Check the DNS zone status from the list of servers
If you are using the windows DNS server and it’s not AD integrated then it’s a primary and secondary concept, in this zone will not be replicated automatically you have to create manually an each server, if you want to check the zone status on all the servers then you have to login to each server and check the zone status or you can use the below command, to simplify the work
For /f %a in (list.txt) do dnscmd %a /zoneinfo zonename >> output.txt
This command will check all the servers in the input file (list.txt) for the zonename and store the output in output.txt file
Note: run this command from where the input file (list.txt) there
Example: if you have the user list in c:\temp then you have to run this command from there, this will create and store the output in output.txt file
Search This Blog
Sunday, 8 November 2009
To check the list of Users Group Membership
Check the list of Users Group Membership List
I have used "for" command to read the input file (list.txt) and execute the "net user" command for each user and store the result in output.txt file
For /f %a in (list.txt) do net user %a /dom >> output.txt
Note: run this command from where the input file (list.txt) there
Example: if you have the user list in c:\temp then you have to run this command from there, this will create and store the output in output.txt file
You can also use the below link which uses the dsget command
To display the list of members with nested groups
I have used "for" command to read the input file (list.txt) and execute the "net user" command for each user and store the result in output.txt file
For /f %a in (list.txt) do net user %a /dom >> output.txt
Note: run this command from where the input file (list.txt) there
Example: if you have the user list in c:\temp then you have to run this command from there, this will create and store the output in output.txt file
You can also use the below link which uses the dsget command
To display the list of members with nested groups
Wednesday, 4 November 2009
Test case for Exchange 2007 Migration
Find the below test case configuration for the user, when you migrate Exchange 2003 to Exchange 2007
What are settings changed to default settings of target forest when migrating between forest
What are settings changed to default settings of target forest when migrating between forest
| Exchange 2003 settings (before migrating) & After Migrated to Exchange 2007 | |
|---|---|
| User mail box Storage Limits | It's changed to default settings |
| Deleted items retention | It's changed to default settings |
| In Delivery Option Send on behalf | It's retains same as before migrating |
| Forwarding Address to | It's changed to default settings |
| Maximum recipients | It's changed to default settings |
| In Delivery Restrictions Sending message size | It's changed to default settings |
| Receiving message size | It's retains same as before migrating |
| Mail Box rights | It's retains same as before migrating |
| Hide from Exchange address list | It's retains same as before migrating |
| Additional SMTP address | It's retains same as before migrating |
| Disable Outlook Mobil Access | It's changed to enabled state |
| Disable Outlook Web Access | It's changed to enabled state |
| Disable MAPI | It's changed to enabled state |
| Client side message rules | It's retains same as before migrating |
| Out of office message | It's retains same as before migrating |
| Signatures | It's changed to default settings |
| Colander permission | It's retains same as before migrating |
| Outlook folder permission | It's retains same as before migrating |
| Outlook delectation | It's retains same as before migrating |
| Outlook junk filter settings | It's retains same as before migrating |
| Outlook archive settings | It's changed to default settings |
| Active directory settings like personal information | It's retains same as before migrating |
| Schedule + Free Busy Coexistence between forest | no it's not possible |
| DL sync | It's working |
| Can see Gal of other forest | Yes |
| Add user in DL from another forest | Yes |
| Move merge DL | Yes |
| Nesting two Dl from different forest | |
| Public folder migration | Yes |
| Public folder permission | no it's not possible |
Exchange 2007 Migrate from Cross-Forest to Cross-Forest
If you want to migrate users and mailbox across forest (Cross-Forest to Cross-Forest) then you have to sync the GAL to maintain Mail flow between forests and user form one forest to resolve the user name from other forest in GAL
Gal Replication using MIIS 2003 for cross forest
• want to share free/busy information across the forests, make sure that you have installed the Inter-Organization Replication tool in each forest (only If you are using any version of Outlook other than Outlook 2007) The Inter-Organization Replication tool is not supported with Exchange 2007, so you must have an Exchange 2003 server in each forest to use the Inter-Organization Replication tool
• Configure MIIS 2003 or identity integration feature pack 1a for create Gal sync management agent
• Enable Gal Sync
• Configure connectors in each forest that will have an Exchange server
• We must configure our Exchange 2003 or Exchange 2000 servers to use TLS for mail flow between Exchange 2003 and 2007
• Mail flow between forests we must configure a domain in that forest as an authoritative domain
o Open the exchange Management Console
o In the console tree, click Organization Configuration, and then click Hub Transport
o In the work pane, click the Accepted Domains tab. On the New Accepted Domain page, complete the following fields:
Name Use this field to identify the accepted domain in the user interface. You can type any name that you want. We recommend that you select a meaningful name that helps you easily identify the purpose of this accepted domain. For example, you may want to use a name that identifies this as a subsidiary domain or as a hosted domain. You must use a unique name for each accepted domain
Accepted Domain Use this field to identify the SMTP namespace for which the Exchange organization will accept e-mail messages. You can use a wildcard character to accept messages for a domain and all its sub domains. For example, you can type *.contoso.com to set Contoso.com and all its sub domains as accepted domains.
