Skip to main content


Showing posts from May, 2006

mom: why do agents still send alerts in maintenance mode?

the mom product team was kind enough to (finally) remove all mystery in this blog post regarding why agents continue to send alerts even after you’ve flagged it for maintenance. In summary: management server and database updated immediately server-side responses stop suspended agent initiates configuration update cycle agent receives update that it is in maintenance mode same process is true when an agent is taken out of maintenance mode.

mom: that book is finally on the shelf...

if you missed it, the book professional mom 2005, sms and wsus is finally on the shelf. i'm still waiting on my complimentary copy so i'm not sure whether or not my name is actually on it. i don't think they put my picture on it. i can only guess that it would have made the other authors look terrible in contrast. just kidding... i don't know why and am not going to speculate (doubt that'll stop you though). i contributed about four chapters to it. if you happen to read it, take a guess at which are mine... i'd be curious to know if there's a visible difference in writing style from author to author or if the editors really are gods. by the way, pete, one of the guys at, was kind enough to write up a book review .

mom: monitoring dns synthetically...

update: this script has been rewritten.  please refer to this post .   background. let me start off by posing a question. have you looked at the dns mp? look closely. there are no synthetic tests. why is it that management packs like these are service-centric? my dns service hums right along... yet problems exist.  i'm not going to expatiate on the necessity of needing transaction-based monitoring. there are whole companies built around this philosophy. it does seem troubling to me though that the cornerstone of active directory is a healthy dns... yet the dns mp contains no such necessary rule. anyway, enough about that. foreground. i wrote a script to monitor dns. it doesn't monitor the health or catch events. you've already got all that. it simply runs a nslookup command for a list of hostnames and returns errors, if there are any. it lacks any elegance or sophistication (not that you're used to that in my scripts). maybe you noticed. maybe you didn't

misc: resources for windows powershell

references and communities: windows powershell website powershell script repository powershell developer reference powershell technet community blogs: windows powershell team arul kumaravel keith hill lee holmes marc van orsouw thomas lee

ds: how to setup mail forwarding without a contact object

hmmm, you say... never saw that before. neither had i. every reference i could locate about this topic directed me to setup a contact object to forward to. however, the talented messaging guys i work with came up with a different process. i thought i'd share it for the good of humanity. alright, so let's say you find yourself in a situation where someone leaves the company and wants [his/her] mail forwarded. here's the process you would take to make this work: gather these fields. take down this information. step 2 will blow it away. mail mailNickname proxyAddresses primary) disconnect [his/her] mailbox. put these fields back in for the user object. mail mailNickname proxyAddresses (primary from step 1) proxyAddresses (secondary - the email address to forward to) targetAddress (the email address to forward to) whenever an email comes in for [him/her], the email will forward to the new address. to elaborate

misc: multi-valued attributes and setinfo

it's a great moment when you come to understand something. understanding that you understand something at the wrong moment, however, is a point for debate. while i'm happy for the understanding, i wish it had come sooner. wrong moment by my logic is anytime you're knee-deep in a production change and "understand". :-] understanding how setinfo works with multi-valued attributes is really pretty simple. i'll blame it on "inadequate testing". to pontificate on this tidbit, if you're adding multiple email addresses, say to proxyAddresses, you can't queue up the changes and write them with one setinfo command. instead, you have to write one, commit, append another, commit, etc.

mom: resolveguid is a such a task!

isn't it though? none of the agents come configured with resolveguid set. all of this has to be done post installation, post agent rollout. there's no command-line tool or built-in task to simplify this process. at the request of one of the management mvps, i wrote a script to use as a mom task. the background: by default, when security events are picked up, the sids/guids are not resolved. if you're into resolving them manually, you're set (or manic or crazy or [insert favorite word for getting institutionalized]). otherwise, using the resolveguid registry key will automatically resolve the sids/guids. microsoft published an article about it. if you want the more (frenetic) information with a canadian sense of humor, rory has blogged ad nauseum on this topic. the foreground: i've linked to the script at the end of this blog. all you need to do is go to one of them, copy the contents into the clipboard and create a new script in mom. i used these parameters

rod trent at mms

poor guy didn't get to enjoy mms like most everyone else did. in one of his blog posts from mms, apparently rod suffered from extremely high blood pressure. he's a fixture of the systems management community and has been an advocate for products like SMS for longer than i've been working with this technology. (remember swynk?) if you have an opportunity, check in to see how he's doing and encourage him to get better! :)