Windows Server 2003

128K

Solutions

29

Articles & Videos

59K

Contributors

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Share tech news, updates, or what's on your mind.

Sign up to Post

Patch Pic
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server 2003 and 2008 - Both 32 and 64 Bit installs.
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is required to start the all services normally
0
 

Expert Comment

by:Praveen Patten
Comment Utility
Super Jinesh
1
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
0
coud
Learn about cloud computing and its benefits for small business owners.
0
 

Expert Comment

by:Vipul Sharma
Comment Utility
Nicely explained...Cloud computing provides many features such as device independence, ease of use, Multi-user accessibility, that help business to be more efficient in their operations. Though these enticing features are that small businesses specially adore, if you have not switched to cloud yet you must be aware of these mistakes that many businesses do while switching to cloud: http://www.acecloudhosting.com/blog/3947_avoid-mistakes-when-moving-to-cloud/
Hope this might help. Again, Thanks for such a worthwhile read.
Cheers.
0
 

Expert Comment

by:Nirmal Kant
Comment Utility
I really liked this article because I have very small business in Virginia Beach and I was always curious to know about this cloud technology. I am still running on old system and would like to upgrade it for the entire office and members so my work can be more efficiently and in synchronized way. My business is not online but i love to read about it these days and I am also in a communication with few strategy consulting firms like http://introviz.com/ and strategycio and they say moving to cloud would be the best option but how to know their how good their cloud support is? Should i completely rely on what they say? Please suggest
0
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
1
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around the world.

A recent survey by Spiceworks shows that in Asia Pacific alone, almost 60% of organisations are still running at least one instance of Windows Server 2003 (as of March 2015). Although this figure has dropped from almost 65% in June 2014, it is still a huge number of 2003 servers with only 3 weeks to go.

Gartner states that there are over 8 million Windows Server 2003 instances in operation and 20% of those will miss the EOS date. That will leave around 1.6 million servers with no more security patches, no vulnerabilities fixed, and no more support for problems that may arise.

AppZero surveyed Fortune 1000 companies and reports that the majority of these companies won't finish their migration from Windows Server 2003 before the EOS date. Other key figures from the AppZero survey showed:
 
  • Almost half (47%) are not aware of the EOS date or have no plans (yet) for remediation
  • Only 21% of respondents have a remediation plan in place
  • Security compliance and vulnerability management remains the largest concern (>50%)
  • Fully one quarter (25%) of respondents still have more than 500+ Windows Server 2003 machines
 
I work at a firm who also still have around …
4
 
LVL 3

Expert Comment

by:awed1
Comment Utility
Some bright programmer should figure out a process to envelop older but in every way adequate Operating Systems into a security shell/sandbox? that will protect them from security vulnerabilities and still allow them to run. I imagine that many of the owners of those 1.6 million 2003 servers would rather pay for such a sandbox/shell than migrate. An enterprising person or team could make 100 million overnight, and free a lot of clients from some of the stranglehold that they find themselves in. If after you make the 100 million mark and want to thank me for the idea, I'd be glad to take a cut!
0
With the withdrawal of support for Windows Server 2003 this summer, many clients face the issue of moving away from their 2003 installs. There are a few options out there that many people/companies are selling. But the clients I have, haven't wanted to spend a lot or tip their toes into newer tech (such as Azure). So based on those projects here is my step by step guide to take a Windows Server 2003 File Share server, backup the data using Robocopy, rebuild the same physical server with Windows Server 2008 R2 and again using Robocopy, more the data and more importantly the file permissions back.
 

What you will need


  1. Somewhere to store the files that need to be migrated. The last few times I have run a project like this I used a 6TB External WD Drive
  2. Licenses. The client needs to have the correct Windows Server licenses in place
  3. Hardware that the client is happy to run the 2008 R2 servers on. The last few times I did this, the hardware was new enough that I was able to re-use the same hardware
  4. Robocopy - The beauty of Robocopy is that you can copy the existing file shares from the server and preserve the file permissions. You can run it multiple times and each time Robocopy will copy the files it missed the last time (great if running the task in hours)
 

Recommendations

I would highly recommend planning, even the smallest of migrations. You need to consider:

  1. Hardware
  2. Software
  3. Licenses
  4. RAID Configurations
  5. How the logical drives should be made up
 

Short task list:


  1. Plan
  2. Plan
  3. PLAN
5
I know there are lots of articles out there about how to connect PHP to MS SQL. But I was having issues with it connecting to a remote MS SQL. After a week of research and trial and error I got the answer I couldn't find anywhere, so I decided to share my experience with everyone.

