How to Remotely Manage AD from a Member Server

How to Manage AD from Member Server

This was once a default option for Windows member servers in an organization's domain. An administrator user in the domain was able to click Start then Run then type in ad.msc and start Microsoft Active Directory Users and Computers from a member server in the domain. This feature was useful indeed and was removed as a default with Windows Server 2008.

  

For administrators that are looking to enable remote management of Active Directory from a member server there is a simple way to add this functionally to a member 2008 and 2008 R2 server in the domain. It is done by installing Remote Server Administration Tools for AD DS. 

Remotely Access Active Directory from Another Server

When an administrator installs Active Directory Domain Services (AD DS) on a member server to create a new or additional domain controller, tools that are used to manage AD DS are installed automatically. To  manage Active Directory domain controllers remotely from another server or a Windows desktop operating system that is not a domain controller, Remote Server Administration Tools (RSAT) can be installed on a member server that is running Windows Server 2008 R2 or Windows Server 2008. RSAT can also be installed on a computer that is running running Windows 7 or Windows 8. The Active Directory Remote Server Administration Tools (RSAT) component that's used to access and manage AD Directory Services is Active Directory Domain Services Tools.

Installing Remote Server Administration Tools for AD DS

Active Directory Domain Services Tools on a member server

Open Server Manager on the member server and click Add Features.

In Features, check the box to expand Remote Service Administration Tools and Role Administration Tools:

Windows Server 2008 member server: 

Expand Active Directory Domain Services Tools, and then click Active Directory Domain Controllers Tools.

Windows Server 2008 R2 member server: 

Expand AD DS and AD LDS Tools, then expand AD DS Tools, and then click AD DS snap-ins and command-line tools.

Click Next and then click Install. The setup wizard will install the necessary files and create the shortcust to manage Active Directory (AD) from this member server.  

The Active Directory Domain Services Administration Tools are available on the Administrative Tools menu.

In some cases even before a reboot of the server is performed , you can run the active directory suers and computers management console AD.msc by clicking Start > Run > then typing AD.msc , then click open. 

Installing Active Directory Domain Services Tools on a computer that is running Windows 7 or Windows 8

Windows 7 and Windows 8 does not ship with RSAT installation files as does Windows Server 2008. To install RSAT on Windows 7 or Windows 8, you must first download the RSAT installation package. See Remote Server Administration Tools for Windows 7 and Windows 8 at http://go.microsoft.com/fwlink/?LinkId=167131   

Faster Active Directory Replication - Decrease Intersite Replication Interval to Seconds

Enable Fast Domain Controller Replication

Active Directory Intersite Replication Interval Enable Faster AD and DNS updates

Enable Faster Active Directory AD and DNS Replication Updates Between Sites 

Although for some newer administrators making changes to Active Directory could be a nerve rattling proposition, making this change to speed up active directory replication can only be accomplished using this method. Using the standard GUI Microsoft Management Consoles to make the change to speed up Active Directory replication is not possible. The best result of using administrator consoles will be to increase domain replication between domain controllers to 15 minutes. These large time values were instituted into Active Directory at version 1 because inter-site connections during that era of computing and networking were much lower in bandwidth with the most common being frame-relay or 56k circuits. Since then, inter-site connections and the Internet speeds have increased tremendously so faster domain controller replication is possible even over wan links. This and many other Microsoft domain related issues can often be addressed remotely using online computer support software. That's software that provides remote control of servers and desktops online through the web. Access can also be accomplished on the LAN but often over the web.   Online desktop support application are often agent based but can also be on-demand.  

Fast Intersite Replication Interval - Speed up DC Replication, Updates are in Seconds 

To enabled faster Intersite Replication, to nearly the speed of intra-site or LAN replication, use ADSI Edit.

Start ADSI edit and go to
   Configuration > then Sites > Inter Site Transports > IP. 

Note this setting cannot be enabled for SMTP InterSite links.

Unless it has been renamed, right click on  the default Intersite link and choose properties. Then scroll down to the options line. Double-click and change the value to 1 if it has a value .

 Zero is the default unless this option has been previously modified.  Once changed to 1, click OK twice to save and close the properties window.

Force a replication using Sites and Services so this setting get pushed/pulled to the other domain controllers.

Faster AD DNS Replication Updates Between Sites and Domain Controllers. 

Test by creating a test account in AD, I use 123, 1234, 111, etc., just so the test account was at the top of the list in AD users and computers. Check your other domain controller or controllers for the new account. You will see it appear in 15 seconds or less. I was getting an average of about a 2 second delay for the test account to appear. Delete the account from the other domain controller and see it get removed in less than 15 seconds on the original domain controller you were working from.

Updating SSL Certificate on Netscaler VPX Resource Already Exists Error

Updating or Replacing an SSL Certificate on Netscaler VPX 10

Resource Already Exists error Citrix Netscaler

When replacing or updating an SSL certificate on a Netscaler VPX version 10 appliance you get a Resource Already Exists error message. even when you try to add the certificate as a new certificate bypassing the update option in the Netscaler the message persists.

