Powershell Script to add Ip addresses to receive connectors

Large organization have lots of application server which use SMTP to send all sorts of notifications. In Exchange Server 2007 you need to define an IP range or a list of IP addresses which you want to allow SMTP access to the Receive Connector. Large organizations have probably multiple hub transport servers and multiple connectors on these servers. If you need to modify these multiple receive connectors with a couple of honderd IP addresses, this script might become verry handy.

[code]

#Location where csv and script is located on the server.
$Path = '%Path%'
$file = read-host "Enter the name of the csv file"

#Hubtransportservers and the servers receiver connectors
$Node1 = '%Servername%\%ReceiveConnectors%'
$Node2 = '%Servername%\%ReceiveConnectors%'

#If you want to use a text file, you have to replace the csv by txt below.
$RCC = Get-receiveConnector $Node1
Import-csv "$Path\$file.csv" ForEach {$RCC.RemoteIpRanges += $_.IpAddresses}
$RCC Set-ReceiveConnector

$RCC = Get-receiveConnector $Node2
Import-csv "$Path\$file.csv" ForEach {$RCC.RemoteIpRanges += $_.IpAddresses}
$RCC Set-ReceiveConnector

Write-Host "IP Addresses have been added to receive connectors $Node1 and $Node2"
[/Code]

This script uses a CSV file, but you can alter it to a TXT file if you please.
You need to adjust following variables to make this script suitable for you:

1. $Path = fill in the path where the csv or txt file can be located
2. $NodeX = Fil in the paths of the recieve connectors on the multiple servers. This scripts references one receive connector on two different servers. You have have more servers/receive Connectors you need to define more node and more loops.

The scripts asks for the name of the csv file, so you are not bound to a physical file. Only the location of the file is hardcoded.

RBAC - Role Based Access Control

Exchange 2010 usses role based access control to add administrative permissions to Exchange.
Role based access control means that permission can be set more granulary than in previous versions.
This means that add-ExchangeAdministrator will no longer work.
You still have a set of default roles which are created at the moment you install exchange 2010 (or extend the schema for Exchange 2010).
Get-rolegroup should give you the list of all groups which currently exist within your organization.
[PS] C:\Windows\system32>get-rolegroup list 'name'
Name : Organization Management
Name : Public Folder Management
Name : Recipient Management
Name : View-Only Organization Management
Name : UM Management
Name : Help Desk
Name : Records Management
Name : Discovery Management
Name : Server Management
Name : Delegated Setup
Name : Hygiene Management

Let say you want to add the user "Max" as exchange Full administrator.
You would following command:
"Add-rolegroupmember -role organization management -identity max"

You can create you own roles to provide specific permissions to your administrators.

BPOS

Some interesting links concerning Microsoft Business Productivity Online Standard Suite

http://ts2blogs.com/blogs/charlesv/archive/2008/11/19/microsoft-online-services-and-the-business-productivity-online-suite-bpos-overview.aspx

http://blogs.technet.com/bpositive/archive/2009/04/29/bpos-migration-webcast-and-new-lotus-notes-migration-options.aspx

Handy stuff

Run Commands:

compmgmt.msc - Computer management
devmgmt.msc - Device manager
diskmgmt.msc - Disk management
dfrg.msc - Disk defrag
eventvwr.msc - Event viewer
fsmgmt.msc - Shared folders
gpedit.msc - Group policies
lusrmgr.msc - Local users and groups
perfmon.msc - Performance monitor
rsop.msc - Resultant set of policies
secpol.msc - Local security settings
services.msc - Various Services
msconfig - System Configuration Utility
regedit - Registry Editor
msinfo32 _ System Information
sysedit _ System Edit
win.ini _ windows loading information(also system.ini)
winver _ Shows current version of windows
mailto: _ Opens default email client
command _ Opens command prompt


Run Commands to access the control panel:

Add/Remove Programs control appwiz.cpl
Date/Time Properties control timedate.cpl
Display Properties control desk.cpl
FindFast control findfast.cpl
Fonts Folder control fonts
Internet Properties control inetcpl.cpl
Keyboard Properties control main.cpl keyboard
Mouse Properties control main.cpl
Multimedia Properties control mmsys.cpl
Network Properties control netcpl.cpl
Password Properties control password.cpl
Printers Folder control printers
Sound Properties control mmsys.cpl sounds
System Properties control sysdm.cpl


Command Prompt:

ANSI.SYS Defines functions that change display graphics, control cursor movement, and reassign keys.
APPEND Causes MS-DOS to look in other directories when editing a file or running a command.
ARP Displays, adds, and removes arp information from network devices.
ASSIGN Assign a drive letter to an alternate letter.
ASSOC View the file associations.
AT Schedule a time to execute commands or programs.
ATMADM Lists connections and addresses seen by Windows ATM call manager.
ATTRIB Display and change file attributes.
BATCH Recovery console command that executes a series of commands in a file.
BOOTCFG Recovery console command that allows a user to view, modify, and rebuild the boot.ini
BREAK Enable / disable CTRL + C feature.
CACLS View and modify file ACL's.
CALL Calls a batch file from another batch file.
CD Changes directories.
CHCP Supplement the International keyboard and character set information.
CHDIR Changes directories.
CHKDSK Check the hard disk drive running FAT for errors.
CHKNTFS Check the hard disk drive running NTFS for errors.
CHOICE Specify a listing of multiple options within a batch file.
CLS Clears the screen.
CMD Opens the command interpreter.
COLOR Easily change the foreground and background color of the MS-DOS window.
COMP Compares files.
COMPACT Compresses and uncompress files.
CONTROL Open control panel icons from the MS-DOS prompt.
CONVERT Convert FAT to NTFS.
COPY Copy one or more files to an alternate location.
CTTY Change the computers input/output devices.
DATE View or change the systems date.
DEBUG Debug utility to create assembly programs to modify hardware settings.
DEFRAG Re-arrange the hard disk drive to help with loading programs.
DEL Deletes one or more files.
DELETE Recovery console command that deletes a file.
DELTREE Deletes one or more files and/or directories.
DIR List the contents of one or more directory.
DISABLE Recovery console command that disables Windows system services or drivers.
DISKCOMP Compare a disk with another disk.
DISKCOPY Copy the contents of one disk and place them on another disk.
DOSKEY Command to view and execute commands that have been run in the past.
DOSSHELL A GUI to help with early MS-DOS users.
DRIVPARM Enables overwrite of original device drivers.
ECHO Displays messages and enables and disables echo.
EDIT View and edit files.
EDLIN View and edit files.
EMM386 Load extended Memory Manager.
ENABLE Recovery console command to enable a disable service or driver.
ENDLOCAL Stops the localization of the environment changes enabled by the setlocal command.
ERASE Erase files from computer.
EXIT Exit from the command interpreter.
EXPAND Expand a M*cros*ft Windows file back to it's original format.
EXTRACT Extract files from the M*cros*ft Windows cabinets.
FASTHELP Displays a listing of MS-DOS commands and information about them.
FC Compare files.
FDISK Utility used to create partitions on the hard disk drive.
FIND Search for text within a file.
FINDSTR Searches for a string of text within a file.
FIXBOOT Writes a new boot sector.
FIXMBR Writes a new boot record to a disk drive.
FOR Boolean used in batch files.
FORMAT Command to erase and prepare a disk drive.
FTP Command to connect and operate on a FTP server.
FTYPE Displays or modifies file types used in file extension associations.
GOTO Moves a batch file to a specific label or location.
GRAFTABL Show extended characters in graphics mode.
HELP Display a listing of commands and brief explanation.
IF Allows for batch files to perform conditional processing.
IFSHLP.SYS 32-bit file manager.
IPCONFIG Network command to view network adapter settings and assigned values.
KEYB Change layout of keyboard.
LABEL Change the label of a disk drive.
LH Load a device driver in to high memory.
LISTSVC Recovery console command that displays the services and drivers.
LOADFIX Load a program above the first 64k.
LOADHIGH Load a device driver in to high memory.
LOCK Lock the hard disk drive.
LOGON Recovery console command to list installations and enable administrator login.
MAP Displays the device name of a drive.
MD Command to create a new directory.
MEM Display memory on system.
MKDIR Command to create a new directory.
MODE Modify the port or display settings.
MORE Display one page at a time.
MOVE Move one or more files from one directory to another directory.
MSAV Early M*cros*ft Virus scanner.
MSD Diagnostics utility.
MSCDEX Utility used to load and provide access to the CD-ROM.
NBTSTAT Displays protocol statistics and current TCP/IP connections using NBT
NET Update, fix, or view the network or network settings
NETSH Configure dynamic and static network information from MS-DOS.
NETSTAT Display the TCP/IP network protocol statistics and information.
NLSFUNC Load country specific information.
NSLOOKUP Look up an IP address of a domain or host on a network.
PATH View and modify the computers path location.
PATHPING View and locate locations of network latency.
PAUSE Command used in batch files to stop the processing of a command.
PING Test / send information to another network computer or network device.
POPD Changes to the directory or network path stored by the pushd command.
POWER Conserve power with computer portables.
PRINT Prints data to a printer port.
PROMPT View and change the MS-DOS prompt.
PUSHD Stores a directory or network path in memory so it can be returned to at any time.
QBASIC Open the QBasic.
RD Removes an empty directory.
REN Renames a file or directory.
RENAME Renames a file or directory.
RMDIR Removes an empty directory.
ROUTE View and configure windows network route tables.
RUNAS Enables a user to execute a program on another computer.
SCANDISK Run the scandisk utility.
SCANREG Scan registry and recover registry from errors.
SET Change one variable or string to another.
SETLOCAL Enables local environments to be changed without affecting anything else.
SETVER Change MS-DOS version to trick older MS-DOS programs.
SHARE Installs support for file sharing and locking capabilities.
SHIFT Changes the position of replaceable parameters in a batch program.
SHUTDOWN Shutdown the computer from the MS-DOS prompt.
SMARTDRV Create a disk cache in conventional memory or extended memory.
SORT Sorts the input and displays the output to the screen.
START Start a separate window in Windows from the MS-DOS prompt.
SUBST Substitute a folder on your computer for another drive letter.
SWITCHES Remove add functions from MS-DOS.
SYS Transfer system files to disk drive.
TELNET Telnet to another computer / device from the prompt.
TIME View or modify the system time.
TITLE Change the title of their MS-DOS window.
TRACERT Visually view a network packets route across a network.
TREE View a visual tree of the hard disk drive.
TYPE Display the contents of a file.
UNDELETE Undelete a file that has been deleted.
UNFORMAT Unformat a hard disk drive.
UNLOCK Unlock a disk drive.
VER Display the version information.
VERIFY Enables or disables the feature to determine if files have been written properly.
VOL Displays the volume information about the designated drive.
XCOPY Copy multiple files, directories, and/or drives from one location to another.
TRUENAME When placed before a file, will display the whole directory in which it exists
TASKKILL It allows you to kill those unneeded or locked up applications


