Windows

How to Identify FSMO Roles and Global Catalogs with ReplMon

Posted on Updated on

In a healthy Active Directory environment, knowing exactly which Domain Controllers (DCs) hold your Operations Master roles is vital for disaster recovery and maintenance. Active Directory defines five specific roles, often referred to as FSMO (Flexible Single Master Operations) roles:

  1. Schema Master (Forest-wide)
  2. Domain Naming Master (Forest-wide)
  3. RID Master (Domain-wide)
  4. PDC Emulator (Domain-wide)
  5. Infrastructure Master (Domain-wide)

Step 1: Installing the Tools

Replication Monitor isn’t installed by default. You must install the Windows Support Tools from your installation media:

  • Navigate to the \Support\Tools folder on your product CD.
  • Run Setup.exe.
  • Once installed, launch it via Start > Programs > Support Tools > Tools > Active Directory Replication Monitor.

Step 2: Determine Operations Master Role Holders

ReplMon makes it incredibly simple to see the “Owner” of each role without digging through multiple consoles.

  1. Add your server: Right-click Monitored Servers and follow the wizard to add at least one DC from your domain.
  2. View FSMO Roles: Right-click the server in the list and select Properties.
  3. Check Ownership: Click the FSMO Roles tab. You will see a list of the five roles and the specific DC currently holding them.
  4. Verify Connectivity: Click the Query button next to any role. This performs a real-time check to ensure the role holder is online and responding.

Step 3: Locating Global Catalog (GC) Servers

Global Catalogs are essential for multi-domain forests and universal group memberships. If your GCs go offline, users may experience login failures.

  1. Inside Replication Monitor, ensure you have added your servers.
  2. Right-click the server name.
  3. Select Show Global Catalog Servers in Enterprise.
  4. A list will populate showing every DC in your forest that has been promoted to a Global Catalog.

Why use ReplMon instead of the GUI?

While you can find this info in AD Users & Computers or AD Domains & Trusts, ReplMon gives you a centralized view. You don’t have to switch between three different MMC snap-ins to see both forest-wide and domain-wide roles.

The LazyAdmin Tip: If you notice that one server is holding all five roles, it might be a performance bottleneck! Consider spreading these roles across different DCs in larger environments to improve redundancy.

#ActiveDirectory #FSMO #ReplMon #SysAdmin #WindowsServer #ITPro #Infrastructure #LazyAdmin #ServerMaintenance #DataCenter #TechTutorials

This entry was posted in Active Directory, Windows and tagged , , , , , , , , .

Mastering DsQuery: Fast Domain Controller Auditing

Posted on Updated on

Using the GUI to find specific servers in a large forest can be time-consuming. DsQuery Server provides a lightning-fast way to extract this data directly from the Command Prompt. Whether you need a list of Global Catalogs or want to find the Schema Master, these commands will save you hours of clicking.

1. Locating Domain Controllers in the Forest

To get a quick list of every DC across all domains in your entire forest, you can use the -Forest switch.

  • To get the full Distinguished Name (DN): DsQuery Server -Forest
  • To get just the Relative Distinguished Name (RDN): DsQuery Server -o rdn -Forest

2. Targeting a Specific Domain

If you only want to see the controllers within a specific domain, use the -domain switch: DsQuery Server -domain lazyadminblog.com

3. Finding Global Catalog (GC) Servers

Global Catalogs are vital for forest-wide searches. To find which DCs in a specific domain are configured as GCs: DsQuery Server -domain lazyadminblog.com -isgc

4. Finding FSMO Role Holders

Instead of opening multiple MMC snap-ins, you can find the FSMO role holders directly. For example, to find the server holding the Schema Master role for the forest: DsQuery Server -Forest -hasfsmo schema

Note: You can replace schema with naming, pdc, rid, or infrastructure to find other role holders.

5. Exporting your Results

The most useful way to use DsQuery is to pipe the results into a text file for documentation or further scripting. Use the > operator to save your output: DsQuery Server -Forest > C:\Logs\AllDCs.txt

#ActiveDirectory #DsQuery #SysAdmin #WindowsServer #ITPro #CodingAdmin #ServerAudit #LazyAdmin #TechTips #DataCenter

This entry was posted in Windows and tagged , , , , , , , , .

LDIFDE vs. CSVDE: How to Export Active Directory Data

Posted on Updated on

Exporting Active Directory objects doesn’t require complex scripts. Windows includes built-in tools to handle this via the command line. Choosing between them depends on what you plan to do with the data.

1. LDIFDE (LDAP Data Interchange Format)

Best for: Migrations and bulk modifications.

LDIFDE exports data in the .ldf format. This format is superior for importing data back into AD because it can handle operations like add, modify, and delete.