o After you complete these fields on the New Accepted Domain page, select the following option: Authoritative Domain. E-mail is delivered to a recipient in this Exchange organization.
o Click New
o On the Completion page, click Finish.
• Use the Exchange Management Shell to move mail box between forest and If you want to move both the user account and the corresponding mailbox to the target forest you must use a tool such as the Active Directory Migration Tool version 3.0 (ADMT v3). You can run this tool before or after you move the mailboxes
• For any public folders in your existing Exchange 2003 organization, create a replica on the Exchange 2007 Mailbox server
• Remove Exchange 2003
Gal Replication using MIIS 2003 for cross forest
• want to share free/busy information across the forests, make sure that you have installed the Inter-Organization Replication tool in each forest (only If you are using any version of Outlook other than Outlook 2007) The Inter-Organization Replication tool is not supported with Exchange 2007, so you must have an Exchange 2003 server in each forest to use the Inter-Organization Replication tool
• Configure MIIS 2003 or identity integration feature pack 1a for create Gal sync management agent
• Enable Gal Sync
• Configure connectors in each forest that will have an Exchange server
• We must configure our Exchange 2003 or Exchange 2000 servers to use TLS for mail flow between Exchange 2003 and 2007
• Mail flow between forests we must configure a domain in that forest as an authoritative domain
o Open the exchange Management Console
o In the console tree, click Organization Configuration, and then click Hub Transport
o In the work pane, click the Accepted Domains tab. On the New Accepted Domain page, complete the following fields:
Name Use this field to identify the accepted domain in the user interface. You can type any name that you want. We recommend that you select a meaningful name that helps you easily identify the purpose of this accepted domain. For example, you may want to use a name that identifies this as a subsidiary domain or as a hosted domain. You must use a unique name for each accepted domain
Accepted Domain Use this field to identify the SMTP namespace for which the Exchange organization will accept e-mail messages. You can use a wildcard character to accept messages for a domain and all its sub domains. For example, you can type *.contoso.com to set Contoso.com and all its sub domains as accepted domains.
o After you complete these fields on the New Accepted Domain page, select the following option: Authoritative Domain. E-mail is delivered to a recipient in this Exchange organization.
o Click New
o On the Completion page, click Finish.
• Use the Exchange Management Shell to move mail box between forest and If you want to move both the user account and the corresponding mailbox to the target forest you must use a tool such as the Active Directory Migration Tool version 3.0 (ADMT v3). You can run this tool before or after you move the mailboxes
• For any public folders in your existing Exchange 2003 organization, create a replica on the Exchange 2007 Mailbox server
• Remove Exchange 2003
Free tool to Find subnet conflict in Active directory
Free tool to Find subnet conflict in Active directory
If you ever think that you require a tool to find the subnet in Active Directory and find the subnet conflict also, here is the tool and it’s Free!
Before add the subnet in to AD it needs to be checked for subnet conflict to make the environment clean and also reduce the login errors (due to subnet conflict)
Download
If you ever think that you require a tool to find the subnet in Active Directory and find the subnet conflict also, here is the tool and it’s Free!
Before add the subnet in to AD it needs to be checked for subnet conflict to make the environment clean and also reduce the login errors (due to subnet conflict)
Download
Saturday, 31 October 2009
How to check Active Directory replication
One of the questions asked most frequently by the system administrators is how to check the Active Directory replication or how to monitor the AD replication, most of the AD administrates know about the repadmin /showreps command however this command will provide the Last attempt status, like “Last attempt @ 2008-10-31 13:51:13 was successful” if any error while last attempt it will show the errors like the below one for communication issue
Last attempt @ 2009-04-18 01:45:51 failed, result 1722 (0x6ba):
The RPC server is unavailable.
