Hello world!

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!

Posted in Uncategorized | 1 Comment

Transferring FSMO Roles

Transferring FSMO Roles

by Daniel Petri – January 8, 2009

How can I transfer some or all of the FSMO Roles from one DC to another?

Windows 2008 Active Directory 70-640 Training!

Have you seen the Microsoft Active Directory 70-640 Training video by Train Signal? I highly recommend this course, as you will learn much more than you will from any book. It includes new iPod/MP3 versions of the course (when you are on the go) and Transcender practice tests to help you prepare for certification. The instructors, Ed and Coach, do an amazing job not only preparing you to get Microsoft Certified but also showing you what tasks you need to perform on real Windows 2008 Servers, in the real world!

-Daniel Petri, Petri IT Knowledge Base

Watch Free Demo Video Here

Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active Directory.

In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or actually, on the same DC) as has been configured by the Active Directory installation process. However, there are scenarios where an administrator would want to move one or more of the FSMO roles from the default holder DC to a different DC.

Moving the FSMO roles while both the original FSMO role holder and the future FSMO role holder are online and operational is called Transferring, and is described in this article.

The transfer of an FSMO role is the suggested form of moving a FSMO role between domain controllers and can be initiated by the administrator or by demoting a domain controller. However, the transfer process is not initiated automatically by the operating system, for example a server in a shut-down state. FSMO roles are not automatically relocated during the shutdown process – this must be considered when shutting down a domain controller that has an FSMO role for maintenance, for example.

In a graceful transfer of an FSMO role between two domain controllers, a synchronization of the data that is maintained by the FSMO role owner to the server receiving the FSMO role is performed prior to transferring the role to ensure that any changes have been recorded before the role change.

However, when the original FSMO role holder went offline or became non operational for a long period of time, the administrator might consider moving the FSMO role from the original, non-operational holder, to a different DC. The process of moving the FSMO role from a non-operational role holder to a different DC is called Seizing, and is described in the Seizing FSMO Roles article.

You can transfer FSMO roles by using the Ntdsutil.exe command-line utility or by using an MMC snap-in tool. Depending on the FSMO role that you want to transfer, you can use one of the following three MMC snap-in tools:

  • Active Directory Schema snap-in
  • Active Directory Domains and Trusts snap-in
  • Active Directory Users and Computers snap-in

To transfer the FSMO role the administrator must be a member of the following group:

FSMO Role Administrator must be a member of
Schema Schema Admins
Domain Naming Enterprise Admins
RID Domain Admins
PDC Emulator
Infrastructure

Transferring the RID Master, PDC Emulator, and Infrastructure Masters via GUI

To Transfer the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO Roles:

  1. Open the Active Directory Users and Computers snap-in from the Administrative Tools folder.
  2. If you are NOT logged onto the target domain controller, in the snap-in, right-click the icon next to Active Directory Users and Computers and press Connect to Domain Controller.
  3. Select the domain controller that will be the new role holder, the target, and press OK.
  4. Right-click the Active Directory Users and Computers icon again and press Operation Masters.
  5. Select the appropriate tab for the role you wish to transfer and press the Change button.
  6. Press OK to confirm the change.
  7. Press OK all the way out.

Transferring the Domain Naming Master via GUI

To Transfer the Domain Naming Master Role:

  1. Open the Active Directory Domains and Trusts snap-in from the Administrative Tools folder.
  2. If you are NOT logged onto the target domain controller, in the snap-in, right-click the icon next to Active Directory Domains and Trusts and press Connect to Domain Controller.
  3. Select the domain controller that will be the new role holder and press OK.
  4. Right-click the Active Directory Domains and Trusts icon again and press Operation Masters.
  5. Press the Change button.
  6. Press OK to confirm the change.
  7. Press OK all the way out.

Transferring the Schema Master via GUI

To Transfer the Schema Master Role:

  1. Register the Schmmgmt.dll library by pressing Start > RUN and typing:
regsvr32 schmmgmt.dll
  1. Press OK. You should receive a success confirmation.
  2. From the Run command open an MMC Console by typing MMC.
  3. On the Console menu, press Add/Remove Snap-in.
  4. Press Add. Select Active Directory Schema.
  5. Press Add and press Close. Press OK.
  6. If you are NOT logged onto the target domain controller, in the snap-in, right-click the Active Directory Schema icon in the Console Root and press Change Domain Controller.
  7. Press Specify …. and type the name of the new role holder. Press OK.
  8. Right-click right-click the Active Directory Schema icon again and press Operation Masters.
  9. Press the Change button.
  10. Press OK all the way out.

Transferring the FSMO Roles via Ntdsutil

To transfer the FSMO roles from the Ntdsutil command:

Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality.

  1. On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then click OK.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\WINDOWS>ntdsutil
ntdsutil:
  1. Type roles, and then press ENTER.
ntdsutil: roles
fsmo maintenance:

Note: To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.

  1. Type connections, and then press ENTER.
fsmo maintenance: connections
server connections:
  1. Type connect to server <servername>, where <servername> is the name of the server you want to use, and then press ENTER.
server connections: connect to server server100
Binding to server100 ...
Connected to server100 using credentials of locally logged on user.
server connections:
  1. At the server connections: prompt, type q, and then press ENTER again.
server connections: q
fsmo maintenance:
  1. Type transfer <role>. where <role> is the role you want to transfer.

