Albertwt

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 421 total)
  • Author
    Posts
  • Avatar
    Albertwt
    Member
    in reply to: Swapping IP of AD domain controllers with DNS integrated #318008

    Re: Swapping IP of AD domain controllers with DNS integrated

    cruachan;291208 wrote:
    Do it as soon as you’ve changed the IP, then AD replication should take care of the rest. As Ossian said, don’t do anything at the other sites unless you need to.

    https://technet.microsoft.com/en-gb/library/cc759550%28v=ws.10%29.aspx gives far more detail about AD and DNS than you would ever want to know, basically the process is that when the NETLOGON service starts on a DC it should check with DNS to ensure that it’s SRV records are correctly registered. Once AD has replicated the chnages I’d go in and manually check that all of the NS records are correct as sometimes I’ve seen the old ones remain.

    ok, so the steps below can be executed in one day without having to turn off the other DC for one or more days ?

    Quote:
    Changing Win2k3 IP address:
    1. Turn off / shutdown the Win2k12R2 server & unplug the network cable.
    2. Change IP address (to match the Win2k12R2 IP).
    3. Open Command prompt and then run ipconfig /registerdns command.
    4. Restart the NETLOGON service on the current Win2k3 server.
    5. Open Command prompt and then run dcdiag /fix command.
    6. Check the AD/DNS replication and for any other error.
    Quote:
    Changing Win2k12R2 IP address:
    1. Turn on the Win2k12R2 server without the network cable connection.
    2. Change IP address (to match the Win2k3 IP).
    3. Connect the network cable to the Win2k12R2 server NIC.
    4. Open Command prompt and then run ipconfig /registerdns command.
    5. Restart the NETLOGON service on the current Win2k3 server.
    6. Open Command prompt and then run dcdiag /fix command.
    7. Check the AD/DNS replication and for any other error.

    is there anything that I need to be aware or I missed any important steps ?

    Avatar
    Albertwt
    Member

    Re: Swapping IP of AD domain controllers with DNS integrated

    cruachan;291167 wrote:
    Make sure you run ipconfig /registerdns and restart the NETLOGON service on each DC after the change. This will ensure the DNS records are all updated for the domain (SRV records, NS records etc, and not just the Host (A) Records.)

    So the process above, can I do it in the same day or do I need to wait until the AD is replicated all the way to the rest of my DC/GC & DNS servers ?

    Avatar
    Albertwt
    Member
    in reply to: Swapping IP of AD domain controllers with DNS integrated #318006

    Re: Swapping IP of AD domain controllers with DNS integrated

    Hi Cruachan and Ossian,

    Thanks for the response, so here’s what I’d like to do the changes during ones business day.

    Since I also have around 17 other AD Sites with Domain Controller & AD-Integrated DNS on each sites, do I also have to manually logon to each of the server and restart the NETLOGON service, and manually change the AD Name Server IP address as well ?

    Please correct me if that doesn’t make sense.

    Avatar
    Albertwt
    Member

    Re: Steps in performing AD trust between parent company and site offices ?

    biggles77;290540 wrote:
    Your manager isn’t called Captain Tony is he Albert? :mrgreen: You do the research and then he heads off on his own course……..

    Don’t answer for fear of being discovered for answering an intended humorous remark. It got one of our Highly regarded members sacked several years ago (well that was their reason); the twats. :evil:

    Lol, luckilly no. I don’t work for the ‘Straya Govt :razz:

    That’s what the management decision, then… so be it, ebcause he’s the decison maker.

    Avatar
    Albertwt
    Member

    Re: Question regarding the AD Sites & Services connection between DC

    Ossian;290531 wrote:
    Yes, you should be able to

    Thanks Ossian.

    I was under the impression that all Site Office connection must be pointing to the Data Centre AD/DC servers, but it seems that it doesn’t have to be.

    So in this case, the value in the connection is dynamically changed based on KCC algorithm ?

    Avatar
    Albertwt
    Member

    Re: Question regarding the AD Sites & Services connection between DC

    Ossian;290529 wrote:
    IMHO automatic is preferable to manual as if a manually specified DC is down, replication will not work, however with automatic the KCC will attempt to find another route.
    As Wullie says, leave it alone!

    Yes, that’s what I thought so. But in this case in some of the site office Domain Controllers, I couldn’t find the connection anymore, I guess someone replaced it with the 2x static connection to the 2x Domain Controllers in the Data Centre AD sites.

    so can I just delete them both and then recreate two of the connection ?

    Avatar
    Albertwt
    Member

    Re: Question regarding the AD Sites & Services connection between DC

    wullieb1;290527 wrote:
    Have you read up on it?

    It doesn’t really matter what way that you do it.

    Why are you talking about FSMO roles? It just needs to point to a DC.

    ok, if that is the case, then I’d delete all of the existing manual connection to the DC and then recreate the automatic connection using:

    Quote:
    – delete the manually created connections
    – Right click on the NTDS setting in the respective site
    – Under All Tasks, select “check replication topology”

    Do you mean this article from MSDN: https://msdn.microsoft.com/en-us/library/bb727085.aspx?f=255

    Avatar
    Albertwt
    Member

    Re: Question regarding the AD Sites & Services connection between DC

    wullieb1;290525 wrote:
    You need to read up on the KCC, Knowledge Consitency Checker.

    I prefer to leave mine to be automatically done.

    what if I had already deleted the connection to random AD and then manually specify the AD in the Data Center AD site ? so everything is pointing to the Data Center domain controller.

    is there any preference over which FSMO role should I point it to ?

    Avatar
    Albertwt
    Member

    Re: Steps in performing AD trust between parent company and site offices ?

    Thanks all for the insight and comments regarding my question.

    My manager has decided that we go with the establishing AD trust on multiple Site Office sites because those sites will be managed by 3rd party IT service provider for the rural area.

    Avatar
    Albertwt
    Member

    Re: Steps in performing AD trust between parent company and site offices ?

    Ossian;290055 wrote:
    Each office is a separate AD forest, so if all you need is access to and from the central site, you will need one trust per office.

    If they need to also see each other, the number of trusts increases so for n offices, you will have n(n-1) trusts – remembering each has to be set up in each direction

    Ah I see, So i have to go to the parentcompanyAD.com dimainkan controller and the set the two way trust from the AD sites and Trust console ?

    My goal in this exercise is to be able to simplify the site office user to use ParentCompanyAD.comuser account to login to their workstation.

    So I no need to reconfigure the AD domain membership of the workstation and the servers.

    Is that achievable after setting the trust from the parent company AD domain controller ?

    Avatar
    Albertwt
    Member

    Re: Steps in performing AD trust between parent company and site offices ?

    Ossian;290052 wrote:
    How often are you likely to sell one of the remote sites?
    Do they need separate IT management or do you do it for them?

    The simplest long term solution is to have a single domain environment, failing which multiple child domains in the same forest. If you have to go for inter-forest trusts, you have a lot of work ahead of you

    Well, usually around one site office every 2 or 3 years if the business is not that good on the region.

    At the moment, there is outsourced 3rd party service provider on each sites to handle the hardware replacement and simple AD maintenance such as adding new DNS entry.

    The Exchange Server is not problem since I already created Terminal Server for the users of each site office to use email service.

    I just being told by the management that they don’t want to spend too many times to undo the AD setup to make them running separately.

    What sort of Inter-Forest trust that I will need to be aware of after “trusting” each of those AD domain with my AD domain in the parent company ?

    Avatar
    Albertwt
    Member

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    wullieb1;288906 wrote:
    Yes. All the groups that are created by Exchange are required in some way for the system to function.

    Cool, I’ll follow that article to delete the corrupted AD entries and then recreate the security group with setup.com /PrepareAD

    Is that the correct command or do I have to run /PrepareSchema as well before /PrepareAD on the AD Schema Master DC ?

    Avatar
    Albertwt
    Member

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    wullieb1;288902 wrote:
    Having never done it i couldn’t say.

    Following the article i posted the author never had any issues, that were reported anyway.

    There is always an inherent risk of failure when doing things like this so ensure you have a good backup.

    Regardless what the security mechanism that the Exchange Server is used.
    Does the normal working condition of Exchange server 2010 requires the following example of the built in security group to exist in AD?

    Exchange Organization Administrators
    Microsoft Exchange Security Groups
    Organization Management
    etc….

    Avatar
    Albertwt
    Member

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    Wullie,

    What’s the risk of running the setup.com /PrepareAD after editing the ADSI edit attributes ?

    I’m concerns that the steps in the blog could bring exchange server email delivery to a halt or totally stuffed my Exchange server.

    Avatar
    Albertwt
    Member

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    wullieb1;288890 wrote:
    I would hazard a guess that your org has already been schema prepped.

    Are you only updating exchange or is this a new install?

    Well I’m updating my Exchange server SP2 into SP3.
    The error was seen from my AD domain controller with Schema Master role.

    The issue seems to be stemmed from missing Exchange Server built in security group which I expect that to be replaced after executing Setup.com /PrepareAD

    So I guess in this case I will have to find some other way to recreate those missing security group.

    Avatar
    Albertwt
    Member

    Re: Exchange 2010 SP3 failed in the Organization Preparation steps ?

    Here is the error section of the ExchangeSetup.log which mentions about the error:

    Quote:
    [12/22/2014 22:12:14.0346] [1] Executing:
    initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions

    [12/22/2014 22:12:14.0377] [2] Active Directory session settings for ‘initialize-ExchangeUniversalGroups’ are: View Entire Forest: ‘True’, Configuration Domain Controller: ‘PRODDC01.MyDomain.com’, Preferred Global Catalog: ‘PRODDC01.MyDomain.com’, Preferred Domain Controllers: ‘{ PRODDC01.MyDomain.com }’
    [12/22/2014 22:12:14.0377] [2] Beginning processing initialize-ExchangeUniversalGroups -DomainController:’PRODDC01.MyDomain.com’ -ActiveDirectorySplitPermissions:$null
    [12/22/2014 22:12:14.0408] [2] Used domain controller PRODDC01.MyDomain.com to read object DC=MyDomain,DC=com.
    [12/22/2014 22:12:14.0424] [2] Used domain controller PRODDC01.MyDomain.com to read object CN=Configuration,DC=MyDomain,DC=com.
    [12/22/2014 22:12:14.0424] [2] Used domain controller PRODDC01.MyDomain.com to read object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=MyDomain,DC=com.
    [12/22/2014 22:12:15.0096] [2] [ERROR] Active Directory operation failed on PRODDC01.MyDomain.com. The object ‘OU=Microsoft Exchange Security Groups,DC=MyDomain,DC=com,DC=au’ already exists.
    [12/22/2014 22:12:15.0096] [2] [ERROR] The object exists.
    [12/22/2014 22:12:15.0111] [2] Ending processing initialize-ExchangeUniversalGroups
    [12/22/2014 22:12:15.0111] [1] The following 1 error(s) occurred during task execution:
    [12/22/2014 22:12:15.0127] [1] 0. ErrorRecord: Active Directory operation failed on PRODDC01.MyDomain.com. The object ‘OU=Microsoft Exchange Security Groups,DC=MyDomain,DC=com,DC=au’ already exists.
    [12/22/2014 22:12:15.0127] [1] 0. ErrorRecord: Microsoft.Exchange.Data.Directory.ADObjectAlreadyExistsException: Active Directory operation failed on PRODDC01.MyDomain.com. The object ‘OU=Microsoft Exchange Security Groups,DC=MyDomain,DC=com,DC=au’ already exists. —> System.DirectoryServices.Protocols.DirectoryOperationException: The object exists.
    at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
    at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
    at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget, Nullable1 clientSideSearchTimeout)
    at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
    — End of inner exception stack trace —
    at Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
    at Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
    at Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable
    1 properties)
    at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateExchangeUSGContainer(String name, ADSystemConfigurationSession session, ADObjectId domain)
    at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.InternalProcessRecord()
    at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
    [12/22/2014 22:12:15.0127] [1] [ERROR] The following error was generated when “$error.Clear();
    initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions” was run: “Active Directory operation failed on PRODDC01.MyDomain.com. The object ‘OU=Microsoft Exchange Security Groups,DC=MyDomain,DC=com,DC=au’ already exists.”.
    [12/22/2014 22:12:15.0127] [1] [ERROR] Active Directory operation failed on PRODDC01.MyDomain.com. The object ‘OU=Microsoft Exchange Security Groups,DC=MyDomain,DC=com,DC=au’ already exists.
    [12/22/2014 22:12:15.0127] [1] [ERROR] The object exists.
    [12/22/2014 22:12:15.0127] [1] [ERROR-REFERENCE] Id=443949901 Component=
    [12/22/2014 22:12:15.0127] [1] Setup is stopping now because of one or more critical errors.
    [12/22/2014 22:12:15.0127] [1] Finished executing component tasks.
    [12/22/2014 22:12:15.0143] [1] Ending processing Install-ExchangeOrganization
    [12/22/2014 22:12:15.0158] [0] The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the :ExchangeSetupLogs folder.
    [12/22/2014 22:12:15.0174] [0] End of Setup
    [12/22/2014 22:12:15.0174] [0] **********************************************

