Skip to main content


Showing posts from 2013

top 20 posts of 2013

these posts represent the most visited pages of 2013. i realize the year is not yet closed… but no one is in the office if our office is any indication. :) understanding the “ad op master is inconsistent” alert sccm: content hash fails to match how to retrieve your ip address with powershell... how to use dropbox to synchronize windows 7 sticky notes sccm: client stuck downloading package with bit .tmp files in cache directory executing batch files remotely with psexec … sccm: custom data discovery records (DDRs) using powershell using preloadpkgonsite.exe to stage compressed copies to child site distribution points sccm: integrating dell warranty data into configmgr search programs and files no longer works in windows 7 (only shows headers) "get computer/ip status" activity throws raw socket error sccm clients fail to apply a policy list active directory subnets with powershell dsmod bug when using the –c option? using repeat count to detect a problem in a win

improvements to finding things close to you

I am a fountain of technical terms, I know. in my opinion, one of the most convenient things about active directory is the ability to locate stuff. I don’t mean searching through the directory to find an object exactly. more so, I’m referring to how you can locate things like a DFS server or a domain controller without thinking about it. I don’t have to select which DC I want to use to authenticate me, for example. if you spend any amount of time managing your active directory sites, you probably want to maximize your return on that work. managing sites is referring to the management of the site containers and objects. for instance, managing the subnets assigned to sites or the costs associated to site links would be an administrative task you might perform. if all you did was manage the subnets associated to sites, you would get the immediate benefit of clients knowing where to go to get services, but what happens if where they were going is no longer available? well, in the DFS or

loading up powershell 4.0 on windows 8.1

short answer is, you can't . it already comes with it. you can easily identify this problem by attempting to execute the windows management framework 4.0 installation. the error message you receive looks like this: make sure you read the system requirements closely! as keith hill's blog post points out, you want to make sure you have .net 4.5 installed. i believe error code 0x80096002 loosely translates to ... "you are a dummy, marcus."


i figured it was worthy of raising the CAPS. ;-) my first thought was… wow, i’m getting so old. i am thrilled and honored to be presented with this award again. i have a real privilege. aside from working with microsoft – talking to program managers, developers, leads -- i also have the distinct privilege of working with some of the best talent in system center. 10 years. wow. if you’re reading this, i hope we’ve had the opportunity to interact – in real life or virtual life. i hope through my blog, user group, forum, or some other type of exchange, i’ve been able to help you in some way (and most likely vice versa.) anyway, check it out. here’s my recognition letter: It is with great pride we announce that Marcus Oh has been awarded as a Microsoft® Most Valuable Professional (MVP) for 10/1/2013 - 10/1/2014. The Microsoft MVP Award is an annual award that recognizes exceptional technology community leaders worldwide who actively share their high quality, real world expertise with u

system center orchestrator 2012 unleashed

i completely forgot to blog about this on its release. you’ve probably already seen all my hassling about it on linkedin or twitter already so this is old news anyway, right? :) the orchestrator book is finally released. it’s available on amazon in both paperback and kindle edition. if you don’t know orchestrator yet, it’s time to learn. it’s pretty neat stuff. quite happy it’s finally out! here’s a complete description: Using System Center 2012 Orchestrator, you can capture and document processes across your entire IT organization, establishing the automation you need to deliver advanced cloud services and self-adjusting computing resources. Authored by five leading System Center experts, this comprehensive reference and technical guide brings together all the knowledge you’ll need to architect, install, implement, integrate, and maximize the value of your own Orchestrator solutions. The authors introduce current best practices based on large-scale enterprise implementations the

PowerShell: Accessing the Clipboard

Every time I do something in PowerShell, I find something else new to love. I’m pretty familiar with using “mycommand | clip” to send something directly to the clipboard. Found out that retrieving stuff from the clipboard is almost as easy: > Write-Output "crap" | clip > [System.Windows.Forms.Clipboard]::GetText() crap   UPDATE: Added the below statement because I run into this constantly when working with arrays. This splits your array on whitespaces. $myVar -split '\s+' Thank you to for this goodness on split operators.

