Wednesday, September 26, 2012

Import users into SBS 2011 console after a migration.

 

After doing a SBS migration to SBS2011, I found that the users were not displaying in the Small Business Server console.

I came across Brian Fahrenholtz’s script on his website http://blog.coretech.dk and it works pretty well.

' // ***** Script Header *****
' //
' // Solution: SBS Console
' // File: AddUsersToSBSConsole.vbs
' // Author: Brian Fahrenholtz, Coretech A/S. http://blog.coretech.dk
' // Purpose: Add Active Directory user accounts to the SBS Console
' //
' // Usage: AddUsersToSBSConsole.vbs
' //
' //
' // CORETECH A/S History:
' // 1.0.0 BFA 27/01/2011 Created initial version.
' //
' // Customer History:
' //
' // ***** End Header *****
' //***************************************************************************
' //----------------------------------------------------------------------------
' // Main routines
' //---------------------------------------------------------------------------- 
' Defines the OU location for user accounts
' Remember to define the user location before running the script
' Default adds users located in SBSUsers
strSearchOU = "OU= import users,DC=contoso,DC=local"
' Create the ADO Recordset Object
Set rs = CreateObject("ADODB.Recordset")
' Open the Record Set based on the arguments
rs.Open "<LDAP://"& strSearchOU & ">;(&(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)));adspath;subTree", "provider=ADsDSOObject"
Do Until rs.EOF
 'Create an instance of a user object from AD
 Set oUser = GetObject(rs.Fields("adspath"))
 'Update the local property cache value using the Put method
 oUser.Put "msSBSCreationState", "Created"
 'Write the local property cache back to AD
 oUser.SetInfo
 rs.MoveNext
Loop
'//----------------------------------------------------------------------------
'// End Script
'//----------------------------------------------------------------------------



Make sure to put a test user in an OU “Imported Users” to test the script out.


Make changes specific to your environment on the line

strSearchOU = "OU= import users,DC=contoso,DC=local"
Posted by at No comments:

The Installation of Windows Small Business Server 2011 Standard cannot Finish. – Fixed!

Ran into this and figured I’d pass it along as it seems to be due to a windows update and who knows if they will fix it in the future or not..

Migrating from SBS2k3 to SBS2011, the answer file was set up and errored out saying that it could not find the source server’s host name. I was able to ping it from the new server, so I checked to see if it could see it again, and it found it just fine.

Install continued and when I checked back this scary screen was up.

clip_image002

And ..

clip_image004

However, the FSMO roles and replication were all on the new server and are functioning. No service interruption from the user end as well..

Looking into it a little more found this KB …

http://support.microsoft.com/kb/2533423

and was able to find the matching info in the log file on the SBS 2011 box.

I took a backup of the server and applied the reg settings and the rest of the steps in the KB and  ….

clip_image006

Now we wait..

clip_image008

Yay!

Simple fix, so I figured I’d pass it along.

Posted by at No comments:
Labels: , ,

Tuesday, July 24, 2012

Mail Messages being bounced back with error: #550 4.4.7 QUEUE.Expired; message expired ##

When a message gets sent out to user@remotedomain.net the server looks in it’s DNS records to find where the mail server for remotedomain.net is so that it can send the message along.

Check your server’s DNS forwarders to make sure they are correct.

clip_image001

I had the correct DNS servers in.

Next thing to check is what IP mail.remotedomain.net  is resolving to.

image

As you can see, the server is being told that the mail server for remotedomain.net is located at 6x.xxx.xxx.22, which is not the correct address.

Since it is not the correct address, the emails stay in the queue on the server…

image

The correct address can be found by looking up mail.remotedomain.net IP and DNS information. I use the website who.is but you can use whatever tool you feel like using.

image

From a machine outside of your network, one that is not using NTD’s DNS servers, I am able to get everything working just fine.

Here we can see that pinging mail.remotedomain.net resolves to the right IP address.

image

I called the ISP and explained the issue and they found that they had hosted this company’s email at some point and still had an A record in pointing to 6x.xxx.xxx.22 rather than 21.

Posted by at No comments:
Labels: , ,

Wednesday, August 31, 2011

Excel will not open a workbook when double clicking the file or opening an attachment in Outlook.

Had an issue where a user was opening excel files from explorer. Excel would load up, but the workbook would not launch. You could go to File Open and open the file just fine.

We had recreated his profile and made sure that there was nothing wonky in his xlstart folder and yet this issue still kept happening. Well, there is a check box  in  excels options that says something to the effect of disabling other application to access excel. If this is checked you will not be able to have outlook, explorer, or anything else open excel for you when you click on a file.

The problem was that this check box "somehow" got checked. Doing a little poking around on the Internet gave me the following information as well as booting up a test machine to play with it.

Here are the settings in the registry that were set.


Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Open\command]
@="\"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE\" /e"
"command"=hex(7):27,00,5d,00,67,00,41,00,56,00,6e,00,2d,00,7d,00,66,00,28,00,\
5a,00,58,00,66,00,65,00,41,00,52,00,36,00,2e,00,6a,00,69,00,45,00,58,00,43,\
00,45,00,4c,00,46,00,69,00,6c,00,65,00,73,00,3e,00,21,00,44,00,65,00,40,00,\
5d,00,56,00,7a,00,28,00,72,00,3d,00,66,00,60,00,31,00,6c,00,66,00,71,00,60,\
00,3f,00,52,00,26,00,20,00,2f,00,65,00,00,00,00,00

Notice the /e at the end, when that is replaced with “%1”, even if the check box in excel is checked to ignore other applications requesting information from DDE, the application will still request the information via dynamic data exchange. If the /e is taken out of the key, excel will open up a document, and a blank workbook will show up, but the file requested will not show up. At least in my testing, it looks like “%1” is the only way to get it to ignore the check box and get the file to come up.
Here is the reg dump for the key being set with “%1”

