Sunday, April 14, 2013

Windows Server 2008 + Knowing what is in your AD Tool Kit

Work in progress…

AD Recycle bin

AD Tombstoning

Video 1 of 1 (demo on restoring an AD object)

AD LDS backup (Windows Backup or dsdbutil)

AD LDS restore (Windows Backup or dsdbutil)

AD LDS editing

AD AD LDS Snapshots step by step

Video 1 of 4 (explanation of who what and why)
Video 2 of 4 (minute 6 is start of demo of process)'
Video 3 of 4 (this is video is the gold of the demo)
Video 4 of 4 (continued explanation including limitations)

Here are screen shots from my AD Snaphots Lab:

Snapshot Creation (input highlighted):


Snapshot Mount (input highlighted):

clip_image002Note: leave this window open

Snapshot View from Explorer:


Note: You may be able to restore files and folders by browsing the now mounted snapshot using explorer to copy/paste items.

Accessing Snapshot Using dsamain using port 50389 (input highlighted):


Note: You MUST leave this open till you are done working with the DB

Note: Please see unmounting instructions below

Opening mounted snapshot using LDP.exe:

Select Connection:


Enter in server name and port you assigned. In this cas 50389:


After it loads Bind the connection:


Opening mounted snapshot using ADSIedit.msc:

Select Action Connect to as shown below


Select Advanced: (demo is on same system)


Enter in the port and select OK:


You can then view the data additionally as shown below you can mount your current live instance as well and compare:


Google or Bing for “Directory Service Comparison Tools” to find tools to compare and restore from snapshots.

Unmounting Snapshot

When finished go to the dsamain command prompt window that is still open. Press Ctrl+C and close the window.

Next go to your ntdsutil command prompt window and unmount the snapshot as shown below:


Enter ? for a list of possible commands. You will likely want to delete the snapshots.


Wednesday, April 10, 2013

Server 2008 R1 Backup Setting up Email Alerts

This will provide you basic alerting based on the events you select. If you setup events for every possible backup event this will take some time. I would more likely setup the most common success and failure warning. Before proceeding you must have an SMTP server configured internally and ready to use:

Open event viewer

Select “Applications and Service Logs”> “Microsoft”>”Windows”>”Backup”>”Operational” as shown below:


Note: Before we start let me preface this with you do not want to “Attach a Task To this Log…” on the root of “Operational”, though it is possible, because it gives you NO information other than something posted to the backup operational log. So it will send you lots of emails with no information. You might as well just check the server logs daily.


So go to the Successful backup task in our event logs “Event ID 4” as shown below:


Right Click and select “Attach Task To This Event…” as shown below:





Select “Send and e-mail” as sown below and “Next”


Now this is the important part. Setup your from and to email address along with your SMTP server. The Subject Line and Text is what you want to make informative. For example [Success] Backup completed if multiple servers you may want to indicate the server name in the subject and/or the text. And select “OK” as shown below:


You will then receive the following prompt letting you know the “Scheduled Task” was successfully created:


Note: To modify the settings on these events go to scheduled tasks and edit the tasks as needed. For example if you want to change email addresses, add more details, or delete the event alert completely.

Repeat the process for other event items such as failures or running low on space and updated the subject lines to correspond with the event. Now you see why you do not want to use the blanket approach as it will just send you empty emails as the “event” itself is not in the email it is just a trigger.

For example here is the email I received (everything I need to know is in the Subject):


Note: I would recommend setting up both success and failure email rules rather than just success. If you don’t actively monitor it, it is easy to forget you haven’t received a successful email in days, weeks, or even worse months or years!

Additionally you can include failure troubleshooting steps or contact information in the alert emails such as the following for failure “Event ID 49” backup drive not found:


Server 2008 SMTP Relay through GMX as a Smarthost

Access your SMTP configuration using IIS 6.0 Manager as shown below:


Select the SMTP server as shown below:


Right Click and select Properties:


The “Access” tab is how you lock down what is sending through your SMTP server by limiting the Authentication, Connection, and Relay Settings as shown below:


For Example the setting below will only allow the address to connect to the SMTP server:


Another Example the setting below will only allow the address to relay through the SMTP server and allow authenticated is unchecked:


Now to configure our relay I assume by this time you have already setup a free email account with

Select the “Delivery” tab and “Outbound Security” as shown below:


Select “Basic authentication” and enter in your username and password as shown below and click “OK”:


Note: if using other email providers as a SMTP relay you may need to enable TLS (check with your email provider)

You should not need to Modify the Outbound Connections TCP port for GMX:


Note: If you are using other email providers such as Gmail you may need to modify the TCP port (check with your email provider)

Select the “Delivery” tab and “Advanced” as shown below:


In the “Smarthost” field enter in “” as shown below and select “OK”


Stop and restart SMTP and you should now be able to send through your SMTP server using GMX as your smarthost.

Note: you will likely have to add that email address as a non-junk non-spam address on email filtering.

Server 2008 R1 SMTP Installation

To install SMTP go to “Server Manager”>”Add Features”> and install ” SMTP”


Note: I recommend installing the feature “Telnet Client” as well to aid in troubleshooting later.

After the installation completes to manage SMTP and FTP on Server 2008 R1 you must use IIS 6.0 Manager as shown below:


When using the IIS 6.0 MMC when you open SMTP you will likely receive the error “No Such Interface Supported” . This is a common problem to fix it open a command prompt as an administrator and register the DLL’s using the following command:

C:\Windows\System32\inetsrv>regsvr32 smtpsnap.dll
C:\Windows\System32\inetsrv>regsvr32 smtpadm.dll

Close and reopen the IIS 6.0 MMC and the error should go away.

I have noticed there are some other items that are a bit off with this SMTP version such as SMTP logging does not appear to work properly. Thus the need for installing the Telnet client for testing and thoroughly locking down your SMTP environment.

Please see my other SMTP configuration tech notes on SMTP usage/relay scenarios

For more on telnet testing of SMTP: