Skip to main content

Posts

Showing posts from August, 2005

delegating lcs administration for users...

when i was told that user administration couldn't be delegated to just the domain, i refused to take that for an answer. this is Live Communications Server 2005! that means two full product releases from exchange im. if you recall, there was a lcs 2003 as well, but it didn't get quite that much play. after a few rounds, microsoft came back with an answer. admittedly, it was a little difficult to understand in the context they provided. let me see if i can make it a little easier. kind in mind, these steps are for a multi-domain forest. high-level steps: create root domain universal group delegate access to msRTCSIP objects delegate access to computer objects grant access to RTC Local User Administrators delegate access to user objects in this example, we'll use a root domain global group called RTCPerms . we need to give RTCPerms some object-level access so in order to do this, go to your root domain and navigate to dc=root,cn=system,cn=microsoft,cn=rtc s

mom server performance advisor mp - first thoughts

i've read over the readme for the spa mp. my first thoughts are that it sounds fairly intriguing. looks like it can be set to kick off a spa data collection whenever an event is detected, such as cpu sustained busy for x minutes. also could be useful to kickoff an active directory collection whenever lsass exponential memory usage is detected, for example. the only suggestion i'd have to the mp authors is... where is the task to deploy spa? certainly there must be some way to do this since it's a msi. i suppose i could hack and slash my way through the mbsa mp (do not recommend using unless you have no other vuln mgmt tool) to look at their script code to see how they setup the deployment tasks - or the exbpa mp ( very noisy, also not recommended).

my gaim messenger is going to explode...

have you seen that google has released their own messenger ? i'm very pleased that a friend of mine referred me to using gaim. it's modular enough to handle the jabber protocol that new google talk users will be using. guess that means i have to setup gaim for google talk. sigh. this is getting crazy. i have a messenger id on nearly every system, maintain severe overlap for IM friends that use two or three different types. it's always left to third-parties to join these homogenous systems together. however, that doesn't mean you can just have one messenger id and talk to someone else. you have maintain an id on every system. try to convince your friends to move off aol to msn or vice versa. whatever.

what's for dinner? i'm hungry!

i just discovered this site called restaurant.com . the motto is "eat. drink. save money". i'm cool with that. most of the certificates don't cover drinks as it turns out, though. so maybe the motto should be "eat. save money."? there's a few other gotchas. you can only use one certificate per party. you can only use a certificate at that particular restaurant once per month. there's some great restaurants on this site though... most $25 certificates cost $10. $10 certificates cost $3, etc. the certificates have stipulations like having to order $35 worth of food for the $25 certificate. anyway, i ran into this a LONG time ago but wasn't sure if it was legitimate. however, after running across this coupon code... i had to try it! anyway, it's 73639 in case you get an itch to try it yourself.

tracking inefficient queries...

update: a fellow reader suggested i check out this article from tony murray. it's good stuff, so i thought i'd drop the link here: logging ldap searches: ad & adam . so... a couple of domain controllers had runaway lsass processes today. i began to look further into the issue and figured out where excessive LDAP queries were being issued from. unfortunately, it didn't amount to anything... but the process in tracking them was pretty useful. the first thing i should point you to is Server Performance Advisor . just a fyi, as it turns out, there's a management pack that you can use with SPA... :) it's located here . alright, so spa... you're on your own. it's a little kludgy, but once you have it down, it's extremely useful for providing information. i'm not really happy about the fact that it has to leave a footprint (installed) versus just running from an executable... but what do you do? anyway, the stuff i realized in spa is that it doesn

upcoming webcasts...

here's a few webcasts i'm probably going to catch... thought i'd post it up here for anyone's benefit who actually reads this thing. TechNet Webcast: Mastering Windows Management Instrumentation (Level 200) Tuesday, September 13, 2005 - 9:30 AM - 10:30 AM Pacific Time Don Jones , Microsoft MVP, Book Author, and Founder of ScriptingAnswers.com Windows Management Instrumentation (WMI) is a robust technology for administering Windows through scripts. In this webcast, we examine how WMI works and show you the wide variety of things it can do, such as collecting information from computers and reconfiguring systems. Learn a methodology for incorporating WMI into your scripts quickly and easily. You will find out how to use the tools and utilities that can make writing WMI scripts simple and painless. http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032276552&Culture=en-US TechNet Webcast: What's New in SMS 2003

lcscmd - help!

admittedly, i'm posting this for my own reasons. want to have a place i can reference whenever i need to know the lcscmd.exe feature set. if you try to look at help, it's fairly daunting. USAGE: LcsCmd.exe /? LcsCmd.exe /batch:{input file} [/l:{log file}] LcsCmd.exe /forest[:{FQDN} /action:{action name} [Parameter 1] ... [Parameter N] LcsCmd.exe /domain[:{FQDN}] /action:{action name} [Parameter 1] ... [Parameter N] LcsCmd.exe /server[:{FQDN}] /action:{action name} [Parameter 1] ... [Parameter N] EXAMPLES: LcsCmd.exe /batch:MyBatch.xml LcsCmd.exe /forest /action:CheckForestPrepState /l:c:\LcsCmd.html LcsCmd.exe /domain /action:CheckDomainPrepState /l:c:\LcsCmd.xml /xml LcsCmd.exe /domain /action:CreateLcsOuPermissions /ou:CN=MyUsers /objectType:User LcsCmd.exe /server /action:Activate /role:SE /password:My$tr0ngPwd LcsCmd.exe /server /action:ExportServerConfig /role:SE /configFile:c:\HSConfig.xml LcsCmd.exe /server /action:ImportServerConfig /role:SE /configFile:c:\HSConfig.x

