Shariq Sheikh | Port 389

Few random pictures I took at The Experts Conference 2010

[View with PicLens]

Previously I had posted the 2003 AD and 2008 Features jigsaw posters, Mike Kline informed me that there is now a 2008 R2 Features poster.

You can download the 44x24in poster from here

An off topic post here as I err to sharing uniquely designed Windows 7 wallpapers.

View Full Album

I was reached out by Keith Powell from Microsoft about the Windows Server 2008 R2 Launch Event dubbed as “the efficiency launch event” on Sep 29th, 2009 at Hyatt Regency Downtown Chicago. It is going to be a virtual event live from San Francisco, with Steve Ballmer as the keynote speaker.

Similar events are going to be taking place in your or a city near you. Take a look at the link below and be sure to register and save the date. Take advantage of this free learning event.

http://www.microsoft.com/business/thenewefficiency/keynote/en/us/

My first technical blurb was published in the renowned WindowsITPro magazine today. It will also be in November’s print version.

http://windowsitpro.com/article/articleid/102795/dnscmd-versions-discrepancy.html

A question was raised on ActiveDir, and I learned about an old TechNet Jigsaw on AD’s interworking.

Along with that, there was a new Windows Server 2008 AD Feature Components which I received at Tech-Ed 2007 and it illustrates the new and improved AD pieces introduced with Windows Server 2008. This poster covers ADLDS, ADFS, ADRMS, and RODCs.

And an additional poster on general new Windows Server 2008 Feature Components that covers TS, NAP, IIS 7.0, Virtualization, Server Core and BitLocker.

Both of the above illustrations and very good quality large size posters (30x20in) and are good to hang in your office/cube. Printing them on regular printer may distort the quality, so you may try the plotter . All three can be downloaded from the following links :

TechNet Magazine Active Directory Component Jigsaw Poster

Windows Server 2008 Component Posters (both)

P.S This is my first test post using WLW.

As briefly discussed before, a feature to offline domain join machines is available in Windows Server 2008 R2. The utility is called “djoin.exe” which is used to perform this task. Here is an official blurb on what the offline domain join is what it would be used for and then I will show you how to perform this simple task.

“Offline domain join is a new process that computers that run Windows® 7 or Windows Server® 2008 R2 can use to join a domain without contacting a domain controller. This makes it possible to join computers to a domain in locations where there is no connectivity to a corporate network. For example, an organization might need to deploy many virtual machines in a datacenter. Offline domain join makes it possible for the virtual machines to be joined to the domain when they initially start after the installation of the operating system. No additional restart is required to complete the domain join. This can significantly reduce the overall time required for wide-scale virtual machine deployments.

A domain join establishes a trust relationship between a computer running a Windows operating system and an Active Directory® domain. This operation requires state changes to Active Directory Domain Services (AD DS) and state changes on the computer that is joining the domain. To complete a domain join in the past using previous Windows® operating systems, the computer that joined the domain had to be running and it had to have network connectivity to contact a domain controller”

I created the metadata as known as “blob” on one of my DC for a Server named 2008R2RC2 that I wanted to join to domain offline (i.e the target machine not connected to the network) and saved it to a txt file called computer_prov, then as usual I run the help on the utility to learn what syntax it has available. Here is the command syntax I ran to provision the computer account and to create the metadata.

djoin /provision /domain techevan.lab /machine 2008R2RC2 /savefile c:computer_prov.txt

I then jumped on the target machine, copy the txt file over and try to run needed syntax with the djoin utility

djoin /requestODJ /loadfile c:computer_prov.txt /windowspath %SystemRoot% /localos

I get an error that I am not running the Shell with elevated privileges, I get out and get back in with the “run as administrator” option, and get the same error.

Perhaps its a bug in RC release, I then tried the same syntax from the conventional CMD line window and was successful.

I then restarted the target computer and machine had been joined to the domain.

For more information please see, http://technet.microsoft.com/en-us/library/dd392267(WS.10).aspx

A long awaited PowerShell version 2 will be released with Windows Server 2008 R2 and Windows 7 (currently both in beta). As Microsoft intends to push PoSH as the management/interactive/command driven shell, you will find the PoSH short-cut in your quick launch toolbar. In addition to what PoSH v2 has to offer such as remote management capabilites, a notable difference is the number cmdlets over version 1. PoSH v2 will have total of 235 native cmdlets where version 1 only had 129.

Watch a quick (first) screencast I did on this.

What is it ?

Windows Server 2003 includes support for a startup switch that lets you tune the allocation of use of memory and memory address space. Regardless of the amount of physical memory in your system, Windows uses a virtual address space of 4 GB, with 2 GB allocated to user-mode processes (for example, applications) and 2 GB allocated to kernel-mode processes (for example, the operating system and kernel-mode drivers). On systems that have 1 GB or more of physical memory, the startup switche can be used to allocate more memory to applications (3 GB) and less memory to the operating system (1 GB). This additional virtual address space helps reduce the amount of memory fragmentation.

How beneficial is it ?

You may have read many articles on this subject before. This discussion has been going on for many years now and at times has almost reached epic proportions due to the conflicting information available from Microsoft. Long story short is that by and large, you should NOT use the /3GB switch unless you meet specific criteria, please read the following article as it demystifies the whole theory. Or read the excerpt below.

http://blogs.technet.com/askperf/archive/2007/03/23/memory-management-demystifying-3gb.aspx

The /3GB option was intended as a short term solution to allow applications such as database servers to maintain more data in memory than a 2GB address space allowed. However, using the /3GB method to increase the user-mode memory space comes at a cost. If we have to allocate an additional 1GB of this address space to the user-mode space, then the System space is cut in half. Drivers, Heap, Paged & NonPaged Memory all have only half the resources to work with now. However, because of the way memory mapping works, cutting the kernel space in half does a lot more than just reducing the address space. Many of the structures within the kernel virtual memory space are cut back by far more than 50%.

For a process to access the full 3GB address space, the image file (application process) must have the IMAGE_FILE_LARGE_ADDRESS_AWARE flag set in the image header.

If the flag is not set in the image header, then the OS reserves the third gigabyte so that the application won’t see virtual addresses greater than 0x7FFFFFFF. You set this flag by specifying the linker flag /LARGEADDRESSAWARE when building the executable. This flag has no effect when running the application on a system with a 2-GB user address space. Therefore if you enable the /3GB switch, then applications that do not have this flag set can only use the standard 2GB of User mode memory, and the Kernel is still limited to the 1GB space – which means that 1GB of virtual memory is basically wasted !

All that is required to make it happen is a switch in the boot.ini file. The switch, /3GB, is placed
at the end of the line that executes the WinNT loading process.

Example:

[operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows NT
Server Version 4.00" /3GB

Or you may add an additional line in your boot.ini as above to have the option to boot into either environment, with or without the switch.

What to keep in mind ?

This topic deals with the the virtual memory address space and has no relevance with the physical memory, it is however a limitation of a 32bit OS if you are running 64bit OS this not applicable. At the end of the day you must decide if your application is capable of handling this switch as an added benefit. Often times, if you are having to up the threshold of your OS handling of things and or things such as over-clocking your processor to keep up, one might worry about the logic behind it. Perhaps go for 64bit OS to begin with.

In my last post, I talked about what FSMO roles are how to retrieve them thru GUI. In this post I am showing you a quick way to tell what DCs are holding which FSMO roles in your forest/domain. It can be done by running NETDOM QUERY FSMO command at one of your DCs.

Notice, that my Schema Master and Domain Naming Master reside in the forest root domain (virtualdomain.com) since they are forest level FSMOs and the PDC Emulator, RID Master and Infrastructure Master are all on one DC (virtualdc3) which is on a separate domain tree (Shq.tech)

Typically NETDOM command-line tool enables administrators to manage Windows Server 2003 and Windows 2000 domains and trust relationships from the command line is available thru the Resource Kit. It has a range of syntax you can do various things with such as,

- Manage computer accounts for domain member workstations and member servers, Establish one-way or two-way trust relationships between domains.

Use NETDOM /? to see the available options or go here to get the list.

I am assuming there are more folks besides me wondering about the new Windows Server 2008 track certifications and roadmaps for the MCSAs and MCSEs. This attached PDF document defines the upgrade paths. Looks like the already known replacement name for MCSA/MCSA – the MCITP (Micrsoft Certified Information Technology Professional) has two flavors i.e Server Administrator and Enterprise Administrator. Current MCSAs/MCSEs can achieve first one by passing two exams and for the latter its four for MCSAs and three for MCSEs.

I would have preferred to keep MCSA and MCSE as titles on Windows Server 2008 certification track, but I guess the change of names was inevitable just like all other things are – in IT.

Windows Server 2008 Transitions Exams for MCSA/MCSE_Roadmaps 

Welcome to my blog where you will find some news and reviews relating to Microsoft technologies, my goal is to use this blog to jot down my day-to-day interaction with Windows Networking and technologies revolving around it. Feel free to leave me a comment about anything you like/dislike. Thanks !!