Techno Button Master

Becuase ‘dsmod‘ & ‘dsquery‘ support piping (passing results to a new command) you can easliy send results from dsquery to dsmod.

I wanted to disable old computer accounts, then after 60 days I will delete them.

dsquery computer -inactive 8 -limit 0 | dsmod computer -disabled yes

The above will search for computers that have not connected for 8 weeks, say after being removed, destroyed etc. then it will disable the computer account.

I a few weeks I will then search for disabled accounts, might export a list and then delete them form AD.

you could expand this and createa a weekly task that would check and disable/delete accounts, or move them to a locked down part of AD etc.

J

I was getting a nice 4005 error while trying to Build/Capture of Vista Sp2, the error was occuring just before windows installtion had started (after applying drivers)

It seems there was an incompatibility on one of the divers as I use mainly XP Drivers, To workaround this I created a new driver category for Vista to use (instead of all the drivers avaliable)

I got it working by

1. Create a “Vista_Network” driver catergory and added the basic Network/required drivers
   
2. Edit The Build-Capture tasksequence
3. Goto the “Apply Driver” task
4. Select “Limit Drivers To “Vista_Network” Category”
5. 

   As you can see

   Save

It will now work and you dont need to disable drivers etc.

Good Luck

Ok,

I finally bit the bullet and purchased a SAN Certificate for Exchange 2007 so that I dont get any more problems with security errors etc. There was a small problem though, The SAN consisted of

CN = domain.com
SAN (Subject Alternative Name) = autodiscover.domain.com & rpc.domain.com & webmail.domain.com

Due to the way outlooks connects over RPC/HTTPS you need to make sure you update the MSSTD Record to reflect the CN on the certificate

• Set-OutlookProvider EXPR -Server $null -CertPrincipalName msstd:domain.com

I needed to quickly remove and reinstal forefront accross my test domain.

Here it is (replace “FCS_PATH” with the path the the FCS source)

msiexec.exe /x “FCS_PATH”\mp_ambits.msi /qn
msiexec.exe /x “FCS_PATH”\momagent.msi /qn
msiexec.exe /x “FCS_PATH”\fcsssa.msi /qn
MsiExec.exe /X{2DF2E496-D3B7-4A6F-A341-6DE48FDFEF0A} /qn
“FCS_PATH”\fcsinstallscript.vbs
“FCS_PATH”\mpam-fe.exe /qn

What is all this?

• fcsinstallscript.vbs from
• https://blogs.microsoft.co.il/files/folders/61188/download.aspx
• This simply reinstalls FCS on the client machine (both x64 & x86)

• mpam-fe.exe?
• This is the complete update to FCS (so the machine is protected from installation) from
• http://support.microsoft.com/kb/935934

The above will

1. Remove FCS & MOM agents
2. Install FCS & MOM
3. Install latest complete update for FCS
4. Silently

J

I was getting erros deploying to a x64 boot pxe, it would never work..

until *actually* copied the x64 boot image to the DP

duh!

I was getting some annoying errors for a server.

ERROR ID 31214 & 30135

After trying ALOT of solutions I check the Shadow Copy Status (right click C and choose properties) It seems I had disabled the VSS for C: and this in turn was the cause of the failure.

Not that DPM or Eventlog told me. hah

I like DPM but the logging is limited and a problem

Here are the solutions so far

• Enable VSS
• Delete VSS Copies (C)
• Re-Run consistancy check
• … not sure, more to come I assume

Install SP1 & Rollup Update, Fixes all

I have started testing out Data Protection Manager 2007 R2 in my learning enviroment. I had previously tested it last year but found it to be horribly slow and inconsistant.

