This is a brief How To guide (the first of many) on how to migrate your existing Active Directory to Windows Server 2008.

Please note that I cannot be held responsible for any issues that you encounter when following this guide, my upgrade was done in a lab environment on a single Domain Controller running Exchange 2003.

If you do follow this and do it on a live system please, please, please run a full back up of your domain controllers and verify that the backup was successful. Even though this is a straight forward upgrade if anything goes wrong during the upgrade, you could potentially be left with a domain that NO users can logon to.

Before you start upgrading

verify that your domain controllers meet these requirements:

• The hardware meets or exceeds the requirements for Windows Server 2008.
• All hardware and software is compatible with Windows Server 2008, including antivirus software and drivers.
• You have ample disk space to perform the install.
• The current domain functional level is Windows 2000 Native or Windows Server 2003. You cannot upgrade directly from Windows NT 4.0, Windows 2000 Mixed or Windows Server 2003 Interim domain functional levels.
• All Windows 2000 Server domain controllers have Service Pack 4 installed.

Test your domain

Active Directory domains are very resilient and can continue to function even when a there are various problems e. Even if your Active Directory seems to be working properly, you might have logon delays, replication failures or Group Policy settings that aren’t being applied. These conditions can cause problems during an upgrade, so it’s crucial to resolve them now.

These tools will help you identify and diagnose any problems:

• Dcdiag.exe. Run this tool to analyse your Active Directory for common problems; it’s included with Windows Server 2003 and Windows Server 2008.
• Repadmin.exe. Use Repadmin.exe to identify Active Directory replication problems; it’s included with Windows Server 2003 and Windows Server 2008.
• Gpotool.exe. Use this tool to verify that Group Policy is consistent among domain controllers, it’s included with the Windows Server 2003 Resource Kit tools, available at http://go.microsoft.com/fwlink/?linkid=27766.
• Event Viewer. Review the Directory Services log file for errors that might indicate problems.

Prepare Your Schema

If you upgraded from Windows 2000 to Windows Server 2003 you will be familiar with the Adprep.exe tool that was located on the Windows Server 2003 CD to prepare your Forest and Domain Schema. To prepare the Schema for Windows Server 2008 you will need to run the adprep tool from the Server 2008 DVD. This is located in the Souces\ADprep Folder on the CD.

Run the following Command to prepare your domain for 2008:

• Adprep /forestprep
  
• Adprep /domainpre
  p
• Adprep /domainprep /gpprep
   
• Adprep /rodcprep
  

If you get an error during the Adprep /domainprep about the domain not being in native mode you need to raise the level of your domain and then re-run domainprep. To raise the level of your domain go into Active Directory Domains and Trusts. Right click on the domain and select Raise Domain Function Level...
 

Once you have finished running the Adprep on you domain controller, join your new Windows Server 2008 Server to your domain make sure that you have a static IP assigned to the server I am using IPv4 as to be honest know nothing about IPv6 just now, so when running dcpromo click yes to the prompt about the Static IP assignment.

Then once that has done you will have a functioning Windows Server 2008 Active Directory Server.

I put up a post on how to get Subtext to run locally on your PC, however I recently had to do a full re-installation of my laptop. and when I went to put a local copy of subtext back on during the install I got the error that you see below.

So I did a search for the problem, some one mentioned that you need to make it so the Public Key is in Caps but no that didn't work.

it turned out that it was because I had not installed the Ajax Extensions on my PC. So once I had installed them it worked no bother.

you can download the ASP.NET AJAX 1.0 from good old Microsoft

If your like me you probably find that the Internet Explorer Enhanced Security Configuration is more of a pain than anything, every time you go to a website you have to add it to the safe zone, also it can sometimes cause problems when you install software on to the server, it will not allow the software to be installed on the server. With al those implications of having it enables I turn it off, usually during the server installation.

To turn it off in Widows 2003 is pretty straight forward: Start, Control Panel, Add/Remove Programs, Add/Remove Windows Componets.

However with Windows Server 2008 the Add/Remove Programs does not exist it has been renamed to Programs and Features.

You can access the Features option several ways, going through the Control Panel, Programs and Features, Turn Windows Features on or Off or by right clicking on Computer in the Start Menu.

In the Security Option there is an Option to Configure IEESC Click on that.

You then have the option to turn the IEESC on or off for the Administrators only or both Administrators and Users.

So you have PHP and MySQL installed now but your local copy of Wordpress just isn't wanting to play ball....

