Get last password changed for AD user

If you want to know when was the last password changed by AD user,you can use powershell 

Import-Module ActiveDirectory

Get-ADUser ‘UserName’ -properties PasswordLastSet | Format-List

 

Advertisements

Windows 2008 Server R2 adprep\adprep32

Are you having trouble running ADPREP on your current 32-bit Domain Controller? Have you ran ADPREP multiple times on your Domain but still get an error stating you have not prepared your Domain yet?

Here is a change that gets even the most seasoned Admins. In Windows 2008 Server R2 there is a new ADPREP that needs to be run on a Domain Controller that are your FSMO role holder of the Schema Master role and run a 32-bit version of Windows Server. 

The Domain prep tool is called ADPREP32 which is located on in the \support\adprep.

The switches for the ADPREP32 are the same as the adprep. Here are the main switches used /FORESTPREP, /DOMAINPREP, and /RODCPREP.

Now adprep is still used when your current Domain Controller that holds the FSMO role of Schema Master role is running a 64-bit version of Windows Server. Actually the 64-bit version of ADPREP runs by default this is why you must know to run ADPREP32 on your 32-bit Domain Controller. 

Some background information on adprep:

ADPREP is a command line tool that comes with each version of Windows server.  ADPREP is used to extend the Active Directory schema to support the new features of Active Directory Services in the new Windows version.

There are a number of switches that need to be used with the ADPREP command depending on the version of Windows and the current Domain/Forest structure. 

ADPREP updates the Active Directory schema; updates security descriptors; modifies ACLs for Active Directory objects & SYSVOL; and sometimes creates new objects and containers.


Here are the Active Directory schema versions:

13=Windows 2000
30=windows 2003
31=Windows 2003 R2
44=Windows 2008
47=Windows 2008 R2

Inplace upgrading ESXi 5.0 host to ESXi 5.1

  1. Boot your server from the CD or USB drive containing the ESXi 5.1 installer.
  2. Press Enter to start the interactive installer. 
  3. When the files are loaded, press Enter to continue.
  4. Press F11 to accept the EULA.
  5. Select the disk containing previous installation of ESXi and press Enter
  6. When the scanning is completed you will be presented with the following message. Select the Upgrade option and press Enter to continue. 
  7. Press F11 to confirm the upgrade of your ESXi host. 
  8. When the installer finishes the upgrade, remove the installation media from the host and press Enter to reboot.
  9. When the hosts reboots, you should see the familiar screen with the software version , host name and IP address. 

That’s it! You are done. This process takes literally minutes to complete

Exchange 2010 activesync doesn’t work domain admin group members

By default members of an AD protected group like domain admins or enterprise admin cannot use microsoft activesync with a exchange 2010 server. They get a error like this: “Result: ActiveSync encountered a problem on the server. Support code: 0×85010014″.

Solution 1: Remove the protected group memberships for this account, more information about protected groups can be found here.

Solution 2: Goto active directory users and computers, turn on advanced features on the view menu. Go to the user account, security tab and tick the advanced button. After that you have to enable Include inheritable permissions from this object’s parent. Now activesync will work.

 

NLB(WLBS) on Windows Server 2008

 

In this article I will load balance 2 servers and take you through the process step-by-step. Load Balancing takes 2 or more servers and lets them share one IP address so both servers can serve client requests. At the end of this article you should be able to configure NLB.

Gathering Information

Log onto both of the servers and run IPCONFIG /ALL from the command prompt. We need the name, domain and IP address of each server that will be in the NLB Cluster. We will also need to make up an additional name for the cluster in this example we will use SERVER-LB for the virtual cluster name.

The 2 servers we will be Load Balancing are PL2008-01 and PL2008-02. The virtual cluster name will be PL2008-V. So if this was a web server users would go to http://PL2008-V, depending how we configure NLB either PL2008-01, PL2008-02 or both servers will service the web request.

SERVER NAME IP ADDRESS TYPE
PL2008-01.pintolake.net 192.168.1.180 Server 1
PL2008-02.pintolake.net 192.168.1.181 Server 2
PL2008-V.pintolake.net 192.168.1.182 Virtual cluster name and IP address of Servers 1/2

In this example both servers only have one network card. If you have multiple network cards you will still be able to load balance the 2 servers. You need to configure one NIC per server for NLB, both NIC’s should be on the same VLAN and be they should able to contact each other.

PL2008-01

PL2008-02

Installation of NLB feature on all NLB nodes

This should be done on ALL NODES in the NLB Cluster. In this case we are performing this installation on PL2008-01 and PL2008-02.

Open Server Manager, you can open this several different ways in Windows Server 2008. Probably the quickest way to open Server Manager is to right click “My Computer” and choose “Manage”, another way is open “Control Panel” go to “Program and Features” and select “Turn Windows features on or off”. A third way to open it is “Server Manager” option under Administrative Tools.

  • Select “Features” from the Server Manager menu on the left
  • Press “Add Features”

  • Select the checkbox next to “Network Load Balancing”
  • Press “Next”

  • Press “Install”

Installation will proceed to install the necessary components

Installation has successes. It is highly recommended that you repeat this process on all nodes in the NLB cluster at this point before continuing with configuration

  • Press “Close”

NOTE: Network Load Balancing may also be installed from a command prompt with elevated privileges (right click on the command prompt in the Start menu and select Run as administrator) by running theservermanagercmd -install nlb command.

For example:

C:\Windows\system32>servermanagercmd -install nlb

......

Start Installation...

[Installation] Succeeded: [Network Load Balancing].

<100/100>

Success: Installation succeeded.

Configuring NLB on NODE 1 (PL2008-01)

Network Load Balanced clusters are built using the Network Load Balancing Manager which you can start from Start -> All Programs -> Administrative Tools menu or from a command prompt by executing nlbmgr.

  • Under the Cluster Menu option select “New”

  • Enter the first node in the cluster which is PL2008-01
  • Press “Connect”

 

You will have the option to choose which network adapter you want to use, the NIC should be on the same subnet as the other servers in the NLB cluster

  • Press “Next”

  • Enter the Priority ID as, 1 (each node in the NLB cluster should have a UNIQUE ID)
  • Make sure the correct adapter was selected under “Dedicated IP Address”
  • Select “Started” for the “Initial host state” (this tells NLB whether you want this node to participate in the cluster at startup)
  • Press “Next”

  • Press “Add”
  • Enter the Cluster IP and Subnet mask
  • Press “OK”

You can add multiple IP Addresses for the cluster, enter as many as you want.

  • Make sure the “Cluster IP addresses” are correct
  • Press “Next”

  • Select the IP Address for this cluster
  • Enter the NLB address “PL2008-V.pintolake.net”
  • Enter “Unicast” as the “Cluster operation mode”
  • Press “Next”

Unicast vs Multicast

Unicast/Multicast is the way the MAC address for the Virtual IP is presented to the routers. In my experience I have almost always used Multicast, which if you use you should enter a persistent ARP entry on all upstream switches or you will not be able to ping the servers remotely.

In the unicast method:

  • The cluster adapters for all cluster hosts are assigned the same unicast MAC address.
  • The outgoing MAC address for each packet is modified, based on the cluster host’s priority setting, to prevent upstream switches from discovering that all cluster hosts have the same MAC address.

In the multicast method:

  • The cluster adapter for each cluster host retains the original hardware unicast MAC address (as specified by the hardware manufacture of the network adapter).
  • The cluster adapters for all cluster hosts are assigned a multicast MAC address.
  • The multicast MAC is derived from the cluster’s IP address.
  • Communication between cluster hosts is not affected, because each cluster host retains a unique MAC address.

Selecting the Unicast or Multicast Method of Distributing Incoming Requestshttp://technet.microsoft.com/en-us/library/cc782694.aspx

 

 

 

I am leaving all the default for the port rules; by default its set to all ports with Single affinity, which is sticky. For more information on Port Rules, see my Note below.

  • Press “Finish”

NOTE: Add/Edit Port Rule Settings

For most scenarios I would keep the default settings. The most important setting is probably the filtering mode. “Single” works well for most web application, it maintains a users session on one server so if the user server requests go to PL2008-01, PL2008-02 will continue to serve that request for the duration of the session.