For example, to transfer the RID Master role, you would type transfer rid master:

Options are:

Transfer domain naming master
Transfer infrastructure master
Transfer PDC
Transfer RID master
Transfer schema master
  1. You will receive a warning window asking if you want to perform the transfer. Click on Yes.
  2. After you transfer the roles, type q and press ENTER until you quit Ntdsutil.exe.
  3. Restart the server and make sure you update your backup.

Links

Windows 2000 Active Directory FSMO roles – 197132

Flexible Single Master Operation Transfer and Seizure Process – 223787

Using Ntdsutil.exe to seize or transfer FSMO roles to a domain controller – 255504

How To View and Transfer FSMO Roles in Windows Server 2003 – 324801

Share this article:   
 Delicious Twitter Reddit E-mail

Related Whitepapers and Reading

Posted in Uncategorized | Leave a comment

Determining FSMO Role Holders

Determining FSMO Role Holders

by Daniel Petri – January 8, 2009

How can I determine who are the current FSMO Roles holders in my domain/forest?

Windows 2008 Active Directory 70-640 Training!

Have you seen the Microsoft Active Directory 70-640 Training video by Train Signal? I highly recommend this course, as you will learn much more than you will from any book. It includes new iPod/MP3 versions of the course (when you are on the go) and Transcender practice tests to help you prepare for certification. The instructors, Ed and Coach, do an amazing job not only preparing you to get Microsoft Certified but also showing you what tasks you need to perform on real Windows 2008 Servers, in the real world!

-Daniel Petri, Petri IT Knowledge Base

Watch Free Demo Video Here

Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active Directory.

The five FSMO roles are:

  • Schema master – Forest-wide and one per forest.
  • Domain naming master – Forest-wide and one per forest.
  • RID master – Domain-specific and one for each domain.
  • PDC – PDC Emulator is domain-specific and one for each domain.
  • Infrastructure master – Domain-specific and one for each domain.

In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or actually, on the same DC) as has been configured by the Active Directory installation process. However, there are scenarios where an administrator would want to move one or more of the FSMO roles from the default holder DC to a different DC. The transferring method is described in the Transferring FSMO Roles article, while seizing the roles from a non-operational DC to a different DC is described in the Seizing FSMO Roles article.

In order to better understand your AD infrastructure and to know the added value that each DC might possess, an AD administrator must have the exact knowledge of which one of the existing DCs is holding a FSMO role, and what role it holds. With that knowledge in hand, the administrator can make better arrangements in case of a scheduled shut-down of any given DC, and better prepare him or herself in case of a non-scheduled cease of operation from one of the DCs.

How to find out which DC is holding which FSMO role? Well, one can accomplish this task by many means. This article will list a few of the available methods.

Method #1: Know the default settings

The FSMO roles were assigned to one or more DCs during the DCPROMO process. The following table summarizes the FSMO default locations:

FSMO Role Number of DCs holding this role Original DC holding the FSMO role
Schema One per forest The first DC in the first domain in the forest (i.e. the Forest Root Domain)
Domain Naming One per forest
RID One per domain The first DC in a domain (any domain, including the Forest Root Domain, any Tree Root Domain, or any Child Domain)
PDC Emulator One per domain
Infrastructure One per domain

Method #2: Use the GUI

The FSMO role holders can be easily found by use of some of the AD snap-ins. Use this table to see which tool can be used for what FSMO role:

FSMO Role Which snap-in should I use?
Schema Schema snap-in
Domain Naming AD Domains and Trusts snap-in
RID AD Users and Computers snap-in
PDC Emulator
Infrastructure

Finding the RID Master, PDC Emulator, and Infrastructure Masters via GUI

To find out who currently holds the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO Roles:

  1. Open the Active Directory Users and Computers snap-in from the Administrative Tools folder.
  2. Right-click the Active Directory Users and Computers icon again and press Operation Masters.

  1. Select the appropriate tab for the role you wish to view.

  1. When you’re done click Close.

Finding the Domain Naming Master via GUI

To find out who currently holds the Domain Naming Master Role:

  1. Open the Active Directory Domains and Trusts snap-in from the Administrative Tools folder.
  2. Right-click the Active Directory Domains and Trusts icon again and press Operation Masters.

  1. When you’re done click Close.

Finding the Schema Master via GUI

To find out who currently holds the Schema Master Role:

  1. Register the Schmmgmt.dll library by pressing Start > RUN and typing:
regsvr32 schmmgmt.dll
  1. Press OK. You should receive a success confirmation.
  2. From the Run command open an MMC Console by typing MMC.
  3. On the Console menu, press Add/Remove Snap-in.
  4. Press Add. Select Active Directory Schema.
  5. Press Add and press Close. Press OK.
  6. Click the Active Directory Schema icon. After it loads right-click it and press Operation Masters.

  1. Press the Close button.

Method #3: Use the Ntdsutil command

The FSMO role holders can be easily found by use of the Ntdsutil command.

Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality.

  1. On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then click OK.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\WINDOWS>ntdsutil
ntdsutil:
  1. Type roles, and then press ENTER.
ntdsutil: roles
fsmo maintenance:

Note: To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.

  1. Type connections, and then press ENTER.
fsmo maintenance: connections
server connections:
  1. Type connect to server <servername>, where <servername> is the name of the server you want to use, and then press ENTER.
server connections: connect to server server100
Binding to server100 ...
Connected to server100 using credentials of locally logged on user.
server connections:
  1. At the server connections: prompt, type q, and then press ENTER again.
server connections: q
fsmo maintenance:
  1. At the FSMO maintenance: prompt, type Select operation target, and then press ENTER again.
fsmo maintenance: Select operation target
select operation target:
  1. At the select operation target: prompt, type List roles for connected server, and then press ENTER again.
select operation target: List roles for connected server
Server "server100" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=C
onfiguration,DC=dpetri,DC=net
Domain - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=C
onfiguration,DC=dpetri,DC=net
PDC - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
iguration,DC=dpetri,DC=net
RID - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
iguration,DC=dpetri,DC=net
Infrastructure - CN=NTDS Settings,CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=dpetri,DC=net
select operation target:
  1. Type q 3 times to exit the Ntdsutil prompt.

Note: You can download THIS nice batch file that will do all this for you (1kb).

Another Note: Microsoft has a nice tool called Dumpfsmos.cmd, found in the Windows 2000 Resource Kit (and can be downloaded here: Download Free Windows 2000 Resource Kit Tools). This tool is basically a one-click Ntdsutil script that performs the same operation described above.

Method #4: Use the Netdom command

The FSMO role holders can be easily found by use of the Netdom command.

Netdom.exe is a part of the Windows 2000/XP/2003 Support Tools. You must either download it separately (from here Download Free Windows 2000 Resource Kit Tools) or by obtaining the correct Support Tools pack for your operating system. The Support Tools pack can be found in the \Support\Tools folder on your installation CD (or you can Download Windows 2000 SP4 Support ToolsDownload Windows XP SP1 Deploy Tools).

  1. On any domain controller, click Start, click Run, type CMD in the Open box, and then click OK.
  2. In the Command Prompt window, type netdom query /domain:<domain> fsmo (where <domain> is the name of YOUR domain).
C:\WINDOWS>netdom query /domain:dpetri fsmo
Schema owner server100.dpetri.net

Domain role owner server100.dpetri.net

PDC role server100.dpetri.net

RID pool manager server100.dpetri.net

Infrastructure owner server100.dpetri.net

The command completed successfully.

Close the CMD window.

Note: You can download THIS nice batch file that will do all this for you (1kb).

Method #5: Use the Replmon tool

The FSMO role holders can be easily found by use of the Netdom command.

Just like Netdom, Replmon.exe is a part of the Windows 2000/XP/2003 Support Tools. Replmon can be used for a wide verity of tasks, mostly with those that are related with AD replication. But Replmon can also provide valuable information about the AD, about any DC, and also about other objects and settings, such as GPOs and FSMO roles. Install the package before attempting to use the tool.

  1. On any domain controller, click Start, click Run, type REPLMON in the Open box, and then click OK.
  2. Right-click Monitored servers and select Add Monitored Server.

  1. In the Add Server to Monitor window, select the Search the Directory for the server to add. Make sure your AD domain name is listed in the drop-down list.

  1. In the site list select your site, expand it, and click to select the server you want to query. Click Finish.

  1. Right-click the server that is now listed in the left-pane, and select Properties.

  1. Click on the FSMO Roles tab and read the results.

  1. Click Ok when you’re done.

Links

Windows 2000 Active Directory FSMO roles – 197132

Flexible Single Master Operation Transfer and Seizure Process – 223787

Using Ntdsutil.exe to seize or transfer FSMO roles to a domain controller – 255504

How To View and Transfer FSMO Roles in Windows Server 2003 – 324801

Share this article:   
 Delicious Twitter Reddit E-mail

Related Whitepapers and Reading

Posted in Uncategorized | Leave a comment

Installing Office 2007 on Terminal Server

Installing Office 2007 on Terminal Server

by AARON PARKER on SUNDAY, MAY 6, 2007

in DEPLOYMENT

In This Series: Office 2007 Deployment
  1. Office 2007 Deployment via Group Policy
  2. Deploying Office 2007 with Group Policy Startup Scripts
  3. Installing Office 2007 on Terminal Server
  4. Set Default Formats for New Office Documents from Windows Explorer
  5. Disable Office User Interface Elements

When install Office 2007 on your Terminal Servers there are a few things you’ll need to be aware of. The first of which is that you will need an Enterprise or Volume License key, i.e. those keys that use Volume Activation 1.0 and do not require activation. There is also some configuration and installation options that I recommend you set before and after installation.

