I can’t really take the credit for this, I was at a client’s site a few weeks ago, and they were doing this. I thought ‘That’s cool, I’ll have a play with that when I get the chance”.
Essentially, you update the description of the Computer object(s) in AD so that they list;
The last user who logged on.
What time they logged on.
What AD ‘Site’ the machine is in.
Model of the PC/Laptop.
Serial Number of the machine.
Operating System.
32 or 64 bit.
I tested it in VMware so my machine type and serial number are a little misleading but this is what it looks like.
Now I can think of loads of situations when that information would be very helpful?
Solution : Last User
So how do you do it? Well to make a change to a computer’s ‘Description’ filed in AD, requires some rights, locate the OU (or OUs) that contain your computers/servers and open the advanced properties on their security tab.
You can either ‘Add’ (as shown), or select the existing ‘Authenticated Users’ object from the list.
Change the ‘Applies to’ section to ‘Descendant Computer Objects’.
Scroll down and tick, ‘Write Description’
Isn’t that dangerous? Well not really, it gives users the right to change a computer objects description field, they would need to have the technical ability to do so. And if they did it would get overwritten the next time a user logged onto that machine anyway.
Download the ComputerDescriptionLogonStamp.zip file, and extract the two files you find inside it, into your domain netlogon share (\\{your-domain-name}\netlogon). Edit the domain name in the ComputerDescriptionLogonStamp.bat file so it matches YOUR domain name not mine!
Now create a new Group Policy Object, linked to your USERS.
Edit the policy, and navigate to;
[box]User Configuration > Windows Settings > Scripts > Logon[/box]
Add in the UNC path to the ComputerDescriptionLogonStamp.bat file (Note: Make sure you use a UNC path, to your Netlogon folder, and you do NOT browse locally to the file, if the path looks like; C:\windows\sysvol\pnl.con\sysvol\ComputerDescriptionLogonStamp.batIT WON’T WORK.)
Close the Group policy editor, then either wait, or force a group policy update.
Before you can add a Windows Server 2008 Domain Controller to a Windows Server 2003 Domain you need to carry out some preparation, this can be done during working hours, as the process only has a slight performance hit no one will notice there is work going on.
Solution
Before you start, have a good look round your existing domain controllers, get the latest service packs and updates installed. Have a good look through the event logs on the domain controllers, and make sure you domain is happy and replicating, before introducing 2008.
1. First locate the server that holds the FSMO role “schema master”
Locate your FSMO Servers
netdom query /domain:YOURDOMAINNAME fsmo
Note: this is a test network, so all my roles are on the same server – yours will probably be spread out more efficiently.
Prepare the Forest for 2008
2. Go to the schema master server and put in the Server 2008 Install DVD (if it does not have a DVD drive then share then copy the contents of the “support” folder to the schema master).
3. Change to the directory that contains adprep, and issue an “adprep /forestprep” command. (or adrep32 /forestprep on an x32 bit server see below).
4. Read the warning! Make sure your domain controllers comply. Press C {enter} to continue.
Adprep32/ forestprep
5. It will run for a few minutes (Coffee!). When it’s finished it should say that it was successful.
Prepare the Domain for 2008
1. You need to locate the FSMO server that’s holding your Infrastructure Master Role. CLICK HERE.
2. Go to the Infrastructure master server and put in the Server 2008 Install DVD (if it does not have a DVD drive then share then copy the contents of the “support” folder to the schema master).
3. Change to the directory that contains adprep, and issue an “adprep /domainprep” command. (or adrep32 /domainprep on an x32 bit server see below).
Adprep32 /domainprep
Note: This will fail if the domain is not in “Native Mode”
Note: You may also want to run “adprep /domainprep /gpprep” when the above had completed successfully.
Prepare the environment for a 2008 RODC (Read Only Domain Controller)
1. Only really a problem if you want to deploy an RODC. You need to locate the FSMO server that’s holding your Infrastructure Master Role. CLICK HERE.
2. Go to the Infrastructure Master server and put in the Server 2008 Install DVD (if it does not have a DVD drive then share then copy the contents of the “support” folder to the schema master).
