Squiggle dot org

Prerequisites for this upgrade/migration are that the SBS 2003 server must be at SP2, with Exchange 2003 also at SP2. In addition to this both your domain functional level AND forest functional level must be running at 2003 native (This is the highest available on SBS 2003 SP2). Finally, your Exchange organisation must be running in 2003 native mode.

The first steps involved are upgrading the Active Directory schemas, for this you’ll need to put the Windows 2008 R2 DVD into your 2003 SBS server, open a command prompt and run the following commands:

X:\support\adprep\adprep32.exe /forestprep
X:\support\adprep\adprep32.exe /domainprep
X:\support\adprep\adprep32.exe /domainprep /gpprep

Obviously replacing X with your DVD drive, or it could be a network share etc. In previous versions of Windows Server, you would have to use the correct media to match the architecture of your SBS 2003 server, as of Windows server 2008 R2, x86 is no longer supported, hence the adprep32.exe instead of adprep.exe!

At this point you can fire up the new (x64!) hardware that you’re going to use to run Exchange 2010. Install Windows 2008 R2 onto here, give it a static IP, a name, all the patches and updates it wants, service packs, also do a full IIS install from the server manager page, it’s probably also a good idea enabling remote desktop at this stage! We’ll need a small selection of remote server amdin tools for during the Exchange installation, so run the following command to install them:

ServerCmd -i RSAT-ADDS

We can now go ahead and join the new server onto the domain, once you’ve done this reboot as requested. When the system has come back up, put in the Exchnage 2010 DVD, and fire up a command prompt and run the following command:

X:\Setup.com /PrepareAd

These will prepare Active Directory and your Exchange organisation for the new Exchange server while still allowing for compatibility with Exchange 2003 SP2. If you get any errors here, it might be worth double checking the functional level of your exchange organisation, as mentioned in the prerequisites. Hopefully you haven’t encountered any errors, so can run the main Exchange 2010 setup from the DVD. Select the languages you want to install, and then proceed through the setup. You’ll need to select the current Exchange 2003 server in the mail flow configuration screen, so that mail can route between both Exchange servers during the migration.

The Exchange 2010 setup will then perform some readiness checks, if any of these fail, do what needs to be done, then click retry! Exchange 2010 should then install the relevant roles onto the system.
Once the Exchange setup has completed, it’s probably a good idea to install any updates. While they are installing, have a look on the SBS server, you should now see two administrative groups in the Exchange system manager.

Add a SMTP send connector as required on the 2010 server (Org config > Hub transport > Connector > SMTP), also allow inbound anonymous SMTP connections (Org config > Hub transport > Default > Permissions).

I’d also advise moving the location of the mailbox database and public store databases, as they are on the system drive by default, it’s a good idea to keep logs and databases on separate RAID volumes. You can move them under Org config > mailbox > databases.

I choose to move public folders first, as this can take a long time, so we keep user mailboxes where they are for now. To move the public folders, use the Exchange management on the 2003 server, right click the public folder store, and select move all replicas – take note of the message and what it says – it will take a long time, and it is only complete once the instance store folder is empty as it says. You can check things are moving by using message tracking in the Exchange 2010 powershell. One you are sure this has completed, you can delete the old public folder store in exchange 2003, select the new public folder store when you are asked where to move the existing bits and bobs to, once this has been done, it’s advisable to unmount then remount the public folders database using the exchange 2010 manager.

The final set with regard to the public folders, is to create a new container on the 2010 server, by right clicking on the 2010 exchange group, then selecting new public folder container, once this has been created, simply drag the public folders from the 2003 group into the 2010 folders group.

Now onto moving user mailboxes, easiest way is by using the Exchange 2010 management console, under server > recipient config > mailboxes > new local move. Follow the wizard to move everything over.
Before we are ready to decommission the old 2003 server, we just need to move the offline address book over, this is under Org config > mailbox > offline address book, right click it, select move and use the wizard. We then need to assign an offline address book to our mailbox database – right click it under Org config > mailbox > properties > client, and pick the offline folder.

We can now delete the 2003 mailbox store, say ok to the warnings, then delete both routing group connectors between the two servers. Using 2003 manager, change the recipient policies, so they only have email addresses – not mailbox manager. Finally we need to delete recipient update services for the domain, then the enterprise – although the latter will need doing via ADSIEdit.msc!
Finally, using add remove programs, change the SBS installation so that it doesn’t include Exchange.

At this point, our 2003 Exchange server is decommissioned, and we’ve now running on the new 2010 version.

Another of my little Windows 7 deployment annoyances has been the fact that windows media player is pinned to the new taskbar by default, and with windows 7, it’s not possible to programmatically add or remove pinned items from the taskbar.

After a while of script hunting for something that might get around this, I found out that there is an option that can be used in the unattended xml file will stop it from being automatically added!

