Microsoft Active Directory Topology Diagrammer

Hi guys,

I put the link to download the Microsoft Active Directory Topology Diagrammer.

With the Active Directory Topology Diagrammer tool, you can read your Active Directory structure through LDAP. The Active Directory Topology Diagrammer tool automates Microft Office Visio to draw a diagram of the Active Directory Domain topology, your Active Directory Site topology, your OU structure, your DFS-R topology or your current Exchange 20XX Server Organization. With the Active Directory Topology Diagrammer tool, you can also draw partial Information from your Active Directory, like only one Domain or one site. The objects are linked together, and arranged in a reasonable layout that you can later interactively work withthe objects in Microsoft Office Visio.

http://www.microsoft.com/en-us/download/details.aspx?id=13380

See you!!

Anuncios

Powershell Script to request info about state of AD Site links

Hi guys,

I read an interesting post in the Ashled McGlone blog that I think is good to remark.

See you!

http://blogs.technet.com/b/ashleymcglone/archive/2012/09/10/freaky-neat-active-directory-site-links-with-powershell.aspx

—————————-

Author’s note:  Before you dismiss this article you should know that the top two areas where I find issues for AD health are replication and DNS.  If you’re short on time skip to the bottom section “But Wait… There’s More” and run that report in your environment.  Otherwise I think you’ll get a lot of value from this content.

Freaky Neat

MonkIn my role as a Microsoft Premier Field Engineer I get to see what our customers do with Active Directory, both good and bad. Some admins are neat freaks about keeping everything pretty. (Imagine Adrian Monk as an AD admin.)  Others barely have time to open Facebook at work, and neatness is not a priority. Those are just the facts of IT life.  Consequently one area we frequently clean up is AD replication. You can see my former articles here on cleaning up replication settings.

What is hiding in your site links?

Today’s post will help you clean up site link descriptions and give you some nice reporting capability. For a quick overview of the terminology you can read the landmark TechNet article How Replication Works. To make a long story short admins create sites and then link them together with site links. Like most things in life change happens, and we don’t go back to clean up afterwards. I commonly find orphaned site links, mondo links with too many sites, and site link descriptions that haven’t been updated to reflect their member sites. (Use the free AD Topology Diagrammer to get a really cool Visio diagram of your sites and links.)

Some folks like to set their site link description field to list each of the member sites in the link. If that is you, then you’ll love this script.  Today’s script enumerates all of the member sites in a site link and then concatenates their names into the description of the site link.  Also, it will make a note in the description for any site links that have change notification enabled.  Now that’s handy!

Here is a screenshot from my lab showing what the descriptions can look like:

image

The Code

First let’s list the sitelinks:

# List all sitelinks            
Get-ADObject -LDAPFilter '(objectClass=siteLink)' ` 
    -SearchBase (Get-ADRootDSE).ConfigurationNamingContext ` 
    -Property Name, Cost, Description, Sitelist |            
    Format-List Name, Cost, Description, Sitelist

Now let’s update the descriptions:

# One ridiculous line of code            
# Broken down for readability            
Get-ADObject -LDAPFilter '(&(objectClass=siteLink)(siteList=*))' ` 
    -SearchBase (Get-ADRootDSE).ConfigurationNamingContext ` 
    -Property Name, Cost, Sitelist, Options |            
    ForEach {            
        Set-ADObject -Identity $_.DistinguishedName -Replace @{            
            Description=$(            
                $s="";            
                ForEach ($site in $_.sitelist) {            
                    $s += "$($site.SubString(3,$site.IndexOf(",")-3)) <--> "            
                };            
                $s.SubString(0,$s.Length-6)            
            )+$(            
                If ($_.Options -band 1) {' (Notify)'}            
            )            
        }            
    }

Some site links have been orphaned and emptied by deleting the member sites and forgetting to delete the associated site link. For those here is a modified line that will update their description to ‘EMPTY SITE LINK’.

# Flag empty site links            
Get-ADObject -LDAPFilter '(&(objectClass=siteLink)(!siteList=*))' ` 
    -SearchBase (Get-ADRootDSE).ConfigurationNamingContext ` 
    -Property Name, Sitelist, Options |            
    % {Set-ADObject -Identity $_.DistinguishedName ` 
    -Replace @{Description='EMPTY SITE LINK'+` 
    $(If ($_.Options -band 1) {' (Notify)'})}}

The real magic in these lines are the LDAP filters:

  • All sitelinks: ‘(objectClass=siteLink)’
  • Sitelinks with member sites: ‘(&(objectClass=siteLink)(siteList=*))’
  • Sitelinks without member sites: ‘(&(objectClass=siteLink)(!siteList=*))’

Once you have imported the ActiveDirectory module you can type Get-Help about_ActiveDirectory_filter for more information on creating LDAP filter syntax.

But wait… there’s more!

