USMT V3 (Beta) – Including NonStandard Files in Nonstandard Locations

Occasionally, when working with the User State Migration Tool, it may be necessary to force the scanstate and loadstate functions to find file types that are not necessarily part of a user’s standard profile.  One particular customer I’ve been working with had an explicit need to copy over an entire folder structure of QuickBooks files,…

0

Auditing DNS Record Entries (or deletions)

I got an unusual request from a customer today.  She is in an environment where everyone is currently a domain admin (not a good thing).  Although they are taking my advice and moving to a least priviliged scenario, things are sometimes slow in federations.  In any event, she suspects that other administrators are deleting DNS…

0

Anything But Native Mode

I seem to find myself having the same conversations with customers, over and over, regarding the risks associated with raising the functional mode of the domain or forest.  I could name (but I won’t) 6 customers in the past few years that developed expensive (in hours spent) contingency and rollback plans for moving a domain…

1

How does Authentication Work Cross Domain?

A question that comes up frequently involving federated customers is how does an organization need to configure its firewalls to allow users in a trusted, but not fully trusted, domain to access their resources.  Consider the following scenario: [WEB RESOURCE]—|—FIREWALL—WAN—FIREWALL—|—[USER 2][DOMAIN CTRL A]–|                               |—[DOMAIN CTRL B] User 2 wants to access a web resource in…

3

ADMT, User Profiles With Unusual Requests

I was approached with a rather unusual request.  My customer has two Active Directory domains: DOMA and DOMB.  The workstations would remain in DOMA, but the users and associated mailboxes would reside in (or be moved to) DOMB.  In addition, they needed to convert user profiles so that when the user logs into DOMB, they…

0

Getting Started with Compute Cluster Server

If you’re an infrastructure person, you’ll likely be involved in the coming months or years with one of Microsoft’s newest offerings on the Windows Server platform.  The Compute Cluster Edition (CCE) of Windows is a new version of Windows Server 2003.  The CCE is a special version of Windows, like the Web Server Edition, that…

0

Active Directory LDAP Queries

Active Directory Users and Computers (2003 version) provides a feature called Saved Queries that takes advantage of LDAP queries to find objects in Active Directory that might meet a specific condition.  When I am working with customers, I am often surprised how little use this feature gets, particularly when customers come to me with concerns…

1

The Centralized Mailbox Micro-manager and Control Problem in Federations

I am working with a politically federated customer inside a single domain.  So far, they’ve taken Microsoft’s recommendations quite well regarding delegation and centralization, but they are running into a problem that I feel is worth sharing.  Email is centralized in this scenario and the database deisgn has been built for optimal performance.  However, user…

0

Automating Port Query (portqry.exe) for Testing Connectivity

Recently, I was working with a federated customer that wanted to deploy Exchange 2003 in an environment where mailbox servers and routing bridgeheads would be separated by firewalls.  As part of this effort, it was my job to determine that we had full connectivity to every department where Exchange 2003 would ultimately be installed.  Port…

0

Political Forest and Domain Design

In my work with a large number of federated customers, the unavoidable component of Active Directory design is the age-old question of “How many forests do I need?”  This is simple to define, but challenging to discuss in the board room.  There are three types of forests: enterprise forests, resource forests, and isolated forests.  Every…

0