In windows system image manager, add the following under phase 7 (OOBE):

   Windows shell setup >> Windows Features >> ShowWindowsMediaPlayer >> false

I’m currently looking into deploying Windows 7 in our environment, and was having a bit of an issue with printers… When our (non-admin) users log on, our logon script detects the client location and connects the appropriate printers, I don’t want any warnings to be shown or UAC prompts, but just want the drivers to be automatically downloaded and printers added.

On vista, you could disable any prompts, by disabling the “point and print restirctions” group policy object in the user configuration, or enable it and specify certain trusted servers, unfortunatly this didn’t seem to do the trick on Windows 7 RTM. After a bit of playing, I found out that on Windows 7, you need to apply the policy to both computer and user configuration!

From time to time our Citrix users end up with multiple sessions on our Citrix farm, especially when accessing the farm via Citrix access gateway and they loose connectivity. Most of these are fixed by setting sessions in the disconnected state to be automatically reset after 15 mins. (We allow this time  incase users are moving to a meeting room for example).

The big problem for us is that you can’t run multiple instances of Lotus Notes, so the disconnected session needs to be reset before the user can fire up Lotus Notes again, otherwise they will see an error like:

“You cannot use the Administration program while the Domino Server is running. Either shut down the Domino Server (buy keep the file server running) or choose the icon labeled ‘Lotus Notes’ instead.”

In order to try and make things a bit easier on the helpdesk, I created a script that will allow users to reset their own Citrix sessions. If you want to use it you’ll need to populate the first array with a list of all the servers in your farm, then create a shortcut:

cscript /nologo citrixreset.vbs

I’ve set mine to run minimized so that they don’t see random command windows popping up.

It should also be noted, that the script resets any disconnected sessions first, so that it can still carry on and kill the active one at the end! I know it’s not the slickest of scripts (Lots of splitting arrays and capturing command output), but I couldnt find any nice objects to do it properly with!

 citrixServers = array("CXS38", "CXS39", "CXS40", "CXS41")

Set objShell = CreateObject("WScript.Shell")

Sub resetSession(s)
    count = count + 1
    sessionID = trim(mid(s,48,5))
    citrixServer = trim(mid(s,1,6))
    wscript.echo "RESET SESSION " & sessionID & " /SERVER:" & citrixServer
    Set oExec = objShell.Exec("RESET SESSION " & sessionID & " /SERVER:" & citrixServer)
End Sub

userName = objShell.ExpandEnvironmentStrings("%UserName%")

For Each citrixServer In citrixServers

    wscript.echo "QUERY SESSION " & userName & " /SERVER:" & citrixServer
    Set oExec = objShell.Exec("QUERY SESSION " & userName & " /SERVER:" & citrixServer)

    Do While oExec.Status = 0
        WScript.Sleep 100
    Loop

    Do While oExec.StdOut.AtEndOfStream <> True
        sessionOutput = sessionOutput & vbCrLf & citrixServer & oExec.StdOut.ReadLine
    Loop

Next

count = 0
sessions = split(sessionOutput, vbCrLf)
wscript.echo

For Each session In sessions
    if InStr(session, "wdica") and InStr(session, "Disc") then wscript.echo session
Next

For Each session In sessions
    if InStr(session, "wdica") and InStr(session, "Active") then wscript.echo session
Next

For Each session In sessions
    if InStr(session, "wdica") and InStr(session, "Disc") then resetSession(session)
Next

For Each session In sessions
    if InStr(session, "wdica") and InStr(session, "Active") then resetSession(session)
Next

msgbox "Reset " & count & " Citrix session(s) for " & userName

When trying to access a windows server via a DNS alias (e.g. using \\fileserver.company.co.uk that is an alias of \\SERVER12), you will probably get a ‘duplicate name exists on the network’ error. This is because the default behaviour of windows only permits using the proper name of the server (SERVER12 in this case, or a bound IP address). This applies to both CNAMEs and A records in DNS.

You might have aliases set up so that if you ever move a service onto a different server, all you have to do is update the alias.

To enable a windows server to respond to aliases like this, you’ll need to edit the registry. Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters

Then add a new DWORD value, called DisableStrictNameChecking and the the value to 1.

Once this is done, you’ll need to restart the server service, after that you should be able to access the server using the alias name!

In Windows 7, it’s been annoying me for a while how the windows explorer item on the taskbar always default to my libraries, as on most systems I use they are empty.

You can change the location by holding shift and right clicking on the taskbar item so you can select properties in the context menu (If you’ve already got explorer windows open, you’ll need to right click the taskbar item once, then hold shift and right click on the Windows Explorer entry.)

