How To Make a Domain Controller Authoritative

What happens when you want to recover a large amount of accidentally deleted AD data but all the backups you have to recover from are full system / bare metal backups? No problem.

You might be worried that restoring a single DC will result in the restored DC getting the latest data from other DCs, and in doing so, replicating the deletion of the data you want to recover. Here’s how to get around that.

1) Use whatever backup you have of a DC from a point in time when the data in AD was good (or at least better than it is now that you are missing data).

2) Start the recovered machine without network access.

3) Log in, fire up a CMD prompt and type: ntdsutil

4) Type: active instance ntds

5) Type: authoritative restore

6) Type: restore subtree <container DN>

For example, I typed: restore subtree “dc=domain,dc=com”

7) Re-enable network access.

8) Watch as all AD data for the whole tree is pushed to other domain controllers.

Special thanks to my man Jeff Barnett for figuring this out!

Error Message Instead of List Content After Upgrading SharePoint 2010 to Service Pack 1

After upgrading a SharePoint 2010 installation to Service Pack 1, my public-facing site, to which Anonymous users should have full access to the Entire Web Site, started showing the following message anywhere it should have been showing content pulled from lists:

Access denied. You do not have permission to perform this action or access this resource.

We literally fixed this by logging in, going to Site Permissions and editing Anonymous Access:

Don’t change anything. Click OK.

Voila, everything worked again.

In our case, we had custom permissions applied on several other lists and pages. To fix these, we simply went to the affected page(s) and clicked “Edit Page.” This simple action fixed our issues and the site displayed correctly thereafter.

Configuring a Dell PowerConnect 28xx Switch

I recently came into possession of a pair of PowerConnect 2824 switches. These are 24 port gigabit switches that support either managed or unmanaged use, jumbo frames, up to 64 VLANs and up to 4 Link Aggregation Groups. In spite of all their excellent functionality, they’re quite cheap, too, costing under $300 last I looked.
The pair I was given were both configured for unmanaged use. This means that they act as layer 2 only switches. Port multipliers, if you will. I wanted to specify some VLANs and use the jumbo frames feature for my iSCSI configuration. To that end, I needed to configure these switches to be managed.
However, the manual is down right lacking in information about how to do this. I called Dell tech support and got the instructions on how to change these switches to managed mode and I’m putting the instructions here so that you don’t have to call support:
1) Connect a machine to the switch.
2) Configure the connected NIC on said machine to use an IP address in the 192.168.2.0/24 subnet. E.g., 192.168.2.105.
3) Press the “managed” button on the front of the switch for 10 seconds. This is a pinhole button so ensure you have a paperclip or the like ready for this step.
4) Upon releasing the button, the “Managed” light should turn on.
5) Fire up a web browser and navigate to http://192.168.2.1. This should connect you to the switch’s management interface.
6) Enter the username as “admin”. Leave the password blank.
7) On the next screen, don’t change anything; just click “OK” or “Apply” or whatever it is.
8) The switch will reboot and it will now be ready to configure as a managed switch!
I tested this on a PowerConnect 2824. However, as Dell’s documentation for this switch covers everything in the 28xx series, I imagine these instructions should work for any switch in the series.

How to Find Your Own IP

We all know how to use the command line to find our IP addresses, right? “ipconfig”- it’s that easy! Well, especially with newer versions of Windows or for anyone who installs networking or virtualization software, ipconfig’s output can get… verbose.

There is a command that involves a little more typing but whose output is much cleaner:

netsh interface ipv4 show addresses

This can be shortened to “netsh int ipv4 sho ad” as netsh will figure out what you mean as long as you type enough text for it to eliminate any other possibilities.

For me, the output of this command is:

C:\Users\Nathan>netsh int ipv4 sho ad

Configuration for interface "Wifi MS Miniport"
    DHCP enabled:                         Yes
    InterfaceMetric:                      25

Configuration for interface "Local Area Connection"
    DHCP enabled:                         Yes
    InterfaceMetric:                      10

Configuration for interface "Wireless Network Connection"
    DHCP enabled:                         Yes
    IP Address:                           169.254.17.139
    Subnet Prefix:                        169.254.0.0/16 (mask 255.255.0.0)
    InterfaceMetric:                      25

Configuration for interface "Bluetooth Network Connection"
    DHCP enabled:                         Yes
    InterfaceMetric:                      40

Configuration for interface "VirtualBox Host-Only Network"
    DHCP enabled:                         No
    IP Address:                           169.254.121.157
    Subnet Prefix:                        169.254.0.0/16 (mask 255.255.0.0)
    InterfaceMetric:                      20

Configuration for interface "Loopback Pseudo-Interface 1"
    DHCP enabled:                         No
    IP Address:                           127.0.0.1
    Subnet Prefix:                        127.0.0.0/8 (mask 255.0.0.0)
    InterfaceMetric:                      50

Stuck On the Domain!

Today, I had a problem where one of my Server Core machines would not leave the domain. I was having other issues and needed to get the machine off of the domain, but throughout my troubleshooting, I got a number of different errors. The machine just wouldn’t leave the domain!

Or at least not until I found the netdom.exe utility. This tool can be used to perform a number of different domain administration tasks but for my purposes, I was interested in the following:

netdom remove <hostname> /domain:<domainname> /force

I ran this command on the offending server itself. The “/force” switch made all the difference in the world and after a short wait, my server was domain-free.

Scary Error Messages

When my Hyper-V cluster had a host go down and I went to log into its Virtual Console (which I happened to have on my screen already), I got a scary error message:

 

 

It isn’t TRUE, but it sure is scary. It hasn’t been deleted, it’s been moved!

F5 Big-IP: URI Caching Not Working

I’m in the midst of configuring an F5 Big-IP 1600 for load balancing, single sign on and some performance improvements. I was having a problem where a SharePoint site wasn’t running any faster in spite of the fact that I was doing URI caching AND WebAccelerator.

 

After disabling WebAccelerator, URI caching started to work. I still don’t understand why this is.

SharePoint 2010: How to Give Yourself Access

Today, I was asked to change some user permissions on a site. I was a domain admin but had no other privileges that would help me along the way. Importantly, this meant I didn’t have the permissions needed to change some user permissions on the site.

How did I get said permissions?

I changed the password on the account of someone who DID have permissions and used that account. Lame, I know. I didn’t really do much troubleshooting, either, but this was a quick solution.

UPDATE: This looks a bit more proper. I haven’t read through it, but it seems relevant.

http://blog.falchionconsulting.com/index.php/2007/09/add-site-administrator/

UPDATE 2: With much thanks to the above link:

IF:

- You have access to a SharePoint Farm’s Central Administration console

AND:

- You do NOT have permissions on a given site but NEED such permissions

The SOLUTION is:

- Application Management, Site Collections, Manage Site Collection Administrators

- Add yourself as either the primary or secondary site administrator

There is no way to simply grant yourself fine-grained permissions- you’ve got to make yourself one of “The” administrators of the site, and you can only have two such administrators.

VMware ESX 4.1 Datastores Have a Minimum Size!

The minimum size of a datastore in ESX 4.1 is 1.2 GB.