Quickie: Add your photo into AD

November 7th, 2012 No comments

More and more are people working with Outlook 2007+, using Lync clients, … all of these applications have ability to show pictures of users in their interface. Let’s look how to implement picture into AD for some users.

Picture in AD is stored in one AD attribute called thumbnailPhoto. We need to put picture into this attribute. Exchange servers and other services use Global Catalog Domain Controllers to resolve attributes for objects in domains. So first of all we need to make sure attribute thumbnailPhoto is propagated into Global Catalog database. We need to modify properties of attribute thumbnailPhoto:

  • Register MMC snap-in for Active Directory Schema running command:

Regsvr32 schmmgmt.dll

  • Open up Active Directory Schema MMC snap-in
  • Under Attributes look for thumbnailPhoto and open its properties
  • Check option “Replicate this attribute to the Global Catalog”

Edit thumbnailPhoto properties

Edit thumbnailPhoto properties

Read more…

Open File – Security Warning

November 7th, 2012 3 comments

Couple days ago something started to bother me. I use Microsoft Windows 7 and Internet Explorer 9.0 to browse on Internet. When you download some application from web, for example my favorite SSH/Telnet/Console client Putty, and you run this application, you get following warning:

Open File - Security Warninig

Open File – Security Warninig

Read more…

Quieckie: Windows 7 SP1 problem with ACT 5.6

October 29th, 2012 No comments

Today we were implementing ACT 5.6 due to migration from Windows XP to Windows 7. My colleague reinstalled SQL Express and ACT twice because it didn’t work as expected. We were examining Windows 7 SP 1 and they were failing everytime he ran report.

Then we have looked into event logs and found out following errors:

ACT problem

and

Read more…

Quickie: Local admin has to have password to create domain

October 24th, 2012 No comments

Today I was preparing new AD test environment for myself. I’ve created new W2008R2 VMs and when I ran dcpromo.exe I’ve got following error:

Local admin password empty

This was just a funny thing I never saw 🙂

Quickie: Ceskoslovensko hlada AD superstar

October 23rd, 2012 No comments

Pred casom som nasiel super prednasku o AD, ktoru prezentoval sam Ondrej Sevecek.

Odporucam si ju pozriet, je to velmi zaujimave a velmi dobre prednesene. Bodaj by sme mali takych ludi viacej.

Internet Explorer Proxy Settings via GPO not working

October 22nd, 2012 2 comments

One of our customer just released the beauty and power of GPO. They started to use it more and more. Couple days ago they set brand new GPO with following settings:

  • Proxy IP was set with port 3128 for all protocols
  • Exceptions for couple websites and local addresses

 

IE Proxy GPO

Read more…

Quickie: Batch file didn’t wait for ping command

October 11th, 2012 No comments

Today I was needed to make batch script to ping some IP addresses for problem described in this article. My first script was as following:

@Echo Off

:Loop1

ping 1.1.1.1 -n 1 -w 30000 >NUL

ping 8.8.8.8 -n 1 | find /i “bytes=” || goto FailedPing

goto Loop1

:FailedPing

echo FAILED PRIMARY NET TO VIA 10.0.0.1 %time% >>ping_test.log

route delete 0.0.0.0 mask 0.0.0.0 10.0.0.1

route add 0.0.0.0 mask 0.0.0.0 10.0.0.2

goto Loop1

When I ran this script in cmd.exe or I scheduled it, it ate one CPU core. I didn’t know why it’s happening, because when I ran this commands in cmd.exe separatelly it workied fine. After couple minutes of debugging I found out that script is not waiting for “ping” commands to finish. It was weird. My colleague told me to use “sleep.exe” to make it wait for a little bit. But that was not a solution. I wanted to force it to wait for ping commands. I tried weird thing. Instead of “ping” I used whole path for ping.exe “%SystemRoot%\\System32\\ping.exe” and for command “route” I used “%SystemRoot%\\System32\\route.exe”. Now everything looks and works perfect.

I have no idea why this is happening, but it works and I need to remember it 🙂

Internal Exchange via two Internet connections

October 11th, 2012 No comments

At one of my customer I had following request. They have Exchange server inside their network. They have two Internet connections. All mail communication goes via primary Internet connection. Second Internet connection is used for Internet browsing.

Internal IP network is 10.0.0.0/24. First Internet connection is called primary and there is default gateway at 10.0.0.1/24. Second Internet connection is called backup Internet connection and it’s default dateway is 10.0.0.2/24. Exchange server has IP address 10.0.0.21/24 and it had default gateway 10.0.0.1/24. MX records are registered to public IP address of primary Internet connection. Problem is when primary line goes down. E-mail communication stops completely – e-mails don’t come and don’t leave company.

To solve this problem we need to make two changes:

  • Change MX records for Internet domain
  • Change routing for internal Exchange server

Read more…

Categories: Exchange, Microsoft, Windows Tags: ,

APP-V exclusion in registries

October 8th, 2012 No comments

Last week I was playing with application virtualization. I do have experiences with VMWare Thinapp applications. I already did couple of those virtualized applications. When I was forced to use App-V to create virtualized application I needed to make one application and I needed make this application to write registries into real registries and not to virtual ones. I thought it would be same as in VMWare Thinapp. That means I would expect to set some “isolation” mode on registry branch.

Problem is that you can define only two modes in App-V for registries:

  • Merge with Local Key – This will merge real registries with virtual ones. Change will be written into virtual registries.
  • Override Local Key – This will show only virtual registries to application and changes will be written into virtual registries.

In VMWare Thinapp there are isolation modes (for file system structures and also for registries) defined as following:

  • Full – Real are not shown. Any modification goes into virtual. New elements go into virtual.
  • Merged – Real are shown. Modification of virtual goes to virtual. Modification of real goes to real. New elements go to real.
  • WriteCopy – Real are shown. Modification of virtual goes to virtual. Modification of real goes to virtual. New elements go to virtual.

Read more…

TMG 2010: Site to site clients cannot access TMG server

October 8th, 2012 No comments

When I upgraded from ISA 2006 to TMG 2010 I found some special problem. There was HQ with TMG 2010 and one branch with ASA 5505. Between those two location there was Site to Site VPN tunnel created. Everything worked fine, beside one problem. Users in branch couldn’t access anything on TMG server. They couldn’t ping it or do anything with it. They couldn’t browse Internet, because TMG was also web proxy server for them.

Read more…