ToolsWhen the domain controllers died, there were a number of very important Active Directory tools that we needed to use in order to get our systems back up and running properly. Unfortunately, we needed to find a lot of these tools on our own and on-the-fly.

Since we found these to be useful, I thought I would put up a list and brief description of some of these tools so that when you find yourself in a similar situation, you will not be scrambling.

Be aware that a lot of these are command line tools that do not have a pretty GUI. But, if you are in the process of recovering a Windows 2003 domain controller, I am certain that you have a pretty good grasp of the command line.

Read the rest of the story…

HandyWhen you have a significant system failure like we did, things have a tendency to get a bit crazy rather quickly. There are several reasons for this, some of which include:

  • You are under a lot of pressure to get things done as quickly as possible
  • People outside of the IT department may have little or nothing to do
  • Many tasks have only one person in the company with the skills to perform the tasks at hand
  • Everyone’s individual need, in their opinion, is the most important task that needs to be completed first

Because this is such a stressful time, it is important to keep a clear head and manage the situation as quickly as possible. I have put together a few key action items that you can do when this happens to you so that you can keep things on track.

Read the rest of the story…

TwinsImagine my surprise when I went to add my new Windows 2003 server to the domain as a domain controller only to be told that the version of Active Directory that I was running in the network was the wrong type and that Active Directory needed to be upgraded to support Windows 2003.

Now, those of you who are Active Directory savvy are probably thinking to yourself right about now, “I’ll bet he has a Windows 2000 version of the Active Directory running in his environment and he needs to run ADprep to get it upgraded.”

And you would be correct except for one thing. I added two Windows 2003 servers as domain controllers to the network a couple of years ago and I upgraded Active Directory at that time! There should be no need to upgrade Active Directory again!

And believe it or not, things started to get ever stranger after that!

Read the rest of the story…

DeadSo when our Windows 2000 domain controller at the main office suddenly up and died, we needed to move the FSMO roles to a new server. Typically, this is done by demoting the server with the FSMO roles and the roles will roll over to another server. When this is not possible, as it was in this case, you are then instructed to seize these roles. But, what you are not told about is the disastrous effects of the leftover remnants of the dead domain controller. So, I went looking.

It turns out that there are several things that you need to do in order to clean out your network of the DC ghosts. These include:

  • Removing metadata
  • Removing server object from the sites
  • Removing server object from domain controllers container
  • Remove server object from DNS

Read the rest of the story…

Hard Drive CrashIt appears that Murphy and his laws were in full effect this week at work. First, I get sick with a nasty case of the flu. Everything that I ate was either return to sender or express exit. As I’m settling in to a day of self pity and TV reruns, the phone start to ring with the news of my second problem.

Apparently our domain controller for our main office crashed and the IT team could not get it to come back up and stay up. So, by 10 o’ clock, I was dragging my flu ridden butt out to the office. I ended up working until 2:AM the next day.

The third problem occurred at 11:AM on day 2. I got a phone call from the tech guy out at our field office telling me that their server did not come back up when they rebooted it. So they now found themselves in the exact same position as we did at the main office.

Things are starting to get sorted out now. We have new servers running in both locations and we are getting everything to start pointing away from the old servers and point to the new servers. We are still getting the occasional person telling us about something that is not working and we are dealing with these as they come up.

One thing that I like to do in situations like this is try and get something positive out of the situation. And there are definitely some good things that are coming out of this whole turn of events. One of those positives is the fact that I have learned a lot about recovering your environment and getting it running in short order.

Since I have gained about five years worth of experience in the past three days, I’m going to be sharing a number of these lessons with you over the next week or so. I hope that you can learn this stuff from me and not the hard way like I did.

So, the first lesson is Poop Happens!  We did everything right and by the book. We did proper backups. We plan for disasters to occur. We were prepared to act in the case of a server lose. And yet, we did not count on me being sick. We were not prepared to lose two servers in such a short period of time. There were a lot of details that we just could not foresee or if we did think of them in advance, we figured that the odds of them happening we so small, we did not worry about our actions in the event that they did occur.

What got us by were two key things: experience and flexibility. All of the combined experience that the team had allowed us to come up with solutions to our problems. The fact that one member in the team had tried a solution in a similar situation in the past helped to guide us to success.

Because the team was also flexible, able to think on their feet and come up with sometimes really unique solutions on the fly, was also significant to our success. Not only did the team think outside the box, they threw the box away! We did things that I though we would never do.

A big thanks goes out to Kent, Jeff, Mark, John, and Mamood for all of the help and effort that you put in over the past few days. You guys rock!

LonghornWindows Vista is almost here. By now, most people know about or at least have heard about this new and improved version of Windows. But what about the newest version of Windows Server? When will it be releasing to the public? What new features will it have?

Im pretty happy with Windows Server 2003. It has been pretty reliable for my situation. What new features and goodies is Microsoft going to give to entice users to Upgrade? Well I did some research and found some interesting things.

Network Access Protection

From the Microsoft website:

With Network Access Protection, you can create customized health policies to validate computer health before allowing access or communication, automatically update compliant computers to ensure ongoing compliance, and optionally confine non-compliant computers to a restricted network until they become compliant.

This would be a neat feature if it is implemented correctly.

New Terminal Service Features

The feature that stands out the most is Remote Applications. This allows applications to be installed on the Terminal Services Server and be shared to users. Remote Applications can be used side by side just like they were installed on the local machine. By using Remote Apps, this would allow true roaming profiles. The problem now is a user may move to a different computer but may not have a certain program installed.

Another feature is Terminal Services Web. This allows users to log in on the intranet or internet and use applications and desktops the same way remotely. This is integrated into IIS 7, Active Directory, and Sharepoint 3.0

Of course, Microsoft is promising increased reliability and security in the update Terminal Services. It will be interesting to see how the remote applications feature is implemented to reduce bandwidth consumption and slow applications.

Windows Powershell

Windows Powershell is a new command line shell that includes over 130 command line tools to automate common administration tasks of Active Directory, Terminal Server, and IIS. Also included is a new “easy to learn” scripting language made for system admins.

Availability and Naming

Microsoft has stayed true to its two year release timeline on server platforms. They plan on releasing it by the end of 2007 or early 2008. Longhorn is just a ‘codename’, but I don’t think that even Microsoft knows what they are going to name it. A few of my favorites: Windows Server Superb, Windows Server 1337, and Windows Server Superfun.

This is just a outline of some of the new features that stood out to me. There are many more features available. Overall I think they sound good, but if they come out good is another story. A public beta will be released sometime in the next few months. Probably middle to late summer. I’m not really an early adopter, but it will be interesting to see how the new features are implemented.

You can play around with it right now if you want. Head over to the Windows Server “Longhorn” homepage and click on Virtual Lab.

If you do not know what the above title means, then you can probably ignore this post. If you do know what it means, then this post may excite you!

I have had issues in the past with creating GPOs and having them work well at the office with the DC that was created first but other offices were acting very slow, even if the GPO was created on the other server.

I have discovered that the GPO management software will default to the first domain controller and all GPOs created will be created on that first domain controller. In order to change this behaviour, you need to right click on the domain in the GPO management console and select Change domain controller…. You can then select the domain controller that you want to use.

Microsoft Technet has a good article about this called Group Policy Replication and Domain Controller Selection that sheds more light on this issue.