Cloud Computing, Networking & Security, SDLC, VMware, Microsoft, AWS, and Related Technology Topics
“A Microsoft private cloud dramatically changes the way your business produces and consumes IT services by creating a layer of abstraction over your pooled IT resources. This allows your datacenter to offer true infrastructure service capability as well as optimally managed application services.
Microsoft private cloud solutions are built on System Center and Windows Server.”
You can get the software here.
Posted by Gabriel Maciel
“With the Active Directory Topology Diagrammer tool, you can read your Active Directory structure through LDAP. The Active Directory Topology Diagrammer tool automates Microsoft Office Visio to draw a diagram of the Active Directory Domain topology, your Active Directory Site topology, your OU structure, your DFS-R topology or your current Exchange 20XX Server Organization. With the Active Directory Topology Diagrammer tool, you can also draw partial Information from your Active Directory, like only one Domain or one site. The objects are linked together, and arranged in a reasonable layout that you can later interactively work with the objects in Microsoft Office Visio.”
You can download the Microsoft Active Directory Topology Diagrammer tool here.
Posted by Gabriel Maciel
“File server capacity planning and performance troubleshooting are critical aspects of high-level network administration. File server capacity planning tools can be valuable in choosing new hardware for purchase, identifying the capacity of existing hardware, locating existing bottlenecks, and planning for resource expansion in advance of resource exhaustion.
The throughput capacity of a file server can be expressed either as the maximum number of operations per second or a maximum number of users supported by the configuration. These values are influenced by several factors, some of which include processor speed, available memory, disk speed, network throughput and latency, and the speed with which SMB requests are processed.
This release is an updated release to v1.0. It includes support of File Server in the Windows Clustering configuration. Windows Clustering allows system to be built with redundancy, which provides high availability to tolerate hardware failures. With a two node clustering, you could setup more than one virtual file server instance, and have FSCT clients run load against all the instances. In this release, a new section “Running FSCT against a singleton Windows Cluster” will describe the setup and steps for running against a Windows Cluster.”
You can download the Microsoft File Server Capacity Tool here (64b) and here (32b).
Posted by Gabriel Maciel
“iSCSI Software Target is an optional Windows Server component that provides centralized, software-based and hardware-independent iSCSI disk subsystems in storage area networks (SANs).”
You can download the new package here and find additional information by reading Jose Barreto’s blog posts: The Basics of the Virtual Disk Services (VDS), Configuring the Microsoft iSCSI Software Target, Step-by-step: Using the Microsoft iSCSI Software Target with Hyper-V (Standalone, Full, VHD) and Microsoft iSCSI Software Target 3.3 for Windows Server 2008 R2 available for public download.
Posted by Gabriel Maciel
Something to take into account if you are upgrading your AD infrastructure to Windows 2008/R2 and adding a new DC to hold the FSMO roles:
“If you have changed the FSMO roles to another machine please run on the new PDC Emulator:
- w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update
With "PEERS" you can set the time source, either DNS name or an ip address from a reliable time source. Here you can find some of them: http://www.pool.ntp.org/.
On the old PDC Emulator run:
- w32tm /config /syncfromflags:domhier /reliable:no /update
- After that run: net stop w32time and then net start w32time”
Original post and more information here and here.
Posted by Gabriel Maciel
“Disable time synchronization on the host by using Integration Services, and then configure the virtualized domain controller to accept the default Windows Time Service (W32time) domain hierarchy time synchronization. To do this, follow these steps:
More information here – Microsoft KB article 976924.
Posted by Gabriel Maciel
“Overview
- The Active Directory Migration Tool version 3.2 (ADMT v3.2) simplifies the process of migrating objects and restructuring tasks in an Active Directory® Domain Service (AD DS) environment. You can use ADMT v3.2 to migrate users, groups, service accounts, and computers between AD DS domains in different forests (inter-forest migration) or between AD DS domains in the same forest (intra-forest migration). ADMT can also perform security translation (to migrate local user profiles) when performing inter-forest migrations.