This is the setup we have

SERVER A - Windows Server 2003 32 Bit IIS6.0

SERVER B - Our DB Server is on a separate computer running Windows Server 2008 64 Bit MS SQL 2008 R2 64 Bit

I have installed the following version of PHP:

PHP 5.3.10 Build Date Feb 2 2012 20:26:31 Compiler MSVC9 (Visual C++ 2008) Fast CGI (Non Threaded Safe)

PHP worked fine on static pages, but the issue was when trying to connect to MSSQL.

I had SQL Native Client 2008 installed, I've installed it more than once. I checked and the DLLs were in the system32 folder.

This is the extensions I'm loading. Official Microsoft Driver for PHP version 2.0.

[PHP_SQLSRV_53_NTS_VC9]
extension=php_sqlsrv_53_nts_vc9.dll
[PHP_PDO_SQLSRV_53_NTS_VC9]
extension=php_pdo_sqlsrv_53_nts_vc9.dll

When running a phpinfo I could see the sql extension being loaded correctly, so all good so far. I was using this script to connect or give me error to sql:

<?php
$serverName = 'DBSERVER';
$connParams = array('UID'=>'UID', 'PWD'=>'PASSWORD', 'Database'=>'DATABASENAME','ReturnDatesAsStrings'=> true);
$conn = sqlsrv_connect($serverName, $connParams);
if(!$conn){

Open in new window

0
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.  

However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have not installed. Here is a quick checklist for you to prepare to make your updates go smooth and seamless.  

First, have updates set on the WSUS server to download automatically.  What this provides is a minimal amount of administration.  

Second, set a group policy for computers on a domain to install and restart in off peak hours daily.  

Third, disable the group policy setting “shutdown and install updates” on the shutdown menu, and do not set it to as the default options.  You will have a ton of helpdesk calls if you do not do this especially if your users are used to have their PCs on when they come in to work.

Fourth, build a test group and move your computer into that group.  Build an automatic approval rule for updates for test group, and verify you have no issues for a week before you approve for the rest of the company.  

Fifth, I would set the poll rate for minimum of three hours.  

Sixth, stay on top of the updates.  Do not go more than a month without checking them.

Seventh, do not set servers to automatically install the updates, just have them download the updates.  Then manually install them during your maintenance cycle.  This should get you moving in the right direction.  

Eighth,
2
 
LVL 5

Author Comment

by:Michael Christly
Comment Utility
Sorry about that Mark,  I will pay more attention next time.  Thank you for the feedback.
0
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that.

In this Article I'll show how to deploy printers automatically with group policy and then using security filtering to only deploy the group policy to members of a particular security group.

To follow these steps I will be assuming that you have already setup a windows print server. In the example below I have used a windows 2003 virtual server in a 2003 AD Domain.

Install the printer on the print server as you would any other network printer. Create a new global group that will be given access to the GPO and thus the printer

Then create your GP object:
Create a new GP object with appropriate name
Go to User ConfigurationWindows Settings – and open Logon
Click on showfiles (Fig 1)and copy the file pushprinterconnections.exe into there (52KB)
Figure 1

Then click add and on script name type in pushprinterconnections.exe  (Fig 2) and click OK
 Figure 2
Giving appropriate access:
In the GPOE select the OU the GPO is under and expand on the left until you can click on the GP (fig.3)

Figure 3On the right hand side on the scope tab look below to see Security Filtering
Remove "Authenticated Users"
Add the global group you want to give access to the Group Policy
Deploying the printer on the print server:
In the printer management console right click the printer and click Deploy via group policy(fig 4)

 Figure 4
Click Browse
2
 
LVL 3

Expert Comment

by:rxdeath
Comment Utility
sorry i re-read my comment and it came off way more negative then i intended, i should have asked, what the advantages of your way vs over the login script way.

