Story about Mass migration of SLD / VLAN’s / IP Pool / Wifi Mesh Loop / Rectification of Bonjour mDNS using Parallel Topologies

---

---

---

---

---

This post is a quick reference notes for myself on how I managed to rectify some of long pending IT related issues which were left by previous network team, including AD Domain S.L.D migration to FQDN / Public IP scheme being used at Private LAN & its migration to multiple /24 Private IP Pools, Single default VLAN-1 migration to Different VLAN’s with smaller subnets.

The number of desktop/laptop/devices were in several hundreds. Downtime was not an option, therefore we managed to complete the task using parallel topologies for each segment.

Our existing network was running on default VLAN with /8 flat subnet, having each & every device on default VLAN-1 generating enormous number of broadcasts flooding causing network delays/timeout. There was no control on any switch segment, All switch edge port were set on Default roles making situation even worst from Spanning-Tree protocol flooding perspective. Above all like Cherry on the TOP, existing admin used public IP scheme with /8 subnet & many websites which were on this subnet over the internet, never worked on our network.

To over come these issues without any Downtime or disruption, I decided to sort issues on a one by one basis by creating parallel network, using below methods

---

SLD/FQDN Migration:

• On same network, I added new FQDN A.D Domain, Established two way trust between both domains. Then using Microsoft migration tool (ADMT ), I start migrating users (one by one, targeted activity ) from old SLD to FQDN. More details are documented in another article.

Short Notes for Active Directory SLD to FQDN Cross Forest Migration – Using ADMT tool

---

*  Network Related *

We have Cisco L3 Stacked switch at data center & all departmental L2 switches are connected via 10G Fiber TRUNK links. To convert the existing Public IP scheme to Private without having any downtime, I I designed different VLAN’s scheme with smaller /24 private IP’s pool on per department basis, Created there SVI’s on main core switch stack. Using IP helper commands. I also created different vlans for management example different vlan for switch / access points / devices / servers & Users. I created DHCP relay pointed towards our domain controller. As I have to create parallel environment to avoid any downtime or any communication disruption, I didn’t changed any server’s device IP, rather On all server’s I create routes using ROUTE cmd) pointing to switch gateway (SVI) so that all devices can two way communicate with each other either its public or private.

---

Segmentation of different VLAN’s

Slowly gradually, we changed the Server’s/users/devices VLAN form 1 to new vlan scheme, & changed the DNS entries as well (Most of them auto updated there DNS entries at DC DNS upon rebooting or using Group Policy to enforce DNS registration every 30 minutes). New vlan users were able to communicate with older vlan-1 or x users because we configured CLASSLESS for each DHCP pool pointing to Core switch gateway using there corresponding gateways (SVI’s IP’s at Core L3 Switch).

Some Common Tuning we performed resulted in increased reliability of overall network

• Most important set root bridge priority to 1 on L3 Core switch by setting the bridge priority to 1 then set all the others  switches to higher number. This will ensure the STP is built correctly
• Subdivide the network into multiple VLAN’s & smaller logical subnets e.g. Servers, Users, Management vlans for switch n access points, devices like printers , time machines & NVR cameras, departmental vlans etc with each having a /24 e.g. 192.168.1.0/24, 192.168.2.0/24 and so on
• On your core switch allocate SVI’s per required vlan
• ensure each device can talk to each other using intervlan routing [exception to those who required firewalling/security]
• Make all trunk uplinks 802.1q trunks [doesnt requires at new cisco IOS]
• TAG / Associate ports on all switches with the appropriate vlans
• Ensure all ports roles are defined properly, example edge / trunk ports
• User connected EDGE port should be in access mode, & Portfast enabled along with BPDU enabled.
• Disable all UNUSED ports (or make default sandbox VLAN for all unused ports & assign those ports with this sandbox VLAN, to ensure that unknown devices inserted in those ports should remain in sandbox VLAN
• Make sure your Wifi APs are not meshing or bridging
• I added all devices in DNS entries like printers etc , and at user end, added the required devices by DNS name, so that next time if any changes are required, modify the DNS entry only & no need to reconfigure the device at user end.

Some DRY theory on ACCESS/TRUNK Mode

• An access port can have only one VLAN configured on the interface; it can carry traffic for only one VLAN. An access port transmits packets on only one VLAN (traffic is not tagged on this type of port). Portfast feature causes a switch port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states. Portfast on switch ports connected to a single workstation or server allows those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.
• Edge ports are configured such that they immediately go to the forwarding state. However, this does not mean that there is no loop protection. It is assumed that edge ports will connect to end devices, and thus it is convenient for them to go directly to the forwarding state. However, someone can try to plug in a switch on such a port and can try to become the root bridge or may connect to multiple ports and create a loop. That’s where you should use BPDUGuard. On all edge ports, BPDUGuard should be enabled so that as soon as such a port receives a BPDU, it will go into err-disabled state, thus preventing an L2 loop. Now keep in mind that for RSTP, if you don’t enable BPDUGuard, and a BPDU is received on an edge port, the edge port simply loses its edge port status.

---

Windows / Linux Route CMD’s for OS with Static IP

At user end, all routes were distributed via windows DHCP Classless routes which worked transparently fine. But server OS with static IP I had to provide proper routes according to our network. Example we have two gateways for internet at LAN, one is SANGFOR IAM for end users, second is Router/NGFW for server ends. Some times we have to route user/server at one or other gateway.

First get the Interface number via ROUTE PRINT CMD

• route print

(Note down the interface name, example Interface number is 8)

Now add the appropriate gateway for intervlan routing & internet routing as well

*** WINDWOS OS / ADD PERMANENT ROUTES using ROUTE command

Note: -p syntax with route cmd adds the route on permanent basis (in registry)

# Below is an example for SERVER which is on 172.16.2.x VLAN , below is for INTERVLAN Routing for local subnet’s intervlan routing . 172.16.2.1 is the CORE Switch Gateway which have SVI’s configured,

route add -p 172.16.0.0 MASK 255.255.0.0 172.16.2.1 metric 1 IF 8
route add -p 192.168.0.0 MASK 255.255.0.0 172.16.2.1 metric 2 IF 8
# Below is for Internet access , 2 Gateways with priority pointing to Sangfor & NGFW Respectively (NGFW route is added as some port forwarding is done which is routed via NGFW)
route add -p 0.0.0.0 MASK 0.0.0.0 172.16.2.2 metric 3 IF 8
route add -p 0.0.0.0 MASK 0.0.0.0 172.16.2.6 metric 4 IF 8

*** LINUX / ADD PERMANENT ROUTES in interfaces FILE [Ubuntu ver 16 or below]

• For older version of Linux (Ubuntu ver 16 or below) I added below in interfaces file

up route add -net 172.16.0.0 netmask 255.255.0.0 gw 172.16.2.1
down route del -net 172.16.0.0 netmask 255.255.0.0 gw 172.16.2.1
up route add -net 192.168.0.0 netmask 255.255.0.0 gw 172.16.2.1
down route del -net 192.168.0.0.0 netmask 255.255.0.0 gw 172.16.2.1

• For new version of Ubuntu ver 18 & above, I used below [sample file shown below]

cat /etc/netplan/00-installer-config.yaml

network:
ethernets:
ens160:
dhcp4: false
addresses: [192.168.0.28/24]
nameservers:
# DNS server is on different VLAN
addresses: [192.168.1.71,192.168.1.72,8.8.8.8]

# STATIC ROUTES for INTERVLAN ROUTING, GW pointing to L3 Core Switch corresponding SVI
routes:
- to: 10.11.0.0/16
via: 192.168.0.1
- to: 10.10.0.0/16
via: 192.168.0.1
# FOR INTERNET , GW POINTING TO SANGFORIAM OR NGFW
- to: default
via: 192.168.0.6
version: 2

---

DHCP for Different VLAN Users

 

On Domain controller (Default route pointed towards L3 Core Switch SVI) I created multiple IP pool for corresponding VLAN users. At departmental L2 switches, I added corresponding VLAN’s & with the help of IP Helper at core switch, users get IP from the Domain controller DHCP server via there corresponding vlan pool. One by One all departments moved to different Vlan’s with smaller IP pool  resulting in dramatically decline in broadcast traffic. This improve network connectivity reliability at a greater extent.

 

---

IP Helper not working across VLAN’s

I got stucked at one point where ‘IP helper’ was not forwarding the other vlans (like vlan 10/11/12) users dhcp pkts to domain controller dhcp residing on default vlan-1 despite all settings seems correct, I contacted few Cisco / VM experts & they remotely checked in cisco & vm config in details & yet no one  was able to solved it. At Core switch there was this “no service dhcp” set & it was the culprit , as soon as I set it to service dhcp, & Alhamodlillah! all got sorted !

One example of IP helper at Wireless (with mDNS support) VLAN interface on L3 Core Switch

interface VlanXX
description WIFI_XXX-MOBILE-VLAN
ip address 10.0.0.1 255.255.255.0
ip helper-address 192.168.0.1
service-routing mdns-sd
service-policy-query querier 60
service-policy mypermit-all IN
service-policy mypermit-all OUT

---

VLAN’s in VMWARE ESXI

Configuring VLAN’s in ESXI was easiest part. The only thing at switch level was to configure TRUNK at which ESXI is connected to. On esxi server, I created new network (VLAN) & tag the required vlan to desired VM guest & Done.

Allah Shuker!

