Chris Beams’s Blog

Active Directory and more….

Archive for May, 2009

Windows 2008R2 – Active Directory whats new ?

Posted by chrisbeams on May 28, 2009

This is a cool presentation from technet … some of the new stuff in R2 is amazing.   Looks like PowerShell for AD is going to really kick off !!!

Link to Powerpoint download

Link to more resources

Posted in Active Directory | Tagged: | Leave a Comment »

Schema Changes… scared?

Posted by chrisbeams on May 28, 2009

Everyones favourite topic Schema Changes.  I have always seen these as rather easy and over rated experiences, however a recent change to Exchange 2007 SP1 schema changed that view.  I will be adding some pointers for that change next week along with some more info. Here’s how Microsoft do it.



Posted in Active Directory | 2 Comments »

Group Policy – Starter Gpos

Posted by chrisbeams on May 26, 2009

These look interesting , basically you can create baseline GPOs. They can only include Administrative Templates (as shown below) settings and also create a new folder in SYSVOL. Going to have a play and the following article looks good: Link

GPMC Location:

Starter GPO - GPMC

SYSVOL Location:

Starter GPO - SYSVOL

GPO Settings:

Starter GPO Admin Templates

Starter GPO Admin Templates

Posted in Group Policy | Tagged: | Leave a Comment »

Password policies

Posted by chrisbeams on May 26, 2009

Good high level blog form the ASKDS team:

plus a link to a white paper you should read:

Posted in Active Directory | Tagged: , | Leave a Comment »

Windows 2008 and Vista SP2 released

Posted by chrisbeams on May 26, 2009

just spotted this on a few blogs..


and the extract from the ms site

Service Pack 2 (SP2) for Windows Server 2008 and Windows Vista is an upcoming update to Windows Vista and Windows Server 2008. It will provide customer and partner feedback-driven fixes into a single service pack, minimizing deployment and testing complexity. In addition to all previously released updates since SP1, SP2 will support new types of hardware, and will add support for several emerging standards.

As of April 28th, 2009 the Windows Server 2008 SP2 and Windows Vista SP2 Beta program has concluded, thank you for your participation and feedback.

Posted in Vista, Windows 2008 | Tagged: | Leave a Comment »

AD Recovery

Posted by chrisbeams on May 22, 2009

So my progress to date has been good.  I have used the Quest Recovery Manager for AD in my home lab to recover a child domain and two domain controllers.  To be honest it was a very simple process and after a few nervous minutes while the existing DCs sorted themselves out everything was ok.  I have some screen shots and a short guide that I will post early next week. It was intersting to see the invocation guid changing as the DC worked out it had been restored.

Active Directory has been restored from backup media, or has been configured to host an application partition. The invocationID attribute for this domain controller has been changed. The highest update sequence number at the time the backup was created is as follows.
InvocationID attribute (old value):
InvocationID attribute (new value):
Update sequence number:

The invocationID is changed when a domain controller is restored from backup media or is configured to host a writeable application directory partition.


Posted in Active Directory | Tagged: | Leave a Comment »

Virtual Technet

Posted by chrisbeams on May 22, 2009

This looks good ,  with some good topics and of course the legend Mark Russinovich

Posted in Uncategorized | Leave a Comment »

Group Policy – Forum Common Questions

Posted by chrisbeams on May 18, 2009

excellent list of common questions and answers from the Gp Forum

Posted in Active Directory | Tagged: | Leave a Comment »

Directory Services – KB Articles

Posted by chrisbeams on May 17, 2009

New KB articles related to Directory Services for the week of 5/3-5/9.

969710 How to enable the half-open TCP connections limit in Windows Vista with Service Pack 2 and in Windows Server 2008 with Service Pack 2
971133 Verbose logging may have adverse effects on system performance
969902 Many services do not start when you enter a computer name that exceeds 15 bytes during the initial setup of Windows Vista or of Windows Server 2008
970914 How to Manually Restore Files Backed Up Using Windows Backup
971070 The Debug Diagnostics 1.1 Whitepaper is now available
967358 You receive error messages when you try to create a domain GPO or edit an existing domain GPO in a Windows Server 2008 Active Directory domain environment


Posted in Active Directory | Tagged: | Leave a Comment »

Server Core – DC Promotion

Posted by chrisbeams on May 17, 2009

I have attached a simple answer.txt file below that I have used before for Server Core Promotion:

To set the network up you need the network ID (which tends to be 2)

netsh interface ipv4 show interfaces (this gives you the network id)
netsh interface ipv4 set address name=”2″ source=static address= mask= gateway=
netsh interface ipv4 add dnsserver name=”2″ address= index=1

If you need RDP Access you need to do the following:

  • WMIC RDTOGGLE Where ServerName=”%COMPUTERNAME%” Call SetAllowTSConnections  AllowTSConnections=”1″
  • NetSH FireWall Set PortOpening TCP 3389 “Remote Desktop”

Dont forget to  Rename the machine to something more useful:

  • WMIC ComputerSystem Where Name=”%COMPUTERNAME% Call Rename Name =”NewNameYouWant”

And then the answer.txt file

This one would create a normal DC with DNS thats also a GC in an existing Domain,


Posted in Active Directory | Tagged: , | Leave a Comment »