our environment has about 30 offices that logon to our tserv, and based off their 3 letter office code (matching the name of the logon script), everyone in that office gets the same printers.  so would this maybe apply to my situation better if i had someone in an office that might have special needs/restrictions, or travels to other offices in our company?  or possible an office setup that isn't a free love about their printer setup as we are?  i'm just confused because it seems like adding a gpo is the same amount of work as a quick login script, and (i know i'm a wuss)  i don't like fiddling with gpos

thank you for your time and being nice even though even i think i sounded like a jerk at first :)
0
 
LVL 7

Author Comment

by:eugene20022002
Comment Utility
It would apply in an environment in where you need to have more control. Where not all users in a department share the same printer. Perhaps different departments or offices have different budgets. For example sometimes a user or group of users would abuse a printer and this way its much easier to simple remove them from a group than to create a whole new OU just for them.
Sometimes you may only want certain people to have access to the expensive color printer , and this way it would be as simple as adding or removing them from a security group.
This way takes a short while to setup if you want to do things right the first time, but once you did , managing them afterwards would be easier.
0
Get 15 Days FREE Full-Featured Trial
LVL 1
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Scenerio:
You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit license code you receive the message "Already Activated"

Solution:
If you know your server ID and are willing to call and talk to Tech support, they can reissue a new key for you to use.

However, there is an easier way that involves no phone calls. I will outline the process below.

You will need your server ID. Make sure that the Terminal Server Role has been added and activated (outside the scope of this article).

Log onto your server. Click on Start -> All Programs -> Administrative Tools -> Terminal Server Licensing
 Start -> All Programs -> Administrative Tools -> Terminal Server Licensing
If your server does not show up but you have added the role, you may see a message like this:
 No server found
Click on Action -> Connect
 Click on Action -> Connect
Then enter in the name of the Terminal Service Server, in this example the name is RDPSERVER. If you don't know the name of your server, you can find it by clicking on Start -> All Programs -> Administrative Tools -> Terminal Server Manager
 Terminal Service Server
Right Click on the server name and select Properties.
 Right Click Properties
On the first tab (Installation Method) change your Installation Method to Telephone. Select the country and then click OK.
 Installation Method
Now right click on the server name again and choose Install Licenses.
 Install Licenses
8
 

Expert Comment

by:mcpl_at_ee
Comment Utility
Just just just gr8! info... thanks a ton for this all efforts...

0
 

Expert Comment

by:Christian Daguin
Comment Utility
I ran into issue on Server 2012 R2 with "This license is already activated"  Very frustrating situation to be in and was lucky to stumble upon this page!

Great work... Made my life EASY and SAVED me too!!!

Thank you!
~Christian
0
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 2003 Standard Edition.

Everything setup and ran fine, but I wanted to lock down the user account that was used for running the POS. I could use the native Local Group Policy Editor (gpedit.msc), but the interface isn’t that great, and the policies affect all users unless you do some registry tweaks. To solve my problem, I turned to Windows SteadyState.

Windows SteadyState, successor to the Shared Computer Toolkit, is designed to make life easier for people who set up and maintain shared computers. Unfortunately, it’s only available (and designed for) Windows XP and Windows Vista. When you try to run the setup on Windows 2003, you get an error saying that it’s not designed for this operating system. Well, I wasn’t going to let that stop me!

Windows XP and Windows 2003 are very similar. There really isn’t any reason why it couldn’t work on a server operating system, it’s just not very likely you would ever need to. In case you’re like me, here’s what I did:

1) Get a copy of Microsoft Orca. Orca is a database table editor for creating and editing Windows Installer packages and merge modules. This tool is only available in the Windows SDK Components for Windows Installer Developers
2
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP servers in short time or our DHCP server is in location where network connection is very slow? Do we have to configure it manually? Do we have to be patient and waste our valuable time? Answer is: NO, we can use a command-line tool which is available on each Windows 2003/2008 server. It’s very powerful utility and it’s simple in use.

If our server has installed DHCP service, we can configure it remotely from command-line using netsh command.

