One of my Active Directory Services team collegue was mentioned as ‘co-writer’ of the CCC tool to manage Server Core in the nullsession blog from Joachim Nässlander (MVP) : http://www.nullsession.com/2009/09/22/server-core-why-you-should-care-about-it/ .
Way to go Robin Granberg 
Just read it on the ‘ActiveDir’ list :
“Official name for “Geneva”
Didn’t we already have something called Active Directory Federation Services?
Summer’s come where I live and it hit us hard and warm! Which of course is a good thing. Time for one of my favourite radio stations (STUBRU for whom it might ring a bell) to air one of my favourite songs/poems/life’s advice : wear sunscreen. I can’t resist to post the lyrics. I find them at the same time inventive, lucid and so full of truth
” Ladies and Gentlemen of the class of ’99
If I could offer you only one tip for the future, sunscreen would be it.
The long term benefits of sunscreen have been proved by scientists whereas
the rest of my advice has no basis more reliable than my own meandering experience…
I will dispense this advice now.
Enjoy the power and beauty of your youth; oh nevermind; you will not
understand the power and beauty of your youth until they have faded.
But trust me, in 20 years you’ll look back at photos of yourself and
recall in a way you can’t grasp now how much possibility lay before
you and how fabulous you really looked….You’re not as fat as you
imagine. Don’t worry about the future; or worry, but know that worrying is as
effective as trying to solve an algebra equation by chewing
bubblegum. The real troubles in your life are apt to be things that
never crossed your worried mind; the kind that blindside you at 4pm
on some idle Tuesday. Do one thing everyday that scares you
Sing
Don’t be reckless with other people’s hearts, don’t put up with
people who are reckless with yours.
Floss
Don’t waste your time on jealousy; sometimes you’re ahead, sometimes
you’re behind…the race is long, and in the end, it’s only with
yourself. Remember the compliments you receive, forget the insults; if you
succeed in doing this, tell me how. Keep your old love letters, throw away
your old bank statements.
Stretch
Don’t feel guilty if you don’t know what you want to do with your
life…the most interesting people I know didn’t know at 22 what they
wanted to do with their lives, some of the most interesting 40 year
olds I know still don’t. Get plenty of calcium. Be kind to your knees, you’ll
miss them when they’re gone. Maybe you’ll marry, maybe you won’t, maybe you’ll
have children,maybe you won’t, maybe you’ll divorce at 40, maybe you’ll dance
the funky chicken on your 75th wedding anniversary…what ever you do, don’t
congratulate yourself too much or berate yourself either – your
choices are half chance, so are everybody else’s. Enjoy your body,
use it every way you can…don’t be afraid of it, or what other people
think of it, it’s the greatest instrument you’ll ever own..
Dance…
even if you have nowhere to do it but in your own living room. Read the directions,
even if you don’t follow them. Do NOT read beauty magazines, they will only make
you feel ugly. Get to know your parents, you never know when they’ll be gone for
good. Be nice to your siblings; they are the best link to your past and the
people most likely to stick with you in the future. Understand that friends come
and go,but for the precious few you should hold on. Work hard to bridge the gaps in geography
and lifestyle because the older you get, the more you need the people you
knew when you were young. Live in New York City once, but leave before it makes you hard;
live in Northern California once, but leave before it makes you soft.
Travel.
Accept certain inalienable truths, prices will rise, politicians will
philander, you too will get old, and when you do you’ll fantasize
that when you were young prices were reasonable, politicians were
noble and children respected their elders. Respect your elders. Don’t expect anyone else to
support you. Maybe you have a trust fund,
maybe you have a wealthy spouse; but you never know when either one
might run out. Don’t mess too much with your hair, or by the time you’re 40, it will
look 85. Be careful whose advice you buy, but, be patient with those who
supply it. Advice is a form of nostalgia, dispensing it is a way of
fishing the past from the disposal, wiping it off, painting over the
ugly parts and recycling it for more than
it’s worth. But trust me on the sunscreen…”
BTW i didn’t know the history or origin of this text, only found out today : http://en.wikipedia.org/wiki/Wear_Sunscreen. This makes it even more interesting…
I like the blog post from Sander on his 3 years of blogging. Especially these excerpts :
“I’ve always believed in information equality.”
While hundreds of companies charge their customers for services with knowledge and experience as unique selling points (USPs), I’ve sat on the sideline enjoying the view. I heard these companies (most of them Microsoft Partners) complaining about shifting expectations and a changing landscape. They fear becoming obsolete, because customers wise up and Microsoft (among others) supply standard tools, frameworks and even products to replace their tools, frameworks and products. Lately even with Online Services. I’ve known information is dynamic in nature. I expected nothing less in this line of business.
“It’s why I started blogging.”
I felt information can be made available freely, without repercussions. Standard practices may be shared without cost, product pitfalls may be found easily and demos can be shown indefinitely. In the end for business it’s not information that counts, but relationships and reputation. I feel a customer should connect without you, not because he knows you’re capable of doing the job, but because you’re granted the job.
“It’s why I kept blogging.”
My employer benefits from my blog. Not in a direct financial way, but in an indirect relationship-based way. Because when I speak to a client I direct them to information I’ve shared here. Because when the (potential) customer reads the information he is reminded of the ways of his current IT partner. … and not just customers. Other IT Pros started reading this blog as well… and linking back to it. As a company we could have generated more revenue on the short term (if our sales force would be up to spec) but in the long term we’re seeing increased deal sizes, etc.
Read his ful post on http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2009/06/26/a-dream-come-true-looking-back-at-3-years-of-blogging.aspx
I hope Sander will keep on posting for a long time to come.
Still wondering where to find the download though. Nothing to download in the support kb (http://support.microsoft.com/kb/969041) or on the downloads page it refers to …
Mouthfull huh? Some background…
We introduced a couple of months ago in our main data centres a few Windows 2008 domain controllers. Mails started dripping in from our Linux/Unix friends, claiming they had authorization issues on their SAMBA systems. And if we performed any major changes lately? First of all you inquire into the more detailed nature of the actual problem. And (with the 2008 domain controllers in the back of your mind) you ask politely how their auth modules are configured. Because that last question proves to be a ballbreaker when talking to the “X” guys. They have the irritating habit of hard-coding a couple of domain controllers in there, preferably two that are configured to go down at the same time when patching No but all jokes aside it turns out their talking to one of the upgraded machines and that the get the following errors :
“[2009/02/16 08:22:14, 0] auth/auth_domain.c:(170) domain_client_validate: Domain password server not available.
[2009/02/16 08:22:20, 0] auth/auth_domain.c:(118) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine XXXXXXX. Error was : NT code 0xc0000388.
[2009/02/16 08:22:20, 0] auth/auth_domain.c:(118)”
Woops. The XXXXXXX. machine is a W2K8 one. We never took the time to investigate this properly (found some “pre-auth” messages in the security logs but what the hell, who doesn’t) as the “X” guys claimed the SAMBA systems in trouble had -and I quote- “old software versions” . They would initiate an upgrade…
One week ago we were installing a fresh 2008 forest and there the question was raised if we wanted to provide support for SAMBA? What the hell, SAMBA? And were kindly referred as well to a support article : http://support.microsoft.com/kb/942564 with the ringing title as seen above in the blog subject. So instantly the SAMBA ordeal sprung into my mind. And last but not least. During those exciting months and weeks (see above) we were contacted by some of our customers for which we upgraded their forest to a W2K8 FFL. They were not able to add machines via the RIS installation sequence anymore. MMM strange and when properly investigating (yes we did do that this time) we came upon the same ‘pre-auth’ failures as well. So we put one and two together and started adding those “Allow cryptography algorithms compatible with Windows NT 4.0.” settings to our customized domain controller policies in the customer’s forest. And bang away was the RIS problem . Once we added the same in our corporate forest , the SAMBA problem was gone as well…
Makes you wonder doesn’t it…
Downloaded Geneva BETA 2 today. Saw Stuart Kwan’s opening session on TEC 2009 and it looks promising. Will also look at the Identity Developer’s Training Kit.