3. Change to the directory that contains adprep, and issue an “adprep /rodc” command. (or adrep32 /domainprep on an x32 bit server).
If you DONT Prepare for Server 2008 you will see the following errors
Seen when adding a 2008 domain controller to a domain with an earlier schema/domain version.
Error 1: To install a domain controller into this Active Directory forest you must first prepare the forest using “adprep /forestprep”. The Adprep utility is available on the Windows Server 2008 R2 installation media in the supportadprep folder.
Error 2: To install a domain controller into this Active Directory domain, you must first prepare the domain using “adprep /domainprep”. The Adprep utility is available on the Windows Server 2008 R2 installation media in the supportadprep folder.
Error 3: You will not be able to install a read-only domain controller in this domain because the “adprep /rodcprep” was not yet run.
Install the New Windows Server 2008 Domain Controller
I’m assuming you have a new server built with Windows Server 2008 / 2008 R2 installed on it, and that you have applied all the necessary service packs and updates to it. It should also be joined to the domain (as a member server) and preferably have a static IP address.
1. Whilst logged on with administrative access > Start > In the Search/Run > type dcpromo {enter}
2. Next.
3. Read the warnings > Next.
4. We are adding a new DC in an existing domain > Next.
5. Confirm the domain name is correct > Next.
6. Check again > Next.
7. If your domain has multiple sites > Then select the site that this DC will be deployed into > Next.
8. The first 2008 Domain controller, should be a global catalog server, and the promotion will install and configure DNS as well > Next.
9. If you have a flat single domain with AD integrated DNS zones this is OK > Simply click Yes > Next.
10. Accept the defaults, (unless you want to host these in a different location) > Next.
11. Enter a recovery mode password. NEVER FORGET, or lose this password, you will need it, if you ever need to restore active directory by booting to directory restore mode.
12. Review the settings > Next.
13. Active directory will install, you can tick the box to reboot when finished if that,s OK (It will need a reboot anyway).
14. When completed simply click finish.
15. If you did not select reboot above then you will be asked to do so now.
Related Articles, References, Credits, or External Links
While attempting to move a mailbox between sites last week I got this;
Error details: Couldn't switch the mailbox into Sync Source mode.
This could be because of one of the following reasons:
Another administrator is currently moving the mailbox.
The mailbox is locked.
The Microsoft Exchange Mailbox Replication service (MRS) doesn't have the correct
permissions. Network errors are preventing MRS from cleanly closing its session
with the Mailbox server. If this is the case, MRS may continue to encounter this
error for up to 2 hours - this duration is controlled by the TCP KeepAlive settings
on the Mailbox server. Wait for the mailbox to be released before attempting to move
this mailbox again.
Solution
I knew no one else was attempting to move it, and I had full exchange permissions.
In my case the two sites with Exchange were joined together with a site to site VPN, the error message was giving me a hint (though a cryptic one) with the ‘Network errors are preventing MRS‘ comment. What I needed to do was increase the ‘Keep Alive’ time for it to complete.
Note: I increased the keep alive time to 1 hour, most posts I’ve seen recommend 5 minutes, it’s up to you, I was running my mailbox moves overnight and I didn’t want to walk back into carnage. Just REMEMBER to DELETE the registry entry when the mailbox moves are compete!
1. Before you can attempt to move the mailbox again you need to remove the move request, either graphically (Exchange 2007/2010) from the Exchange Management console > Recipient Configuration > Move Request > Locate and delete the move request, or from PowerShell;
[box]
Remove-MoveRequest {Username}
[/box]
2. On the source mailbox server, Start > Run > Regedit > Navigate to the following registry key;
If you are like me and struggle to remember settings, passwords etc. Then being able to back up all your website settings in Dreamweaver so you can restore them back again, (after a rebuild on a new PC) can save you some heartache.
Solution
1. On the SOURCE machine, Launch Dreamweaver > Site > Manage Sites > Select the site in question > Select the ‘Export Site’ Icon.
2. Choose whether to export the site login details and passwords > OK.
3. Select where you want to save the settings.
4. From the Same Menu on the TARGET Machine > Import Site.
5. Browse to the .ste file you saved earlier > Open.
Related Articles, References, Credits, or External Links