Command Syntax:

DOS

ldifde -f Exportuser.ldf -s ADservername -d "CN=username,CN=Users,DC=domain,DC=com"
  • -f: The filename for the export.
  • -s: The source Active Directory server.
  • -d: The Distinguished Name (DN) of the root search point.

2. CSVDE (Comma Separated Value)

Best for: Reporting and Excel analysis.

CSVDE exports data into a standard CSV format. This is perfect if you need to create a spreadsheet of user attributes for a manager or an audit. Note that CSVDE cannot be used to modify existing objects; it only supports “Add” operations during an import.

Advanced Export Command:

This command filters for specific objects with mailboxes and pulls a massive list of attributes (Name, Company, Title, Phone, etc.):

DOS

csvde -m -f Mailboxes.csv -d "OU=Users,DC=domain,DC=com" -r "(&(objectClass=user)(mail=*))" -l "objectClass,displayName,memberOf,proxyAddresses,title,telephoneNumber,company,userPrincipalName,sAMAccountName"
  • -m: Omits binary attributes (like objectGUID) that aren’t readable in text.
  • -r: The LDAP filter (e.g., only users with an email address).
  • -l: The list of specific attributes you want to include in the columns.

Comparison Table: Which should you use?

FeatureLDIFDECSVDE
Output FormatPlain Text (.ldf)Comma Separated (.csv)
Best UseModifying/Moving ObjectsReporting / Spreadsheet Analysis
ReadabilityHarder for humansVery easy (Excel)
Import SupportAdd, Modify, DeleteAdd only

The LazyAdmin Tip: Always use the -m switch with CSVDE. If you don’t, your CSV file will be filled with unreadable binary strings for attributes like user certificates or SID history, making it almost impossible to use in Excel!

#ActiveDirectory #SysAdmin #ITPro #DataExport #WindowsServer #CSVDE #LDIFDE #LazyAdmin #TechTips #ServerManagement

This entry was posted in Active Directory, Windows and tagged , , , , , , , , .

How to Get Hardware Serial Numbers Remotely (WMIC & PowerShell)

Posted on Updated on

As a SysAdmin, you often need a serial number or UUID for a warranty check or asset tracking. Instead of walking to the user’s desk or remoting into their session, you can pull this data directly from your workstation using these simple commands.

1. Using WMIC (Legacy Command Line)

WMIC is incredibly efficient for quick, one-off queries against remote systems.

To get a remote serial number:

DOS

wmic /node:"RemoteComputerName" bios get serialnumber

To export results to a central text file: If you are auditing multiple machines, use the /append switch to create a running list:

DOS

set myfile=\\Server\Share\Inventory.txt
wmic /append:%myfile% /node:"RemoteComputerName" bios get serialnumber

2. Using PowerShell (Modern Method)

PowerShell is the preferred method for modern Windows environments (Windows 10/11 and Server 2016+). It returns objects that are much easier to manipulate.

Standard Command:

PowerShell

Get-WmiObject -ComputerName "RemoteComputerName" -Class Win32_BIOS

The “Lazy” Short Version:

PowerShell

gwmi -comp "RemoteComputerName" -cl win32_bios

3. Bonus Hardware Commands

Sometimes the serial number isn’t enough. Use these WMIC commands to get a deeper look at the hardware specs:

  • CPU Details: Get the exact model and clock speeds. wmic cpu get name, CurrentClockSpeed, MaxClockSpeed
  • System Product Info: Pull the motherboard name and the system’s unique UUID. wmic csproduct get name, identifyingnumber, uuid
  • Full BIOS Audit: Get the BIOS name, version, and serial number in one go. wmic bios get name, serialnumber, version

Troubleshooting Connectivity

If these commands fail with “Access Denied” or “RPC Server Unavailable,” check the following:

  1. Admin Rights: Your shell must be running with Domain Admin or local administrator permissions on the target.
  2. Firewall: Ensure “Windows Management Instrumentation (WMI)” is allowed through the Windows Firewall on the remote machine.
  3. WMI Service: Ensure the WinMgmt service is running on the target.

#SysAdmin #PowerShell #WMIC #WindowsServer #ITPro #TechTips #InventoryManagement #LazyAdmin #RemoteAdmin #HardwareHack

This entry was posted in Windows and tagged , , , , , , , , .

Installing ADSI Edit on Windows Server 2003

Posted on Updated on

Whether you are performing a schema extension or manually cleaning up metadata after a failed Domain Controller demotion, ADSI Edit is the tool you need. Because it interacts directly with the Active Directory database, it is powerful—and dangerous.

Warning: ADSI Edit does not have “undo” functionality. Always ensure you have a valid System State backup before making manual attribute changes.

Step 1: Locating the Installation Files

On Windows Server 2003, ADSI Edit is not installed by default. It is part of the Windows Support Tools package.