Thanks to Laura (http://www.shutuplaura.com/journal/2009/5/13/ldquogenevardquo-beta-2-identity-developer-training-kit.html)
I’d like to know how many of you there are actually using the 2008 core flavour?
Reason I ask is that I have been (and still am but a bit more in the closet now) a big fan of the Core flavour in Windows 2008. It’s lean, it’s mean and it will silence some of those rabiate anti-gui groups We put 2 roles on it being DNS and ADDS, CCC it a bit and done. But then the trouble starts. I mean management of those boxes is a nightmare over WAN links whatever tools you’re using. Try it with the built-in MMC tools or WINRS… Try and troubleshoot a hardware failure on of them… Patching should be less frequent? Don’t think so. Collegue of mine calculated that for every 3 Windows 2008 FULL patches there’s only 1 for Windows 2008 CORE on average, but that still implies patching it once a month So I was convinced by my collegues that CORE doesn’t fit our scheme. Well it does when there’s reliable and performant network pipes so our major data centers with mail systems and provisioning systems eating away at our directory machines would profit from it. But then our benchmarking testing did not really show us any significant performance gain comparing Full and CORE.
Any views/comments/ideas?
While upgrading our Core ADDS infrastructure we stumbled on a problem with slaved DNS zones hosted on our Domain controller boxes. Our team manages only the AD integrated DNS zones and supports only dynamic updates but we do reach out to our DNS bind friends by slaving numerous zones mastered by BIND boxes. As we’re better geographically dispersed we can offer faster DNS response times for our users. As stated above we started migrating our core AD infrastructure to ADDS (read W2K8) and those host most of the slaved zones as a kind of redundancy scheme.
When upgraded to W2K8 DNS we noticed that those zones (zone files) were emptied at a given time. Starting to investigate my collegue found out that with every transfer from the BIND boxes the zone files became blank. Of course we immediately started pointing fingers at the BIND implementation but soon we had to revert to ourselves :
“During the DNS Zone Transfer, the secondary DNS server requests an incremental zone transfer (IXFR) of the zone. When a very large number of changes occur on the primary DNS server, the primary DNS server cannot service an IXFR query. Instead, the primary DNS server responds to the IXFR query with a full zone transfer (AXFR) response. The secondary DNS server ends the transfer because it expects an IXFR request and not an AXFR request. Because the secondary DNS server is never able to complete a zone transfer, all records in the zone on the secondary server eventually expire. This results in an empty zone.”
For mor info :
A primary DNS zone file may not transfer to the secondary DNS servers in Windows Server 2008 (http://support.microsoft.com/default.aspx?scid=kb;EN-US;953317).
Makes you wonder the Microsoft RFC compliancy, doesn’t it.
One little addition to this : if you are slaving BIND zones please make sure you check the following box :
It was enabled by default on Windows 2003
We’re in the middle of upgrading our Active Directory to Active Directory Domain Services. So to put it more simply from W2K3 to W2K8 We started out the project with taking on our QA environment and specifically our HUB infrastructure. At the moment we’re deploying core machines and we’re getting more and more excited on different levels. It’s the ease of deployment, the simplicity in handling, the expected performance gain and the low level management.
After going through several installation methods comprising the use of certain tools ( CoreConfigurator, in house built tools,…) and basic command line secretary typing ( netdom, netsh,…) we opted for using a ‘little’ batch tool from a Swedish MVP called CCC (Core Configurator Console ). Check out www.nullsession.com.
The tool was missing (from our point of view) a couple of features to be able to install and configure smoothly a Core domain controller installation :
We’ve added those and sent the feedback to the nullsession guy. And soon there will be a new release Basically what we do is an imaged install of the OS (takes about 10 minutes -ggrrreeeeaaaat), mount the CCC through the ILO and copy it to the local drive. Configure basics, promo it and we’re done…
So now our roll out procedures are up to date and were in full force. Just to make sure we catch the holidays deadline and add some power to our replication hubs.