System Requirements
- Supported Operating Systems: Windows Server 2008 R2
- ADMT can be installed on any computer capable of running the Windows Server 2008 R2 operating system, unless they are Read-Only domain controllers or in a Server Core configuration.
- Target domain: The target domain must be running Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2
- Source domain: The source domain must be running Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2
- The ADMT agent, installed by ADMT on computers in the source domains, can operate on computers running Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.”
The new version of Active Directory Migration Tool can be downloaded here and its guide “Migrating and Restructuring Active Directory Domains” here.
Posted by Gabriel Maciel
“Overview:
The Microsoft IT Environment Health Scanner is a diagnostic tool that is designed for administrators of small or medium-sized networks (recommended up to 20 servers and up to 500 client computers) who want to assess the overall health of their network infrastructure. The tool identifies common problems that can prevent your network environment from functioning properly as well as problems that can interfere with infrastructure upgrades, deployments, and migration.
When run from a computer with the proper network access, the tool takes a few minutes to scan your IT environment, perform more than 100 separate checks, and collect and analyze information about the following:
- Configuration of sites and subnets in Active Directory
- Replication of Active Directory, the file system, and SYSVOL shared folders
- Name resolution by the Domain Name System (DNS)
- Configuration of the network adapters of all domain controllers, DNS servers, and e-mail servers running Microsoft Exchange Server
- Health of the domain controllers
- Configuration of the Network Time Protocol (NTP) for all domain controllers
If a problem is found, the tool describes the problem, indicates the severity, and links you to guidance at the Microsoft Web site (such as a Knowledge Base article) to help you resolve the problem. You can save or print a report for later review. The tool does not change anything on your computer or your network.”
You can download the tool here.
Posted by Gabriel Maciel
The GPOAccelerator creates all the Group Policy objects (GPOs) that you need to deploy recommended security settings for your environment to save you hours of work that you would otherwise need to configure these settings. This Solution Accelerator includes guidance to assist you with this tool.
You can download the tool here.
Posted by Gabriel Maciel
Overview
Microsoft Active Directory 2008 Operations Guide provides administering and management information about day-to-day operations of Active Directory® Domain Services (AD DS) directory service technologies in the Windows Server® 2008 operating system.
You can download the file here.
Posted by Gabriel Maciel
"Typically printer installation is done in the enterprise via login scripts that are based on usernames. This works fine in most cases, however, I recently began looking into a better way to do this. The problem with installing printers based on usernames is that on a given day a teacher or student can log into as many as three or four different computers in various locations throughout a school. With this being the situation, we could for instance map the printer “GCHS-MATHLAB” to a student active directory account, but then when the student walks into the business lab, he will still be printing to the math lab. The obvious reaction to this would be to setup a script that installs all available printers in the building for the student, however this creates an unnecessary security risk, and would allow students to print into room they are not located in which could cause trouble."
You can read the full article here.
Posted by Gabriel Maciel
Installing Active Directory is not all that difficult. However, once you get it installed, there is still plenty of work that needs to be done. The first stage of configuration of Active Directory is securing it. There are many areas that need attention and many settings that need to be altered to prepare it for secure action on your network. Let’s take a look at the initial settings that you should make to get Active Directory secure for your network before you dive into setting up the entire structure.
You can read the full article here.
Posted by Gabriel Maciel
From TrainSignal.com:
This 6 hour training course introduces you to Windows Server 2008. It will teach you some of the hot new features that are available in Window Server 2008 and how to configure them. This course is just the beginning...
You can download the free training videos here.
Posted by Gabriel Maciel
Very nice work done by Mark Wilson on this Active Directory series!
Here are the links:
Sources:
Mark Wilson's Blog
The things that are better left unspoken
Posted by Gabriel Maciel
Here you have the best links and articles for the past week:
Enjoy!
Posted by Gabriel Maciel
If you want to see a couple of nice videos about Microsoft Windows 2008 and Active Directory check the links below:
In this video from TechEd 2008, Microsoft senior technical product manager Justin Graham discusses some of the lesser known improvements made to Active Directory with Windows Server 2008. Here you'll get details on features such as stickiness prevention and fine-grained password policies, plus info on what new auditing enhancements to AD mean to administrators.
