Archive for category Windows Server 2008 / 2008 R2

Find User Accounts that have “Use Kerberos DES encryption types for this Account” flagged

 
In order to find which User Accounts have “Use Kerberos DES encryption types for this Account” flagged you can use the following PS cmdlet
 
get-aduser -filter {UseDESKeyOnly -eq “True”}”

Event ID 11 in the System log of domain controllers (duplicate SPN)

Event ID 11 in the System log of domain controllers:

http://support.microsoft.com/kb/321044/en-us

Microsoft DFS and File Services updates

Microsoft DFS Updates:
List of currently available hotfixes for Distributed File System (DFS) technologies in Windows Server 2012 and Windows Server 2012 R2:
https://support.microsoft.com/en-us/help/2951262/list-of-currently-available-hotfixes-for-distributed-file-system-dfs-technologies-in-windows-server-2012-and-windows-server-2012-r2
 
List of currently available hotfixes for the File Services technologies in Windows Server 2008 and in Windows Server 2008 R2:
https://support.microsoft.com/en-us/help/2473205/list-of-currently-available-hotfixes-for-the-file-services-technologies-in-windows-server-2008-and-in-windows-server-2008-r2
 
List of currently available hotfixes for the File Services technologies in Windows Server 2012 and in Windows Server 2012 R2:
https://support.microsoft.com/en-us/help/2899011/list-of-currently-available-hotfixes-for-the-file-services-technologies-in-windows-server-2012-and-in-windows-server-2012-r2

Security updates available on ISO-9660 DVD from the Microsoft Download Center

Security updates are available on ISO-9660 DVD5 image files from the Microsoft Download Center:
http://support.microsoft.com/kb/913086/en-us
 http://www.microsoft.com/en-us/download/details.aspx?id=35744

List of WMI related hotfixes post Service Pack 2 for Windows Server 2008

List of WMI related hotfixes post Service Pack 2 for Windows Server 2008: http://blogs.technet.com/b/yongrhee/archive/2009/10/11/list-of-wmi-related-hotfixes-post-service-pack-2-for-windows-server-2008.aspx

List of WMI related hotfixes post Service Pack 1 for Windows Server 2008

List of WMI related hotfixes post Service Pack 1 for Windows Server 2008: http://blogs.technet.com/b/yongrhee/archive/2009/10/11/list-of-wmi-related-hotfixes-post-service-pack-1-for-windows-server-2008.aspx

How to migrate a DHCP database from Windows 2000 Server to Windows Server 2008 or Windows Server 2008 R2

How to migrate a DHCP database from Windows 2000 Server to Windows Server 2008 or Windows Server 2008 R2
http://blogs.technet.com/b/networking/archive/2009/11/09/how-to-migrate-a-dhcp-database-from-windows-2000-server-to-windows-server-2008-or-windows-server-2008-r2.aspx

Tags: , ,

ADMT 3.2 and PES 3.1 installation errors on Windows Server 2012

http://support.microsoft.com/kb/2753560/en-us

 

 

 

 

 

 

 

Tags: , ,

Windows 2008 R2 Managed Service Accounts & Step-by-Step Guide

Managed Service Accounts: http://technet.microsoft.com/en-us/library/ff641731(WS.10).aspx

Service Accounts Step-by-Step Guide: http://technet.microsoft.com/en-us/library/dd548356(WS.10).aspx

Tags:

How to force Kerberos to use TCP instead of UDP in Windows

http://support.microsoft.com/kb/244474/en-us

Tags: ,

How to detect and recover from a USN rollback in Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2

http://support.microsoft.com/kb/875495/en-us

Tags:

Active Directory Backup and Restore in Windows Server 2008 – backup 6GB

Active Directory Backup and Restore in Windows Server 2008:

http://technet.microsoft.com/en-us/magazine/2008.05.adbackup.aspx

Tags: ,

An online defragmentation is automatically run after you run the Active Directory garbage collection process in Windows 2000 Server

An online defragmentation is automatically run after you run the Active Directory garbage collection process in Windows 2000 Server:

http://support.microsoft.com/kb/871003/en-us

  1. Install Hotfix from above article
  2. Add Registry Key for DSA Heuristics
    • Click Start, click Run, type regedit, and then click OK.
    • Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
    • Right-click the Parameters subkey, point to New, and then click String Value.
    • Type DSA Heuristics, and then press ENTER.
    • Right-click DSA Heuristics, type 0000000001, and then click OK.
      Note There are nine zeros and a one in this registry value.
    • Exit Registry Editor.

 

Tags:

Virtual Hard Disks in Windows 7 and Windows Server 2008 R2 (VHD)

Virtual Hard Disks in Windows 7 and Windows Server 2008 R2

http://technet.microsoft.com/en-us/library/dd440865(WS.10).aspx

Tags:

System State Backup from command line (WBAadmin)

To Restore System State non-authoritative you restore the System State using the following command.

