You are working/discovering at a client site and you want to determine the domain controllers.
There are many many sources and methods to skin this cat. Here is a digest of a few of the best methods.
nslookup from command line
nslookup
set type=all
_ldap._tcp.dc._msdcs.DOMAIN_NAME
*probably the most standard, all you need is any Windows machine
from command line
set l (Lowercase "L")
*will only show the domain controller that authenticated you - does not show all domain controllers
From command line
gpresult /r
*will only show the domain controller that provided group policy to you at logon - does not show all domain controllers
From PowerShell
Import-Module ActiveDirectory
Get-ADDomainController | select name
*assumes you have RSAT and powershell installed
*only shows a domain controller not all domain controllers
My personal favorite
From command line
nstest /dclist:domain
*shows all domain controllers and their AD site
Thursday, October 8, 2015
Thursday, October 1, 2015
Exchange shell script as Scheduled task - mailbox and database statistics to e-mail
If you have a script that you run in Exchange Management Shell, you can schedule the task to run in "Scheduled Tasks".
I had to fumble around with this for some time, so I thought I could share. Maybe this will save you just a few minutes. I saw a few resources on the web on how to perform this task. For some reason or another, most of the guides were incorrect or didn't work on my Exchange server (tried on 2010 and 2013).
this is what DID work:
Create a scheduled task in task scheduler > basic task...
For the program/script:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add this under ARUGEMENTS:
(For Exchange 2010)
-version 2.0 -NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; <path and name of your existing .ps1 file>"
(For Exchange 2013)
-NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; <path and name of your existing .ps1 file>"
I had to fumble around with this for some time, so I thought I could share. Maybe this will save you just a few minutes. I saw a few resources on the web on how to perform this task. For some reason or another, most of the guides were incorrect or didn't work on my Exchange server (tried on 2010 and 2013).
this is what DID work:
Create a scheduled task in task scheduler > basic task...
For the program/script:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add this under ARUGEMENTS:
(For Exchange 2010)
-version 2.0 -NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; <path and name of your existing .ps1 file>"
(For Exchange 2013)
-NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; <path and name of your existing .ps1 file>"
On the Exchange Server I created a folder called "scripts" on C:\
My argurment looks like this:
-version 2.0 -NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; C:\scripts\Send_mailbox_stats.ps1"
Continue to configure your scheduled task. Select "Run wheather user is logged on or not", Select a date\time\recurrence under triggers.
You are all set as far as the scheduled task goes.
Here is an awesome script that will send you an email including all of your mailbox sizes and all of your database sized. In my case I have the report e-mailed weekly.
Enjoy:
# ******** Send mailbox statistics script
$Logfile = "C:\mailboxreport.txt"
$mailboxservername = "<YOUR MAILBOX SERVER NAME>"
$NumOfMailboxes = 40 #number of mailboxes to return
#******** delete the existing file, if exists
remove-item $Logfile | out-null
#********* variables for the mail message values
$FromAddress = "reports@yourdomain.com"
$ToAddress = "youremailaddress@yourdomain.com"
##$ToAddress2 = "otheremailaddress@yourdomain.com"
$MessageSubject = "Mailbox Size Report"
$MessageBody = "Attached is the current list of mailbox sizes."