In part two of our interview on Active Directory from TechEd 2008, Microsoft senior technical product manager Justin Graham explains how the read-only domain controller can help improve branch office security. Graham also provides details on the application compatibility considerations that administrators should be aware of before deploying an RODC with Active Directory in Windows Server 2008.
Posted by Gabriel Maciel
Feel free to disregard this post since it is just a reminder for me because in two occasions now I needed to change the preference for a Domain Controller and I did not have this information handy.
When clients authenticate, the DNS server returns a list of servers. In DNS, service (SRV) records have three values associated with them. For example, in DNS Manager, you would see an SRV record that looks similar to the following:
_ldap._tcp._dc._msdcs.nwtraders.local [0] [100] [389] dc1.nwtraders.local
The numeric values of the middle portion of this display are defined as follows:
- [0] represents the priority of the record. A client must attempt to contact the target host with the lowest-numbered priority it can reach. Target hosts with the same priority should be tried in an order defined by the weight of the record. The range is 0–65535.
- [100] represents the weight of the record. Weight determines how records of the same priority will be load balanced. The higher this value, the more likely the client will choose the domain controller identified in this SRV record against which to perform queries. Typically, weights are adjusted depending on the hardware platform of the domain controller. If there are two domain controllers, one with more processing power than the other, the more powerful domain controller can handle more query requests and thus should be given a greater percentage of the total workload.
- [389] represents the network port on which the service record will listen for activity.
Notes:
- Exchange Directory Access uses only the weight value to determine which server the client should prefer. Therefore, administrators can use the priority value to control Active Directory load generated by logons, and the weight value to control Active Directory load generated by Exchange. A higher weight results in a higher probability that Directory Access will choose a server. Directory Access treats a weight of 0 the same as it treats a weight of 1. If Directory Access cannot read the weight, it uses a default weight of 100.
- The LDAP weight value determines the percentage of clients (not queries) which will discover a domain controller. This percentage is equal to the LDAPSrvWeight of the server, divided by the combined LDAPSrvWeight of all domain controllers in the site with the same priority.
Related articles:
Posted by Gabriel Maciel
In this session, we explore Server Core, a new minimal installation option included in Windows Server 2008. A Server Core installation provides a minimal environment for running a subset of the server roles, the Active Directory directory service, Active Directory Lightweight Directory Services, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), and file, print, and media services. Server Core also can reduce the servicing and management requirements and the attack surface for those server roles. In this webcast, we discuss the architecture of Server Core, in addition to installation, configuration, and administration of Server Core.
Also, since Server Core is going to be the preferred version to deploy Hyper-V, it may not be a bad idea to start learning more about it!
You can watch the webcast here!
Posted by Gabriel Maciel
These are a couple of nice utilities in case you need to create a substantial amount of Active Directory Groups at once or generate new Login Scripts for your users:
CreateGroups.vbs (Bouke Groenescheij)
"...a script which processes a list of groups (text lines from a file) and put them in Active Directory.
All you need to do is create a file. On every line put <groupname>,<description> and drag and drop this text file on the script. Oh yeah, change your domain name and group to reflect your environment (duh) in the CreateGroups.vbs .
Please note that you cannot have any 'bad' characters in the groupname. I like working in Excel to create these kind of lists and the 'SUBSTITUTE' formula can be very helpful to remove any bad characters."
Download the script here
Logon Script Generator (Jeffery Hicks)
"This free tool is an HTA that generates a fully functional VBScript logon script. Now you can script without scripting! At the very least you can quickly generate the foundation of a VBScript logon script that you can further modify and extend. The HTA generates VBScript code, lets you preview it and then save it to a file. Once saved, you can edit the code in PrimalScript with the click of a button. If you don’t have PrimalScript, the saved script can be opened in Notepad. Requirements: Windows XP and an Active Directory domain."
Download the tool here
More information here
Posted by Gabriel MacielI deleted the 1st part of this post and merged it with the 2nd in a document that you can download here.
The idea is that you will be able to edit, print or use the document as a reference card whenever you need it.
Download Symptoms that a FSMO Role is Missing (Part 1 & 2)