orchestrator: ftp integration pack error

i was recently assigned some work that required automating some ftp tasks. i thought what a perfect opportunity to try out the ftp integration pack (IP) in orchestrator! after configuring the ftp options, i tried to use one of the activities and hit a problem: failed to initialize configuration object .   YOU DON’T HAVE TO READ THIS PART i don’t normally look at stack traces and know what the hell is going on so i immediately went to my crutch and starting searching the entire world of knowledge and finally landed on this post describing the exact same problem. in the end, the original poster (OP) fixed the issue by uninstalling all of his IPs and reinstalling them. that seemed like total crap to me so i dismissed it and forgot about it until yesterday when i found some time to really look at this problem.   (OR THIS) THE ANALYSIS i had two environments to work with, both not working. the first thing i tried was the OP’s fix. i uninstalled everything and reinstalled the ftp IP.

winnate: upgrading a windows 8.1 preview version to rtm

you might have missed the news, but windows 8.1 and server 2012 r2 rtm versions are available for download now. in celebration of this occasion, i draw upon your memory. remember this FULLY UNSUPPORTED little gem when you upgraded your beta version of windows 8 to rtm ? uh huh. yes, you do. use at your own risk. feeling like living dangerously? here’s how it’s done: expand the installation media or copy to a writeable location open the directory “sources” locate the file named “cversion.ini” modify the content, changing the values to: [HostBuild] MinClient=9431.0 MinServer=9431.0 now away you go. when you install, it’ll treat it as if you’re installing over windows 8, not windows 8.1 preview. :)

searching for an object by guid in active directory

before we get started, why the need for this? well, you can’t straight up search active directory for an object with a guid that looks like this: {af966e8e-7aee-4c0f-b0c8-1985de37c276}. this is referred to as “registry format.” there are two ways to do this as i will illustrate below.   the short way adfind -binenc -f "objectguid={{GUID:af966e8e-7aee-4c0f-b0c8-1985de37c276}}" handles all the conversions quite nicely as long as you specify the correct type.   the long way $myGUID = [guid]'af966e8e-7aee-4c0f-b0c8-1985de37c276' $myGUIDhex = –join ($myGUID.ToByteArray() | % { $_.tostring("X").padleft(2,"0")}) $myGUIDhex = $myGUIDhex -replace '(..)','\$1' get-qadobject –ldapfilter "(objectguid=$myGUIDhex)" switches the guid to hex and builds an value that looks like 8E6E96AFEE7A0F4CB0C81985DE37C276 and eventually \8E\6E\96\AF\EE\7A\0F\4C\B0\C8\19\85\DE\37\C2\76 which is used in the search filter.   learned a few thi

2012 r2 series: enhancements to iaas

oh man, a two-part post! that means twice the reading, twice the summarizing and twice the condensing. :/ oh well. at least all this typing will help warm up my new sculpt keyboard . :) this is the fifth post in the series. read the full post composed of iaas innovations and service provider & tenant iaas experience whenever you get around to it. this covers the first part. r2 enhancements in networking continuous availability (with in-box NIC teaming ) scvmm has ability to management network switches: extensible hyper-v virtual switch hyper-v network virtualization (hnv) ip address management (ipam) : better integration with scvmm virtual address space management granular role-based access control (rbac) enhanced dhcp management enhanced powershell support standards-based switch management – industry standard management schema to treat physical and virtual switches alike using an interface like powershell   r2 enhancements in compute quality of service

2012 r2 series: open source

i keep catching myself getting far wordier than intended in these “summaries.” i’m going to work on that! catching up though. this makes 4 of 9 in this series. remember the days when microsoft was all about NOT developing for competing platforms to edge them out of the market? well, this post titled enabling open source software is all about the loving embrace of open source.   open source with windows common engineering criteria (cec) drives consistency across products by requiring engineering compliance on a variety of factors with goals such as integration, manageability, security, reliability, etc. this same concept extends to all things cloud – private, hybrid, or public. so what’s all this cec stuff do for open source, you say? well, it means having the same goal. single pane of glass administration, things that work in one environment should translate pretty easily to another, etc. here’s things microsoft has been up to: linux community . microsoft has been pretty involv

2012 r2 series: three scenarios of pcit

  pcit. there’s that term again. it doesn’t mean personal computer though. it actually means people-centric IT. as more and more devices are born to consume cloud-based services, it makes sense for management of such devices to be cloud-based as well. part 3 – people-centric IT in action – end-to-end scenarios across products – (coincidentally) looks at three scenarios of pcit.   scenario 1: company access, personal device. company access already exists today through technology such as vpn. this is really more about giving users the ability to get to their work files on a personal device. it address some of the risks around compliance by utilizing authentication (ad fs) and encryption (work folders). 1 of course, remote wipe is a part of the scenario. the core component to scenario 1 is work folders. think of work folders as a skydrive pro for file servers. (skydrive pro is for sharepoint, in case you were curious.) work folders requires both a server 2 and a client. windows 8.

2012 r2 series: productive users and protected information

this morning’s read: part 2 of 9, titled making device users productive and protecting corporate information . here’s my summary of another incredibly long and detailed post. don’t forget to go back and get the full read. away we go. people-centric IT (pcit). addresses four key areas. users. expect to have access to all of their corporate resources from anywhere. devices. diversity is not just about controlling which models of a particular brand to use. diversity of device type continues to grow as well. diversity = complexity. apps. complexity in cross-platform management and deployment of apps. data. provide data access without while staying compliant and secure. bring your own device (byod). byod is not a trend so much as a turning point. there’s no going back. diversity of devices will continue to climb which positions companies to have to fight the trend or embrace the trend. that’s what pcit is about. user productivity. embracing byod effectively means having a he

2012 r2 series: customer scenario centricity

well, guess what? r2 is coming. you knew that already. what you might not know yet is r2 is coming october 18 , along with windows 8.1. brad anderson has also been releasing a series of blog posts to highlight all of the forthcoming changes. it’s a lot of material to read! figured i’d read along and post the high points. obviously i’m way behind since it’s a 9-part series which started at the beginning of july and is up to part 7 already. enough exasperation. let’s get started with part 1 titled beginning and ending with customer-specific scenarios . cloud-first approach . build and deploy in their cloud first then deliver to customers and partners. ms currently operates > 200+ cloud services. unified planning . client, server, system center, azure and intune all planned and prioritized together, including common release schedules and milestones. three core pillars . centric to the support and inspiration behind r2 products: empower people-centric IT (pcit) . a move toward an

misc: spotting a fake

this isn’t so much a technical post. it’s just an explanation of how to spot check a profile before you decide to accept an invitation. let’s say you get a mysterious invitation from someone on linkedin. at one point it was pretty easy to spot these but as all feats of engineering goes, things usually get better – including social. :) the new thing seems to be female profiles using attractive photos as a means of getting someone to accept the invitation. this is the easiest way i know how to spot a fake: make a copy of the photo. in windows land, you can just drag the image off the browser and drop it to the desktop. like so: next, go to google’s image search and drag the photo to the search bar – don’t think bing supports this – as illustrated below: voila. 83 results. hope you found that useful.

orchestrator: overwriting existing global configurations

if you're familiar with importing and exporting runbooks, you have most likely seen the unintrusive little checkbox under the export settings labeled "export global configurations" and under the import settings labeled "import global configurations". how about "overwrite existing global configurations"? any idea what that does? resorting to the help file, it explains the overwrite option as: Select Overwrite existing global configurations to replace any current settings with the settings in the imported runbook or runbooks. Overwriting replaces the entire set of configurations for a particular group. For example, if an imported runbook contains an SNMP activity, any current SNMP settings will be overwritten and any currently configured SNMP activities will be deleted. all this did was provide more confusion for me so i tested a few things to see exactly what i was dealing with. when you export the ois_export file, it's actually exported as xml.

