AwinishNaitik's Technical Blog

Lets continue the journey of learn & Share..

Archive for the ‘Directory Services’ Category

All stuff related to AD & AD.

AD Based Activation Over KMS Activation

Posted by Awinish on October 3, 2013


After quite long, I got some free time & decided to utilize to pen down an article, which talks about new feature Active Directory(AD) based activation introduced in Windows 8 & windows server 2012 & above.

To minimize the problem of piracy, Microsoft has announced starting from windows Vista & above, office products etc, you need to activate it even though you are using Volume licensing. Volume licensing keys are basically used by corporates to activate n number of system using similar keys instead of requiring multiple keys.

key management service (KMS) is the service which can be installed on the dedicated server or collocated with other server roles to allow activation of the volume license version windows (Vista, 7, 2008, R2 etc. )& office (2010, 2013 etc.)products within premise. This server will be installed in the internal environment & caters the local request for the volume activation & KMS service running on KMS host will in-turn contact Microsoft database & verify the key, instead of each system to be activated via phone or internet. KMS can also be installed on virtual machine. If dynamic DNS is enabled, KMS host can register its SRV records automatically & domain joint client can leverage this SRV records to find KMS host for activation. You can run multiple KMS host in the environment.

The Volume Activation Management Tool (VAMT) is a free tool that one can download and use to centrally modify the volume activation method and product key for clients. It can also helps you to track the licenses, their type & many more. The VAMT 3.0
can be used to keep track of MAK keys, KMS keys, Retail keys, OEM keys etc.

http://blogs.msdn.com/b/nickmac/archive/2010/03/09/simplify-with-the-volume-activation-management-tool.aspx

Key Management Services

http://blogs.technet.com/b/bpaulblog/archive/2010/08/22/key-management-services-confusion.aspx?Redirected=true

KMS has few downside, comparing to AD based activation of volume license version of windows operating system or office products,  you need minimum count of 25 to activate clients & for server operating system it is 5. By default, the renewal of the renewal of the key on machine happens with the KMS host automatically within the duration of 7 days & maximum duration, which client can sustain without renewal is 180 days. So, after every 180 days, you need to connect your machine or server to the KMS host to renew the key, else all sort of travel will be seen on the system. To install KMS one has to use command line interface (CLI).

Drawbacks:

  • Limitation of 25 clients or 5 server count to enable activation.
  • Installation is only via CLI.
  • For high availability, more KMS hosts are required to be installed either on VM, dedicated server or collocated server.
  • Only first KMS host register its SRV records in DNS automatically, for other KMS host, requires manual creation of the records.
  • KMS uses TCP port 1688 for client-host communication.

http://blogs.technet.com/b/askpfeplat/archive/2013/02/04/active-directory-based-activation-vs-key-management-services.aspx

Active Directory-Based Activation (ADBA)

Lets understand, what is Active Directory based activation (ADBA). In the simplest term, ADBA is an optional replacement to the KMS to perform activation of Volume license version of OS or office suites. There are certain prerequisite to get this feature available to your environment.

ADBA Highlights

  • It only works with Windows 2012 & 8 operating system.
  • DFL/FFL can be windows 2008 R2.
  • You need to modify AD schema to windows 2012 (Schema upgrade requires careful considerations).
  • 180 days renewal constraint is still applied.
  • Workgroup system will be activated on domain join.
  • For renewal, the domain joined system must communicate/authenticate to the DC once in a 180 days.
  • ADBA feature is not dependent on the single computer, it uses ms-SPP-Activation attribute to store the information in AD which is available on all the DC in the domain.
  • No more threshold requirement of 25 client or 5 servers.
  • ADBA & KMS can exists together to provide activation for the legacy Windows OS or office installation.
  • KMS with ADBA together provides benefits to the windows OS or office clients which doesn’t support ADBA method.

References for ADBA

http://blogs.technet.com/b/askpfeplat/archive/2013/02/04/active-directory-based-activation-vs-key-management-services.aspx

http://technet.microsoft.com/en-us/library/hh831612.aspx

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/12/new-features-in-active-directory-domain-services-in-windows-server-2012-part-16-active-directory-based-activation.aspx

 

Posted in Directory Services | Tagged: , | 1 Comment »

Released Exchange 2013 Role Requirement & Database Calculator

Posted by Awinish on May 15, 2013


Exchange 2013 released long back, but what was missing is Exchange role requirement & database calculators. The calculators helps in sizing the Exchange server role as well as plan the database storage design. People were waiting for the calculator as it helped in sizing and designing of the storage requirements. This was getting delayed and most awaited. The wait is over & Microsoft has released it Exchange 2013 server role as well as database sizing calculator.

http://blogs.technet.com/b/exchange/archive/2013/05/14/released-exchange-2013-server-role-requirements-calculator.aspx

The calculator can be downloaded from the below URL. More information about Exchange 2013 IO performance.