using multiple email servers

some members of the mom community have expressed an interest in using multiple smtp destinations for failover in case one or the other becomes unavailable. to my surprise, the people complaining have been mail admins! now in order to have failover, you have to have at least two instances of something running. so going on that assumption, you could do either of these bullets... bring up a load-balancer and put your smtp servers behind it. mask the name or IP to something virtual. create multiple entries in dns with the same name. point each record to a different mail server. poor man's load-balancer using round-robin records.

another stimulating thought...

so hann writes about something that a lot of people have expressed interest in... not just in MOM 2005... but during MOM 2000 days. the inherent problem is that if you modifed the DB to support triggers on certain conditions, you'd most likely lose support. the other problem is that full table scans suck. having a script running looking for changes to open alerts constantly... sounds like bad mojo.

your home is where your heart is...

i think mosby's post is insinuating that moving a blog means that you've left your home. au contraire. i've been a member of myITforum.com since swynk.com. so in case he missed my reference to moving my blog for usability reasons, i'll state it again. i moved to blogger.com because the site is functionally much better than the blog services offered on msmvps.com or myitforum.com. it'd be pretty silly to think that i've formed some kind of "home" on blogger.com. i would venture a guess that this site has no vendor allegiances and is technology agnostic. besides which, i still write articles for myitforum.com and am an active member of the email lists. what you do think?

mp notifier released ...

hann posted this little gem today. ms recently decided to release MPNotifier as a release to web. i think the original was floating around in newsgroups. anyway, for everyone's enjoyment... check the link. don't be alarmed though that mpnotifier doesn't find everything. the xml doesn't get updated like it should. eventually they get around to it though...

changing sms default behavior...

here's an interesting thing richard found. thought i'd share it. you can change the default behavior of remote roaming boundary clients... check out the link. he's always coming up with hacks like this... of course supportability is always questioned. might be on your own if you do something wrong... :)

moving my blog...

just a note that i'm moving my blog from myitforum.com/blog/moh to here! :) if you're wondering why i moved my blog, it's because blogger.com rules. the feature set is much richer and functionally, very cool. anyway, i moved all the blog content and stuff. retained the original dates... but can't say the timestamp is the same. still very much a part of the myITforum.com mailing lists and will continue to contribute articles to the site.

mom team rules...

john and i were hashing around how to submit an update to an alert object since the submit function seemed to work only when it was coupled with a create method. turns out you don't have to submit at all... you simply set the new field for the alert. check out the sample script that hann posted: http://msmvps.com/jfhann/archive/2005/08/18/63176.aspx

linking to my blog...

hann is linking to my blog again. he made some commentary about my post on update or replace MPs. i concur with his thoughts. you can check them out here: http://msmvps.com/jfhann/archive/2005/08/17/63139.aspx .

import - update or replace?

we've thrashed around the topic today on the msmom mailing list today. turns out that copying an a rule does not preserve the content of the product knowledge tab. other interesting thing to note is that the “update” feature of mp import does not retain the override criteria or threshold changes. the only thing is holds on to is disable/enable, company knowledge, and any rules you may have created for yourself. the recommendation is still to copy any rules that you plan to modify and disable the original. as long as you're going to do that, you might as well move it into its own custom rule group so that you can export them at will and import at will w/out the fear of losing any of your work. i've been using sharepoint services to maintain a list of mom rules that i've modified over the course of my history with it. oh, btw, you can copy the product knowledge to the company knowledge of a copied rule. not sure that it's the same effect... but at least you have

met with 1e today...

they have some pretty amazing tools. i am so impressed with where they've taken nomad since when i participated in their beta. they also have a lightweight desktop monitoring tool called deskmon which utilizes the sms status messages to send up info. of course smswakeup is always cool for WOL stuff. love the multi-slave model.

mom reporting server - complicated layers (baking a tall cake)...

Ran into an issue on MOM Reporting Server. After some investigation, it was all the way down at the Framework layer. If you're not familiar with MOM Reporting, it's like the house that Jack built. It requires the following layers: Windows (obviously) SQL (obviously) IIS .NET Framework SQL Reporting Services MOM Reporting Services So... if you have a failure on any one of those layers, your little house is going to come apart. For my particular situation, as mentioned before, the problem was at the Framework layer. I couldn't figure out where it was failing or how to fix it. I did the only logical thing... reinstall. Reinstalling made no changes, so I moved to the next logical step... uninstall. I uninstalled everything down to IIS. Since there were other websites running, I knew that probably wasn't it. Also, SQL was healthy as well. DTS jobs were running. SQL queries worked fine. This is when I started packing back the required components. I got .NET