Windows XP Shortcuts:

ALT+- (ALT+hyphen) Displays the Multiple Document Interface (MDI) child window's System menu
ALT+ENTER View properties for the selected item
ALT+ESC Cycle through items in the order they were opened
ALT+F4 Close the active item, or quit the active program
ALT+SPACEBAR Display the System menu for the active window
ALT+TAB Switch between open items
ALT+Underlined letter Display the corresponding menu
BACKSPACE View the folder one level up in My Computer or Windows Explorer
CTRL+A Select all
CTRL+B Bold
CTRL+C Copy
CTRL+I Italics
CTRL+O Open an item
CTRL+U Underline
CTRL+V Paste
CTRL+X Cut
CTRL+Z Undo
CTRL+F4 Close the active document
CTRL while dragging Copy selected item
CTRL+SHIFT while dragging Create shortcut to selected iteM
CTRL+RIGHT ARROW Move the insertion point to the beginning of the next word
CTRL+LEFT ARROW Move the insertion point to the beginning of the previous word
CTRL+DOWN ARROW Move the insertion point to the beginning of the next paragraph
CTRL+UP ARROW Move the insertion point to the beginning of the previous paragraph
SHIFT+DELETE Delete selected item permanently without placing the item in the Recycle Bin
ESC Cancel the current task
F1 Displays Help
F2 Rename selected item
F3 Search for a file or folder
F4 Display the Address bar list in My Computer or Windows Explorer
F5 Refresh the active window
F6 Cycle through screen elements in a window or on the desktop
F10 Activate the menu bar in the active program
SHIFT+F10 Display the shortcut menu for the selected item
CTRL+ESC Display the Start menu
SHIFT+CTRL+ESC Launches Task Manager
SHIFT when you insert a CD Prevent the CD from automatically playing
WIN Display or hide the Start menu
WIN+BREAK Display the System Properties dialog box
WIN+D Minimizes all Windows and shows the Desktop
WIN+E Open Windows Explorer
WIN+F Search for a file or folder
WIN+F+CTRL Search for computers
WIN+L Locks the desktop
WIN+M Minimize or restore all windows
WIN+R Open the Run dialog box
WIN+TAB Switch between open items

Windows Vista Shortcuts:

Alt+F4	Close the active window
Alt+Tab	Switch to previous active window
Alt+Esc	Cycle through all open windows
Win+Tab	Flip 3D [more info]
Ctrl+Win+Tab	Persistent Flip 3D
Win+T	Cycle through applications on taskbar (showing its live preview)
Win+M	Minimize all open windows
Win+Shift+M	Undo all window minimization
Win+D	Toggle showing the desktop

Win+1	Open the first program on your Quick Launch bar
Win+2	Open the second program on your Quick Launch bar
Win+n	Open the nth program on your Quick Launch bar
Win+U	Open the ease of access center
Win+F	Open the search window
Win+X	Open the Mobility Center
Win+E	Open Explorer
Win+R	Open the Run window [more info]
Win+B	Move focus to notification tray (the right-most portion of the taskbar)
Win+Pause	Open the System Properties portion from the Control Panel
Ctrl+Shift+Esc	Open Windows Task Manager

Win, →, →, →, Enter	Shutdown
Win, →, →, →, U	Shutdown
Win, →, →, →, R	Restart
Win, →, Enter	Sleep
Win, →, →, →, W	Switch Users
Win+L	Locks computer

Move focus to Sidebar	Win+Space
Cycle through visible gadgets	Win+G

Windows Seven Shortcuts:

Win+↑	Maximize the current window
Win+↓	If the current window is maximized, restore it; if the current window is restored, minimize it
Win+←	Dock the current window to the left half of the screen *If it is already docked left, it is moved to the right half of the screen *If it is already docked right, it is restored to its original size
Win+→	Dock the current window to the right half of the screen *If it is already docked right, it is moved to the left half of the screen *If it is already docked left, it is restored to its original size
Win+Shift+←	Move current window to the left monitor (with dual monitors)
Win+Shift+→	Move current window to the right monitor (with dual monitors)
Win+Home	Minimize all but the current window
Win+Space	Peek at the desktop
Win+[Plus sign]	Zoom in
Win+[Minus sign]	Zoom out
Win+P	Open the projection menu (generally used for laptops connected to projectors)
Alt+P	In Explorer, show/hide the preview pane

Shift+Click	Open a new instance of the program
Ctrl+Click	Cycle between windows in a group
Middle Click	Open a new instance of the program
Ctrl+Shift+Click	Open a new instance of the program as Administrator
Shift+Right-Click	Show window menu

Alt+F4	Close the active window
Alt+Tab	Switch to previous active window
Alt+Esc	Cycle through all open windows
Win+Tab	Flip 3D [more info]
Ctrl+Win+Tab	Persistent Flip 3D
Win+T	Cycle through applications on taskbar (showing its live preview)
Win+M	Minimize all open windows
Win+Shift+M	Undo all window minimization
Win+D	Toggle showing the desktop
Win+↑	Maximize the current window
Win+↓	If the current window is maximized, restore it; if the current window is restored, minimize it
Win+←	Dock the current window to the left half of the screen *If it is already docked left, it is moved to the right half of the screen *If it is already docked right, it is restored to its original size
Win+→	Dock the current window to the right half of the screen *If it is already docked right, it is moved to the left half of the screen *If it is already docked left, it is restored to its original size
Win+Shift+←	Move current window to the left monitor (with dual monitors)
Win+Shift+→	Move current window to the right monitor (with dual monitors)
Win+Home	Minimize all but the current window
Win+Space	Peek at the desktop
Win+[Plus sign]	Zoom in
Win+[Minus sign]	Zoom out

Win+1	Open the first program on your Quick Launch bar
Win+2	Open the second program on your Quick Launch bar
Win+n	Open the nth program on your Quick Launch bar
Win+U	Open the ease of access center
Win+F	Open the search window
Win+X	Open the Mobility Center
Win+E	Open Explorer
Win+R	Open the Run window [more info]
Win+B	Move focus to notification tray (the right-most portion of the taskbar)
Win+P	Open the projection menu (generally used for laptops connected to projectors)
Win+Pause	Open the System Properties portion from the Control Panel
Ctrl+Shift+Esc	Open Windows Task Manager

Win, →, Enter	Shutdown
Win, →, →, R	Restart
Win, →, →, S	Sleep
Win, →, →, W	Switch Users
Win+L	Locks computer

Alt+←	Go back
Alt+→	Go forward
Alt+↑	Go up a directory
Alt+D	Move focus to address bar
Alt+D, Tab	Move focus to search bar
Alt+Enter	Open the Properties window of the current selection
Ctrl+Mousewheel	Change the view type (extra large, small, list view, detail, etc.)
Alt+P	Show/hide the preview pane

