Current Company Migration (Your Feedback)

Ok so I wanted to blog about the current migration, I am going through with my company so that maybe some of you could chime in a give me some ideas, tips, are tricks.

So we have 2 companies that merged together to form Company C. So after the merger I decided to build a new domain (DomainC.local), and migrate DomainA.local & DomainB.local to DomainC.local. 2 different domains and 2 different forest. DomainC.local is in a new forest and new domain. For various security issues in DomainA.local and internal politics with company a & company b, I created the new forest and the new domain with DomainC.local in it.

DomainA.local had a server infrastructure of server 2000 and Exchange 2000, pretty much a complete server 2000/NT infrastructure.

  • Back in December I did a upgrade on the 2000 servers to 2003 to leverage PowerShell for the migration.
  • Biggest of the 2 domains. Approximately 300+ people.
  • Domain Infrastructure 10+ years old.
  • No MS Licensing Agreement
  • Windows XP Professional Desktops
  • BartPE for imaging workstations (when used)
  • VMware 2.0 was upgraded to 4.1 in January, and moved from ESX to ESXi Architecture.
  • Using ScriptLogic Desktop Authority instead of GPO for desktop administration, restriction, and software deployment.

DomainB.local had a MUCH smaller infrastructure but all Server 2008 and Exchange 2007.

  • Exchange 2007 CAS Server and Mailbox Server
  • Several other 2008 Servers and a few 2003 Servers
  • MDT 2007/2010 Workstation imaging
  • Windows Vista & Windows 7 Workstations
  • Group Policy

***************New Domain***************

DomainC.local I built with Server 2008 R2 servers and Exchange 2010 for email

  • The Domains functional level is Windows Server 2008
  • The Forest functional level is Windows Server 2003
  • I have a trust between the 2 domains to assist with authentication migrating users.
  • VMwawre 4.1 host
  • SCCM 2012 (Installed Late April 2012)
  • Lync 2010 w/Edge Server
  • SharePoint 2010 Farm
  • MDT 2012
  • Exchange CAS server & Exchange Mailbox Server
  • Upgraded to SP1
  • Many more Win 2008 R2

Ok so mow, I have been migrating users from the DomainA.local to DomainC.local and so far so good… we run into a few hiccups with an app not being installed are configured but for the most part so far so good. I have not integrated SCCM 2012 into the migration. Still brainstorming on ideas on how to integrate sccm2012 into the migration. (I just added our AV client into the applications and deployed it to the workstations collection group). If anyone has ideas on how to maybe integrate more with CM2012 and use CM2012 to enhance the migration I’m all ears. (Thinking about moving my MDT deployment solution to CM2012, Not sure yet.)

I’ve planned on deploying the software to device collections since each department has specific software, for example cardiology has different peripherals than orthopedics & and so-forth. Again any ideas; kick’em out there.

So far my process seems to be good…

  • Go through Exchange2010 PowerShell to prepare the mailbox:
    • .\Prepare-MoveRequest.Ps1 -Identity “sljones” -RemoteForestDomainController “ISADS02.lcmsc.com” -RemoteForestCredential $Remote -LocalForestDomainController “ICMGDC01.icmg.local” -LocalForestCredential $Local -TargetMailUserOU “OU=The Clinic,OU=Users,OU=ICMG,DC=icmg,DC=local” –UseLocalObject
  • Go through Exchange2010 PowerShell to move the user:
    • New-MoveRequest -Identity “sljones” -RemoteLegacy -TargetDatabase “Mailbox Database 0632030541” -RemoteGlobalCatalog “ISADS02.lcmsc.com” -RemoteCredential $Remote -TargetDeliveryDomain “icmg.local” –BadItemLimit 5
  • The two scripts above also create the user in Active Directory, so after the 2 cmdlets above are ran I use ADMT on the DC to move the users SID information from DomainA.local to DomainC.local

After the above is complete the rest is a manual process of finding the users folder on DomainA.local and copying and dragging it to the file server on DomainC.local, and any PST files the user may have are manually imported into Exchange 2010. (Hopefully someone can help me out with automating this process)

So, how for the biggest challenge. “THE END USERS” so we have a simple document we deliver to the end users before there upgraded from Windows XP to Windows 7 & from Office XP/2000 to Office 2010. Any computers not having 3GB of ram get Windows ThinPC Operating System and RemoteApps get deployed via Group Policy. The GPO is targeting only Windows ThinPC Operating Systems with a WMI filter.

