Categories
Active Directory Microsoft Windows

Microsoft Active Directory Time Sync Settings

So I was recently asked by a client: “Why is the time on my PC 5 minutes off from my phone?”

Now this is a small environment, a very small environment (1 Server and 7 workstations). The first thing I thought about was what does the server clock look like? So I remoted into the server and sure enough it had the same time as the workstation.

I went and checked the registry and found that the server was pointed get its time from time.windows.com, but for some reason that was not working.

I then used the following command to point it to several of the pools hosted by NIST.gov

w32tm /config /manualpeerlist:time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov,time-d-g.nist.gov /syncfromflags:manual /reliable:yes /update

After that I restarted the W32Time (Windows Time) service to make the update work.

Once that is done it should force a resync of the time service which could take some time to update and to sync with all the workstations.

I hope you find this post helpful, and if so please share it with your friends.

PowerShell – Windows Update report to .CSV

A while back I was asked by my boss to come up with a way to get a report of all the Windows Updates installed on a remote server that is at a client’s site and that we do not have access to.

I thought to myself that he must be crazy to think that we could even find a utility that would enable us to do that.

Well….. Apparently with the right Power Shell Commands you can do it. Here is the Syntax for the Script that you will need to save as a .ps1

$Session = New-Object -ComObject “Microsoft.Update.Session”
$Searcher = $Session.CreateUpdateSearcher()
$historyCount = $Searcher.GetTotalHistoryCount()
$Searcher.QueryHistory(0, $historyCount) | Select-Object Date,
   @{name=”Operation”; expression={switch($_.operation){
       1 {“Installation”}; 2 {“Uninstallation”}; 3 {“Other”}}}},
   @{name=”Status”; expression={switch($_.resultcode){
       1 {“In Progress”}; 2 {“Succeeded”}; 3 {“Succeeded With Errors”};
       4 {“Failed”}; 5 {“Aborted”}
}}}, Title | Export-Csv -NoType “$Env:userprofileDesktopWindows Updates.csv”

The result looks something like this:

I hope you find this post helpful and are able to use this going forward.

Network Discovery turning off after Clicking Save

So I ran into this issue with a client where Network Discovery turns off after I try to turn it on and click Save.

I then went and checked on the setting and it was sent back to off. It did not make sense what was going on.

I did some google searching and found this on the Microsoft Forum

I could end this post here, but just encase the post gets deleted, here is a list of the services that you need to make sure are Enabled and Running to turn on Network Discovery.

–      DNS Client
–      Function Discovery Resource Publication
–      SSDP Discovery
–      UPnP Device Host
Hope this is helpful for someone. 

How to tell if your users AD account password has expired

Like I said in a previous post we are dealing with the after math of a disaster so most of our Administrative tools are still offline until we get around to bringing back online. One of those tools was a real life saver and would email not only the admin team but the end users that their AD password was about to expire. So without that we are flying blind, which is not a big deal for the day to day management of our network.

Moving along I got a call the other day from one of my users who was working remote who said that he could not connect to email. So I asked him when was the last time he reset his password, which he said he did not know.

So I opened up my command line and ran the following command

net user %USERNAME% /domain

Replace %Username% with the username you want to query and it will return a ton of information about the user account including the date the password will expire. 

Scenario 001 – You have a remote user who says they are not able to connect to the VPN. Claims that their password may have expired.

So you come in Monday morning and you get a phone call from your Director of Sales who says he is unable to log into the VPN. He is on the road all week in Canada and is not able to have you remote in to see what is going on. He has 30 minutes to prep for a very important meeting and he left his powerpoint deck on his H: Drive. He also tells you that he thinks he saw a message telling him that he needed to reset his password for the last two weeks but he just forgot to do it.

How can you find out what  is going on with his account?
Since we are working with a Microsoft AD environment there are hundreds (if not thousands) of ways to find your answer. One of my favorite ways to see what is going on with a AD account is by using NET USER “Username” /DOMAIN
This command will give you every piece of information about the user account that you could want including:
  •  AD Group Memberships
  • Last time the Password was reset
  • When is the next time it can be reset.
Next time you have a chance to play with your AD Domain try familiarizing yourself with this Command as it may help you in the future. 

Install Exchange 2013 SP1

I don’t know about you but I really like where Microsoft is going with their installers these days. Back when I first stated in the field and had to install Exchange 2007 there were so many prerequisites that needed to be installed before you could even start to do the installation. They have now made it to where the system will at least tell you which items you need to install rather than send you on a wild goose chase. 
I started this particular post as documentation notes for an Exchange Server that I stood up in my Lab at work. Originally it was not meant to be a functioning Exchange server but as time went on it evolved into one. 
I am going to skip all of the previous steps about how to setup and configure your Server installation. However if you need instructions on that you can find it here:
How to build a Server 2012 R2 Server
We start with having the installation files mounted to the CD/DVD Drive.
Double Click on the blue Exchange 2013 Icon to launch the Wizard.

Of course if you at User Account Control (UAC) enabled you are going to get this message. Click Yes to continue.

Checking for Updates is optional but I always like to make sure that I am working with the latest version of the software to avoid issues (unless there is a known issue).

Once the updates check is complete you can click Next to continue.

Now you just need to be patient until the files are copied to the proper working directory or install directory. Once that completes you then have to wait while the setup is initialized.

Once all of that is done you can begin the installation by clicking Next.

Accept the licensing agreement and click Next.

You will now be presented with the option to use or not use recommended settings. For this server I went with recommended. Click Next to continue.

You will now get to choose your Server Roll Selections. The most common roles for the kind of server that I am working with here would be Mailbox role, Client Access role (not sure why they are not checked off in this image.) Click Next to Continue. 

Here you can decide what directory you would like to install the Exchange application. This also includes the default mailbox stores. Click Next to continue.

Next you have the opportunity to name your organization. You are only able to do this once and you are only presented with this screen if you do not have exchange running in your environment at all. Click Next to continue. 

If you so choose you can enable Malware protection setting which allows Exchange to scan for Malware in your emails. For me I chose no as we have other products we use for that, and this server is not accessible from the internet for email. Click Next to Continue. 

Now with all of those configurations behind you, it is now time for the readiness check. Click Install to begin. 

Once the readiness check is complete you may be presented with items that need to be resolved before you can continue. Once you have them all taken care of you can

As you can see all of the issue have now been resolved and you can now click Install to continue. 

Once you click install the setup pretty much runs unattended until it completes. If you do what I did and go out to lunch instead of taking more screenshots you may just skip all the waiting and see my next screenshot.

As you can see the installation completed and you are now ready to launch the Exchange Admin Center by clicking the check box and clicking finish.

Once you click Finish on the previous Screen Internet Explorer (or your default web browser is opened) and you are now able to log in.

Please let me know if you found this helpful in the comments below. This was a rather large guide and I paired down a few things to keep it where it is.

how to build server 2012 r2

Continuing on from my previous post on how to build a VM using the VMWare vSphere C# Client and How to Edit a VM, I figured I would use that as a segway into our next subject and take that same VM that we build and install Windows Server 2012 R2.
Now taking that same VM right click on it’s name on the left hand panel and click open console (this is a matter of preference but there any many ways to do this). Once the virtual machine console is open click on the green play button to start the VM.
Now if you follow the aforementioned posts then you should already have the .ISO with Windows Server 2012 R2 already mounted and you should be presented with the screen below. 

Select your language of choice and click next, and click install now on the next screen.
On this next screen you can select what version of Windows Server 2012 R2 you would like to install. Your options are:
  • Windows Server 2012 R2 Standard (Server Core Installation) – This is command line only and not recommended unless you know what you are doing.
  • Windows Server 2012 R2 Standard (Server with a GUI) – Great for beginners and general purpose uses.
  • Windows Server 2012 R2 Datacenter (Server Core Installation) – Same as above for Standard, however this is designed to handle larger workloads and virtualization (Hyper-V)
  • Windows Server 2012 R2 Datacenter (Server with a GUI) – designed to handle larger workloads and virtualization (Hyper-V)
For our purposes we are going to use Server 2012 R2 Standard as the end result will require us to have a GUI. Click Next

Accept the License Terms and click Next. 

On the next screen you will be given the option to upgrade your current version of Windows Server or to do a custom install. Since this is a brand new virtual machine we will need to click Custom.

You are now asked which drive to install Windows, I have selected the 60 GB drive and then click “New”. This will allow you to format the drive as right now both drives are Unallocated.

You are now given the option to size your partition, I went with the Maximum for the drive and click apply.

In standard Microsoft fashion you will get a dialog box asking if you want to really do this as it will destroy everything currently on the disk. Click OK to continue.

You will now see that Drive 0 has 2 partitions, The System Reserve  and Partition 2. (We may go into this in greater detail later) To keep my drive lettering from getting out of control, I am now taking the time to format the 2nd Drive. This is just a simple housekeeping step, you can skip it if you would like but just remember you will need to format this drive sooner or later. 

After the formatting is completed, I select Drive 0 Partition 2 to install Windows and Click Next.

Now the installation process has begun.

Once this has completed you will need to go through the startup menu which will ask for Product License, and Administrator Password. Once all of that is completed you will then be able to log in and configure your machine. 
That is all for now, I will continue to update this post with more screenshots and continue the series.