ds: modifying security and the default max size limit for pictures in active directory

i started investigating storing pictures in active directory and came to the understanding that while the default size is 100kb, exchange limited uploads to 10kb. i did a little testing with my own pretty face and realized that a 96x96 image that is less than 10kb is sufficient. anyway, here's a couple of things i dug up. props to wrj for the schema location info. DEFAULT PERMISSIONS another interesting thing to note is that the picture attribute  (otherwise known as thumbnailphoto) is a part of the personal information property set . this matters because, by default, the self security principal  is granted rights to modify attributes in the personal information property set. oh no! SOLUTIONS at this point, paths diverge based on what matters to you: users can manage their own photos users adding photos will bloat the AD database if your concern is the capability of users managing their own photos, you can modify the permissions associated with the self security pri

powershell: reducing processing time (niche case)

why the caveat? it's important to note that my savings is based on switching out just a simple little thing. there's no magic here. there's no fountain of knowledge. those accolades are for the likes of snover and wilson. BACKGROUND the synopsis is simple. i was asked to create a very specific user list. the specifications were such that i had to consider custom objects to store the information. here are the requirements: must be a csv formatted file must have headers that match a specified string must contain columns even if the value is empty must decode the manager dn to the manager's employee id after spending a little time getting formatting right, i realized that performance was just terrible. i admit i created it in the laziest way possible. i mean that is what scripting is about right? saving time?  DEFINING CRAZY for processing a thousand users and creating a thousand custom objects, it was okay since the span of time was relatively short. when

powershell: retrieving warranty data

...or as dell would say ... "entitlements". first of all, check this out: . dell has a webservice that you can use to pull down warranty information on your system. there are three arguments you have to provide to make this work: guid application name service tag the only key piece of information is the service tag. the other two arguments will accept any piece of data as long as it's the right type. let's examine each of these for a quick second. guid the easiest way to generate a guid is by using the newguid() method as such: $guid = [guid]::parse("11111111-1111-1111-1111-111111111111") application name set this to whatever string value strikes your fancy. (do people say that anymore?) service tag this is the part actually drives the context. provide your service tag (some call it asset tag, some call it serial number, etc) as the third argument and away you go. if you want to pul

powershell: an array of alphabets

i wish i could remember where i found this particular gem. as you know, it's crazy easy to create an array of values if they're integers such as: [1] {C:\temp} > $a = 1..10 [2] {C:\temp} > $a 1 2 3 4 5 6 7 8 9 10 but what about when you want an array of alphabetical characters like a through z? it's not as simple as defining the range as a..z. instead, you have to call the char type as shown below: [7] {C:\temp} > $alphabet = [char[]]([char]'a'..[char]'z') [8] {C:\temp} > $alphabet a b c d e f g h i j k l m n o p q r s t u v w x y z

powershell: retrieving directories in the current path

hard -- obscure if you don't know the calls, aren't familiar with programming (basically, me) []::GetDirectories($(get-location)) medium -- not so bad when you know what to look for get-childitem | where-object { $_.mode -eq "D----" } get-childitem | where-object { $_.PSISContainer -eq $true } get-childitem | where-object { $_.Attributes -eq 'Directory' } easy -- at least there's no bracketing or positional parameters to worry about get-childitem | where-object psiscontainer -eq $true easiest -- near parity with cmd shell, provided you use shortcuts get-childitem -directory

misc: snmp device simulator (free, yes free!)