$SendingServer = "YourOutboundmailserver.yourdomain.com"
#********** get and write the current date/time to the file
$LogTime = Get-Date -Format "MM-dd-yyyy_hh:mm:ss"
$LogTime >> $logfile
$mailboxservername >> $LogFile
#*********** Formatting for mailbox statistics # adjust the widths if desired
$a = @{Expression={$_.DisplayName};Label="Name";width=28}, `
@{Expression={$_.TotalItemSize.Value.ToMB()};Label="Size (MB)";width=9}, `
@{Expression={$_.itemCount};Label="Items";width=11}
#*********** Now get the stats and send to a text file
write-Output "" >> $Logfile
write-output "Mailbox Information: Top $numOfMailboxes" >> $Logfile
Get-MailboxStatistics -server $mailboxservername | Sort-Object TotalItemSize -Descending | ft $a | select-object -first $NumOfMailboxes >> $Logfile | out-null
#*********** Formatting for database statistics
$a = @{Expression={$_.Name};Label="Name";width=28}, @{Expression={$_.databasesize.ToGB()};Label="Size (GB)";width=9}, `
@{Expression={$_.Availablenewmailboxspace.toMB()};Label="Avail (MB)";width=11}
#*********** Now get the database stats and send to text file
write-output "" >> $Logfile
write-output "Database Statistics for server $mailboxservername" >> $logfile
Get-MailboxDatabase -Status | sort name | ft $a >> $Logfile
#********** Create the mail message and add the statistics text file as an attachment
$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress,
$MessageSubject, $MessageBody
$Attachment = New-Object Net.Mail.Attachment($logfile)
$SMTPMessage.Attachments.Add($Attachment)
#$SMTPMessage.To.Add($ToAddress2)
#*************** Send the message *****************
$SMTPClient = New-Object System.Net.Mail.SMTPClient $SendingServer
$SMTPClient.Send($SMTPMessage) | out-null
Monday, September 28, 2015
Exchange 2010 and iPhone, Connect get mail, Connection to the server failed
During an upgrade from Exchange 2007 to Exchange 2010, whilst re-homing the CAS server and re-homing mail flow from 2007 to 2010, all of a sudden some users could not connect to Exchange from their iPhones. Only SOME users were affected and only iPhone users. We have a mix of iPhone and various Droid phones in use.
iPhone users were receiving:
tried rebooting phone - no luck
For SOME reason - the issue was fixed for 5 users by turning off SSL and then back on
For SOME reason - the issue was fixed for 3 users by turning on Airplane mode and then off
That still left me with about 25 users that couldn't get e-mail/calendar/contacts on iPhones.
Troubleshooting led me here (solution 3)
http://www.iphonetopics.com/cannot-get-mail-the-connection-to-the-server-failed/
Again, for SOME reason, some users did not have "Include inheritable permissions from this object's parent" enabled (ticked)
Open Active Directory Users and computer
On the top menu choose View > Advanced Features.
Find and right click the user account and choose Properties.
Choose Security tab. Then choose Advanced.
Select the check box ““Include inheritable permissions from this object’s parent”.
Checking this box fixed the issue, but now the bigger issue was how to do this in bulk for all my users.
Here is a powershell script that will enable (tick the box) for all users in AD recursing down an OU structure
Import-Module activedirectory
$Users = Get-ADUser -LDAPFilter “(ObjectClass=User)” -SearchBase “OU=accounts_active_users,DC=***,DC=***"
ForEach($User in $Users)
{
# Bind users
$OU = [ADSI](“LDAP://” + $User)
$SecGroup = $OU.PSBase.ObjectSecurity
if ($SecGroup.get_AreAccessRulesProtected())
{
$isProtected = $false ## Allows inheritance
$preserveInheritance = $true ## Preserves inheritance
$SecGroup.SetAccessRuleProtection($isProtected, $preserveInheritance)
$OU.PSBase.CommitChanges()
Write-Host “$User inheritance has been set”;
}
else
{
Write-Host “$User inheritance already set”
}
}
taken from: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28553940.html
iPhone users were receiving:
tried rebooting phone - no luck
For SOME reason - the issue was fixed for 5 users by turning off SSL and then back on
For SOME reason - the issue was fixed for 3 users by turning on Airplane mode and then off
That still left me with about 25 users that couldn't get e-mail/calendar/contacts on iPhones.
Troubleshooting led me here (solution 3)
http://www.iphonetopics.com/cannot-get-mail-the-connection-to-the-server-failed/
Again, for SOME reason, some users did not have "Include inheritable permissions from this object's parent" enabled (ticked)
Open Active Directory Users and computer
On the top menu choose View > Advanced Features.
Find and right click the user account and choose Properties.
Choose Security tab. Then choose Advanced.
Select the check box ““Include inheritable permissions from this object’s parent”.