---

Ref:

Howto Add VLAN in ESXI Server

Following is quick short notes on howto add VLAN in ESXI Server

• Login to ESXI (I am using VCSA to manage all esxi servers).
• Now Goto Configure
• Networking > Virtual Switches (NEXT)
• Add Networking (NEXT)
• Select ‘Virtual Machine Port Group for a Standard Switch’ (NEXT)
• Select ‘Select an existing standard switch’ & click on BROWSE & select vSWITCH0 (NEXT)
• In next window (Connection settings) at NETWORK LABEL , type suitable name like VLAN-100 / & under VLAN ID tab, type in the required VLAN ID example 100 (NEXT)
• Click on (FINISH).

Done. Now you can assign this vlan to your desired VM Guest in its network adapter settings.

---

UniFi Access Points with Multiple SSID’s & VLANS

We have many wireless access points installed at various locations & all controlled centrally by UniFi controller software application. After addition of VLAN’s we decided to remove the default vlan1 SSID, & introduce new SSID based on targeted audience like XYZ-Corporate , XYZ-Mobile , XYZ-Guest & each SSID is tagged with different VLAN’s to control the users based on SSID type. The setup was straight forward. First We create separate VLAN for access points management e.g: VLAN100 & at all access points we changed the ips with vlan100 pool & set there default gateway to vlan-100 SVI configured ta Core Switch, Also we changed there management VLAN to VLAN-100.

• Sample of IP/MGT VLAN setting on per AP Basis

• Adding new VLAN ID in UniFi Controller Application

To add VLAN in UniFi Controller ,
Goto SETTINGS  > NETWORKS > & create new VLAN with VLAN-ID number,

• Adding new SSID in UniFi Controller Application

Now to ADD SSID in UniFi Controller Application& tag with NEW VLAN-ID,
Goto SETTINGS  > WiFi > Create NEW Wifi , Now enter the name of SSID like XYZ-Corporate & in Network select the desired VLAN you created in earlier step

Warning: After applying any setting that needs to be synced to all access points in the group, traffic disruption & timeout to access points may occur upto 1or 2 minutes. Therefore perform such operations Only in Off-Peak hours.

---

UniFi Access Point – Trunk Port Config at Cisco Switch PORT

At Cisco switch where access points ethernet cable is attached. We did below config for that port,

interface GigabitEthernet1/0/20
description UniFi_AP_Finance
switchport mode trunk

This enabled to carry all vlans including AP Mgt / Different Vlan’s based on various SSID’s [each SSID tagged with different VLAN via Unifi Controller application]

---

UniFi Wireless Meshing Causing Loop/Broadcast

We noticed that whenever we modify any settings which requires syncing with All AP’s, then one by one AP’s freezes packet transmission connectivity & then get back online few 15-20 seconds but few access points uplink gets there uplink connectivity with another AP wireless (Meshing). This was also creating the loop broadcast. Disabling WIRELESS MESHING in Unifi Controller application & then readopting the AP’s reduced such events.

---

SANGFOR VLAN

To Provide internet access via sangfor to all vlan users, we added corresponding VLAN’s in SANGFOR IAM device, Each vlan sub-interface with corresponding IP to be used as gateway at corresponding VLAN users (all via DC DHCP)

To add corresponding VLAN’s in SANGFOR,

Goto System > Network / Deployment / Settings > & under LAN interface Page add as per below

10/10.10.10.3/255.255.255.0

Whereas 10/ is the cisco VLAN number, and then the IP of this sub interface &  then the subnet

Warning: After modifying any network related settings, SANGFOR Network services will be restarted, & may cause traffic disruption, therefore perform such actions in off-peak hours.

---

TIPS:

Bonjour (mDNS) discovery across different VLAN’s (Wired/WiFi)

After segregated network into smaller subnets along with separate vlans for wired/wifi users/devices etc, users were not able to *cast/discover* LCD TV /  MFD Printers if both are on different vlans. (they works fine if the device & user are on same vlan/subnet).  If wired user on vlan2 tries to connect with LCD (on wifi)  on vlan3, he cannot. if they are on same vlan they can connect fine. This is because broadcast doesnt’ works across different vlan.

In UniFi Controller, there is an option of enabling mDNS which is a service provided by a Unifi router like USG, UXG Pro or UDM. but since we didn’t had any UniFi router/switch therefore UniFi mDNS didn’t had any mDNS functionality and it didn’t worked. We had to configure the service to repeat broadcasts across VLANs using Cisco switches.

The solution was to enable the mDNS ‘service discovery’ at Core L3 Switch.

At core switch where all SVI’s are configured, I allowed mDNS service on particular VLAN’s (wired/wifi) using below CMD’s & the problem got sorted out.

interface VlanXX
description WIFI_MOBILE-VLAN
ip address X.X.X.X 255.X.X.X
ip helper-address X.X.X.X
service-routing mdns-sd
service-policy-query querier 60
service-policy mypermit-all IN
service-policy mypermit-all OUT
end

---

I will keep updating this article as I get free time

Regards
Syed Jahanzaib

Short Notes for Active Directory SLD to FQDN Cross Forest Migration – Using ADMT tool

---

FRIST ! Some DRY Theory …

What is a Single Label Domain (SLD)?  This is a term that Microsoft uses to describe domains which have only a single name, and no suffix such as “.local” or “.com.”  For example, your Active Directory domain might have a name like “company.local,” but if it were Single Label, it might be just “company.”

The problem is, Single Label Domains fall into a grey area of Microsoft support.  SLD will cause multiple issues when integrating with other applications, and even when performing something simple like joining a new computer (windows 10 for example) to the domain & you need to modify the registry as well. SKype for business will not work SLD and the long list goes on.

---

What is the Active Directory Migration Tool (ADMT)?

The Active Directory Migration Tool (ADMT) is a Microsoft software application that helps you manage and perform the necessary operations to move AD objects. You can move objects within the same domain forest (intraforest) or to a different forest (interforest).

---

Our Story!

Recently we migrated our active directory domain users from Single Label Domain SLD to FQDN. It was cross forest migration & both forest were on same LAN. We were using Lotus Domino Email server on premises & wanted to migrate on Exchange Online (office 365 cloud). To perform the migration , it was strongly recommended by the Microsoft to migrate SLD to FQDN. Our SLD AD domain was running from past 16-17 years started with windows 2000 to 2003 to 2008 to 2012 to 2016, therefore after much planning , we planned the migration , tested it multiple times in virtual labs. There are multiple 3rd party tools available for the smooth migration but for our number of users the estimated cost for tool acquisition was 4 Million+ PkR which was a huge amount, therefore we used the Microsoft free tool called ADMT, which is quite old , BUT still it did the job for us.

I may not be able to write down all details because internet is full of such step by step video tutorials, I will try to provide you details only related to some customization we applied for smoother transition.

Specs used in this guide & few tips to follow before doing ADMT execution

• Source Domain : SLD with Windows Server 2016
• Target Domain  : FQDN on Windows Server 2019
• Workstations : Mostly Windows 10 PRO with multiple builds including v 1909 – OS build 18363.1556 | W10 20H2 OS build 19042.1348
  Note ADMT 3.2 Only support the migration of Operating Systems up to Windows 7, (that doesn’t mean Windows 8 and Windows 10 wont work, it just means they are not supported). Migrating Windows 8 and 10 throws a lot of security translation errors, because of the way it treats ‘Apps’, so I’d recommend you do a LOT of testing before carrying out a live migration.
• ADMT tool version 3.2 : Installed on Target DC
• SQL Server 2008 R2 Express / Version 10.52.4000.0 installed on Target DC
• PSTOOLS library installed on both DC for ease of CMD execution on remote WorkStations/servers
• To migrate machines, the ADMT Admin user needs “Local” administrative access on all the source machines. The easiest way to do this is via group policy, using ‘Restricted Groups’.  This allows you to take a group (or user) and put put them on the local groups (including administrators) of the targeted machines.

  In the OLD domain, create a group and put the ADMT Admin from the target domain in it. (I put the domain admin from the target domain in it as well, to be on the safe side, but that’s up to you).

  It can be done iva opening group policy and navigate to
  Computer Configuration > Policies  >Windows Settings > Security Settings > Restricted Groups
  Add a new one, select the group you have just created > and add it to ‘Administrators’.

• ADMT doesn’t have a rollback function. Be sure before you migrate the objects
• Make sure you have documented all the domain related stuff very well in sheets, Also Ensure you perform at least 1-2 test labs in isolated virtual environments
• If you want to make life easier during migration, DISABLE windows FIREWALL. To perform computer migrations, (and security translations), ADMT needs to deploy an ‘agent’ to the machines in the OLD domain. The local firewall (if enabled) can stop this, I simply disable the users local firewall via GPO to avoid any inconvenience
  It can be done by opening group policy and navigate to
  Computer Configuration >Policies  > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile
  Locate the “Windows Firewall protect all network connections‘ and set it to disabled.
• Enable Remote Registry Key Service on users workstation via GPO. I have also seen the agent fail to deploy if the ‘Remote Registry Service’ is not running on the target machines, (it’s disabled by default in newer version of windows). So I use the GPO policy to turn that on as well on all workstations
  It can be done by opening group policy and navigate to
  Computer Configuration > Polices > Windows Settings > Security Settings > System Services
  Locate the ‘Remote Registry’ service, and set it’s startup to automatic.
• It is recommended to Disable Sleep and Hibernation via GPO

---

Step by Step ADMT

Note: Details can be found over internet as so many guides have already been written & shared

It is assumed that new domain controller is installed along with proper DNS working.

