Month: May 2010

Useful Commands to use with Active Directory

Create User

dsadd user “CN=Ahmed Mohamed Ali,OU=Temp,OU=Egypt,OU=Common Users,OU=User Accounts,DC=Expert,DC=com,DC=eg” -upn E00001@adib.co.ae -samid E00001 -display “Ahmed Mohamed Ali” -dept “Heliopolis Branch” -pwd 123456789 -mustchpwd yes -disabled yes -title “Banker” -desc “Banker” -company “Expert EGYPT” -office “Cairo Branch” -fn “Ahmed” -mi “Mohame” -ln “Ali” -memberof “CN=Cairo Staff,OU=Egypt,OU=Groups,DC=Expert,DC=com,DC=eg”

 

Note:

– I would recommend creating the User in a temp empty OU first, and after confirming that everything is OK, you can move them top their desired OU.

– The ‘-mi “xxxxxx”‘ field must NOT exceed 6 characters, that’s by design.

 

Add Telephone and Mobile info to a User

dsmod user “CN=Ahmed Mohamed Ali,OU=Egypt,OU=Common Users,OU=User Accounts,DC=Expert,DC=com,DC=eg” -tel “0020211111111” -mobile “20101111111”

 

Create Global Security Group

 
dsadd group “CN=Finance,OU=egypt,ou=Groups,DC=Expert,DC=com,DC=eg” -samid Finance -secgrp yes -scope G
 

Add Members to a Group

dsmod group “CN=Finance,OU=egypt,ou=Groups,DC=Expert,DC=com,DC=eg” -addmbr “CN=Ahmed Mohamed Ali,OU=Temp,OU=Egypt,OU=Common Users,OU=User Accounts,DC=Expert,DC=com,DC=eg”
 

Dump objects details inside an OU to a .CSV file

CSVDE -d “OU=Egypt,OU=Users,DC=Expert,DC=com,DC=eg” -f “C:\Documents and Settings\Administrator\Desktop\Users_Egypt.csv”
 

Get User Email in a text file, from his SAMID

Create this batch and name it like Useremail.bat

@echo off dsquery user -samid %1 | dsget user -email | Find “@” >usermail.txt
 

Run it as

Useremail.bat AMohamed

and get the result in usermail.txt

Get The User DN from the SAMID

DSQuery User -samid AMohamed
 

Change a Domain Account’s Password[1]

Using the following command you reset user DoeJ his password to Pa$$word1!

dsquery user -samid DoeJ | dsmod user -pwd Pa$$word1!

If you use * instead of Pa$$word1!, you will be asked for a password. iIf you are logged on to a domain controller you can also use the net user command, the equivalent command in this case would be:

net user DoeJ Pa$$word1!

You can also use the net user command from your workstation:

net user DoeJ Pa$$word1! /domain

Change the default location of creating Computer objects

By default when you join a PC to the domain, a computer object for that PC will be created in “Computers” OU,

to change this, for example, make the default OU for newly joined PCs to be “CompanyPCs”

C:\WINDOWS\system32>redircmp.exe OU=CompanyPCs,DC=Expert,DC=com,DC=eg

Get Users of a Group

dsget group “CN=GFSAccMaintenanceLegalOfficer,OU=Egypt,OU=Groups,DC=adib,DC=co,DC=ae” -members

 

Delete User

Dsquery user -samid EXXXX | DSrm -noprompt -c  > c:\log.txt

 

List Groups and its members

 

Echo “CN=GROUPNAME,OU=Egypt,OU=Groups,DC=Masry,DC=com,DC=eg” >>LIST.txt & dsget group “CN=GROUPNAME,OU=Egypt,OU=Groups,DC=Masry,DC=com,DC=eg” -members >>LIST.txt

 

Locked Users Saved Query

(&(&(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))))

 

 

References:

DSADD on TechNet

Windows Live Messenger Times Out on Windows 7 Solved

So, you installed Windows 7/Windows Vista and Internet connection is working fine, and you can browse web sites normally,

But,

Windows Live Messenger/some other network or Internet activity times out!

This symptom is due to the "TCP/IP Auto-Tuning" in windows 7 and Windows Vista, which is not compatible with some network devices.

to disable TCP/IP Autotuning, open elevated command prompt, and run the below command, and then reboot your PC:

netsh int tcp set global autotuninglevel=disabled

This should disable TCP/IP Auto-Tuning and solve your problem.

