Migrate Windows Deployment Services to New Server

We have been making a great effort to move all of our internal services to Windows Server 2016. This past week, it was WDS' turn to get migrated. Migrating this role is extremely simple. Here are the steps that I took:

1. Create new server and install WDS role.


2. Stop WDS Service on old server


3. Stop WDS Service on new server


4. Use my "Copy-Files" PowerShell script (Available Here: Copy-Files.ps1) to copy RemoteInstall Share to new server


5. Start WDS Service on new Server


6. Shutdown old WDS Server completely


7. Update option 66/67 in DHCP scopes to reflect new WDS Server


8. Update any appropriate DNS records

Note:

If you are unable to start the WDS service, delete the WDS database and logs from the old server located at <drive letter>:\RemoteInstall\Stores\Metadata\*.*. You should be able to start the service after deleting these files.

Simple enough! :)

New Script: BulkAdd-SpamFilterWhitelist.ps1

This script is capable of adding a list of domains to an Exchange Online Spam Filter policy. It can be downloaded from TechNet or Github.

Github

TechNet

Unable to Power on Virtual Machine - A General System Error Occurred: Connection Refused

Hi there,

Earlier today I cloned a VM in one of our vCenter appliances. The cloning process completed without a hitch (as it usually does). However, I was not able to power on the VM. I looked at the "Tasks" view in vCenter and found this:



This is a fairly generic error message. However, the "Connection Refused" part prompted me to take a look at the vCenter services. You can view these services by browsing to Home > Administration > System Configuration > Services in the vSphere Web Client for vCenter. On the Summary tab, there is a handy "Services Health" section that will give you a high level overview of the overall health of the services. You can see here that three of the services are in a critical state on my vCenter appliance.



You can hover your mouse pointer over the critical services link and view the critical services. You can also click on each service to get a better view of the status. The Postgres database service on my appliance was one of the services in critical state. I clicked on it and viewed the screen below. You can see here that the problem is obvious, the filesystem holding the Postgres database service is completely out of space. I was able to identify that the log directory was the culprit.



Its simple enough to SSH into the appliance and delete the logs. However, this will not prevent the problem from happening again. After doing some Googling (I love that the Merriam-Webster dictionary identifies this as a real word in the English language!), I found these KB articles:

Follow this one to decrease the maximum backup size and maximum backup index size of the SSO logs in the log4j.properties configuration file:

/storage/log directory is full in vCenter Server Appliance 6.0 (2143565)

To offload your logs to a syslog server, follow this article:

Redirect vCenter Server Appliance Log Files to Another Machine

This will prevent the log directory from consuming the entire partition again. After following these steps I rebooted the vCSA for good measure and was able to power on the virtual machine after doing so.

Hopefully this will help someone who is having the same (or similar) problem!

Windows 8 File History

File History

File history in Windows 8 allows users to automatically “backup” files that are in their libraries, contacts, favorites, Skydrive, and on the desktop. If the files are lost, they can be quickly restored. You can also restore a file from a specific point in time, being that File History creates a complete history of your files over time. You will need a separate drive other than the one you have Windows 8 installed on to use File History. To begin using it, connect an external drive and search for File History on the Start Screen:



After opening File History, you will see this screen:



To enable File History, click the ‘Turn On’ button. You can select the drive you want to use by clicking ‘Select Drive’ on the left hand side from this same screen. The first time you enable File History, it will create a full backup of all files on your computer, except for files that you do not access (system files), and files you have chosen to exclude. From then on, it will create a versioned copy of every file that has changed since the last backup.

You can use a locally attached drive or a network share for File History. To choose how often File History backs up files; choose ‘Advanced Settings’. From here you can also choose how much space on the drive is used, and how long saved versions of files should be kept.

When the total space allocated to File History has been used, the feature will delete the oldest versions of files to make room for newer versions.

User Account Control

User Account Control

Many people rarely pay close attention to those pesky User Account Control prompts that pop up when attempting to run a program as an administrator. When a user logs into her account, she is assigned a security token based on the level of access that she has (basic user or admin). This token is what defines what programs are allowed to do. Using this concept, the users session is incapable of making changes that would affect the entire system.

For a standard user, a token with the most basic privileges is assigned. Administrators have two tokens assigned, the first token contains all privileges usually awarded to an administrator (unrestricted), and the second is similar to that awarded to a basic user. This way, all programs that the administrator runs, including the Windows Shell, are run in basic user mode (this is why administrators still receive UAC prompts, but do not get asked for credentials). When an application requests higher privileges, the higher integrity token is used.

User Account Control prompts each have their own meaning based on the color (blue, grey, yellow, or red. The blue prompt (Figure 1) means that a built in Windows component that is signed by Microsoft is requesting administrative privileges to continue. This prompt has a multicolored shield in the upper left corner. The grey prompt (Figure 2) means a software application that is signed by a third party developer is requesting admin privileges. This prompt has a yellow shield with a black exclamation mark in the upper left corner. The yellow prompt (Figure 3) signifies that a unsigned executable is requesting administrator privileges.  This prompt also had a yellow shield with black exclamation mark in the upper left corner, and looks somewhat generic. Finally, the red prompt (Figure 4) means a program that was specifically blocked by an administrator has attempted to run.

Figure 1

Figure 2

Figure 3

Figure 4

How to Permanently Remove Office 365 Users

After deleting a user in Office 365, their account is moved to a 'recycle bin' for 30 days. This allows the user account to be easily recovered. This can often cause issues when attempting to recreate a mailbox while a hybrid configuration is in place.

To permanently delete the user within Office 365, first delete the user in the Office 365 Admin Portal or using Powershell. Then, connect to your Azure Active Directory environment with Powershell using the "Connect-MsolService" cmdlet.

To see a list of user accounts currently in the recycle bin, run this cmdlet:

Then, to permanently delete all accounts in the recycle bin, run this cmdlet:

To remove a specific user, run this cmdlet:

"Access is denied" When Attempting to Delete a Dynamic Distribution Group

You may receive the error below when attempting to delete a dynamic distribution group.

To resolve this, open ADUC and show advanced features (Click View > Advanced Features). Then find the object for the dynamic distribution group and open the properties window. Browse to the "Object" tab and uncheck the "Protect object from accidental deletion" box. Wait for ADDS to replicate or force replication yourself. 

Go back to the ECP and you should be able to delete the group.