Learn how to quickly promote a domain controller to global catalog status within your forest. Next, you'll learn how to keep an eye on the initial global catalog replication process to see when the promotion is complete.
When you join a machine to the domain, by default it will be placed in the Computers container under the root of the domain. This can be undesirable, particularly if you want to apply distinct Group Policy to machines when they are initially joined to the domain. Fortunately, Active Directory lets you change the default location for new Computer accounts. This article walks you through the quick and easy steps necessary to change the default location for new computer objects.
When you create a new user in Active Directory using certain tools, by default it will be placed in the Users container under the root of the domain. This can be undesirable, particularly if you want to apply distinct Group Policy to users when they are initially created. Fortunately, Active Directory lets you change the default location for new User accounts. This article walks you through the quick and easy steps necessary to change the default location for new user objects.
The Global Catalog (GC) is a critical component of Active Directory, particularly in multi-domain forests. In a multi-domain forest, objects (users, groups, computers, etc.) are spread across each domain. If an application needs to locate a user, for example, and the application does not know what domain the user is located in, then the application would need to contact a domain controller in each domain until the user is located. This approach is highly inefficient, and the Global Catalog is the solution. Domain Controllers that host a copy of the Global Catalog store a partial read-only copy of every object in the forest in the local database. When LDAP queries are submitted on TCP port 3268 (or TCP port 3269 for SSL), a single search can be conducted across all of the objects in the forest.
To conserve space and ensure efficient replication, objects in the Global Catalog are referred to as partial objects because only a subset of the attributes of the object are replicated to the Global Catalog. This s…
Since the first days of Active Directory, the concept of FSMO (Flexible Single Master Operator, pronounced “fizmo”) roles has been a topic of endless discussion amongst IT Professionals. Furthermore, the five roles make for a quick and easy first question in an interview. As Active Directory has evolved over more than a decade, the duties of the FSMO role holders have changed very little, but broad understanding of the duties and optimal placement has not consistently matured.
The five FSMO roles are divided in to two categories: forest-wide and domain-wide. The two forest-wide roles, the Schema Master and the Domain Naming Master exist on a per-forest basis. Meanwhile, the three remaining domain-wide roles - the PDC (Primary Domain Controller) Emulator (PDCe), RID (Relative Identifier) Master, and Infrastructure Master - exist for each domain in the forest. So, for example, in a single domain forest, there are a maximum of five possible FSMO role holders. Meanwhile, in a three domain forest, there are a …
If a domain controller that holds one or more of the five FSMO roles becomes permanently unavailable, you’ll ultimately need to seize the roles to another domain controller. Seizing FSMO roles is not a graceful process and is intended only to be performed when the unexpected occurs.
In normal day-to-day operations, if you need to change what domain controller a FSMO role is held by, you should instead transfer the role. In order to seize the RID Master, PDC Emulator, or Infrastructure Master, you’ll need to be logged in as a Domain Admin. To seize the Schema Master or Domain Naming Master, you must be logged in with Schema Admin or Enterprise Admin permissions, respectively.
If you are deploying Exchange Server 2010 in an environment with load balancers or firewalls which aren’t able to handle dynamic RPC port ranges, you’ll need to define static ports for the RPC Client Access Service and the Address Book Service on each CAS server. If you are using Public Folders, you’ll also need a third static port on the Mailbox servers hosting Public Folders.
This post includes a script that configures the RPC Client Access service and Address Book service to use static ports. Run this script on each CAS server to configure the services. Finally, on each mailbox server, configure the registry value listed at the bottom of the post.
The Exchange Online service in Office 365 as exposes a variant of the Exchange Management Shell (EMS) that you would normally use if you were managing an on-premises Exchange organization. Connecting to the Exchange Online EMS requires a few tedious but well documented steps.
Rather than manually running these steps each time you need to connect, the samples in this post show how you can add a quick shortcut to your Windows PowerShell profile to connect to the Exchange Online EMS.
This is part one of a three part series on configuring the Dell/Quest Free/Busy Connector for Lotus Notes. The Connector is part of Coexistence Manager for Exchange (CMN). In this post, we'll discuss how the connector works and examine the interface with Exchange. Next, we'll configure the Dell/Quest Web Services and the Domino Free Busy Connector Service. Future posts in this series will discuss configuring the remaining components of the connector.
This is part two of a three part series on configuring the Dell/Quest Free/Busy Connector for Lotus Notes. In Part 1 we took at look at the architecture of the Quest Free/Busy (F/B) Connector in Coexistence Manager for Notes (CMN) as well as how Exchange interfaces with it. We also configured the F/B Connector web services and the Domino Free Busy Connector Service. In this post, we’ll configure the Exchange Free Busy Connector Service, the Domino QCALCON task, and the Exchange organization.
This is part three of a three part series on configuring the Dell/Quest Free/Busy Connector for Lotus Notes. In Part 1 we took at look at the architecture of the Quest Free/Busy (F/B) Connector in Coexistence Manager for Notes (CMN) as well as how Exchange interfaces with it. We also configured the F/B Connector web services and the Domino Free Busy Connector Service. In Part 2, we configured the Exchange Free Busy Connector Service, the Domino QCALCON task, and the Exchange organization. In this post, we’ll complete the configuration by configuring Lotus Notes as well as building a test user in Exchange and Lotus Notes to validate the configuration.
The Server Core variant of Windows Server offers a variety of benefits, especially with respect to security. The downside is that familiar GUI management tools are not always accessible. While Windows PowerShell and the command line offer alternatives, the learning curve can be steep. Device Manager is one example of a common GUI management tool that cannot be used on Server Core. Fortunately, Device Manager can be used remotely. This post explains how to enable remote access with Device Manager on Server Core.
This post includes a sample Windows PowerShell script that will generate a CSV file of host IP addresses based on an input list of host names.
Repeatable, consistent, and predictable are three things that add an incredible amount of value in IT, and building servers from a base image is one way to deliver on this. I was just replying to a thread on a discussion alias where the person who started the thread had reviewed a blog post on how to build such an image for VMWare. I and a number of people disputed the recommendations made in the referenced blog post in addition to the various other things the individual who started the thread was planning to install in his image/template.
At a high level, the most important thing from my reply, I think, is that you should not be customizing a server for it to be convenient to your work style. The server is there for a purpose driven task.
This post includes a sample VBScript that will collect key hardware demographics from a list of hosts and output the results to a CSV file. The demographics collected are:
- Host Name
- Serial Number
- BIOS Version
- Operating System
- Memory (MB)
- Disk Drives
How many times have you had to figure out what date was X days, months, or years ago, or perhaps what time was Y minutes, hours, or seconds ago? In this post, you'll learn how easy it is to calculate date and time math with Windows PowerShell.
When silently installing WireShark, WireShark's critical dependency, WinPcap, is not installed automatically. This post shows you how to use a tool called AutoIt to develop a script that can silently automate a point and click process like installing WinPcap.