Active Directory Troubleshooting Help

A friend and former co-worker of mine (Sean Deuby) has some excellent Active Directory Troubleshooting guides available online for free.  These aren’t going to solve every problem for you but are great to ensure you have covered your basis when trying to troubleshoot Active Directory.  Take a look at the link to see all the great help he has.

You know…is the Internet great?  I mean really think about all the great things that are available at our finger tips, things like these great troubleshooting guides.  The Internet hasn’t always been great but I’d say over the last 5 years it has really blossomed well.  I know there is bad and harmful things out there but I really do believe that there is more good than bad…OK, time for me to stop thinking out loud again.  Smile

Acctinfo2.dll to get Additional Account info

Some of you may have used Acctinfo.dll in to get the additional Account Info tab when managing Active Directory from 2003 or Windows XP.  It was a great add on that should you additional info about Users such as their GUID and SID amongst many other things. 

I’ve heard rumors that some people have seen Acctinfo2.dll out in the wild…aka the Internet and that it works on Server 2008 R2.  Please don’t download anything called Acctinfo2.dll from the Internet unless it is officially from Microsoft.  I’m not saying that Acctinfo2.dll doesn’t exist…to be honest I have no idea because I’ve never tried to install it.  But like you I’m not a fan on downloading something that could potentially do harm to my environment.

For those looking to get those “Additional Account” attributes you can still do it.  The first way is to just use the Attributes tab in Active Directory Users and Computers, but there is a an even better way.  All you really need to do is use the Active Directory Administration Center.  Let me show you.

Once you open the Active Directory Administration Center up you can do a search for the user you want additional info on:

1

Now either double-click on that account or click the Properties from the Tasks on the right side.

2

These are the standard account properties…but…did you notice the area called Modified on the bottom?  That is where the magic really happens.

3

Here you can see all sorts of goodies including an account’s SID.  Just take a look at all that goodness.

4

Good stuff indeed.  Now stop trying to download something that doesn’t exist except in Area 51.

Lock Your Workstation

I’m sure you are like me when it comes to locking your desktop.  You ALWAYS do it.  Most if not all corporations today have a group policy in place that at least sets the Screen Saver on after a certain amount of time and requires a password for security reasons (User Configuration – Administrative Templates – Control Panel – Personalization – Password protect the screen saver).

You know as well as I do that there is always that one person that seems to always forget to lock their workstation.  Sure the group policy will kick in…eventually.  During that time the system is unlocked and the data vulnerable.

Since i’m such a huge fan of shortcuts I have two for the price of one today.  I will show you two methods to lock your workstation…even for those very forgetful people.

Method 1 (and what I think is the easiest)

By pressing the Windows key and L on the keyboard you effectively lock the system.  I use this one ALL the time.  It is the quickest method that I know.  However some people are not so keyboard shortcut friendly.

Method 2

For the people that prefer to use their mouse here are several steps to create a desktop shortcut.  This method is very similar to the post I had on creating a shortcut for the Network Properties in Server 2008.

1. From where ever you want the shortcut create, Right click and select New –> Shortcut  (I recommend the Desktop)

 

2. Put the following path into location rundll32.exe user32.dll,LockWorkStation



3. Click Next and type whatever you would like the name of the Shortcut Icon to appear as and click Finish.



4. Time to change the way the Icon looks – Right Click on the newly created Shortcut and select Properties

 

5. Click the Change Icon… button and change the path to %SystemRoot%system32SHELL32.dll and now pick whichever Icon you prefer.

 

6. We finally have an icon available to lock the workstation on the Desktop.

 

I personally love when people at work leave their workstations unlocked.  Like a lot of you i’m sure you like to teach that person a lesson.  Perhaps mess with the background…a nice screensaver message on how much they look up to me!

Initiate Replication across all Partitions and DCs

It seems I”m always trying to remember this little command and its about time I put here where I can always access it in the future.  This isn’t a new command but it is a nifty little one that will initiate replication across your environment. 

Repadmin /syncall  /APed

I prefer to run it from the DC (thus the reason DC_name is taken out after /syncall) and from the  command line to pipe it out to a text file.

Admin Tools of the Trade

I’ve just finished writing an article up on admin tools that I use over on AdminPrep.  If you have some tools that you would like to recommend please leave a comment here for others to see what helps get your through your day…tool wise that is!!!

Posted in Tools. 2 Comments »

Easy Way to View Windows Server 2008 and Vista’s Network Card Properties

That has to be the longest title I’ve ever had in any blog.  In my opinion this has the ability to the best post I’ve ever created too.  The reason being that I’m always looking for ways to make my life easier…and then share them with you.  EVERY single person I’ve spoken to about Windows Server 2008 has been frustrated with the amount of clicks and initial confusion on how to get to the Network Card properties.  Hopefully this will help.

The plan is the create a custom shortcut and copy it to the desktop for easy access (isn’t it always about easy access?).

1. From where ever you want the shortcut create, Right click and select New –> Shortcut  (I recommend the Desktop)

 

2. Put the following path into location C:windowsSystem32ncpa.cpl



3. Click Next and type what ever you would like the name of the Shortcut Icon to appear as.



4. Time to change the way the Icon looks – Right Click on the newly created Shortcut and select Properties



5. Click the Change Icon… button and pick whichever Icon you prefer.



6. We finally have an icon available to view the Network Interfaces on our Windows Server 2008 and Vista machines

     

NOTE:

Unlike Windows 2000 and 2003 where you had to right-click and select Properties here you will have to double click the icon…which I think is just a bit easier.