In the script file attached at the end of the post I have included all of the scripts above plus some bonus content.  There is a site report script that will give you some schweet stats on your AD sites.  Use it to find those sites that are not in a site link, missing subnets, or do not have a DC.  The output looks like this:

Name     SiteLinkCount SubnetCount DCCount IsEmpty WhenCreated  Description
----     ------------- ----------- ------- ------- -----------  -----------
Bogus1               1           0       0    True 10/6/2010    Test site
Bogus2               0           0       0    True 1/25/2011    Test site
Bogus3               0           0       0    True 1/25/2011    Test site
Kentucky             3           1       2   False 4/13/2010    Kentucky
Lonely               2           1       1   False 2/17/2011    Remote site
Ohio                 2           2       2   False 4/13/2010    Ohio

Armed with this handy little report you will know where to begin your site, subnet, and site link remediation activities.

The Fine Print

This version of the script works with PowerShell v2 in your environment today. In AD PowerShell v3 there are new cmdlets to work with site links directly.

If you’re one of those who likes to note WAN speeds on site link descriptions, then you have a couple options:

  • Don’t run the script. It will overwrite your notes in the descriptions.
  • Export the descriptions, run this script, then manually add back the WAN speeds.

Unless you schedule this script to run as a scheduled task, you’ll need to run it again any time you update sites or site links. The descriptions are only as good as the last run of the script.

Currently the script inserts ‘<–>’ between the site names. Feel free to edit this to your liking.

If you have 1,000,000,000 sites jammed into a single site link, then it is likely that the concatenated description string will be too long and break the script.  Don’t do that if you can avoid it.

Running this script is harmless to your environment’s functionality, but it will overwrite your existing site link descriptions. As always you should test it in a lab first.

——————

How to know the GUID of an Application

Hi,

We can know the GUID of an application by the following ways:

1. Find the GUID going to the register. The path where to find is: HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\…

Here, if you click on F3 you can search the name of the application and you will see the GUID.

2. In SCCM 2012, In the Deployment Type of an Application. Go to the properties and in the Programs tab, click on the Browse button for Product Code and select the MSI file. Will appear automatically the GUID.

Imagen

Regards

How to stop and start AD File Replication Service

Hi there!

If we want to do an schema upgrade the actions for to do there is:

Login with an schema admin to the fsmo schema role holder (you can know doing a “query fsmo roles” in a cmd)

Do a backup of System State

Go to cmd and run the command repadmin /replsum and check for some error.

Go to cmd and run the command repadmin /options serverhostname +DISABLE_OUTBOUND_REPL

Go to cmd and run the commandrepadmin /options serverhostname +DISABLE_INBOUND_REPL

Upgrade schema.

Review logs

Go to cmd and run the command repadmin /options serverhostname -DISABLE_INBOUND_REPL

Go to cmd and run the command repadmin /options serverhostname -DISABLE_OUTBOUND_REPL

Force to replicate from the DC schema holder to the others dc.

Regards!

Remove a computer from a Collection when OSD Task Sequence is completed

Hi!

I find a very interesting post where indicate how to put out of a collection a new computer after to be created with OSD.

The post is writed by Jörgen Nilsson.

http://ccmexec.com/2010/03/remove-a-computer-from-a-collections-when-osd-task-sequence-is-completed/

Regards

——–

When using a mandatory OSD advertisement to install a Operating system it is a great benefit to remove the computer from the Collection to where the OS deployment is advertised. The OSD task sequence advertisement can then be set to always rerun and all problems related to reinstalling an existing computer is solved.

This can be achieved by using a status filter rule together with a VBscript which removes the computer from the collection once the Task Sequence completes successfully.

UPDATE!!
I have updated the script to search for active computer records in SCCM using the name and then removing the computer from the collection using the ResourceID instead of using the name for matching. I have seen at customers that some third party applications created direct memberships with a different naming convention than the SCCM Admin Console does, this updated script will solve this problem.

Update 2
The script have been updated with the possibility to enter more than one collection to remove the computer from, it can also write an event to the event-log on the SCCM server with the name of the computer and the collection/collections it will be removed from.
I have removed the script code from this blog and made it available as a file instead, to avoid problems when cut/pasting the text.

You can download it here: http://ccmexec.com/wp-content/uploads/2010/12/Remove.vbs.txt

Download the script and save it as “remove.vbs”  edit the following line with the collection/collections you want the computer removed from

sCollectionIDs = “00100053:0010004A:00100069″

when that is done, complete the steps below to configure the status filter rule.

———————————————-

Configuring the status filter rule:

  1. Under site settings create a new status filter rule
  2. Configure it to use the following settings:

Component : Task Sequence Manager
Message Id: 11171

Run a Program: cscript.exe e:\sccmtools\remove.vbs %msgsys

Status1 status filter rule 2

WDS not want to start after configure PXE Service on SCCM 2012 DP

Hi friends,

Yesterday in a SCCM 2012 infrastructure project that I´m participating, I was configuring the PXE Service on a new Distribution Point MS Server 2008. Well, after configure the PXE Service from the SCCM admin console, the WDS role not want to start. The problem was that need the Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.4148 (vcredist_x64) to work.

WDSError

Here i put the link to the MS kb.

http://support.microsoft.com/kb/2712387

Regards!