Archive for the 'Technical Stuff' Category

VMRCPlus out of the secret storage

Tuesday, July 3rd, 2007

Finally VMRCPlus is available to the public. I was bugging MS for years if they can’t release it, and finally it’s available.

VMRCPlus is a frontend for the users of Virtual Server, which provides a full console application instead of having VMRC to connect to the screen plus the Webinterface to configure machines. Way cool. If you work with Virtual Server, this is a must-have! 

Thanks to Tomek’s DS World – I found this reading your blog [;)]

The baptism of a new Server: Windows Server 2008

Wednesday, May 16th, 2007

Windows Server “Longhorn” finally got his name – as many would be surprise it will be “Windows Server 2008”.

Microsoft did name his products in the past to the Fiscal Year they released the product – since their “Fiscal New Years Day” is in the middle of the year and the new release of Windows Server is announced for the second half of the Calender Year 2007, many sources already assumed it’s naming as “Windows Server 2008”. They were right.

The announcement was on the Windows Server Division Weblog, and also the Windows Server 2008 Home Page has been adjusted and provides many valuable sources.

Timetraveling Active Directory

Wednesday, May 9th, 2007

When I posted about the Fine Grained Password Policies (aka Password Settings Objects) in the Active Directory of Windows Server “Longhorn” I’ve also got permissions to blog about a very exciting new feature in Longhorn – the possibility to create and access Active Directory “Snapshots”. So what is this feature?

In all previous Versions of Active Directory it had been very hard to:

  • determine which values a object had at a specific time before
  • determine which backup is the right one to restore in case of an Active Directory recovery
  • authoritatively restore objects in Active Directory
  • Figuring out and fixing Group Memberships (as well as other Forward-/Backlink-Relationships) after an authoritative restore

However – in Windows Server “Longhorn” you’ll get the possibilities to create Active Directory “Snapshots” (which is basically a Volume Shadow Copy of your Operating System and Active Directory Partitions – however it’s been made sure that the AD-Database is at a consistent state). Afterwards you are able to mount these snapshots into the file-system, and start a Read-Only LDAP-Service of this database (DIT-File). You can also start such a Read-Only LDAP-Directory from a previous backup whose files have been restored in a different place.

So how are we doing this?

First – let’s create a snapshot. The easiest way to do this is using ntdsutil.exe:

  1. On a Windows Server “Longhorn” Domain Controller, open the commandprompt and enter ntdsutil
  2. Enter Snapshot to go into the snapshot subcontext
  3. Hit ? to see all options, just for your information
  4. Now we need to select the directory of whom we want to create a snapshot – we could also use ADAM (called Active Directory Leightweight Domain Services in Windows Server “Longhorn”) – but in this case we care about Active Directory Domain Services, so enter Activate Instance NTDS
  5. Simply enter create, and a new snapshot is being created. Note the GUID which is being returned, we need this one later (but I show you a way how to retrieve it anyways).

OK – that was easy – now let’s mount the snapshot into the file system:

  1. Still in the subcontext snapshot in ntdsutil, examine which snapshots you have on your local system by typing list all. Now you get a list of all snapshots on the system.
  2. Now we want to mount a specific snapshot. First copy the GUID right next to the date/time of the snapshot you want to mount into the clipboard. Then type mount <GUID>. You get the message that the snapshot is being mounted to a directory C:\$SNAP_datetime_VOLUMEC$\.
  3. Navigate with Windows Explorer to this directory (if you don’t see it you have to change your folder options) and examine it’s content. You’ll see that it includes a full snapshot of the volume.

But we wanted to start up a own R/O Instance of Active Directory of this snapshots – there are no options in ntdsutil to do this. We need to use a different command: dsamain.exe

  1. Open up a new commandprompt
  2. Type dsamain.exe -dbpath:c:\$snap_timedate_volumec$\windows\system32\ntds\ntds.dit -ldapport:10000 -sslport:10001 -gcport:10002 -gcsslport:10003 (replace the path with the path of the ntds.dit in your snapshot, the portnumbers are up to you.
  3. The output should look as follows and inform you that the Active Directory Domain Services startup completed.

    Note that you don’t get back a prompt – whenever you decide you don’t need the new LDAP-Service anymore you’ll have to cancel it by hitting (Ctrl) + (C).

Now you can navigate in this “old version” of Active Directoy. I strongly hope and assume you are not in your production network right now – so make some changes you remember (such as changing a users properties, deleting something you don’t need anymore) – so that you have a possibility to see the changes between the two states of the Active Directory. In this example we’ll use simply ADSIEdit.msc to navigate the snapshot – you can use any other LDAP-Browser, script, tool which allows you to select other than default ports to navigate the LDAP-Directory.

  1. Start adsiedit.msc
  2. In adsiedit, use the Connect to… menu to specify your Active Directory Snapshot
  3. Now navigate the old version of Active Directory, and look for the changes you made.

After you are finished, you can stop dsamain with (Ctrl) + (C), then go into the ntdsutil-commandline. To unmount the snapshot you can type dismount <GUID>. If you can not remember which snapshots are mounted you can also use the list mounted command in this subcontext of ntdsutil.

AD-Snapshots is the first time ever Microsoft gives us such a important tool in our hands to enable us to do object-level or attribute-level recovery using simple scripts, or to select which objects to restore authoritatively. Previously you had to remember the distinguishedName of the objects you wanted to restore, or restart the DC without a network connection – figure out the DN-Path – then restart it in Directory Services Restore Mode again, and finally perform the authoritative restore. And remember – you can also do this against a Backup, so it’s a good way to figure out which is the best backup you want to restore in the case of a AD-Recovery.

Disclaimer: this blog post is about a beta-product which may change, I’ll try to update this blog-post if I recognize any changes.

Credits: Thank you Dmitri for this feature – you rock!

Windows Server "Longhorn" – Active Directory Attribute Editor and LDP

Tuesday, March 20th, 2007

Another Article of Jorge mentions the new “Attribute Editor” in Active Directory-Users and -Computers (ADUC) and Active Directory-Sites and -Settings (ADSS). Basically you have the Property-Page of ADSIEdit now in ADUC and ADSS and you are able to configure all attributes of the selected Object in a more generic view. I love this “feature” (*) – you’ll see it as soon as you have selected “Advanced View” in ADUS or ADSS and open a property page of a object.

Also I’d like to mention another great “feature” (*) of the property page – it shows you some of the data more human readable than it was in ADSIEdit. They are converting numbers now – e.g. to time-values a.s.o.

Another thing which has improved in ADUC is that if you select a domain controller you are able to access the NTDS-Settings-Object underneath it. For example you are able to configure the DC to be a Global Catalog (or not) on this dialogbox. This was providing a lot of confusion in the past where you either were able to see the DCs Properties in ADUC or to select whether it’s a GC or not in Active Directory-Sites and Settings – so well done Microsoft for deciding to show it in Active Directory-Users and Computers as well.

Jorge is also covering LDP in his post, and how much it has improved. What I really love in LDP is the Advanced Security Dialog which displays a Security Descriptor with it’s DACL, SACL and ACEs in the GUI or via a Text Dump. Just select Browse -> Security -> Security Descriptor out of the menu in ldp.exe and select the object and if you prefer a Text Dump or the “friendly view”.

Read Jorge’s article on Windows Server “Longhorn” – Management tooling to get more information about the possibilities in Active Directory-Users and -Computers and Active Directory-Sites and -Services.

(*) In Windows Server “Longhorn” we have Roles which we install, such as DNS-Server, Active Directory Domain Services, File Server, … and Features which are minor things to install such as Bitlocker, Telnet, Windows Backup, … so what do we call something which is a new thing but is not a Role or a Feature in the Product? In the past we’ve called it feature, but now we are without a wording for it.

dcpromo in Windows Server "Longhorn"

Tuesday, March 20th, 2007

Jorge’s Quest for Knowlege is currently covering a lot about the next Windows Server “Longhorn” which is due later this year.

In his Post Windows Server Longhorn – Installing, Removing and Upgrading to AD he is covering a lot of the options you get with the new dcpromo in Windows Server “Longhorn”.

I refer to this as the “Next -> Next -> Finish”-Consultant-proove Version of DCPromo. You know – Active Directory is a pretty complex topic, however there were many people out there who claimed to know Active Directory because they are able to install it using DCPromo. But it requires a lot more than that.

Microsoft basically took care of the “common Admin” by putting many of the best practices right into DCPromo, so if you are installing Active Directory by default now you’ll get much more what you’ve set afterwards as default, so I do expect that we are getting less calls from Scenarios which lack best practices.

