Backing up Active Directory in Windows Server 2012 R2 with Powershell

Backing up Active Directory in Windows Server 2012 R2 with Powershell is now really easy thanks to the Windows Server Backup cmdlets provided in Powershell. Windows Server Backup allows you to create a Scheduled backup or a one time backup. In this example, I’ll be doing a one time backup but scheduling via a scheduled task to allow for more flexibility and I’ll be backing up the system state of the server.

The first thing that you will need to do if you haven’t done so already is to install the Windows Server Backup feature.

Once that is done, below is a little script that I created for myself that will backup a server’s system state. If this is a domain controller, you could use the system state backup to restore Active Directory if needed.

Here are some screen caps of what it looks like when it is running.

To finish things off, you can then create a scheduled task to run the script at a time you would like.

I’ve already created a post to show how to create a scheduled task using Powershell. You can find that here.

For further information or to checkout the material I used to create this script please click on the following links: –

Windows Server Backup Cmdlets in Windows Powershell
http://technet.microsoft.com/en-us/library/jj902428.aspx
Using Windows Server Backup Cmdlets
http://technet.microsoft.com/en-us/library/dd759156.aspx
Windows Server Backup Step by Step Guide for Windows Server 2008 R2
http://technet.microsoft.com/en-us/library/ee849849(WS.10).aspx

 

 

Skydrive Error 0x800705B4 on Windows 8.1

Every now and then I get a Skydrive error 0x800705B4 on Windows 8.1. It seems to happen with Word or Excel documents a lot. It’s a little painful because I normally then have to fire up another computer to access the file that I need. I searched the web and found various mentions of this issue in forums but no definitive answer on really how to fix the 0x800705B4 error specifically.

In this post, I outline what I did to rectify the 0x800705B4 error. These steps worked for me but your mileage may vary :D. Fingers crossed it works for you too. I thought it might have something to do with the fact that I changed my Skydrive directory from the default to another drive letter, but that seemed to be unrelated.

Below is the 0x800705B4 error that I received.

I checked the Skydrive FAQ website and found that they have a troubleshooter available for download. I ran the troubleshooter, it took a few minutes.

The Skydrive Troubleshooter then prompted to run a maintenance task.

It then let me know that it had indeed found an issue and that it had fixed that issue.

I clicked on View Detailed information to see that it had restarted Skydrive and ran scheduled maintenance tasks.

I then tried to open my excel document and low and behold it worked. This is the first time a troubleshooter that I’ve downloaded from Microsoft has ever worked! Kudos to them!

Cloning Windows 8 from HDD to SSD

The only software that I could find that actually cloned Windows 8 from a HDD to SSD was Aomei Partition Assistant Standard Edition.

– I tried creating a System Restore Image from Windows 8

– I tried Symantec Ghost

– I also tried the software the came with my specific SSD drive, Intel Data Migration Software.

 

All to no avail. They would all fail to boot and point me in the direction of a System Repair disk, which would kick off an automatic repair, which would ultimately fail. I also tried manually recreating the BCD but that also failed.

 

This may have been because I was running fairly unconventional partition configuration. My actual Windows installation partition was not the first partition on the disk. This is because I formerly had a Windows 7 installation on the disk before I dual booted Windows 8 and then eventually blew the Windows 7 partition away.

 

I also had a Windows 8.1 VHD file inside the first partition which I used to native boot. This allowed me to trial the Windows 8.1 Preview but also take advantage of bare metal performance.

 

So I’m not sure whether it was my screwy partitions, or the fact that I had a weird boot configuration or maybe none of the above but nothing worked for me except the AOMEI software.

 

 

Pre-Requisites

 

– Aomei Partition Assistant Standard Edition (http://download.cnet.com/AOMEI-Partition-Assistant-Standard-Edition/3000-18512_4-75118871.html )

– USB to SATA adapter

– An SSD drive

 

How I migrated the HDD to the new SSD

 

Connect the SSD to your computer via the USB to SATA converter.


 

Check Disk Management to make sure that it has shown up.

 


 

 

Download and install the software on the system that you would like to clone.

 


 

Open up the software and select the Migrate OS to SSD or HDD.

 


 

Click Next.

 


 

Select your SSD drive.