Windows Explorer Shortcuts:

ALT+SPACEBAR - Display the current window’s system menu
SHIFT+F10 - Display the item's context menu
CTRL+ESC - Display the Start menu
ALT+TAB - Switch to the window you last used
ALT+F4 - Close the current window or quit
CTRL+A - Select all items
CTRL+X - Cut selected item(s)
CTRL+C - Copy selected item(s)
CTRL+V - Paste item(s)
CTRL+Z - Undo last action
CTRL+(+) - Automatically resize the columns in the right hand pane
TAB - Move forward through options
ALT+RIGHT ARROW - Move forward to a previous view
ALT+LEFT ARROW - Move backward to a previous view
SHIFT+DELETE - Delete an item immediately
BACKSPACE - View the folder one level up
ALT+ENTER - View an item’s properties
F10 - Activate the menu bar in programs
F6 - Switch between left and right panes
F5 - Refresh window contents
F3 - Display Find application
F2 - Rename selected item


Internet Explorer Shortcuts:

CTRL+A - Select all items on the current page
CTRL+D - Add the current page to your Favorites
CTRL+E - Open the Search bar
CTRL+F - Find on this page
CTRL+H - Open the History bar
CTRL+I - Open the Favorites bar
CTRL+N - Open a new window
CTRL+O - Go to a new location
CTRL+P - Print the current page or active frame
CTRL+S - Save the current page
CTRL+W - Close current browser window
CTRL+ENTER - Adds the http://www. (url) .com
SHIFT+CLICK - Open link in new window
BACKSPACE - Go to the previous page
ALT+HOME - Go to your Home page
HOME - Move to the beginning of a document
TAB - Move forward through items on a page
END - Move to the end of a document
ESC - Stop downloading a page
F11 - Toggle full-screen view
F5 - Refresh the current page
F4 - Display list of typed addresses
F6 - Change Address bar and page focus
ALT+RIGHT ARROW - Go to the next page
SHIFT+CTRL+TAB - Move back between frames
SHIFT+F10 - Display a shortcut menu for a link
SHIFT+TAB - Move back through the items on a page
CTRL+TAB - Move forward between frames
CTRL+C - Copy selected items to the clipboard
CTRL+V - Insert contents of the clipboard
ENTER - Activate a selected link
HOME - Move to the beginning of a document
END - Move to the end of a document
F1 - Display Internet Explorer Help

Exchange 2007 - Windows Server 2008 R2

Microsoft Exchange Server 2007 will not be supported on Windows Server 2008 R2. Only Exchange 2010 (14) will be supported.

There where slight hopes that Exchange Server 2007 Service Pack 2 would support Windows Server 2008 R2, but Microsoft confirmed that Exchange Server 2007 SP2 will also be not supported on Windows Server 2008 R2.

Installing and removing Windows Features via the command line

In this article i will show how to install and remove Windows Features ttough the command line.

By command line i mean the regular shell command and Windows Powershell (V2).

ServermanagerCmd

ServermanagerCmd which we know from Windows Server 2008 RTM is no longer the prefered tool to use, as Microsoft wants to encourage administrators to use Powershell.

Installing server roles using ServerManagerCmd

To see what roles are installed you can use following command:

[Code]
ServerManagerCmd /Query

[/Code]

All Windows Server roles and features are displayed.

To install certain feature or roles use the following command:

[Code]

ServerManagerCmd -i %ServerRole%

[/Code]

Example

ServerManagerCmd -i web-server

When installing multiple roles, just enter the roles and use as sepperators.

To remove features you can use the same commands, but instead of specifying the Install switch "-i", you need to specify the remove switch "-r".

By adding the -restart switch you are telling Windows that if a reboot is required, the system may issue a restart when execution has finished.

PowerShell

Using powershell is fairly the same procedure. You can swith to powershell by issueing the "powershell" command in the Dos box.

In order to load the servermanager module, you need to load the module by issueing following command

[Code]

Import-Module ServerManager

[/Code]

Querying the roles and features

[Code]

Get-WindowsFeature

[/Code]

Installing roles:

[Code]

Add-WindowsFeature Web-Server, Application-Server

[/Code]

Notice the sepperator.

