Basic DiskPart Commands, create volume, server core, diskpart - the media is write protected

This stuff is old news but just in case anyone is looking for a small guide to diskpart.
Scenario:

Existing Windows file server. File server is Windows 2016 core (or non-desktop experience as it is now called)
Server is VM on ESXi 5.5

1. in vSphere client, add new disk/vmdk to VM. That process is not covered in this guide.

2. in the GUEST - Windows 2016 core in this example, disk management (diskmgmt.msc) is not available. From command line, run diskpart

3. "list disk" to view your disks

4. "select disk 2" - or your disk number

5. "online disk" to bring the disk online

You should receive "DiskPart successfully onlined the selected disk"

6. "Create Partition Primary"

You may receive "DiskPart encountered an error: The media is write protected."

IF you receive the error move to step 6B.

6B. "attributes disk clear readonly"

Then try "Create partition primary" again. Additionally, if  you DO NOT specify a size, DiskPart creates a partition the full size of the disk. If you do want to specify a size the command would look like:

Create partition primary size=10000

the size is in MB (megabytes) so the previous example would be 10GB.

7. Format the drive

format FS=NTFS quick

(additionally you could add label=MyLabel)

8. Assign a drive letter

To assign the next available drive letter, just type "assign"

To Specify a drive letter use:

1. assign letter=W

9. "list volume" to see your volume information. Verify the drive letter (E in my example) and verify the file system type (NTFS). EXIT to leave diskpart.

Additionally, I run a "net share" to see the the root of the drive is administratively shared (as all drives are by default in Windows, if you haven't turned this "feature" off).

IE Compatibility View via GPO - incorrect settings, wrong description

So I have an internal web server hosting a .net 4 app (website). The site DOES NOT render properly when "compatibility view" is turned on.

The default setting on Internet Explorer is "Display intranet sites in Compatibility View". My users access the app via a single label hostname like "http://myapp". IE treats this as an intranet site.

I decided the easiest approach without changing the code, was simply UNCHECK display intranet sites in compatibility mode for all users via GPO. We have no other use case or need to display intranet sites using compatibility view.

The setting to control this in Group Policy is HERE:
"Computer (and User) Configuration/Administrative Templates/Windows Components/Internet Explorer/Compatibility View/Turn on Internet Explorer Standards Mode for Local Intranet"

**THE SETTINGS ARE INCORRECT as the description states!

I set the policy setting to "disable".  However, what it did is grayed out the box for "Display intranet sites in compatibility view" instead of unchecking it. See image below.

Setting set to DISABLED

results in IE (after policy refreshed). Setting "Display intranet sites in Compatibility View" is CHECKED and GREYED out. Not the desired effect. We want to DISABLE the "turning on of Internet Explorer Standards mode for local intranet".


I go back in to GPO policy editor, change the setting to ENABLED. Wait for the policy to refresh. Here is the result:
UNCHECKED and GREYED OUT

Here is an accurate description of what the group policy setting accomplishes:
Enabled - checked and greyed out
Enabled - unchecked and greyed out

Microsoft should fix the confusion, or change the description.I hope this helps you.

Find Name (and IP) of Domain controller in network

You are working/discovering at a client site and you want to determine the domain controllers.
There are many many sources and methods to skin this cat. Here is a digest of a few of the best methods.

nslookup from command line
nslookup
set type=all
_ldap._tcp.dc._msdcs.DOMAIN_NAME
*probably the most standard, all you need is any Windows machine

from command line
set l                              (Lowercase "L")
*will only show the domain controller that authenticated you - does not show all domain controllers

From command line
gpresult /r
*will only show the domain controller that provided group policy to you at logon - does not show all domain controllers

From PowerShell
Import-Module ActiveDirectory
Get-ADDomainController | select name
*assumes you have RSAT and powershell installed
*only shows a domain controller not all domain controllers

My personal favorite
From command line
nstest /dclist:domain
*shows all domain controllers and their AD site

Exchange shell script as Scheduled task - mailbox and database statistics to e-mail

If you have a script that you run in Exchange Management Shell, you can schedule the task to run in "Scheduled Tasks".

I had to fumble around with this for some time, so I thought I could share. Maybe this will save you just a few minutes. I saw a few resources on the web on how to perform this task. For some reason or another, most of the guides were incorrect or didn't work on my Exchange server (tried on 2010 and 2013).

this is what DID work:

Create a scheduled task in task scheduler > basic task...
For the program/script:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Add this under ARUGEMENTS:

(For Exchange 2010)

-version 2.0 -NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; <path and name of your existing .ps1 file>"

(For Exchange 2013)

-NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; <path and name of your existing .ps1 file>"

On the Exchange Server I created a folder called "scripts" on C:\

My argurment looks like this:

-version 2.0 -NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; C:\scripts\Send_mailbox_stats.ps1"

Continue to configure your scheduled task. Select "Run wheather user is logged on or not", Select a date\time\recurrence under triggers.

You are all set as far as the scheduled task goes.

Here is an awesome script that will send you an email including all of your mailbox sizes and all of your database sized. In my case I have the report e-mailed weekly.

