If you’re migrating data from one domain to another, sometimes you need to retain file and directory permissions.
Let’s assume you’ve recreated users and security groups the way they were. Then you can do the following:
dump all rights to a file (on the old fileserver)
subinacl /noverbose /outputlog=D:\apps_perms.txt /subdirectories d:\apps\*.* /display
replay the file (on the new fileserver)
subinacl /playfile D:\apps_perms.txt
In addition to the previous article, you might want to add your default locale to the import-mailbox command.
e.g.
import-mailbox -identity "hugo" -pstfolderpath "c:\pstfiles" -locale "nl-NL"
Otherwise annoying duplicate folders like Inbox/Postvak IN, Calendar/Agenda, Drafts/Concepten, etc will appear.
I haven’t figured out how to get proper resultcodes or errorhandling from the “Import-Mailbox” command, but you can use your transcript file for that. See my other post for that.
You’ll need some global vars, e.g.:
$your_import_file="c:\import\import.csv" $folder_with_psts="C:\exmerge\primary database export files"
Then it’s as simple as this:
function import_mailboxes()
{
$UserDetails=Import-Csv -delimiter ";" $your_import_file
$count=0
$found=0
$notfound=0
foreach($UD in $UserDetails)
{
$count++
$username=$UD.Code.ToLower()
$full_path_to_pst=$folder_with_psts + $username + ".pst"
$FileExists = Test-Path $full_path_to_pst
if ($FileExists)
{
write-host "$count - $username - Ready to import ($full_path_to_pst)" -ForegroundColor Green
$found++
Import-Mailbox -Identity $username -PSTFolderPath $folder_with_psts
}
else
{
write-host "$count - $username - No matching pst file found!" -ForegroundColor Red
$notfound++
}
}
write-host "Summary: Found (and hopefully successfully imported): $found, Not Found: $notfound"
}
Create .csv files from all smtp email addresses in your (exchange 2003) environment.
csvde -f groups.csv -d "dc=home,dc=yourdomain,dc=local" -r "(&(objectClass=group)(mail=*))" -l "DN,displayName,proxyAddresses" csvde -f users.csv -d "dc=home,dc=yourdomain,dc=local" -r "(&(objectClass=user)(mail=*))" -l "DN,samAccountName,displayName,mail,proxyAddresses" csvde -f contacts.csv -d "dc=home,dc=yourdomain,dc=local" -r "(&(objectClass=contact)(mail=*))" -l "DN,displayName,targetAddress"
When running Outlook 2007 for the first time, you get those annoying 3 questions.
Download the “2007 Office system (SP2) Administrative Template files (ADM, ADMX, ADML)” (currently for SP2) and add it to your policies. Then:
User Configuration\Administrative Templates\Microsoft Office 2007 system\Privacy\Trust Center\ - enable the "Disable Opt-in Wizard on first run". User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options\Preferences\Search Options\ - enable the "Prevent installation prompts when Windows Desktop Search ..." User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools |Account Settings\RSS Feeds - disable the "Default RSS Feeds" - disable the "Synchronize Outlook RSS Feeds with Common Feed List"
This script uses the RemoteExchange calls for Exchange 2010:
. 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1' Connect-ExchangeServer -auto
And the function:
function enable_mailbox_for_existing_user([string]$username)
{
$check = get-aduser -Filter { samAccountName -eq $username }
if($check -eq $null)
{
write-host "- User does not exist - ERROR" -ForegroundColor Red
}
else
{
# seems like the user exists
$mailbox_test = get-user $username | select recipienttype
if ($mailbox_test.RecipientType -eq "userMailbox")
{
write-host "- User is allready mail-enabled - WARNING" -ForeGroundColor Yellow
}
if ($mailbox_test.RecipientType -eq "User")
{
Enable-Mailbox -Identity $username -Alias $username | Out-Null
write-host "- Mailbox for user created - OK" -ForeGroundColor Green
}
}
}
Again, you’ll need the Windows 2008 r2 ActiveDirectory module for this to work:
import-module ActiveDirectory
Some static variables:
$default_securitygroup_ou="OU=MySecurityGroups,"
And the functions:
function add_security_group([string]$StrGroupName)
{
$check = get-adgroup -Filter { name -eq $StrGroupName }
if($check -eq $null)
{
$ad_path = $default_securitygroup_ou + (get-addomain).distinguishedname
New-ADGroup -Path $ad_path -name $StrGroupName -GroupScope Global -GroupCategory Security
write-host "- Security Group created - OK" -ForeGroundColor Green
}
else
{
write-host "- Security Group allready exists" -ForeGroundColor Yellow
}
}
function add_user_to_group([string]$username, [string]$security_group)
{
$grp = get-adgroup -Filter { name -eq $security_group }
if ($grp -eq $null)
{
write-host "- Security Group does not exist - ERROR" -ForeGroundColor Red
}
else
{
# group does exist, lets see if the users is allready a member
$members = get-adgroupmember -Identity $security_group
foreach ($mem in $members)
{
if($mem.samAccountName -eq $username)
{
$found = $true
}
}
if ($found)
{
write-host "- User is allready a member of this Security Group - WARNING" -ForegroundColor Yellow
}
else
{
add-adgroupmember -identity $security_group $username
write-host "- User succesfully added to Security Group - OK" -ForegroundColor Green
}
}
}
In addition to the previous example it would be nice to create users from the .csv files.
You’ll need the Windows 2008 r2 ActiveDirectory module for this to work:
import-module ActiveDirectory
Also i have a couple of static variables:
$default_users_ou="OU=myusers," $ad_domain="my.domain.local" $share_profiles="\\fileserver01\profiles" $share_users="\\fileserver01\users" $homeshare_drive="Z:"
And here we go:
function add_user([string]$username, [string]$plaintextpassword, [string]$group, [string]$givenname, [string]$surname, [string]$displayname, [bool]$enabled)
{
# syntax: add_user f.deboer mypass$78 teacher "Boer, De" "Frank" "Boer, De, Frank" $true
$check = get-aduser -Filter { samAccountName -eq $username }
if($check -eq $null)
{
$user_password=ConvertTo-SecureString -string $plaintextpassword -asPlainText -Force
$ad_user_path=$default_users_ou + (get-addomain).distinguishedname
$loginscript=$group + ".bat"
New-ADUser -Name $displayname -SamAccountName $username -UserPrincipal "$username@$ad_domain" -AccountPassword $user_password -CannotChangePassword $true -PasswordNeverExpires $true -Enabled $enabled -ProfilePath "$share_profiles\$username" -HomeDirectory $share_users\$username -HomeDrive $homeshare_drive -ScriptPath $loginscript -GivenName $givenname -Surname $surname -DisplayName $displayname -Path $ad_user_path
write-host "- User Created - OK" -ForeGroundColor Green
}
else
{
write-host "- User allready exists" -ForeGroundColor Yellow
}
}
Powershell is ideal for bulk operations, e.g. creating lots of users in active directory.
Say we have a .csv file that looks like this:
loginname;firstname;middlename;lastname;fullname;function;password f.deboer;f;de;boer;Boer, de, Frank;teacher;mypass$78 r.deboer;r;de;boer;Boer, de, Ronald;teacher;123pass60 m.manager;m;;manager;Manager, Mike;manager;superpassw0rd
You might want to specify some global variables first.
$import_file="d:\import\importfile.csv"
Now let’s create a simple function to read the file.
function readcsvfile()
{
$UserDetails=Import-Csv -delimiter ";" $import_file
foreach($UD in $UserDetails)
{
$loginname=$UD.loginname
$firstname=$UD.firstname
$middlename=$UD.middlename
$lastname=$UD.lastname
$fullname=$UD.fullname
$function=$UD.function
$password=$UD.password
echo "$username"
echo "$password"
# or something else you want to do with tis information
}
}
# Modules # - http://technet.microsoft.com/en-us/library/ee617195.aspx import-module ActiveDirectory
To log your entire powershell session to a file you can use the start-transcript and stop-transcript commands.
$mypowershellapplicationdir = "c:\myapp"
$logfiledate = (get-date).tostring("yyyyMMddHHssmm") + ".txt"
start-transcript -path $mypowershellapplicationdir\logs\$logfiledate
Stop-transcript will automatically be done when leaving powershell.
Currently, Exchange 2010 SP1 is still in beta. Among other new features it’s not longer necessary to install Outlook 2010 (64 bit!!) on your Exchange 2010 server.
For now you have to.
To import or export .pst files you need to get the right Role Assignment. From the Exchange Management Shell:
New-ManagementRoleAssignment –Role “Mailbox Import Export” –User “Administrator”
Then it’s just a matter of:
Export-Mailbox Administrator -PSTFolderPath E:\
HOWEVER
If you have all the roles (Mailbox, Client Access and Hub Transport) on the same server, you’ll run into error:
Error occurred in the step: Approving object. An unknown error has occurred., error code: -2147221219
Solution:
This should be fixed in SP1 or even before that.