There are a number of options I recommend setting by using the Office Customisation Tool(SETUP.EXE /ADMIN). These first couple of options aren’t really Terminal Server specific and are worth setting for all Office deployments. You can enforce these via Group Policy, however if you configure them with a custom installation they will be the default settings:

  • Disable the Customer Experience Improvement Program from running when users start an Office application: Modify user settings – Microsoft Office 2007 system / Privacy / Trust Center / Enable Customer Experience Improvement Program
  • Disable Outlook from prompting users to archive their mailboxes: Modify user settings – Microsoft Office Outlook 2007 / Tools | Options.. / Other / AutoArchive / AutoArchive Settings

You’ll also want to take a look at the feature installation states – set each of these to either ON or OFF, don’t set any feature to Install on First Use. A subset of the options I disable when installing Office on a Terminal Server are:

  • Office Shared Features / Proofing Tools / French Proofing Tools / English – French Translation
  • Office Shared Features / Proofing Tools / Spanish Proofing Tools / Spanish – French Translation

The first two options should be disabled as a part of preventing CTFMON.EXE from running in each user session. You will also have to unregister MSCTF.DLL as a part of your installation of Office (REGSVR32 /S /U MSCTF.DLL)

One of the cool features of Office 2007 is one that users will appreciate and a tool that you will need to install after Office is installed Save As PDF or XPS. You can install this tool during a custom installation of Office using the Office Customisation Tool or via a script by runningSaveAsPDFandXPS.exe /QUIET.

Finally you will have to delete identifying information recorded to the Terminal Server shadow registry key by Setup during installation. Because you now need to use SETUP.EXE to install Office, the Terminal Server will force Install mode before installation can continue. While Install mode is technically not required to install Office on Terminal Server, you will see the user information of the account used to install Office replicated to all users who then run an Office application if you don’t delete this key:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Office

An install script for Office might look something like this:

@ECHO OFF
CHANGE USER /INSTALL
START /WAIT \\domain.local\dfs\applications\Office2007Enterprise\Setup.exe
CHANGE USER /EXECUTE
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Office" /f
REGSVR32 /U %SYSTEMROOT%\SYSTEM32\MSCTF.DLL /S

TechNet has more detail on Office 2007 on Terminal Server:

Posted in Uncategorized | Leave a comment

Getting Mailbox Statistics in Exchange 2007

Getting Mailbox Statistics in Exchange 2007

A look at the Get-MailboxStatistics Exchange Management Shell cmdlet and how to manipulate its output in various ways.

Obtaining a list of mailboxes together with their sizes must rank reasonably highly in the list of most asked questions by Exchange administrators. In Exchange 2000 and Exchange 2003 it was possible to see this information within the Exchange System Manager snap-in. It was also possible to export the information presented within Exchange System Manager into text format and subsequently import this information into applications such as Excel. Other members of the Exchange community published VBScripts that used Windows Management Instrumentation (WMI) or Messaging Application Programming Interface (MAPI) to do much the same thing. Of course, to some administrators, these scripts were sometimes difficult to understand or modify. As I’m sure you all know by now, Exchange 2007 offers the Exchange Management Shell to administer Exchange 2007 from the command line and one of the commands, or cmdlets as they are known, gives administrators a much simpler approach to the issue of obtaining mailbox statistics.

Get-MailboxStatistics Basics

The most basic Exchange Management Shell cmdlet to use is the Get-MailboxStatistics cmdlet on its own. Figure 1 shows a sample of the output of running this cmdlet with no additional parameters. This runs against the local mailbox server.


Figure 1:
Default Results of Get-MailboxStatistics

As you can see, by default this gives us 4 pieces of information for each mailbox on the local server, namely the display name of the mailbox, the number of items in the mailbox, the mailbox storage limit status and the last logon time. The actual size of the mailbox is not shown by default so the first task is to determine the name of the attribute that stores this value. One way to determine the available attributes that can be retrieved is to pipe the results of the cmdlet into the Format-List cmdlet, or fl for short. For example, our cmdlet now becomes:

Get-MailboxStatistics | fl

Figure 2 shows the results of doing this, where the attributes of User2’s mailbox are shown.


Figure 2:
Results of Get-MailboxStatistics | fl

Now you can see other important pieces of information, such as the TotalItemSize attribute that has a value of 1584504B, or approximately 1.5MB. Clearly User2 is not a big user of Exchange 2007. Now that we know the attribute that we are interested in is called TotalItemSize, we can modify our original cmdlet to extract this information along with the mailbox name and item count. The cmdlet to use is shown below. Note the fact that this time, we’ve used the Format-Table cmdlet, or ft for short, to produce the output in table format:

Get-MailboxStatistics | ft DisplayName,TotalItemSize,ItemCount

The result of this cmdlet is shown in Figure 3.


Figure 3:
Get-MailboxStatistics With Mailbox Sizes

Now we are getting somewhere, as this is a fairly concise output telling us pretty much what we need to know. However, there are a couple of drawbacks to this output. Firstly, the output is not in ascending or descending order, so it is difficult to see quickly which mailboxes are the biggest. Also, the TotalItemSize column is shown in bytes by default which also does not make for easy reading.