Checking this box fixed the issue, but now the bigger issue was how to do this in bulk for all my users.
Here is a powershell script that will enable (tick the box) for all users in AD recursing down an OU structure
Import-Module activedirectory
$Users = Get-ADUser -LDAPFilter “(ObjectClass=User)” -SearchBase “OU=accounts_active_users,DC=***,DC=***"
ForEach($User in $Users)
{
# Bind users
$OU = [ADSI](“LDAP://” + $User)
$SecGroup = $OU.PSBase.ObjectSecurity
if ($SecGroup.get_AreAccessRulesProtected())
{
$isProtected = $false ## Allows inheritance
$preserveInheritance = $true ## Preserves inheritance
$SecGroup.SetAccessRuleProtection($isProtected, $preserveInheritance)
$OU.PSBase.CommitChanges()
Write-Host “$User inheritance has been set”;
}
else
{
Write-Host “$User inheritance already set”
}
}
taken from: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28553940.html
Thursday, July 23, 2015
Get serial number of server from within Windows
I was remotely connected (via RDP) to a server a thousand miles away for which I needed to get the serial number. The server is an HP 380 Gen9.
Neat trick using WMIC
from command line:
wmic /node:HOSTNAME bios get serialnumber
(I used "localhost" for the hostname)
Monday, July 20, 2015
Domain Controller, new domain, Windows 2012 r2 Core, part 2
See part 1 for the back story.
Here we establish a second domain controller for an existing domain that we set up in part 1.
Use Part1 to repeat steps 1 through 5
Verify your hostname and IP configuration are correct, primary DNS should be address of the first domain controller we installed in part 1.
To create additional domain controller for existing domain:
From PowerShell:
step 6.
#add computer to domain
add-computer -domain lab.local -credential (get-credential)
[enter credentials of domain admin]
restart-computer
step 7.
from PowerShell
Install-ADDSDomainController -DomainName lab.local -InstallDNS:$True –Credential (Get-Credential)
[enter domain admin credentials]
reboot will occur.
Here we establish a second domain controller for an existing domain that we set up in part 1.
Use Part1 to repeat steps 1 through 5
Verify your hostname and IP configuration are correct, primary DNS should be address of the first domain controller we installed in part 1.
To create additional domain controller for existing domain:
From PowerShell:
step 6.
#add computer to domain
add-computer -domain lab.local -credential (get-credential)
[enter credentials of domain admin]
restart-computer
step 7.
from PowerShell
Install-ADDSDomainController -DomainName lab.local -InstallDNS:$True –Credential (Get-Credential)
[enter domain admin credentials]
reboot will occur.
Domain Controller, New Domain, Server 2012 r2 Core, Part 1.
I am setting up a test lab for "Skype for Business 2015". To proceed with testing I wanted a new lab consisting of:
2x Domain Controller (w/ DNS) - Windows 2012 R2 Core
1x SQL server 2012 on Windows 2012 (not r2, W/ GUI)
1x Skype for Business 2015 (Lync) server on Windows 2012
1x RDS server (as client) on server 2008R2
As a guide to configuring the Domain Controllers, below are the commands and Powershell commands that I use.
*THIS IS ONLY FOR A LAB ENVIRONMENT! I would not recommend this for a production environment*
Let me preface this by saying that all of these commands are not mandatory and this is not a secure installation. I like to disable IP v6 and all related components in my lab environment and disable the firewall.
Part 1. First domain controller, assuming a completely vanilla installation
Step 1.