This can be caused by the same serial number or thumbprint on the re-issued certificate. This scenario is rare and most often occurs if there are two or more Netscalers in a load balance fail over configuration.
Oddly enough , this error can also occur if there is a problem with the SSL certificate itself. The cert can be from any CA and although it seemingly looks okay, closer inspection will reveal the certificate was generated with SHA2 encryption algorithm.  Have the certificate re-issued using SHA1. The Netscaler version 10 does not support SHA2 for SSL certs on virtual servers yet. Most likely, Netscaler 9 also does not support SHA1.
Contact your CA certificate provider and ask them to re-issue the certificate but generate it using SHA1 .

 

Create Network Printers at Logon With vbs and Batch File

Create Network Printers at Logon With vbs and Batch File

The following vbs script can be run from a batch file like a logon.bat file that you may already have in your NETLOGON folder. Or simply create a new one. Be sure to add the logon.bat to your users' account  profiles in AD.  You'll need to get the fmember exe from Microsoft, or you may already have it.


Set WshNetwork = CreateObject("WScript.Network")

Set objShell = CreateObject("Wscript.Shell")

WSHNetwork.MapNetworkDrive "N:", \\DC01\Netlogon

WshNetwork.RemovePrinterConnection \\PrintServer01\Printer1
WshNetwork.RemovePrinterConnection \\PrintServer01\Printer2

strCommand = "%comspec% /c N:\IfMember.exe FirstFloor"
intReturn = objShell.Run(strCommand, 2, True)
If intReturn = 1 Then

WshNetwork.AddWindowsPrinterConnection \\PrintServer01\Printer1
WshNetwork.SetDefaultPrinter \\PrintServer01\Printer1

End If

strCommand = "%comspec% /c N:\IfMember.exe SecondFloor"
intReturn = objShell.Run(strCommand, 2, True)
If intReturn = 1 Then

WshNetwork.AddWindowsPrinterConnection \\PrintServer01\Printer2
WshNetwork.SetDefaultPrinter \\PrintServer01\Printer2

End If


WshNetwork.RemoveNetworkDrive "N:"


The above logon vbs script works great but you may encounter and issue with Windows 7 computers.


For Windows 7 use the following in a batch file:

@echo off


rundll32 printui.dll,PrintUIEntry /q /ga /n \\dc01\Printer-duplex

exit


The above will add a printer at the machine level quietly - No user messages. If run without the quiet switch, the user will will see a message indicating the printer already exists upon logon. The first user will not see the message of course when the entry is first added to the logon script. I used a .cmd file.

 PRINTUI.EXE can be used instead of  RUNDLL32 PRINTUI.DLL,PrintUIEntry  on Windows 7 but then you'll have to add some conditional code to determine if the user is loging in from a windows 7 computer or not.

Create Network Printers with a Logon script batch (.bat) file or cmd file

RUNDLL32 PRINTUI.DLL command line options / switches

Usage:


RUNDLL32 PRINTUI.DLL,PrintUIEntry [ options ] [ @commandfile ]/a[file] binary file name

/b[name] base printer name

/c[name] unc machine name if the action is on a remote machine

/dl delete local printer

/dn delete network printer connection

/dd delete printer driver

/e display printing preferences

/f[file] either inf file or output file

/ga add per machine printer connections

/ge enum per machine printer connections

/gd delete per machine printer connections

/h[arch] driver architecture, one of the following:

Alpha
Intel
Mips
PowerPC

/ia install printer driver using inf file

/id install printer driver using add printer driver wizard

/if install printer using inf file

/ii install printer using add printer wizard with an inf file

/il install printer using add printer wizard

/in add network printer connection

/j[provider] print provider name

/k print test page to specified printer, cannot be combined with command when installing a printer

/l[path] printer driver source path

/m[model] printer driver model name

/n[name] printer name

/o display printer queue view

/p display printer properties

/q quiet mode, do not display error messages

/r[port] port name

/s display server properties

/Ss Store printer settings into a file

/Sr Restore printer settings from a file



Store or restore printer settings option flags that must be placed at the end of command:

2 PRINTER_INFO_2

7 PRINTER_INFO_7

c Color Profile

d PrinterData

s Security descriptor

g Global DevMode

m Minimal settings

u User DevMode

r Resolve name conflicts

f Force name

p Resolve port

/u use the existing printer driver if it's already installed

/t[#] zero based index page to start on

/v[version] driver version, one of the following:

Windows 95 or 98
Windows NT 3.1
Windows NT 3.5 or 3.51
Windows NT 3.51
Windows NT 4.0
Windows NT 4.0 or 2000
Windows 2000

/w prompt the user for a driver if specified driver is not found in the inf

/y set printer as the default

/Xg get printer settings

/Xs set printer settings

/z do not auto share this printer

/Z share this printer, can only be used with the /if option

/? help this message

@[file] command line argument file


















 
 

Basic Differences Between CAT5, CAT5E, CAT6, CAT6e, CAT6a Cables

  RJ45 Pin-out for Network Connection 

Troubleshooting cabling problems in most cases has to be done onsite. A cable technician would have to be at the location to use tools for diagnosing cables such a toner. Desktop and networking hardware that are interconnected by network cables can be remotely access online. Applications such as online desktop support software provides the access into a network over the web from which connection could be tested,  network switching can be configured or diagnosed. 

