John Yassa's Blog

Home » Windows Server 2012

Category Archives: Windows Server 2012

How to Back Up and Restore NTFS and Share Permissions

Backup and Restore of Share Permissions

 To backup share permissions, export the Shares registry key.

  1. Open Regedit to the following location:HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
  2. Right-click the Shares registry key and select Export. Give it a file name such as shareperms.reg.

When you want to restore the permissions, double-click shareperms.reg to import it back into the registry.

Use the Reg tool to backup the registry key from the command line:

reg export HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares shareperms.reg

If you need to restore it at some point, just run:

reg import shareperms.reg

Backup and Restore of NTFS Permissions

 Use this command to backup NTFS permissions:

icacls d:\data /save ntfsperms.txt /t /c

The /T switch allows it to get subfolder permissions too. The /C switch allows it to continue even if errors are encountered (although errors will still be displayed).

Use this command to restore them:

icacls d:\ /restore ntfsperms.txt

Note that in the command to save the permissions, I specified the target folder D:\Data, but when I restored them, I specified just D:\ as the target. Icacls is a little funky like that, and here’s why.

If you open the text file with the exported permissions (ntfsperms.txt in the above example), you’ll see that Icacls uses relative paths (in bold below). Underneath the relative paths are the permissions for the folders in Security Descriptor Definition Language (SDDL) format.

data
D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)
data\folder1
D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)
data\folder2
D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)

Had I specified D:\Data in the command to restore the permissions, it would have failed looking for a D:\Data\Data folder:

D:\>icacls d:\data /restore perms.txt
d:\data\data: The system cannot find the file specified.
Successfully processed 0 files; Failed processing 1 files

You might think specifying D:\ as the target in the restore command may somehow mess up the permissions on other folders at that level, but as you can see from the ntfsperms.txt output file, it only has information about the Data folder and sub folders, so that is all it will change.

Source : http://blogs.technet.com/b/askds/archive/2008/11/24/how-to-back-up-and-restore-ntfs-and-share-permissions.aspx

                 http://social.technet.microsoft.com/wiki/contents/articles/408.how-to-back-up-and-restore-ntfs-and-share-permissions.aspx

How to display and configure admin for the file resource manager

Configures e-mail notification options used by File Server Resource manager and the DirquotaFilescrn, and Storrept commands. If used without parameters, the dirquota admin options command displays the values of the options that are currently configured

    • To display currently configured administrative options, type:

      dirquota admin options

    • To configure the default From address and administrative recipients for e-mail notifications and storage reports, type:

      dirquota admin options /from:admin@contoso.com /adminemails:backup_operator@contoso.com;admin@contoso.com

    • To specify that e-mail notifications that are raised for repeatedly exceeding a quota or detecting an unauthorized file is to be sent only once every two hours, type:

      dirquota admin options /runlimitinterval:m,120

    For more Info : http://technet.microsoft.com/en-us/library/cc742036.aspx

Add or Update a User Picture to the Active directory

This is a quick article to show how easy it is to update an Active Directory user account with a photo of the user.

The Active Directory thumbnail Photo attribute is used by several applications to display a picture for the user account. Microsoft Outlook is one such application that uses this attribute to display the picture of people you send and receive emails to and from (within an Active Directory domain).

Example

Now, for the fun bit! Let’s assume we have user John, and we have saved John’s photo to C:\photos\John.jpg

In two lines of code, we can update John’s photo.

Get the photo, using the Get-Content Power Shell cmdlet, using the encoding type byte. Store the photo as a byte array in the $photo variable. Then update Active Directory using the Set-ADUser cmdlet, passing the byte array ($photo) to the thumbnailPhoto attribute.

$photo = [byte[]](Get-Content "C:\photos\John.jpg" -Encoding byte)            
Set-ADUser John -Replace @{thumbnailPhoto=$photo}

To shorten this to one line of code, we could write this as;

Set-ADUser John -Replace @{thumbnailPhoto=([byte[]](Get-Content "C:\photos\John.jpg" -Encoding byte))}

Now the Photo of John will appear in Outlook and Lync as below:

1- Outlook

outlook

2- Lync

Lync

Change the UPN Suffix (User Principle Name) for Users in domain contorller

Below is a PS1 script to modify the UPN Suffix for Users inside OU

#Replace with the old suffix

$oldSuffix = ‘Existing UPN Domain name’

#Replace with the new suffix
$newSuffix = ‘New UPN Domain name

#Replace with the OU you want to change suffixes for
$ou = “LDAP Path of the OU that contain the users”

#Replace with the name of your AD server
$server = “Domain Controller name”

Get-ADUser -SearchBase $ou -filter * | ForEach-Object {
$newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix)
$_ | Set-ADUser -server $server -UserPrincipalName $newUpn }

Exchange server 2013 Service Pack 1 will be in early 2014

The Exchange Team Blog announced that service pack 1 for the Exchange Server 2013 will be available in early 2014.

