Extremely useful article when you need to boot domain controller into Directory Services Restore Mode Remotely:
http://technet.microsoft.com/en-us/library/cc779687(WS.10).aspx
Monday, October 4, 2010
Assign permissions to the tree of OUs when inheritance turned off (through Powershell)
Recently I needed to add permission to move computer objects to OUs for the group of users. I added the permissions to the “root” OU and tested it: everything worked great.
After I reported that task is done, I heard from the users in that group that they still get ‘Access is denied’ trying to move computer objects. I discovered that in AD permissions inheritance was disabled for most of the sub-OUs. So, there are more than 1,000 OUs to add permissions to.
Following script took care of the task for me:
#Require Quest "Active Roles Management Shell for Active Directory".
#Put following to the text document saved as *.ps1:
add-PSSnapin quest.activeroles.admanagement
$OU = “root OU DN”
get-qadobject -searchRoot $OU -searchScope 'SubTree'-Type organizationalUnit -SizeLimit 0 |
Add-QADPermission -Account “domainname\user group to add permissions” -Rights CreateChild -ApplyTo All -ChildType
Computer
After I reported that task is done, I heard from the users in that group that they still get ‘Access is denied’ trying to move computer objects. I discovered that in AD permissions inheritance was disabled for most of the sub-OUs. So, there are more than 1,000 OUs to add permissions to.
Following script took care of the task for me:
#Require Quest "Active Roles Management Shell for Active Directory".
#Put following to the text document saved as *.ps1:
add-PSSnapin quest.activeroles.admanagement
$OU = “root OU DN”
get-qadobject -searchRoot $OU -searchScope 'SubTree'-Type organizationalUnit -SizeLimit 0 |
Add-QADPermission -Account “domainname\user group to add permissions” -Rights CreateChild -ApplyTo All -ChildType
Computer
Wednesday, August 11, 2010
Email Router for CRM4 and multi-server environment
We discovered interesting issue with email router when there are few (more than one) CRM4 Servers connected to the same database.
All CRM components in multi-server environment work independently: all requests are being fulfilled by the particular server to which server user connects.
Except e-mails (and mail merge).
Email Router happens to work only on the first CRM server in the environment.
Let me explain a little further:
Let's say you have 3 CRM servers: server1, server2, server3 connecting to the same database. They are combined to the server farm by the load balancer. "Virtual" name of the farm is crm.yourcompany.com. Users access CRM using "virtual" name: http://crm.yourcompany.com.
User requests are answered by one of 3 servers (server1 or server2 or server3) – directed by load balancer.
Let's say, user connects to server3, opens Contact and selects 'Send E-mail'. User fills email fields and click 'Send'. You would expect that email router on server3 processes that email. You would be wrong – email gets processed by email router on server1.
(I wonder what will happen if server1 goes down – would it mean that there will be no email processing by email router? – to me it looks like a single point of failure – hello, Microsoft…)
Monday, August 9, 2010
Email issues in CRM4 (various) – tips of fixing.
Symptoms:
Can't start Microsoft CRM Email Router Service
Emails are not sent stuck in 'Pending Send' – both regular and Mail Merge.
Cause:
Following file got corrupted:
Microsoft.Crm.Tools.EmailAgent.SystemState.xml
Fix:
2 options:
Either replace that file with the file from "working" CRM server (if you deployed multiple CRM Servers connected to the same database),
Or delete that file – restart should re-create the file
After the fix: re-start the 'Microsoft CRM Email Router Service'
Tuesday, June 29, 2010
Web site of the sister-company went live!
www.tacklesoftware.com went live. Home of the brand new Recycle Bin for Microsoft Dynamics CRM4. Product adds easy recovery to CRM4. Other CRM Tools to come. Good luck to the new web site!
Monday, June 21, 2010
File system Anti-virus exceptions for Exchange 2007
Great article that list how to find out the definite list of files and folders to be excluded from file system anti-virus scanning
Tuesday, June 15, 2010
Symantec Enterprise Vault (aka KVS) and showInAddressBook attribute
showInAddressBook attribute of system or journaling account might get messed up (ie. the value is set to <Not Set>), which would result Journaling Task to fail on starting up with the following error message (among other bad things caused by showInAddressBook not set):
Event Type: Error
Event Source: Enterprise Vault
Event Category: Journal Task
Event ID: 3305
Date: 6/14/2010
Time: 12:36:06 PM
User: N/A
Computer: KVSServer
Description:
The Task 'Exchange Journaling Task for ExchServer' failed to log on to Exchange server 'ExchServer' using mailbox 'SMTP:journalmailbox@mydomain.com'. Please ensure the mailbox has not been hidden, that the server is running and that the Vault account has sufficient permissions on the server.
For more information, see Help and Support Center at http://evevent.symantec.com/rosetta/showevent.asp
To fix – simply set showInAddressBook attribute properly.
Powershell Tips
Tip #1: when you have Exchange Powershell installed on the workstation, you might need to load Exchange shell every time you want to run Exchange based command anyways:
add-pssnapin Microsoft.Exchange.Management.PowerShell.Admin
Tip #2: To get mailbox stats run: get-mailboxstatistics –server mailbox1w | Where-Object {$_.displayname –eq "John Smith"}
Thursday, February 11, 2010
Great command to see ‘Services’ in details and ‘StartUps’
Msconfig:
(I knew similar tool was available from Sysinternals, but did not know it's now incorporated into Windows (including XP)
Subscribe to:
Posts (Atom)