====== Domain controllers ======
weird nis server error about note: [[http://support.microsoft.com/kb/923515|You receive a WMI error message when you access the "NIS Servers" node in the Identity Management for Unix MMC snap-in on a computer that is running Windows Server 2003 R2]]
Summary of:
[[http://support.microsoft.com/kb/325379/en-us]]
==== Inventory the domain controllers that are in the domain and in the forest: ====
=== Make sure that all the Windows 2000 domain controllers in the forest have installed all the appropriate hotfixes and service packs. ===
repadmin /showattr pluto ncobj:domain: /filter:"(&(objectCategory=computer)(primaryGroupID=516))" /subtree /atts:operatingSystem,operatingSystemVersion,operatingSystemServicePack
=== Verify the end-to-end Active Directory replication throughout the forest. ===
REPADMIN /REPLSUM /BYSRC /BYDEST /SORT:DELTA
=== Verify that the contents of the Sysvol share are consistent. ===
=== Use Dcdiag.exe from the support tools to verify that all the domain controllers have shared Netlogon and Sysvol shares ===
DCDIAG.EXE /e /test:frssysvol
=== Inventory the operations roles. ===
DCDIAG /test:FSMOCHECK
NETDOM QUERY FSMO
REPADMIN /SHOWREPS
=== Changing Operations roles ===
see help index for "transfer of operations master roles".
RID, PDC and Infrustructure are in "Active Directory Users and Computers". Right click the domain name.
Transfer Operations Master, "use Active Directory Domains and Trusts" on start menu. Right click the domain name.
Transfer Schema Master, use command line.
>ntdsutil
ntdsutil: roles
fsmo maintenance: connection
server connections: connect to server neptune
fsmo amintenance: transfer schema master
yes
=== EventLog Review ===
=== Disk Space Inventory ===
==== Extend ====
[[http://technet2.microsoft.com/windowsserver/en/library/ed42abd5-24c7-4b5a-8165-dbd96727ec841033.mspx?mfr=true]]
repadmin /showrepl
run adprep from the R2 CD
cd cmpnents\R2\ADPREP
adprep /forestprep
====== Neptune Rebuild ======
* Install OS Behind NAT
- specify drivers for SATA RAID - Intel ICH7R
- create 75G partition, leave the rest
- Install Drivers
- Update Windows
* dcpromo - aoe.vt.edu - don't need to add to domain first.
- this should install NAV and Mozilla
* Install nis and password sync (Add/Remove)
* run nisconfig.exe on 2008 servers to get listed in nis servers
* http://support.microsoft.com/kb/971900
* Set static IP to 128.173.188.26 and put on WAN
* DNS (Add/Remove)
* Add as Global Catalog server from Active Directory Sites and Services
* WSUS (Download from Microsoft)
-Install IIS first
* install support from tools on the CD and create a link to adsiedit.msc
====== LDAP connection ======
if you want to connect with the LDAP browser, you can just connect to Pluto's IP on port 389 (unencrypted :-( ) with the following Base DN:
dc=aoe,dc=vt,dc=edu
And with the following user:
cn=Administrator,cn=Users,dc=aoe,dc=vt,dc=edu
====== pluto ======
* Check that Hardware Raid is enabled in BIOS.
* Install OS Behind NAT
- specify drivers for SATA RAID - Intel 82801GR/GH SATA Raid (Desktop ICH7R/DH)
- create 75G partition, leave the rest
- Install Drivers
- Update Windows
* install Print Services for Unix from the Windows CD's(add/remove)
* Set Up Printers (See below)
* install DHCP (See below)
* dcpromo - aoe.vt.edu - don't need to add to domain first.