Once in the properties window, if you set the target to the following, it will open ‘My Computer’ by default…

%SystemRoot%\explorer.exe /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Shadow copies are a brilliant time-saver… I can recover a deleted/overwritten/corruped file in a matter of seconds – or better still, the end user can do it! We currently have a schedule that takes a snapshot of our main fileserver at 7am and noon. While this is quite good, it quickly eats up diskspace, then all the snapshots get ditched and we have to start collecting them again. I wished there was some more complex scheduling and management for the shadows - I would find it far more useful to have more of the recent snapshots, and less of the older ones. Unfortunatly there’s no inbuilt functionality to do this, so I thought it was time to write a script…

I put together the following, it looks through all the snapshots on the system, and will delete those that match the following criteria:

- Older than 3 days and created after 7am
- Older than 7 days and not created on a Monday
- Older than 31 days

Scheduled to run daily, it should work a treat. The amount of snapshots should also stay constant, as once they are older then 31 days they will be removed.

  option explicit

  Dim objWMI, snapshots, snapshot, sDate, vDate, deleteSnapshot

  Set objWMI = GetObject("winmgmts://localhost/root/cimv2")
  Set snapshots = objWMI.ExecQuery("select * from Win32_ShadowCopy")
  set sDate = CreateObject("WbemScripting.SWbemDateTime")

  WScript.echo "Searching for all snapshots..."

  for each snapshot in snapshots

      sDate.Value = snapshot.InstallDate
      vDate = sDate.GetVarDate(True)
    
      WScript.echo vbCrLf & "Found snapshot... Created " & vDate
      'WScript.echo snapshot.VolumeName

      if (DateDiff("d", vDate, Date) > 7) then
          if (DatePart("w", vDate) <> 2) then
              WScript.echo "Older than 7 days & Not created on a Monday"
              deleteSnapshot = true
          end if
      end if

      if (DateDiff("d", vDate, Date) > 3) then
          if (hour(vDate) > 7) then
              WScript.Echo "Older than 3 days & Created after 7AM"
              deleteSnapshot = true
          end if
      end if

      if (DateDiff("d", vDate, Date) > 31) then
          WScript.Echo "Older than 31 days"
          deleteSnapshot = true
      end if

      if (deleteSnapshot) then
          WScript.echo "*** Deleting snapshot ***"
          snapshot.Delete_()
          deleteSnapshot = false
      else
          WScript.echo "*** Keeping snapshot ***"
      end if

  next

I came across a peculiar issue today with Lotus Notes 7, running on my newish Vista system, I was doing some c# development with the Notes COM objects, but was having some trouble, and needed to edit my notes.ini file to try and fix something.

The peculiar part was that in my program files directory, there was a notes.ini file – but with no real config in it, only a few lines – this files usually full of stuff! I also couldn’t see my ID file in the notes data directory when using explorer, but Notes could see it and access it fine!

After a bit of Googling, it turned out it was Vista redirecting application write access to the program files folder to “C:\Users\ %USERNAME% \AppData\Local\VirtualStore’. When the app reads from the program files folder it sees a merged version of the real program files folder and the users VirtualStore, so in essence forces apps to support multi users by the looks of it.

From time to time you’ll come across the problem where a system’s machine account in active directory has either become out of sync (Usually due to multiple systems with the same name) or has just been deleted somehow! Telltale signs of this are errors about domain’s being unavailable, and trust relationships failing whenever the system tries to perform any authentication. In these situations you can usually log in as a local administrator, unjoin/rejoin the domain, then reboot and the problem is sorted.

However, this isn’t so easy if you aren’t in front of the system (which is often the case), although it is possible to do:

First you need to locate the IP address of the system (Names will be unreliable if you’ve got multiple systems with the same name!). The best way to find the IP is probably from looking at DHCP leases on your DHCP server. Once you have the IP address, run regedit.exe on another system, then from the file menu select ‘Connect remote registry’. In the following box, connect to \\<IPaddress>. You should then be able to log on to the system as the local admin user (SYSTEMNAME\Administrator), you should then be able to navigate to:

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

In this key, look for the ‘fDenyTSConnection’ value, and set this to 0. This should enable remote desktop if it isn’t already, you’ll need to reboot in order to enable this:

shutdown -m \\<IPAddress> -r

Once the system has rebooted, you should be able to remote desktop to it, log in as the local admin user, and rejoin as if you were in front of it. Although if it was a case of multiple systems with the same name, don’t forget to give it a unique name!

I should also point out that if it was a deleted computer account, you could always restore the object in AD, but that’s another story…

You’ll sometimes have a server that has loads of scheduled tasks that need to run as a specific user account, and sometimes you might need to update the account they run as, or reset the password.

I recently had to change loads of these on our Altiris server, and didn’t really fancy doing it by hand! The following script will update the runas user/password for all scheduled tasks on your system…

@echo off

set Password=password
set Username=DOMAIN\username

cd /d "%SystemRoot%\tasks
for %%a in (*.job) do call :ChangePW %%a
goto :eof

:ChangePW
set TaskName=%*
set TaskName=%TaskName:~0,-4%
SCHTASKS /Change /RU %Username% /RP %password% /TN "%TaskName%"