Additional Get-MailboxStatistics Formatting

Let’s address the order of the output first. Sorting objects using PowerShell is really easy via the, you guessed it, Sort-Object cmdlet. All you really need to do for this exercise is to get the mailbox statistics and then pipe the results into the Sort-Object cmdlet before piping these results into the Format-Table cmdlet. For the Sort-Object cmdlet, all we really need to decide is which column you want to sort on and the direction you want to sort in. The first parameter we need to add to Sort-Object is the column name to sort on, which in our case is TotalItemSize.  We then add either –Descending or –Ascending to give us the direction to sort in. Let’s show the largest mailboxes first, which is typically what administrators need to know. The cmdlet now becomes:

Get-MailboxStatistics | Sort-Object TotalItemSize –Descending | ft DisplayName,TotalItemSize,ItemCount

The result of this cmdlet is shown in Figure 4.


Figure 4:
Get-MailboxStatistics With Mailbox Sizes in Descending Size Order

Next we need to convert the mailbox sizes from bytes into something more useful. Megabytes is the obvious answer although with the ever increasing mailbox sizes it will not be long before gigabytes will be used as the default. However, since on my test system I have only got relatively small mailbox sizes, I am going to display the mailbox sizes in kilobytes.  To do this, we need to replace the TotalItemSize parameter in our cmdlet with something inherently more complicated:

@{ expression={$_.TotalItemSize.Value.ToKB()}}

So our cmdlet now looks like this:

Get-MailboxStatistics | Sort-Object TotalItemSize –Descending | ft DisplayName,@{ expression={$_.TotalItemSize.Value.ToKB()}},ItemCount

The result of this cmdlet is shown in Figure 5 below. If you want to display the mailbox sizes in MB, use TotalItemSize.Value.ToMB in the cmdlet above. Or you can use TotalItemSize.Value.ToGB of course.


Figure 5:
Get-MailboxStatistics With Mailbox Sizes in KB

That’s looking much better. But wait! Look at the column names now. We can see that the column that was previously called TotalItemSize is now referenced in the rather cumbersome form of $_.TotalItemSize.Value.ToKB(). We can address that very easily by adding a new label to the cmdlet. In fact, all you need to do is to add a change to the cmdlet to re-label the column appropriately. The new cmdlet is shown below:

Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | ft DisplayName,@{label="TotalItemSize(KB)";expression={$_.TotalItemSize.Value.ToKB()}},ItemCount

The result of this is shown in Figure 6:


Figure 6:
Get-MailboxStatistics With Labeled Column Names

At last we have a useful output that is nicely formatted and one that we can use to identify the largest mailboxes. What you don’t want to be doing is running this script manually every day, week or month. Obviously applications such as System Center Operations Manager (SCOM) 2007 bring this information back to you via the management console, so how can we do a similar thing with the Exchange Management Shell? The most obvious method is to send the information via email so let’s look at how this can be done.

Emailing The Results

Figure 7 below shows a PowerShell script called sendstats.ps1 that can be used to first generate the mailbox statistics via the cmdlet that has been built up in this article, then mail the results of this cmdlet to the administrator. The first thing to note with the script is that the results of the Get-MailboxStatistics cmdlet have been directed to a file called mailboxes.txt. This file is created in the folder where the script is run. The other lines of the script create and send the email, adding the mailboxes.txt file as an attachment. One important thing to note is that the line starting $SendingServer references the FQDN of the mail server responsible for sending the message. Obviously it will be a requirement to ensure that this server can actually relay the message.

###Send mailbox statistics script

###First, the administrator must change the mail message values in this section
$FromAddress = MailboxReport@neilhobson.com
$ToAddress = administrator@neilhobson.com
$MessageSubject = "Mailbox Size Report"
$MessageBody = "Attached is the current list of mailbox sizes."
$SendingServer = "e2k7.neilhobson.com"

###Now get the stats and store in a text file
Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | ft
DisplayName,@{label="TotalItemSize(KB)";expression={$_.TotalItemSize.Value.ToKB()}},
ItemCount > mailboxes.txt

###Create the mail message and add the statistics text file as an attachment
$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress,
$MessageSubject, $MessageBody
$Attachment = New-Object Net.Mail.Attachment("./mailboxes.txt")
$SMTPMessage.Attachments.Add($Attachment)

###Send the message
$SMTPClient = New-Object System.Net.Mail.SMTPClient $SendingServer
$SMTPClient.Send($SMTPMessage)
Figure 7:
SendStats.PS1 Script

Once executed, the script should send the email as you can see below in Figure 8. Opening the attachment reveals the output of the Get-MailboxStatistics script as shown in Figure 9.


Figure 8:
Emailed Report


Figure 9:
Attachment Contents

Although that gets us an email message with the relevant data contained within it, there is nothing contained within the script regarding it being run on a regular schedule. To do that, we can take advantage of the Windows scheduler service and execute the script on a regular basis. To do this, we need to run the Exchange Management Shell and also specify the script to run. This can be achieved by the following command:

PowerShell.exe -PSConsoleFile "C:\Program Files\Microsoft\Exchange Server\Bin\ExShell.psc1" -Command "./sendstats.ps1"

Here you can see that PowerShell is run and loads the Exchange console file, found on the C: drive in this example.  Obviously you may need to change this depending on which drive Exchange 2007 has been installed onto. The –Command parameter is used to identify the script that we want to run, namely sendstats.ps1.

Summary

In this article we’ve looked at a very common issue faced by an Exchange administrator, namely the ability to produce a list of mailboxes and their sizes. Although tools such as SCOM 2007 can do this for you, it can be seen that it’s simple to achieve these results using the Exchange Management Shell cmdlet Get-MailboxStatistics. PowerShell can initially be a steep learning curve, but it’s something well worth getting to grips with.

About Neil Hobson

Neil is a Principal Consultant with Silversands (http://www.silversands.co.uk), a UK-based Microsoft Gold Partner and is responsible for solution design, implementation and support for major clients across Europe. He has been in the IT industry since 1987 and has specialized in messaging since 1995, having worked with Exchange since v4.0 days. He is also an Exchange MVP and spends some of his spare time helping others in various Exchange mailing lists, the public Exchange newsgroups and also contributes to the MSExchange Blog over at http://www.msexchangeblog.com

You can contact Neil at neil.hobson @ silversands.co.uk. However, please direct all general support questions to the MSExchange.org forums.

Click here for Neil Hobson’s section.

Share this article

Posted in Uncategorized | Leave a comment

Disconnected Mailboxes in Exchange 2007

Disconnected Mailboxes in Exchange 2007 PowerShell

Hi,

Having had an error using the GUI to view disconnected mailboxes in Exchange 2007 and decided to look into using the command line.

To display mailboxes that are disconnected use the following command.

Get-MailboxStatistics -Server <server> | where { $_.DisconnectDate -ne $null } | select DisplayName,DisconnectDate

Replace <server> with the name of your mailbox server.

This gives a list of the disconnected mailboxes.

To reconnect you use the command below

Connect-mailbox –database <mailbox database name> –Identity <disconnected mailbox name> –User <User to connect to>

 

by Nathan’s Exhange Blog

Posted in Uncategorized | Leave a comment

Free up a Blackberry License

Open the command prompt and type:

OSQL -E

1> Use Besmgmt

2> Delete from UserConfig where MailboxSMTPAddr =’abc@yourcompany.com’

3> go

You can quickly restart the dispatcher service, this should resolve your
problem.

Posted in Uncategorized | Leave a comment

Assigning permissions for a BlackBerry Enterprise Server service account

Assigning permissions for a BlackBerry Enterprise Server service account


Doc ID : KB02276
Last Modified : 04-16-2009
Document Type : Support

Print this page

Environment

  • BlackBerry® Enterprise Server for Microsoft® Exchange
  • Microsoft® SQL Server®

Overview

The following permissions can be assigned for the BlackBerry Enterprise Server service account:

  1. Local Administrator rights on the BlackBerry Enterprise Server
  2. Local Security Policy permissions for the BlackBerry Enterprise Server service account
  3. Microsoft Exchange permissions at the Administrative Group level
  4. Microsoft Exchange permissions at the Microsoft Exchange Server level
  5. Send As permission at the Domain level
  6. Database permissions for managing the BlackBerry Configuration Database

Note: The BlackBerry Enterprise Server service account should have the Domain User role, not the Domain Administrator role. See KB04557 for more information.


Task 1

To assign Local Administrator rights to the BlackBerry Enterprise Server service account, complete the following steps:

For a BlackBerry Enterprise Server on a Domain Controller

  1. Click Start > Programs > Administrative Tools > Active Directory Users and Computers.
  2. Select the Builtin folder.
  3. Double-click Administrators.
  4. On the Members tab, click Add.
  5. Select the BlackBerry Enterprise Server service account name (for example, BESAdmin), and then click Add.
  6. Click OK.
  7. Click OK.

For a BlackBerry Enterprise Server on a Member Server

  1. Click Start > Administrative Tools > Computer Management.
  2. In the left pane, expand System Tools and click Local Users and Groups.
  3. In the right pane, double-click Groups.
  4. Right-click Administrators and click Properties.
  5. In the Select Users, Contacts, Computers, or Groups window, select the BlackBerry Enterprise Server service account name.
  6. Click OK.


Task 2

To assign Local Security Policy permissions to the BlackBerry Enterprise Server service account, complete the following steps:

Note: This procedure allows the BlackBerry Enterprise Server service account to access the local computer and to run the BlackBerry Enterprise Server software as a Windows® service.

  1. Click Start > Administrative Tools > Local Security Policy.

    If the computer is a domain controller, click Start > Administrative Tools > Domain Controller Security Policy.

  2. In the Local Securities window, click Local Policies > User Rights Assignment.
  3. Perform one of the following steps:
    • For Windows Server® 2000, double-click Log on Locally.
    • For Windows Server 2003, double-click Allow Log on Locally.
  4. Click Add User or Group.
  5. Select the BlackBerry Enterprise Server service account name, and then click Add.
  6. Click OK.
  7. In the Local Security Settings window, double-click Log On As a Service.
  8. Click Add User and then select the BlackBerry Enterprise Server service account.
  9. Click OK.

Task 3

To assign Microsoft Exchange Server permissions at the Administrative Group level, complete the following steps for your environment:

Note: This procedure allows a system administrator to manage BlackBerry smartphone users and groups.

For Microsoft Exchange 2000 or 2003

  1. Click Start > Programs > Microsoft Exchange > System Manager.
  2. Select Administrative Groups.
  3. Right-click First Administrative Group and select Delegate Control.
  4. In the Exchange Administration Delegation Wizard, click Next, and then click Add.
  5. Click Browse and then select the BlackBerry Enterprise Server service account.
  6. Click OK.
  7. In the Role drop-down list in the Delegate Control window, select Exchange View Only Administrator.
  8. Click OK to add the BlackBerry Enterprise Server service account to the Users and Groups list.
  9. Click Next, and then click Finish.

For Microsoft Exchange 2007

To set an Exchange View Only Administrator role:

  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following and then press ENTER:

add-exchangeadministrator <BESAdmin> -role ViewOnlyAdmin

where < BESAdmin> is the name of the BlackBerry Enterprise Server service account.

To check an Exchange View Only Administrator role:

  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following and then press Enter:

    get-exchangeadministrator | Format-List

  3. Verify that the BlackBerry Enterprise Server service account has the ViewOnlyAdmin role.

Task 4

To assign Microsoft Exchange Server permissions at the Microsoft Exchange Server level, complete the following steps:

For Microsoft Exchange 2000 or 2003

  1. Click Start > Programs > Microsoft Exchange > System Manager.
  2. Select Administrative Groups > First Administrative Group > Servers.
  3. Right-click the Microsoft Exchange Server name and then click Properties.
  4. On the Security tab, select the BlackBerry Enterprise Server service account.
  5. Select the following permissions from the Permissions list:
    • Administer Information Store
    • Send As
    • Receive As
  6. Click the Advanced button.
  7. Verify that the Select the Allow inheritable permissions from parent to propagate to this object and all child objects option is selected.
  8. Click OK.
  9. Repeat the preceding steps for each Microsoft Exchange Server that will host mailboxes within the routing group.

For Microsoft Exchange 2007

To set Send As, Receive As, and Administer Information Store permissions, complete the following steps:

  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. Type the following line, and then press Enter:

get-mailboxserver <Exchange2007> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Where < Exchange2007> is the name of the Microsoft Exchange 2007 Server and < BESAdmin> is the name of the BlackBerry Enterprise Server service account.

If inheritiance to the individual mail stores is not enabled, to set the Send As, Receive As, and Administer information store permissions at the store level, complete the following steps from the Exchanage management shell:

get-mailboxdatabase <Exchange2007>\<dbname> | add-adpermission -user <BESAdmin> -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Where <dbname> = ‘First storage group\Mail box database’

To verify the Send As, Receive As, and Administer Information Store permissions, complete the following steps:

  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following line and press Enter.

get-mailboxserver <Exchange2007> | get-ADpermission -user <BESAdmin> | Format-List

To verify the Send As, Receive As, and Administer Information Store permissions at the mailbox store level, complete the following steps:

  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
  2. In the command prompt window, type the following and press Enter.

get-mailboxdatabase <Exchange2007>\<dbname> | get-ADpermission -user <BESAdmin> | Format-List

For Microsoft Exchange 5.5

The BlackBerry Enterprise Server service account requires the Service Account Admin permissions on the Site container and Configuration container.


Task 5

To grant the Send As permission on a single account for all BlackBerry smartphone users in a Microsoft® Active Directory® domain or container, complete the following steps:

  1. Open Active Directory Users and Computers.
  2. From the View menu, select the Advanced Features option.

    Note: If Advanced Features is not selected, the Security tab will not be visible for domain and container objects.

  3. Right-click the appropriate domain or container and then click Properties.
  4. On the Security tab, click Advanced.
  5. If the BlackBerry Enterprise Server service account that requires the Send As permission is not listed, click Add and then select the BlackBerry Enterprise Server service account name.
  6. Click OK.
  7. Double-click the BlackBerry Enterprise Server service account name.
  8. Select User Objects in the Applies Onto list.
  9. Select the Send As check box.
  10. Click Apply and then click OK.
  11. Close the Properties window and then close Active Directory Users and Computers.

Note: For more information about the Send As permission, see article 912918 in the Microsoft Support Knowledge Base.


Task 6

For additional information on assigning the required permissions for the BlackBerry Configuration Database, see KB03112.

For additional information on the permissions that are required to manage the BlackBerry Configuration Database, see KB03633.


Additional Information

Microsoft Exchange 2007 is supported in BlackBerry Enterprise Server software version 4.1 Service Pack 3 (4.1.3) and later.

If the server is a Microsoft SQL Server, assign the Server roles by completing the following steps:

Note: The following is not applicable to Microsoft SQL Server Desktop Engine (MSDE).

  1. In the SQL Enterprise Manager, go to Microsoft SQL Servers/SQL Server Group/<SQL_server_name>.
  2. Expand the Microsoft SQL Server and expand security.
  3. Right-click Logins.
  4. Click New Login.
  5. On the General tab, click the button next to the Name field.
  6. Select the new BlackBerry Enterprise Server service account name from the Names list.
  7. Click Add.
  8. Click OK.
  9. From the Server Roles tab, select Server Administrators and Database Creators from the Server Role list.