Probably this mean Q1 of 2014.

SP1 for Exchange Server 2013 will include below improvements:

  • Windows Server 2012 R2 Support  First answering one the most common questions since the release of Windows Server 2012 R2. Exchange 2013 SP1 will add Windows Server 2012 R2 as a supported operating system for Exchange Server 2013 with SP1. Let your planning begin.
  • S/MIME support for OWA – Support for S/MIME in OWA will be brought back in SP1. With SP1 customers will have S/MIME support across Outlook, Exchange ActiveSync clients, and OWA.
  • Edge Transport Server Role – The Edge Transport server role for Exchange Server 2013 will be available with SP1.
  • Fixes and Improvements – Of course, SP1 will include fixes and improvements in areas you’ve helped us identity. SP1 is the first service pack issued in the new Exchange Server cumulative update release model – thus SP1 is essentially CU4. The installation of SP1 will follow the same process as the prior Exchange 2013 CUreleases. SP1 will include all fixes included in previously released cumulative updates for Exchange 2013.

SP1 will require to update Active Directory schema.

Active Directory Schema updates for Exchange are additive and always backwards compatible with previous releases and versions

For More Info : http://blogs.technet.com/b/exchange/archive/2013/11/20/exchange-server-2013-service-pack-1-coming-in-early-2014.aspx

Configuring Active Directory (AD DS) in Windows Server 2012

Windows Server 2012 introduces a plethora of new features with a key emphasis on Cloud integration being the buzz word in the industry over the last 24 months.  Windows continues to grow and mature as an operating system with the latest iteration being more secure, reliable and robust and more importantly making it easily inter-operable with other systems.

This post will focus on promoting windows 2012 as the first domain controller in a new Forest.  Even though the logical steps haven’t really changed dramatically since the introduction of Windows 2008, the interface has! especially with the new metro look.  So let’s begin our journey with Windows Server 2012 as this will be the first of many articles on configuring different components that Windows Server 2012 has to offer.

Adding the Active Directory Domain Services Role

From the Dashboard click on “Add roles and features”.  You will be presented with the “Before you begin screen.  Click Next.  In the “Installation Type” screen click on “Role-base or feature-based installation”.
2

You will be presented with the following screen asking you to select a destination server.  This is a new feature of Windows 2012 where you have the ability to deploy roles and features to remote servers and even offline virtual hard disks.

In our case, we are selecting the current server from the server pool.
3

Click Next

We are now back in familiar territory (if you have worked with Windows 2008 Server) and we will select the “Active Directory Domain Services” and DNS Server if it hasn’t already been provisioned.
4

Click on Add Features

Click Next

If you want to add additional features, you can do so from the next screen, otherwise click Next
5

You will now be presented with the Active Directory Domain Services (AD DS) screen outlining some information about AD DS and its requirements.  You will notice that DNS is a MUST and has always been the case.

Click next

You now provided with a summary of installation selections

7

Upon completion you will be presented with an installation succeeded message.
8

Click Close.

Back in Server Manager, you will notice that AD DS has been added to the left navigation tree.  Click on it and then click on More on the right navigation pane where it states that Configuration is required for Active Directory Domain Services.

9

You will now be presented with the All Servers Task Details, in which you will click on Promote this server to a domain controller under Action.

The Deployment Configuration screen appears and we will select “Add a new forest” as this is the first domain controller.

11

Enter your Root domain name and then click Next.

The following screen will then appear in which you will enter and select your Domain Controller Options.

12

You will then get the below warning in which you can ignore for now.

13

Click Next

The NetBIOS domain name will then be inputted automatically.

14

Click Next

Confirm or change the locations of your database folder, log folder and SYSVOL folder.

15

Click Next

Review your selections and then Click Next.

If all of the prerequisites checks have passed successfully, you will be able to click on Install to proceed.

17

Click Install

The installation will now proceed and you will see the progress being displayed.

The computer will most likely restart on its own to complete the installation so don’t be alarmed if it does.  You will receive a brief warning advising so.

Upon restart, you should be able to login using your domain credentials for the user administrator.

So let’s add our first user!  We can do so via the new Active Directory Administrative Center or via the well known Active Directory Users and Computers.  For something different, lets try the former.

Once Server Manager has launched, click on Tools > Active Directory Administrative Center

You will be greeted with the below Welcome screen.

18

19

Click on your domain on the left navigation pane, in my instance it is Exch2013 (local).

20

Select New User.  The below screen appears in which you will fill in the necessary details.

21

Click on OK

22

As you can see it is relatively straight forward configuring your first domain controller in a new forest using Windows Server 2012, in particular if you have had experience with Windows Server 2008

%d bloggers like this: