Archive

Archive for the ‘Windows’ Category

Moje prednášky pre ShowIT 2014

February 12th, 2014 No comments
Categories: Microsoft, Windows Tags: , , ,

AVMA key in Hyper-V

November 26th, 2013 No comments

When you buy Windows Server 2012 R2 Datacenter edition you don’t have to activate every Windows Server 2012 virtual machine (Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard or Windows Server 2012 R2 Essentials.). There is new license key for Windows. It’s called Automatic Virtual Machine Activation (AVMA). You have to active Hyper-V host operating system. Then you use one of following AVMA keys for VMs on your Hyper-V hosts:

Datacenter Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW
Standard DBGBW-NPF86-BJVTX-K3WKJ-MTB6V
Essentials K2XGM-NMBT3-2R6Q8-WF2FK-P36R2

You use this keys using elevated command prompt on VM:

slmgr /ipk <AVMA_key>

When you do all of these steps all your Windows Server 2012 will be automatically activated. Even without  access of Internet from VM.

I hope something similar will be deployed on VMWare virtualization.

More oficial from Microsoft here.

Categories: Microsoft, Windows Tags:

Quickie: Delete all Offline files on Windows XP

November 19th, 2013 No comments

Couple days ago I migrated fileserver. We moved redirected My Documents for users on another server. We also hided these shares behind DFS namespace to make it more manageable in future. But we found out problem with this setup –  offline files. Windows XP kept offline copies of old and new redirected files. We had to clean this offline data database. I setup start up script:

@ECHO OFF
IF EXIST C:\OfflineFilesClean.txt (
  REM Do one thing
) ELSE (
  reg.exe add “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache” /v FormatDatabase /t REG_DWORD /d 1 /f
  echo Vymazane > C:\OfflineFilesClean.txt
)

This script was dedicated just for Windows XP, so I had to apply GPO using WMI filter:

SELECT * FROM Win32_OperatingSystem WHERE Version LIKE “5.1%” and ProductType = “1”

This script would work also on Windows 7 and Windows 8, but those OS didn’t have problem.

That’s all for today,

News in DHCP client since Windows 7

September 26th, 2013 No comments

Imagine you have DHCP server on network. You have all Windows XP and older clients. When DHCP server was not accessible on network during client’s startup, client computer couldn’t get IP address and it assigned APIPA address. This was a problem. So let’s look what’s new since Windows 7.

I prepared following scenario:

  • One DHCP server Windows Server 2012 – 192.168.0.10
  • One DHCP server Windows Server 2012 acting as default gateway – 192.168.0.11
  • One Windows 8 client – DHCP assigned
  • One Windows 7 client – DHCP assigned

When I client wants to get TCP/IP settings from DHCP server, there are four DHCP packets (DISCOVER, OFFER, REQUEST and ACK) going on network. Network dump on DHCP server:

This is normal behaviour even in old clients. Now I shutdown client and stop DHCP server. When I started client computer I found out that client computer has IP address it received from DHCP server before reboot.

So let’s restart client again and see what happends. Client computer has same TCP/IP settings, it had before reboot (TCP/IP settings received from DHCP server before I stopped DHCP server). Client computer keeps asking DHCP server to renew TCP/IP settings (using DHCP REQUEST):

So how client computer knows if it has to set cached TCP/IP settings before DHCP server stopped to respond? I assume it depends on gateway and its IP or MAC address. So let’s disconnect gateway from network and reboot client computer. Now client has APIPA TCP/IP settings and it looks for DHCP server by DHCP DISCOVERY:

It means it depends on health of gateway if client keeps TCP/IP settings assigned by DHCP or not. I haven’t seen any ICMP packet to check network healt of gateway so I assume it check MAC address. So let’s look for ARP packets from client to gateway. Looks like client asks for MAC address of saved default gateway IP address. When it received answer, it sets TCP/IP settings to cached TCP/IP settings:

Question is if client computer compares MAC address to some saved one or it just waits for ARP response and doesn’t care of MAC address. Let’s change MAC address of default gateway. Client keeps asking via ARP for MAC address. MAC address is different and client doesn’t set its saved TCP/IP settings (it sets APIPA settings):

So where client computer saves MAC address of default gateway?

Yes, in registry. 🙂 It’s saved under registry key:

and there are subkeys for each interface and under this key there is binary value called DhcpGatewayHardware which contains MAC address:

When client starts it checks for MAC address of its saved default gateway IP address. Then it compares to saved MAC address from registry. If these two MAC addresses don’t match, client deletes all saved TCP/IP settings from registries and uses APIPA (if there is not Alternate Configuration). In background it still looks for DHCP server by sending DHCP DISCOVER packets.

So now we have smaller problem on Mondays when DHCP server is down (of course by accident 🙂 ) and everyone is trying to get to network resources 🙂

I haven’t find any article about this new behaviour on oficial Microsoft websites.

That’s all folks,

 

Quickie: Insert date and time into Notepad document

September 23rd, 2013 No comments

When I do some change I note when and what I have done. I use notepad. I used to type date and time to every step I made, for example during migration. My colleague Robert Švec told me about key F5 which puts actual date and time into notepad document 🙂

That’s just a quick quickie today.

Categories: Quickie, Windows Tags: , , ,

Problem with WSUS client

August 14th, 2013 No comments

 

Today I had problem on one server Windows Server 2008 R2. This server logged error 800B0001 with Windows Update Client:

 

Error 800B0001

 

When I looked at event viewer I saw same error:

  error 0x800b0001

 

and WindowsUpdate.log logged following:

 

 

I knew about one issue which is described in this article. But this article didn’t help. When I looked for file C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab, I found out there isn’t such a file. I copied this file from other server Windows Server 2008 R2 and now everything works fine 🙂

So in Microsoft world .cab file is not trusted if it doesn’t exist! 😀 Coool.

 

 

Implementing Remote Assistance into context menu of ADUC

August 6th, 2013 5 comments

Couple days ago I wrote about Remote Assistance. I wanted to make this feature as close as possible to administrators so I decided to implement special item in context menu of ADUC. Let’s do it.

We need to prepare script first. I wrote very simple one:

==========


‘ Script to run Remote Assitance on domain computer

Set wshArguments = WScript.Arguments
Set objUser = GetObject(wshArguments(0))


‘ Check if Remote Assistance is installed

Set fso = CreateObject(“Scripting.FileSystemObject”)
If (fso.FileExists(“C:\Windows\System32\msra.exe”)) Then
 ‘ Is istalled
 Set objShell = WScript.CreateObject(“WScript.Shell”)
 Return = objShell.Run(“C:\Windows\System32\msra.exe /offerra ” & objUser.dNsHostName, 1, true)
Else
 ‘ Is not installed, error.
 Wscript.Echo “Microsoft Remote Assistance is not installed on this machine.”
End If

==========

Let’s save this script as .vbs file into \\DOMAIN.LOCAL\NETLOGON directory. Now when we have a script, we need to create context menu in ADUC. This can be accomplished using ADSI Edit tool. Start ADSI Edit tool and look for CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=domain,DC=local. There look for CN=computer-Display. Right-click on CN=computer-Display and select Properties.

 

aduc01

 

In attribute adminContextMenu add following line:

2, &Remote Assistance,\\domain.local\NETLOGON\RemoteAssistance.vbs

Description:

2 – order number

&Remote Assistance – name of the item in context menu

\\domain.local\NETLOGON\RemoteAssistance.vbs – command to run

When you click OK, OK in ADSI Edit your work is done. Now when you click on computer account you can see and use following context menu item:

 

aduc02

 

And that’s all folks.