However you are still able to run dcpromo and configure many settings (actually much more) by selecting the advanced installation right on the first screen of the dcpromo-wizard.

If you have access to the beta or to MSDN – give it a try to explore the new dcpromo-wizard – you’ll love it!

Read Jorges article where he tells you more about Installing, Removing and Upgrading to AD in Windows Server “Longhorn”

BGInfo in Vista and Longhorn

Tuesday, January 23rd, 2007

Did you try to use Sysinternals (now Microsoft) BGInfo on Windows Vista or Windows Server Codenamed “Longhorn”? Do you also prefer to see your network-settings such as IP-Adress and DNS-Server on the Background-Screen of BGInfo?

So did you like the picture you’ve got? Here’s an example:

BGInfo in Vista/Longhorn Default

So apparently we are getting nine IP-Addresses and nine DNS-Servers back, but only one is configured. However, we only want the one Address which is configured, not any virtual or whatever Network-Interface. We still can use BGInfo, but we need to put some more brain into it.

BGInfo also allows you to configure Scripts or custom variables, and return their value. So in BGInfo, follow these steps:

  1. In BGInfo, underneath the list box “Fields” where you are able to select which values to see, click “Custom”
  2. In the dialog box “User Defined Fields”, click “New”
  3. In the dialog box “Define New Field”, choose an “Identifyer”, such as “MyIPAdress”
  4. Under “Replace identifyer with” click “WMI Query”
  5. In the text box “Path”, enter the following WMI Query:
    SELECT IPAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = TRUE
  6. Close the dialog box with OK and repeat from Step 2 to create another new field:

Path (WMI Query):
    SELECT DNSServerSearchOrder FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = TRUE

After you added MyIPAdress and MyDNSServer to your background, it’ll look like the following:

BGInfo - Fixed now with WMI

I’m still alive (2)

Monday, January 22nd, 2007

So after getting back from Barcelona I had a lot of work to make sure I’ll be able to take some vacation during X-Mas. Worked like crazy. Also I had to finish an article, which was published in January in the IT-Administrator. I covered Security-Basics, Delegation and implementing Rolebased Administration in Active Directory. Yes – it complements my talk [;)]

Finally I was able to go on vacation from X-Mas to the first week of January. I was looking forward to it – I’m used to much work, however the last year was the worst ever and I was unable to finish everything – to many customers at the same time while always having issues to find “bodies”.

So what happened? Sure! If you give your body time to relax, it takes whatever needed to recover. So I had a bad could over New Years until the end of the first week in January. Not very relaxing, so I decided to stay the second week of January still at home and keep my workload low.

I had to recover and deserved it!

DNS Conditional Forwarders – AD integrated

Saturday, September 30th, 2006

Ward of the Windows Server Devision Weblog wrote earlier this summer about a “new feature” in Windows Server Codename “Longhorn”, the possible integration of Conditional Forwarders in Active Directory. I’ve posted an comment that this is already available in Windows Server 2003 using the commandline and received a few questions about it, so I decided to write down some more details about this topic.

OK – lets resume what conditional forwarders are. Usually when a DNS-Server is receiving a request from a client or himself [1] he’s first checking if the request is for a name he’s holding a zone for [2], then he’s checking the cache, and if he’s still unsucessfull he’s forwarding the request to the IP-Adresses configured in the Forwarders-Tab of the Server Properties in the DNS-Managementconsole dnsmgmt.msc. Therefore it was always quite tricky if you hold disjointed namespaces in your company (e.g. and but have not (enough) control over the parent namespaces. You usually had to resolve this by forwarders and secondary zones, or secondaries on both sides a.s.o.

Windows Server 2003 introduced some new features which provide more flexibility. Conditional Forwarders allows you to configure specific forwarders if the request is for a well-known namespace. They were configured in the same Tab than the forwarders in WS2k3. The default forwarder was underneath “All other domains”, and you were able to configure additional namespaces (by their parent DNS-Domain) and which DNS-Servers they should forward to. Additional Windows Server 2003 introduced Stub-Zones, however I will cover those in a later post not to get way off topic. Technically a conditional forwarder is only a “zone” with static NS- and A-Records for the DNS-Servers of the target DNS-Namespace.

When you configured Conditional Forwarders in the Managementconsole, you were not able to configure a conditional forwarder to be stored and replicated in Active Directory (like Active Directory-Integrated Zones). You may want to do this if all DNS-Servers/DCs in the replication scope [3] should directly forward requests of that namespace. In Windows Server Codename “Longhorn” you can configure this now in dnsmgmt.msc, see Wards Post or read further [;)].

However when you configured the conditional forwarder using the commandline utility dnscmd.exe you are even in Windows Server 2003 able to configure a forwarder which is AD-Integrated and therefore replicates to all DNS-Server/DCs in the replication scope.

Use the following syntax to configure a conditional server for the namespace

dnscmd /ZoneAdd /DsForwarder

After you did this, you can see the new conditional forwarder in the DNS-Managementconsole, and note that you are even able to see that this forwarder is Integrated in Active Directory:

One of the questions I got asked about this is where the Conditional Forwarder is stored in Active Directory (which of the partitions [3]) and if you are able to change this, e.g. having a certain Forwarder replicated across the Forest and another one across the Domain. Yes – this is possible. By default a Conditional Forwarder which is AD-Integrated with the above command will end in the DomainDnsZones-Applicationpartition, and therefore replicating to all DNS/DCs in the domain. If you prefer other scopes you can define this in the commandline using the parameter /DP. DP takes the following parameters:

  • /legacy: replicates to all DCs in the domain whether they are DNS-Servers or not
  • /domain: replicates to all DCs in the domain which are also DNS-Servers
  • /forest: replicates to all DCs in the forest which are also DNS-Servers
  • FQDN of a custom Applicationpartiton: Yes – this is weired, but here we have to provide the FQDN (instead of the distinguishedName) of a custom application partition where we’d like to store the Conditional Forwarder

So for an example the following two commands will work against the local DNS-Server if it’s a WS2k3-DC. For the second example you need a custom applicationpartition dc=MunichDnsZones,dc=example,dc=com (which you are able to create with NTDSUtil -> Partition Management, however do this only in a test environment if you are not absolutely certain what you want to accomblish with the custom partition):

dnscmd /ZoneAdd /DsForwarder /DP /forest

dnscmd /ZoneAdd /DsForwarder /DP

So let’s finish this post with showing how this is exposed in the DNS-Managementconsole in Windows Server Codename “Longhorn”. If you look into the console one of the first things you’ll notice is that Conditional Forwarders are not in the Server Properties anymore, they’ve made it into their own node in the navigation pane. That’s a good move – as I mentioned earlier Conditional Forwarders are actually like zones with only the NS- and A-Records for each delegated server. And another Yes – Delegations are also almost the same, but they are still created in their “parent zone” because it’s more logical. Conditional Forwarders, just like Forward Lookup Zones and Reverse Lookup Zones are not required to have a parent zone on the same Server so it’s also logical to have them separately.

When you decide to create a new Conditional Forwarder you get a dialog box which also provides you with the possibilities to store the Forwarder in Active Directory and you are also able to select which applicationpartitions you’d like to store the Conditional Forwarder in. This even works for your custom applicationpartitions (and this sounds like another post – explaining when custom applicationpartitions might be usefull).

Also note that Longhorn tries to resolve the FQDN of the target Server of a Conditional Forwarder. Don’t be worried if you don’t receive results. This is not necessary. However if you have Reverse Lookup Zones set up correctly you might want to fix this.

[1] Many people tend to forget that any system always asks the DNS-Server which is configured in the TCP/IP-Properties. Even if a server holds the DNS-Server-Service it will resolve his requests through the DNS-Server which is configured in the TCP/IP-Properties and only uses himself if he’s configured to do so.
Also keep in mind that you are able to configure multiple DNS-Servers, however the second, third a.s.o. DNS-Server is only used if the previous ones are not reachable via TCP/IP – as long as the server is online there’s no fallback to other servers, even if the DNS-Server Service is not running or even not installed.

[2] If a server is receiving a request for a name where he holds a zone for but the name does not exist, it assumes the name is not used and will not forward the request. You have to keep this in mind when “overwriting” parent or external (ISP) zones.

[3] In Windows 2000 there was only one replication scope: As soon as you integrated a DNS-Zone into Active Directory the informations in the zone are replicated to all Active Directory Domain Controllers of that Domain (no matter if a DNS-Server-Service is installed and therefore the information is usefull on this server).
In Windows Server 2003 two new replication scopes (= Application Partitions) where introduced: DomainDnsZones and ForestDnsZones. While the first one will replicate to all DCs which also hold the DNS-Server role in that Domain, the second will replicate to all DNS-Server/DCs in the Forest.

