Friday, March 30, 2007

My Google Homepage Themes!

I noticed today that Google added a "Select Theme" option to their Personalized Home. They have seven different themes, with more to come I hope! Also you can enter your ZIP code so the theme can change through out the day! Check it out if you have a Personalized Home page, and get one if you don't!

Wednesday, March 21, 2007

Flexable Single Master Operation (FSMO) Roles

Windows 2000/2003 Multi-Master Model
A multi-master enabled database, such as the Active Directory, provides the flexibility of allowing changes to occur at any DC in the enterprise, but it also introduces the possibility of conflicts that can potentially lead to problems once the data is replicated to the rest of the enterprise. One way Windows 2000/2003 deals with conflicting updates is by having a conflict resolution algorithm handle discrepancies in values by resolving to the DC to which changes were written last (that is, "the last writer wins"), while discarding the changes in all other DCs. Although this resolution method may be acceptable in some cases, there are times when conflicts are just too difficult to resolve using the "last writer wins" approach. In such cases, it is best to prevent the conflict from occurring rather than to try to resolve it after the fact.
For certain types of changes, Windows 2000/2003 incorporates methods to prevent conflicting Active Directory updates from occurring.

Windows 2000/2003 Single-Master Model
To prevent conflicting updates in Windows 2000/2003, the Active Directory performs updates to certain objects in a single-master fashion.
In a single-master model, only one DC in the entire directory is allowed to process updates. This is similar to the role given to a primary domain controller (PDC) in earlier versions of Windows (such as Microsoft Windows NT 4.0), in which the PDC is responsible for processing all updates in a given domain.
In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:

Schema Master:
The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.
Domain naming master:
The domain naming master domain controller controls the addition or removal of domains in the forest. This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories. There can be only one domain naming master in the whole forest.

Infrastructure Master:
When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.
Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role.

Relative ID (RID) Master:
The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only one domain controller acting as the RID master in the domain.

PDC Emulator:
The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows 2000/2003-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.
The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All PDC FSMO role holders follow the hierarchy of domains in the selection of their in-bound time partner.
In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions:
· Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
· Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
· Account lockout is processed on the PDC emulator.
· Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator's SYSVOL share, unless configured not to do so by the administrator.
· The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.
This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003. The PDC emulator still performs the other functions as described in a Windows 2000/2003 environment.
At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.

Decommissioning Small Business Server 2000 Part 1

When decommissioning a Small Business Server (or any Windows Server) you need to make sure that any FSMO roles hosted on the server are moved off the server before you decommission it. If you fail to do this you can seize the FSMO role(s) later but the best practice is to move it before hand.

Petri IT Knowledgebase has a good selection of articles on how to Determine FSMO Role Holders, Transfer FSMO Roles, and Microsoft has a good Knowledge base article on how to Size the roles.

Later I will explain how to Decommission Exchange 2000 running on Small Business Server 2000.

Thursday, March 15, 2007

Deploying printers with Active Directory

I was looking for a way to ease printer deployment in our network. I found a nice article over at http://www.windowsnetworking.com that explains how to deploy printers in Active Directory. FINALLY!

One caveat about this is that it only works on Windows 2003 R2 domain controllers. So I will have to wait a few weeks until ours is all set up and ready to go in order to use this.

Also for these options to be available you need to upgrade your Active Directory Schema to version 31. My previous posts tells you how.

Upgrading Active Directory Schema to Version 31 (To support Windows 2003 R2 Domain Controllers)

If you run adprep.exe /forestprep from the Windows 2003 R2 disk it will tell you that is has already been run (if you are running in a Windows 2003 domain.) To upgrade the Active Directory Schema to allow for the new options in R2 you need to run adprep.exe from the second disk for Windows 2003 R2. You can find adprep.exe in Drive:\CMPNENTS\R2\ADPREP\adprep.exe. Now all you need to do is run adprepe.exe /forestprep and you will get the additional options.

Tuesday, March 13, 2007

Creating Google Suggest Style Text Boxes with Visual Basic 2005

History:
I have created a simple tool that makes specific directories for our company when we get a new project in to scan. I have integrated a database to keep the information for searching and billing purposes. When we get updates to the projects I don't want to type everything again, so I looked into changing the text boxes to suggest project names from the database and such.

It really is very simple to do this.
Set the "AutoCompleteMode" of the text box to SuggestAppend (There are other options but this is the one that worked best for me.)

Set the "AutoCompleteSource" to "CustomSource".

In the "Form1_Load" add in the appropiate commands. I will explain this line by line below.

Create a connection to the database.
Dim MyConnection As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:\databases\scanning.mdb")

Open the Connection
MyConnection.Open()

Use SQL here to select only unique (DISTINCT) Project Names and Scanning Numbers from the workflow table. Use the open connection above to execute the command.
Dim MyCommand As New OleDbCommand("SELECT DISTINCT Project_Name, DR_Number from Workflow", MyConnection)

Create a data reader and put the data returned from the connection in to it.
Dim MyReader As OleDbDataReader = MyCommand.ExecuteReader()

While the reader is being read populate the Text boxes "AutoCompleteCustomSource" with the unique data returned. The (0) and (1) is because the SQL command above puts the results of the query into an Array. This extracts just column "0" or "1" from the query array.