Learn More...https://www.4remotesupport.com/

 

Basic Difference Between CAT5,CAT6,CAT6e and CAT6a Cables

 

Category 5

Category 5 cabling transmits at a frequency of 100MHz. This provides a rated line speed of up to 100Mbit/s and a cable segment length of 100 meters maximum. Most Category 5 cables, were designed for earlier networks replacing cat 3, only used two twisted pairs of wires. However, older Category 5 cabling continues to make up the majority of the world’s network cabling infrastructure.

Category 5e

Category 5e was later introduced as an improved specification to the very popular Category 5 that replaced Cat 3.  The improvement was in noise reduction. By reducing the noise and signal interference beyond Cat 5, Category 5e rated transfer speeds increased to 350 Mbit/s over 100 meters. The new 5e cabling standard however also required all the cabling to include four twisted pairs not just two like with Cat 5. All eight contacts has to be used. Cat 5e introduced and optimized encoding scheme that allows up to 50-meter lengths of Category 5e cable to provide at or near Gigabit Ethernet (1000BASE-T) speeds. This was during the era of the early stages of Gigabit

Category 6

Gigabit Ethernet (1000BASE-T) became mainstream and required new industry-standard cables capable of transmitting at a higher frequencies than Cat 5e to go beyond the 50 meter limitation. Cat 6e transmits at 250 MHz. The new Category 6 cable uses thicker-gauge wire to attain the higher frequencies, it has increased shielding, and more pair twists per inch to reduce signal noise and interference. The new tighter specifications introduced with Cat 6 cabling guarantee that 100-meter runs of Category 6 are capable of 1000 Mbit/s transfer speeds. As with 5e reducing the cable length can achieve higher speeds than the category types design goal so 10-Gigabit Ethernet speeds can be achieved  when reducing cable lengths to less than 50 meters.

Category 6e

The limitation of 50 meters of 10Gigabit was over come with Category 6 Enhanced (6e).  Cat 6e is an augmented specification designed to double transmission frequency of Cat 6 to 500 MHz. It has the more pair twists per inch as does Cat 6 but it's also wrapping Category 6 in grounded foil shielding, a full 10-Gigabit Ethernet speeds can be achieved without sacrificing the max cable length of 100 meters.

Category 6a

Category 6a (or Augmented Category 6) is defined at frequencies up to 500 MHz—twice that of Cat. 6 but he same as 6e. Because it is shielded, Cat 6a performs at improved specifications over 6 and 6e, in particular in the area of alien cross-talk when compared to Cat 6 UTP   Cat 6 UTP exhibited high alien noise in high frequencies.6A. To reduce the noise, 6a EA specification (not EIA/TIA) require a new generation of connecting hardware that offers far superior performance. 6A connectors performs 3 dB better than a Cat 6a connector that conforms with the EIA/TIA specification. 3 dB equates to 100% increase of near-end cross-talk noise reduction. 

More wire specifications and a practical case example use of 10GB is available at this additional location - Differences Between Category 5 and Category 6 . The use of special case cables such as cross-over cables is also covered at the same article location.

Exchange Management Shell Create New User with Exchange 2010 Shell

Exchange Management Shell Create New User with Exchange 2010 Shell

Command:

New-Mailbox -Name 'new user' -Alias 'nuser' -UserPrincipalName 'nuser@your-domain.com' -SamAccountName 'nuser' -FirstName 'new' -Initials '' -LastName 'user' -Password 'System.Security.SecureString' -ResetPasswordOnNextLogon $false


I used this just today and it worked very nicely. I suspect the command can be oput into a script or batch file to create many accounts without the need for exchange 2010 Managment console.

Enable SSH on VMWare 5 ESXi

How to Enable SSH Access on VMWare vSphere 5 ESXi

Enabling SSH remote access to the console of an esxi 5.0 vmware host server is the same as in ESXi 4.1 (not 4.0 and earlier). In 5.0 vmware vSphere ESXi and 4.1 vmware vSphere ESXi it can be accomplished using the vSphere client. With earlier versions, like enabling SSH on ESXi 4.0, it had to be done via the server console.

How to Enable SSH Access on VMWare 5 ESXi

Enable SSH for remote connections from the vSphere Client
perform the following short steps to enable access to the ESXi Shell using the vSphere Client:
- Logon to the up to date VSphere client
- Select from the list of hosts the ESXi host you want to configure and choose Configuration then -> Security profile
- From the Services section under Security Profile, select Properties
- Select the SSH option in Properties and choose Options
- Select Start to start SSH on the host.
- Repeat the process for each ESXi 5 host.

There is no global or farm-like setting that would allow you to do all your hosts at once. Perhaps that will come in the next version ESXi 6 .