Windows Server Codename Longhorn

Wednesday, August 23rd, 2006

Thanks to ~eric (again – I owe you buddy) for his input on this post

There are more and more info’s out on the Web about the next generation of Windows Server Codename »Longhorn« (the Server release which will arrive after Windows Vista) and I’ve mentioned earlier that we had a lot of questions at the Ask the Experts Area and Longhorn Server Booth at TechEd Boston in July, so it’s time to talk here as well about what we’ll expect.

One of the very new things is that during installation, right after entering your Product key, you get to select which »Version« of Longhorn Server you want to install (remember NT where you had to decide whether to install a P/BDC or Member Server? – just kidding). In Longhorn you get the choice to either install the full version with all features or a new version called »Server Core« which will only provide a limited set of features and provides local administration via command line only. But I’ll focus on the full version of Longhorn Server right now, and will write about Server Core in a later post.

So let’s take a look at the

New features of Longhorn Server (full version):

  • Server manager:
    The new Server manager is not just a collection of MMC’s plus links to help files (as the Configure Your Server-Wizard in Windows Server 2003), but provides a consolidated, portal-like view about the status of each role. It’s homed on top of the MMC 3.0 which was introduced in Windows Server 2003 R2 and which provides much more possibilities than the old MMC.
  • IIS 7:
    Among increased security, xcopy-deployment, improved tools to diagnose, troubleshoot and management the system IIS 7 also enables you to implement delegated administration (finally) and is the new base for other services such as the new version of Sharepoint or the Windows Communication Foundation.
  • Read-Only Domain Controller (RODC):
    Now that’s one of my favorite new features! Back to the BDC? Not really. (Actually a lot of customers asked us that at TechEd)
    The RODC is designed especially for Branch Office scenarios, where you are not always able to assure physical security. I already wrote about those issues in a prior blog entry »What do to if a Branch Office DC is not physically secured?«.
    The RODC holds a non-writeable copy of Active Directory, and will redirect all write attempts to a Full-DC. It will replicate everything but sensitive accounts. By default accounts like Domain Admins, Schema Admins, Enterprise Admins a.s.o. are excluded and will not been replicated to the RODC. The big advantage is that if someone is able to physically access the server (or steal it) he might be able to crack the passwords of the regular user-accounts, but not of the sensitive accounts. Downside: those accounts are unable to log onto the RODC if the WAN is not available. However first time ever a local administrator account will be able to log onto the DC and perform maintenance without having rights on the AD.
    To implement RODC in your environment you do not need all DCs on Longhorn. You need to have your domain and forest at the Windows Server 2003 mode, and the DC running the PDC-Emulator needs to run on a full version of Longhorn. As far as currently known there’s no support for multiple RODCs in a single location (they are unable to replicate between each other, each of them would replicate with the hub office).
  • Local administration of a RODC:
    On a RODC there’s a local administrator which is able to log onto the machine to perform maintenance tasks – you don’t have to grant those local site admins domain admins rights to o this.
  • Restartable Active Directory:
    In Longhorn »Active Directory Domain Services« (formerly just known as Active Directory) are stoppable and restartable now. When it’s stopped you can perform certain tasks which required a reboot into Directory Services Restore Mode (DSRM) in prior versions of Windows Server. This also eases writing scripts for those tasks.
  • Windows Backup:
    The new version provides Admins with a simple backup and recovery solution. It’s easy to handle, you don’t need to think about full, differential or incremental backups, and don’t need to keep the different schedules in mind when performing a recovery. The new Backup also supports Windows Recovery and therefore enables you to Recover a Server without a installed OS.
    You are able to store the Backup on DVDs, external or internal Harddisks or on Networkshares. Tape drives are not supported anymore by Windows Backup.
  • Windows Reliability and Performance Monitor:
    Combines different Snap-Ins like the Performance Logs and Alerts, Server Performance Advisor and System Monitor, and provides you with a graphical Interface to configure the collection of Performance-Data and Event-Traces. You also get a new Snap-In, the »Reliability Monitor«, which monitors the System to detect changes which influence reliability. All diagnoses are provided in nice reports.
  • Network Access Protection (NAP):
    NAP is not the same as the quarantine introduced with Windows Server 2003 (useable with VPNs), however it’s easier to imagine if you think of it. You are able to configure your network that all machines which want to be part of that network must perform a health-check first (for example if their virus signatures and patch-level is up-to-date). If they are not successful they will be put in a quarantine network (where they might install patches and signatures), if they are successful they are connected to the production network. This is not possible either on dial-up Networks, VPNs or even with direct LAN-Connections. The health-check is enforced either via IPSec, 802.1x, DHCP, VPN, NPS/Radius or combined. The current version of NAP requires you to run only Longhorn and Vista in your Network, but there will be most likely a client available on XP SP2.
  • Terminal Services Gateway:
    Now authorized computers are able to connect securely to a Terminal Server or Remote Desktop from the Internet using RDP via HTTPS without implementing a VPN-Session first. You do not need to open up additional ports in your Firewall – RDP will be tunneled through HTTPS. The admin has different ways of controlling access, such as selected user- or computer accounts which have to be Members in the domain, and he’s able to configure which resources are available.[1]
  • Terminal Services Remote Programs:
    This feature was first planned for Windows Server 2003 R2 and was codenamed »Bearpaw« at this point, but has been postponed to Longhorn. Finally you are able to publish single applications instead of the whole desktop to clients. TSRP is totally transparent to the user, f.e. applications like Word 2007 appear with icons in the Startmenu, the corners of the application appear rounded as if Word would be running directly on the machine, and even the associations with the document-types do work: if you double-click a Wordfile Word will open up with the file loaded – the user does not see that the application doesn’t start locally but on a terminal server.[1]
  • Terminal Services Web Access:
    Enables Administrators to provide access to the Terminal Services Sessions via a Webinterface. Using TS Gateway and TS Remote Programs the whole communication is via HTTP(S) and the remote applications appear transparent to the user as if they are running locally. And if the user is starting multiple applications they’ll run via the same session to ensure that there’s no need for additional licenses per user. TS Web Access comes with a adjustable Webpart for IIS and Sharepoint, which advertises the possible applications and connections to the user. You can use access control rights to adjust which applications appear for which users or groups. TS Web Access requires IIS7 and [1].
  • Windows Deployment Services:
    WDS supports the imagebased deployment of Operating Systems via network – initiated by a network boot request. It appears as the joint product of RIS (Remote Installation Services, which first appeared with Windows 2000 Server) and ADS (Automatic Deployment Services, a free download bound to a Windows Server 2003 Enterprise Edition Licence) – however that’s not the official word (or at least as far as I know).