I’ve been doing 1 department at a time which as you can imagine is slow as heck. I’ve started trying to find ways to open up the deployment to consume more workstations and end users but, I seem to be stuck at the end users point, with being able to support the end users after the migration is done and also from the manual processes after the user is migrated using the scripts above.

This is why I decided to blog about it. Maybe someone out there can give me more insight into maybe being able to streamline this more are just confirm that this is as good as it gets.

I know there are tools out there (quest migration toolkit), I’ve looked into the quest tool, but at front it seems expensive and then on top of the tool being expensive it requires consulting hours)

I’ve been doing this 13 years now and I swear everyplace is different and has a certain twist. for this place I swear it seems more of the end users resistance against change.

Any tips are ticks anyone can offer feel free to kick them out there. At this point I feel the process is as good as its going to get. (I’m hoping I’m wrong.)

Thanks

Twitter – @dguillory@icmglc.com

Email – dguillory@icmglc.com

Posted in Uncategorized | Leave a comment

Updating Group Policy Central Store

In this blog we will go through the  process of updating the group policy central store to the latest version of the .admx/.adml files. I see organizations all the time that don’t have the latest updated GPO files. I updated my orgs GPO store and decided to document it for others that may have outdated files also. So if you follow the steps below you should be updated with “0” issues after…

 

1. Navigate to: http://www.microsoft.com/download/en/details.aspx?id=6243

image

2. Click download and download the MSI file to your PC

3. Install the MSI package

4. navigate to the extracted path

  • %Programfiles% (86)\Microsoft Group Policy\win72008r2

5. Copy folder PolicyDefinitions

6. Make a Backup of PolicyDefinitions

  • Right Click PolicyDefinitions
  • Send to
  • Compressed (zipped) folder

7. Paste Folder to location:

Additional Concerns

If you have customized ADMX files in the policy definitions folder you will need to save get these out of the backup you created… (don’t forget the .adml file that goes with you .admx file)

If your totally, 100% confortable with GPO and what your doing then it can be done anytime. Remember by default GPO refreshes every 90min.

Now for me on the other hand, I do this after hours and user specops software to push a GPUPDATE /force to all the workstations in the domain and restart the workstations about 20 min later.

Video – Group Policy Central Store Updating

Danny Guillory Jr
twitter – @dguilloryjr
email – dguilloryjr@msn.com

Posted in Uncategorized | Leave a comment

Group Policy & WMI Filtering

WMI Filtering (Targeting Specific Operating Systems)

So I have been using Group Policy for several years now and I figured I would start Blogging about things I think would be helpful to others.

I am currently migrating a group from Server 2000 infrastructure to a brand new 2008 R2 domain. yes that a mouth full but in the article I am going to focus on the Migration from Script Logic to Group Policy & GPMC.

Obviously there’s the resistance you have to deal with & and educating the staff on troubleshooting and implementation and standardization. Once all that’s done its GPO as usual.

So as a part of the migration SL (ScriptLogic) was targeting specific computers i.e. name, make, model etc.

So You can do the same with Group Policy and WMI. Using WMI can make your Group Policies much more flexible and powerful.

Objective:

  • Change the background of Windows ThinPC to Warcraft Image
  • Change the background of Windows 7 PC to Disney Cars

In case you want to follow the Demo you will need the following:

  • 2008 DC
  • Windows ThinPC
  • Windows 7 PC

So 1st lets get the 2 images we are going to use

disney_cars-207676        illidan-large

Yeap disney “Cars” and “World of Warcraft” Yes I am fans of both Smile

So now that we have what were going to work with lets get going.