    I have tried myself to locate and delete the Microsoft Exchange Security Groups OU but somehow it is not listed in the AD user & console as both OU or as Security group ?

    My domain is a single domain forest and but I’m not sure how the Exchange Server 2010 security scheme is setup before by my predecessor.

    there was no documentation and reasoning as to why those AD security group was deleted or left hidden somewhere.

    Further investigation and search in the AD structure, I cannot find all of the following security group through the ADUC:

    Quote:
    “Exchange Organization Administrators”
    “Organization Management”

    but when I perform the Powershell list command below, it somehow listed as below:

    [PS] C:Windowssystem32>get-rolegroupmember “organization management” | ft -AutoSize

    Name RecipientType
    —- ————-
    Exchange Organization Administrators Group
    Administrator UserMailbox
    Robert Gilles UserMailbox
    Mail Security Service Account UserMailbox
    Sunil Khan UserMailbox

    [PS] C:Windowssystem32>get-rolegroupmember “recipient management” | ft -AutoSize

    Name RecipientType
    —- ————-
    Exchange Recipient Administrators Group
    IT-Helpdesk-HQ Group

    [PS] C:Windowssystem32>[/CODE][CODE][PS] C:Windowssystem32>get-rolegroupmember “organization management” | ft -AutoSize

    Name RecipientType
    —-


    Exchange Organization Administrators Group
    Administrator UserMailbox
    Robert Gilles UserMailbox
    Mail Security Service Account UserMailbox
    Sunil Khan UserMailbox

    [PS] C:Windowssystem32>get-rolegroupmember “recipient management” | ft -AutoSize

    Name RecipientType
    —-


    Exchange Recipient Administrators Group
    IT-Helpdesk-HQ Group

    [PS] C:Windowssystem32>[/CODE]

    Avatar
    Albertwt
    Member
    in reply to: Upgrading Windows Server 2003 domain controller to 2012 R2 #317992

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Ossian;287484 wrote:
    As long as you have properly demoted and removed the old DC (not a Metadata cleanup), introducing a new one with the same name will not cause you any problems

    Great. thanks for the clarification mate.

    Avatar
    Albertwt
    Member
    in reply to: Upgrading Windows Server 2003 domain controller to 2012 R2 #317991

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    ok, one last question.

    Suppose the previous server name is re used, but this time with newer OS and elected as the same Domain Controller Role, would that cause even more problem ?

    Avatar
    Albertwt
    Member
    in reply to: Upgrading Windows Server 2003 domain controller to 2012 R2 #317990

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    wullieb1;287428 wrote:
    Decommissioning properly should move the FSMO roles for you IIRC.

    Ah, so does this means that when I perform the graceful demotion using Start | run “dcpromo” in the Win200k old DC, the FSMO role would then be automatically transferred across the surviving DC ?

    is there any way to control it of which roles going to which DC or this is done automatically and intelligently ?