• Supported Operating System : Source/Target must be running Windows Server 2008 or above
• ADMT requires a SQL server to store data, Download & install SQL Express on Target DC > Download Link for SQL Express
• Download & install ADMT tool on Target DC > Microsoft Download Link for ADMT
• Download & install Password Export Service on Source DC > PSE Download Link from Microsoft
  * Create the encryption key for password migration on the source DC and copy it to the target DC. (user password migration) | Install ADMT PW Migration DLL & reboot source DC could be required
• Prepare Active Directory for the migration process. There are two main things to prepare, DNS & a domain trust
  * Create DNS CONDITIONAL FORWARDERS on source/target DC pointing to each other  / Add the DNS suffixes for each domain via GPO. The old domain needs to be able to resolve names in the new domain, and the new domain needs to be able to resolve names in the old domain. To achieve this you need to setup ‘Conditional Forwarding’ in each domain for the other one
  * In addition, we want all machines (in both domains) to set their primary DNS Suffix, to their own domain, and their DNS suffix search list to look for their own domain first, then the other domain. The easiest way to do that is via group policy.  On a domain controller > Administrative Tools > Group Policy Management Console, NAVIGATE To
  Computer Configuration > Policies > Administrative Templates > Network > DNS Client
  Setting: DNS Suffix Search List: Set to current domain ‘comma‘ other domain , Example olddomain.com,newdomain.com
  > Repeat the procedure in the new domain, (but the domain names will be the opposite way round)
• Using, Active Directory Domains and Trusts Tool on source/target DC’s, create two way TRUST
  * You can use below guides to do so , Link#1 – Link#2
• Using ADMT on Target DC, start migrating in following numbering

a) Migrate AD Groups
> There is a sequence for doing this though, there are three types of security groups and they HAVE TO be migrated in the correct order,
First: Universal Groups
Second: Global Groups
Third: Domain Local Groups

b) Migrate AD Users Account

c) Migrate Security translation of COMPUTER

Real World Note ons SID migration: This can take a while, (up to an hour for some machines, Luckily our users had most advance laptops/desktops with SSD’s Flash storage so ma time we saw was 20-25 mnts for heavy data user) and it’s best done without anyone being logged in (to prevent any profiles, or registry hives being locked). So take time to plan when this is done – rush it and you will have problems, and the very users who are too busy to be interrupted, are the very ones that shout the loudest if there’s a problem post migration.
d) Migrate COMPUTER objects in the end which will reboot the client PC upon completion, & then after reboot user can login to NEW domain (its a manual process to select OTHER USERS to see the NEW domain in the list, this is one time & next time windows will remember the last sign_IN, to avoid this manual thing, you can read the full guide in the end)

 

---

Following are few Tips & tricks that we followed or created on the case basis …

Force users to login to NEW domain by using OTHER USER login as by default login option

Once you migrate the user / sid translation & computer migration to new Domain & user PC gets reboot, on next Login user will still see his old domain login screen. In order to login to NEW domain, user have to click on OTHER USER option . This is because windows remembers last signed in USER. [In companies where IT Dept have strong hold on users or management its very easier to just inform all the users via email/contact or other means, but in company were your boss is kind of dept. head is afraid of informing users about change, then you have to follow the long route & in our case we had to do it too.]

• in Source/Target ADUC, we create new OU named “Pre-Migration-Temporary-OU“
• in Source/Target DC, we created new GPO named “Pre-Migration-GPO” in which we set following setting
  Computer Configuration > Policies > Windows Settings > Security Settings > Security Options
  on right pane, we modified below setting
  “Interactive logon: Don’t display last signed-in” >set it to>  *ENABLED*
• On source DC, we moved the user COMPUTER object to “Pre-Migration-Temporary-OU“. AS you know that it generally takes 90 minutes or more on user computer to auto refresh the Gpupdate, therefore for instant update we used PSTOOLs command PSEXEC. Using it  we executed cmd “gpupdate /force” on target user PC.PSEXEC sample CMD:

PsExec.exe \\USER1-PC -u DOMAIN\ADMINISTRATOR -p ADMINPASSWORD cmd "/c gpupdate /force"

• Then on Target NEW DC, using ADMT console, we first moved his user account / SID translation to new DC. Finally we migrated his COMPUTER to NEW DC in “Pre-Migration-Temporary-OU” as target
• Once his Computer migrated & rebooted, the user is now seeing OTHER USER login window (which is by default NEW DOMAIN) , once he logged IN using his username / password to new DOMAIN & he is able to see old settings desktop etc, we then moved his COMPUTER from Pre-Migration-Temporary-OU to COMPUTERS OU on the NEW DC

---

Disabling User Must change password After Next Logon

After the user account was migrated to new domain, it had the following option ENABLED by default

• User must change password after next logon

This was creating problem for us because every user will change password, & as a result he have to change his Lotus Notes / SameTime chat app / Mobile app password too, because lotus notes have SINGLE LOGON option which syncs password from active directory. At the time of migration with hundreds of users & with very limited IT resource, we used following scheduled script to get rid of ti temporarily basis till the migration lasted.

Wrap below CMD in any batch file and schedule it to run every minute

powershell.exe -inputformat none -command "Get-ADUser -Filter * -SearchBase 'OU=MYMAINOU,DC=mydomain,DC=local' | Set-ADUser -ChangePasswordAtLogon:$False"

---

Few issues & there resolutions after user migration 

We Observed few limitations in the migration process

• IBM SAMETIME Password wiped: Not all 3rd party applications settings can be fully migrated, this includes some apps saved password. Example we are using IBM lotus SAMETIME lan chat app, its SAVED password didn’t migrated & user have to open and enter his password & tick on remember/auto login option
• Google chrome settings are not migrated as well. Good part is If the user is logged in to google chrome using his GMAIL account. he can re login & all of his settings will be synced back. but if the user was google chrome as GUEST, then his settings will not be migrated

Missing Profile Problem after user is migrated via ADMT

In some cases, once the user is migrated, his account was showing disabled on NEW DC, (which we didn’t noticed) and once all settings migrated, and user logged in to his PC, his profile was empty like fresh. This created very much hurdles for some executive level users.

If for some reason, if a migrated user gets a NEW FRESH profile (or in other words lost the old profile) you can use the following procedure to re-assign the old profile back to the target account

1. Run Regedit on USER computer
2. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
3. Go through the ProfileList and identify the Source account (OLD PROFILE example user.old.domain). Copy the value from the ProfileImagePath key
4. Again go through the Profile list and identify the Target account example user.new.domain). Paste the ProfileImagePath key value there
5. Restart the user workstation

The ProfileImagePath key will be same value for both Source and Target user accounts. This ensures both source and target users will receive the same profile which is stored under C:\Documents and Settings\UserName. or c:\users\xyz (in new version of windows)

Calculator was missing from windows 10 pc

First try this

Option#1

Reset Calculator’s data

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

DISM /Online /Cleanup-Image /RestoreHealth

Option#2

Type the following 2 commands at the CMD prompt:

powershell

• get-appxpackage *Microsoft.WindowsCalculator* | remove-appxpackage
  Close the CMD window.
• Now you can install the Calculator from Windows store or from the below link:
  https://www.microsoft.com/en-us/store/apps/windows-calculator/9wzdncrfhvn5

Always Wait for the Network link during Login

During the migration we observed that our users desktop/laptops had modern hardware with new generation i7 / SSD-Flash storage & they boots in just few seconds, & user logged in quickly ever before the ethernet/wifi gets IP from the DHCP. This was creating problems in MAPPED NETWORK DRIVE & new group policy implication , which was necessary for the migration & backup process as well in network drive, therefore we enabled the “Always wait for the network at computer startup and logon” using group policy & applied to all users OU’s.

It was located under

• Computer Configuration — Policies — Administrative Templates — System — Logon

This solved our drive mapping issue along with domain WELCOME login script as well which executed few other commands as well like NTP sync, Sangfor Login Script, customized login entry in our central location etc.

When the “Always wait for network at computer startup and logon” policy is enabled, it then refers to the policy for how long it should wait for network connectivity, before dumping the policies and logging the user on with cached credentials. If the “Startup policy processing wait time” is not specified, the default is 30 seconds. If the network is already connected, the computer would log in without waiting further , but would take about 30 seconds if there was no network connectivity (or no DC available).

I set it to to wait 50 seconds for network then continue logging in “GPO Processing wait time”. Default with the setting on is 30 seconds which seemed too short.

 

 

Troubleshooting Locked-out Domain Account with Netlogon Debugging

We are using Windows 2016 based Active Directory Domain Controller (2 of them) in our organization & have configured [powershell based scripts] email alerts on any account locked-out which occurs dueto 3 incorrect login attempts. We have also enabled audit on failed/success login under group policy.

Since yesterday I was receiving frequent email alerts for a user account locked-out which is used on four different oracle servers & the headache was that it had not any CALLING COMPUTER , I tried various tools to track the culprit but failed. Tested all services / task schedulers / saved credentials but no use. I also tried TCPVIEW on all four servers but did not found any nu-usual activities.

Security ID: S-1-5-18
Account Name: DC01$
Account Domain: MYDOMAIN
Logon ID: 0x3e7

Account That Was Locked Out:
Security ID: S-1-5-21-664357565-1371172752-1124750213-14679
Account Name: USERX

Additional Information:
Caller Computer Name: .

---

First lets see Possible causes of account locked-out …

• Mapped drives using old credentials
• Systems using old cached credentials
• Applications using old credentials
• Windows Services using expired credentials
• Scheduled Tasks
• Persistent drive mappings
• Mobile devices using domain services like Exchange mailbox
• Service Accounts using cached passwords
• Scheduled tasks
• Programs using stored credentials
• Misconfigured domain policy settings issues
• Disconnected Terminal Server sessions
• Active Directory delayed or failed replication

I sorted it by first enabling the NETLOGON debug on both Domain Controllers, and then examine both logs side by side closely for an hour using WINTAIL.

