Backtrack:  
 
showing posts tagged with 'microsoft'
 
edited by on May 2nd 2019, at 13:50

Attached is Microsoft's latest password guidance document.

With the application of the guidelines in this document, you should be able to get better overal security without compromising too much of the user-friendly experience.

edited by on December 19th 2017, at 09:11
Currently, it's not possible to set up HTML-based auto-reply messages on shared or resource mailboxes, as you cannot directly log on to OWA to set the message. Through Powershell, you can do this quite easily.

First, create two HTML-files containing your internal and external message. You do not have to specify the <html> and <body> tags. Save these to a convenient location. Be sure to save them as regular text files, with extension .txt.

Next, log on to Exchange Online management shell.

cd to the location of the two message files, and load them to variables:

$internalmessage = Get-Content -Path internalmessage.txt

$externalmessage = Get-Content -Path externalmessage.txt  ...
edited by on December 15th 2016, at 14:48

Ned Pyle from Microsoft TechNet wrote an article about DCDiag, explaining in detail what it actually does.

Read full article on TechNet.

edited by on October 14th 2015, at 09:53
Microsoft has announced the next generation of their tablet: the Surface Pro 4. It features the new 6th generation Intel CPU, higher resolution, more storage, memory, and an improved (back-lit) Type Cover. Prices start at $899 in the US.

→ Surface Pro 4 specifications

Also from Microsoft, is its all-new Surface Book, a 13.5" hybrid ultrabook, and basically the direct competitor to Apple's Macbook. Featuring a high resolution (3000x2000), 6th gen Intel CPU, two full-size USB 3.0 ports, SD card, and much more. The i5/i7 models even come with nVidia GeForce graphics.

→ Surface Book specifications

With its sleek design, and powerful features, it is obvious that Microsoft is fi  ...
edited by on August 12th 2015, at 15:47
In an Exchange cluster with a Database Availability Group (DAG), you can easily "switch over" one, more or all mailbox databases to another node.

Warning
If you need to take a node offline, it's better to put it in maintenance mode. This will properly notify the cluster that the node is in maintenance and prevents automatic failover (of other services, if any) to other nodes.

Switchover can be done through EAC, or through the EMS (Powershell).

To switch over all mailbox databases to a server called EX2:

Move-ActiveMailboxDatabase -Server EX2

To switch over the database called DB1 to a server called EX2:

Move-ActiveMailboxDatabase DB1 -ActivateOnServer EX2

The switchover will  ...
edited by on August 10th 2015, at 16:03
If a server that is part of a fail-over cluster and also runs SCOM 2012 agent, you may get the following alert:

Alert: Agent proxy not enabled
Last modified by: System
Last modified time: 8/10/2015 3:53:20 PM
Alert description: The agent was not able to submit data on behalf of another computer because agent proxy is not enabled. Details:Health service ( server-name ) should not generate data about this managed object ( Microsoft.Windows.Computer ).

The agent will notice the server is part of a cluster and will attempt to retrieve additional information about the cluster, which is not allowed by default.

To resolve, follow these steps:

In Operations Manager, go to Administration.

In the  ...
edited by on July 17th 2015, at 14:01
When you create a Windows Server 2012 failover cluster, the following event may be logged in the System log:

Event ID 1222 (Microsoft-Windows-FailoverClustering)
The computer object associated with cluster network name resource could not be updated.Unable to protect the Virtual Computer Object (VCO) from accidental deletion.

When a failover cluster or a cluster role is created, a computer account (a so-called Cluster Name Object (CNO)) is created in Active Directory. Since Server 2012, these objects are flagged to prevent accidental deletion. If the main cluster resource (also a computer account) does not have the required permissions on the OU containing the CNOs (by default, this is the   ...
edited by on July 17th 2015, at 09:15

When restoring a database, you usually start with restoring a full backup, then any differentials, and finally the transaction logs. You set the database restore mode to WITH NORECOVERY, which allows you to perform these additional restores.

But what if you find out that there's nothing more to restore, leaving you with a database stuck in Restoring mode? Then you only need to run a single T-SQL statement:

RESTORE DATABASE [db_name] WITH RECOVERY

Replace db_name with the name of your database.

edited by on July 13th 2015, at 16:16

Follow the chart below to successfully perform a rolling upgrade of your HA SQL Server cluster.

edited by on July 9th 2015, at 09:31

Based on recommendations and best practices from Microsoft, and information I found here, I compiled a FSMO placement scenario for 2 domain controllers:

DC1DC2
PDC Emulator
RID Master
Infrastructure Master
Schema Master
Domain Naming Master
Global Catalog

Also, if your domain is top-level in the AD forest, configure DC1 to sync with external time sources.

edited by on July 8th 2015, at 16:55

To safely remove a node from a Windows 2003 Fail-Over Cluster, follow these steps:

  1. First, using Cluster Administrator, move all roles to the other nodes in the cluster.
    There should be no more roles, including the quorum running on the node.
  2. In Cluster Administrator, right-click the node and click Stop Cluster Service. (Skip this step if it is the last node of the cluster.)
  3. Still in Cluster Administrator, right-click the node and click Evict node. This will remove the node from the cluster.
  4. Optionally, you can now remove the Fail-Over cluster components from the server.
edited by on July 3rd 2015, at 15:46
Active Directory uses Kerberos for authentication, which relies strongly on having the date and time of day running synchronously across the entire network and all devices in it. By default, each server and client joined in the AD, including domain controllers, will follow the domain hierarchy to sync its time. Domain controllers are set to automatically determine whether they can be used as a (reliable) time source. If a DC has considered itself as a time source, it will accept requests from clients and provide them with the its own current time.

Domain controllers at the top of the forest (top-level DCs) don't have another server above them to sync against, so they can either opt to sync   ...
edited by on July 2nd 2015, at 13:29
Contacting a domain controller in Active Directory is done through DNS lookup. Several DNS SRV records are used to find domain controllers in a site. If multiple domain controllers are present in the same site, the client will arbitrarily select one, based on the contents of those records.

By default, the selection is random, and all DCs have an equal change of being picked. The inherit properties of SRV-records allow for this behaviour to be influenced, by changing the weight and priority of those records. This enables fine-tuning and configuration of which DC to favour or even exclude. By default, all SRV records (thus, all DCs) have their weight and priority set to 0.

The weight defines  ...
edited by on June 29th 2015, at 17:14
Users that have access to a number of shared mailboxes in their Outlook may notice the contents of those shared mailboxes are no longer synchronized properly. Their own personal mailbox does not seem to have this problem. On the server running the Exchange Information Store (MSExchangeIS), a variation of the following event is logged when this occurs:

Event ID 9646
Mapi session "ba765653-5439-437a-993f-806575b85fbb: /o=My Company/ou=First Administrative Group/cn=Recipients/cn=user" exceeded the maximum of 500 objects of type "objtFolder".

The reason for this error is that the Outlook client has hit the maximum number of MAPI connections allowed for the specified object   ...
edited by on June 29th 2015, at 13:00
Microsoft's recommendations for customizing the default start screen for new users are known to be somewhat over-complicated and perhaps difficult to implement. They involve editing the reference image, using unattend.xml, or some other elaborate procedure. There's also the posibility of using a group policy to provide users with a customized start screen, but while this is relatively easy to implement, it does not allow the user to change the layout afterwards.

Fortunately, there's a far easier method, involving two Powershell cmdlets that provide us with a very easy way to provide new users with a default customized start screen, but still allow the users to make changes to it. This metho  ...
edited by on June 26th 2015, at 14:50

Microsoft has released the Azure Active Directory Connect to the general public. Azure AD Connect replaces (although "incorporates" is a better word) DirSync as the new tool to set up synchronization between your on-premise Active Directory and Azure Active Directory, including Office 365.

The current version of Azure AD Connect is only the beginning. Microsoft has announced a lot more features, which will be made available in the next versions.

More information and installation resources: https://azure.microsoft.com/nl-nl/documentation/articles/active-directory-aadconnect/

edited by on June 26th 2015, at 12:01
When attempting to trigger an AD replication from one DC to another using Active Directory Sites and Services or repadmin.exe, you may get the following error:

AD Replication error 8452:
"The naming context is in the process of being removed or is not replicated from the specified server."

The most common cause for this error is that you tried to replicate between DCs for which no DS replication connection exist. The replication attempt will therefore fail. As a workaround, try replicating to the target DC from another source DC. Or, create a new replication connection between the target and source DCs.

Open Active Directory Sites and Services.

In the tree to the left, locate t  ...
edited by on June 26th 2015, at 11:25

Active Directory (AD) integrated DNS zones are not replicated by the DNS server, but replicates through the Active Directory replication mechanism, and uses the same settings for AD replication.

You can trigger replication through Active Directory Sites and Services, or with repadmin.exe on command prompt:

repadmin.exe /replicate target_dc source_dc DC=DomainDnsZones,DC=domain,DC=com

Replace parameters accordingly:

  • target_dc is the DC to replicate to
  • source_dc is the DC to replicate from
  • Edit the naming context so it includes your FQDN: e.g. contoso.co.ukDC=contoso,DC=co,DC=uk
edited by on June 25th 2015, at 16:46
When attempting to send an e-mail, you get a non-delivery report containing the following error code:

[0x80070005-00000000-00000000]

Usually, this error is caused if you are sending mail on behalf of someone else, and don't have permission to do so. Note that send on behalf and send as are two different, exclusive permissions. Having one permission does not automatically allow the other.

In rare cases, this error can also occur when a user's mailbox has been migrated to Exchange 2013, and the shared mailbox is still on the old Exchange server. This causes problems with permissions, and can quickly be resolved by setting the required permissions on the shared mailbox (send as/on behalf), t  ...
edited by on June 24th 2015, at 13:07
With dcpromo.exe now being deprecrated on 2012 and 2012 R2, it is no longer obvious which method to use to demote a domain controller. Although you could resort to Powershell to get it done, there's also a way to demote using Server Manager, albeit not a very clear one.

The trick is to attempt to remove the Active Directory Domain Services role from the server, using Server Manager. When you do remove this, you will be prompted to demote the domain controller before the role can be removed, along with a link to actually perform this task.

Start Server Manager. In the upper right corner, click Manage, then click Remove Roles and Features.

Continue in the wizard that appears, making sure th  ...
 
showing posts tagged with 'microsoft'