Windows Server 2008 Command Lines for Administrative Consoles

I’m always of fan of shortcuts and the Windows Server 2008 Administrator”s Companion from Microsoft Press has a complete list of the command line shortcuts for starting Administrative Consoles for Server 2008.  There are plenty of other goodies in this book so make sure you take a look at getting this one. 

Command Line

Console Name

AdRmsAdmin.msc    Active Directory Rights Management Services
Adsiedit.msc    ADSI Edit
Azman.msc Authorization Manager
Certmgr.msc Certmgr (Certificates)
Certtmpl.msc Certificates Template Console
CluAdmin.msc Failover Cluster Management
Comexp.msc Component Services
Compmgmt.msc Computer Management
Devmgmt.msc Device Manager
Dfsmgmt.msc DFS Management
Dhcpmgmt.msc DHCP Manager
Diskmgmt.msc Disk Management
Dnsmgmt.msc DNS Manager
Domain.msc Active Directory Domains And Trusts
Dsa.msc Active Directory Users And Computers
Dssite.msc Active Directory Sites And Services
Eventvwr.msc Event Viewer
Fsmgmt.msc Shared Folders
Fsrm.msc File Server Resource Manager
Fxsadmin.msc Microsoft Fax Service Manager
Gpedit.msc Local Group Policy Editor
Lusrmgr.msc Local Users And Groups
Napclcfg.msc NAP Client Configuration
Nfsmgmt.msc Services For Network File System
Nps.msc Network Policy Server
Ocsp.msc Online Responder
Perfmon.msc Reliability And Performance Monitor
Pkiview.msc Enterprise PKI
Printmanagement.msc Print Management
Remoteprograms.msc TS RemoteApp Management
Rsop.msc Resultant Set of Policy
Secpol.msc Local Security Policy
ServerManager.msc Server Manager
StorageMgmt.msc Share And Storage Management
Services.msc Services
StorExpl.msc Storage Explorer
Tapimgmt.msc Telephony
Taskschd.msc Task Scheduler
Tmp.msc Trusted Platform Module (TPM) Management
Tsadmin.msc Terminal Services Management
Tsconfig.msc Terminal Services Configuration
Tsgateway.msc TS Gateway Manager
Tsmmc.msc Remote Desktops
Uddi.msc UDDI Services Console
Wbadmin.msc Windows Server Backup
Wdsmgmt.msc Windows Deployment Services
Winsmgmt.msc WINS Manager
WmiMgmt.msc WMI Control

Process Explorer on Server Core

While I’ve always been a fan of Task Manager but lets face the facts…its has its limitations.  Mark Russinovich has rolled up his wonderful Sysinternal Troubleshooting Utilities into a single download that can be found here.

In there you will find the ultra popular Process Explorer.  Well I wanted to test out some stuff on Server Core…like what type of tools will really work on it.  I copied over Process Explorer and it ran like a champ!  Now all I need to do is go into the Options menu and select Replace Task Manager and now when I enter taskmgr or hit CTRL-Shift-ESC Process Explorer opens instead of Task Manager.

…I wonder how many other Sysinternal tools work on Server Core…

Posted in Server Core, Tools. No Comments »

Server Core CoreConfigurator

I know i”m late on this but I”ve got to blog about it.  Fellow Directory Services MVP Guy Teverovsky has created the coolest tool yet for Server 2008 Server Core.  It is the Server Core CoreConfigurator

After you copy the four files to your Server Core server you have a great tool to help with the most common tasks within Server Core.  Included features are:
Features:

  • Product Activation
  • Configuration of display resolution
  • Clock and time zone configuration
  • Remote Desktop configuration
  • Management of local user accounts (creation, deletion, group membership, passwords)
  • Firewall configuration
  • WinRM configuration
  • IP configuration
  • Computer name and domain/workgroup membership
  • Installation of Server Core features/roles

The latest build added support for 3 scenarios for DCPromo:

  • Additional DC in existing domain new forest
  • Few Forest
  • New Child Domain

I highly recommend you go to his blog to view some of the screen shots.  To bad he didn”t get to make it to the last MVP summit because it would have been nice to catch up with him again.

RSAT Missing Tabs in Active Directory Users and Computers

Some of you may have noticed there were some missing tabs in Active Directory Users and Computers after you installed RSAT on Windows Vista.  Specifically the Terminal Services Profile, Remote Control, Environment, and Sessions tabs are not there.  The reason behind this is because Windows Vista is missing the TSUSEREX.DLL…basically it can”t be a Terminal Server.

Ned from the Directory Services team has posted an unsupported fix for this on the Directory Services blog.  I snagged the fix here for you to see.
  1. You can use your Windows Server 2008 AD Users and Computers snap-in by terminal serving into the remote administration sessions.
  2. You can make your RSAT DSA.MSC work the way you’d expect by taking the following unsupported steps:

A. Locate a Win2008 Server which has DSA.MSC installed via Server Manager features/roles. The installed OS platform architecture must match your client (so use 32-bit OS server if using 32-bit OS client, and the same for 64-bit).

B. Locate the following two files:

%systemroot%system32tsuserex.dll %systemroot%system32en-ustsuserex.dll.mui

(NOTE: If not running US English, the path would not be EN-US; it would be the language(s) running on the server)

C. Copy these two files to the Vista machine running RSAT tools and place them in the same paths.

D. Run as an administrator:

regsvr32.exe tsuserex.dll

E. Start DSA.MSC on the Vista machine and look at a user”s properties – the tabs will now be there.