 


 

This next screen will show you the size of the new Windows Partition after the migration has taken place, you can increase the size if you would like to have some more free space then what you currently have.

 


 

Click Finish.

 


 

Click Apply and then it will reboot.

 


 

Click Proceed and then the machine will reboot and start cloning the Hard Drive.

 

 


 

Click Yes.

 


 

The machine will reboot and then bring up a window like this.

 


 

Once it has finished the migration, the machine will reboot again. Now it’s time to get your screwdriver out and swap out the old hard drive and put in the new SSD drive.

SCCM 2012 SSRS Error – DataSource Reverts

I was mucking around in my test lab tonight and managed to break SSRS (again) on my SCCM 2012 installation again. I was getting the following error.

  • “An error occurred during client rendering.
    • An error has occurred during report processing. (rsProcessingAborted)
      • Cannot impersonate user for data source ‘AutoGen__5C6358F2_4BB6_4a1b_A16E_8D96795D8602_’. (rsErrorImpersonatingUser)
        • Log on failed. (rsLogonFailed)
          • For more information about this error navigate to the report server on the local server machine, or enable remote errors ”

 

I worked out that I could go into the Report via the Reporting Website, create a new Datasource, and then it would work fine again….until, SCCM reverts the permissions back every 10 minutes to what is stored and encrypted in the SSRS Database. I then thought uninstalling the Reporting Services point and re-installing SSRS would do the trick. But it didn’t change anything. As soon as the Reporting Services point was back up, I started getting the same issues.

To get it to work, here are the steps I used…

  • I recreated the account that the Reporting Services Point was using to connect to the Reporting Server. (Not sure if this needs to be done, or whether the next step fixed it completely….)
  • I then changed the following registry key HKLM\SOFTWARE\Microsoft\SMS\SRSRP\SRSInitializeState key
    on the Site Server to a value of 0. This re-imports the all of the Reports again.

Check the SRSRP.log file to see what is happening under the hood.

Looks like something is going to happen?

Sure enough, all the reports start to rebuild. This also seems to recrate the DataSet / DataSource for the connection which seems to get rid of that error!

Native-Boot a Windows 8.1 Preview VHD

The Windows 8.1 Preview has been released. Wouldn’t it be great to take it for a test run without having to dual-boot, run it in a Virtual Machine or fire it up on a spare workstation? Why not Native-Boot a Windows 8.1 Preview VHD file? It gives you all the benefits of a Virtual Machine but all the performance of a bare-metal dual boot installation. Win-Win!

 

Create a VHD File

Open up Computer Mangement, and navigate to Disk Management. Right click and Create VHD.

Specify the location of the VHD file, the size and whether you would like it to be a VHD or a VHDX. It’s recommended also that if you’re using this for anything but testing then you should use a Fixed Size disk as you will get a performance boost.

**NOTE**- The VHD file needs to be on a Basic disk. This won’t work with Dynamic Disks.

Once that has been created, go back into Computer Management. Right click Disk Management and select Attach VHD

It may already be attached. If so skip this step.

Intialize the disk and create a New Simple Volume. Take note of the Drive Letter.

Mount the Windows 8.1 ISO.

 

Install the OS on the VHD file

Open an elevated Command Prompt and navigate to the location of ImageX. At the command prompt, type the following

imagex /apply M:\sources\install.wim 1 K:

Where M: is the drive letter where you have mounted your Windows 8 ISO and K: is the drive letter of the VHD file.

 

Modify the BCD Store

First, backup your BCD Store.

  • Bcdedit /export C:\Bcdbackup.

Now, take a copy of an already existing boot entry, to generate a new GUID.

  • bcdedit /copy {default} /d “Windows 8.1 VHD”

Copy the GUID and enter that in the next commands.

  • Bcdedit /set {4176393d-e226-11e2-bee4-88532e7a2b77} device vhd=[D:]\vhds\windows8.1.vhdx
  • Bcdedit /set {4176393d-e226-11e2-bee4-88532e7a2b77} osdevice vhd=[D:]\vhds\windows8.1.vhdx

If you would like to make the Windows 8.1 VHD installation the default. Type the following.

  • Bcdedit /default {4176393d-e226-11e2-bee4-88532e7a2b77}

To check everything is as it should be, run a msconfig at the command prompt.

Now reboot!

Go you colourful, little fish! Enjoy your Start Button!

For more information on the BCDEdit command line options see the link below.

http://technet.microsoft.com/en-us/library/dd799299(v=ws.10).aspx

Install Windows To Go in a VHD on a USB Hard Drive

Ever wanted to boot Windows 8 from a VHD file on a USB Hard drive? Ever wanted to take Windows To Go for a test drive? Probably not, I’ll admit, it’s kinda obscure. However, with USB 3.0 becoming more prevalent in our new Laptops and Workstations, it makes this kind of thing a lot more viable in today’s environment. What can you do with such an installation? Well, for me, it means not lumping around my laptop everywhere. It also means, I can have a whole environment, ready to go, copied on to a USB hard drive. I can then copy that VHD file and have a backup sitting on a computer somewhere if I ever need it. Plus, it’s just fun to do.

WARNING: – This will break things if not done correctly. Don’t do this on your production machine. I’d highly recommend using a spare workstation or laptop to get this running. I’ve found you can actually just do this on a Hyper-V VM. Just offline the USB DRIVE and mount as an IDE drive in the Hyper-V VM.

Prerequisites

Software

Hardware

  • USB stick 4GB to boot from.
  • USB Stick or USB Hard drive (probably 20 gb at least).

 

Build a bootable USB stick

Install the Windows 7 USB DVD tool and open it. Then choose the Windows 8 Enterprise ISO for the source.

Select USB Device.

Select Begin Copying.

This will then go through and copy the files over.

 

Create a Windows 8 VHD File

Open up Computer Mangement, and navigate to Disk Management. Right click and Create VHD.

Specify the location of the VHD file, the size and whether you would like it to be a VHD or a VHDX. It’s recommended also that if you’re using this for anything but testing then you should use a Fixed Size disk as you will get a performance boost.

**NOTE**- The VHD file needs to be on a Basic disk. This won’t work with Dynamic Disks.

Once that has been created, go back into Computer Management. Right click Disk Management and select Attach VHD

It may already be attached. If so skip this step.

Intialize the disk and create a New Simple Volume. Take note of the Drive Letter.

Mount the Windows 8 ISO.

 

Install the OS on the VHD file

Open an elevated Command Prompt and navigate to the location of ImageX. At the command prompt, type the following

imagex /apply M:\sources\install.wim 1 K:

Where M: is the drive letter where you have mounted your Windows 8 ISO and K: is the drive letter of the VHD file.

 

Boot from the bootable USB Stick

When the OS boots up, hit SHIFT + F10 at the following screen.

 

Run Diskpart at the command prompt. Type the following italicized text at the command prompt.

X:\Sources>diskpart

Type the following commands

DISKPART> Lis vol

In my case E:\ is my USB Hard Drive.

DISKPART> Select vdisk file=E:\windows.vhdx (E: is the USB DRIVE)

DISKPART> Attach Vdisk

DISKPART> Lis vol

In my case F:\ is the mounted VHD file.

DISKPART> Exit

X:\Sources> Bcdboot F:\Windows /s E: /f ALL /v (E: is the USB DRIVE, F: is the mounted VHD file)

To find out what all those switches mean, have a look at this web page. http://technet.microsoft.com/en-us/library/dd744347(v=ws.10).aspx

X:\Sources> Bootsect /nt60 E: /force (E: is the USB Drive).

To find out what all the switches fot the Bootsect command are have a look at this web page. http://technet.microsoft.com/en-us/library/cc749177(v=ws.10).aspx

X:\Sources> Wpeutil reboot

Now reboot, take out the bootable usb stick that we used to boot up.