From the Exchange Management Shell:
Get-Mailboxdatabase | Add-AdPermission -User Administrator -AccessRights GenericAll
sysprep.inf:
[Identification] JoinDomain=DOMAIN DomainAdmin=sysprepadmin DomainAdminPassword=password MachineObjectOU="OU=Desktops,OU=Machines,DC=Domain,DC=local"
User policies are applied based on who you are.
More specific: in what OU your user account is, since group policy objects are linked to OU’s.
But sometimes you want to apply policies based on where you are.
For instance, specific settings apply when you log on to a terminal server instead of your own pc.
This is where loopback policies come in place.
Microsoft’s knowledgebase: http://support.microsoft.com/kb/231287
Maybe it’ll be fixed in newer versions but todays latest version of Nokia OVI Suite is 2.1.1.1 and the latest firmware for my nokia E71 is 410.21.010.
So now everything’s up to date, still can’t sync contacts, agenda, etc with the OVI Suite. All i get is error “80043c94”.
Searched all over the net, but no solution. AARGH
Reason: You cannot have your application data (%appdata%) redirected. Revert to default settings (as part of your user profile, whichs makes your userprofile bigger/slower when logging in/out) and sync works again.
XP or 2003 rktools gives you version XP010. There is a newer version, but hard to find.
Here’s XP026, the latest that’ll run on XP (Vista and up have 027 embedded but won’t run on XP).
This “system reserved partition” is used for two things:
If you do not need bitlocker and you want to keep things simple (e.g. for imageing purposes), you might want to remove this partition when installing Windows. In this example i assume there’s only one drive and it’s empty.
Windows 7 audit mode is used for preparation of computers in order to add software and drivers without the need to do the final OOBE (Out Of Box Experience), which should be done by the end-user.
It is also used to create images for deployment, but i’ll do an article on that later.
You are now in audit mode and will have the opportunity to install any application you want.
Reboot as many times as necessary. After reboot, you’ll see the sysprep window again, just close it every time until done installing.
Do a final reboot. At the sysprep screen choose the OOBE option.
Don’t check the Generalize option, unless you want to create an image for deployment purposes.
The system is now ready for the end-user with all applications pre-installed.
The net is full of discussions whether severe fragmentation will be able to cause a system crash or not. Allthough in theory it will only cause a performance bottleneck, from own experience i can tell you it will be able to crash your system!
Therefor always defragment your partitions. It will not only gain performance but also stability!
Took me quite some time to figure out the problems this client was having:
All came down to one simple solution:
regsvr32 %systemroot%\system32\ole32.dll
Run from prompt:
for /f "tokens=*" %a in ('dir /b *.dll') do regsvr32 /s %a
Remember: when running from a batchfile %a becomes %%a
Running around 300 servers in small environments (meaning: only one 2003 server as domain controller and file/print/exchange) lead me to the following tweaks:
@echo off echo "This server has 1 GB or more of physical memory" reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v HeapDeCommitFreeBlockThreshold /t REG_DWORD /d 262144 /f echo "This server is running Windows 2003" reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v SystemPages /t REG_DWORD /d 0 /f echo "This server is a domain controller - faster shutdown" reg add "HKLM\SYSTEM\CurrentControlSet\Control" /v WaitToKillServiceTimeout /t REG_SZ /d 20000 /f
Where as Windows has many many cloning tools (e.g. Ghost), for linux cloning isn’t quite common.
Yesterday i needed to migrate an installation to another server. First make sure that you compile all the things you need in your current kernel.
With a Iinux live cd I created a backup of my boot partition (/dev/sda1) to a file on a usb disk (mounted as /backup)
dd if=/dev/sda1 of=/backup/sda1.dd
Then i wanted to restore it to another machine with a different partition size.
Here’s how:
mount -o loop -t ext3 /backup/sda1.dd /backupsda1
mount /dev/sda1 /mnt
cd /backupsda1 rsync -av * /mnt/
mount -t proc none /mnt/proc mount -o bind /dev /mnt/dev
chroot /mnt
grub-install /dev/sda
That’s it!
edit:
if your previous installation has an older version of grub, you might need to create your filesystem with a smaller inode size, otherwise grub won’t function correctly:
mkfs.ext3 -I 128 /dev/sda1
Flash:
New url: http://www.adobe.com … oftware/flash/about/
Old url: http://kb2.adobe.com … ps/155/tn_15507.html