Before we start configuring server, we need some details:

Hostname or IP address of DHCP server(s)
Scope IP address (Network ID) and network mask
Scope name
Description for scope
IP pool for scope
Any IP reservation
Any IP exclusion
Default gateway IP address
IP address of DNS servers
Domain suffix name
IP address of WINS servers (if required)

In our example we use:

192.168.1.1 as DHCP server IP address
192.168.1.0/24 as network ID
TestScope as scope name
“This is my test scope” as description
192.168.1.100 – 192.168.1.149 as scope’s pool
192.168.1.125 reserved IP address for device with 00-03-EF-15-9A-6B MAC address
192.168.1.130 – 192.168.1.134 as excluded IP addresses
192.168.1.254 as default gateway
192.168.1.10 and 192.168.1.11 as DNS servers
2
 
LVL 2

Expert Comment

by:Vivek Reddy
Comment Utility
Hi,

try this Steeps

C:\Users\Administrator>start /w ocsetup DHCPServer
In Windows Server 2008 Core, the Role name is “DHCPServerCore”. So, in Windows Server 2008 Core installation, it is
C:\Users\Administrator>start /w ocsetup DHCPServerCore
Set DHCP Service to be Automatic
By default, after the role is enabled, the Service is still disabled. Hence Set the type to Auto as follows
C:\Users\Administrator> sc config dhcpserver start= auto
Start the DHCP Server
C:\Users\Administrator>net start dhcpserver
Add DHCP Server and Authroize in AD
If the DHCP server is installed in an Active Directory domain, you must authorize it in Active Directory. Now, let’s use the netsh commands to setup the server and configure the relevant parameters.
C:\Users\Administrator>netsh dhcp add server dc1 192.168.0.5
Adding server dc1, 192.168.0.5
Command completed successfully.
Where DC1, is the DHCP Server and the IP Address follows it
Add DHCP Scope
C:\Users\Administrator>netsh dhcp server 192.168.0.5 add scope 192.168.10.0 255.255.255.0 Scope1 Scopevlan10
Command completed successfully.
In the above the
DHCP scope – 192.168.10.0 255.255.255.0
Scope1 – Scope Name
ScopeVlan10 – Comment for the scope
Syntax is
netsh dhcp server 192.168.0.5 add scope <Subnet> <Subnet mask> <ScopeName> <Scope comment>
Set Scope IP Range
C:\Users\Administrator>netsh dhcp server 192.168.0.5 scope 192.168.10.0 add ipra nge 192.168.10.1 192.168.10.254
Changed the current scope context to 192.168.10.0 scope.
Command completed successfully.
Here the IP range is 192.68.10.1-192.168.10.254 for the scope 192.168.10.0
Syntax is
netsh dhcp server <Server> scope 192.168.10.0 add iprange <StartIP> <EndIP>
Add Exclusion Range
Add any IP Exclusion ranges if any.
C:\Users\Administrator>netsh dhcp server 192.168.0.5 scope 192.168.10.0 add excluderange 192.168.10.1 192.168.10.25
Changed the current scope context to 192.168.10.0 scope.
Command completed successfully.
Here the exclusion list has the range between 192.168.10.1 to 192.168.10.25
Syntax is
netsh dhcp server <Server> scope <Scope> add excluderange <StartExclusion> <End-Exclusion>
Set Option Code 003 for Default Routers
Set the option Code 003 and specify the Gateways
C:\Users\Administrator>netsh dhcp server 192.168.0.5 scope 192.168.10.0 set optionvalue 003 IPADDRESS 10.1.1.1 10.1.1.2
Changed the current scope context to 192.168.10.0 scope.
Command completed successfully.
Here the gateways are 10.1.1.1 & 10.1.1.2
Syntax is
netsh dhcp server <Server> scope 192.168.10.0 set optionvalue 003 IPADDRESS <Gateway1> <Gateway2>
Set Option Code 006 for Default DNS Servers
C:\Users\Administrator>netsh dhcp server 192.168.0.5 scope 192.168.10.0 set optionvalue 006 IPADDRESS 192.168.0.5 192.168.10.1
Changed the current scope context to 192.168.10.0 scope.
Command completed successfully.
Here the DNS Servers are 192.168.0.5 & 192.168.10.1
Syntax is
netsh dhcp server <Server> scope 192.168.10.0 set optionvalue 006 IPADDRESS <Primary DNS> <Secondary DNS>
Activate DHCP Server Scope
Now, the relevant DHCP settings are complete. Lets activate the Scope
C:\Users\Administrator>netsh dhcp server 192.168.0.5 scope 192.168.10.0 set state 1
Changed the current scope context to 192.168.10.0 scope.
Command completed successfully.
This should help you up and running with DHCP in less than 5 minutes. You can always modify from command line or by using DHCP MMC later on!!!
0
Hi,

While preparing for MCSA/MCSE, I realized that some terms are easily confused and taken for granted by alot of people looking to certify and understand Windows Networks.