Finally I collected the following entries …

03/29 09:52:57 [LOGON] [5076] MYDOMAIN: SamLogon: Transitive Network logon of (null)\VMWARE from (via MYADMINPC) Entered
03/29 09:52:57 [LOGON] [5076] MYDOMAIN: SamLogon: Transitive Network logon of (null)\VMWARE from (via MYADMINPC) Returns 0xC0000064
03/29 09:52:57 [LOGON] [5076] MYDOMAIN: SamLogon: Transitive Network logon of (null)\PRAXIS from (via MYADMINPC) Entered
03/29 09:52:57 [LOGON] [5076] MYDOMAIN: SamLogon: Transitive Network logon of (null)\PRAXIS from (via MYADMINPC) Returns 0xC0000064
03/29 09:53:01 [LOGON] [5076] MYDOMAIN: SamLogon: Transitive Network logon of (null)\NAS from (via MYADMINPC) Entered
03/29 09:53:01 [LOGON] [5076] MYDOMAIN: SamLogon: Transitive Network logon of (null)\NAS from (via MYADMINPC) Returns 0xC0000064
03/29 09:53:01 [LOGON] [2136] MYDOMAIN: SamLogon: Transitive Network logon of (null)\VEEAMSERVER from (via MYADMINPC) Entered
03/29 09:53:01 [LOGON] [2136] MYDOMAIN: SamLogon: Transitive Network logon of (null)\VEEAMSERVER from (via MYADMINPC) Returns 0xC0000064
03/29 09:53:10 [LOGON] [4796] MYDOMAIN: SamLogon: Transitive Network logon of (null)\LENOVO from (via MYADMINPC) Entered
03/29 09:53:10 [LOGON] [4796] MYDOMAIN: NlPickDomainWithAccount: LENOVO: Algorithm entered. UPN:0 Sam:1 Exp:0 Cross: 0 Root:1 DC:0
03/29 09:53:14 [LOGON] [2136] MYDOMAIN: SamLogon: Transitive Network logon of (null)\DBADMIN from (via MYADMINPC) Entered
03/29 09:53:14 [LOGON] [2136] MYDOMAIN: NlPickDomainWithAccount: DBADMIN: Algorithm entered. UPN:0 Sam:1 Exp:0 Cross: 0 Root:1 DC:0
03/29 09:53:14 [LOGON] [2136] MYDOMAIN: SamLogon: Transitive Network logon of (null)\DBADMIN from (via MYADMINPC) Returns 0xC0000064
03/29 09:53:16 [LOGON] [4796] MYDOMAIN: SamLogon: Transitive Network logon of (null)\HARDADMIN from (via MYADMINPC) Entered
03/29 09:53:16 [LOGON] [4796] MYDOMAIN: NlPickDomainWithAccount: HARDADMIN: Algorithm entered. UPN:0 Sam:1 Exp:0 Cross: 0 Root:1 DC:0
03/29 09:53:16 [LOGON] [4796] MYDOMAIN: SamLogon: Transitive Network logon of (null)\HARDADMIN from (via MYADMINPC) Returns 0xC0000064
03/29 09:53:19 [LOGON] [4796] MYDOMAIN: SamLogon: Transitive Network logon of (null)\ADMIN01 from (via MYADMINPC) Entered
03/29 09:53:19 [LOGON] [4796] MYDOMAIN: NlPickDomainWithAccount: ADMIN01: Algorithm entered. UPN:0 Sam:1 Exp:0 Cross: 0 Root:1 DC:0
03/29 09:53:19 [LOGON] [4796] MYDOMAIN: SamLogon: Transitive Network logon of (null)\ADMIN01 from (via MYADMINPC) Returns 0xC0000064
03/29 09:53:19 [LOGON] [4796] MYDOMAIN: SamLogon: Transitive Network logon of (null)\NETWORK from (via MYADMINPC) Entered
03/29 09:53:19 [LOGON] [4796] MYDOMAIN: NlPickDomainWithAccount: NETWORK: Algorithm entered. UPN:0 Sam:1 Exp:0 Cross: 0 Root:1 DC:0
03/29 09:53:19 [LOGON] [4796] MYDOMAIN: SamLogon: Transitive Network logon of (null)\NETWORK from (via MYADMINPC) Returns 0xC0000064
03/29 09:53:22 [LOGON] [2136] MYDOMAIN: SamLogon: Transitive Network logon of (null)\BACKUP from (via MYADMINPC) Entered
03/29 09:53:22 [LOGON] [2136] MYDOMAIN: NlPickDomainWithAccount: BACKUP: Algorithm entered. UPN:0 Sam:1 Exp:0 Cross: 0 Root:1 DC:0
03/29 09:53:22 [LOGON] [2136] MYDOMAIN: SamLogon: Transitive Network logon of (null)\BACKUP from (via MYADMINPC) Returns 0xC0000064
03/29 09:53:22 [LOGON] [2136] MYDOMAIN: SamLogon: Transitive Network logon of (null)\COMMON from (via MYADMINPC) Entered
03/29 09:53:22 [LOGON] [2136] MYDOMAIN: NlPickDomainWithAccount: COMMON: Algorithm entered. UPN:0 Sam:1 Exp:0 Cross: 0 Root:1 DC:0
03/29 09:53:22 [LOGON] [2136] MYDOMAIN: SamLogon: Transitive Network logon of (null)\COMMON from (via MYADMINPC) Returns 0xC0000064 

so it found out that my admin PC was the culprit and then I scanned my admin pc with Malware-Bytes and although it did not detected any critical threat (except for some normal low level cookies etc) but the problem went right away.

I will keep monitoring the logs for next few days & will update here.

In short NETLOGON Debugging saved my Day !

---

Command to enable NETLOGON DEBUG

netlogon.log Log Location:

C:\Windows\debug\netlogon.log

To enable LOG, issue following CMD on on Domain Controller CMD

nltest /dbflag:0x2080ffff

It will start logging the file right away (at least in server 2016 I saw it happened immediately without needing of netlogon service restart)

When your task is finished, disable NetLogon Logging with below command:

nltest /dbflag:0x0

Note: You may disable NETLOGON logging after resolved the issues to avoid server performance issue

You may want to look into Microsoft message analyzer as well. read it here

https://blogs.technet.microsoft.com/askpfeplat/2015/08/02/diving-into-the-netlogon-parser-v3-5-for-message-analyzer/

Note: to test share using another user,
runas /u:DOMAIN\username notepad

---

Regard’s
Syed Jahanzaib

 

Unable to access Windows 2003 shared folder from Windows 10

---

We have some folders shared on old windows 2003 box, while trying to access them from windows 10 workstation, we are seeing following error …

 

In Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3) and later versions, the Server Message Block version 1 (SMBv1) network protocol is no longer installed by default. To enable it ,

Start powershell with privilege mode (on your windows 10 workstation) by >

Open CMD in privilege mode, and start powershell 

powershell

Now get status of ​SMB1Protocol

Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol

Probably it will be in Disabled State, change it to enable using following cmd,

Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

Afterwards, it may ask you to reboot machine, Do it to restart so that changes can take effect.

Status after enabling SMB1Protocol

PS C:\> Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol

FeatureName : SMB1Protocol
DisplayName : SMB 1.0/CIFS File Sharing Support
Description : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer Browser protocol.
RestartRequired : Possible
State : Enabled
CustomProperties :
ServerComponent\Description : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer
Browser protocol.
ServerComponent\DisplayName : SMB 1.0/CIFS File Sharing Support
ServerComponent\Id : 487
ServerComponent\Type : Feature
ServerComponent\UniqueName : FS-SMB1
ServerComponent\Deploys\Update\Name : SMB1Protocol

---

Now try to access windows 2003 sharing folder & hopefully it will work fine.

---

Disable SMB v1 in Windows

Open powershell cmd, and issue

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force

Disable SMB1 using Windows registry

You can also tweak the Windows Registry to disable SMB1.

Run regedit and navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

In the right side, the DWORD SMB1 should not be present or should have a value of 0.

The values for enabling and disabling it are as follows:

0 = Disabled
1 = Enabled

---

Regard’s
Syed Jahanzaib

24.918426 67.004826

Tracking Account Lockout Source in Active Directory

Following are some short reference notes to MYSelf on how to trace account lockout in active directory environment’. An audit policy must be set on all computers and domain controllers.

Scenario:

We are running two domain controller and some times account lock out issue appears at user end. To trace which workstation is the fault point we use different methods to sort it.

---

1# Examine Domain Controllers Event Viewer

open Event Viewer on the DC, and goto Security tab, right click and select Filter Current Log, in <All Event ID> type 4740 & hit Ok. and you will see details for the offending account/workstation.