Note: In case you want to undo this command for any given reason, open elevated command prompt, and run the below command, and then reboot your PC:

netsh int tcp set global autotuninglevel=normal

Powered by Qumana

Exchange 2010 Sizing

DRAFT:

Downloads:

HP Sizer for Microsoft Exchange Server 2010

Compined HUB/CAS

CPU Cores:  the Recommended Processor Core Ratio is : ‘Mailbox’ cores : ‘HUB/CAS’ cores   ====>  1:1

EG: Mailbox server will be implemented by 16 core processors; each hub server minimum processor should be 8 cores

RAM: RAM should be estimated by 2 GB of RAM per processor core ((4/8 GB minimum total))

EG: Hub servers will use 8 x processor core, using the above equation; 2 GB of RAM should be added for
each core processor: 8 processor core x 2 GB RAM =16 GB RAM per server.

======

MBX

CPU: Generally 4 x processor core server provides a good balance between price and performance, and
should be able to host several thousand mailboxes.

EG: 5000 user can be hosted on one of the mailbox servers.
The user profile send and receive 50 message per day will require 1 megacycle on the active mailbo
= 5000 x 1 megacycle = 5000 megacycle.
Adding 10% for each copy of the database (only 1 copy will be available) = 500 megacycle.
The estimated required megacycles per server = 5500

Sizing used primarily for budgeting purposes can be accomplished by assuming that 1,000 active average
profile mailboxes will require a 1 x processor core, this equal to 5 cores per server.

The recommend CPU requirements for each mailbox server will be 2 (physical processors) x 4 (cores) = 8
Cores..

=====

Active Directory Server and Mailbox Server Ratios

The recommended number of Active Directory directory servers in each site containing Exchange 2010 Mailbox servers or users depends on the number of processor cores in each computer running the Exchange 2010 Mailbox server role and the hardware platform on which Active Directory is running. Specifically, consider the following scenarios:

  • If Active Directory is running on the x86 platform (32-bit), the recommended ratio of Active Directory directory server processor cores to Exchange 2010 Mailbox server processor cores is 1:4.
  • If Active Directory is running on the x64 platform (64-bit), the recommended ratio of Active Directory directory server processor cores to Exchange 2010 Mailbox server processor cores is 1:8. To achieve the 1:8 ratio, you must have enough memory installed on the directory server to cache the entire Active Directory database in memory. To check the size of your Active Directory database, examine the NTDS.DIT file on a global catalog server. By default, this file is located in %WINDIR%\NTDS.

In the preceding ratios, it’s important to note that this is a ratio of processor cores and not processors. Thus, a dual-core processor counts as 2 when calculating the ratio. The ratio difference between 32-bit and 64-bit is due to the larger amount of memory that a 64-bit operating system can support as compared to a 32-bit operating system.

For Exchange 2010, we recommend that you deploy one 32-bit global catalog server processor core for every four Exchange 2010 Mailbox server processor cores, or one 64-bit global catalog server processor core for every eight Exchange 2010 Mailbox server processor cores. Although other server roles will influence the number of global catalog processor cores required, the Mailbox servers that are deployed influences the deployment of each of the other roles, so basing the number of global catalog processor cores on Mailbox server processor cores will suffice.

Daylight Saving Hour Change Handling

First, Run the update patch provided by microsoft to update your Daylight Saving Hour for your time zone,

If the Patch is not available, or for some reason you need an alternative, Here’s some:

1- ZEdit.exe : useful tool with GUI to set the Daylight Saving Hour change dates, could be used if you have small no. of computers in place.

2- timezone.exe: a command line tool, that could be called from a patch file on the startup script, example:

@echo off
\\FileServer\DST\timezone.exe /s 23:4:5:04 23:4:3:08

3- Registry -Use this with Caution-: you can update the DST on a single machine (by any way), then extract the time zoon registry key and import it -By batch file- an the other machines,

additionally you will need to refresh the control set, so the settings take effect

For Egypt Standared Time:

Export: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Egypt Standard Time

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Egypt Standard Time]
"Display"="(GMT+02:00) Cairo"
"Dlt"="Egypt Daylight Time"
"Std"="Egypt Standard Time"
"MapID"="4,68"
"Index"=dword:00000078
"TZI"=hex:88,ff,ff,ff,00,00,00,00,c4,ff,ff,ff,00,00,08,00,04,00,03,00,17,00,3b,\
00,3b,00,00,00,00,00,04,00,04,00,05,00,17,00,3b,00,3b,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Egypt Standard Time\Dynamic DST]
"FirstEntry"=dword:000007d5
"LastEntry"=dword:000007da
"2005"=hex:88,ff,ff,ff,00,00,00,00,c4,ff,ff,ff,00,00,09,00,04,00,05,00,17,00,\
3b,00,3b,00,e7,03,00,00,04,00,05,00,05,00,00,00,00,00,00,00,00,00
"2006"=hex:88,ff,ff,ff,00,00,00,00,c4,ff,ff,ff,00,00,09,00,04,00,03,00,17,00,\
3b,00,3b,00,e7,03,00,00,04,00,05,00,05,00,00,00,00,00,00,00,00,00
"2007"=hex:88,ff,ff,ff,00,00,00,00,c4,ff,ff,ff,00,00,09,00,04,00,01,00,17,00,\
3b,00,3b,00,e7,03,00,00,04,00,04,00,05,00,17,00,3b,00,3b,00,e7,03
"2008"=hex:88,ff,ff,ff,00,00,00,00,c4,ff,ff,ff,00,00,08,00,04,00,05,00,17,00,\
3b,00,3b,00,e7,03,00,00,04,00,04,00,05,00,17,00,3b,00,3b,00,e7,03
"2009"=hex:88,ff,ff,ff,00,00,00,00,c4,ff,ff,ff,00,00,08,00,04,00,03,00,17,00,\
3b,00,3b,00,e7,03,00,00,04,00,04,00,04,00,17,00,3b,00,3b,00,e7,03
"2010"=hex:88,ff,ff,ff,00,00,00,00,c4,ff,ff,ff,00,00,09,00,04,00,05,00,17,00,\
3b,00,3b,00,e7,03,00,00,04,00,04,00,05,00,17,00,3b,00,3b,00,e7,03

To Refresh control set: run this VBS Script:

Set objSh = CreateObject("WScript.Shell")

‘Get the StandardName key of the current time zone
szStandardName = objSh.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName")

‘Enumerate the subkeys in the time zone database
const HKEY_LOCAL_MACHINE = &H80000002
Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
szTzsKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones"
objReg.EnumKey HKEY_LOCAL_MACHINE, szTzsKeyPath, arrTzSubKeys

‘Step through the time zones to find the matching Standard Name
szTzKey = "<Unknown>"
For Each subkey In arrTzSubKeys
If (objSh.RegRead("HKLM\" & szTzsKeyPath & "\" & subkey & "\Std") = szStandardName) Then
‘Found matching StandardName, now store this time zone key name
szTzKey = subkey
End If
Next

If szTzKey = "<Unknown>" Then
‘Write entry to the Application event log stating that the update has failed to execute
objSh.LogEvent 1, "DST 2007 Registry Update and Refresh failed to execute on this computer. Time zones failed to enumerate properly or matching time zone not found."
Wscript.Quit 0
End If

Dim process, processid, result, strUpdateCommand
Set process = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2:Win32_process")

‘Add time change privilege to the process object
process.Security_.Privileges.AddAsString "SeSystemTimePrivilege",True
strUpdateCommand = "control.exe timedate.cpl,,/Z" & szTzKey

‘Launch control.exe to refresh time zone information using the TZ key name obtained above
result = process.create(strUpdateCommand,Null,Null,processid)
If result <> 0 Then
objSh.LogEvent 1, "DST 2007 Registry Update and Refresh failed to execute on this computer. Unable to refresh the Timezone database."
Wscript.Quit 0
End If

‘Get current display name of refreshed time zone
szCurrDispName = objSh.RegRead("HKLM\" & szTzsKeyPath & "\" & szTzKey & "\Display")

‘Write entry to the Application event log stating that the update has executed
objSh.LogEvent 4, "DST 2007 Registry Update and Refresh has been executed on this computer." & chr(13) & chr(10) & chr(13) & chr(10) & "Current time zone is: " & szCurrDispName & "."

And the startup script would look like:

@echo off
Regedit /s \\FileServer\DST\\TZUpdate.reg
Cscript \\FileServer\DST\\RefreshTZinfo.vbs

Useful Commands to Use With Windows Time:

Net stop w32time & Net start w32time

NET TIME /QuerySNTP
NET TIME /SETSNTP:10.x.x.x

w32tm /resync
w32tm /tz –> Display time zone