When you setup a corporate Exchange mail system users can access their mailbox on most mobile devices (iPhone, Android, Windows Phone…) through the ActiveSync protocol. For blackberry owners to access your mail system, you need to setup a BES infrastructure.
Read more »
In this post we will discuss some issues we had when using Microsoft Management Consoles to manage DNS (dnsmgmt.msc), Group Policy Objects (rsop.msc, gpmc.msc) and AD accounts (dsa.msc). No, we don’t use just powershell or command line tools to manage a Microsoft infrastructure: We click a lot 
Read more »
In this post we will describe how to make a WSUS clients inventory, we will search for the computers in your domain which are not able to receive MS security updates because they are not supported any more or because there is a misconfinguration on the WSUS client. Below is a tab listing supported OS and Service Packs versions:
Repadmin monitors the replication in your Active Directory Forest, you can read this AskDs post about this tool. The command line “repadmin /replsum” helps you retrieve the global forest replication status. The data retrieved for a given Domain Controller is:
The purpose of the powershell script is to analyse DC’s inbound replication thanks to the command line “repadmin /replsum /bydest”. If there are RODCs in your domain they do not show up if you use the /bysrc switch. You can read this post if you need to know more about running the repadmin /replsum command in a domain with RODCs.
If for a given DC the “largest delta” exceeds a given threshold (in minutes), or there are replication failures, we will read on the RootDSE object the msDS-ReplAllInboundNeighbors attribute. With that information we will retrieve which replication partners and “Naming Contexts” that are having trouble to replicate. You can retrieve the same type of information with the “replsum /showrepl %dc_name% /csv” command line, but the data stored in the msDS-ReplAllInboundNeighbors attribute is in XML format, which easy and convenient to manipulate with Powershell.
In this article we will describe how to search for a GPO matching several settings with Powershell. In this post and this one Lindsay Harris describes how to achieve this by exporting GPO reports in XML format and parsing the output. The principal advantage of her method is that you can input very precise search critera, but the disadvantage is that the script time processing can be very long because you need to export XML reports for every GPO in your domain. The method I will describe is more efficient in terms of script time processing but your search critera will be limited.
You can track GPO links changes by analyzing the security eventlog, GPO links will give you information on which objects your GPO is applied to. We will monitor GPLink attribute changes.
In order to analyze in real time the security log of all your DCs you need to pay for a Syslog solution, like Snare or Kiwi. Or you can try to setup an eventlog forwarding solution if you are under Windows 2008, you can also try to run a script that catches security log events, but you might encounter some performance issues.
Read more »
We will explain in this post how to monitor GPO changes by tracking modifications on the GPT. Only deletion, computer/user configuration modification and creation can be overlooked. About GPO monitoring you can read this article,which shows you how to activate auditing on your Sysvol share \\domainname\sysvol\domainfqdn\Policies and retrieve GPO changes via the eventlog. We will use another method, taking advantage of the replication of this folder.
Read more »
We will describe in this post how to indentify an application that causes a CPU time overconsumption on your Domain Controllers. We will use two tools for this: Server Performance Advisor and Wireshark. The first is used if you have a Windows 2003 DC, if OS is Windows 2008 the tool is already included, you access it with MMC snap-in perfmon.msc, its new name is Windows Reliability and Performance Monitor. Both versions have performance counters dedicated to Active Directory, in this post we will use SPA, because the DC having trouble is running Windows 2003. If you want more details on using Windows RPM for AD you can read this article.
Read more »
Here is an application for your helpdesk that collects data about the user environment which can be useful for troubleshooting, It was developed using WMI code creator was really useful for coding this application.
Just click on the icon bellow to download the tool, if you notice any bugs and have any ideas for tool evolution, please do not hesitate to contact me.
Loading ...