You can also use this to install other Operating Systems. 😀

 

I used the following links to make up this guide. Hope this helps and enjoy!

http://technet.microsoft.com/en-us/library/hh825709.aspx

http://www.rmprepusb.com/tutorials/win8vhdonusb

http://www.rmprepusb.com/tutorials/win8togo

http://blogs.technet.com/b/haroldwong/archive/2012/08/18/how-to-create-windows-8-vhd-for-boot-to-vhd-using-simple-easy-to-follow-steps.aspx

http://scn.sap.com/community/events/innojam/blog/2013/05/07/how-to-install-windows-8-into-a-virtual-harddrive

http://www.hanselman.com/blog/GuideToInstallingAndBootingWindows8DeveloperPreviewOffAVHDVirtualHardDisk.aspx

 

 

Assigning Users to ConfigMgr ReportUsers group in SCCM 2012

I have found that delegating permissions so that specific users are only allowed to view reports in SCCM 2012 can be a little tricky. I wanted to be able to add an Active Directory group to the ConfigMgr ReportUsers group in SCCM 2012. Then these users could simply view certain reports but not be able to build, create, edit or manage those reports and also not have access to the ConfigMgr Console. I think that’s a reasonable request. After all, one of the benefits of combining the reporting services point with SSRS in 2012 is being able to view the reports through the web console. Here is a little rundown of the pain that I’ve been through troubleshooting this issue.

I tried setting the permissions via the Web Console. I thought I could set the permissions and then those permissions would propagate down to the lower folders. This is the default behaviour after all.

Unfortunately, the permissions didn’t propagate. Not only did they not propagate, but I found that if I manually went through and set the permissions on the sub folders, within 10 minutes or so, those permissions would revert back to default. This mad me sad, and angry. But mostly sad.

So I thought I better do a little fishing, I decided to check the SRSRP.log file on the ConfigMgr server to see if could find out what was going on. I found this.

It turns out that SCCM is checking every 10 minutes or so, to see if the permissions are the same with what is in SCCM. If the permissions have changed in the Web Console, SCCM promptly changes them back.

So then, how do we assign user to the ConfigMgr Report user group?

In order to get it working here are the steps that I needed to follow. First, create the group that you would like to delegate the privileges to in Active Directory Users and Groups. Fill that group with the users you would like to delegate access to.

In the SCCM console, navigate to Administration > Security > Security Roles and COPY the Read-Only Analyst role.

You will now need to go through each individual permission and make sure run report is the only permission assigned. This will take a long time. The other option is to just associate the Read-Only Analyst role. This might give more permissions than you would like to give however. That’s up to you.

Now in the SCCM console, navigate to Administration > Security > Administrative Users. Right click Administrative Users and click Add User or Group.

 

Fill out the wizard. Leave the Collections and Security Scope as default.

Now go back to your web browser to check that the permissions have applied. It might take up to 10 minutes to resync. You can check the log file if you like. CMtrace.exe is a tail log viewer so it will update in real time.

You should see your group listed with the rights ConfigMgr Report Users. Now your users can view reports without breaking anything! Woohoo!

You can find more information on Reporting Services in SCCM 2012, here > http://technet.microsoft.com/en-us/library/gg682105.aspx

 

 

 

 

 

 

 

 

Export-DnsServerZone fails to export

With PowerShell v3 comes some new DNS cmdlets. One of them is the Export-DnsServerZone cmdlet. This replaces some of the functionality of the old “DnsCmd” command line utility.

Actually, if you run DnsCmd on Windows 2012, it actually tells you that if you currently use DnsCmd.exe to configure and manage the DNS server, Microsoft recommends that you transition to Windows PowerShell.

 

So, on to Export-DnsServerZone. I thought great, that’s excellent news, instead of having to worry about getting PowerShell to execute the old dnscmd.exe and worry about its arguments etc., I’ll use the built in cmdlet to do the job.

Here is an example of what the command looks like.

If you were to substitute the name for the DNS zone you would like to export, and the filename for something that better describes your zone, that example will output a text file in to the %windir%\system32\dns folder.

So then, you can have your backup software come along and back it all up for you and everyone is happy.

Except, if you would like to modify that –Filename parameter to have it point to an actual file location like “C:\export.txt”. It doesn’t seem to work and you will get an error saying “Export-DnsServerZone : Failed to export the zone content for <your domain> on server <your server> to the file

<your file location>”

When you look up the online help for the cmdlet, it does specify that you can put a file path in the parameter. As shown below.

It doesn’t seem to accept UNC path either.

But it does seem to accept, a relative path. (The following command should put the text document in the root of C:\.