This paper simplifies learning some key-material, every MCSA / MCSE should know.

NOTE: This is a compilation from Other Authors, the original material is under the reference part of document.  

All these topics are still Relevant for people seeking to Understand Windows 2008 Server. MCSA-MCSE-Frequently-Confused-To.doc
0
 

Expert Comment

by:Niall_Kelly
Comment Utility

Hi there,

  Thanks for the article, I'm at the edge of starting the MCSE home study course, there is so much confussion / contradictions out there. Would love some advice in relation to the MCSE, i.e what are
the best elective exam paths to choose, the best books to buy, is the MCSE still worth it in 2010...

Look forward to more information,

Thanks,

Niall Kelly
0
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop.

Interesting thing was the fact that the process for each particular case always took almost exactly the same time and the second interesting observation was that after the logon is processed there is no obvious issue with the session's performance.

So we decided to take on a terminal server to diagnose this situation. I researched about the issue to see what other people have done about this. Also the fact that I deliberately choose terminal server means I have more then one user to compare the log on process.

So the case server was selected, a Quad Processors, 8GB RAM capable of handling 15 users of intense workload.

We went on to do a lots of test, I wanted to share the results but this post is going to get to long for that, may be a second part.

Right now, this post will identify the possible solutions of the slow logon and some steps involved to achieve that.
 
It was identified that Microsoft User Profile Hive Cleanup service is very useful in clearing the memory hive of  users who did not log off properly.

It was identified that the basic command chkdsk /f is important in tool in clearing disk errors that effect the user profile loading at log on.

We used delprof.exe, a very good tool to
4
 

Expert Comment

by:1w3
Comment Utility
Hi

The "process monitor " does not run after logoff and logon.Any ideas ?

Thanks
0
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup using NT backup utility, it might fail reporting:
   Error returned while creating the volume shadow copy:0xffffffff

VSS backup mainly depends on the state of the VSS Writers on a particular Windows server.  To check the writer status, run the following command:

   VSSADMIN LIST WRITERS

This should display the writers along with its instance IDs and status like Delayed, Retrying, Failed, etc.  If this command executes successfully and returns nothing then it indicates the writers are not being picked up or recognized and hence VSS backups would fail.  If the command prompt appears to freeze and does not return any output, it indicates that there is some issue with the VSS writers on that server.

To troubleshoot this you could do the following on the Windows server:

Run CHKDSK and to figure out if there is any issue with the file system, and if yes, then run the same in read-write mode
Register (re-register) the 12 DLLs as recommended by Microsoft in
    http://support.microsoft.com/kb/940032 
Reboot the server and try the “VSSADMIN LIST WRITERS” command again.. still doesn’t look good?
Open registry editor (Regedit) and delete the following
     
3
 

Expert Comment

by:cmp119
Comment Utility
I am having major issues with Windows Server Backup on a SBS 2011 server.  If I reboot the VSS writers are all good.  When I attempt a full back it fails.
0
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs, with the result being that for each event of interests, an SNMP trap will be sent to your SNMP processor.


SNMP

The assumption is that you already have SNMP services (SNMP Service and SNMP Trap Service) configured. Installation is beyond the scope of this exercise, but if you research it at Microsoft or drop me a line you should be able to do this quite easily.
------------------------------------
WARNING: You should ALWAYS secure SNMP by retricting communities to READ-ONLY and allowing only authorized IP's to query SNMP on your deployed systems.
See the following for more details:
http://support.microsoft.com/kb/324261
http://technet.microsoft.com/en-us/library/cc959637.aspx
------------------------------------
This is not really rocket science, but here is high level approach to setting this up (these are the steps I've followed to set my own).

1

Ensure SNMP is installed and configured

2

Open Windows event log and filter events (application, security and system) with filters of your choice - Warning and Errors, Errors only, Failure audit, etc).

3

Locate the event you are interested to alert with an SNMP trap as soon as it occurs.

4

Start-up evntwin.exe from the system32 folder.