None

  • You want to ensure even load balancing among cluster hosts
  • Client traffic is stateless (for example, HTTP traffic).

Single

  • You want to ensure that requests from a specific client (IP address) are sent to the same cluster host.
  • Client state is maintained across TCP connections (for example, HTTPS traffic).

Class C

  • Client requests from a Class C IP address range (instead of a single IP address) are sent to the same cluster host.
  • Clients use multiple proxy servers to access the cluster, and they appear to have multiple IP addresses within the same Class C IP address range.
  • Client state is maintained across TCP connections (for example, HTTPS traffic).

For more information on this please see this TechNet article:

Specifying the Affinity and Load-Balancing Behavior of the Custom Port Rule http://technet.microsoft.com/en-us/library/cc759039.aspx

 

You should see a couple of things in the NLB Manager, this will let us know that this node successfully converged on our new PL2008-V.pintolake.net NLB Cluster

  • Make sure the node’s status changes to “Converged”
  • Make sure you see a “succeeded” message in the log window

Configuring NLB for NODE 2 (PL2008-02)

We will configure PL2008-02 from PL2008-01. If we wanted to configure this from PL2008-02 then we would need to connect to the PL2008-V cluster first then add the host to the cluster.

  • Right click the cluster name “PL2008-V.pintolake.net” and select “Add Host to Cluster”

  • Enter PL2008-02 and press “Connect”

A list of Network adapters will show up

  • Select the network adapter you want to use for Load Balancing
  • Press “Next”

This step is very important; each node in the NLB cluster should have a unique identifier. This identifier is used to identify the node in the cluster.

  • Enter the Priority ID as, 2 (each node in the NLB cluster should have a UNIQUE ID)
  • Make sure the correct adapter was selected under “Dedicated IP Address”
  • Select “Started” for the “Initial host state” (this tells NLB whether you want this node to participate in the cluster at startup)
  • Press “Next”

  • Press “Finish”

You should see a couple of things in the NLB Manager, this will let us know that both nodes successfully converged on our new PL2008-V.pintolake.net NLB Cluster

  • Make sure that both node’s status changes to “Converged”
  • Make sure each node has a unique “host priority” ID
  • Make sure each node is “started” under “initial host state”
  • Make sure you see a “succeeded” message in the log window for the second node

A closer look at the configuration information for this NLB cluster

Vsphere Support for Memory Hot Add and CPU Hot Plug

Following is the chart for supporting Hot Add memory and Hot Plug vCPU.

Capture

 

 

 

By default, virtual machines don’t support Hot Add (add RAM) and Hot Plug (add vCPU). You need to enable this capability on a per-VM basis in order to use it. To do so, you must first shut down the virtual machine since you can’t modify these settings while it’s running. Then, open the virtual machine’s properties, navigate to the Options tab and choose the Memory/CPU Hotplug option in the Advanced section. At the right-hand side of the window, note that there are two section – one for memory and one for CPU. Choose the options you like and then click OK.

Image

Performing a Remote Mobile Wipe with Exchange server 2010

  • Open the Exchange Management Console (EMC)
  • Expand Microsoft Exchange On-Premises.
  • Expand Recipient Configuration.
  • Click Mailbox.
  • Right click to user and select Manage Mobile Phone .

1

In the Manage Mobile Phone Wizard, verify that device is selected that need to be wiped. If it isn’t, single-click to select it.

  • Under Action, click the radio button next to Perform a remote wipe to clear mobile phone data.
  • Click the Clear button.

2

  • Click Yes when prompted to confirm “Are you sure you want to clear the device for {device name}.”

3

The wizard will proceed to the completion screen where you should be presented with a message indicating the successful remote wipe command has been queued. Look closely and you’ll also notice the actual PowerShell cmdlet that’s executed by the GUI. Recall that Exchange 2010 is built to leverage the “power” of PowerShell; the GUI really just acts as a point and click front-end for the shell. Remote wipes are no exception, as they can be handled quite succinctly via two Exchange cmdlets: Get-ActiveSyncDevice and Clear-ActiveSyncDevice. Let’s jump right into that now.