Ok so lets go to: http://www.microsoft.com/download/en/details.aspx?id=12028 and download Scriptomatic

copy scriptomatic to both the Windows 7 PC and the Windows ThinPc

once you open scriptomatic it looks like the screenshot below:

image

So you can leave Namespace exactly as it is… (truth be told you, you should not have to change this at all)

WMI Class on the other hand, theirs a ton of stuff in there and well, just about everything about any workstation can be found from here. So lets just select Win32_OperatingSystem Just like the screenshot below.

image

Notice that I have “Plan Text” set so I can see the results of the wmi query in notepad

After running the query the screenshot blow shows you the output:

image

this is all we need at the moment to move forward setting up group policy to filter on WMI

so now time to work in group policy…

We go out to our Domain Controller and Open Group Policy Management Console and select WMI Filters:

image

The right hand side content area should be blank…

Right click in the area and and select new… from the popup window

You will get the screen below…

image

From there click add and you will get the following screen…

Leave the namespace at the root\CIMv2

image

If you r familiar with SQL then this should be really straight forward for ya…

– Your basically running WMI query but the format is just like a SQL query

“Select * from Win32_OperatingSystem where Caption = “Microsoft Windows 7 Enterprise ” OR Caption = “Microsoft Windows 7 Professional “”

Click Ok

image

Click Save

image

You screen should look like this:

image

Now we go through the same steps but add the query below for ThinPC

Select * from Win32_OperatingSystem where Caption = “Microsoft Windows Embedded Standard “

image

So now that we have 2 GPO’s built one to target Windows 7 Pro & Ent and another to target Windows ThinPC

So now lets go create our Group Policies to Set Wallpapers

So 1st lets get the file to the workstation

So well use GPP on each GPO to push the file to the workstation. (Computer Setting)

(as a personal decision I copy the file to the workstation, its perfectly ok for you to skip this step and use a network share)

So the path below is the path were the files are stored

The Path to the warcraft image is:

  • \\WIN-69V0P6DA8TE\temp\wow.jpg

The path to the cars wallpaper is:

  • \\WIN-69V0P6DA8TE\temp\cars.jpg

So using GPP and the settings below we will send the background image we want from the share location to the destinations below:

  • c:\temp\wow.jpg
  • c:\temp\cars.jpg

If you look at the image below you will see the settings I am using for File GPP to push the file to the workstations.

image

Once you add the settings above and hit ok, your screen will look like the one below:

image

Then you should click on the GPO and at the very bottom you will see the WMI Filtering Section.

Click on the dropdown and Select the WMI filter we created earlier, in this case the “Windows 7 Professional & Enterprise”

image

You’ll get a popup that looks like the one below, just hit ok…

image

Your done. Repeat the same steps as above for the second GPO for ThinPC

Now GPO time again…

Open a group policy and go to:

  • User Configuration\Administrative Templates\Desktop\Desktop\

image

Set the value as in the screenshot above.

Click ok…

Now the test go to a workstation that the GPO was applied to.

Open a CMD prompt, on the workstation and run GPUPDATE.

After this has ran you should be able to see the file in the “C:\Temp\”

Now if you setup your GPO correctly and applied it correctly to the container and you user. You should be able to see the Warcraft image displayed as the desktop background.

Repeat the same steps above for the Windows ThinPC image.

Twitter – @dguilloryjr

Email – dguilloryjr@msn.com

Posted in Uncategorized | Leave a comment

Create a Group Policy Central Store

Creating a Group Policy Central Store is critical for large organizations that want to leverage the features and functionality of Group Policy at a enterprise level.

The central store provides a central location for all group policy (ADM/ADMX) files to be stored and retrieved. This insures that all computers retrieve the same setting from the same place.

So to start this we:

1. Identify the most current server/workstation on the network. Just as a secondary precaution, run Windows Update and make sure you have applied all updated and security patches.

2. Navigate to: C:\Windows\PolicyDefinitions

3. Select all

4. Copy all selected Items

5. Navigate to: \\{FQDD}\SYSVOL\{FQDN}\Policies\PolicyDefinitions

6. Paste these Contents of your prior copy into this location (yes its ok to overwrite the files currently there if any)

 

Congratulations you now have a Central Store for all your group policy objects

To Verify:

1. Open any group policy object.

2. Click Edit on any GPO

3. Open (Computer Configuration > Policies >)

4. Mouse Over Administrative Templates and you should see something like the screenshot below at the End of Administrative Templates

 

3-4-2012 11-23-41 AM

Posted in Central Store, Creating A Central Store, GPO, Group Policy, Group Policy Objects, Server 2008 R2, Servers 2008 | Tagged , , , , | Leave a comment

Update Windows Server 2000 to 2003 w/ Exchange 2000

In this article we will update a Primary Domain Controller with windows 2000 and a Exchange 2000 Server to Windows 2003 and Exchange 2003

Setup:

  • VMware Workstation with:
  • 1 Windows 2000 Server (Primary Domain Controller)
    • SP 4 Is installed
  • 1 Windows 2000 Server (Exchange 2000 Server)
    • SP 3 is Installed
  • 1 Windows XP Pro Workstation (Outlook 2003 Installed)

Primary Domain Controller

image

Exchange Server

image

So 1st I will update exchange 2000 to 2003. I will do this because exchange 2003 does not run on a Windows 2003 Server. yes I do plan on updating the OS on the Exchange 2000 Server also to Windows 2003 Standard.

