Sometimes you get those calls where a user is getting strange meeting invites and they just don't know why. Your first guess is that they're on another user's delegate list. So you go through the list of people on the meeting invite and try go figure out who the culprit is. Prior to Exch 2k7 SP1, you had to either track each one down or create a bunch of profiles and search. Now you can do it from powershell.
# script to check delegates for a particular mailbox
$UserToCheck = get-mailbox UserName
#check what users have access:
$result = $UserToCheck.GrantSendOnBehalfTo
#display results
$result
Thursday, July 24, 2008
Monday, July 21, 2008
GlobalNames Zones - somewhat of a band-aid for phasing out WINS
So I've been reading up in preparation for my Microsoft upgrade exams and I noticed a new DNS feature. Since WINS doesn't support IPv6 they came up with the GlobalNames Zone as an interim solution. Their description is:
In other words, you don't want or can't use WINS anymore but you've still got these irksome boxes that have to be referenced by simple names like "Webserver1".
To set it up, you first have to be using Windows 2008 DNS servers. (Note that they say that it'll work if not all the AD servers are upgraded). Now from a command prompt run:
dnscmd servername /config /enableglobalnamessupport 1
and repeat on all your authoritative DNS servers. Reboot them for good measure.
Note that if you run dnscmd /? or dnscmd /config /? you won't see this flag listed anywhere. Nothing gives you confidence like running switches that don't appear to be documented.
Once that's done, go into DNS Manager and create a new Forward Lookup Zone. The type will be Primary, and Stored in Active Directory. Name it GlobalNames
Now you should be able to start creating your single name records in the DNS Manager.
Since all the Microsoft examples I've seen so far use the command line to do this, I'll stick with that approach. Basically all we're going to do is attach a CNAME record to redirect requests for "HONEYPOT" to the FQDN "HONEYPOT.DECOY.LOCAL"
dnscmd /RecordAdd GlobalNames HONEYPOT CNAME HONEYPOT.DECOY.LOCAL
Now they don't view this as a complete WINS replacement since it doesn't do auto-registration from clients, etc but if you've got fairly static servers/resources and you're moving to IPv6 or away from WINS this should do the trick. I do recommend some caution as this is a pretty new feature and I'm going to wait awhile before trying this out in our production environment.
For more information:
Microsoft Paper: DNS Server GlobalNames Zone Deployment
Technet forum:
http://forums.technet.microsoft.com/en-US/winserverNIS/thread/8953820a-3f2f-4929-9a3e-2b0731b80e04
"The GlobalNames Zone is a new feature that provides single-label name resolution for large enterprise networks that do not deploy WINS and where using DNS name suffixes to provide single-label name resolution is not practical"
In other words, you don't want or can't use WINS anymore but you've still got these irksome boxes that have to be referenced by simple names like "Webserver1".
To set it up, you first have to be using Windows 2008 DNS servers. (Note that they say that it'll work if not all the AD servers are upgraded). Now from a command prompt run:
dnscmd servername /config /enableglobalnamessupport 1
and repeat on all your authoritative DNS servers. Reboot them for good measure.
Note that if you run dnscmd /? or dnscmd /config /? you won't see this flag listed anywhere. Nothing gives you confidence like running switches that don't appear to be documented.
Once that's done, go into DNS Manager and create a new Forward Lookup Zone. The type will be Primary, and Stored in Active Directory. Name it GlobalNames
Now you should be able to start creating your single name records in the DNS Manager.
Since all the Microsoft examples I've seen so far use the command line to do this, I'll stick with that approach. Basically all we're going to do is attach a CNAME record to redirect requests for "HONEYPOT" to the FQDN "HONEYPOT.DECOY.LOCAL"
dnscmd /RecordAdd GlobalNames HONEYPOT CNAME HONEYPOT.DECOY.LOCAL
Now they don't view this as a complete WINS replacement since it doesn't do auto-registration from clients, etc but if you've got fairly static servers/resources and you're moving to IPv6 or away from WINS this should do the trick. I do recommend some caution as this is a pretty new feature and I'm going to wait awhile before trying this out in our production environment.
For more information:
Microsoft Paper: DNS Server GlobalNames Zone Deployment
Technet forum:
http://forums.technet.microsoft.com/en-US/winserverNIS/thread/8953820a-3f2f-4929-9a3e-2b0731b80e04
Monday, June 30, 2008
Exchange OWA 2007 Change Password Problem
Some of my users recently complained that they were having problems with the "Change Password" feature in OWA 2007. I wasn't able to replicate it myself when I tried it with my own account though. After some searching on the web I did find some issues people were having with password changes and OWA 2007 and it came down to 2 popular resolutions.
1. "regsvr32 C:\WINDOWS\system32\inetsrv\iisadmpwd\iispwchg.dll" and then reset the IIS with the command "iisreset /noforce".
2. Edit your active directory group policy for passwords and set
"Minimum password age" to "0" days. It's been reported that even if it's
been more than X days since the user changed their password that this policy will cause the "The password supplied does not meet the minimum security requirements. Please contact technical support" error to show up.
(Note: You may need to either Restart NetLogon or reboot the DC for changes to kick in faster)
Now nothing left to do but wait and see if the problem shows up again.
1. "regsvr32 C:\WINDOWS\system32\inetsrv\iisadmpwd\iispwchg.dll" and then reset the IIS with the command "iisreset /noforce".
2. Edit your active directory group policy for passwords and set
"Minimum password age" to "0" days. It's been reported that even if it's
been more than X days since the user changed their password that this policy will cause the "The password supplied does not meet the minimum security requirements. Please contact technical support" error to show up.
(Note: You may need to either Restart NetLogon or reboot the DC for changes to kick in faster)
Now nothing left to do but wait and see if the problem shows up again.
Friday, June 13, 2008
2008 Hyper-V first impressions
I've been playing around with the new Hyper-V (beta) that's included in server 2008 and I have to say it looks promising. Keep in mind that it's still in the beta stage so there are bound to be some kinks in it. I currently use VMWare Server in my production environments because it's a nice balance between cost and ease of management/maintenance as compared to the VMWareESX product. (It's a lot easier to train my techs to support vmware on a windows platform than to teach them how to support linux and vmware both). I know some of you will say that comparing VMWare Server to 2k8 Hyper-V is a bit of an apples and orange comparison since 2k8 has a Hypervisor but for me the comparison is more about running Virtualization on a Windows host platform.
I installed Win2k8 x64 standard edition on a dual core 2.6Ghz server with 2GB ram. Then I added the Hyper-V role, rebooted, then applied a hotfix related to it from windows update. Creating new Virtual images is a breeze, the wizard walks you through just like the vmware one does and provides you with all the usual options of how many processors, how much ram, disk space, etc. The very first thing I noticed was the absence of any noticeable I/O hit. The Hypervisor handles direct I/O calls very nicely and I only began to notice a performance dip after I started running 2 more Virtual machines at the same time.
Microsoft has updated all their licensing and Eula materials to cover virtualization. On 2008 Enterprise edition, you're allowed to have 4 virtual machines running with an OS that's covered by the host OS license. With the Datacenter Edition, it goes to Infinity! Which means that if you built out a monster cluster, and I do strongly recommend that you cluster your VM servers if you want high availability, then you could save a bundle on operating system licenses. Oh, and the standard edition allows you to run 1 virtual to match the 1 physical license. For the price difference, if you plan to have a few virtual machines on the box, just buy the enterprise edition.
I wish they would have just used the same key combinations that VMWare does. I'm used to using CTRL-ALT a lot and now I have to remember CTRL-ALT-Left Arrow. There are a few other like that in the interface. I do like that you can have them running without any active displays and that each one runs in a different window that's not embedded into the console.
You can read more about Hyper-V at:
http://www.microsoft.com/windowsserver2008/en/us/virtualization-consolidation.aspx
and
http://en.wikipedia.org/wiki/Hyper-V
I installed Win2k8 x64 standard edition on a dual core 2.6Ghz server with 2GB ram. Then I added the Hyper-V role, rebooted, then applied a hotfix related to it from windows update. Creating new Virtual images is a breeze, the wizard walks you through just like the vmware one does and provides you with all the usual options of how many processors, how much ram, disk space, etc. The very first thing I noticed was the absence of any noticeable I/O hit. The Hypervisor handles direct I/O calls very nicely and I only began to notice a performance dip after I started running 2 more Virtual machines at the same time.
Microsoft has updated all their licensing and Eula materials to cover virtualization. On 2008 Enterprise edition, you're allowed to have 4 virtual machines running with an OS that's covered by the host OS license. With the Datacenter Edition, it goes to Infinity! Which means that if you built out a monster cluster, and I do strongly recommend that you cluster your VM servers if you want high availability, then you could save a bundle on operating system licenses. Oh, and the standard edition allows you to run 1 virtual to match the 1 physical license. For the price difference, if you plan to have a few virtual machines on the box, just buy the enterprise edition.
I wish they would have just used the same key combinations that VMWare does. I'm used to using CTRL-ALT a lot and now I have to remember CTRL-ALT-Left Arrow. There are a few other like that in the interface. I do like that you can have them running without any active displays and that each one runs in a different window that's not embedded into the console.
