Comments for Adventures in Technobabble

Comment on Bulk Add of Users to Active Directory – vbscript by bhaskar

bhaskar — Fri, 10 Feb 2012 14:00:08 +0000

Hi Christopher,

Your script is good and very much usefull.But in which type i should give the text file i didnt understand and also i want to add one more column to the script i.e., to add PS ID too means its an identity number for every user.Request you to help me in this,as your help is very much useful for me as iam doing it dialy manually for a bulk of users.

You can mail me also at bhaska(dot)v25 @ gmail(dot)com

Thanks,
Bhaskar.V

Comment on Uninstalling Trend Micro Client/Server Security without a Password or Why are Some Consultants Pricks by Shance

Shance — Mon, 06 Feb 2012 09:06:32 +0000

Thanks! Work like a charm!

Comment on About Me by Tommy Öman

Tommy Öman — Mon, 26 Dec 2011 23:08:27 +0000

Hi there !
And thank you so much for these very helping words of yours.
I have a small site at home, experimenting with websites, linux installations etc. And i have had a domain in my network for about 10 years. My pdc started to have some problems some years ago, so i created a bdc (second domain server) wich finally had to take over when the first machine crasched totally. Since then things has been working but with a sort of unstable feeling. I have been searching a bit to find a solution of my “get rid of” the domain espacially when i now have established a new domain in the same net, and it wasn’t easy to get the right answers.
Until i stumbled over your blog !

So, thank you so much for this article, it helped me definitely !

Comment on How To Seize FSMO Roles and Clean Up Failed Domain Controllers In Active Directory by Christopher Webb

Christopher Webb — Sun, 11 Dec 2011 18:52:24 +0000

A FSMO role TRANSFER is the graceful movement of the roles from a live, working DC to another live DC. This could be performed in any situation – such as if you build a new DC and wish to migrate Active Directory over, or for any other reason. During the process, the current DC holding the role(s) is updated, so it becomes aware it is no longer the role holder. I would recommend always evaluating which DC’s have FSMO roles whenever you add new DCs to the network as having them all on the same server (which is by default since the first server in teh domain has all the roles for that domain).

A FSMO role SEIZE is when a DC holding one (or more) roles has failed and will never return to the network. The roles need to be re-located to a live, working DC. A transfer operation will not succeed because the old DC is not contactable; the roles must therefore be forcefully seized. In other words, it’s a transfer operation, but the old DC is never notified the role holders have changed.

If you perform a seizure of the FSMO roles from a DC, you need to ensure two things: the current holder is actually dead and offline, and that the old DC will NEVER return to the network. If you do an FSMO role Seize and then bring the previous holder back online, you’ll have a problem.

Now, if you have already seized the roles from the server, you can try the following process (or just rebuild the DC). I have seen it work, but not sure if there are any long term coimplications that may arise:

First, go through the steps in the article to remove the domain conttroller from AD completely and clear up metadata. Once you have the server repaired, do not connect it to the network but dcpromo it out while it is still disjoined. Change the server to be a member of a workgroup, then use the NewSID tool to rename the server and change it’s SID to avoid AD complications.

Then, connect it to the network and dcpromo it back as a domain controller, portion out the FSMO roles how you prefer and you should be good

Comment on How To Seize FSMO Roles and Clean Up Failed Domain Controllers In Active Directory by shehryar

shehryar — Sun, 11 Dec 2011 02:00:24 +0000

Hi Christpopher,

Thank you for a great blog and a great article,I have a question :

for e.g. if I have 2 x DCs (with one holding all FSMO roles), and the dc with fsmo roles goes offline due to a raid card or failed drives or anyother problem, I assume :

1) We go into AD MMC and then Move FSMO roles to the 2nd DC ?
2) As our 1st (failed) DC gets repaired in a couple of days, can we just plug it back in to the network and let it sync with AD, as it had all drives and data intact with the operating system ?

Upon reading through articles, it seems that one cannot just plug it back in –

When you move roles from the MMC, does that means FSMO roles are seized ?

Will be grateful for your suggestion
Thanks again for a great blog

Comment on SSH VPN Tunnels – Secure, Unrestricted Access From Public/Work by Christopher Webb

Christopher Webb — Fri, 09 Dec 2011 00:01:47 +0000

Well, for a full VPN and not just port forwarding/tunnellin, it is possible via OpenSSH but not with Windows clients at this time (at least not to my knowledge). Really, if you're wanting something more robust, I would recommend OpenVPN. I have used it for a couple of my clients in the past. I did hae it for my home network but really SSH is all I need and it is already running on all of my servers anyway. OpenVPN work with Windows, Mac, & Linux, it's free, and fairly simple to set up. There are plenty of how-to's out there, but I may write something up on it in the near future anyway. Hope this helps

Comment on SSH VPN Tunnels – Secure, Unrestricted Access From Public/Work by SS

SS — Thu, 08 Dec 2011 14:16:12 +0000

This works well for apps that you can configure to tunnel but what about those that you cannot? How do I make a connection to the ssh server where ALL traffic will rout. So in other words I can make a new connection on my windows machine and it will be a dedicated VPN connection to the ssh server such that I don’t need to change any setting in outlook or Firefox etc…

Comment on SharePoint 2007 Calendar Sync with Outlook Only Updating Certain Fields by Shared Calendar Attendee Appointment End Time

Shared Calendar Attendee Appointment End Time — Wed, 16 Nov 2011 17:55:30 +0000

[...] Thanks again SpiderTech. I received more info from the user and it appears the calendar is published to SharePoint and Outlook isnt enforcing the SharePoint rules. A solution can be found on this blog. http://blog.christophermichaelwebb.com/windows/sharepoint-2007-calendar-sync-outlook-updating-fields... [...]

Comment on Uninstalling Trend Micro Client/Server Security without a Password or Why are Some Consultants Pricks by Camille Shrier

Camille Shrier — Thu, 10 Nov 2011 20:02:23 +0000

I appreciate, cause I found exactly what I was looking for. You’ve ended my 4 day long hunt! God Bless you man. Have a nice day.

Comment on STSADM Import Creating Ghost Lists in SharePoint 2010 by Elliptical

Elliptical — Tue, 08 Nov 2011 10:21:24 +0000

Great! Thanks for the share!
Arron