---

2# Use Powershell Scripts

2a) Trace offending account/workstations using single liner PS cmd …

You can also use powershell to get event log information for account lockouts events …

Get-Eventlog –ComputerName ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).FindDomainController() “Security” -InstanceID “4740” -Message *”USERNAME”* | Format-List Timegenerated, Message

Result:

TimeGenerated : 10/2/2018 9:37:34 AM
Message : A user account was locked out.
Subject:
Security ID: S-1-5-18
Account Name: DC01$
Account Domain: MYDOMAIN
Logon ID: 0x3e7
Account That Was Locked Out:
Security ID: S-1-5-21-664357565-1371172752-1124750213-14855
Account Name: testid
Additional Information:
Caller Computer Name: UNKNOWN-PC

2.b#) PS Script to fetch information from all DC

Read following guide

https://silentcrash.com/2018/06/using-powershell-to-trace-the-source-of-account-lockouts-in-active-directory/

in privilege powershell command prompt, create new script as below …

#script written by Alexandre Almeida
# for get user Account Lockout Host name, or ENTER to get all list
$username = Read-Host "Please Enter the Locked User Name: "

$DCCounter = 0
$LockedOutStats = @()

Try
{
Import-Module ActiveDirectory -ErrorAction Stop
}
Catch
{
Write-Warning $_
Break
}

#Get all domain controllers in domain
$DomainControllers = Get-ADDomainController -Filter *
$PDCEmulator = ($DomainControllers | Where-Object {$_.OperationMasterRoles -contains "PDCEmulator"})

Write-Verbose "Finding the domain controllers in the domain"
Foreach($DC in $DomainControllers)
{
# $DCCounter++
# Write-Progress -Activity "Contacting DCs for lockout info" -Status "Querying $($DC.Hostname)" -PercentComplete (($DCCounter/$DomainControllers.Count) * 100)
Write-Verbose "Finding the Which domain controllers Authenticate the Password"
Try
{
$UserInfo = Get-ADUser -Identity $username -Server $DC.Hostname -Properties LastLogonDate -ErrorAction Stop
Write-Verbose "Bad Password Attempt count collected"
}
Catch
{
# Write-Warning $_
Continue
}
If($UserInfo.LastBadPasswordAttempt)
{
$LockedOutStats += New-Object -TypeName PSObject -Property @{
Name = $UserInfo.SamAccountName
SID = $UserInfo.SID.Value
LockedOut = $UserInfo.LockedOut
BadPwdCount = $UserInfo.BadPwdCount
BadPasswordTime = $UserInfo.BadPasswordTime
DomainController = $DC.Hostname
AccountLockoutTime = $UserInfo.AccountLockoutTime
LastLogonDate = ($UserInfo.LastLogonDate).ToLocalTime()
}
}#end if
}#end foreach DCs
$LockedOutStats | Format-Table -Property Name,LockedOut,DomainController,BadPwdCount,AccountLockoutTime,LastBadPasswordAttempt -AutoSize

#Get User Info
Try
{
Write-Verbose "Querying event log on $($PDCEmulator.HostName)"
Write-Verbose "Collecting Event Log"
$LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName -FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending
}
Catch
{
Write-Warning $_
Continue
}#end catch

Foreach($Event in $LockedOutEvents)
{
If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
{

$Event | Select-Object -Property @(
@{Label = 'User'; Expression = {$_.Properties[0].Value}}
@{Label = 'DomainController'; Expression = {$_.MachineName}}
@{Label = 'EventId'; Expression = {$_.Id}}
@{Label = 'LockedOutTimeStamp'; Expression = {$_.TimeCreated}}
@{Label = 'Message'; Expression = {$_.Message -split "`r" | Select -First 1}}
@{Label = 'LockedOutLocation'; Expression = {$_.Properties[1].Value}}
)
Write-host $_.MachineName

}#end ifevent

}#end foreach lockedout event
Write-Verbose "Collected Details Update in the Text File. Please find the Text file for More Details"

echo "Cache Profile Removal Steps
1) Open Control Panel > Credential Manager > Remove all Saved Password.
2) Remove passwords by clicking on Start => Run => type (rundll32.exe keymgr.dll KRShowKeyMgr) without quotes and then delete the Domain-related passwords;
3) Remove passwords in Internet Explorer => Tools => Internet Options =>Content => Personal Information => Auto Complete => Clear Passwords;
4) Delete cookies in Internet Explorer => Tools => Internet Options =>General;
5) Disconnect (note the path before disconnecting) all networks drives, reboot, then map them again;
6) Start -> run ->type control userpasswords2 without quotes and go to advanced -> Manage passwords and remove all the stored passwords.
7) Reconfigure Your mobile Setting if your Active sync enabled.
8) Check if any saved or scheduled task is configured for user account

Microsoft Kwoledge Bytes Link for Cache profile Removal Steps:

https://social.technet.microsoft.com/Forums/windows/en-US/ced8eab6-87e2-4d20-9d18-7aaf5e9713a3/windows-7-clear-cached-credentials"

Result:

PS C:\temp> .\test2.ps1
Please Enter the Locked User Name: : testid

User : testid
DomainController : DC01.MYDOMAIN
EventId : 4740
LockedOutTimeStamp : 10/2/2018 9:54:35 AM
Message : A user account was locked out.
LockedOutLocation : UNKNOWN-PC

---

3) More Information:

https://activedirectorypro.com/account-lockout-tool/

https://blogs.technet.microsoft.com/heyscriptingguy/2011/08/31/use-powershell-to-find-locked-out-user-accounts/

Email Account Lockout
https://community.spiceworks.com/how_to/11824-email-account-lock-out-notification

 

SystemState Backup failing under Windows Server 2016

We recently migrated our domain controller to Windows server 2016 edition. the DC is virtualized under vmware esxi 6.5 with vmware tools ver 10.1.x. I have schedule systemstate backup by using wbadmin command line tool. Example:

wbadmin start systemstatebackup -backuptarget:d: -quiet

After migration to 2016, I observed following error …

Error in backup of C:\windows\\systemroot\ during enumerate: Error [0x8007007b] The filename, directory name, or volume label syntax is incorrect.

After some searching , we found that this error is related to vmware tools version 10.1.x which sets incorrect path for some driver location.

To exactly find what file is causing, use following

• Open command prompt [Run as Administrator] , type below and press ENTER.

DiskShadow /L writers.txt

The prompt will point to DISKSHADOW>
Now Type

list writers detailed
and press ENTER

After a while, this will list all of the writers and affected volumes. After completion, EXIT.

Open the writers.txt file in notepad or any text editor, then a search for windows\\ text , it should find the following:
File List: Path = c:\windows\\systemroot\system32\drivers, Filespec = vsock.sys
So the culprit was VSOCK.SYS To sort this we need to correct the path in the windows REGISTRY.

Run REGEDIT , then navigate to

HKLM\SYSTEM\CurrentControlSet\Services\vsock

Then change the ImagePath value string data from the incorrect

\systemroot\system32\DRIVERS\vsock.sys
to
System32\DRIVERS\vsock.sys
As showed in the image below …
BEFORE …

AFTER …


No need to reboot/log off. Simply run the backup again & this time you should see SUCCESSFUL report.



July 2022 Updates:
at one of our domain controller (server 2019) backup file via batch file was failing for 2 reasons.
a) I made an script which do systemstate export (using daily task scheduled as RUN WETHER USER IS LOGGED IN OR NOT), then using WINRAR CMD , it rars the d:\windowsimagebackup file to current date (dc_currentdate.rar) file, and copy it to file server backup folder. Rar was failing for some reason and the task scheduler was always showing TASK IS RUNNING. since the task was running in background, therefore RAR was stuck because it require to press OK button, which is not possible if its running in background. therefore I did following,
when the backup script starts, it first kills any existing WINRAR session, then it deletes any existing D:\windowsimagebackup folder, then it starts backup which then worked fine.
Noting it down here for personnel future reference.
sample backup file which do AD and DHCP Backup.

:: @echo off
echo "%date% %time% script started" > c:\backup\ad_sysstate_bkp_log.txt
::::::::::::::::::::::::::::::::::::::::::
:: MYCOMPANY.AD.LOCAL DC BACKUP SCRIPT
::::::::::::::::::::::::::::::::::::::::::
set srvname=MYCOMPANY.AD.LOCAL
set ROLE=AD
set FILESRV=FILESERVER
set DATAPARK=\\%FILESRV%\DataPark
set description=%srvname% - Daily Status of %ROLE% Backup Data Copied in %FILESRV%
set jobname=%srvname% - Daily Status of %ROLE% Backup Data Copied in %FILESRV%
set attachment=c:\backup\%srvname%__backup.log
set mail-subject=%srvname% - Daily Status of %ROLE% Backup Data Copied in %FILESRV%
set mail-body=%srvname% - Daily Status of %ROLE% Backup Data Copied in %FILESRV%
set mail-to=zaib@mycompany.com
set FILESRVBKPFOLDER=\\FILESERVER\DataPark\MYCOMPANY.AD.LOCAL
set footer=%srvname% %ROLE% Automated Backup and Email Logs Script Created by zaib Ltd. IS Dept. / Syed Jahanzaib
set BKP_FOLDER=D:\WindowsImageBackup
:: DELETING OLDER WINDOWS BACKUP
taskkill /F /IM winrar.exe
rd /s /q %BKP_FOLDER%
set RAR_BKP_FOLDER=D:\%srvname%_RAR_BKP_FOLDER
set DHCP_BKP_FOLDER=D:\dhcp_backup
if not exist c:\backup mkdir c:\backup
if not exist %FILESRVBKPFOLDER% mkdir %FILESRVBKPFOLDER%
if not exist %DHCP_BKP_FOLDER% mkdir %DHCP_BKP_FOLDER%
if not exist %BKP_FOLDER% mkdir %BKP_FOLDER%
if not exist %RAR_BKP_FOLDER% mkdir %RAR_BKP_FOLDER%
if exist %attachment% del /f %attachment%
:: if exist net use /delete t:
:: if not exist t: net use T: %DATAPARK%
set DAYS=-5
set FILECOUNT=5
set cnt1=0
set cnt2=0
set EXT1=rar
set CUR_YYYY=%date:~10,4%
set CUR_MM=%date:~4,2%
set CUR_DD=%date:~7,2%
set CUR_HH=%time:~0,2%
if %CUR_HH% lss 10 (set CUR_HH=0%time:~1,1%)
set CUR_NN=%time:~3,2%
set CUR_SS=%time:~6,2%
set CUR_MS=%time:~9,2%
set FINAL_RAR_FILE_NAME=%srvname%__AD_BKP_%CUR_YYYY%%CUR_MM%%CUR_DD%-%CUR_HH%%CUR_NN%%CUR_SS%.rar
:: echo %FINAL_RAR_FILE_NAME%
:: goto :EOF
IF EXIST "%ProgramFiles(x86)%\WinRAR" (
SET pth="%ProgramFiles(x86)%\WinRAR"
)
IF EXIST "%ProgramFiles%\WinRAR" (
SET pth="%ProgramFiles%\WinRAR"
)
FOR /F "skip=1 tokens=1-6" %%A IN ('WMIC Path Win32_LocalTime Get Day^,Hour^,Minute^,Second /Format:table ^| findstr /r "."') DO (
set Milisecond=%time:~9,2%
set Day=%%A
set Hour=%%B
set Minute=%%C
set Second=%%D
)
set /a Start=%Day%*8640000+%Hour%*360000+%Minute%*6000+%Second%*100+%Milisecond%

