How to check if a machine is physical or virtual


Check System Information

Click Start → Write msinfo32 → press Enter

The System Manufacturer and System Model items will let you know whether the machine is physical or Virtual.

Use Powershell or Command Prompt

In Powershell you can use the following cmdlet get-wmiobject win32_computersystem | fl model


virphys4

And in the Command Prompt, use this command systeminfo /s %computername% | findstr /c:"Model:" /c:"Host Name" /c:"OS Name"

Check All Servers in a Domain

Sometimes you might want to know this information about all servers in a domain, so how do you go about that? Simple, use the following Powershell script

import-module activedirectory
get-adcomputer -filter {operatingsystem -like "windows server*"} | select-object name | export-csv .\computers.txt -notypeinformation -encoding UTF8
(Get-Content .\computers.txt) | % {$_ -replace '"', ""} | out-file -FilePath .\computers.txt -force -encoding ascii
$computers= get-content .\computers.txt | select -Skip 1
Foreach($computer in $computers){systeminfo /s $computer | findstr /c:"Model:" /c:"Host Name" /c:"OS Name" | out-file -FilePath .\VirPhys.txt -append }

You will get an output like this in a file called VirPhys.txt (located in the same location as you ran the script)
virphys7

Quick way to find hotfix installation status


I know there are various methods for finding the hotfix installation status, but I felt this as very easy one.

To find the hotfix installation status on local machine:

wmic qfe where hotfixid=”KB958644″ list full

To find on a remote machine:

wmic /node: qfe where hotfixid=”KB958644″ list full

To find on list of machines:

o Place all machines into a text file(machine.txt)
o Run the below batch file

=== File name: get-hotfix-status.bat ===

echo off
for /f “tokens=* delims= ” %a in (test.txt) do wmic/Node:%a qfe where hotfixid=”KB958644″ list full

How to find the remote machine OS easily


//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js <!– 300×250, created 11/25/09 –> <ins class="adsbygoogle" data-ad-client="ca-pub-6126356977360818" data-ad-slot="3238047451"></ins> (adsbygoogle = window.adsbygoogle || []).push({}); ” class=”Adsense_Box”>

Do you ever got a requirement to findout what Operating System(OS) the remote machines has? You might say, “Ah! I am a sysadmin, it’s my daily task”. Good, how will you findout the OS, if you don’t have any sort of rights(console right/admin rights/ports access) on remote machine?

Hmm..It’s simple now!!

You might have many windows and UNIX boxes in your network. If you know one machine name and if you want to find if that machine has windows or UNIX os, try the below steps.

JUST PING IT.

Yes, right. You just ping that machine. If the TTL shows as 127 or less it is windows box and if the TTL shows 254 or less it is a UNIX box.

Test it if you don’t believe.

c:>ping windowsbox

Pinging windowsbox.mydomain.com [172.16.100.10] with 32 bytes of data:

Reply from 172.16.100.10: bytes=32 time=15ms TTL=127
Reply from 172.16.100.10: bytes=32 time<1ms TTL=127
Reply from 172.16.100.10: bytes=32 time<1ms TTL=127

c:>ping unixbox

Pinging unixbox.mydomain.com [172.16.100.20] with 32 bytes of data:

Reply from 172.16.100.20: bytes=32 time=15ms TTL=254
Reply from 172.16.100.20: bytes=32 time<1ms TTL=254
Reply from 172.16.100.20: bytes=32 time<1ms TTL=254

The thing is that windows machine will return 128 as TTL by default and Unix machine returns 255 as TTL. And this TTL will get reduced by one(TTL –) when there is just one hop between your computer and the remote box. And will get reduced by two when you have two hops…and gets reduced by N where are N hops.

How to configure your virtual Domain Controllers and avoid simple mistakes with resulting big problems

How to place FSMO and Global Catalog roles in Active Directory


During installation of Active Directory on a Windows Server 2000/2003/2008 all FSMO roles will automatically be installed on the first server. But Best Practice dictates to move some of theese Flexible Single Master of Operation (FSMO) roles to seperate servers.

If you only have one domain controller (not recommended), there is nothing to do since all roles must be on this server, but if you have multiple servers you should move some of theese roles on to more servers. It is also important to be aware of what servers are Global Catalog servers, especially if you have more than one domain and even if only one domain, they will be prefered by applications like Exchange server.

It is recommended to place the forest roles on one Domain Controller (DC) and the domain roles on another server. If not all Domain Controllers are Global Catalog servers, it is also important to place the infrastructure master on a server that is NOT a Global Catalog server.

Recommended Best Practice setup of FSMO roles.

Domain Controller #1

Place the two forest roles on this server.

  • Schema Master
  • Domain Master

Domain Controller #2
Place the domain roles on this server.

  • RID Master
  • Infrastructure Master
  • PDC Emulator

If more domains exist in the forest, place the domain roles on a server in theese domains like Domain Controller #2

Global Catalog configuration.

In Windows 2008 Active Directory all Domain Controllers are by default Global Catalog servers, personally I would recommend using the same configuration in most Active Directory Setups, unless special needs and loads with multiple domains and quite a few Domain Controllers exist.

Remember do not place the Infrastructure Master FSMO role on a server with Global Catalog enabled, unless ALL Domain Controllers is Global Catalog enabled!

Global Catalog servers have information about their own domain and a subset of often used information from all domains in the forest. This allows a Global Catalog Domain Controller to give information about other domains in the forest much faster to the client. It also means the server will use more ressources (mostly memory) in a multiple domain configuration.

Tools to administrate FSMO roles.

FSMO roles can be administrated from a GUI in the Active Directory tools or from command line with the NTDSUTIL command. If a Domain Controller is down and unable to be restored, only NTDSUTIL can be used to Seize the role on to a new server.

Microsoft have a guide to doing this here: http://support.microsoft.com/kb/324801

Global Catalog settings can be administrated with the Active Directory Sites & Services GUI, by selecting Sites/SiteName/Servers/ServerName, right click NTDS Settings and select Properties, on the General Tab click to enable or disable Global Catalog.

Microsoft have a guide to doing this here: http://support.microsoft.com/kb/313994

Repair broken Windows trust relationship between domain controller and client machine


Repair broken trust relationship between domain controller and client machine

Trust as the word indicates “Allow without fear”, the domain controller and client trust each other using a bond. Clients accept securities, policies, authentication mechanism etc. deployed in the domain controller and domain controller accepts and agrees communications from client machine. If the trust was broken, it fails the communication between domain controller and the client machine.

There are certain conditions the security bond between clients and domain controller broke, I would like to share the method that I use to fix the issue.

Better ways to fix Windows trust relationship failure issues. I cannot tell this would be a complete solution, but like to share the knowledge and effort.

First Method

  1. Disjoin the trust broken client machine from domain.
  2. Search the Active Directory computers and delete the computer account. The computer account will not be removed immediately and will be taking some time. If we suddenly rejoin the client machine, it will be picking the existing computer account for creating the bond (SID).
  3. Add the client computer back to domain.

Second Method

  1. Ensure the client machine clock is synchronized with the domain controller time, otherwise the trust relation will be having issues. The clock cannot be slow and I don’t think it will allow more than 5 minutes.

Third Method

  1. The searches the computer account in Active directory and reset the password, the computer account password changes automatically on certain period (30 days default).

Fourth Method

  1. Never have duplicate machine names in same network and apply proper SID changes if the machine were cloned.

Fifth Command Line Method

1)      Find out the domain controller that was used by the client machine.

        Netdom query dc

2)      Test the trust relationship of the machine using PowerShell command.

Test-ComputerSecureChannel –Server *dc name* -Verbose

  • If command output returns False, proceed to 3rd step.

3)      Repair the trust relationship of the client machine using PowerShell command.

Test-ComputerSecureChannel –Server *dc name* -Repair -Verbose

  • If the command output returns error message “Cannot find the computer account for the local computer from the domain controller”, go to Active directory and create a new computer account for the client machine and rerun the PS command once again.
  • If successful repaired, the command output show “True”.

repair trust relation.techiesweb.com

 

Windows Server 2008 System Requirements


Capture

%d bloggers like this: