Testing your Domain Controler

If you’re in charge of the infrastructure at your work you probably deployed your share of DCs. Let’s say you’re about to deploy 2 more at a new site. Microsoft recommends they both be Global Catalogue Servers. You get everything to work just fine- and then someone starts adding more and more users- until pretty soon they double the original number. How will your Domain Controllers handle the extra load?
Microsoft has this little tool called the Active Directory Performance Testing Tool (ADTest.exe). ADTest is an Active Directory load-generation tool that will simulate client transactions on a host server.
“Remember that benchmarking and performance exercises are useful for comparing platforms or for getting a general understanding of the hardware requirements for common implementation scenarios.”- in other words, use it as a guideline not as exact science and allow for different results in the real world. Nevertheless it’s a great planning tool.

Server 2008 and Terminal Services

Quick note on some new improvements in Server 2008 vs 2003/2000 that some people may still not be aware of. Some or all of these may provide a compelling reason to migrate.

 

Server 2008 includes enhancements to many current Windows Server features. Terminal Services is one of them. In Windows Server 2008 it has been enhanced to provide more functionality when compared with the previous versions. Some of these improvements are:

 

– Easier to install and configure

Application publishing

Seamless windows and session sharing

Published applications can be accessed using a built-in web interface

Applications can be accessed securely from outside the firewall without an SSL VPN or modifying firewall configurations, using HTTPS tunneling

Enhanced printing

Session-based load balancing

32-bit color and new RDP compression

Display data prioritization

Large display and custom resolution support

Support for monitor spanning

Enhanced Plug-and-Play device redirection

Single Sign-On

 

Having all these improvements, Terminal Services should be more appealing to IT organizations wanting to reduce complexity in their deployment scenarios.

 

A few things you must keep in mind when you consider migrating because of the above improvements:

 

Most of Windows Server 2008 Terminal Services’ new features require Windows Vista SP1 or Windows XP SP3 on the client side. As a result, these features are not available for older platforms.

To benefit from all the new features of Windows Server 2008 Terminal Services you must upgrade all your servers to this version.

Windows Server 2008 Terminal Services provides session-based load balancing capabilities that are only for groups of identical servers.

New release- Active Directory Change Notifier 2.0

The new version improves the user interface and introduces domain-level monitoring features. Version 2.0 simplifies the installation process and improves the UI. Other improvements include better monitoring capabilities and more granular reporting. These enhancements are invaluable to administrators wanting to implement a more proactive Directory Services management approach.

More details can be found here.

Exchange- Web Access, and blocking your attachements

If you use Exchange Server 2003, you can block attachements for the Web Access. Attachments extensions can be configured through the registry on your Exchange Server. OWA is originally installed with the default set of extensions, shown below.
Level 1: attachments with file extensions prohibited from being accessed by OWA:
Location: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA
Value: Level1FileTypes
Type: REG_SZ
Value Data: ade, adp, app, asx, bas, bat, chm, cmd, com, cpl, crt, csh, exe, fxp, hlp, hta, inf, ins, isp, js, jse, ksh, lnk, mda, mdb, mde, mdt, mdw, mdz, msc, msi, msp, mst, ops, pcd, pif, prf, prg, reg, scf, scr, sct, shb, shs, url, vb, vbe, vbs, wsc, wsf, wsh
Level 2: attachments with extensions accessed only if saved to the client’s file system first:
Location: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA
Value: Level2FileTypes
Type: REG_SZ
Value Data: ade, adp, asx, bas, bat, chm, cmd, com, cpl, crt, exe, hlp, hta, htm, html, htc, inf, ins, isp, js, jse, lnk, mda, mdb, mde, mdz, mht, mhtml, msc, msi, msp, mst, pcd, pif, prf, reg, scf, scr, sct, shb, shs, shtm, shtml, stm, url, vb, vbe, vbs, wsc, wsf, wsh, xml, dir, dcr, plg, spl, swf
If you’re interested in more Exchange management solutions, we can help. The Active Directory Manager provids an easy to use interface and customizable, comprehensive Exchange reports.

Server 2008 Backup

Recently, someone asked about that Windows Server 2008 Backup feature and I wanted to include a quick note about it on the blog as well.
The Windows Server 2008 Backup feature can be installed separately, and has a couple of subsets- Windows Server Backup and Command-line Tools. Through the helpful interface you can run your scheduled backups, but there are some changes worth noting:
-only direct attached storage (disks) with NTFS formatted volumes can be backed up
-you can only select to do a backup for an entire disk volume (even if you choose the Custom backup type). Yeah, it’s an all-or-nothing type of deal
-you can’t pick individual files, folders or Windows system state for backup
-you need to have a different location for your target backup
-you can no longer perform a backup to tape
Windows Server 2008 Backup has many new features and Microsoft does a good job of outlining them in the on-line help- check it out for more on this topic.

Retrieving object details from Active Directory

Obtaining any type of info from your Directory Services requires scripting, if you’re using the native tools. There’s an easier and faster way- you can use third party Active Directory solutions like the Active Directory Manager, or Active Directory Reporter.
So let’s compare the two approaches; let’s try to get something simple… say “User” details:
1- Scripting. Ok, we’re not big fans of scripting around here. Still, let’s follow this through, painful as it is:
public void GetUserDetails()
{
try
{
drpUsersList.Items.Clear();
ListItem li =new ListItem(“– Users List –“,””);
drpUsersList.Items.Add(li);
string _path =”LDAP://Your Domain Name”;
_filterAttribute =txtSearchEmployee.Text;
DirectorySearcher dSearch = new DirectorySearcher(_path);
dSearch.Filter = “(&(objectClass=user)(givenName=” + _filterAttribute + “*))”;
foreach(SearchResult sResultSet in dSearch.FindAll())
{
LoginName=GetProperty(sResultSet,”cn”); // Login Name
FirstName=GetProperty(sResultSet,”givenName”); // First Name
MiddleInitials=GetProperty(sResultSet,”initials”);// Middle Name
LastName=GetProperty(sResultSet,”sn”); // Last Name
Company=GetProperty(sResultSet,”company”); // Company
State=GetProperty(sResultSet,”st”); //State
City=GetProperty(sResultSet,”l”); //City
Country=GetProperty(sResultSet,”co”); //Country
Postalcode=GetProperty(sResultSet,”postalCode”); //Postalcode
TelephoneNumber=GetProperty(sResultSet,”telephoneNumber”);
Email=GetProperty(sResultSet,”mail”); //Email
uniqueName = GetProperty(sResultSet,”mailnickname”);
ListItem newitem = new ListItem(uniqueName,uniqueName);
drpUsersList.Items.Add(newitem);
}
}
catch(Exception ex)
{
Response.Write(ex.Message.ToString());
}
}

public static string GetProperty(SearchResult searchResult, string PropertyName)
{
if(searchResult.Properties.Contains(PropertyName))
{
return searchResult.Properties[PropertyName][0].ToString() ;
}
else
{
return string.Empty;
}
}

2- Active Directory Manager/Active Directory Reporter. First off- NO SCRIPTING. Once you log in through the web interface (that’s your bowser), it’s pretty easy to obtain any details about User objects. It’s a 3 step process taking virtually seconds- click on the “Reports Tab/User reports”, click “General Reports” and “All Users”. In the next screen, search for the user you’re looking for, and the Active Directory Manger will display all the User details.
The script in the first example is quite simple. By all accounts, if you want to do anything more involved in AD the script is only going to get more complicated. And we all know the longer the script is, the more chances you have of something going wrong.
In today’s world, you have to simplify your IT– why add more complexity to your environment?