Chris Davis | 9z Technical Blog

Image via Wikipedia

So... I found out this week that a lot of folks get confused by some of our (Microsoft's) KB and TechNet articles when we start showing examples of how to use a command line tool. Same holds true when you look at the helpfile for some of the same commands.

It is actually not just random as some folks think :-)

So here's how this breaks down:

Text without brackets, braces, angles, etc, means items you MUST type as shown.

Text inside of <angle brackets> are a placeholder that you MUST put a value.

Text inside of [square brackets] are just optional items.

When you see items {inside of braces} these are a SET of required items, you need to pick ONE.

When you see a vertical bar like this | these are just showing mutually exclusive items, pick ONE.

When you see this (...) this indicates something that can be repeated.

For instance lets take the command line REPADMIN. The help file shows this:

repadmin <cmd> <args> [/u:{domain\user}] [/pw:{password | *}] [/retry[:<retries>][:<delay>]] [/csv]

Meaning, repadmin is obviously required. And so is providing some sort of arguement such as /syncall. Everything else is optional.

So then we would look at the help file for repadmin /syncall

repadmin /syncall <DSA> [<Naming Context>] [<flags>]

Meaning to sync the DC, you would need to type something like this:

repadmin /syncall myDomainController.mydomain.local

And optionally you can do some extra stuff like this:

repadmin /syncall myDomainController.mydomain.local /AeP

Which would cause (if you read the helpfile) myDomainController to sync all the naming contexts (NC's) that it holds in the database enterprise wide and will Push the changes.

What's actually funny about this one particular command (little off subject but worth mentioning) is that you can also specify the switch /q to run in quiet mode - or the /Q switch to run in REALLY quiet mode   ;-)

I hope this helps to clarify.

Image via Wikipedia

I felt this was definately worth an echo from:
http://www.networkworld.com/news/2011/070511-microsoft-patent-android.html

One of Microsoft's hottest new profit centers is a smartphone platform you've definitely heard of: Android.

Google's Linux-based mobile operating system is a favorite target for Microsoft's patent attorneys, who are suing numerous Android vendors and just today announced that another manufacturer has agreed to write checks to Microsoft every time it ships an Android device.

Microsoft's latest target is Wistron Corp., which has signed a patent agreement "that provides broad coverage under Microsoft's patent portfolio for Wistron's tablets, mobile phones, e-readers and other consumer devices running the Android or Chrome platform," Microsoft announced.

You won't find Wistron devices in a Google Shopping search or on Amazon.com, because the company builds components for other brands. The existence of both Android and Chrome in the latest patent agreement shows Microsoft is going after Google products on multiple fronts. Chrome OS laptops, or "Chromebooks," recently hit the market from Samsung and Acer and contain the Chrome browser running on top of Linux.

"We are pleased that Wistron is taking advantage of our industrywide licensing program, established to help companies address Android's IP issues," Microsoft general counsel Horacio Gutierrez said in a press release.

Microsoft has struck more than 700 licensing agreements since launching its IP program in December 2003, including at least five with Android vendors. Just last week, Microsoft announced Android agreements with Velocity Micro, General Dynamics and Onkyo Corp. Since Microsoft is making the announcements one by one, there could be more coming this week.

The biggest win, however, was a patent agreement struck last year with HTC, which has become one of the most successful smartphone vendors on the strength of its Android devices such as the Evo and Thunderbolt.

Microsoft reportedly receives $5 every time HTC sells an Android phone, leading some observers to conclude that Microsoft makes more money from Android than its own WindowsPhone 7 platform.

Microsoft isn't done, either. After all, there are dozens of Android vendors. Motorola, another major Android device maker, is fighting Microsoft's patent infringement claims in court, butMicrosoft recently received a ruling in its favor in the ongoing litigation, according to patent watcher Florian Mueller.

Microsoft is suing Barnes & Noble over the Android-based Nook, and has signed patent agreements with Samsung and LG, although it's not clear whether these agreements extend to Android, Mueller also notes. 