Quickie: Reset settings for w32time service

July 3rd, 2013 No comments

When you play with w32time service to much and you want to reset it to its default settings you can run following commands:

net stop w32time

w32tm /unregister

w32tm /register

net start w32time

I just needed it 🙂

Categories: Quickie, Windows Tags: , , ,

Active Directory Sync Tool – filters for user accounts

June 26th, 2013 2 comments

Today I published article how to make synchronization between Active Directory and Microsoft cloud Office 365. I also mentioned that you can filter which users you want to synchronize to cloud and which not. I also mentioned article where it’s described. I started to play with it, but it’s not as simple as I thought 🙂

They mention that you can filter on three conditions:

  • Based on OU location
  • Domain based
  • User attribute

I wanted to investigate third option – filter on User attribute. So I started to read article. First and most important is to mention that you set filter on users which you DO NOT want to synchronize. 🙂 So I decided to synchronize users which have their attribude “department” set to value “IT”. So I had to set filter out all users which don’t have this attribute set. 🙂

Another catch in article is about location of MIISAdmin tool. Article specifies some disk location, but it’s completely different. On my Windows Server 2012 it was installed in:

 

Installation directory

 

When I want to sync account which have department attribute set to “IT” I had to do following:

Open up miisclient.exe and click on Management Agents:

 

Management Agents

 

Right click on AD Connector (Agent) and Properties:

 

Properties

 

On left side you have to select Configure Connector Filter, then on right select user and select New…:

 

Sycn filter

 

Now declare new condition, which means we don’t want users that have department attribute set to IT:

 

Define filter

 

OK, OK. I set in domain only users User10-User19 to have value set. Now let’s force synchronization (IMHO it could be something more inteligent and nicer 🙂 ).

Let’s go to installation folder and run DirSyncConfigShell.psc1:

 

Running force sync

 

Now I have to run Start-OnlineCoexistenceSync:

 

Start-OnlineCoexistenceSync

 

You can check if everythin works fine in Application events and you should have success on the end:

 

Synchronization successed

 

And on cloud Office 365 I see just users I wanted to see:

 

Filtered users

 

Only thing I’m missing is to filter based on group membership.

Have a nice day,

 

Active Directory synchronization with Office 365

June 26th, 2013 1 comment

Once upon the time there was customer asking if we can help them with integration their Active Directory with Office 365 cloud. The main request was to sync Active Directory users into Office 365 cloud and then test Office 365 applications on their computers.

Registration for free Office 365

First you need to check prices and packages you want to use. I wanted to test it so I registered HERE. In free month you can use licences for 10 users. Don’t forget to register for Office 365 Midsize Business, only this version of Ouffice 365 can sync AD. After registration I have received e-mail with my account to log into Office 365 portal. After firt logon there is really not to many things to configure. I have to notice that I received testing domain @AtosSlovakia.onmicrosoft.com. This is what you need to have.

Preparing playground

So I have my playground setup:

  • Domain name: DOMAIN.LOCAL
  • Domain controller: MT-SERVER01.DOMAIN.LOCAL
  • Server which will synchronize data into cloud Office 365: MT-SERVER02.DOMAIN.LOCAL

Computer which will do synchronizaction needs to accomplished couple conditions:

  • Must have Microsoft .NET Framework 3.x
  • In cannot be domain controller
  • Must be part of the domain
  • It can be Windows Server 2008, Server 2008 R2 or Server 2012
  • If you have less than 50 000 objects in AD which you want to sync you can use Microsoft SQL Server 2008 Express. Other way you need to use “normal” SQL
  • Active Directory forest functional mode has to be Windows Server 2003 and higher

More HERE.

I also need to generate some users in domain which I will upload into cloud. I just have created 50 bulk users using following powershell script:

Create bulk AD users powershell

I have received testing domain suffix from Office 365 @AtosSlovakia.onmicrosoft.com so I have to set it as aditional UPN for new created users:

  • Open Active Directory Domain and Trusts
  • Right click on Active Directorz Domains and Trusts and click Properties
  • Type defined UPN and click OK

Setup Active Directory Synchronizaction

When you log on Office 365 portal you go to “users and groups” and select Active Directory synchronization Set up.

Activate AD Sync

Then you have to complete 6 steps (not really work to do) to make it work:

AD Sync Wizard

Activation of AD Sync tool can take about 24 hours:

24 hours activation

While we will wait for activation of feature, let’s install Directory Sync Tool on server MT-SERVER02.DOMAIN.LOCAL.

Read more…