• Windows Server,  Windows XP

    Windows 7 Alpha

    Windows 7 is slated for a 2010 release, although we could see it as late as 2009.  Much like the reports coming out on Snow Leopard, Windows 7 is slated not to come with a variety of new features but rather on buttoning up the existing features and in some cases Microsoft will be reducing the number of features in the OS.  Well, maybe not removing features, but rather moving them into Windows Live and making them as easily accessible as possible using the newly revamped Windows Live toolbar.  Applications moved to the Windows Live-style a la carte menu: Windows Live Family Safety (replaces the former parental controls options) Windows…

  • Active Directory,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  Windows Server

    Mac OS X: Directory Services Debug Log

    When you’re trying to troubleshoot issues with Directory Services on Mac OS X sometimes the best thing you can do is put the directoryservices daemon into debug mode. To do so you would use the following command: killall -USR1 Directory Service By default errors get trapped into this file: /Library/Logs/DirectoryService/DirectoryService.error.log But when in debug mode using -USR1 you can see more specific errors in the /Library/Logs/DirectoryService/DirectoryService.error.log file.  You can then use commands such as tail in conjunction with grep in order to isolate issues to specific strings such as ADPlugin. If you choose to use -USR2 for debugging then the logs will get written into the /var/log/system.log file. To disable verbose…

  • Windows Server,  Windows XP

    Windows Server 2008: Expanding a Volume

    You may find that a disk in Windows Server simply isn’t big enough for your greedy applications.  But never fear, the good folks at Microsoft have given us the ability to expand that volume on the fly, as needed by adding other pools of storage or single disks to it.  However, it’s important to keep in mind that if you have a highly available volume (let’s just say a RAID6) and you add a single disk to it then you have just effectively lost the high availability for the data stored on the extended portion of the volume.  So make sure that the new storage you are adding matches up…

  • Active Directory,  Mass Deployment,  Windows Server

    Windows Server 2008: Install RIS and WDS

    In Windows Server 2008 you can use the Server Manager application to enable RIS (part of Windows Deployment Services, WDS).  To do so, open Server Manager and click on Roles in the left column.  Then click on Next and read the Introduction to WDS items.  It’s worth noting that you can setup your server as a Transport Server in WDS, which is a bit like Multicast clustering (eg – multicast ASR imaging for the Mac).  It’s also worth noting that a Deployment Server will use parts of the Transport Server to do its job so you’ll need to install both.  Once you’re satisfied with your selection, click Next and then…

  • Active Directory,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  Windows Server

    Mac OS X: Force LDAP Signing using dsconfigad

    dsconfigad did not support signing of LDAP packets in 10.4.x.  However, this was an upgrade that was introduced in the 10.5 version of the AD Plug-in.  Provided that your Active Directory environment uses LDAP signing, a standard policy with DCs, you can mirror your settings on the DC in dsconfigad by using the -packetsigning option followed by either an allow, disable or require variable.  To force LDAP signing, just run the following command: dsconfigad -packetsigning required To then disable signing if your environment doesn’t support it use the following command: dsconfigad -packetsigning disable The default variable is allow, which will use LDAP signing when possible.

  • Active Directory,  Windows Server

    Windows Server 2008: AD Schema

    Importing ldf files is one way to extend an Active Directory Schema.  In 2003 you could use ldifde to import ldif or ldf files.  In 2008 you’ll be happy to know the syntax hasn’t changed. To import directory objects use the following command ldifde–i-ffilename-sservername:port-m-ausername domain password To export directory objects use the following command ldifde-e-ffilename-sservername:port-m-ausername domain password

  • Mac OS X Server,  Microsoft Exchange Server,  Windows Server

    The Danger of RBLs

    So ordb.org has been dead for awhile.  If you had an inactive server that was using ordb.org as your Realtime Black-List server on that box and you bring it back up then you won’t accept email from anyone any more.  Reason being is that every time your server goes to receive an email and does a lookup on an RBL if it cannot reach the RBL then it will receive no email.  Furthermore if your server cannot communicate with the RBL server then you will reject mail.  So while RBLs will save you from massive amounts of spam they can actually be used to attack your server.  For example, the…

  • Windows Server

    Windows Server: Pick What Goes into AD Next

    What you would like to see in the next version of Active Directory Users and Computers? This is a great opportunity for you to provide feedback and help ensure that the features you want make it into ADUC’s next version. If you are interested, or know someone who might be interested in participating, and can make it to Microsoft’s main campus in Redmond, Washington for a two-hour study session, e-mail us at itusable@microsoft.com with ADUC in the subject line.

  • Windows Server

    Windows Server: Who Deleted My Frickin' OU?!?!

    Well, we knew it was possible, but we didn’t know anyone would actually do it.  Based on the title here, you probably already know that someone deleted a whole OU.  Given that about 6-7 people could have done it and none were owning up of course you’re gonna’ get forced to figure out who it was.  Well, let’s get started then.   First, restore the OU.  To do this we’re gonna’ use the ldp.exe utility from the Windows Server 2003 Support Tools.  THen we’re going to open it up and click on the Connection menu and connect to your DC (and authenticate as a Domain Admin or above of course).…

  • Windows Server

    Windows Server 2008 Datacenter Edition: Cluster Problems

    MSDTC failing over repeatedly.  Not good.  Look in error logs and find this lovely ditty: The cluster resource could not be brought online by the resource monitor. Turns out someone added the resource without assigning a name to a dependent disk.  What to do?  Open diskmgmt.msc -> right-click unnamed volume -> Assign the follwing Drive Letter -> OK Restart and you should be OK…