Well it turns out that you need to make a few changes to your php.ini file.

if you do a search for extension=php_mysql.dll and un comment it ie delete the ; at the beginning of the line

then search further up in the ini file for extension_dir="./" and replace ./ with c:\php\ext (assuming your php is in c:\php) so it will look like: extension_dir="c:\php\ext". This tells php that the dllfor the php_mysql.dll is located in c:\php\ext.

save your php.ini

Also copy libmysql.dll from c:\php c:\windows\system32 and then restart IIS.

you should now be able to use wordpress from your local PC.

So you have installed and got PHP running on Vista/IIS 7, the next thing to do is to install MySQL. I had some issues with MySQL 5.0.51a so I stuck with MySQL 5.0.45.

Download a copy of MySQL from:

http://downloads.mysql.com/archives/mysql-5.0/mysql-5.0.45-win32.zip

Before you run the setup you will need to disable the User Account Control (UAC)

1. Open Control Panel in classic view
2. Select User Accounts
3. Click on Turn User Account Control on or off
4. uncheck Use User Account Control and then click on OK
5. Accept the restart message

Note you can enable this once everything has been installed.

Now your ready to go ahead with the MySQL installation.

Locate and extract the file you downloaded. Run Setup.exe

Follow the bellow screen shots, to enlarge click on them, if you hover your mouse over you will be given a description of what to do.

If you get an error message on the Applying Security Settings click on Retry. this message is more than likely due to the service not starting quickly enough. It will work if you hit the retry button it did for me.

Install the MySQL Administrator

1. Download the GUI Tools (Windows x86) from: http://dev.mysql.com/downloads/gui-tools/5.0.html
2. Install just as you would do with any other install (next, next, accept the license agreement etc...)
3. Run the MySQL Administrator:
   Click Start, All Programs, MySQL, MySQL Administrator
4. Fill in the details as show below (click to enlarge)
    
5. To create a new database in the MySQL Admin Select Catlogs:
   
6. Right Click in the white area under the other Schemas
   
   Select Create Schema
7. Give that new Schema a name and there you go, you have just created a new MySQL Database

I have been able to get subtext to work locally pretty easily as it uses the .net framework, but what if you wanted to play around with blog engines like wordpress or drupal on your local PC?

Answer install PHP on your IIS installation.

After searching a bit on the net I came across a blog on blogs.iis.net then went through the install of PHP on IIS 7.

I was suprised at how easy it was, here is what I did to get PHP working on Vista/IIS 7:

If you have not done so already install IIS, include ISAPI Extension component (for PHP-ISAPI) or the CGI component (if you prefer CGI).

1. Download PHP from http://php.net/downloads.php (I downloaded the Zip file)
2. Extract the files to your drive (I extracted to C:\php\)
3. Copy c
4. c:\php\php.ini-dist to c:\windows\php.ini
5. Open IIS Manager
6. Click "Handler Mappings"
   
7. Click on the "Add Script Map" in the Actions list in the left hand menu
   
8. Fill the dialog box with the following details:
   
9. I answered yes to the following message
   
10. Then that is you you, PHP will now work on your Vista PC running IIS 7.

The next thing for me to do is to try and get MySQL running so I can have a local copy of Wordpress and or Drupal.

I have been playing around with the skins that came with subtext and have decided that it was about time to really sit down and get something sorted for my site.

I have been using the default ones really ever since I set my blog up July last year (I cleared it and started a fresh in Jan this year). I had a slight variant on the Origami skin (I just changed things in the CSS) as I like the features in that like the lightbox etc....

For the last couple of days I have been playing around with it again, but this time more in depth, adding new controls to it and the like.

I have got this far now (The skin that I am using) and so far pretty happy with it, although I think it is a bit boring but functional , I had a copy of it running earlier and it just wasn't wanting to play ball, turned out it was my facebook badge that was causing the problem, so I replaced that with an image instead of the Java Script Badge.

I have a feeling that this theme will be changed and adapted continuously, as I learn new things I will add them in/incorporate them into the theme. I am a Techie by trade, but I am learning the ins and outs of web development. OK this stuff isn't much but its a start!

The added things I have put into this theme/skin are the:

• Archives Link
• Recent Posts
• Recent Comments
• Adverts

I have also changed the footer slightly to advertise Subtext (the Blog Engine), ASP.net (which is the framework Subtext Uses) and CS New Media (The hosting). In fact, for the hosting I guess I should advertise Si Philp down there too, as he has given the me hosting for this.

Any way watch out for some more changes on this Blog .

OK so this post is a little different from my usual posts, not really technical orientated, ok not technically orientated at all, however a mate (who also has kindly given me the space on his hosting) is running an Easter Comp, check out Si Philp for more info. All you need to do is grab his previous podcasts and the latest one Easter Edition.

Here is what is up for grabs:

1. 1 year UK CS New media Linux Bronze hosting - Guessing the missing tracks
2. 1 year Flickr Pro Account - Guessing the Missing Tracks
3. 1 year Flickr Pro account - Spreading the word.

The Winners will be announced 2 weeks today, so get listening .

I hope you have all had a good Easter.

So the next phase in our Mimecast implementation is the Journaling. We currently journal all email through Cryoserver (a black box forensic compliance box if you like).

I spoke with the Service Delivery Manager at Mimecast to see if we could get in on the beta testing for the snap in and he managed to squeeze us in .

I got an email from the Beta team today with the login details to log in to the portal to download the software and view the installation and user guides.

The software requires some Visual C++ Runtime Libraries to be installed and they are supposedly packaged into the zip file but they were not in mine, never the less these files were available from good old MS. so I installed the Runtime Libraries first and then installed the Mimecast Outlook Connector, a straight forward next, next next install. Then loaded up Outlook.

Within outlook if you go to the tools option and select Email Accounts/Account Settings (dependant on Outlook 2003/2007) and then in there add the new Mimecast Email Service (listed under other/additional).

Click next and then input all the required details.

Once you have inputted the details save it and then close outlook and open backup. You will then see in your email folders/tree view an extra account with your email address. In there you will see your Inbox and sent items:

Although this is still in beta I was very impressed with it as plugging into outlook as it does almost takes the need to keep your emails in outlook away. Will save us some disk space, Thanks Mimecast

But the best bit of this isn't just that feature the bit I was really impressed with was the search facility

I inputted just a simple search word ie TechRepublic and it then returned the results pretty quickly.

The Mimecast toolbar is displayed only when you are on a Mimecast folder. then from there you can search you inbox or outbox for the email. if you want to do a more advanced search you will probably be best logging on to the Mimecast Towers and doing it from the web menu but to be able to do a quick seach from within outlook is very handy.

Another thing I then noticed with the snap in was that you can drag and drop from the Mimecast folder back into your inbox/sent items, even better you can do multiple drag and drop where as with cryoserver you could only forward an individual email to your inbox at a time.

The idea is that we will switch over to Mimecast Journaling for a few weeks before we actually configure the snap-in for our users, so it can build up more internal emails and not just external emails.

So I have been using Vista for some time now on both my laptop and desktop and I have been getting to like it quite a bit, I mean it was very much like the switch from Windows 2000 to Windows XP, my initial thoughts were that it was just a nicer looking operating system.

After a few weeks I started to get to like some of the new features both aesthetically and more importantly user ability.

The one thing I noticed and liked initially was the Alt + Tab now called the Windows Flip.

Windows Flip is an updated Alt + Tab feature that now, with Windows Aero shows you live thumbnails of your open windows instead of generic icons, making it easier to identify the window you are looking for.

The next thing I noticed was when I hovered over the taskbar thumbnails, I was presented with a live thumbnail of a minimised or a window that is in the background.

The the last thing I noticed by accident was when I thought I was pressing Alt + Tab but instead I was pressing the Windows Key + Tab brought up the Windows Flip 3D. What this does is it creates a view of all your open windows in three-dimensional stack on your desktop. you can then scroll though that to and quickly locate the window you are looking for.

Ok so the problem that I was having with users being prompted for passwords I decided to put down as an ISA 2000 with SP1 issue, as that was the only service that was asking for the credentials. So with that in mind and a spare server I decided to install Windows 2003 Std and ISA 2006 Std on there.

The install was pretty straight forward, more so than ISA 2000. Once installed I installed SQLExpress as the Web Filter we use has a SQL Backend for the reporting, Surfcontrol gave me the option to install MSDE 2000, but with it being Windows 2003 and ISA 2006 I thought SQLExpress would do, I mean I could have gone the whole hog and put SQL Server 2005 Std on but come on now that would have been a bit drastic .

So with the SQLExpress and ISA installed on the Box I then threw Surfcontrol on, again the install is pretty straight forward.

I created a new alias in my domain for proxy2.domain.com to point to the server ISA was installed on, as the live proxy address was proxy.domain.com. The only difference just now was the port number. The live proxy for some reason (before I started where I am) was set to 1873 (I believe it has something to do with Celtic football club )

I imported the Surfcontrol rules from the live system in to the test system and tested it from my PC, it worked. the only thing that was really different in my proxy settings was the port, as the test system was on 8080.

So I opened up ISA Manager on the new server and right clicked on the server name as you did in ISA 2000 but where was the option to set the port??? good old MS had moved it again.