Exchange 2013 Server Role Requirements Calculator

http://gallery.technet.microsoft.com/Exchange-2013-Server-Role-f8a61780

Ask the Perf Guy: Sizing Exchange 2013 Deployments

http://blogs.technet.com/b/exchange/archive/2013/05/06/ask-the-perf-guy-sizing-exchange-2013-deployments.aspx

Microsoft Exchange Server 2013 Management Pack

http://www.microsoft.com/en-us/download/details.aspx?id=39039

 

Posted in Directory Services, Exchange | Tagged: , , | Leave a Comment »

ADAM & ADLDS Explained By The DS Team

Posted by Awinish on April 10, 2013


I was reading about ADAM & AD LDS(AD LDS is the upgraded version of ADAM ) & found the article by the DS team. It is a comprehensive article with lot of references & details which can help you to understand & implement ADAM or AD LDS.

http://blogs.technet.com/b/askds/archive/2012/11/12/adamsync-101.aspx

 

Posted in Directory Services | Tagged: , | Leave a Comment »

Final Version Of Exchange 2013 & Other Product Are Available To Download

Posted by Awinish on December 7, 2012


The final version of the Office 2013, Exchange Server 2013, Lync Server 2013, SharePoint Server 2013, Project 2013 and Visio 2013 is available for the subscriber of MSDN/Technet & through Microsoft Volume Licensing. For the retail availability, it is planned for the first quarter of 2013 release.

Its time to download & get started to understand the new feature & ready to adopt. I’ll be downloading in a days or two to instal on my system & lets see how its going to works.

Read more for office at  http://blogs.office.com/b/office-news/archive/2012/12/03/the-new-office-is-now-available-for-business-customers.aspx

Read more for Exchange at  http://blogs.technet.com/b/exchange/archive/2012/12/03/exchange-server-2013-reaches-general-availability.aspx

Read more for Lync at  http://blogs.technet.com/b/lync/

 

Posted in Directory Services | Tagged: | Leave a Comment »

Active Directory Capacity Planning Guide Released

Posted by Awinish on October 30, 2012


I was helping at the Technet forum & came to know, that there is a recent article on the domain controller capacity planning guide which was not available earlier. The white paper contains comprehensive lists along with the recommendation on virtualization of the domain controller. It specify lot of information helps in sizing Active Directory & domain controllers from RAM to processor, storage to network. Its really a very good document on the sizing of the domain controllers. It has also listed performance parameter, profile sizing etc. information.

Anyone working on the AD sizing projects, it can be really very helpful in sizing & recommending the AD infrastructure as per MS standards. It also covers vast information on the domain controller virtualization sizing & standards.

Capacity Planning for Active Directory Domain Services

http://social.technet.microsoft.com/wiki/contents/articles/14355.capacity-planning-for-active-directory-domain-services.aspx

Th content topic inside the Technet URL (referred above) has been listed below.

 

Posted in Directory Services | Tagged: | 1 Comment »

RBAC Manager R2 for Exchange 2010 SP2, Exchange 2013 Preview and Office 365

Posted by Awinish on September 11, 2012


New version of RBAC (R2 1.5.5.0)for Exchange 2010 SP2 has been released. There are improvements & addition been done into the tool. You can download the latest version of RBAC tool from the below link.

http://rbac.codeplex.com/

 

Posted in Directory Services | Tagged: | Leave a Comment »

Exchange 2013

Posted by Awinish on July 17, 2012


Its time to start learning Exchange 2013, its preview version is already available for download at below link. The final version release is scheduled for the next year.

http://technet.microsoft.com/en-us/exchange/fp179701

More information for Exchange 2013 can be found out at below link. The below link comprise of the detailed information of the Exchange 2013.

What’s New in Exchange 2013 Preview

http://technet.microsoft.com/en-us/library/jj150540%28v=exchg.150%29.aspx

 

Posted in Directory Services | Tagged: | Leave a Comment »

Renewed MVP award for Directory Services 2012

Posted by Awinish on July 1, 2012


I have been reselected as an MVP for the year 2012 in Directory Services category. The MVP award is an honor & I’m happy as well as thankful to the Microsoft for presenting this honor.