Remove Features:

[Code]

Remove-WindowsFeature Web-Server, Application-Server

[/Code]

You see, adding and removing Windows feature is a simple and quicker procedure as installing them trough the GUI.

applying Group policy Preferences "Regional Settings" In Vista can have unforeseen results

I am working on a Windows Vista migration project, where i am responsible for designing group policies for Windows Vista. After applying regional settings through Group Policy Preferences, the testmachines started showing strange behavior. These issue's started showing up after the first reboot, since the policy was applied.
These are the symptomes where noted:

1. Client where unable to get an IP address (no ip address could been leased/renewed), although the required services where running. The client did recieve an IP during PXE boot proces (comes from the same DHCP server).
2. The eventviewer was unavailable, allthough the services where running.
3. Unable to release/renew the IP address (RPC service unavailable). Remote Procedure Call service was running fine.
4. Somethimes the test users where unable to log on to the computer.

These isue's where not related to the user, because even after loging on with the local administrative account the same isue's occured. I reinstalled the NIC's on the client, removed all applied policies from the registry. Rebooted the system but still could not get an IP. Troubleshooting also showed that the client couldn't communicate with AD during the Windows Boot Proces, also only cashed domain credentials could log on.

At first i thought there was a problem with the image used for the deployement of the machines. But after redeploying the system I saw there was no issue as long no policies where applied. This pointed me towards the applied policies. The policies where devided in several smaller policies:

1. A general Computer policy (Common Computer policies Desktop Laptop).
2. Desktop Policy (Specific Desktop Policies)
3. A general User Policy (General user policies)
4. An Internet Explorer Policy (General Internet Explorer Policies)
5. An Office 2007 policy (General office Policies)

Started applying the GPO's one by one, which showed that the havoc started after applying the general user policy. This made the GPP's my number one suspect. Braking down and applying the policies over and over again proved my point. After applying the GPP's regional settings the isue starts to occur. Even when only applying the GPP's (no other policy applied) the isue's start to appear.

Compared two registry exports (one before and one after), in the hope to find what was causing the issue, but failed to find the registry entries which where causing these issue's. My troubleshooting did however show that the problem does occur after applying the GPP regional settings.

I did the same testing on Windows Seven RC1, and saw that these issue's are NOT occuring on Windows Seven.

Installing the Telnet Client

Since Windows Server 2008 and Vista, the telnet client is no longer installed by default. This short article shows how to install the Telnet Client On Windows Server 2008 and Windows Vista/Seven from the comand line.

Windows Server 2008/R2
[Code]
ServerManagerCmd -i Telnet-Client
[/Code]

Windows Vista/Seven
[Code]
Start /w pkgmgr /iu:"TelnetClient"
[/Code]

Snapshotting destroys replication.

If you know how Active Directory Replication works, you would be reluctant to use any kind of imaging technology on your domain Controllers. The Active Directory Team wrote a nice artikle explaining why you should or shouldn't use any imaging technology on your DC's.
http://blogs.technet.com/askds/archive/2009/06/05/dc-s-and-vm-s-avoiding-the-do-over.aspx

Unforeseen Outcome

Enforcing the Windows Explorer Classic shell disables tabbed browsing in Internet Explorer.

Enabling the policy User Configuration/Administrative Templates/Windows Components/Windows Explorer/Turn On Classic Shell disables tabbed browsing in Internet Explorer.

Using Exchange 2007 for Resource booking

Found a very interesting article today which handles resource mailbox in exchange 2007.
The article is written by Nathan Winters, and gives a good view how to manage resource mailboxes in Exchange 2007.

http://www.simple-talk.com/exchange/exchange-articles/using-exchange-2007-for-resource-booking/

Windows 7 and Winamp

A few weeks back i decided to install Windows7 Beta on my desktop. Had it running in VMware. But you know how it goes. You install it, play a litle and loos interest. By installing it on my desktop i am forced to use it, and get a far more better experience with the product.

Well so far so good, no problem what so ever. Every thing runs smooth in exeptance of Winamp.
Winamp crashed as soon as i fired it up. Googling the issue told me that some people resolved it with removing the Winamp configuration file from your profile. I tried it, and indeed Winamp would launch after the removal. But you could not see the interface of the program. You just saw the application being active in the quick-launchbar, but that was all. I decided to reinstall it, clear the configuration file, and choose Winamp Clasic instead of the Bento Skin. To my supprise the issue seems to be resolved.

I still could not completly verify, but it looks like the Bento skin doesn't work in Windows7.

So if you want to use Winamp, remove the Configuration file. Launch the Application and do not choose the default Bento skin.
The default location of the Winamp config file is in the user profile:
%Systemdrive%\Users\%Username%\AppData\Roaming\Winamp\Winamp.ini

Inter-Forest migration. Trust requirements

This small article discribes the trust prerequisites do allow Sid-filtering, which will in return allow migrated users from accessing their resources in the source domain.

