Managing Global Catalog Servers best practices

Or, should we keep Global Catalog and Infrastructure Master server roles on one Domain Controller?

Or, is it good have Infrastructure master role and Global catalog server role in one Domain Controller server?

Descriptions: This is one of the most common and most ignored scenario where either people don’t take it seriously or don’t design the Active Directory domain in an efficient manner. When you are running too many DCs in your large domain environment, you must check for these common best practices as to where to keep your FSMO roles holders and how to design their architectural placements.

Guys, in a small domain environment you may not face challenges where you have one DC and one ADC, but if you have more than one ADC in your domain environment, you should never keep Global Catalog server and Infrastructure Master role on same DC/single server.

It’s because, there may be many issue while replicating new changes at Infrastructure level due to priority and communication conflicts between Infrastructure master and global catalog servers. Global Catalog server automatically receives all updates happened in the forest. Infrastructure master role then takes these updates from Global catalog server and replicate it to cross domain DCs.

If you have any query or feedback on this, please write me back.

System State Backup in Windows Server 2012

Or, How to take System State Backup of Windows Server 2012 DCs?

Or, How to run system state backup using wbadmin utility?

Descriptions: As NTBACKUP utility is no more available in Window Server 2012 Operating System, you still have WBADMIN to perform system state backup of your servers. WBADMIN utility is part of Windows Server Backup feature in windows server 2012.

Windows Server Backup Feature can be installed using Server Manager’s Roles and Features installation wizard.

Yes, please!! You must install this feature before you think of using WBADMIN for system state backup.

Steps: Using WBADMIN for system state backup

Open CMD (run as administrator)

Type the command below and hit enter

wbadmin start systemstatebackup -backuptarget:E: -quiet

you can choose the backup target as per your scenario. In my case, I am using E:\ drive as a backup target.

The Backup will be initiate now, wait till it completed successfully.

Cheers, Please write be back if you have any query or feedback.

Error ‘the value for option backuptarget is missing’ on Windows Server 2012

Or, WBADDMIN Error (Systemstatebackup): the value for option backuptarget is missing

Descriptions: Even when you are trying correct commands to perform systemstate backup on windows server 2008 or 2012 using wbadmin (e.g. the command ‘wbadmin start systemstatebackup -backuptarget:E: -quiet’ is correct but ends with error), it is being encountered with error ‘the value for option backuptarget is missing’.

Guys, if you don’t do, my suggestion is, always think of reboot after installing any role, feature or components on windows operating systems as per your convenience. No matter the type of installation is required reboot or not. Anyways, it’s your choice at all. J

Possible Reason: You have recently installed powershell along with windows backup feature and trying to perform systemstate backup without taking server reboot after the installation of this feature. Remember, I said always think of taking reboot after installing anything on windows operating systems.

Solution/Workaround:  Reboot your server > run CMD as administrator > try to re-execute the command... it should work… in my case it worked well…

Wait till the backup is completed successfully.

Cheers...please write me back if you have any query or feedback.

Creating date wise log file in Robocopy backup.

Or, How to take backup of shared or local folders using Robocopy?

Or, Robocopy command to take backup and exporting backup log files date wise.

Descriptions: Using Robocopy for shared folders or local folders backup is one of the good way to perform flat files/data backup in Windows. It’s an inbuilt utility in windows by Microsoft, no need to download or purchase it separately.

Normally, administrators do use robocopy with source, destination and export logs arguments in the robocopy command and rename the log files manually everyday... that’s waste of time frankly... J

Here in this article, we will see how we can set the robocopy command to take backup of data, export log in a txt file and keep the log file name with execution date included. We are going to get it done with batch script..

e.g. If the log file name is fileserverbackup.txt, it should be exported with name fileserverbackup-YYYYMMDD.txt

Please note, I have used some special switched to for best backup output. you should understand the behaviour of special switches before using them.

You can use Robocopy /? for more help on robocopy command and switches.