Microsoft claims Motorola infringes on 21 patents, including 19 with Android, according to Mueller.

Microsoft's contentious relationship with Linux-based products goes back many years, of course, to CEO Steve Ballmer calling Linux a cancer in 2001 and a 2007 claim that Linux and other open source software violates 235 Microsoft patents. 

The Android patent wars also extend a fierce rivalry with Google, with the two companies fighting on many fronts including search engines, operating systems, browsers, office software and of course, mobile devices.

Ironically, Google's Android is likely a bigger profit maker for Microsoft than Bing, which has failed to topple Google in the search market. Bing is part of Microsoft's Online Services division, which lost more than $700 million in the most recent quarter. Microsoft's Windows Phone revenue numbers haven't been revealed, but Android is well ahead of Microsoft in smartphone market share.

Image via Wikipedia

I was trying to retire my SBS 2008 box after migrating to SBS 2011 and I couldn't uninstall Exchange Server. I kept getting errors that I needed to remove the replica sets from the public folders. But when I would run the RemoveReplicaFromPFRecursive.ps1 script is would error out over and over no matter what I put in it. By the way, if you get an error that "A positional parameter cannot be found that accepts argument 'Folder'" it is because it doesn't like the space when you tried to type "Public Folder Database" so just use "\" instead.

I was beating myself up over that one for a while.

Anyway - if the script won't work you probably have an incorrect container with nothing inside in the path: CN=Second Storage Group,CN=InformationStore,CN={servername},CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC={domain},DC=local

I validated it was empty - and deleted it from ADSI edit and was then able to uninstall Exchange Server. If you don't know what ADSI edit is, you probably don't want to try this yourself without opening a support case. {sorry}

You can also see this article at my technet blog at http://blogs.technet.com/b/the_9z_by_chris_davis/archive/2011/05/17/removereplicafrompfrecursive-ps1-returns-quot-there-is-no-existing-publicfolder-that-matches-the-following-identity-quot.aspx

Image by Jason Cartwright via Flickr

So something I've been recommending to my customers for a while is to have the equivalent of an in flight data recorder on their server. You can do this with Perfmon with circular logging and it isn't that hard to set up.

Why? Well take for example this scenario. You just got a call from one of your users that said the server was incredibly slow - you log on and everything looks fine. The user says yeah, it's ok now but what happened?

Well, if it happens a couple more times - especially if someone or some automated process is waking you up in the middle of the night - you're probably going to want to get to the bottom of this, right? Well, why wait until the problem happens again? Because you don't have any data. Well now you can.

What you want to do is set Perfmon up so it ALWAYS runs. Keep a log of say 300 MB, 500 MB, or maybe a gigabyte of history. Set it up to start every time the machine starts up. And set it up to overwrite the log. This will always keep a history (similar to your event log) of what was just going on with the server in question.

Here's how:

Image by Getty Images via @daylife

OK so it isn't really dead, but it isn't necessary anymore. I've run into this out in the field a few times recently, it would seem we didn't get the word out on this very well.

In older versions of Windows (prior to 2008) you had to use a tool called "ntdsutil" to forcably remove dead DC's (or DC's that were forcably removed using dcpromo /forceremoval) Here are some screenshots of that process.

As of 2008 this is no longer necessary. Simply deleting the account from the "Domain Controllers" OU will do the trick. Alternatively you can delete the DC from Sites and Services. Few extra steps but it works.

For more information please refer to this technet article.

And before you ask, no. To my knowledge there are no plans to actually remove ntdsutil.

Image by Getty Images via @daylife

This might be a tiny bit off the norm for my blog but I keep getting the same questions from a lot of people. There's a lot of confusion in the consumer market right now as the big players try and position themselves as the standard.