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Open\command]
@="\"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE\" \"%1\""
"command"=hex(7):27,00,5d,00,67,00,41,00,56,00,6e,00,2d,00,7d,00,66,00,28,00,\
5a,00,58,00,66,00,65,00,41,00,52,00,36,00,2e,00,6a,00,69,00,45,00,58,00,43,\
00,45,00,4c,00,46,00,69,00,6c,00,65,00,73,00,3e,00,21,00,44,00,65,00,40,00,\
5d,00,56,00,7a,00,28,00,72,00,3d,00,66,00,60,00,31,00,6c,00,66,00,71,00,60,\
00,3f,00,52,00,26,00,20,00,22,00,25,00,31,00,22,00,00,00,00,00

It’s hard to tell for sure why this is happening, but some of my researching suggests updates could switch these keys around. Also, I would like to note that on my test machines I was able to use excel just fine with the /e key at the end of the strings, until I checked the check box to ignore other applications. Once that check box was checked, I was unable to open files unless I put in the “%1”.

0_o Just another day in MS land I guess. I would be interested if anyone else has had issues with this.

Thanks!
Posted by at 1 comment:
Labels: ,

Thursday, August 25, 2011

Lockdown Internet Explorer 7 Address Bar, Print, and Menu options.

The following screenshot shows that the address bar is disabled, navigation is also disabled, as well as the print buttons and file menu item. These settings are applied by using a custom ADM file in Group Policy.

clip_image002

The following group policy settings should be applied to the servers. These policies will disable any workaround that the user may use to gain access to another website.

Users\Administrative\Templates\Internet Explorer

clip_image004

\Internet Control Panel

clip_image006

\Browser Menus

clip_image008

\Toolbars

clip_image010

ADM file to be added.

CLASS Machine
CATEGORY InternetExplorer7Lockdown
POLICY "IE7 Lockdown Settings"
EXPLAIN !!Help
KEYNAME "Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions"
PART !!Addressbar_title DROPDOWNLIST REQUIRED
VALUENAME "NoAddressBar"
ITEMLIST
NAME !!Addressbar_enable VALUE NUMERIC 0 DEFAULT
NAME !!Addressbar_disable VALUE NUMERIC 1
END ITEMLIST
END PART
PART !!NavButtons_title DROPDOWNLIST REQUIRED
VALUENAME "NoNavBar"
ITEMLIST
NAME !!NavButtons_enable VALUE NUMERIC 0 DEFAULT
NAME !!NavButtons_disable VALUE NUMERIC 1
END ITEMLIST
END PART
END POLICY
POLICY "Disable: Printing"
Explain !!Help2
KEYNAME "SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER"
PART !!PrintButton DROPDOWNLIST REQUIRED
VALUENAME "Btn_print"
ITEMLIST
NAME !!PrintShow VALUE NUMERIC 1 DEFAULT
NAME !!PrintHide VALUE NUMERIC 2
END ITEMLIST
END PART
END POLICY
POLICY "Disable: File Menu"
Explain !!Help3
KEYNAME "SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER"
PART !!FileMenu DROPDOWNLIST REQUIRED
VALUENAME "NoFileMenu"
ITEMLIST
NAME !!FileShow VALUE NUMERIC 1 DEFAULT
NAME !!FileHide VALUE NUMERIC 2
END ITEMLIST
END PART
END POLICY
END CATEGORY 
[strings]
InternetExplorer7Lockdown="IE7 Settings"
Addressbar_title="Set the IE7 Address bar to: 
Addressbar_enable="Enabled"
Addressbar_disable="Disabled" 
NavButtons_title="Set the IE7 Navagation buttons to: 
NavButtons_enable="Enabled"
NavButtons_disable="Disabled" 
PrintButton="Hide Printer button?"
PrintShow="No"
PrintHide="Yes"
FileMenu="Hide File menu?"
Fileshow="No"
Filehide="Yes"
; explains
Help="Enabled: This policy will change registry settings to disable the address bar and navigation buttons IE7." 
Help2="Enabled: This policy will allow you to Hide or Show the print button in IE7." 
Help3="Enabled: This policy will allow you to Hide or Show the File menu item in IE7."



Issues:

Users will still be able to press CTRL+P to print – I am unable to find a way around this.

Posted by at No comments:
Labels: , , , , , , , ,

Wednesday, August 24, 2011

IE7 Disable toolbar, Navigation Bar and printing via Group Policy and Custom ADM file

The scenario was that a customer needed to lock down IE7 on their plant floors. The application they use to run the machines was a homebrewed application and called IE to open up some documents. The application was presented to the users via Citrix, so it was the only app they could see. Once they would open up the app they were going out and opening documents, then surfing on over to whatever sites they wanted.




They also would try and print recipies or whatever but would end up sending the print job to the wrong printer (there is not a lot of control at the plants to use group policy printing) and screw up label printers or other such devices.




The solution?! Group policy and a custom ADM built to change the registry keys!




Here is the ADM, just copy and paste into notepad and save it with a .adm extension (be sure to change file type to all!!)












Posted by at No comments:

Thursday, June 16, 2011

APP-V Server install

Found a very helpful write-up on how to get app-v installed on a Server 2k8r2 box.

They tech net articles are a little convoluted, while all the information is there, you have to find about 10 articles to get things set up.

http://social.technet.microsoft.com/wiki/contents/articles/how-to-install-and-configure-the-app-v-management-server.aspx

Also, one of the things that I had issues with was the fact that .net 4 was installed on the servers. Make sure to uninstall .net 4 framework before trying to install app-v, unless you like scratching your head.

Remember to reinstall .net 4 after though Smile

Cheers!

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)