Commands and batch file:

General command with no special switches

robocopy C:\TestSourceFolder E:\DestFolder

Customized command as per suitable requirements with some special switches

robocopy C:\TestSourceFolder E:\DestFolder /E /ZB /SEC /R:3 /W:3 /TEE /UNILOG+:C:\FileServerBackup.txt

the above mentioned command will take backup well, but it will create a log file FileServerBackup.txt with no date inserted in the file name.

Recommended:

Batch script to take backup using robocopy command and then creating log files every day with date specified/added in the file name.

--------------------------------------------------------------------------------------------------------------------------

@echo off

echo wscript.echo year(date) ^& right(100 + month(date),2) ^& right(100+day(date),2)  > "%temp%\dateparts.vbs"

for /f "tokens=1 delims=" %%a in ('cscript //nologo "%temp%\dateparts.vbs"') do set yyyymmdd=%%a

echo Today is %yyyymmdd%

robocopy C:\TestSourceFolder E:\DestFolder /E /ZB /SEC /R:3 /W:3 /TEE /UNILOG+:C:\FileServerCopy-%yyyymmdd%.txt

--------------------------------------------------------------------------------------------------------------------------

Copy and paste the above given script in a text files > save as filename.bat > use this bat file in windows task scheduler.

That’s it, backup will be executed and file name will be created date wise automatically. Please make sure you tested the script carefully and deploy[ in production if it works 100% as per your requirement.

If you have any query or feedback, please write me back...

Understanding FSMO role in active directory and impact when unavailable

Or, FSMO Roles in AD (Active Directory) – Explained

Or, Active Directory FSMO Roles Explained

Or, FSMO roles functions and impact when unavailable

Descriptions: FSMO stands for Flexible Single Master Operation. FSMO roles are one of the critical component of Active Directory which helps a large Active Directory domain environment to be managed in an efficient way in terms of internal communication, availability, accessibility and replications.

FSMO have 5 roles and these roles are categorized logically in two categories, Domain Level roles and Forest Level roles.

FSMO Roles and Categories:

FSMO Roles functions and impact when unavailable:

Schema Master Role: The schema master role holder Domain Controller is responsible to control all updates and modifications to the schema (e.g. user name, company name, email address, department name etc..). Once the schema update is completed, it is replicated from Schema Master domain controller to all other domain controllers in the domain network or forest. To update the schema of a forest, you must have schema admin privileges.

Schema Master role is Forest Level role and there can be only one schema master in a forest.

Impact, if Schema Master Domain Controller is down? Modification to schema objects may not be replicated to other domain controllers in your network. Addition of any new application or server which requires schema modification like, Exchange server, Lync Server etc. will not take place.

Domain Naming Master Role: The domain naming master role holder domain controller is responsible for controlling the addition and removal of domains in the forest. This domain controller is the only one which can allow addition or removal of domain from in the forest.

Domain Naming Master role is Forest level role and there can be only one domain naming master in a forest.

Impact, if Domain Naming Master Domain Controller is down? You can not add new domain in the forest and also you will not be able to remove exiting domains from the forest. Unless you have domain addition and removal kind of activities, there is going to be no impact on your running production.

RID Master Role: The RID Master role holder domain controller is responsible for assigning unique identity number to all the objects created in Active Directory. Whenever any object created and joined in Domain, RID master domain controller is responsible to assign a unique identity number to that object whether it is a computer, printer, user or group etc...

The RID Master role is Domain Level role and there can be more than one RID Master in a forest.

Impact, if RID Master Domain Controller is down? When this domain controller is down, there is no quick impact going to take place because all the Domain controllers by are assigned with 500 RID pool. Even if the RID Master is down, you would be able to create or add new objects in AD till the time you have the RID pool of 500. Once this RID pool is completely occupied, you would no more be able to create or add any additional objects in AD.

To check how many RID pools are available on your domain controller, you can use below command (search for the value RIDManager term once the command is completed).

Dcdiag /test:ridmanager /v

Infrastructure Master Role: The Infrastructure Master role holder Domain Controller is responsible for cross-domain reference check.

Example: We have a security group ‘Finance’ and the user ‘Test-User-1’ is member of this security group. When the user Test-User-1 access the resources where Finance security have access, Infrastructure master role is responsible to validate this information with the help of Global Catalog server.

If any objects or user’s information changes take plane in the domain, Infrastructure master role is responsible for replicating this information to cross domain DCs.

Infrastructure Master role is Domain Level role and there can be more than one Infrastructure master role in a forest.

Impact, if Infrastructure Master Domain Controller is down? Objects changes and updates may not be replicated to cross-domain DCs. Means, if you have shared folder access on a folder where a security group from cross-domain DC is having access and you are just member of that security group, you may not be able to access the folder or it’s possible that new modification in access rights will not be replicated to other DCs.

PDC Emulator Role: PDC Emulator FSMO role holder Domain Controller is responsible for replication between NT4 DCs. This DC also hold the password update and replication authority. When any password changes or update occurs in the domain, PDC emulator is responsible for updating the password update information to all other DCs in the forest.

Authentication failures/success, logon attempts, accounts lockout status, group policy changes or modifications preferably updates on the PDC emulator domain controller first.  This DC also handles the primary Time Server (NTP Server) responsibility in the domain environment. Unless you have modified and dedicated time server in your network, PDC emulator domain controller is by default responsible for replicating time update to all domain joined machines or to the machine where it has been pointed specifically.

PDC Emulator role is Domain Level role and there can be more than one PDC emulator in a forest.

Impact, if PDC Emulator Domain Controller is down? This is the one Domain controller which is going to impact sooner than other. Time Sync across domain computers, new password changes update, group policy updates are not going to work till the time this Domain Controller is down. All existing things should work fine but any new changes and update is not going to take place.

Updated: 10-04-2018

Some reference useful KBs from Microsoft

https://support.microsoft.com/en-in/help/223346/fsmo-placement-and-optimization-on-active-directory-domain-controllers

https://support.microsoft.com/en-in/help/197132/active-directory-fsmo-roles-in-windows

Cheers, Please write me back if you have any query or feedback.

Increasing/reducing RAM and CPU capacity of a VM after taking snapshot.

Or, is it possible to increase RAM/CPU capacity of a VM after taking snapshot?

Or, is it possible to reduce RAM/CPU capacity of a VM after taking snapshot?

Descriptions: If wondering whether CPU/RAM capacity of a virtual machine can be increased/reduced or not, the answer is Yes. You can reduce or increase the Memory as well as CPU capacity of a VM even after taking snapshot of the VM.

Logically, when you take snapshot of the Virtual Machine, the CPU and Memory state of the Virtual Machine get preserved. Means, no matter whether you want to increase or decrease the CPU/RAM capacity of the VM, whenever you will revert the snapshot the earlier configurations and status will be restored.

Test Case: When I tested this concept in my lab environment, I found that I am able to change the CPU and RAM configurations (increase or decrease) after taking snapshot of the Virtual Machine. When reverting the snapshot, the original status of the Virtual Machine is enforced.

No, No, No, you can’t increase or decrease drive capacity of any Virtual Machine after taking snapshot. J

Cheers, Please write me back if you have any query or feedback.

Cisco Nexus 5672UP-IOS and Kickstart Version Upgrade Process.

Or, Cisco Nexus 5672UP-IOS and Kickstart Version upgrade without losing configurations.

Objective

To Upgrade the BIOS and Kickstart Version for Cisco Data Center switches through USB in HA Mode. (Primary and secondary Cisco Nexus 5000 DC Switches).

Stage-1

There is a need to upgrading the Cisco N5K switches OS and Kickstart version with the following parameters.

1)      Download the current Backup of the Core Switches and save to the central location (keep at least two copies of the Backup).

2)     Download the Nexus latest Version of N5K-OS from Cisco Support Portal.