:: PUT COMMANDS HERE
echo "Now Running DHCP Backup script to copy DHCP DB to file server folder ..."
netsh dhcp server export %DHCP_BKP_FOLDER%\MYCOMPANY.AD.LOCAL_DHCP_Backup_%date:~-10,2%-%date:~-7,2%-%date:~-4,4%---%time:~0,2%-%time:~3,2%.txt all
robocopy /s /e /w:0 /r:0 /FP %DHCP_BKP_FOLDER% %FILESRVBKPFOLDER%\dhcp_backup
echo Now starting %srvname% %ROLE% backup using wbadmin command ...
wbadmin start systemstatebackup -backuptarget:d: -quiet

for %%I in (%BKP_FOLDER%) do %pth%\winrar A -m0 -r -df "%RAR_BKP_FOLDER%\%FINAL_RAR_FILE_NAME%" "%%I"
echo
echo ***** NOW COPYING %srvname% BACKUP DATA TO %FILESRVBKPFOLDER%\AD
echo **************************************************
robocopy /E /S /w:0 /r:0 %RAR_BKP_FOLDER% %FILESRVBKPFOLDER%\AD

echo "Deleting OLD Backup Folder older then %DAYS% days - - - - - -- - - - - - - - -- - - - - -"
:: if not exist %BKP_FOLDER% goto del_rar_files

for /f %%A in ('dir %RAR_BKP_FOLDER% *.%EXT1%^| find "File(s)"') do set cnt1=%%A
if %cnt1% gtr %FILECOUNT% (
echo *.%EXT1% Files Older then %DAYS% days from %RAR_BKP_FOLDER% will be deleted ...
powershell -COMMAND "Get-ChildItem -Path %RAR_BKP_FOLDER%\ -Include *.%EXT1% -Recurse | where-object {$_.lastwritetime -lt (get-date).adddays(%DAYS%)} | Remove-Item -Force"
) else (
echo *** %EXT1% files count in %RAR_BKP_FOLDER% is %cnt1% which is less then %FILECOUNT% number threshold so no deletion required
)

for /f %%A in ('dir %FILESRVBKPFOLDER%\AD *.%EXT1%^| find "File(s)"') do set cnt2=%%A
if %cnt2% gtr %FILECOUNT% (
echo *.%EXT1% Files Older then %DAYS% days from %FILESRVBKPFOLDER%\AD will be deleted ...
powershell -COMMAND "Get-ChildItem -Path %FILESRVBKPFOLDER%\AD -Include *.%EXT1% -Recurse | where-object {$_.lastwritetime -lt (get-date).adddays(%DAYS%)} | Remove-Item -Force"
) else (
echo *** %EXT1% files count in %FILESRVBKPFOLDER%\AD is %cnt1% which is less then %FILECOUNT% number threshold so no deletion required
)

FOR /F "skip=1 tokens=1-6" %%A IN ('WMIC Path Win32_LocalTime Get Day^,Hour^,Minute^,Second /Format:table ^| findstr /r "."') DO (
set Day=%%A
set Hour=%%B

set Minute=%%C
set Second=%%D
)
set Milisecond=%time:~9,2%
set /a End=%Day%*8640000+%Hour%*360000+%Minute%*6000+%Second%*100+%Milisecond%
set /a Diff=%End%-%Start%
set /a DiffMS=%Diff%%%100
set /a Diff=(%Diff%-%DiffMS%)/100
set /a DiffSec=%Diff%%%60
set /a Diff=(%Diff%-%Diff%%%60)/60
set /a DiffMin=%Diff%%%60
set /a Diff=(%Diff%-%Diff%%%60)/60
set /a DiffHrs=%Diff%

:: format with leading zeroes
if %DiffMS% LSS 10 set DiffMS=0%DiffMS!%
if %DiffSec% LSS 10 set DiffMS=0%DiffSec%
if %DiffMin% LSS 10 set DiffMS=0%DiffMin%
if %DiffHrs% LSS 10 set DiffMS=0%DiffHrs%

echo The Domain Controller %srvname% Backup Report > %attachment%
echo.>> %attachment%
echo The Backup Script took %DiffHrs% Hours, %DiffMin% Mnts, %DiffSec% Secs >> %attachment%
echo.>> %attachment%
echo Following Backup folders are now available in DATAPARK - %FILESRVBKPFOLDER%\AD >> %attachment%
echo.>> %attachment%
echo AD System State Backup copied in %FILESRVBKPFOLDER%\AD Folder >> %attachment%
echo.>> %attachment%
dir %FILESRVBKPFOLDER%\AD >> %attachment%
echo.>> %attachment%
echo.>> %attachment%
echo %footer% >> %attachment%
c:\blat\blat.exe %attachment% -to %mail-to% -i %srvname% -s "%mail-subject%"
:EOF
echo %footer%


Regard’s

Syed Jahanzaib
	

WSUS 2016 – Short Notes

Recently we upgraded our infrastructure from windows 2003/2008 to 2016 servers. We have 2 DC’s on 2003/2008 and migrated them to 2016, afterwards when we added WSUS, it had many issues and it took almost 8-10 days to sort every thing. the reason why it took so many time that I tried my best NOT to re install the windows server again because this server was activated with valid license and we had limited license count on MS portal. Fixing messed up windows is far more time take taken process but yes you learn lot of new things in fixing old one, even if its not able to sort out.

I am adding few of the most annoying issues and there methods to sort them in this post. I will keep posting more.

---

1# Remove WSUS completely from 2016 Server

Sometimes when all sort of troubleshooting fails to restore WSUS, its better to install Fresh Windows, and add WSUS again. But in my case, this server was hosting WDS also & I really didn’t wanted to re install server OS (also to avoid licensing increment count on Microsoft Portal as we have limited license counts).

Following are steps to remove WSUS completely,

1. Remove WSUS / IIS / Windows Internal Database (WID) Roles, (If you don’t remove the WID role and its files on a reinstall, it will re-attach to the same database)
2. Reboot the server
3. Now Remove following Folders
   C:\WSUS (or where ever the WSUSContent folder resides)
   C:\inetpub folder
   C:\Program Files\Update Services
   C:\Windows\WID
   C:\windows\system32\inetsrv  [Or rename this folder]
4. Restart the server
5. Re-add the WSUS And WID Roles (It will auto add the IIS role auto)
6. Let it install, and then restart the Server again.
7. Launch the WSUS console,

 

---

2# Post install Fatal Error: WsusPool does not exist

Please check the IIS, check Application Pools, check for WsusPool entry. If it’s not there, Add it manually as showed in the image below …

then run post-installation step again.

---

3# MMC console crashing

In one particular situation, when I added the WSUS role again, I was getting following error whenever I tried to open WSUS console …

Since it was not a real production server, therefore I removed the WSUS (following all steps showed in Point # 1 of this guide, then executed

sfc /scannow

afterwards a reboot , & WSUS MMC worked well 🙂

---

4# Identify & approved required updates only

For good overview, read following

https://www.tecknowledgebase.com/43/how-to-identify-and-decline-superseded-updates-in-wsus/

.

24.917606 67.004826

Windows Server 2016 – Reference Notes

Today when I was trying to enable SNMP feature or adding IIS service, getting above error. This is how I sort it.

Open Registry, navigagte to

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP

Check the the Start Parameter , which maybe set to ‘4’ (disabled)

Change the value to ‘3’ and reboot, then try to add the features, & Insha allah it will work.

 

 

---

1- Start Button Doesn’t Works !

When you click on Start button, it doesn’t popup.

• Press Windows+RUN , and type

ms-settings:personalization-start

Uncheck following two options,

1. Show more tiles
2. Use start full screen

 

That’s it !

---

2- Show icons on Desktop

Right click on Desktop

Select Personalize

Select Themes

On Right Window, Click on Desktop Icon Settings

If you receive following error

then you have to enable following setting in Domain controller default group policy policy, reboot client to take changes immediately or gpupdate /force

---

3- Windows 2016 Standard Desktop Activation not working

For some reasons , activation did not worked via GUI, therefore I used the CMD (with Admin rights)

slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXX

---

 

 

Windows 10 Pro Build 1803 unable to join 2008/2003 Domain

---

Scenario:

Active Directory Domain Controller

• Domain Controller 1 = Windows 2008 R2
• Domain Controller 2 = Windows 2003 R2
• Domain Name = MYCOMPANY (Single Label Domain)
• Functional Level > Windows Server 2003

Clients:

• Mix of Windows 7 Pro / Windows 10 / Windows 2008

---

Problem #1

Recently we downloaded latest build of Windows 10 Pro Edition 1803. After its deployment on client, we tried to join one test PC to the company domain but failed to do so with below error …

 

Ac active directory domain controller (AD DC) for the domain "MYCOMPANY" could not be contacted.
Ensure that the domain name is typed correctly.

Previous version of windows 10 were already joined with the domain properly. but only this new build version 1803 is not able to join domain. I can ping domain controller names via effected clients. nslookup working ok.

---

Workaround:

Proper Solution:

• If you are using Single Label Domain , then rename it with full FQDN naming. joinging with full FQDN will sort the issue.
• Upgrade 2003 DC’s to 2008 at least and raise functional level to Windows 2008,
  Or better to move to Windows 2012/2016 DC.

but if above suggestions are not doable like in my case, then follow below workaround as a temporary workaround,

Edit registry and add AllowSingleLabelDnsDomain . Full details as below ,

Open REGEDIT 

Find this subkey

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Locate this > AllowSingleLabelDnsDomain.

If the key AllowSingleLabelDnsDomain does not exist, then create , New  DWORD (32 bit)

• DWORD Key Name: AllowSingleLabelDnsDomain

Double click AllowSingleLabelDnsDomain

Set the Value to 1

• AllowSingleLabelDnsDomain > 1

Exit regedit

Reboot Windows 10

Now try to join the AD domain.

Hopefully it will work, At least in my case it did 🙂

---

Problem #2

SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions

Open CMD (with Admin Rights)

Open Powershell by powershell command

& issue following command

Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

Detect:	Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol
Disable:	Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Enable:	Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

More information here,

https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and

---

Regard’s
Syed Jahanzaib

Microsoft Products Short Notes – Personnel References

This post contains short notes / Tips for personal references, These are common task that we perform on daily basis in out IT slavery environment!

Regards
Syed Jahanzaib

---

Event Viewer Codes for various Login Sessions:

Dameware:

Event ID: 111
Description: When any remote user is connected to the system via DAMEWARE MINI REMOTE CONTROL applicaiton

Event ID: 112
Description: When any already connected remote user is disconnected

Windows RDP:

Event ID: 21,22,23,24,25

More Details can be found at Event Viewer > Applications & Services Logs > Microsoft > Windows > TerminalServices-LocalSessionManager — OPERATIONAL

You can make your customized scripting based on above Events 🙂

 

---

Find Reason/time of Windows Shutdown/Restart

To find out the reason

• Login to Windows
• Launch the Event Viewer (or type eventvwr in run)
• In the event viewer console expand Windows Logs
• Click System and in the right pane click Filter Current Log

In the Filter Current log box, use below EVENT ID’s number as the event ID. This will filter the events and you will see events only with mentioned ID’s

• Event ID 6005 (alternate): “The event log service was started.” This is synonymous to system startup.
• Event ID 6006 (alternate): “The event log service was stopped.” This is synonymous to system shutdown.
• Event ID 6008 (alternate): “The previous system shutdown was unexpected.” Records that the system started after it was not shut down properly.
• Event ID 6009 (alternate): Indicates the Windows product name, version, build number, service pack number, and operating system type detected at boot time.
• Event ID 6013: Displays the uptime of the computer. There is no TechNet page for this id.

• Event ID 1074 (alternate): “The process X has initiated the restart / shutdown of computer on behalf of user Y for the following reason: Z.” Indicates that an application or a user initiated a restart or shutdown.
• Event ID 1076 (alternate): “The reason supplied by user X for the last unexpected shutdown of this computer is: Y.” Records when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence.

To differentiate between power loss and a reboot due to bugcheck, look for combination of Event ID 41 (source: Microsoft-Windows-Kernel-Power) and Event ID 1001: (source: BugCheck). Former without the latter indicates power loss or reset. –

In the Includes/Excludes event ID’s input field in the Filter Current Log window, You can enter “6005, 6006, 6008, 6009, 6013, 1074, 1076” and it can give you helpful information all together.

You can also probably add Kernel-General with eventid 12, which is typically the first eventid to be logged after a reboot/reset etc and shows the actual “system start time”, i.e.: “The operating system started at system time xxxx‎-xx‎-xxTxx:xx:xx.xxxxxxxxxZ.”

POWERSHELL CMD to find reboot shutdown reasons

The proposed solution is a one-liner Powershell script:

Get-EventLog -LogName System |? {$_.EventID -in (6005,6006,6008,6009,1074,1076)} | ft TimeGenerated,EventId,Message -AutoSize –wrap

---

Domain joined Workstation Rename Error

 

Today When our IT Support personnel was trying to rename user computer name which was joined with the domain, got above error

To sort this issue we had to run this cmd (RUN AS ADMIN CMD)

net use * /d
net stop workstation /y
net start workstation

Afterwards the rename process went smoothly.

Windows 10 – Add / Disable,Enable Folder in Startup Menu

• Add program in Windows 10 startup folder

RUN

shell:startup

now copy shortcut of your program in this folder, and it will run on windows startup

• To disable enable program at startup

Right click on TASK MANAGER / STARTUP

---

Powershell PSTerminalServices module

This module helped to see who is logged on remote pc via RDP with client ip/name

First download the module from here ….

then import it in powershell. make sure to run powershell RUN as admin.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Get-Module -Name PSTerminalServices -ListAvailable
Import-Module PSTerminalServices
Get-Command -Module PSTerminalServices

# Gets all Active sessions from remote computer ‘comp1′, made from IP addresses that starts with ’10’.

Get-TSSession -ComputerName ZAIBPC

OR

Get-TSSession -ComputerName comp1 -Filter {$_.ClientIPAddress -like '10*' -AND $_.ConnectionState -eq 'Active'}

MORE COMMANDS

# Logs off all the active sessions from remote computer 'comp1', no confirmations
Get-TSSession -ComputerName comp1 -State Active | Stop-TSSession –Force

# Displays a message box inside all active sessions of computer name 'comp1'."}
PS > $Message = "Importnat`n, the server is going down for maintenance in 10 minutes. Please save your work and logoff."
PS > Get-TSSession -State Active -ComputerName comp1 | Send-TSMessage -Message $Message

# Gets all processes connected to session id 0 from remote computer 'comp1'.
PS>Get-TSSession -ID 0 -ComputerName comp1 | Get-TSProcess

Find UPTIME of remote PC

SystemInfo /s ZAIBPC | find "Boot Time:"

---

Check motherboard version

wmic baseboard get product,Manufacturer,version,serialnumber

---

PSTOOLS Related

.

Adding Local Account in remote workstation with PSTOOLS

If you are domain admin, and wanted to add local account in remote client workstation, then use pstools’s psexec 

psexec.exe \\target-pc net user /add USERNAME  USERPASSWORD
psexec.exe \\target-pc net net localgroup administrators USERNAME /add

# PSLOGGEDON COMMANDS
To check which user is logged on remote pc,

psloggedon \\remotepc

# PSEXEC COMMANDS

– To execute any command on remote pc like

psexec \\remtotepc ipconfig

OR update group policy on remote PC

PsExec.exe \\REMOTEPC -u DOMAIN\ADMINISTRATOR -p PASSWORD cmd "/c gpupdate /force"

• Check network configuration and find IP address only,

PsExec.exe \\REMOTEPC ipconfig|findstr /i "IPv4"

– To open COMMAND prompt of remote user

psexec \\remotepc cmd

-Interacting with the Logged On User on the Remote PC

psexec \\remotepc -d -i notepad

# PSINFO COMMANDS
Getting general info with disk info as well

psinfo -d \\remotepc

# PSLIST COMMANDS

pslist \\remotepc

# PSKILL COMMANDS
– Kill remote pc program

pskill \\remotepc notepad

to query time

net time \\REMOTEPC

To change time on remote pc with domain server agpinf05

PsExec.exe \\REMOTEPC -u DOMAIN\ADMIN -p PASS cmd "/c net time \\DC /set /y"

Change IP configuration of remote PC to obtain IP via DHCP

psexec \\REMOTEPC cmd
ipconfig

Then note down the required interface name and issue following command,

• Check current Config

netsh interface ip show config

• EXPORT current settings

netsh -c interface dump > c:\location1.txt 

• Set Manual IP

netsh interface ip set address name="Local Area Connection" static 192.168.0.100 255.255.255.0 192.168.0.1

• Change IP settings from STATIC to DHCP

netsh interface ip set address "Local Area Connection" dhcp

---

Batch file to change setting of network adapters to obtain IP from DHCP

Make sure to change adapter names to match your’s …

@echo off
echo Setting IP Address to AUTO DHCP [Office DHCP Server by syed.jahanzaib]...
netsh interface ip set address name="Local Area Connection" source=dhcp
netsh interface ip set dns "Local Area Connection" source=dhcp
netsh interface ip set address name="Wireless Network Connection" source=dhcp
netsh interface ip set dns "Wireless Network Connection" source=dhcp
echo Done....