C:\> wbadmin start systemstaterecovery –version:<VERSION> -backupTarget:<volume> -quiet

 

The version can be found using the following command: wbadmin get versions

The <datetime> as found in previous step must be used as version and is in MM/DD/YYYY-HH:MM format.

 

To have an authoritative restore of SYSVOL add –authsysvol,

C:\> wbadmin start systemstaterecovery –version:<VERSION> -backupTarget:<volume> -authsysvol > -quiet

 

Tags: ,

Things to consider when you host Active Directory domain controllers in virtual hosting environments

Things to consider when you host Active Directory domain controllers in virtual hosting environments:

http://support.microsoft.com/kb/888794

Repadmin /showattr

Repadmin /showattr:

http://technet.microsoft.com/ko-kr/library/cc742051(v=ws.10).aspx

The LastLogonTimeStamp Attribute” – “What it was designed for and how it works

The LastLogonTimeStamp Attribute” – “What it was designed for and how it works:

http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx

Active Directory and Lingering Objects

  • Repadmin for Experts:

http://technet.microsoft.com/en-us/library/cc811549(v=WS.10).aspx

 

  • Lingering objects may remain after you bring an out-of-date global catalog server back online:

http://support.microsoft.com/kb/314282

 

  • Lingering Objects:

http://jorgequestforknowledge.wordpress.com/2006/05/08/lingering-objects-2/

Nmcap – Automatizzare la cattura del traffico di rete con NMCap

Con network Monitor 3.3 è possibile utilizzare la riga di comando per catturare il traffico su determinate interfacce.

E’ possibile scegliere il tipo di protocollo da catturare, quando iniziare a catturare etc.

Alcuni esempi:

nmcap /network * /capture “(tcp.port == 25)” /file t.chn:100M /stopwhen /timeafter 120min /terminatewhen /keypress x

Nell’esempio di cui sopra NMcap catturerà il traffico relativo a tutte le interfacce (parametro “/network *”) indirizzato alla porta TCP 25  e si fermerà dopo 120 min oppure premendo il tasto “X”. Il comando concatena inoltre i dati catturati in N file t(1).chn e t(2).chn, ognuno di 100MB fino al termine previsto per la cattura (su questo punto vi consiglio di prestare particolare attenzione al esaurimento dello spazio disco a disposizione). Ricordo che per default, per fermare la cattura, è semplicemente necessario utilizzare Ctrl+C o Ctrl+Break. Procediamo con un passo indietro e un esempio più semplice:

nmcap /network * /capture /file test.cap

Il comando di cui sopra cattura il traffico su tutte le interfacce salvando i dati nel file test.cap (cattura circolare per un file con dimensione massima pari ai 20MB di default). Un altro esempio interessante può essere il seguente dove effluiamo la cattura di tutto il traffico escludendo la parte relativa al protocollo RDP (Terminal Services):

nmcap /network * /capture “!(tcp.port == 3389)” /file test.cap

Come anticipato nel primo script è possibile impostare la partenza e lo stop della cattura attraverso gli switch /startwhen e /stopwhen dopo un certo numero di minuti (ad esempio 30) col seguente switch: “/TimeAfter 30 mintues” oppure indicando un orario preciso con lo switch “/Time 10:30:00 am 9/10/2006” (attenzione perché il formato della data/ora dipende dai locale settings impostati) oppure, come ho accennato all’inizio del post, col verificarsi di un determinato evento come nell’esempio di cui sotto dove la cattura terminerà non appena NMCap rileverà i passaggio di un frame dal server locale all’ host con IP 10.20.30.41:

nmcap /network * /capture /file t.cap /stopwhen /frame (ipv4.address == ipconfig.localipv4address) AND (Ipv4.DestinationAddress == 10.20.30.41)

Come ho accennato prima è possibile concatenare i file di output della cattura specificando l’estensione “.chn” e la dimensione massima per ogni file (che consiglio di mantenere al di sotto di 100-200MB al fine di non ritrovarsi a gestire file di dimensioni troppo ampie). Per cui, utilizzando ad esempio lo switch “/file t.chn:1M” verranno creati dei file chiamati files t(1).chn, t(2).chn, ecc. ognuno con dimensione pari ad 1MB.

Relativamente alla salvaguardia dello spazio a disposizione sarà possibile indicare anche una condizione alternativa di stop della trace basata sulla percentuale di spazio libero su disco come nell’esempio di cui sotto dove, al raggiungimento del 5% di spazio libero residuo, la cattura terminerà automaticamente:

nmcap /network * /capture /file result.cap /MinDiskQuotaPercentage 5

Tags: ,