    Note: If you are running BlackBerry Enterprise Server software version 4.1 or later, add the System Administrators role to add BlackBerry smartphone users in a role-based administration environment. For instructions, see the BlackBerry Enterprise Server for Microsoft Exchange: System Administration Guide.

  10. On the Database Access tab, select the check box for the BlackBerry Configuration Database.
  11. In the Database Roles for <BlackBerry_Configuration_Database_name> list, select the db_owner check box.

For information on switching service accounts for BlackBerry Enterprise Server software versions 4.0 and 4.1, see KB04293.


Products

  • BlackBerry Enterprise Server for Microsoft Exchange

Posted in Uncategorized | Leave a comment

Windows 7 – Ultimate SSD Speed Tweaks

Windows 7 – Ultimate SSD Speed Tweaks – 01-13-2009, 06:50 PM

Increase System Speed
Disable indexing
Description: Indexing creates and maintains a database of file attributes. This can lead to multiple small writes when creating/deleting/modifying files. Searching for files will still work.
Instructions: Start Menu -> Right-Click Computer -> Manage -> Services and Applications -> Services – > Right-Click Windows Search -> Startup type: Disabled -> OK
Disable defragmentation
Description: Defragmenting a hard disk’s used space is only useful on mechanical disks with multi-millisecond latencies. Free-space defragmentation may be useful to SSDs, but this feature is not available in the default Windows Defragmenter.
Instructions: Start Menu -> Right-Click Computer -> Manage -> Services and Applications -> Services – > Right-Click Disk Defragmenter -> Startup type: Disabled -> OK
Disable Write Caching
Description: There is no cache on the SSD, so there are no benefits to write caching. There are conflicting reports on whether this gains speed or not.
Instructions: Start Menu -> Right-Click Computer -> Manage -> Device Manager -> Disk drives -> Right-Click STEC PATA -> Properties -> Policies Tab -> Uncheck Enable write caching -> OK
Configure Superfetch
Description: Frees up RAM by not preloading program files.
Instructions: On second glance, I would recommend leaving this one alone. However, there are some customizations that you can follow in the post below.
Firefox – Use memory cache instead of disk cache
Description: If you use Firefox, there’s a way to write cached files to RAM instead of the hard disk. This is not only faster, but will significantly reduce writes to the SSD while using the browser.
Instructions: Open Firefox -> Type about:config into the address bar -> Enter -> double-click browser.cache.disk.enable to set the value to False -> Right-Click anywhere -> New -> Integer -> Preference Name "disk.cache.memory.capacity" -> value memory size in KB. Enter 32768 for 32MB, 65536 for 64MB, 131072 for 128MB, etc. -> restart Firefox
Free up extra drive space
Disable the Page File
Description: Eliminate writing memory to the SSD, free over 2GB of disk space. Warning – If you run out of memory the program you’re using will crash.
Instructions: Start Menu -> Right-Click Computer -> Properties -> Advanced System Settings -> Settings (Performance) -> Advanced Tab -> Change -> Uncheck Automatically manage -> No paging file -> Set -> OK -> Restart your computer
Alternatively, if you want to play it safer, you can set a custom size of 200MB min and max.
Disable System Restore
Description: Don’t write backup copies of files when installing new programs or making system changes. Can free up between a few hundred MB to a couple GB. Warning – Although unlikely, if a driver installation corrupts your system, there won’t be an automatic way to recover.
Instructions: Start Menu -> Right-Click Computer -> Properties -> Advanced System Settings -> System Protection Tab -> Configure -> Turn off system protection -> Delete -> OK
Disable Hibernate
Description: You may free up 1GB of space on the SSD if you have 1GB of memory, 2GB of space if you have 2GB memory. You will lose the hibernation feature which allows the equivalent of quick boots and shutdowns.
Instructions: Start Menu -> Type cmd -> Right-Click the cmd Icon -> Run as Administrator -> Type powercfg -h off -> Type exit

From Dell forum.

Posted in Uncategorized | Leave a comment

you have to restart VMM service for changes to take effect.

An internal error has occurred trying to contact an agent on the <ServerName> server.
(Internal error code: 0x8099319E)
When I go to the registry, I see:
HLKM\sotware\microsoft\microsoft system center virtual machine manager server\settings
BITSTcpPort (443)
IndigoTcpPort (8100)
WSManTcpPort (80)
So first I added:
P2VBITSTcpPort (445)
And got this error:
There is already an SSL certificate associated with port 443 on machine <ServerName>.
***
Ensure that no application on machine <ServerName> listens for HTTP traffic on TCP port 443 during the conversion. Alternatively use registry key HKLM\Software\Microsoft\Microsoft System Center Virtual Machine Manager Server\Settings\P2VBITSTcpPort on the VMM server to change the P2V transfer port number and add the necessary firewall rule for TCP port 443 on machine <ServerName>.
***
ID: 13252
So I changed the port to:
P2VBITSTcpPort (30445)

Posted in Uncategorized | Leave a comment