 

Here is the link to the online help for the Export-DnsServerZone cmdlet.

http://technet.microsoft.com/en-us/library/jj649939(v=wps.620).aspx

 

 

Active Directory Health Check automation via Powershell

It’s important to run some Active Directory Health checks on your domain. To that end, I thought it would be great to generate a weekly report that contained a DCdiag, a Repadmin and Best Practice Analyzer report. This could be done via a Scheduled task. It could then run once a week and then email you with any issues. A great way to keep on top of the health of your environment and to make sure no little niggling errors are hiding just under the covers, waiting to destroy your environment.

The hardest part of the script was executing the cmd prompt command via the script. Passing in arguments is messy in Powershell at the best of times, but passing in arguments with spaces and having to escape the correct characters etc is very tedious. So, as a disclaimer, this script is a work in progress. It works, but by no means is it an example of Powershell Best Practice. (I’ll keep a tinkering on it, and if anyone has any suggestions please leave a comment.) Hopefully, though, someone other then me may find this useful.

There are also a few caveats to be aware of. This script, the way it is presented here, will only work on Powershell v3. I found this out because in an effort to get the BPA cmdlets working, I realized that the syntax for the commands are different in the different versions of Powershell. If you would like to get this to work on Powershell v2, you just need to change the -ModelID parameters to -ID. A quick “Get-Help Invoke-BPAModel” should sort that out pretty swiftly. Also, the file locations are hard coded at this point.

You can find some more information about DCDiag command here.
You can find some more information about the Repadmin command here.
Here is some information aswell about running the BPA via Powershell

Google Sync IOS Exchange – Not Working after January 30, 2013

Due to Google's decision to stop new users using Google Sync IOS Exchange Syncing after January 30, 2013, some of you may be looking for a way to sync your contacts with IOS. I got a new phone today, and in the course of setting it up, realized that my Mail and my Contacts weren't syncing correctly. After owning IOS devices since the Iphone 3G and Ipad 1, I've grown accustomed to the old way of using Google Sync IOS / Microsoft Exchange ActiveSync Protocol to sync up my Contacts, Gmail, and Calendar etc. Up until now however, I never heard of Google pulling this functionality. (I need to keep up with the tech blogs a bit more methinks!) It was only when I re-entered my application specific password for the 5th time, and quadruple checked my settings that I thought, hang on, perhaps some sort of shenanigans are a foot. That's when I stumbled across this link on the Google Support Website. Shenanigans INDEED!

Long story short, even though we might not be able to use Google Sync IOS Exchange syncing, the functionality is still there, it's just that you have to go about it a little differently. Let me show you.

Setting up Gmail, Calendar and Notes.

 

Open settings and then touch the Mail, Contacts, Calendars option.

Google Sync IOS Exchange Image 1

Now touch the Add Account option.

Google Sync IOS Exchange Not working Image 2

Select Gmail.

Google Sync IOS Exchange Not Working Image 3

Enter in the following details:

*** Please note *** – If you are using 2 step verification, you will need to generate an Application Specific password to use in the password field. You can generate an application specific password by going to your google account page, then selecting security, then selecting 2 Step Verification Settings, then selecting the Manage application-specific passwords hyper link.

Google Sync IOS Exchange Not working Image 4

Name

< Your Name >

Email

< your full email address e.g. [email protected] >

Password

< your password >

Description

< A relevant description.

 

Google Sync IOS Exchange Not Working Image 5

Wait for it to verify.

Google Sync IOS Exchange Not Working Image 6

Switch on/off what you would like to sync.

Google Sync IOS Exchange not Working Image 7

And then you are all done for syncing your Mail, Calendars and Notes.

Setting up Contacts

Go back in to Mail, Contacts and Calendars and setup another new account.

Google Sync IOS Exchange Not working Image 8

This time, we will select, Other.

Google Sync IOS Exchange Not Working Image 9

Select Add CardDAV Account.

Google Sync IOS Exchange Not Working Image 10

Enter the following details:

*** Please note *** – If you are using 2 step verification, you will need to generate an Application Specific password to use in the password field. You can generate an application specific password by going to your google account page, then selecting security, then selecting 2 Step Verification Settings, then selecting the Manage application-specific passwords hyper link.

 

Server

Google.com

User Name

< your full email address, e.g. [email protected] >

Password

< your password >

Description

< A relevant description >

 

Check to make sure the account details are verified.

Now you should see your Contacts appear in the Contacts section.

That's all there is to it. Hope this helps!