Create a forest trust between the two domains.
Enable SID History
[Code]
NETDOM TRUST /Domain: /EnableSIDHistory:Yes /UserO: /PasswordO:
[/Code]
Verified the setting by running the same account, without any value on the /EnableSIDHistory switch.
[Code]
NETDOM TRUST /Domain: /EnableSIDHistory:Yes /UserO: /PasswordO:
Which returned
SID History is enabled on this Trust
[/Code]
When a security principal is copied from one to the other forest it will get a new SID from the Target domain. When SID History is enabled the old SID are added to the SID History of the pricipal. This SID History is added to the session key which it will present while trying to access a share, and thus validating the user in the source forest.

Only enabling SID History is not enough. Windows Server 2003 forest have SID Filtering enabled by default. Security principals in Active Directory have an attribute, called SID history, to which domain administrators can add users’ old security identifiers (SIDs). This is useful during Active Directory migrations because administrators do not need to modify access control lists (ACLs) on large numbers of resources and users can use their old SIDs to access resources. However, under some circumstances it is possible for attackers or rogue administrators that have compromised a domain controller in a trusted domain to use the SID history attribute (sIDHistory) to associate SIDs with new user accounts, granting themselves unauthorized rights. To help prevent this type of attack, Windows Server 2003 automatically enables SID filter quarantining on all external trusts that are created by a Windows Server 2003 domain controller. External trusts that are created using domain controllers running Windows 2000 Server with Service Pack 3 (SP3) or earlier must be manually configured to enable SID filter quarantining. This is also the case when creating a forest trust between two forests. So in order to let the SID History to be passed beyond the trust we need to disabled Sid Filtering on that trust. SID Filtering can be disabled by using following command:
[Code]
NETDOM TRUST /Domain: /Quarantine:No /UserO: /PasswordO:
[/Code]
Again you can verify the status by runnung the same command without specifying a value for the /Quarantine command:
[Code]
NETDOM TRUST /Domain: /Quarantine /UserO: /PasswordO:
[/Code]

Note: Disabling SID Filtering and enabling SIDHistory creates a large security risks and a opens a big attack surgace appon both forests. Therefore it is advicable to speed up the migration. It is understandable that you leave the old environment running for a longer time ones the migration has completed. But be sure to enable the filtering again ones all resource have been moved to the target Forets.

Disabling SIDHistory:
[Code]
NETDOM TRUST /Domain: /EnableSIDHistory:No /UserO: /PasswordO:
[/Code]
Enabling SID Filtering
[Code]
NETDOM TRUST /Domain: /Quarantine:Yes /UserO: /PasswordO:
[/Code]

Configure name, IP and domain membership through the CLI

When installing Windows Server 2008 R2, you do not get the option to configure the computername, IP and domainmembership during setup (When not using a Unattended Setup). So these tasks need to be done ones the installation finishes.
Following commands allow you configure these settings using the command Line Interface.

Rename the computer:

Netdom Renamecomputer %Computername% /Newname:Computername

(Requires a reboot)

Configure the Local area connection

Netsh interface ip set address name="Local Area Connection" Static 192.168.1.1 255.255.255.0 192.168.1.254

Explination: "Netsh interface ip set address name="Local Area Connection" Static Ipaddress Subnetmask Defaultgateway"

Netsh Interface IP Set DNS "Local Area Connection" Static 192.168.1.10

Explination: "Netsh interface ip set DNS "Local Area Connection" Static Ipaddress Dns Server

Configure Domain Membership

Netdom Join %Computername% /Domain:Domainname /UserD:Administrator /PasswordD:*

By Specifying the asterix in the Password (*) the CLI will promt you for a password.

Shutdown -r -t 0

By using the %Computername% variable you do not need to check the computername.

Public Beta Exchange 2010 released

http://msexchangeteam.com/
Please download the worldwide beta today! Here's the link: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=1898ed2c-2f88-48ac-824e-d3d20fad77d7

Copy a Complete OU infrastructure

Somethimes you need to copy a complete OU Structure within a single domain. This can be done by following command:

"FOR /F "Tokens=1 Delims=," %* IN ('DSQUERY OU "OU=%Name OU%,DC=%Domain%,DC=%Prefix%"') DO DSADD OU %*,OU=%Parent OU%,DC=%Domain%,DC=%Prefix%"

Change the %Name OU%, %Parent OU%, %Domain% and %Prefix% with your own parameters.