After looking through ISA 2006 Manager and right clicking here and there I eventually found it! Under the configuration Tree in Networks. if you right click on Internal and then select Properties and then the Web Proxy Tab.... hey presto its there .

It is that simple and you do not need to restart ISA, all you need to do is Apply the changes.

OK so I have had a few issues at work where for some reason or other users are prompted for their AD credentials when accessing the Internet through our proxy server (ISA 2000 with Surfcontrol 5.0). For the life of me I could not get to the bottom of the issue. I tried cleaning out her profile, deleting her profile, move her out of Group Policy and it still happened.

The same problem had happened before so the only other thing was to delete the user and recreate the account and re-attach the mailbox. The problem with this is that if you just delete the account you have to wait quite a lone time for the Mailbox to be marked as Orphaned from further investigation I found that you can manually run the Mailbox clean up agent, this is what then marks the Mailbox as Orphaned.

Every time I do this process there is still the air of doubt around as you are deleting the user account and all attributes to that user and I always think that they mailbox will disappear.

So if you want to move a attach userA's mailbox to userB all you need to do is the following (assuming userA already Exists):

Delete userA's account:

Select the User account with in AD and rick click and select Delete.

Then when Prompted for the are you sure select Yes (don't worry it will not delete the exchange objects)

The next thing you need to do is run the clean up agent. open up your Exchange System Manager (ESM) and navigate to the MailStore where that users Mailbox is located. Right click on the Mailbox folder and then select Run Cleanup Agent. This will then run and mark the Mailbox as Orphaned.

The Next thing to do is create a new user with no Exchange Attributes. Then in ESM right click on the Orphaned Mailbox and select Reconnect. Then type in the name of the user that you want to reconnect the mailbox to and press ok.

Once you have done that you will be able to log on as that user and then open up outlook and use that mailbox for that user.

over the past few years my backup servers have under gone numerous re-installs and re-names, just as they move from one site to the other or they are just too low spec server.

one of the things that started to bug be was that when you went to the drop down list to select a backup server it listed every server that you had had installed on your network.

I was recently on a backup course for Backup Exec 11d in reading and the course instructor mentioned to me how to do it, so I thought its about high time I posted it up here.

So first things first make sure all your backup jobs have finished running .

Then stop all services on all your backup servers. (Start you Backup Exec Console, Slick on the services and then enter in the name of the server of which you want to stop the services).

do that for all the servers that you have running.

Once you have stopped all Backup Services on all servers open up Active Directory Users and Computers, if you have not done so already enable the advance features from the View menu.

Then browse through the  tree to Domain Name\Builtin\computers\ In there you should see an Object called BEserver and perhaps some other BEServer Objects with strange characters after them. if you delete those objects and then re-start all the services on all Backup Servers that should then recreate the BEServer object in AD and your List of server should only be what ever Backup Servers you have running live at that point in time.

OK so I found the All Users Desktop so I thought that the Start Menu would also be in the public profile folders.... well some where in there......

....I was wrong how silly of me to have thought it would have been that easy hey! I mean what were Microsoft thinking??? that would be far too easy to put the start menu in that profile folder too.

I had a wee peek in the All Users and nope not in there either! No where could it be I wonder?

SO I decided to do a search for start menu and it returned the path:

C:\ProgramData\Microsoft\Windows\Start Menu

I mean how foolish of me not to have looked there in the first place, makes total sense does it not that the all users start menu is there!

Oh well Microsoft like to keep us on our toes hey!

where will the path be in the next version of windows? C:\StartMenuNotHere\....

Both the All Users Desktop (sorry Public Desktop) and All Users Start Menu (sorry Windows Start Menu) require confirmation to copy files to them which is a good thing (I think)

OK so I have been using Vista for some time now and really getting to like its little features, one of them being I can log on as a regular domain user with no admin rights on the Laptop and when ever i need to install something it prompts me for credentials.

So any way I was installing another laptop with Vista on it for one of our Application Developers and I was wanting to put a shortcut on the all users desktop. So I went to C:\Users (as that is where the profiles are kept these days no longer C:\Documents and Settings) and went into all users.... but there was no desktop folder . Where could it be I asked myself.

I noticed that there was a folder called "public" in the Users folder so I just thought hang on its been a great Microsoft renaming thing! and low and behold there was the Public Desktop folder. However it was showing up as Hidden.

So there you go the "All Users" Desktop is located in:

C:\Users\Public\Desktop

However it is shown in the explorer window as Public Desktop but if you do a start run and type in the path above it will take you there.