  • From the CD: Insert your Windows Server 2003 installation media and navigate to: [CD-DRIVE]:\SUPPORT\TOOLS\
  • Run the Installer: Double-click SUPTOOLS.MSI and follow the installation wizard.
  • No CD? You can download the “Windows Server 2003 Service Pack 2 Support Tools” directly from the Microsoft Download Center.

Step 2: Launching the Console

Once the Support Tools are installed, you can launch the editor:

  1. Go to Start > Run.
  2. Type adsiedit.msc and press Enter.

Step 3: Troubleshooting “adsiedit.msc not found”

If you have installed the tools but still receive an error that the file cannot be found, the system likely hasn’t registered the required library (.dll) file properly.

To manually register the DLL:

  1. Go to Start > Run.
  2. Type the following command: regsvr32 adsiedit.dll
  3. You should see a success message stating that the DllRegisterServer succeeded.

What can you do with ADSI Edit?

ADSI Edit allows you to view and edit the three primary partitions of the Active Directory database:

  • Domain Partition: Contains the users, groups, and OUs.
  • Configuration Partition: Contains forest-wide configuration data (like site topology).
  • Schema Partition: Contains the definitions for every object type and attribute in the forest.

#ActiveDirectory #ADSIEdit #WindowsServer #SysAdmin #ITPro #Microsoft #TechSupport #LazyAdmin #ServerManagement #VintageTech #ADTroubleshooting

This entry was posted in Active Directory, Windows and tagged , , , , , , , , .

How to Enable Remote Logins in a Windows server

Posted on Updated on

🛠️ The Registry Method (Headless Activation)

By default, Windows Server hardens itself by denying Terminal Server (TS) connections. You can flip this switch manually in the Registry Editor.

  1. Open Registry Editor: Press Win + R, type regedit, and hit Enter.
  2. Navigate to the Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\
  3. Modify the Value: Locate the fDenyTSConnections DWORD.
    • Value = 1: Remote Desktop is Disabled (Default).
    • Value = 0: Remote Desktop is Enabled.

💻 The PowerShell Method (The Modern Way)

If you have PowerShell Remoting enabled, you don’t even need to open a GUI. You can push this change with a single line of code:

PowerShell
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0

To verify the change:

PowerShell
Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections"

🛡️ Important: Don’t Forget the Firewall!

Enabling the registry setting is only half the battle. If the Windows Firewall is active, it will still block port 3389. You must allow the RDP traffic:

Via PowerShell:

PowerShell

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

⚠️ Security Checklist

  • NLA (Network Level Authentication): For modern security, ensure the value UserAuthentication in the same registry path is set to 1. This requires users to authenticate before a session is even created.
  • Permissions: Simply enabling the service isn’t enough; the user account must be part of the Remote Desktop Users group or have Administrative privileges.
  • BlueKeep & Vulnerabilities: Ensure your server is fully patched if you are exposing RDP, as unpatched legacy servers are prime targets for ransomware.

#WindowsServer #RDP #RemoteDesktop #SysAdmin #ITPro #PowerShell #RegistryHacks #LazyAdmin #TechTips #ServerSecurity

This entry was posted in Windows and tagged , , , , , , , .

Understanding Processor Queue Length

Posted on Updated on

In simple terms, Processor Queue Length is the “waiting room” for your CPU. It represents the number of threads that are ready to be processed but are currently stuck waiting because the CPU is already busy handling other tasks.

🚦 The Core Concept: Threads in Waiting

Every action on your server—whether it’s a database query or a system background task—is broken down into threads. The CPU can only handle a certain number of threads at once. When more threads arrive than the CPU can handle, they line up in the Processor Queue.

📉 Identifying a Bottleneck

A high CPU utilization percentage (e.g., 90%) doesn’t always mean there is a problem. The true indicator of a performance bottleneck is a sustained or recurring queue.

  • The Golden Rule: A sustained queue of more than two threads per processor is a clear symptom of a bottleneck.
  • The Exception: Queues can develop even when CPU utilization is below 90% if the requests are random and the processing time for each thread varies wildly.

🔍 How to Troubleshoot a High Queue

If you notice frequent queueing, you need to dig into the specific processes causing the backup.

  1. Check % Processor Time: Identify which specific processes are eating up CPU cycles.
  2. Monitor Thread Patterns: Use Performance Monitor (PerfMon) to see if a single process is spawning too many threads.
  3. Evaluate Priorities: Check if certain low-priority tasks are holding up high-priority ones. While you can adjust base priorities in Task Manager, this is usually a “band-aid” fix, not a permanent solution.

🖥️ Multiprocessor Systems: Calculating the Limit

The acceptable queue length scales with your hardware. To find your target range, multiply your number of physical processors (or cores) by the thread threshold.