Use SCONFIG to configure:
IP address, Subnet mask
defaut gateway address
DNS address
turn on (enable) remote desktop
computer name (reboot after)
step 2. disable ip6 components
From command line:
*test computer name and IP address:
hostname
ipconfig /all
netsh int ipv6 isatap set state disabled
netsh int ipv6 6to4 set state disabled
netsh int teredo set state disable
step 3. disable IP Helper service
From Powershell:
# PowerShell cmdlet to list services that are running
Get-Service * | Where-Object {$_.Status -eq "Stopped"}
#disable "IP Helper" service
set-service iphlpsvc -startuptype disabled
stop-service iphlpsvc
step 4A. disable IPv6 on adapter. on a fresh install the only adapter is called "Ethernet"
Get-NetAdapterBinding -InterfaceAlias Ethernet | Select-Object Name,DisplayName,ComponentID
Disable-NetAdapterBinding -InterfaceAlias Ethernet -ComponentID ms_tcpip6
step 4B. disable firewall
Get-NetFirewallProfile | Set-NetFirewallProfile -enabled false
step 5. install AD services (does not make a domain controller)
Install-WindowsFeature -Name AD-Domain-Services
step 6 (basic commands, accepts defaults during AD install
$Password = ConvertTo-SecureString -AsPlainText -String MyRetoreModePassword -Force
Install-ADDSForest -DomainName lab.local -SafeModeAdministratorPassword $Password -InstallDns
(additional command to append to previous command, if required/desired to change)
-DomainNetbiosName lab -DomainMode Win2012R2 -ForestMode Win2012R2 -DatabasePath "%SYSTEMROOT%\NTDS" `
-LogPath "%SYSTEMROOT%\NTDS" -SysvolPath "%SYSTEMROOT%\SYSVOL" -NoRebootOnCompletion -Force
#Step 5
Restart-Computer -Force
This should complete your first DC installation. See part 2 for installation of the second domain controller.
2x Domain Controller (w/ DNS) - Windows 2012 R2 Core
1x SQL server 2012 on Windows 2012 (not r2, W/ GUI)
1x Skype for Business 2015 (Lync) server on Windows 2012
1x RDS server (as client) on server 2008R2
As a guide to configuring the Domain Controllers, below are the commands and Powershell commands that I use.
*THIS IS ONLY FOR A LAB ENVIRONMENT! I would not recommend this for a production environment*
Let me preface this by saying that all of these commands are not mandatory and this is not a secure installation. I like to disable IP v6 and all related components in my lab environment and disable the firewall.
Part 1. First domain controller, assuming a completely vanilla installation
Step 1.
Use SCONFIG to configure:
IP address, Subnet mask
defaut gateway address
DNS address
turn on (enable) remote desktop
computer name (reboot after)
step 2. disable ip6 components
From command line:
*test computer name and IP address:
hostname
ipconfig /all
netsh int ipv6 isatap set state disabled
netsh int ipv6 6to4 set state disabled
netsh int teredo set state disable
step 3. disable IP Helper service
From Powershell:
# PowerShell cmdlet to list services that are running
Get-Service * | Where-Object {$_.Status -eq "Stopped"}
#disable "IP Helper" service
set-service iphlpsvc -startuptype disabled
stop-service iphlpsvc
step 4A. disable IPv6 on adapter. on a fresh install the only adapter is called "Ethernet"
Get-NetAdapterBinding -InterfaceAlias Ethernet | Select-Object Name,DisplayName,ComponentID
Disable-NetAdapterBinding -InterfaceAlias Ethernet -ComponentID ms_tcpip6
step 4B. disable firewall
Get-NetFirewallProfile | Set-NetFirewallProfile -enabled false
step 5. install AD services (does not make a domain controller)
Install-WindowsFeature -Name AD-Domain-Services
step 6 (basic commands, accepts defaults during AD install
$Password = ConvertTo-SecureString -AsPlainText -String MyRetoreModePassword -Force
Install-ADDSForest -DomainName lab.local -SafeModeAdministratorPassword $Password -InstallDns
(additional command to append to previous command, if required/desired to change)
-DomainNetbiosName lab -DomainMode Win2012R2 -ForestMode Win2012R2 -DatabasePath "%SYSTEMROOT%\NTDS" `
-LogPath "%SYSTEMROOT%\NTDS" -SysvolPath "%SYSTEMROOT%\SYSVOL" -NoRebootOnCompletion -Force
#Step 5
Restart-Computer -Force
This should complete your first DC installation. See part 2 for installation of the second domain controller.