[1] relies on the clientside to the new Remote Desktop Connection Client 6.0, which is part of Windows Server Codename »Longhorn« and which will be available as download for Windows XP SP2 and Windows Server 2003 SP1 (as far as currently known).

Additional the are a lot of additional features in Longhorn (most of them are also part of Windows Vista):

  • The new rule-based Windows Firewall which is able to control incoming and outgoing network traffic and which is configurable via Group Policies.
  • Bitlocker Encryption for Harddrives:
    not only in Vista but also in Longhorn your are able to encrypt whole Harddrives using Bitlocker.
  • Desktop Experience:
    A new feature which enables a Desktop look and feel on the server – targeted to users which are using a Server-OS as Desktop or Laptop.
  • Internet Storage Naming Server (iSNS):
    Enables central registration, deregistration and queries for iSCSI-Harddrives.
  • Multipath I/O for Storage Devices

plus the features which have been part of Windows Server 2003 R2.

I’m very excited to the new major release of the Server-OS! And way cool is the Server Core Version – but more about that later. Stay tuned [;)]

Finished, Exhausted, Done!

Tuesday, May 16th, 2006
I just finished the finalizing work on my next book, which I wrote with a couple other Windows Server MVPs. We are providing tipps and tricks around Windows Server 2003 (including R2). The book is for MS-Press Germany, and I expect it in the stores pretty soon since the publishing process is very well done at MS-Press. Actually it has been available for pre-ordering on a couple online-bookstores for a couple month now.
Here it is at Amazon Germany:
Windows Server 2003 – Die Expertentipps
I’m kind of tired and exhausted now since I had to do all the finalizations, however I’m glad I’m done, all reviews are in and I only need to wait for publishing. Now I’ll have some time to relax, go to the gym again, meet friends, enjoy the weather, and do some other stuff I wanted to do for ages but haven’t had time this year yet.