I would like to thank you all for your wishes & support.

Dear Awinish Vishwakarma,

Congratulations! We are pleased to present you with the 2012 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Directory Services technical communities during the past year.

Thank you once again.

Awinish

 

Posted in Directory Services, Misc | Tagged: | 7 Comments »

Active Directory Replication Status Tool Released

Posted by Awinish on June 15, 2012


Few days back, Microsoft has released Active Directory Replication Status Tool which has capability to analyze the replication status of the DC’s in the domain & forests. You can fetch the report either to the Excel, XPS or any other. The tool can also filter the error, help you to select the scope of the forest or domain to be analyzed, point you to the online technet references.

Specific capabilities for this tool include:

  • Expose Active Directory replication errors occurring in a domain or forest.
  • Prioritize errors that need to be resolved in order to avoid the creation of lingering objects in Active Directory forests.
  • Help administrators and support professionals resolve replication errors by linking to Active Directory replication troubleshooting content on Microsoft TechNet.
  • Allow replication data to be exported to source or destination domain administrators or support professionals for offline analysis.

The tool ADREPLSTATUS can be downloaded from the below link.

http://www.microsoft.com/en-us/download/details.aspx?id=30005

Ned Pyle from DS Team has good write-up at the below link.

AD Replication Status Tool is Live

http://blogs.technet.com/b/askds/archive/2012/08/23/ad-replication-status-tool-is-live.aspx

Few of the screenshot of the tool.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Posted in Directory Services | Tagged: | 4 Comments »

Promoting W2K12 As An DC In The New Forest

Posted by Awinish on January 20, 2012


After reading various articles, i decided to try my hands on windows 2012 server edition too. I managed to download the vhd file available on the MSDN, created the VM using Vmware virtual machine 8 workstation to configure domain controller on windows 2012. Trying to promote the server as a DC, i thought of older way running it in run box, but i was not able to locate it and i can’t see anywhere to get it on my home screen. I tried to disable Metro interface first, since it is more suitable to the mobile devices then on servers desktop.

I then tried to look for the run/cmd window again i was not able to find those to disable metro UI. I was finally able to open windows explorer and typed cmd and wohaa..its popped it out and in same windows explorer, by typing regedit, it too appeared and finally able to disable metro UI locating below registry path.

Locate  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer

Disable RPEnabled key to “0” from “1” shown in below image and to revert the setting configure the value back to “0”.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now i got classic Start menu interface which I’m used to it. Then, i tried to configure AD using DCPROMO and i received below error. From the error it is understandable that you can’t execute dcpromo directly from run or cmd and you need to first install AD role from the server manager.

 

 

 

 

 

 

Open Server manager > Click Add role > Select check mark Active Directory Domain Services, click next select all default option and click finish. DO NOT check to install install DNS server at this time as this will give you error during prerequisite check and ultimately failing the dcpromo on the server. We will be installing DNS server service at the later stage.

You need to go to the dashboard and under roles and server groups , you will see  Roles listed. Click on more in-front of configuration requirement under Active Directory domain services.

 

If you notice in below image, you will find there is faded text written as “promote this server to a domain controller”. It took more than 10 mins to me to locate this option, firstly i need to scroll towards right and its was almost hidden.

 

Once i clicked on the “promote this server to a domain controller”, i got below screen and started my configuration.

 

I clicked next to proceed, but once i reached the windows to confirm installation, i found it has not provided me the option to configure Netbios name option. So, the fact is you can’t choose netbios name in the GUI, you need to use powershell script for that.

In the below screenshot the prerequisite is complete without any error and now click on the install button.

 

 

Close the console and server will be rebooted. Now the server is Domain Controller now…Enjoy playing with AD Now.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Windows 2012 server promised to offer lot more then previous version of the OS and it is going to be a revolution for the powershell users. Few features related with AD and windows 8 are:

  • Remote DCPROMO capability.
  • Running adprep on particular FSMO role will not be required in windows 8.
  • GUI Interface for AD Recycle and fine grained password policy.
  • Virtualization aware Domain controllers means virtualizing the domain controller using image or snapshot will not be issue any more.
  • GUI can be turned on and off.
  • Troubleshooting Replication cmdlets will be available  in the powersheell.
  • Forcing group policy to single or multiple clients.
  • New file format Refs (Resilient file system) support in the windows 8 .
  • AD DS integration with Server manager console.
  • Adprep is provided as a inbuilt functionality.

 

Posted in Directory Services | Tagged: | 1 Comment »