Delegating AD Admin Rights to regular users

I want to let regular user be able to administer users and computers in a specific OU.

There is a AD setting which allows any regular domain user to add a maximum of 10 Computers to the domain. This setting can be turned off like this:

  1. Start AdsiEdit.msc as Domain Admin
  2. Expand the Domain Node, right-click the DC=Domain node and select Properties
  3. Edit ms-DS-MachineAccountQuota and set it to 0

To set up the delegation do the following:

  1. In ADUC click view, Advanced Features
  2. Right-click on the OU where you want to add permission and select Properties
  3. On the Security Tab select Advanced and add the following permissions
    • To edit Users
      User Objects – Full Control
    • To Reset User Passwords Only
      User Objects – Read pwdLastSet
      User Objects – Write pwdLastSet
      User Objects – Reset Password
    • Add Computers
      This object and all child objects – Create Computer Objects
      This object and all child objects – Delete Computer Objects
    • Add Computers
      This object and all child objects – Create User Objects
      This object and all child objects – Delete User Objects

To add a computer to the domain the user first need to create a Computer Account in the Correct OU and then add the computer.

Links

http://www.infinitconsulting.com/news-events/technotes/limit-workstations.html

Set Site Links to Notification-Based Replication

Notification based replication will result in immediate replication between sites… remember that this will increase your replication traffic with 20-30%.

  1. Start  ADSIedit.msc and connect to the configuration container.
  2. Go to Inter-Site Transports – CN=IP.
  3. Right-click the site link object, and then click Properties.
  4. Select options.
  5. If the Value box shows <not set>, type 1. If the Value(s) box contains a value, you must 
    derive the new value by using a Boolean BITWISE-OR calculation on the old 
    value, as follows: old_value BITWISE-OR 1. For example, if the value in the 
    Value(s) box is 2, calculate 0010 OR 0001 to equal 0011. Type the integer 
    value of the result in the Edit Attribute box; for this example, the value 
    is 3.
  6. Click OK.

 

Links

http://blogs.technet.com/tmintner/archive/2006/04/12/425111.aspx

VHD booting… Rocks

Today I installed the Windows 7 Beta to test the VHD boot… It is so cool.

image

This is a screenshot of a computer dual booting Windows 7 and Windows Server 2008 R2 🙂

Here is a description on how to do it.

1. Boot the machine using the Windows 7 DVD
2. Choose Windows Repair
3. start CMD
4. Run Diskpart
5. Type: Create vdisk file=c:Windows7Build7000.vhd maximum=40000
6. Type: select vdisk file=c:Windows7Build7000.vhd
7. Type: attach vdisk
8. Type: ‘exit’
9. Install Windows 7 to the .VHD
10. Reboot

 

Links

http://blogs.msdn.com/cesardelatorre/archive/2009/01/11/windows-7-natively-booting-from-a-vhd-virtual-pc-image-file.aspx
http://blogs.technet.com/aviraj/archive/2009/01/17/windows-7-boot-from-vhd-first-impression-part-1.aspx
http://blogs.technet.com/aviraj/archive/2009/01/18/windows-7-boot-from-vhd-first-impression-part-2.aspx
http://blogs.technet.com/aviraj/archive/2009/01/28/windows-7-boot-from-vhd-first-impression-part-3-booting-vhd-from-vista-sp1-or-later.aspx

Microsoft CRM Version Numbers

Here are the build number of of the different rollup fixes for Microsoft CRM

Version Build Number Released on Link
RTM 4.0.7333.3 12/19/2007  
Rollup 1 4.0.7333.1113 11/24/2008 http://support.microsoft.com/kb/952858
Rollup 2 4.0.7333.1312, 4.0.7333.1316 1/15/2009, 2/8/2009 http://support.microsoft.com/kb/959419
Rollup 3 4.0.7333.1408 3/12/2009 http://support.microsoft.com/kb/961768
Rollup 4 4.0.7333.1551 5/7/2009 http://support.microsoft.com/kb/968176
Rollup 5 4.0.7333.1644, 4.0.7333.1645 7/2/2009 http://support.microsoft.com/kb/970141
Rollup 6 4.0.7333.1750 9/27/2009 http://support.microsoft.com/kb/970148
Version Build Number Released on Link
RTM 4.0.7333.3 12/19/2007  
Rollup 1 4.0.7333.1113 11/24/2008 http://support.microsoft.com/kb/952858
Rollup 2 4.0.7333.1312, 4.0.7333.1316 1/15/2009, 2/8/2009 http://support.microsoft.com/kb/959419
Rollup 3 4.0.7333.1408 3/12/2009 http://support.microsoft.com/kb/961768
Rollup 4 4.0.7333.1551 5/7/2009 http://support.microsoft.com/kb/968176
Rollup 5 4.0.7333.1644, 4.0.7333.1645 7/2/2009 http://support.microsoft.com/kb/970141
Rollup 6 4.0.7333.1750 9/27/2009 http://support.microsoft.com/kb/970148

Microsoft CRM 3.0 RTM 3.0.5300.0
Microsoft CRM 3.0 Rollup 1 3.0.5300.1189
Microsoft CRM 3.0 Rollup 2 3.0.5300.1561
Microsoft CRM 3.0 Rollup 3 3.0.5300.1754

RTM  4.0.7333.3  12/19/2007  
Rollup 1 4.0.7333.1113
Rollup 2 4.0.7333.1312, 4.0.7333.1316
Rollup 3 4.0.7333.1408
Rollup 4 4.0.7333.1551
Rollup 5 4.0.7333.1644, 4.0.7333.1645
Rollup 6 4.0.7333.1750
 

RTM 4.0.7333.3 12/19/2007  
Rollup 1 4.0.7333.1113 11/24/2008 http://support.microsoft.com/kb/952858
Rollup 2 4.0.7333.1312, 4.0.7333.1316 1/15/2009, 2/8/2009 http://support.microsoft.com/kb/959419
Rollup 3 4.0.7333.1408 3/12/2009 http://support.microsoft.com/kb/961768
Rollup 4 4.0.7333.1551 5/7/2009 http://support.microsoft.com/kb/968176
Rollup 5 4.0.7333.1644, 4.0.7333.1645 7/2/2009 http://support.microsoft.com/kb/970141
Rollup 6 4.0.7333.1750 9/27/2009 http://support.microsoft.com/kb/970148

To find out your current build number, you may run the following query against your [ORGANIZATION]_MSCRM database.

Select * FROM BuildVersion

Links

http://msdynamicscrm-e.blogspot.com/2009/02/crm-40-build-versions.html
http://consulting.ascentium.com/blog/crm/Post545.aspx
http://vidmar.net/weblog/archive/2009/08/11/ms-crm4-build-numbers.aspx

JRNL_WRAP_ERROR

You get this error in the eventlog:

The File Replication Service has detected that the replica set “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)” is in JRNL_WRAP_ERROR.

Replica set name is    : “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)”
Replica root path is   : “c:winntsysvoldomain”
Replica root volume is : “\.C:”
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons.

[1] Volume “\.C:” has been formatted.
[2] The NTFS USN journal on volume “\.C:” has been deleted.
[3] The NTFS USN journal on volume “\.C:” has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on “\.C:”.
Setting the “Enable Journal Wrap Automatic Restore” registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run “net stop ntfrs” followed by “net start ntfrs” to restart the File Replication Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.

WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.

To change this registry parameter, run regedit.

Click on Start, Run and type regedit.

Expand HKEY_LOCAL_MACHINE.
Click down the key path:
   “SystemCurrentControlSetServicesNtFrsParameters”
Double click on the value name
   “Enable Journal Wrap Automatic Restore”
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

 

Do as it says and don’t forget to change it back

Working with CSV and AD

To export Contacts from AD to CSV use

CSVDE -F CONTACTS.CSV -R “(objectclass=contact)”

To import contacts from file:

CSVDE –I -F CONTACTS.CSV

To import with logging:

CSVDE –I -F CONTACTS.CSV –j c:

Note: User path for logfiles, not name of logfile.

Format of contact import file:

objectClass,displayName,DN,mailNickname,targetAddress,proxyAddresses,msExchPoliciesExcluded,mail

contact,Aaron Adams,”CN=Aaron Adams,OU=Category, OU=Distribution, DC=Domain, DC=com”, aadams, SMTP:aadams@domain.com,SMTP:aadams@domain.com,{26491CFC-9E50-4857-861B-0CB8DF22B5D7},aadams@domain.com

Links:

CSVDE:

http://support.microsoft.com/default.aspx/kb/327620

http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/b5afac99-e684-4ee2-a830-7eb71a78ae12/

Great SCV Editor:

http://csved.sjfrancke.nl/index.html

Problems installing Flash in TS or Citrix

Today I ran into a curious problem. I had installed Flash 9 on three Citrix servers and on the last one it only worked for admins.

I googled for a while and ran into this solution:

1. Make sure you have ADMIN privileges to the machine
2. Search your machine for the file “flash.ocx”
3. copy or write down the full path to this file. It -should- be
C:/Windows/System32/Macromed/Flash/Flash.ocx
If the file is NOT in that folder, copy it into that folder. Make sure there are NO other .ocx files in that folder. If there is an ‘swflash.ocx’ delete it.
4. Choose Start> Run
5. In the run dialog, type or paste exactly this line. :
RegSvr32 C:/Windows/System32/Macromed/Flash/Flash.ocx

 

And it worked!!!

Links:

http://www.brianmadden.com/forums/t/21123.aspx

Exchange Server Blog: Room Mailbox Scripts Exchange Server 2007

Today i was looking for some good scripts for handling room mailboxes. I found these:

 

new-Mailbox -alias “Meeting Room” -database “Mailbox Database” -name “Meeting-Room” -resourcetype room –userPrincipalName room-meetingroom@exch.local –OU “Resource Mailboxes/Company”

Creates a new Room Mailbox

Set-MailboxCalendarSettings MeetingRoomAlias -AutomateProcessing:AutoAccept

Enables Auto Accept

Set-MailboxCalendarSettings MeetingRoomAlias – AddAdditionalResponse $True
Set-MailboxCalendarSettings MeetingRoomAlias – Additional Response “This is the custom Response”

Sets alternate decline response.

Links

Exchange Server Blog: Room Mailbox Scripts Exchange Server 2007

Enable Search folders in Outlook Web Access

I have started using this method for organizing my mail and since it is very reliant on search folders I wanted to be able to access my search folders from Outlook Web Access.

To get this working you need to do the following:

 

  1. Disable Cached Mode in Outlook
  2. Connect to the start Outlook and connect to the Exchange Server
  3. Refresh your Search Folders

 

If you re-enable Cached Mode it will still work but you will not be able to add new Search Folders

Links:

http://support.microsoft.com/kb/831400