Ok so I logged into the exchange server.

1st I need to update the active directory connector.

AD Connector Update:

  • navigate to d:\ADC\I386\
  • Run Setup.exe

You should be at the screen below:

image

You DO NOT have to uninstall the old one. this will just update the ADC that is already installed.

once you click next you should be at this screen:

image

Just click reinstall.

image

image

As you can see it will go through a complete 10 set process, once its finished you should get a screen like the one below:

image

Go ahead can click finished, and your Active Directory Connector is updated.

so now back at the screen below:

image

Click “Exchange Deployment Tools”

Then you should be at thic screen:

image

Click “Deploy the first Exchange 2003 Server”

Then you should be at the screen below:

image

Click “Upgrade from Exchange 2000 Native Mode”

Then you should be at the screen below:

image

Make sure you have done steps 1-6 BEFORE doing 7, 8, and 9.

So step 7 as you see is the “ForestPrep” for Exchange 2003. So we will run that now. The forestprep may take some time. at least for me it did.

When you click forestprep you will be prompted by the screenshots you see below:

Intro

image

EULA

image

Component Selection

image

Server Administrator Account

image

Forest Preparation Progress

image

ForestPrep Complete

image

Now for the DomainPrep

This process was MUCH faster as you will see. Below you will see the process through the screenshots:

Intro

image

EULA

image

Component Selection

image

If you see the below just click ok. It’s a security warning.

image

DomainPrep Progress

image

DomainPrep Complete

image

Now your ready to Upgrade Exchange Server to 2003

The 9th step is to Run Setup now. You can follow by looking at the screenshots below.

Intro

image

EULA

image

Component Selection

image

Install Summary

image

Component Progress

image

image

image

image

Successful Finished… You now have a Exchange 2003 Server No restart needed but I always restart for good measure.

image

BUT WERE Only 1/3rd finished

Now to Update Active Directory:

On to The Primary DC:

1st off get the CD in the drive. No you can’t put the CD in the drive and update to 2003 just yet.

Get the CD in and lets run a ForestPrep by using the cmd below:

  • d:\i386\adprep /forestprep

when you see this message just hit the letter “c” and enter

image

Once that is finished, you will have a screen that looks like the one below: the key thing here we looking for is “The Command Has Completed Successfully”

image

So next is the DomainPrep

You will need to run this command from the cmd prompt:

  • d:\i386\adprep /domainprep

As you can see the output is much much smaller than the forest prep:

image

As you can see I copied the message about GPO’s so yes I did run this and you can see the output below… and yes I would recommend you run this.

image

Now your ready to install upgrade your Primary Domain Controller to Windows Server 2003

So we have the cd in the drive already. let the autorun start the splash screen:

image

Click “Install Windows Server 2003, Standard Edition”

Leave the dropdown on “Upgrade (Recommended)”

image

EULA

image

Product Key

SNAGHTML953b5d

Updates

image

Compatibility Report

image

As for the screenshot:

  • IIS will be disabled then re-enabled once the update is complete
  • Your upgrading for 2000 to yoru 2000 tools won’t work on 2003
  • Fax Services (there is a new Fax Services in 2003)
  • Exchange 2000 management tools was installed on my lab DC

I am good with these issues so I will click next and go forward with my install of Windows 2003.

And WHAMMMMMMMMMM! you have a 2003 PDC.

image

So now that we are 2/3rds of the way finished…. the last step is to Upgrade Windows 2003 on the Exchange 2000 Server

So we have the cd in the drive already. let the autorun start the splash screen:

image

Click “Install Windows Server 2003, Standard Edition”

Leave the dropdown on “Upgrade (Recommended)”

image

EULA

image

Product Key

SNAGHTML953b5d

Updates

image

Yeap just like before.

Also don’t for get to Update exchange to the latest service pack.