---

Command to change IP via CMD

netsh interface ip set address name=”Local Area Connection” static 192.168.0.1 255.255.255.0 192.168.0.254
netsh interface ip set dns name=”Local Area Connection” static 192.168.0.250
netsh interface ip add dns name=”Local Area Connection” 8.8.8.8 index=2

---

Check Remote PC OS version & other details by CMD

systeminfo /s \\REMOTEPCNAME
# OR
systeminfo /s \\REMOTEPCNAME|findstr /i "host OS "

Result:

C:\>systeminfo /s \\syed_jahanzaib

Host Name: SYED_JAHANZAIB
OS Name: Microsoft Windows 7 Professional
OS Version: 6.1.7601 Service Pack 1 Build 7601
OS Manufacturer: Microsoft Corporation
OS Configuration: Member Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Syed Jahanzaib
Registered Organization:
Product ID: xxxxxx-005-xxxx-xxxx
Original Install Date: 4/11/2017, 1:14:44 PM
System Boot Time: 6/19/2018, 7:44:47 AM
System Manufacturer: INTEL_
System Model: DH77KC__
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 58 Stepping 9 GenuineIntel ~3392 Mhz
BIOS Version: Intel Corp. KCH7710H.86A.0069.2012.0224.1825, 2/24/20
12
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC+05:00) Islamabad, Karachi
Total Physical Memory: 8,090 MB
Available Physical Memory: 2,450 MB
Virtual Memory: Max Size: 16,178 MB
Virtual Memory: Available: 10,455 MB
Virtual Memory: In Use: 5,723 MB
Page File Location(s): C:\pagefile.sys
Domain: DOMAIN1
Logon Server: \\DOMAIN_DC
Hotfix(s): 187 Hotfix(s) Installed.
...........................
Network Card(s): 3 NIC(s) Installed.
[01]: Intel(R) 82579V Gigabit Network Connection
Connection Name: DOMAIN - LAN
DHCP Enabled: No
IP address(es)
[01]: 192.168.100.100
[02]: 192.168.50.10
[03]: 192.168.8.23
[02]: VMware Virtual Ethernet Adapter for VMnet1
Connection Name: VMware Network Adapter VMnet1
DHCP Enabled: No
IP address(es)
[01]: 169.254.97.149
[02]: fe80::ad90:fdcb:3f81:6195
[03]: VMware Virtual Ethernet Adapter for VMnet8
Connection Name: VMware Network Adapter VMnet8
DHCP Enabled: No
IP address(es)
[01]: 169.254.80.235
[02]: fe80::5598:be9:b61d:50eb

C:\>

---

DCHP Related ! [Tested with W2008]

DHCP is running on windows 2008 server, IP is 192.168.0.1

#DCHP BACKUP
netsh dhcp server 192.168.0.1 dump > c:\dhcpoutput.txt all

#DHCP DELETE OLD SCOPE
netsh dhcp server delete scope 192.168.0.0 dhcpfullforce

#DHCP IMPORT
[Disable DHCP Service before import]
netsh dhcp server import c:\tools\dhcpoutput all

#DHCP DISABLE
netsh dhcp server 192.168.0.1 scope 192.168.0.0 set state 0

---

Disable Internet Explorer Proxy via CMD

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

---

Clear cache in windows

ipconfig /flushdns
net stop dnscache
net start dnscache

---

Event ID

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j

---

Excel 2010 showing Blank Sheet

in Excel 2010 , When you open any excel sheet,( any particular, either yours or sent to you by some one else , it appears blank sheet

This may also occur if your computer’s screen resolution is higher than that of the person who last saved the workbook.

In Excel 2010, go to the View tab.

Select the ‘Arrange All’ button, then choose to Cascade.

OR

Excel 2010
opening blank sheets

ctrl+shift and open file
or its related with MACRO, run macro

---

Display printers list installed on Remote PC

Get-WMIObject Win32_Printer -ComputerName REMOTE_PC_NAME

---

CHECK OS COMPUTER OF REMOTE COMPUTER

Get-WmiObject Win32_OperatingSystem -ComputerName "YOURPCNAME" | Select PSComputerName, Caption, OSArchitecture, Version, BuildNumber | FL

---

GET LIST OF INSTALLED PRODUCTS ON REMOTE PC

POWERSHELL

Get-WmiObject -Class Win32_Product -Computer MYPCNAME

---

Display Motherboard model via CMD

- To find Board number of local pc
wmic baseboard get product,Manufacturer,version,serialnumber

- To find Board number of remote pc
wmic /node:"remotepc" baseboard get product,Manufacturer,version,serialnumber

- To find remote pc Architechture liek 32bit or 64bit
wmic /node:"remotepc" os get osarchitecture

---

Adding Static Routes in Windows via CMD

Adding route for single host

route -p ADD 10.1.1.12 MASK 255.255.255.255 101.11.11.4 METRIC 1 IF 11

Notes:

To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

To make a static route persistent, you can either enter route add commands in a batch file that is run during system startup or use the -p option when adding routes.

Routes added by using the -p option are stored in the registry under the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip \Parameters\PersistentRoutes

---

Windows 7 Temporary profile Issue:

How to Fix Temporary Profile in Windows 7/ 8.1/10

---

There is no script engine for file extension .vbs

When we upgraded from win7 to windows 10/2012, our domain welcome logon script stopped working, with above error, to sort it we copied welcome vb script to domain logon folder and used this …

cscript //e:vbscript c:\path\to\script.vbs

---

Convert bootable USB in ISO file

The instructions for USB to .iso are as follows (for a Windows 7 installation for example):

1. Install ImgBurn. You can even get a portable version of it, just search for it.
2. Plug the bootable USB into the computer
3. Start ImgBurn.
4. Click on the “Create image file from files / folders” button on the home menu.
5. In “Sources” browse to the USB drive.
6. In “Destination” choose where to save the final .iso image.
7. Go to the “Advanced” tab on the right and then “Bootable Disk”.
8. Check the box “Make Bootable Image” and then, in the “Boot image” box browse to file “etfsboot.com” that is in the USB stick found in the folder “boot”.
9. In the field “Developer ID” put “Microsoft Corporation” and enter “07C0” in the “Load Segment” field.
10. Enter ‘4’ in the ‘Sectors To Load’ field if your etfsboot.com file is 2K is size, enter ‘8’ if it’s 4K. In other words, x = size of etfsboot.com in bytes / 512.
11. Click “Build” and you’re done!

Credits: https://mindthebandgap.wordpress.com/2013/03/13/how-to-convert-bootable-usb-into-an-iso-file/

---

Reboot / Shutdown – Remote Workstation from Domain Admin PC

shutdown /r /t 60 /m \\REMOTE-PC /c "YOU PC WILL REBOOT AFTER 1 MINUTE..."

shutdown /r /f 60 /m \\REMOTE-PC /c "YOU PC WILL REBOOT AFTER 1 MINUTE..."

60 is seconds, you can up n down this value as per your requiremnts

---

.NET Framework 3.5 error code 0x800F081F on Windows 10.

To solve it, use following.

Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess

In above command make sure to change the path D:\sources\sxs to your windows 10 dvd / usb location. Basically You have to provide the Windows installation DVD/USB path so that it can copy the required files for .net

Get Installed Printer list from remote workstation using PS cmd

Get-WmiObject win32_printer -ComputerName "REMOTE_PC_NAME"

Disable Internet Explorer (chrome) Proxy via CMD

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

---

Check System Info & HOTFIXES / Windows Updates

Windows Built In cmd’s to query for System information & windows updates list

wmic qfe | find “982802”
systeminfo > c:\updates.txt

PowerShell:

get-hotfix
To search for a specific hotfix
get-hotfix | out-string -stream | select-string "KB977236"

---

Find windows version remotely

systeminfo /s 10.1.1.2 | findstr /B /C:"Host Name" /C:"OS Name" /C:"OS Version"

Get computer hardware details

wmic computersystem get model,name,manufacturer,systemtype

wmic csproduct get name

wmic bios get serialnumber

wmic csproduct get name

---

FOLDER’s Related CMD’s

To delete all folders starting with 1

Direct CMD run command

for /d %i in (1*) do rd /s/q "%i"

CMD to be used in BATCH file

for /d %%i in (1*) do rd /s/q "%%i"

To count folders numbers

dir /a:-d /s /b "C:\Users\MYNAME\AppData\Local\Temp" | find /c ":"

---

Windows Patches List

wmic qfe list

Search particular Patch

wmic qfe | find "4013389"

Powershell:

get-hotfix

---

DHCP related CMD’s

########### DHCP COMMANDS ##############

# Search user by mac IP ADdress
Get-DhcpServerv4Lease -ComputerName 10.11.11.5 -IPAddress 10.11.17.70

# Get all leases from DHCP Server
Get-DhcpServerv4Lease -ComputerName 10.11.11.5 -ScopeId 10.0.0.0
Get-DhcpServerv4Lease -ComputerName 10.11.11.5 -ScopeId 10.0.0.0 -AllLeases

# Get particular information only for in all leases
Get-DhcpServerv4Lease -ComputerName 10.11.11.5 -ScopeId 10.0.0.0 | select-object IPAddress,ClientId,HostName,Description

# Search user by MAC Address
Get-DhcpServerv4Lease -ComputerName 10.11.11.5 -ScopeId 10.0.0.0 -EA SilentlyContinue -ClientId fa-52-78-b8-ef-d8
Get-DhcpServerv4Scope -ComputerName 10.11.11.5 | Get-DhcpServerv4Lease -EA SilentlyContinue -ClientId 3c-52-82-59-87-76
Get-DhcpServerv4Scope | foreach {Get-DhcpServerv4Lease -computername $env:YOURDC -allleases -ScopeId ($_.ScopeId) as [string] } | ? clientid -match '00-04-f2-f'

#Get FREE IP Addressess details
Get-DhcpServerv4FreeIPAddress -ComputerName 10.11.11.5 -ScopeId 10.0.0.0

# ADD IP Reservation IN DHCP VIA CMD
Add-DhcpServerv4Reservation -ComputerName 10.11.11.5 -ScopeId 10.0.0.0 -IPAddress 10.11.14.235 -ClientId 54-ee-75-e8-ad-18 -Description "temp.guest" -Name "temp.guest"
# ADD GATEWAY for reserved IP IN DHCP VIA CMD
Set-DhcpServerv4OptionValue -ComputerName 10.11.11.5 -ReservedIP 10.11.14.235 -Router 10.11.11.6

---

Change Windows Remote Desktop (RDP) Default Port to other value

First check what is current port

Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber"

Now to change it use below code , Ensur eyou are opening powershell CMD as RUN AS ADMINISTRATOR

$portvalue = 44440

Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber" -Value $portvalue

Now you can access the remote PC RDP like 192.168.0.1:44440

---

Regard’s
Syed Jahanzaib