Thursday, May 7, 2015
Lync - Screen Sharing cannot connect to ther server now issue with multiparty application sharing and screen sharing
We use Lync for internal chatting and screen sharing and the "presence" feature. I run a small shop with 100 users spread across 5 buildings. Lync really help our users collaborate.
Although Lync is a great product, it can be slightly complicated, especially if you are a small/medium business and are NOT setting up 5 separate servers for Lync.
I ran in to an issue where two users could share content (screen or application) with each other without error. The moment a third user was added to the mix (i.e. Alice sharing content with Bill and Bob), I received "Screen sharing cannot connect to the server now". Somewhat confusing because screen sharing was working just fine between just two participants.
I do not claim to be a Lync expert. I am passing along information to help any Lync novices.
When two participants are connected, the session is peer-to-peer.
When three or more participants are connected, the Application Sharing feature depends on the Front End Server Multi Point Control Unit (MCU) to provide the sharing stream to all parties.
Error: Screen sharing cannot connect to the server now.
Lync Server 2010
This error is commonly reported when the Application Sharing Server (ASMCU) service is not running on the Lync Server Front End pool. If the ASMCU service is not installed on the Lync Front End it is likely because the components have not been enabled within the Lync Topology.
Step 1
Verify Application Sharing service is enabled in topology builder.
If not, enable it and publish the topology. Rerun component setup on FE pool using the Lync Deployment Wizard.
Step 2
Verify "Lync Server Application Sharing" and "Lync Server Web Conferencing Services" are actively running on FE pool. If not, try to start them. Check Lync Application Event logs if start fails.
*In my case the "Lync Server Application Sharing service" was bombed. Starting the service resolved the issue. The service started successfully.
If the service fails to start, check event log and begin Lync debug logging (another topic).
Step 3
Verify whether the user has the appropriate conferencing policy applied and that the policy applied has EnableAppDesktopSharing = TRUE.
Get-CsConferencingPolicy
Good luck w/ Lync. Next steps: Lync migration to 2013 on-prem.
Although Lync is a great product, it can be slightly complicated, especially if you are a small/medium business and are NOT setting up 5 separate servers for Lync.
I ran in to an issue where two users could share content (screen or application) with each other without error. The moment a third user was added to the mix (i.e. Alice sharing content with Bill and Bob), I received "Screen sharing cannot connect to the server now". Somewhat confusing because screen sharing was working just fine between just two participants.
I do not claim to be a Lync expert. I am passing along information to help any Lync novices.
When two participants are connected, the session is peer-to-peer.
When three or more participants are connected, the Application Sharing feature depends on the Front End Server Multi Point Control Unit (MCU) to provide the sharing stream to all parties.
Error: Screen sharing cannot connect to the server now.
Lync Server 2010
Internal client to internal client(s)
Single server install
This error is commonly reported when the Application Sharing Server (ASMCU) service is not running on the Lync Server Front End pool. If the ASMCU service is not installed on the Lync Front End it is likely because the components have not been enabled within the Lync Topology.
Step 1
Verify Application Sharing service is enabled in topology builder.
If not, enable it and publish the topology. Rerun component setup on FE pool using the Lync Deployment Wizard.
Step 2
Verify "Lync Server Application Sharing" and "Lync Server Web Conferencing Services" are actively running on FE pool. If not, try to start them. Check Lync Application Event logs if start fails.
*In my case the "Lync Server Application Sharing service" was bombed. Starting the service resolved the issue. The service started successfully.
If the service fails to start, check event log and begin Lync debug logging (another topic).
Step 3
Verify whether the user has the appropriate conferencing policy applied and that the policy applied has EnableAppDesktopSharing = TRUE.
Get-CsConferencingPolicy
Good luck w/ Lync. Next steps: Lync migration to 2013 on-prem.
credit to NextHop/LyncMd
http://blogs.technet.com/b/nexthop/archive/2012/11/05/lyncmd-troubleshooting-lync-server-2010-application-sharing-internal-and-remote-scenarios.aspx
Subscribe to:
Posts (Atom)