Enjoy:

# ******** Send mailbox statistics script

$Logfile = "C:\mailboxreport.txt"

$mailboxservername = "<YOUR MAILBOX SERVER NAME>"

$NumOfMailboxes = 40   #number of mailboxes to return

#******** delete the existing file, if exists

remove-item $Logfile | out-null

#********* variables for the mail message values 

$FromAddress = "reports@yourdomain.com"

$ToAddress = "youremailaddress@yourdomain.com"

##$ToAddress2 = "otheremailaddress@yourdomain.com"

$MessageSubject = "Mailbox Size Report"

$MessageBody = "Attached is the current list of mailbox sizes."

$SendingServer = "YourOutboundmailserver.yourdomain.com"

#********** get and write the current date/time to the file

$LogTime = Get-Date -Format "MM-dd-yyyy_hh:mm:ss"

$LogTime >> $logfile

$mailboxservername >> $LogFile

#*********** Formatting for mailbox statistics # adjust the widths if desired

$a = @{Expression={$_.DisplayName};Label="Name";width=28}, `

@{Expression={$_.TotalItemSize.Value.ToMB()};Label="Size (MB)";width=9}, `

@{Expression={$_.itemCount};Label="Items";width=11}

#*********** Now get the stats and send to a text file

write-Output "" >> $Logfile

write-output "Mailbox Information: Top $numOfMailboxes" >> $Logfile

Get-MailboxStatistics -server $mailboxservername | Sort-Object TotalItemSize -Descending | ft $a | select-object -first $NumOfMailboxes >> $Logfile | out-null

#*********** Formatting for database statistics

$a =  @{Expression={$_.Name};Label="Name";width=28}, @{Expression={$_.databasesize.ToGB()};Label="Size (GB)";width=9}, `

@{Expression={$_.Availablenewmailboxspace.toMB()};Label="Avail (MB)";width=11}

#*********** Now get the database stats and send to text file

write-output "" >> $Logfile

write-output "Database Statistics for server $mailboxservername" >> $logfile

Get-MailboxDatabase -Status | sort name | ft $a  >> $Logfile

#********** Create the mail message and add the statistics text file as an attachment

$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress, 

$MessageSubject, $MessageBody

$Attachment = New-Object Net.Mail.Attachment($logfile) 

$SMTPMessage.Attachments.Add($Attachment)

#$SMTPMessage.To.Add($ToAddress2)

#*************** Send the message *****************

$SMTPClient = New-Object System.Net.Mail.SMTPClient $SendingServer

$SMTPClient.Send($SMTPMessage) | out-null

Exchange 2010 and iPhone, Connect get mail, Connection to the server failed

During an upgrade from Exchange 2007 to Exchange 2010, whilst re-homing the CAS server and re-homing mail flow from 2007 to 2010, all of a sudden some users could not connect to Exchange from their iPhones. Only SOME users were affected and only iPhone users. We have a mix of iPhone and  various Droid phones in use.

iPhone users were receiving:



tried rebooting phone - no luck

For SOME reason - the issue was fixed for 5 users by turning off SSL and then back on
For SOME reason - the issue was fixed for 3 users by turning on Airplane mode and then off

That still left me with about 25 users that couldn't get e-mail/calendar/contacts on iPhones.

Troubleshooting led me here (solution 3)
http://www.iphonetopics.com/cannot-get-mail-the-connection-to-the-server-failed/

Again, for SOME reason, some users did not have "Include inheritable permissions from this object's parent" enabled (ticked)

Open Active Directory Users and computer
On the top menu choose View > Advanced Features.
Find and right click the user account and choose Properties.
Choose Security tab. Then choose Advanced.
Select the check box ““Include inheritable permissions from this object’s parent”.

Checking this box fixed the issue, but now the bigger issue was how to do this in bulk for all my users.
Here is a powershell script that will enable (tick the box) for all users in AD recursing down an OU structure


Import-Module activedirectory
$Users = Get-ADUser -LDAPFilter “(ObjectClass=User)” -SearchBase “OU=accounts_active_users,DC=***,DC=***"
ForEach($User in $Users)
{
    # Bind users
    $OU = [ADSI](“LDAP://” + $User)
    $SecGroup = $OU.PSBase.ObjectSecurity

    if ($SecGroup.get_AreAccessRulesProtected())
    {
        $isProtected = $false ## Allows inheritance
        $preserveInheritance = $true ## Preserves inheritance
        $SecGroup.SetAccessRuleProtection($isProtected, $preserveInheritance)
        $OU.PSBase.CommitChanges()
        Write-Host “$User inheritance has been set”;
    }
    else
    {
        Write-Host “$User inheritance already set”
    }
}

taken from: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28553940.html

Get serial number of server from within Windows

I was remotely connected (via RDP) to a server a thousand miles away for which I needed to get the serial number. The server is an HP 380 Gen9.

Neat trick using WMIC

from command line:

wmic /node:HOSTNAME bios get serialnumber

(I used "localhost" for the hostname)

Domain Controller, new domain, Windows 2012 r2 Core, part 2

See part 1 for the back story.


Here we establish a second domain controller for an existing domain that we set up in part 1.




Use Part1 to repeat steps 1 through 5


Verify your hostname and IP configuration are correct, primary DNS should be address of the first domain controller we installed in part 1.


To create additional domain controller for existing domain:
From PowerShell:


step 6.
#add computer to domain
add-computer -domain lab.local -credential (get-credential)
[enter credentials of domain admin]
restart-computer




step 7.
from PowerShell


Install-ADDSDomainController -DomainName lab.local -InstallDNS:$True –Credential (Get-Credential)
[enter domain admin credentials]
reboot will occur.