Active Directory default Tombstone lifetime

Great post by Joe regarding Active Directory default Tombstone lifetime, a must read article!

Default Tombstone Lifetime yet again… Alternate working title: TechNet why do you hate tombstoneLifetime and correct information?

PowerShell: Outlook unified signature based on Active Directory information

I came across this nice PowerShell solution to have unified Outlook signature based on Active Directory information in your company. Check it out!

Outlook signature based on user information from Active Directory

Deploying a Unified Email Signature Template in Outlook

Microsoft TechNet Script Center link: Outlook signature based on user information from Active Directory

Microsoft BPA’s on Windows Server 2008 R2

They are now installed when you add a role to a Windows Server 2008 R2 installation, updates are released through MU. Use them to have a check on your configuration settings!!

Best Practices Analyzer
http://technet.microsoft.com/en-us/library/dd759260.aspx

Running and Filtering Scans in Best Practices Analyzer
http://technet.microsoft.com/en-us/library/dd759206.aspx

PowerShell: Protect all OU’s in Active Directory from accidental deletion

1) Check which OUs aren’t protected:
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft

2) Protect them:
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

3) Then rerun the first command to verify they have been changed.

These commands should run with "Active Directory Module for Windows PowerShell" for AD only or "PowerShell Modules" to load all of them.

 

AD DS: All OUs in this domain should be protected from accidental deletion
http://technet.microsoft.com/en-us/library/dd723677%28WS.10%29.aspx

FSMO roles…

You want to know about FSMO roles? Then read this! (and the links in that great blog post)

The Impact Of FSMO Roles Not Being Available
http://blogs.dirteam.com/blogs/jorge/archive/2011/07/11/the-impact-of-fsmo-roles-not-being-available.aspx

NetWrix Freeware Tools

Note: I do not provide any support for these tools, nor do I guarantee anything. Test them yourself before usage, this is for your information post only.

NetWrix Freeware Products
http://www.netwrix.com/freeware_products.html

Deploying printers using GPP

When you deploy printers using GPP, you can receive following error:

’0x80070bcb The specified printer driver was not found on the system and needs to be downloaded.’

To prevent this, add following options in your policy:
- Computer Configuration\Administrative Templates\Printers\Point and Print Restrictions – set to "Disabled"
- User Configuration\Administrative Templates\Control Panel\Printers\point and Print Restrictions – set to "Disabled"

Active Directory schema version numbers

• Windows 2000 RTM with all Service packs = Schema version 13
• Windows Server 2003 RTM with all Service packs = Schema version 30
• Windows Server 2003 R2 RTM with all Service packs = Schema version 31
• Windows Server 2008 RTM with all Service packs = Schema version 44
• Windows Server 2008 R2 RTM with all Service packs = Schema version 47

You can check the version in the registry:

• Registry: HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\<Schema Version>
• dsquery: dsquery * CN=Schema,CN=Configuration,DC=Root-Domain -Scope Base -attr objectVersion
• ADSIEdit: open ADSIEdit and navigate to "CN=Schema,CN=Configuration,DC=domain,DC=local", right-click "Properties" and locate "objectVersion" attribute value

 

How to find the current Schema Version
http://support.microsoft.com/kb/556086

MSDTC service fails after transfer PDC role

I was playing last night with transferring FSMO roles between DC’s and just solved the previous mystery (events 53258) when I noticed there was still an issue, namely the MSDTC service fails. This morning I realized I’ve seen a blog post about this before, namely from Brian Desmond! In short, you’ll see the events below in the event logs:

System Even Log:
Event Type:    Error
Event Source:    Service Control Manager
Event Category:    None
Event ID:    7031
Date:        12/16/2008
Time:        08:16:23
User:        N/A
Computer:    LABDC01
Description:
The Distributed Transaction Coordinator service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Application Event Log:
Event Type:    Information
Event Source:    MSDTC
Event Category:    SVC
Event ID:    4145
Date:        12/16/2008
Time:        08:14:24
User:        N/A
Computer:    LABDC01
Description:
MS DTC has been notified that a DC Promotion/Demotion has happened. It is shutting down as a result.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Apparently this is normal. It also only happens when transferring the PDC role, other roles don’t have this result.

Thanks to the blog post of Brian Desmond!! Please refer to his (great) post about this with all the technical details…

MSDTC Exits on PDCe Transfer
http://briandesmond.com/blog/msdtc-exits-on-pdce-transfer/

MSDTC events 53258

Event ID 53258 is logged in Event Viewer after you install or remove Active Directory in Windows Server 2003
http://support.microsoft.com/kb/923977