While MyReader.Read()
txtProjectName.AutoCompleteCustomSource.Add(MyReader.GetString(0))
txtDRNumber.AutoCompleteCustomSource.Add(MyReader.GetString(1))
End While

There may be a better/more efficient way to do this task, but with my simple programming skills it works for me and is very responsive!

Uninstalling SQL Server Embedded Edition (SSEE)

To uninstall the SSEE that comes with WSUS 3 BETA do the following.
For 32-bit Platforms (x86)
msiexec /x {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} callerid=ocsetup.exe

For 64-bit platforms(x64/AMD64)
msiexec /x {BDD79957-5801-4A2D-B09E-852E7FA64D01} callerid=ocsetup.exe

*However, the removal of the application may not remove the default .mdb and .ldb files, which will cause a subsequent WSUS 3.0 installation to fail. These files can be deleted from the %windir%\SYSMSI\SSEE directory.

These instructions where found on Microsoft Web Site.

Issues with Windows Update Services 3 Beta

While trying to troubleshoot our WSUS 3 Beta install today I found a long list of issues with the beta. I now know why our installation failed and the date it failed.

Issue 6: Remote SQL limitations and requirements
WSUS 3.0 offers support for running database software on a computer separate from the computer with the rest of the WSUS 3.0 application.
• You cannot use a server configured as a domain controller for either for either the front-end WSUS server or the back-end SQL server.

My WSUS server is a Domain Controller, WSUS server (our only one at the current time), and it's SQL server. It looks like I will be going back to WSUS 2 for the time being untill I can get this all figured out.

By the way this is a perfect example of why one should not use BETA software in a production environment.

Also it is important to note that the Embedded Edition of SQL Server is not uninstalled when you uninstall WSUS 3 Beta.

Monday, March 12, 2007

Howto Forge

Over the years I have frequently looked up "Howto" do something. Then recently I noticed a trend. Most of the "Howto's" I was viewing were on Howto Forge.

Howto Forge is mostly for Linux and variants of BSD. They break things down to the OS and then also to specific software, such as Apache, DNS, sendmail, and other common *nix applications/services. I highly recommend this site to anyone that is trying to do something for the first time. Also newbies should read over as much of this as possible to get a feel for how things are done.

The one area I wish they had is Howto's for Windows and Windows based applications such as Microsoft Exchange or Microsoft SQL Server. I know there are sites out on the internet that have the content I am looking for, but I would really like to build a Über-IT knowledge site.

The New Blogger!

Today I noticed that my theme was looking a little funny, (I don't read my own blog very often.) so I went looking at some of the different theme options available. Then I noticed a setting to upgrade my theme (which would probably break some stuff). I decided that I don't have that much in the way of customization going on so what the heck.

After the upgrade I was amazed at the simplicity of adding in new content such as AdWords or a RSS feed. It is much the same as using a Personalized Google Homepage. I can create a new page element, move it around, save it, and BOOM my template is updated and ready to go!

I will continue to look around the new Blogger to see what else they have changed on me!

Spiceworks has grown up!

Today Spiceworks has been upgraded to version 1.5!
The biggest (and most requested) feature they brought into this release is Multi-user support. Now my boss has access to the same information that I do. (Weather or not he ever uses it is another story. ;) ) They also now allow users to send an email to a specific email address and have it alert me to a new help ticket. I have started putting all help requests into Spiceworks and any maintenance tasks that I need to do as well for better tracking / record keeping of what I do to specific systems.

I hope that this wonderful product continues to grow and become even better. They have a large (and growing) community of IT professionals requesting features and asking for support with their networks. I have yet to ask a question my self, but I try to browse them in order to help other users.

I have talked about Spiceworks in a past post. For those of you that don't know Spiceworks is Information Technology Management software, but is free to use. It is geared to small companies with less than 250 devices (like ours, though not by much).

There are a few things that I would like to see come into this software in future versions, but none of them are show stoppers. Also a few of the new features still need some polish put on to them before I would have external (to our company) using this software.

Thursday, March 08, 2007

Test driving Microsoft Server Software

Have you ever wanted to see what Microsofts newest software is like, but don't want to muck up your current system? Visit the Microsoft Download Center to download some Virtual Hard Drives of their newest (mostly server) software. You will need to have Microsoft Virtual Computer to enable these Virtual Hard Drives.

Via the link you can test out Microsoft Server 2003 R2, Microsoft Exchange Server 2007, Microsoft Internet Sercurity and Acceleration Server 2006, and Microsoft SQL Server 2005.

For me this is awesome because it allows me to play with this new software before I see it in the enterprise and allows me to become aclamated to it before I start studying for it's certification. Also the temptation to pirate software is no longer there for many IT professionsals since they can get their hands on it legally now.