5

8
 
LVL 38

Expert Comment

by:younghv
Comment Utility
croitoru,
Good information for a wide variety of SysAdmins out here.
Thank you for putting it together.

"Yes" vote above.
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Very good article. i am going to try this out.

Yes Vote
0
by Batuhan Cetin

Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home. It is common that we forget some of them. One of the most frustrating things is we sometimes forget critical information which we did not write down on a piece of paper because it is critical! Domain administrator password is one of this kind. This article will guide you through the steps to reset the domain administrator password. Oh don't forget the milk, if you do, noone can help you to recover the damage that your wife will cause to your brain.

Please note that I have tested this in a test environment and personally seen that it worked. Changing the domain administrator password may cause some services in your environment to fail because of the password mismatch. Consider changing the password of all services or software that uses domain administrator account to operate. I do not take any responsibility of any damage caused to your system when following this article. However, if you have problems regarding this, I will gladly help you in EE forums.

We will be using the "INSTSRV SRVANY" command tool provided in Windows Server 2003 Resource Kit. You can download the resource kit here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en

In this …
5
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Gentlemen,

This is a great article and an issue that I have been asked about on numerous occassions.  

I would like to point out an area I feel is in need of clarification.

Under Prerequisites, you state, "We must have access to a domain controller using its local administrator password,"  I feel this statement requires clarification for several reasons (and I mention them only because from an inexperienced Admin the terminology can be very unclear) stated below:

1)  During the promotion of the first server in an organization to a Domain Controller, the local Administrator account and password become the Active Directory Administrator account and password.  This account is part of Domain Admins, Schema Admins, Enterprise Admin, etc. by the process of DCPROMO.  
2)  Unless specified directly, the "local" Admin password is NOT necessarily the same.  The DSRM (Directory Services Restore Mode) password can be set independently of the newly converted Admin account.
3)  By default, the AD Administrator password is not used (nor allowed) to be used to log in during DRSM mode unless specifically set in the Default Domain Policy.

I believe it is important to mention that what was once perceived as the local Administrator password may not work if it wasn't set the same during DCPROMO on that server.  Subsequent servers that are promoted to DCs will also require a DRSM password which is independent of any other previous DC’s DRSM password unless specifically set identical.

Otherwise, this article is perfect.

Paul
0
 

Expert Comment

by:Knowledgeable
Comment Utility
Does this also work for Server 2012 R2?

Or what is the process for resetting a Forgotten Domain Administrator Password within Server 2012 R2?

What online resources or Experts Exchange articles or solutions discuss this?
0
by Batuhan Cetin

In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment.

These steps are not necessary in a Windows Server 2008 environment as described in this article. In Windows Server 2008 and Windows Server 2008 R2, removing a failed DC computer account from the Active Directory Users and Computers console will automatically cleanup the server metadata.

DCPROMO is the tool provided by Microsoft to promote a server to the domain controller role or demote a domain controller to a member server. It creates the necessary records in AD when promoting and deletes them when demoting. However, if you have a failed DC you cannot gracefully demote from AD, or you try to remove a DC from a domain and fail or promoting a server to DC and fail, you will find this article helpful. The data left over in AD will cause some serious problems. You will continuously get replication errors, you will not be able to setup another DC with the same name... and so on.

What motivated me to write this article is a replication problem I encountered for one of my clients. Let me tell you the story and start then. I was going to setup a test environment for one of my client's System Center Configuration Manager (SCCM) deployment scenario. They have two DCs in their …
6
 
LVL 32

Expert Comment

by:Robberbaron (robr)
Comment Utility
worked for me.  the hand holding and being able to see the expected response gave me the confidence to do this.  worked perfectly, including DCPROMO back up to a DC.
0
 
LVL 11

Author Comment

by:BatuhanCetin
Comment Utility
Hi robberbaron,

Glad to hear that this article is still helping people after years :)
0
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

A coworker and I recently ran into a problem where one of our Windows 2003 servers just dropped off the network for apparently no reason at all.  The server was up and running happily, with no apparent problem, except it was completely unresponsive -- exactly as if a network cable were unplugged.  The server has a pair of on-board Broadcom NICs with each one connected to a separate switch in a two-switch stack and teamed for load-balancing and failover.