This time I have good hardware to work with and I am getting really sick of Backup exec and the failures (tape control etc)

The server consists of

• Quad Core 2.5
• 4GB RAM
• 1x80GB System Drive
• 4x1TB Sata2 on a hardware RAID controller (RAID0)
• 1x1GB NIC (2 soon)

Money is an issue so the server needs to be cheap, It will server no other use except backups, My plan was to use the 4TB array for short term disk/staged backups then Tape for long term backups. There are some risks in working this method as RAID0 has no redundancy and a loss of a disk will cause a loss of the array (ouch) so I plan to use my slow NAS (raid5) for daily mirrored backups. Something likethis

Exchange—>4TB raid0 (daily+incremental+recovery etc)—>1tb Raid5(daily)—>tape (weekly)

I will connect my 2tb nas via gigabit crossover to remove the overhead from my network and increase speed. I expect to get around 10-20MB/s compared with 300MB/s on the local raid0.  This should give me some redundancy and if all goes well I will migrate to local RAID5/6 and remove the NAS all together.

The install and config was very easy, Much faster and better than before. In general the UI is smooth and clean (too clean, See later). Microsoft seems to have taken all the choices out of backing up. Really you just choose the server and the service and you are done. Its simple and works as advertised.

My problems are:

• Errors are hard to diagnose and there seems to be no logging of agents (see prev post).
• Detailed info, Current activitys are hardly detailed. I prefer the advanced info from Backup Exec
• No support for Windows 2000 ( I know its old )

But compared to the now Symantec Bcakup Exec, its better. Not crazy better.. but better. I will stick to the testing over the next few weeks and see how it pans out.

J

I have been testing out Data Protection Manager 2007 as a replacement to Symantec (Veritas) Backup Exec

I came accross a wierd error. I had two servers that have teaming enabled, but one of the team member adaptors are disconnected (physically) this was causing DPM Agent to fail to connect to the DPM server, It seems that Qos is not working under a failed team? I need to check that out.

Error (one of them)

A DPM agent failed to communicate with the DPM service on xxxx.yyyy.com because of a communication error. Make sure that xxxx.yyyy.com is remotely accessible from the computer running the DPM agent. If a firewall is enabled on xxxx.yyyyy.com, make sure that it is not blocking requests from the computer running the DPM agent (Error code: 0x800706ba, full name: xxxx.yyyy.com).

So if you are getting strange connectivity errors, or failed jobs for no other reason.. Check your teams/qos and general network.

Good luck

I always like a little cmd alternative to fifty mouse button clicks (yea I know) and when I was having issues with one client with SCCM & OSD I had to use this, Basically once client was not installing a netork card driver, it would if I did it manually from inside WINPE ( press f8, type MMC and then add/remove computer management) there seem to be 2xdriver in the c:\drivers and although I dont yet know where this duplication is, I have to get this computer out today. So I found DEVCON

What is it? Basically what you do in device manager with a mouse this will do from CMD with some heavy options.

1. Get DevCon HERE
2. Extract to c:\devcon
3. in CMD goto c:\devcon\i386\ and execute devcon
4. In my case the command was devcon inf hardwareID
5. devcon update %path_to_inf%\b44win.inf PCI\VEN_14E4

you get the idea,

the Hardware ID the really an interesting thing, if you ever need it then you can do devcon find * | more and you will get a nice list of all your hardware..

UPDATE –

Actually that failed aswel, supid computers are stupid.

In the end I basically did the follwoing

1. mounted the WIM image
2. edited the sysprep.inf to include
   • DriverSigningPolicy=Ingore
   • UpdateInstalledDrivers=Yes
3. unmounted and commited the changes
4. edited the sysprep in the sccm DP (just incase)
5. updated the DP and WIM DP
6. retried
7. Done

SCCM can be a pain in the ass.

Good luck!

I have been testing redeploying xp via sccm r2 (beta) and I want to get it working with a single image, multiple HAL and from a vmware image,

I had mega problems with pxe booting and denying and failing, the logs are saying either the netbios or the guid are not matching.. i found a useful post

http://myitforum.com/cs2/blogs/cstauffer/archive/2009/05/11/configmgr-osd-mdt-clear-pxe-cache.aspx

basically, restart the “Windows Deployment Service” on the SCCM machine, this will flush the log and allow the machine to boot..

thanks