync & Sharepoint 2010 you can finally get photos into your global address list (GAL) and see just who’s who on your emails. You can do this on 2 way’s

1. Using Powershell Smile

    A minor schema change

    First stop, the AD Schema. A minor schema modification is required to flip the thumbnailPhoto attribute to make it replicate to the Global Catalog.

    1. If you haven’t registered the Schema MMC snap-in on the server you want to make this change on, go ahead and do so using the following command:

      Regsvr32 schmmgmt.dll

    2. Fire up a MMC console (Start -> Run -> MMC) and add the Schema snap-in

    3. In the Active Directory Schema snap-in, expand the Attributes node, and then locate the thumbnailPhoto attribute. (The Schema snap-in lists attributes by its ldapDisplayName).

    4. In the Properties page, select Replicate this attribute to the Global Catalog, and click OK.

      Figure 1: Modifying the thumbnailPhoto attribute to replicate it to Global Catalog

      Loading pictures into Active Directory

      Now you can start uploading pictures to Active Directory using the Import-RecipientDataProperty cmdlet, as shown in this example:

      Import-RecipientDataProperty -Identity "Ward VIssers" -Picture -FileData ([Byte[]]$(Get-Content -Path "C:\pictures\wardvissers.jpg" -Encoding Byte -ReadCount 0))

      To perform a bulk operation you can use the Get-Mailbox cmdlet with your choice of filter (or use the Get-DistributionGroupMember cmdlet if you want to do this for members of a distribution group), and pipe the mailboxes to a foreach loop. You can also retrieve the user name and path to the thumbnail picture from a CSV/TXT file.

      2. Using a Free tool like Outlook Photos from Exclaimer

      Download the Tool HERE

      The tool is easy to use Smile.

      Prerequisites

      User Preferences

        Domain user – The logged in user’ account is required to be an Active Directory account.

        Domain computer – The computer the user is logged into needs to be joined to an Active
        Directory domain.

        Active Directory permissions – The logged in user must have permission to upload photos to the required Active Directory accounts. (Alternate credentials can be supplied or control of the thumbnailPhoto field can be delegated to the logged in user.)

      Operating System

      • Windows Server 2003 x86 (including all service pack levels).
      • Windows Server 2003 R2 x86 and x64 (including all service pack levels).
      • Windows Server 2008 x86 and x64 (including all service pack levels).
      • Windows Server 2008 R2 x86 and x64 (including all service pack levels).
      • Windows Small Business Server 2003 (including all service pack levels).
      • Windows Small Business Server 2008.
      • Windows Small Business Server 2011.
      • Windows XP x86 and x64 (including all service pack levels).
      • Windows Vista x86 and x64 (including all service pack levels).
      • Windows 7 x86 and x64 (including all service pack levels).

      Other Software

      Microsoft Outlook 2010 x86 and x64

      Microsoft .NET Framework 3.5 SP1

      Microsoft Exchange 2010 RTM and above

      Active Directory

      You must be logged into an Active Directory domain to run the application.

      Active Directory Forest
      Domain and Forest functional level of Windows Server 2008 and above.
      For Domain or Forest functional level of Windows Server 2003, the Windows Server 2008 Forest preparation must first be complete.

      Screenshots

        image image

      Group Policy Preferences Data Sources Failed with error 0x80070057

      clip_image002
      Group Policy Data Sources is voltooid.

      Aanvullende gegevens:

      Het voorkeursitem computer ‘Nordined’ in het groepsbeleidsobject ‘De naam van de policy {54A928D5-EAA8-421B-9F12-066B350B6671}’ is niet toegepast, omdat het is mislukt met foutcode ‘0x80070057 De parameter is onjuist.’%%100790273

      Oplossing:

      clip_image004

      clip_image006

      Edit Datasources.xml
      <?xml version="1.0" encoding="utf-8"?>

      <DataSources clsid="{380F820F-F21B-41ac-A3CC-24D4F80F067B}"><DataSource clsid="{5C209626-D820-4d69-8D50-1FACD6214488}" name="WARD" image="2" changed="2011-03-02 09:04:35" uid="{2E9E5014-DEA3-4B65-AD9A-B8A6C602E576}" userContext="1" removePolicy="0"><Properties action="U" userDSN="0" dsn="WARD" driver="SQL Server" description="Ward" username="" cpassword=""><Attributes><Attribute name="SERVER" value="SQLSERVERNAME"/><Attribute name="TRUSTED_CONNECTION" value="Yes"/><Attribute name="DATABASE" value="DATABASENAAM"/></Attributes></Properties></DataSource>

      </DataSources>

      Delete username="" and cpassword=""
      <?xml version="1.0" encoding="utf-8"?>

      <DataSources clsid="{380F820F-F21B-41ac-A3CC-24D4F80F067B}"><DataSource clsid="{5C209626-D820-4d69-8D50-1FACD6214488}" name="WARD" image="2" changed="2011-03-02 09:04:35" uid="{2E9E5014-DEA3-4B65-AD9A-B8A6C602E576}" userContext="1" removePolicy="0"><Properties action="U" userDSN="0" dsn="WARD" driver="SQL Server" description="Ward" ><Attributes><Attribute name="SERVER" value="SQLSERVERNAME"/><Attribute name="TRUSTED_CONNECTION" value="Yes"/><Attribute name="DATABASE" value="DATABASENAAM"/></Attributes></Properties></DataSource>

      Now the policy is deployed succesvol Open-mouthed smile