- this should install NAV and Mozilla
* Install nis and password sync (Add/Remove)
* Set static IP to 128.173.188.26 and put on WAN
* DNS (Add/Remove)
* Add as Global Catalog server from Active Directory Sites and Services
* install support from tools on the CD and create a link to adsiedit.msc
==== dhcp ====
[[http://support.microsoft.com/kb/325473]]
install DHCP from Add/Remove.
on old machine:
netsh dhcp server export c:\dhcpdatabase.txt all
Move the file to the new machine.
on new nachine:
netsh dhcp server import c:\dhcpdatabase.txt all
===== printers =====
copier management 231-1622
==== Workroom B&W ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: Standard TCP/IP port (next) (next)
Printer Name or IP Address: workroombw.aoe.vt.edu
Port Name: workroombw.aoe.vt.edu
Locate Driver from list or use have disk:
KONIA MINOLTA Di2010 PCL6
Printer Name: Workroom B&W Printer-Copier
Do yo want to use this printer as the default printer? No (next)
Share name: WorkroomBW (next)
Location: 215 Randolph
Comment: Black and white with finishing features.
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
==== Workroom BW KM C222 ====
to set the fax mode as default comm mode,
Util
admin
admin1
tx settings
quality/mode
comm mode
Fax, G3
dkellogg@vabs.net
email smtp host 198.82.183.88 port 25
admin password 23190611
==== Workroom Color ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: Standard TCP/IP port (next) (next)
Printer Name or IP Address: workroomcolor.aoe.vt.edu
Port Name: workroomcolor.aoe.vt.edu
Locate Driver from list or use have disk:
Fiery X3e 22C-KM PS v2.0
Printer Name: Workroom Color Printer-Copier
Do yo want to use this printer as the default printer? No (next)
Share name: WorkroomColor (next)
Location: Faculty Workroom
Comment: Color with finishing features.
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
Administrator password: 231-9061
To save the user settings:
Utility -> User Settings -> Scan/Fax Settings -> Default Scan/Fax Settings
Press "Factory Default" then IMMEDIATELY press "Current Setting" THEN press "OK"
Copier number 2053
==== Workroom Color (PCL Driver) ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: Standard TCP/IP port (next) (next)
Printer Name or IP Address: workroomcolor.aoe.vt.edu
Port Name: workroomcolor.aoe.vt.edu
Locate Driver from list or use have disk:
KONICA MINOLTA C350 PCL5c
Printer Name: Workroom Color Printer-Copier PCL5c
Do yo want to use this printer as the default printer? No (next)
Share name: WorkroomColorPCL (next)
Location: Faculty Workroom
Comment: Color printer-copier. This driver is without the EFI Job Monitor!
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
==== Lexina ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: Standard TCP/IP port (next) (next)
Printer Name or IP Address: lexina.aoe.vt.edu
Port Name: lexina.aoe.vt.edu
Locate Driver from list or use have disk:
Lexmark E330
Printer Name: Lexina
Do yo want to use this printer as the default printer? No (next)
Share name: lexina (next)
Location: 2xx Randolph Hall
Comment:
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
==== Grad Lab ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: Standard TCP/IP port (next) (next)
Printer Name or IP Address: gradlabprintserv.aoe.vt.edu
Port Name: gradlabprintserv.aoe.vt.edu (next)
Custom: Settings... (OK) (next) (Finish)
Locate Driver from list or use have disk:
Have Disk... HP LaserJet 2300 Series PCL 6 (next)
Printer Name: Graduate Lab HP LaserJet 2300 Series PCL
Do yo want to use this printer as the default printer? No (next)
Share name: gradlab (next)
Location: 315 Randolph Hall
Comment:
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
replaced with P3005
P3005 repaired 2/24/2011 at ALI, Advanced Logic Industries with office located at the CRC.