The server dropped out off sometime during the day before.  We poked around in the Event logs around that time, but found nothing related to networking.  Of course, the patch cables were fine and it was highly unlikely that both switches, Cisco 3750's, were faulty.  Our network engineering team checked the port configuration on each switch, and not only were they configured correctly, but their laptop worked fine when configured with the same IP address and connected to the same ports.

It is obviously not a network problem, so our focus turned back to the server itself.  We uninstalled the NIC teaming software and configured one of them to have a proper IP address.  No cigar.  Perhaps the TCP/IP stack somehow became corrupt?  So we reset TCP/IP by executing the following command:
netsh interface ip reset C:\ipreset.log

Open in new window

This required a reboot, and as we stared impatiently at the POST progress, we began to grow happy that our six-hour ordeal might be over.

Wrong.  After all that, we still had made …
1
 
LVL 7

Expert Comment

by:eugene20022002
Comment Utility
I didnt use this myself but nice article. I know that "eureka feeling when you finally get it right :-)
0
Let's say you are going through your server's event viewer logs, under START>>Control Pannel>>Administrative Tools>>Event Viewer>>system logs and you see a lot of errors saying:

--Event ID 1030- Windows cannot query for the list of Group Policy objects....
--Event ID 1058 - Windows cannot access the file gpt.ini for GPO....

Well, events 1030 and 1058 are very generic errors and can be caused by one of many different reasons. I often see questions at Experts Exchange on how to overcome these events. I don't have all the answers, but have helped out a lot of people diagnose and fix these events. Since this is a frequently asked question with a bunch of different fixes, I hope to steer you in the right direction on how to troubleshoot and fix your error with this article.

ABOUT GROUP POLICIES:
Without going into too much detail, Group policy objects, when created, are basically:
1) saved within the Sysvol folder of the Domain Controller (DC);
2) then replicated as a DFS (Distributive File shares) using FRS (File Replication Service), or DFSR (Distributive File Share Replication) between domain servers using DNS as the communications protocol;
3) then like all DFS (Distributed File Shares) shares are distributed out using NetBIOS.  

If you run into a problem within one of these three stages, you will run into event log errors 1030 and 1058. These two events are just symptoms, not the problem. So, if you get into the roots of the three stages a number of …
22
 
LVL 38

Author Comment

by:ChiefIT
Comment Utility
DFSR uses DNS to replicate. However, even in 2008 server File replication default is FRS, that also uses DNS. But, it's the Distributive File Service (DFS) that's using Netbios resolution for broadcasts. There is an article from Microsoft to use DNS for DFS. That makes for a more solid domain Group policy in VLAN and multisite or Forest, where you have more than one broadcast domain.
0
 

Expert Comment

by:Eprs_Admin
Comment Utility
I also have the error 1058, but just on my TS server.
The gpupdate on all other servers are ok just on my TS server noct.
Any ideas ?
0
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server.
We would only need to create and run scripts using this utility to meet the purpose. Scripts could be used to set / reset things like Password, IP, Subnet Mask, etc.
To demonstrate an example, lets try to reset a servers ILO password using this utility.

Please bear in mind, the utility would first need to be installed on the server and you need to be able to connect to the server either by RDP/VNC/etc. for this to work.

This utility comes handy with the servers Proliant Support Pack (PSP) however you could also get it from
HPONCFG

Script:
Create a file named "resetilopwd.xml" on the server and open it with notepad. Paste and customize the following code and save it in the directory where the utility is installed:
 
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN=Administrator PASSWORD=ANYTHING>
<USER_INFO MODE=write>
<MOD_USER USER_LOGIN=Administrator>
<PASSWORD value=newpassword/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>

Open in new window


The field where we have the text 'ANYTHING' could not be left blank as the utility needs the 'PASSWORD' parameter to run. Hence, even if you do not know the existing password, just put anything in it as the password here does not need to be correct.
Replace 'newpassword' with whatever you want the new password to be.

Script Execution:
3
 

Expert Comment

by:darkbluegr
Comment Utility
lets add this link to our ilo auditing resources
http://practicaladmin.wordpress.com/tag/locfg-pl/
0
 
LVL 1

Expert Comment

by:gbrayut
Comment Utility
You can also reset the password via SSH into the iLO and using the following command:

set /map1/accounts1/root password=NewP@ssword

Some versions might use /map1/accounts/ instead of accounts1. Combining this with common scripting tools like sshpass means you can easily automate the process.
0
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.  

In addition to these user centric areas for storage, departments or projects have disk space on the network reserved just for them.  This allows files within a project or in a department to be accessed by all the employees working on that project or within a department.

Suppose my company has a folder on the network for the Accounting department.  One of the employees there creates a workbook in Excel for use by everyone.  Time goes by and the new workbook is being used by everyone, but the Accounting manager keeps getting emails from IT that there are multiple copies of the file on the network and that he should work with his team to determine which is the most current, and most accurate.

Another common use of file duplication is the old fashioned telephone directory; you know the one where it lists the names, extensions, and cell numbers of all the employees company wide.  The document itself isn't too bad, but every time the thing is changed, the owner of the file emails it to everyone so they can save a copy in their own folder for later reference.  

These are two examples of file clutter that can be found in what I would guess is the majority of corporate computer networks in existence today.  

So there is
1
So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake.

You can use Robocopy from the Windows Server 2003 Resource kit tools to accomplish this.  (The resource kit tools can be found here:  http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en)

The following command will MIRROR a source directory with a remote directory.  Be CAUTIOUS because the following will not only copy source files over, but if source files/folders get removed it will then remove them from the remote/destination directory (hence the term "mirror").
 
"C:\Program Files\Windows Resource Kits\Tools\robocopy.exe" "\\SOURCESERVER\FOLDERTOMIRROR" "\\DESTINATIONSERVER\DESTINATIONFOLDER" /MIR /LOG+:"c:\robocopylogs\mirror.log.txt"

Open in new window

 

1. Create Log Directory


Create c:\robocopylogs to hold the log files

2. Modify command with inputs


Change the above command snippet inputs (ie. change \\SOURCEFOLDER\FOLDERTOMIRROR to reflect your source folders/files to mirror) You will need to change source and destination for your needs.  It can be a folder or files.  A folder will end up mirroring everything in that folder (files/subfolders/subfiles).

3. Run Command


Put the command into notepad and save the file as a .bat.  Then doubleclick the batch file to run the command.  The log file in the command will be appended to each time.

4. Optional: Schedule command

2
 
LVL 8

Expert Comment

by:Senior IT System Engineer
Comment Utility
Thanks for posting man, so how to make the Robocopy skip the files and folder that already exist or created in the destination folder ?

So when I execute the same script the Robocopy app just copy the differences only ? or the deltas.
0
Preface
Having the need
* to contact many different companies with different infrastructures
* do remote maintenance in their network
required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are not designed to be accessed from a network, you have to use a NAT capable solution.
In this article I will show how to manage all parts of the necessary configuration tasks.

Prerequisites
This solution requires that the VPN client or dial-out software creates either a pseudo-dynamic dial-out interface, as with PPTP, L2TP and ISDN, or a static network interface (e.g. Cisco VPN Client). Additionally, the LAN has to stay functional while connected - this might be an obstacle, as some VPN clients cut off network access as long as the connection is open (no-split-tunneling policy).

The client or connection can only be routed starting from XP onwards, as we need a NAT capable Remote and RAS (RRAS) service. Client OS like XP and Vista do not support a GUI for RRAS administration, only server OS do (Windows 2003, 2008) - so you have to manage them with netsh.

The solution was implemented on XP for OpenVPN Clients, and on W2003 for ISDN, PPTP, L2TP, and VPN clients from Cisco and Phion. The configuration methods for XP can be used the same way with W2003.
Since the lack of RRAS GUI on XP and Vista the configuration of a dial-out connection on that OS (using netsh) can be painful, I do not recommend that.


Configuration
1
 
LVL 70

Author Comment

by:Qlemo
Comment Utility
I (still) recommend to use W2003 (R2). Sadly, W2008 and above changed the way the interfaces are presented to RRAS, and I could not manage to make any of the interfaces created by 3rd-party VPN clients visible to the routing/NAT engine.

Juniper's JunOS Pulse can be added to the VPNs testified to work with RRAS.

Not working are:
Cisco AnyConnect Secure Mobility Client  (the SSL VPN replacing the IPSec one, which is EOL now)
Juniper Network Connect (SSL VPN)
0

Windows Server 2003

128K

Solutions

29

Articles & Videos

59K

Contributors

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).