in case you missed it, jalasoft just dropped a new tool called the xian snmp device simulator . going by the details, it might take you longer to type the name than to run the utility -- especially since most of the configuration is all wizard-driven. it supports snmp v1, v2 and v3, and it simulates myriad devices including: Cisco Switches Cisco Router Cisco Firewalls Cisco VPN Concentrators Cisco Wireless devices 3Com Switches HP Pro curve Switches F5 Big Ip Nortel APC UPS whether you're an operations manager 2007 shop, an operations manager 2012 shop, or don't use operations manager at all, this tool will still be valuable for testing snmp. over the years, simulating snmp has come up many times so it's great to see something this nice -- for free! if you want details, click HERE to check out their blog post.

misc: diffie-helman key exchange

while in a cert authority class, the instructor mentioned the diffie-helman key exchange and showed us this picture using paint colors as a way of expressing how this works. the math just makes me dizzy. anyway, the paint color thing kind of makes sense …

atlanta techstravaganza 2013

greetings. ATLSMUG (atlanta systems management user group) is proud to be one of the co-hosts of the atlanta techstravaganza event once again! we have well over a hundred attendees which makes a great networking opportunity. hope to see you there!   here’s a few things of note: Keynote speaker Mark Minasi – The New Windows: What to Do and When to Do It 16 great sessions in 4 tracks — System Center, Windows Server Infrastructure, PowerShell, and Hands-on-Labs for Hyper-V and Azure Speakers — Ed Wilson, Greg Cameron, Brian Huneycutt, Butch Waller, Tommy Patterson & other Microsoft experts Breakfast, lunch, and snacks provided! Great prizes to be won — including the grand prize of a Microsoft Surface RT! Friday June 21, 2013 8AM to 4PM Microsoft Campus, 1125 Sanctuary Pkwy, Alpharetta, GA   more information and registration link is available at:

microsoft desktop optimization pack 2013

i am well aware I should have not missed this but somehow overlooked it. a service pack was released with mdop 2013 that addresses some issues with agpm (advanced group policy management) 4.0. it’s been a long time coming. it looks to be more functional than actually addressing some of the deficiencies in agpm. it’s still good news since i was under the impression ms would scrap agpm at some point since its adoption rate is low. if you missed it, here are some other products that were updated: AGPM 4.0 SP1: Brings powerful change management for Group Policy to Windows 8, making it easier for organizations to keep enterprise-wide desktop configurations up to date, enabling greater control, less downtime, and lowering total cost of ownership (TCO). DaRT 8.0 SP1: Accelerates desktop repair by adding support for 10 additional languages. It also includes a new Defender engine to better assist organizations in discovering malware. App-V 5.0 SP1: Helps organizations use virtually any

scep: tampering with anti-tampering

i understand both sides of why people believe this needs to be done. this article outlines a measure microsoft implemented to keep service controls outside of administrative fingers for endpoint protection to keep people from messing around with services. as you might know, this is very silly wall to put around a service. as an administrator, you own the box. if you understand how to read SDDLs and change them to suit your needs , then you can very easily modify it with your administrative credentials to remove that paper wall, -and- coincidentally, you might want to pick up this skill since in some scenarios (read as: mine) the very product that manages endpoint protection (system center configuration manager) fails to update to CU1 because of its inability to stop the microsoft antimalware service. <sigh> i guess you could uninstall the product. that seems safer. :/ this is akin to putting in safeguards such as making sure i am running an installation with my domain admin a

sccm: the required permissions for creating collections

i had modeled a concept for how i wanted to lay out permissions only to find out the permissions i created for managing collections was wrong – specifically, the creation of collections. after spending some time messing around with sccm 2012 (configmgr for you purists), i was able to work out the exact requirements for creating collections. what a pain since there is no documentation for what the permissions actually perform ! (admittedly, most of it is self-explanatory just by the permission name itself.) after doing a little digging (referred to some as trial and error), it turns out that a specific permission, modify folder , is required. by all appearances as blogged by others , it seems this is a bug. i didn’t bother to go into the bug tracker to figure out where this was in the development cycle. at any rate, keep that in mind. you’ll need it. so, with the following permission set: create read you basically get a slap across the face. there is no visible dialog to create a