    Avatar
    Albertwt
    Member
    in reply to: Upgrading Windows Server 2003 domain controller to 2012 R2 #317989

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    JeremyW;287413 wrote:
    Transferring FSMO roles in 2012 with Powershell is super easy:
    Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4[/CODE]

    And not that you need it but seizing is also easy:
    [CODE]Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4 -force[/CODE]

    Each number relates to a role. More info: [url]http://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx[/url][/QUOTE]

    Yes it does looks easy. However, in my case I’m decommissioning the old Windows Server 2003 physical box domain controllers, so I guess I must do it the “classic” way.[CODE]Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4[/CODE]

    And not that you need it but seizing is also easy:
    Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4 -force[/CODE]

    Each number relates to a role. More info: [url]http://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx[/url][/QUOTE]

    Yes it does looks easy. However, in my case I’m decommissioning the old Windows Server 2003 physical box domain controllers, so I guess I must do it the “classic” way.[CODE]Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4 -force[/CODE]

    Each number relates to a role. More info: http://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx

    Yes it does looks easy. However, in my case I’m decommissioning the old Windows Server 2003 physical box domain controllers, so I guess I must do it the “classic” way.

    Avatar
    Albertwt
    Member
    in reply to: Upgrading Windows Server 2003 domain controller to 2012 R2 #317988

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    biggles77;287289 wrote:
    Considering Windows 2003 Server’s EOL is 14 July 2015, what do you think? :smile:

    Yes it is supported at the very last day I guess.

    so to transfer the FSMO role is it just using the normal ADSIedit ?

    Avatar
    Albertwt
    Member
    in reply to: Upgrading Windows Server 2003 domain controller to 2012 R2 #317987

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Hi Wullieb1,

    Does transferring the FSMO role from Windows Server 2003 DC into Windows Server 2008R2 or 2012 R2 is supported procedure ?

    Avatar
    Albertwt
    Member
    in reply to: Upgrading Windows Server 2003 domain controller to 2012 R2 #317986

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Ossian;287258 wrote:
    We need more information on structure of the environment
    The first domain in the forest needs all 5 FSMOs, additional domains need 3 of them

    When you unPromo a FSMO holder, FSMOs will be transferred but no control over where. If you want to, transfer the FSMOs to a specified DC (or several) before unpromoting the original holder

    As to where, that’s up to you, but I would keep them in the location with the most other servers and especially other DCs

    Hi Ossian,

    This environment will be just single AD domain, most of the Tier-1 production servers (Exchange, SCCM, SharePoint, SQL Servers, etc…) are all in the Data Center, while the Office building only got server room with Domain Controllers/Global Catalog serving as DNS and DHCP only.

    Do I still need to place some of the FSMO role in the office building or I can just spread those five FSMO role in the two Domain Controllers/Global Catalog in the Data Center ?

    Avatar
    Albertwt
    Member
    in reply to: Upgrading Windows Server 2003 domain controller to 2012 R2 #317985

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Thanks guys,

    What about the FSMO role placement ?

    Do I have to keep some of the FSMO role in the head office DC/GC or can I just put them all in the DC/GC servers in my primary production Data Center ?

    Avatar
    Albertwt
    Member
    in reply to: Upgrading Windows Server 2003 domain controller to 2012 R2 #317984

    Re: Upgrading Windows Server 2003 domain controller to 2012 R2

    Ossian;287228 wrote:
    Assuming new server hardware:
    Install 2012R2 Server
    Join domain
    On current DC, run ADPrep with correct switches to upgrade schema
    On 2012R2 server install AD-DS role
    Promote to DC, add DNS if needed
    Reboot etc
    Confirm all AD objects have replicated
    On 2003DC, run DCPromo to remove DC role
    FSMOs should transfer automatically

    Hi Ossian,

    Do I need to do the following ADPrep command on the following roles:

    Command Domain Controller
    adprep.exe /forestprep Schema Master
    adprep.exe /domainprep Infrastructure Master
    adprep.exe /domainprep /gpprep Infrastructure Master[/CODE][CODE]Command Domain Controller
    adprep.exe /forestprep Schema Master
    adprep.exe /domainprep Infrastructure Master
    adprep.exe /domainprep /gpprep Infrastructure Master[/CODE]

    Avatar
    Albertwt
    Member

    Re: Windows Server 2012 R2 Robocopy to migrate file server ?

    James Haynes;285084 wrote:
    ok, if im reading/understanding you, then i think that the these articles (particularly the blog link) will help. i believe that robocopy did exactly like it was supposed to. to achieve what i think your trying to do (i am not a master script writer, but am very good at following directions and performing accurate testing PRIOR to implementation, so someone may have a better idea) i am going to refer you to a KB article that was written by Mr. Robocopy with excerpts from another roboplayer, Martin Zugec (helpful blog in general) that touches on the issues that i think your having.

    their suggestion is something like the following:

    > ROBOCOPY /Mir
    > ROBOCOPY /E /Copy:S /IS /IT [/CODE]

    does that seem like its describing what your talking about? if not, im sorry for misunderstanding you, i just thought that would help you out…[/QUOTE]

    yeah, i read that page as well, but is that article still applicable to the Windows erver 2012 R2 Robocopy ?[CODE]> ROBOCOPY /Mir
    > ROBOCOPY /E /Copy:S /IS /IT [/CODE]

    does that seem like its describing what your talking about? if not, im sorry for misunderstanding you, i just thought that would help you out…

    yeah, i read that page as well, but is that article still applicable to the Windows erver 2012 R2 Robocopy ?

    Avatar
    Albertwt
    Member

    Re: When to execute SubInACL command to successfully migrate File Server to CIFS shar

    James Haynes;285027 wrote:
    if your worried about hosing something, perhaps you could work out of a temp directory and give it a go there first.

    like:

    ROBOCOPY \Server1reports \Server2backup *.* /E

    then run the ACL on the files copied to server2…

    and if it works, then try it in production.

    do you think the robocopy /MIR switch might help?

    Robocopy /MIR switch – mirroring file permissions

    that should give you the exact same file and folder permissions on both instances of data… if im understand you correctly.

    James,

    Thanks for the suggestion, so when I specify the /MIR does it deletes anything from the source file server ?

    what I can do at the moment is to experiment with the read only command since I cannot afford to lose or screw things up in the production source file server.

    Avatar
    Albertwt
    Member

    Re: When to execute SubInACL command to successfully migrate File Server to CIFS shar

    James Haynes;285001 wrote:
    i dont know where you intend to run it, so i will refer you to a syntax and explanation for the SubInACL command:

    SUBINACL.exe

    maybe you could tell us what your trying to do… like to see if the files are the admins and then to copy them, or if they arent, let the admin take them then copy via xcopy/robocopy…

    am i making sense about this not making sense? hehe, sorry…

    James,

    Thanks mate for the reply.
    What I need to know or run is the SubInACL command to take ownership of the data, should I do it before or after I do the Robocopy ?

    and then where from (source/destination server) should I execute the SubInAcl command ?

    because my problem is that in the new file server, I cannot browse to the subdirectories that is copied over.

    Avatar
    Albertwt
    Member

    Re: Explicitly change the Exchange AD Site by using Registry

    Can I just change the registry in:

    Quote:
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNetlogonParameters
    Name: HQ-Office1-Site
    Type: REG_SZ

    into the new AD site followed by issuing the Powershell command:

    Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1

    Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2 [/CODE]

    For all of the Exchange Server followed by reboot ?[CODE]Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC1 -StaticGlobalCatalogs PRODDC1

    Set-ExchangeServer -Identity PRODExcMBX1 -StaticConfigDomainController PRODDC2 -StaticGlobalCatalogs PRODDC2 [/CODE]

    For all of the Exchange Server followed by reboot ?

    Avatar
    Albertwt
    Member
    in reply to: CCR mailbox server IP address change #317979

    Re: CCR mailbox server IP address change

    James Haynes;278890 wrote:
    a little technet searching can do wonders… see if this is applicable to your situation:

    Change IP Address of CCR Cluster nodes

    Changing the IP Address of an Exchange Cluster

    this is with a 2003 OS, but still along the same lines…
    Changing IP Address Network on a Exchange Server 2007 CCR Cluster/Windows Server 2003

    does that explain the process sufficiently? are there stil;l any questions?

    Thanks for the clarification James,

    in the steps defined above, For Windows 2008 Cluster

    does that means by “Take the Exchange Cluster Groups offline” there will be mailbox offline for the company ?

Viewing 30 posts - 1 through 30 (of 421 total)