3)     Cisco Nexus C5672UP Data Center Switches upgrade process activity performs in Three Stages

{Upgrade path is 7.0(1) N1 (1) -> 7.0(8) N1 (1) -> 7.2(1) N1 (1) -> 7.3(0) N1(1)}.

4)     Upload the Kickstart version 7.0(8) N1 (1) and System OS: 7.0(8)N1(1) and Installed. Therefore, we have checked switch is working or not if working, then start another stage process.

5)     Upload the Kickstart version 7.2(1)N1(1) and System OS: 7.2(1)N1(1) and Installed. Therefore, we have checked switch is working or not if working, then start another stage process.

6)     Upload the Kickstart version 7.3(0)N1(1) and System OS: 7.3(0)N1(1) and Installed. Therefore, we have checked switch is working or not if working, then start another stage process.

7)     Once the upgrade to the latest version of N5K-OS is completed, then we can verify all configurations are fine and all commands are working or not.

8)     If all configurations are done, then connected all cables to the switch.

9)     Follow all steps from (Top to Bottom) to upgrading the  another switch.

Example:-

Note: - All Files copying from USB drive :

1. Upgrade Path for N5K-OS and Kickstart Version 7.0(1) N1 (1) -> 7.0(8) N1 (1)

(Config) #copy usb1:n6000-uk9.7.0.8.N1.1.bin bootflash:n6000-uk9.7.0.8.N1.1.bin

(Config) #copy usb1:n6000-uk9-kickstart.7.0.8.N1.1.bin bootflash:n6000-uk9-kickstart.7.0.8.N1.1.bin

(Config) #install all kickstart bootflash:n6000-uk9-kickstart.7.0.8.N1.1.bin system bootflash:n6000-uk9.7.0.8.N1.1.bin

Note: Delete the Old N5K-OS and kickstart Version for creating the Space on Switches 

Commands/Proceedures:

(Config) #delete bootflash:n6000-uk9.7.0.1.N1.1.bin

(Config) #delete bootflash:n6000-uk9-kickstart.7.0.1.N1.1.bin

2. Upgrade Path for N5K-OS and Kickstart Version 7.0(8) N1 (1) -> 7.2(1) N1 (1)

(Config) #copy usb1:n6000-uk9.7.2.1.N1.1.bin bootflash:n6000-uk9.7.2.1.N1.1.bin

(Config) #copy usb1:n6000-uk9-kickstart.7.2.1.N1.1.bin bootflash:n6000-uk9-kickstart.7.2.1.N1.1.bin

(Config) #install all kickstart bootflash:n6000-uk9-kickstart.7.2.1.N1.1.bin system bootflash:n6000-uk9.7.2.1.N1.1.bin

Note: Delete the Old N5K-OS and kickstart Version for creating the Space on Switches

Commands:

(Config) #delete bootflash:n6000-uk9.7.0.8.N1.1.bin

(Config) #delete bootflash:n6000-uk9-kickstart.7.0.8.N1.1.bin

3. Upgrade Path for N5K-OS and Kickstart Version 7.2(1) N1 (1) -> 7.3(0) N1(1)

(Config) #copy usb1:n6000-uk9.7.3.0.N1.1.bin bootflash:n6000-uk9.7.3.0.N1.1.bin

(Config) #copy usb1:n6000-uk9-kickstart.7.3.0.N1.1.bin bootflash:n6000-uk9-kickstart.7.3.0.N1.1.bin

(Config) #install all kickstart bootflash:n6000-uk9-kickstart.7.3.0.N1.1.bin system bootflash:n6000-uk9.7.3.0.N1.1.bin

Note: Delete the Old N5K-OS and kickstart Version for creating the Space on Switches

Commands:

(Config) #delete bootflash:n6000-uk9.7.3.0.N1.1.bin

(Config) #delete bootflash:n6000-uk9-kickstart.7.3.0.N1.1.bin

Your feedback and suggestions are welcome..