Some time you will get the below status through repamin command
1. Active Directory replication has been preempted.
2. Replication posted, waiting.
3. Server busy
All the above status are related to replication progressing without any major issues, but we don’t know about the exact status
To get the exact status use the below procedure:
If the replication progressing (or) not ????
Let say am checking for test0000-test0005 (Connection object)
check the active directory replication on test0005
1. Run the “repadmin /showreps /v” on test0005
a. Check for respective connection object and partition (domain partition)
b. Check the USN value on /OU /PU
c. Find the below result
USNs: 215044188/OU, 0/PU
Last attempt @ 2008-10-31 15:05:20 was successful.
2. Check after some time if the value increase then the replication happening, as per the below screenshot replication happening because the USN: /OU value changing
(USNs: 221237525/OU, 0/PU
Last attempt @ 2008-10-31 15:05:20 was successful.
Now you see the change (USNs: 215044188/OU to USNs: 221237525/OU)
3. Also check other partition for the same server, for up to date USN, find the screenshot for configuration partition.
USNs: 262820263/OU, 262820263/PU
Last attempt @ 2008-10-31 15:05:20 was successful.
4. In order to complete the replication this USN /OU value should reach USNs: 262820263/OU
5. If this USN /OU value not changed for long time then replication failed (replication not progress) please check for event log for more info.
This procedures are mainly used to check The high-watermark value, it can help you deduce the state of progress on that replication link
USNs:. The high-watermark USN is the number that is followed by /OU.
The object update (OU) USN saves the position when in the middle of a replication cycle. It stays the same as the property update (PU) when replication is not occurring, and increases during a replication cycle. At the end of the cycle, the final USN replicated becomes the PU value and the OU is left to match. Thus, the OU indicates progress within a cycle, and the PU indicates the last update seen at the conclusion of a successful cycle. A PU of zero means that the link has never completed a successful cycle, as is the case when performing its first synchronization on a new domain controller connection. If the OU and PU are not equal, it means a replication cycle is in progress.
Last attempt @ 2009-04-18 01:45:51 failed, result 1722 (0x6ba):
The RPC server is unavailable.
Some time you will get the below status through repamin command
1. Active Directory replication has been preempted.
2. Replication posted, waiting.
3. Server busy
All the above status are related to replication progressing without any major issues, but we don’t know about the exact status
To get the exact status use the below procedure:
If the replication progressing (or) not ????
Let say am checking for test0000-test0005 (Connection object)
check the active directory replication on test0005
1. Run the “repadmin /showreps /v” on test0005
a. Check for respective connection object and partition (domain partition)
b. Check the USN value on /OU /PU
c. Find the below result
USNs: 215044188/OU, 0/PU
Last attempt @ 2008-10-31 15:05:20 was successful.
2. Check after some time if the value increase then the replication happening, as per the below screenshot replication happening because the USN: /OU value changing
(USNs: 221237525/OU, 0/PU
Last attempt @ 2008-10-31 15:05:20 was successful.
Now you see the change (USNs: 215044188/OU to USNs: 221237525/OU)
3. Also check other partition for the same server, for up to date USN, find the screenshot for configuration partition.
USNs: 262820263/OU, 262820263/PU
Last attempt @ 2008-10-31 15:05:20 was successful.
4. In order to complete the replication this USN /OU value should reach USNs: 262820263/OU
5. If this USN /OU value not changed for long time then replication failed (replication not progress) please check for event log for more info.
This procedures are mainly used to check The high-watermark value, it can help you deduce the state of progress on that replication link
USNs:. The high-watermark USN is the number that is followed by /OU.
The object update (OU) USN saves the position when in the middle of a replication cycle. It stays the same as the property update (PU) when replication is not occurring, and increases during a replication cycle. At the end of the cycle, the final USN replicated becomes the PU value and the OU is left to match. Thus, the OU indicates progress within a cycle, and the PU indicates the last update seen at the conclusion of a successful cycle. A PU of zero means that the link has never completed a successful cycle, as is the case when performing its first synchronization on a new domain controller connection. If the OU and PU are not equal, it means a replication cycle is in progress.
Subscribe to:
Posts (Atom)