Example:
"FOR /F "Tokens=1 Delims=," %* IN ('DSQUERY OU "OU=Sales,DC=Contoso,DC=Com"') DO DSADD OU %*,OU=Offshore,DC=Contoso,DC=Com"

Changing the credentials for the "EPO" service account.

Ever need to adjust the credentials for your Epolicy Orchestrator?

• Change Password
• Change Username
• Change account
• Change Domain
• Change Database Server
• Change Database Server Port
• Change Database Name

Browse to HTTPS://Localhost/Core/Config to manage your settings.

ADMT plain and simple

Setting up ADMT to migrate objects between two forests.

The latest version is ADMT V3.1, which can be used on Windows Server 2008. If you are using Windows Server 2003, you will need to use v3.0. ADMT v3.0 can only be installed on Windows Server 2003.

This article discribes how to set up ADMT plain and Simple.

Create and test a two way trust between the two or more forest(s).

Create a migration account in the source forest and target forest. To make it simple, make the two service accounts member of the domain admin group. This is not really nescesarry to make both accounts domain admin, but both accounts need to have the permission to create, move and modify objects. If you do not like the idea of making to many domain admins, you could work by providing the nescesarry rights through delligations.

After the migration accounts have been created, you should add the migration account to the administrators group of the opposite forest. Add the Old\Migration to the New\administrators and vica versa.

Install ADMT on a member-server or domain controller within the target forest. Create the 128 encryption file to enable password migration between the two (or more forests). The password file is created by running following command in the ADMT\PES folder. Click start->RUN and type CMD. Than type "CD %Systemroot%\Admt\Pes" (or path to where you installed ADMT).

Than type: ADMT KEY /OPTION:CREATE /SOURCEDOMAIN:%Olddomain% /KEYFILE:%Systemroot%\ADMT\PES\%Name of the keyfile% /PWD:* and press Enter.

You will be promted to type a password, and retype that password.

Note: the /keyfile option directs ADMT where to create the keyfile. This does not have to be the prediscribed path. This path however does contain MIGPWD.MSI which is needed later on.

Create a share, and place the content of ADMT\PES and the keyfile in that share. Make sure that you can access the share from a domain controller in the source domain.

Logon to the source domain controller and access the share you have created, which contains the ADMT key file and migpwd.msi. Open the migpwd.msi which will kick off the ADMT Password Migration DLL installation. This installation will install the Password Export Server Service, which is required to safly migrate your passwords between the two forests.

The installation wizzard will ask you, where it can find the key file. Ones the key file has been located, it will prompt you for the password by which you encrypted the keyfile. Afer filling and confirming that password, th einstallation kicks off. At the end of the installation it will ask you by which account you will start the Password Export Server Service. Here you fill in the account of the migration user in the tarhet forest. This account will also be granted the "logon as a service" permissions. Ones the installation has finished, a reboot of the system is required.

After the reboot of the system you will see that the Password Export server services has been created in the services console (Services.msc). The start-up mode of this service is set to manual, so it will be required to start the service prior to starting the migration procedure.

Still on the source domain controller. Goto run and type regedit, goto HKLM\System\CurrentControlSet\Control\LSH and create following keys:

TCPIPClientSupport Value "1"

AllowPasswordExport Value "1"

Now all is set and ready to start a test migration.

Starting the test migration.

Log-on to the source Domain Controller and start the Password Export Service (Net start PESSVC).

Log-on to the target ADMT migration machine and open the ADMT with the user credentials of the migration user in the Source domain (RUNAS). Rightclick the Active Directory Migration Tool and sellect which object you which to upgrade.

Happy migration!

Update Roll-up 7 for Exchange Server 2007 Service Pack 1 has been released.

Update Roll-up 7 for Exchange Server 2007 Service Pack 1 has been released.
http://msexchangeteam.com/archive/2009/03/18/450863.aspx

Interesting Facts

• Maximum number of objects in Active Directory: A little less than 2.15 billion
• Maximum number of SIDs in in a domain: About 1 billion
• Maximum number of group memberships for Security Principals: 1015*This is for Security groups. Each Security group you're a member of results in its SID being added to your access token at logon.

Note: For Windows 2000 Active Directory environments, the recommended maximum number of members in a group is 5,000. This recommendation is based on the number of concurrent atomic changes that can be committed in a single database transaction.

http://technet.microsoft.com/en-us/library/cc756101.aspx