System TypeTypical Usage (0–10% CPU)Busy System (80–90% CPU)
Single Processor0 to 1 threads1 to 3 threads
Dual Processor0 to 1 threads2 to 6 threads
Quad Processor0 to 1 threads4 to 12 threads

Note: For servers, also keep an eye on the Server Work Queues\Queue Length counter, which specifically tracks requests waiting for the server service.

#WindowsServer #SysAdmin #PerformanceTuning #ITPro #TechTips #CPU #DataCenter #ServerManagement #LazyAdmin #PerfMon

This entry was posted in Windows and tagged , , , , , , , .

Syslog Server storage logs size calculation

Posted on Updated on

Upgrading your syslog retention is a great move for troubleshooting depth, but as your math shows, it comes with a significant increase in storage demands. Moving from 4GB to 40GB is a 10x jump, so ensuring your volume can handle the growth is critical.

Here is the breakdown of the calculation and the step-by-step guide to applying these changes.

📊 Syslog Storage Planning

Before modifying configuration files, verify your available disk space. Using your specific requirements for 100 hosts:

VariableCurrent SettingDesired Setting
Max Log Size2 MB10 MB
Rotation Count20 Files40 Files
Retention per Host40 MB400 MB
Total Storage (100 Hosts)4,000 MB (4GB)40,000 MB (40GB)

⚠️ A Note on Scalability

While you are planning for 100 hosts, keep in mind that the VMware Syslog Collector for Windows is officially supported for up to 30 hosts.

  • The Risk: Beyond 30 hosts, the service may stop responding or drop logs without an error message.
  • The Fix: If you need to support 100 hosts reliably, consider deploying multiple collectors or moving to a high-scale solution like VMware vRealize Log Insight.

🛠️ How to Modify Syslog Collector Configuration

To apply your new 10MB / 40 Rotate policy, you must manually edit the configuration XML.

1. Locate and Backup

Before editing, create a copy of the configuration file.

  • vCenter 6.0: %PROGRAMDATA%\VMware\vCenterServer\cfg\vmsyslogcollector\config.xml
  • vCenter 5.5 & older: %PROGRAMDATA%\VMware\VMware Syslog Collector\vmconfig-syslog.xml

2. Edit the XML

Open the copy in a text editor (like Notepad++) and locate the <defaultValues> section. Update the values as follows:

XML
<defaultValues>
    <port>514</port>
    <protocol>TCP,UDP</protocol>
    <maxSize>10</maxSize>
    <rotate>40</rotate>
    <sslPort>1514</sslPort>
</defaultValues>

3. Swap and Restart

  1. Stop the Service: Open services.msc and stop the VMware Syslog Collector.
  2. Replace File: Delete the original config.xml and rename your modified copy to the original filename.
  3. Start the Service: Restart the VMware Syslog Collector.

Lazy Admin Tip: If the logs don’t start flowing immediately, you may need to restart the syslog service on the ESXi hosts themselves to re-establish the connection to the server.

#VMware #vSphere #Syslog #DataCenter #Storage #SysAdmin #ITPro #Virtualization #LogManagement #LazyAdmin #TechGuide

This entry was posted in VMware, Windows and tagged , , , , , , , .

Dell ExtPart: The “Magic” Utility for Legacy Partition Expansion | Lazy Admin Blog

Posted on Updated on

If you’ve ever tried to expand a boot partition on an older Windows box (like Server 2003 or 2008) and found the “Extend Volume” option greyed out, you know the frustration. Enter the Dell ExtPart Utility.

This tiny 36KB tool allows for online volume expansion—meaning you can grow your NTFS partition without a reboot.

⚠️ The “Cloud” Warning

Before we dive in, a massive disclaimer: Do NOT use this in a Cloud/Virtual infrastructure (Azure, AWS, or even modern ESXi/Hyper-V). Modern hypervisors and cloud platforms use virtual disk drivers that can become corrupted if a legacy tool like ExtPart tries to manipulate the partition table directly. Use the native Disk Management or PowerShell tools instead.

How to use ExtPart.exe

  1. Download and Extract: It’s a self-extracting archive. Run it and extract extpart.exe to a folder (e.g., C:\extpart).
  2. Open Command Prompt: Run CMD as an Administrator.
  3. Run the Command: Navigate to your folder and use the following syntax: extpart [drive_letter]: [size_to_add_in_mb]

Example: To add 10GB (10240MB) to your C: drive, you would type: extpart c: 10240

Key Specs:

  • File Name: ExtPart.exe
  • Size: 36KB
  • Requirement: NTFS formatted basic disks.
  • Reboot required? No.

Official Download Link:

Installation Quick-Steps:

  1. Click Download File on the Dell page.
  2. Run the ExtPart.exe you just downloaded. It is a self-extractor.
  3. By default, it extracts to C:\dell\ExtPart.
  4. Navigate to that folder to find the actual extpart.exe utility you’ll use in the Command Prompt.

This entry was posted in Windows and tagged , , , , , , , , , .