You can read more about Hyper-V at:
http://www.microsoft.com/windowsserver2008/en/us/virtualization-consolidation.aspx
and
http://en.wikipedia.org/wiki/Hyper-V
Saturday, May 17, 2008
Enumerate all Email groups a user is a member of
Quick script to show all email distribution groups that a particular user is a member of:
#
# Cobbled together by Gnawgnu
# 5/17/08
#get the identity of the user by alias
$Username = (get-user gnawgnu).Identity
#search all groups for that user
$groups = get-group -Filter {Members -eq $username}
#display all groups that have an email address
#defined that's longer than 0 characters
$groups | Where-Object {$_.WindowsEmailAddress.Length -ne 0}
#
# Cobbled together by Gnawgnu
# 5/17/08
#get the identity of the user by alias
$Username = (get-user gnawgnu).Identity
#search all groups for that user
$groups = get-group -Filter {Members -eq $username}
#display all groups that have an email address
#defined that's longer than 0 characters
$groups | Where-Object {$_.WindowsEmailAddress.Length -ne 0}
Wednesday, May 14, 2008
Review - Kensington DataTraveler BlackBox
I've always had good luck with the DataTraveler series and so far I'm pretty impressed with the new BlackBox edition. It's got a good solid feel and weight to it and it's even FIPS 140-2 certified. Unlike some of the new secure drives that have come out, this one does Not require Admin access to work properly. I tested it out as a normal User on an XP SP2 box and didn't have any problems at all. The drive setup is a breeze and it is configured to lock out your data after 10 invalid password attempts. After that, they say you have to completely format the drive to be able to use it again.
I'm too lazy to detail all the screen caps for setting it up, you can find them in the manual pdf on their website.
When done, it'll just settle into a nice task tray icon.
The only downside so far is that on my x64 Vista box, I get an error every time I plug it in but if I hit Retry after a few seconds it'll work fine afterwards.
Overall I'm giving this one a thumb's up. It's probably only a matter of time until someone publishes a hack for it but ain't that always the case.
Link to the BlackBox page on Kingston's site:
http://www.kingston.com/flash/DTBlackBox.asp
I'm too lazy to detail all the screen caps for setting it up, you can find them in the manual pdf on their website.
When done, it'll just settle into a nice task tray icon.
The only downside so far is that on my x64 Vista box, I get an error every time I plug it in but if I hit Retry after a few seconds it'll work fine afterwards.
Overall I'm giving this one a thumb's up. It's probably only a matter of time until someone publishes a hack for it but ain't that always the case.
Link to the BlackBox page on Kingston's site:
http://www.kingston.com/flash/DTBlackBox.asp
Sunday, April 27, 2008
Win2k3 convert to dynamic grayed out - GPT and me
I decided to add another drive to an external vault that's attached to my backup exec system. It's used as an intermediary for disk to disk to tape backups and was getting a bit full. (1.9TB) So I added a disk to the array, let it rebuild and then went into computer management. Then I found that all options for adding or changing the drive were grayed out including "convert to dynamic", "convert to GPT", etc. This was puzzling but after some reseach I found out that I had hit a 2TB barrier that's caused by the old Master Boot Record (MBR) partitioning scheme. The solution Microsoft proposes is to go to the GPT paritioning scheme (GUID partitioning) which scales up to 2^64 logical blocks in length.
http://www.microsoft.com/whdc/device/storage/GPT_FAQ.mspx
Of course the hitch is that you have to wipe out everything on the drive before you can convert to GPT. Even if you try to do it from diskpart you'll get a "The disk you specified is not empty." "Please select an empty MBR disk to convert." So after whacking everything on the disk, it let me upgrade the partition scheme to GPT and I was then able to utilize all the space on the disk.
I have no idea how the performance is affected when you go from MBR to GPT as I haven't been able to find any reviews online. So far I haven't noticed any decrease in performance so that's good. Oh, and in case you're wondering, Symantec Ghost Solutions 2.0 and higher support ghosting GPT partitions.
http://www.symantec.com/business/products/newfeatures.jsp?pcid=2247&pvid=865_1
http://www.microsoft.com/whdc/device/storage/GPT_FAQ.mspx
Of course the hitch is that you have to wipe out everything on the drive before you can convert to GPT. Even if you try to do it from diskpart you'll get a "The disk you specified is not empty." "Please select an empty MBR disk to convert." So after whacking everything on the disk, it let me upgrade the partition scheme to GPT and I was then able to utilize all the space on the disk.
I have no idea how the performance is affected when you go from MBR to GPT as I haven't been able to find any reviews online. So far I haven't noticed any decrease in performance so that's good. Oh, and in case you're wondering, Symantec Ghost Solutions 2.0 and higher support ghosting GPT partitions.
http://www.symantec.com/business/products/newfeatures.jsp?pcid=2247&pvid=865_1
Thursday, April 24, 2008
Workaround for the BCM 3.6 and Vista/IE/Java
Previously I discussed how to get around this problem with the 3.7 version of the BCM software. But it's been brought to my attention that it doesn't work with the 3.6 version. So, after several permutations of playing around with Mozilla and IE I went with an entirely different option - Opera. http://www.opera.com
Step 1: Download it
Step 2: Install it
Step 3: Browse to your BCM and choose Install for the certificate
Step 4: Log in as normal, go to the Telephone Services Tree and Voila
Tested on Vista 32 bit with Opera 9.27
Step 1: Download it
Step 2: Install it
Step 3: Browse to your BCM and choose Install for the certificate
Step 4: Log in as normal, go to the Telephone Services Tree and Voila
Tested on Vista 32 bit with Opera 9.27
Subscribe to:
Posts (Atom)
Posts