Posted in Domain Controller Update, DomainPrep, exchange, exchange 2000, exchange migration, ForestPrep, Server 2000, Server 2000 to 2003, Uncategorized | Leave a comment

Enabling / Disabling Admin Users for Lync 2010

Enabling A Administrative User for Lync Server 2010

About the easiest thing in Lync 2010 is Enabling users to actually use Lync Client, except for adding domain admins.

If you install Lync Server 2010 and go through the steps of enabling users:

you find at the end of the road you get this message:

image

For administrative accounts (Domain Admins), you need to go to PS (PowerShell) to do this:

So open: Lync Server Management Shell

image

To enable a user that is apart of the domain admins group use the following command line to enable that specific user:

Enable-CsUser -Identity "Pilar Ackerman" -RegistrarPool "atl-cs-001.litwareinc.com" -SipAddressType SamAccountName  -SipDomain litwareinc.com

Substitute the italicized words for your own domain and user. The SipAddressType of SamAccountName can be change to one of the below.

image

-FirstLastName
-EmailAddress
-UserPrincipalName
-SamAccountName

Definitions for all can be found here: http://technet.microsoft.com/en-us/library/gg398711.aspx

You can Type: Get-Help Enable-CsUser to get SYNOPSIS SYNTAX AND DESCRIPTION information for the command Enable-CsUser.

image

You can Type: Get-Help Enable-CsUser –Example to get Examples of the command Enable-CsUser

image

 

Disabling A Administrative User for Lync Server 2010

 

To Disable a user you can simply use the Disable-CsUser command.

image

You can also use “Get-Help Disable-CsUser” to get SYNOPSIS SYNTAX AND DESCRIPTION

image

You can also find more information on the technet link below:
 http://technet.microsoft.com/EN-US/library/92e7e29e-2620-4852-9e4a-2fd3569bb095(OCS.14).aspx

Hop this helps someone

WordPress Tags: Admin,Users,Lync,Administrative,User,Server,About,Client,domain,admins,archive,panel,road,message,PowerShell,Management,Shell,Enable,CsUser,Pilar,Ackerman,RegistrarPool,SipAddressType,SamAccountName,SipDomain,Substitute,FirstLastName,UserPrincipalName,Definitions,library,Type,Help,SYNOPSIS,SYNTAX,DESCRIPTION,information,Example,Examples,Disable,litwareinc,technet,microsoft,aspx

Posted in Uncategorized | 1 Comment

Installing Hyper-V Server 2008

Building my 1st Hyper-V server.

So to began just a little about myself. I am a huge VMware fan. I have been using VMware since it was in beta testing. The last time I used Microsoft Virtualization was 4 years ago when there virtualization was managed from a webpage.

I have been to a few Microsoft conferences in the past year and I have noticed obviously there using hyper-v, for there demos and virtual environment. So a colleague I trained years ago just dumped VMware for Microsoft and I am now convinced to giving it a try.

Now realize I have not used Microsoft Virtualization since there virtualization was a webpage, witch by the way was very sub-par to what we have now.

So to continue on. So 1st I downloaded Microsoft Hyper-V 2008 from the link below:

Microsoft Hyper-V Server 2008 R2 is a stand-alone product that is available as a free download via the Microsoft Download Center.

Man what a fiasco getting this to work. Installing was not a problem. I simply downloaded the iso. Mounted the iso file as a virtual cd-rom using the iLO interface.

I used PowerISO to mount the image, to a virtual CD-ROM

 

DOWNLOAD POWERISO

The fiasco: So with the Hyper-V product, MAKE SURE BOTH PROCESSOSRS ARE EXACTLY THE SAME. If both CPU’s are not exactly the same you will find yourself researching and educating yourself on the (CPU STEPPING) topic witch delayed my hyper-v test lab for 3 days.

You can use CPU-Z to check and make sure your processors are exact, though you will have to have a OS loaded to get the application to check the proc’s for you.

I had a server with 2 processors. After installing hyper-v the server would just "black screen" after bios processed at startup. After 2 days of trial and error, I found that it was the processors. One or the processors. Was not like the other. The processors were the same physically but not programmatically. See Google link below:

GOOGLE SEARCH

After installing hyper-v 2008 the server booted just fine and there is your 1st hyper-v server.

Posted in Hyper-V | Tagged | Leave a comment