Monday, August 29, 2011

Changing the password of directory service restore mode

Just sitting playing around with ntdsutil and the possibility to change the directory service restore mode password. This is a feature that most companies forget, or are not aware of. If you dont know the password for the domain controllers you cant restore the Active Directory database, remember that domain controllers don't have local user database?. So the password you typed in during domain controller setup "dcpromo" are important, but easy to forget. Lots of times it's not documented and different on all dc's

You had to use a tool called "Ntdsutil", an important tool for Directory Services administration, to change password after the first setup of "Dcpromo". Luckily you could run the command from just one of the domain controllers and change it on each any every domain controller by using a line of parameters
Scripting have been the way of doing it automaticly, you had the choices of making an advanced script to collect dc server names or just use a script with manually typed name, but then it was important to update the script to reflex the changes in your active directory envimoment.

In Windows Server 2008 you could download a fix KB961320 that gave a new feature in ntdsutil to sync the password with an ordinary domain users account. This feature are buildt into the Windows Server 2008 R2. To read more about it check out the Technet page here

Still it's giving us a challenge, the new feature cannot change it on any other server then the one executing it, so is it worse then the old?
The answer are "no", because combining it with "Group Policy Preferences" you can create a scheduled task and run it regulary

And how to do it are in this great article from the people at the Microsoft Directory Service team

Sunday, August 28, 2011

Is there any features on your Windows Server that you dont use?

Of course, and this tuesday I am just going to ramble about it.

Holding a norwegian presentation about feature and stuff that could optimize you Windows Server experience. Don't understand norwegian?. Thats strange!!!!, every norwegian person start to learn english when they are 8-9 years, so I just asummed that every english speaking country learned norwegian at the same time ;-)

Give me a sound if its worth doing a english version webcast or something

Wednesday, August 24, 2011

What log file to look at in Sccm 2007

There are few applications with more log files then Sccm 2007, and remember all of them and what they do might se imposible. But thats the great thing with internet, somebody have of course been think about this and posted info for us to use already. This time its Micosofts Technet site who have given us this page:


Monday, August 15, 2011

Sccm 2007 Nice to know stuff

Holding a Microsoft Sccm course next week and this is just some notes about stuff thats nice to know but easy to forget:

Some important abbreviations:
MP – Management Point
DP – Distribution Point
RP – Reporting Point
BDP – Branch Distribution Point
DDR - Data Discovery Record
FSP – Fallback Status Point
SMP – State Migration Point
SUP – Software Updateing Point
SLP – Server Locator Point
PSP – PXE Service Point
SHV – System Health Validator
IBCM - Internet Client Based Management (Native mode)

Link to a Glossary:

Link to the Infrastructure planning and design guides for System Center:

Link to some super flowcharts to help in the processes like deployment of clients, backup, etc.:

Link to Quizzes about SCCM:

Link to documentation library:

And Link to Technet's Sccm page:

Create a group for all Autopilot devices

Working with Autopilot and need a group covering all AutoPilotet enrolled devices? Michael Niehaus has this covered in his blogpost:  Autop...