This confusion is not healthy for consumers. Let's face it, those little magical pocket companions are becoming more and more a part of our lives, and I truly believe we've only scratched the surface. More and more your personal and professional lives will be tied and combined into these devices. Think back five years ago - did you see people in airports, lobby's, bus terminals, traffic lights, restaurants, etc all looking down at their phones? Typing away on emails or facebook? No, they were staring off into space - a void we didn't even really know existed. A waste of brain cycles some believe, a necessary break to allow the brain to store and process others would say. Whatever your philosophy, those days are gone.

A year ago I blogged (on another site which will forever remain nameless) about a coming device that someone would inevitably invent which would be a hybrid of the laptop and the phone. This now exists in a rather unrealized and somewhat underengineered form with the Motorola Atrix, but make no mistake. The device that will exist in your pocket for about 85% of what you need to do while mobile, then about 15% of the remaining tasks (like an Excel spreadsheet, long email, blog, or PowerPoint for instance) will be the same device, however either docked at home or docked at work with a full size monitor keyboard and mouse, depending where you are. Technologies that sync your documents (like Windows Phone 7 and the SkyDrive integration for documents and OneNote) up in the cloud aren't a fad. This is reality. This is the future.

Let me attempt to clear the present state of that future a bit.

Image by ToniVC via Flickr

So I was getting an "openservice remoteregistry failed" error trying to build a 2008 R2 failover cluster. Turned out to be a time issue. As you probably know, although Active Directory doesn't rely on syncronized time, Kerberos does - and that impacts a lot of things that AD relies on.

So, after some time researching and seeing some really bad advice (mostly relating to "just reload your server and that should fix your problem" type guidance out there) I figured I should drop this out there in case anyone wants to save a couple hours of needless work.

FYI Microsoft best practice for time is for everything on your network to sync to your PDC emulator - and have that sync to an external time source.

View Full Size Image

So there's a neat little section in DFSR I never really paid much attention to the other day, until a customer was looking for a way to accomplish something that tied into this.

Subfolder filters in DFSR. So, just like a file filter (like *.mp3) where you can keep a file type from being replicated across a replication group (RG) you can actually filter subfolders that match criteria.

In this case the customer needed a single unified namespace for all their projects, but several of the folders in the root of the share didn't need to be replicated as they were for the home office only (accounting and project management stuff).

So they were creating multiple RG's per project, per dicipline. This was about to put them up against the DFSR 1024 rule (see http://technet.microsoft.com/en-us/library/cc779936(WS.10).aspx), and all the staging and conflict/deleted directories were killing their diskspace.

So, I suggested using a folder filter to keep the home office subfolders at the home office, while allowing all the others to replicate across the various offices around the world.

But it didn't work. OR so I thought... as it turns out the technology is solid, I was just being impatient. Here's why.

Image via Wikipedia

Not 100% sure I've figured this completely out, but I have a work around so I'll post it. Pretty sure this has to do with NTLM vs kerberos. I think it needs to go up now without a 100% locked down root cause because I see a couple dozen people out there posting the same issue and nobody wants to listen to them - everyone immediately assume it is DNS related, which it isn't, but ceases to help after they tag it with that issue.

The problem occurs when you add a forest trust to a couple of domains, then try to add resources directory to an XP box (such as add a user to a local group - in my case when testing some ADMT scenarios for a customer). When you click the locations tab, some trusts show up and some don't.

Image via Wikipedia

I was hanging out with a great bunch of guys at an IT shop in Colorado. They had me over for a few weeks upgrading their DC's to 2008 R2 (a smart move for any customer) and I ran into a bit of a snag.

Each branch had two DC's equally load balanced to service DNS, DHCP, and authentication requests from clients. As they were all 2003 32-bit, they all had to be reloaded. I figured the best way was move roles to the partner, nuke/pave, rinse/repeat.

On the second branch, working on promoting the second DC, the error came up that "Windows cannot create the object because the Directory Service was unable to allocate a relative identifier" which usually means the RID master has toumbstoned or has been down so long the DC's can't refill their buckets.