David
552-6108 ext 4261
==== Old Design lab 4050 ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: Standard TCP/IP port (next) (next)
Printer Name or IP Address: hp4050.aoe.vt.edu
Port Name: hp4050.aoe.vt.edu (next) (Finish)
Locate Driver from list or use have disk:
HP LaserJet 4050 Series PCL (next)
Printer Name: HP LaserJet 4050 Series PS
Do yo want to use this printer as the default printer? No (next)
Share name: HP4050 (next)
Location: tbd
Comment:
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
==== Design lab 4250 ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: Standard TCP/IP port (next) (next)
Printer Name or IP Address: dl-printer.aoe.vt.edu
Port Name: dl-printer.aoe.vt.edu (next) (Finish)
Locate Driver from list or use have disk:
HP LaserJet 4250 Series PS (next)
Printer Name: Design Lab HP LaserJet 4250 Series PS
Do yo want to use this printer as the default printer? No (next)
Share name: dl-printer (next)
Location: 217 Randolph Hall
Comment: Undergraduate Design Lab printer - Bring your own paper!
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
{{c00218691.pdf|HP 4250 Manual}}
==== DesignJet 500 ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: Standard TCP/IP port (next) (next)
Printer Name or IP Address: designjet.aoe.vt.edu
Port Name: designjet.aoe.vt.edu (next)
Device Port: Parallel 1 (next) (Finish)
Locate Driver from list or use have disk:
HP DesignJet 500 42 by HP (next)
Printer Name: Design Lab HP DesignJet 500
Do yo want to use this printer as the default printer? No (next)
Share name: dl-plotter (next)
Location: 217 Randolph Hall
Comment: 42 inch wide plotter
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
==== Annex 2300 ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: LPR port (next) (next)
Name or address of server providing lpd: annexprinter.aoe.vt.edu
Name of printer or print queue on that server: annexprinter (next) (Finish)
Locate Driver from list or use have disk:
HP LaserJet 2300 Series PCL 6 (next)
Keep existing driver (recommended) (next)
Printer Name: AnnexHP2300
Do yo want to use this printer as the default printer? No (next)
Share name: AnnexHP2300 (next)
Location: Randolph Annex
Comment:
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
==== Structures ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: Standard TCP/IP port (next) (next)
Printer Name or IP Address: structuresprinter.aoe.vt.edu
Port Name: structuresprinter.aoe.vt.edu (next)
Custom: Settings... (OK) (next) (Finish)
Locate Driver from list or use have disk:
Have Disk... Xerox Phaser 8400B PS HP LaserJet 2015 Series PS(next)
Printer Name: Structures-Color
Do yo want to use this printer as the default printer? No (next)
Share name: Structures-Color (next)
Location: Femoyer 205
Comment:
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
==== structprint2 (using name) ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: structprint2.aoe.vt.edu (next) (next)
Printer Name or IP Address: structprint2.aoe.vt.edu (was 128.173.188.54)
Port Name: structprint2.aoe.vt.edu (next)
Custom: Settings... (OK) (next) (Finish)
Locate Driver from list or use have disk:
Have Disk... HP 1022n (next)
Printer Name: Structures Printer 2 HP LaserJet 1022n
Do yo want to use this printer as the default printer? No (next)
Share name: structprint2 (next)
Location: Femoyer 319
Comment:
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
configuration page user Admin, standard local password
==== multifunction ====
Add Printer (Next)
Local printer attached to this computer
uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: Standard TCP/IP port (next) (next)
Printer Name or IP Address: multifunction.aoe.vt.edu
Port Name: multifunction.aoe.vt.edu (next)
Custom: Settings... (OK) (next) (Finish)
Locate Driver from list or use have disk:
Have Disk... (next)
Printer Name: Office Multifunction
Do yo want to use this printer as the default printer? No (next)
Share name: OfficeMulti (next)
Location: Randolph Workroom
Comment:
(next)
Do you want to print a test page? Yes or No (next)
(Finish)
2316611
Disable sending e-mail direct from the product.
(selected) Enable sending e-mail direct from the product.
SMTP Gateway Settings
SMTP Gateway 198.82.183.88
SMTP Port (0-65535) 25
Default E-mail Settings
'From:' E-mail Address: multifunction@aoe.vt.edu
'From:' Display Name: AOEmultifunction
Default Subject: Sent from CM2320nf MFP
(not selected) Allow user to enter a subject with every e-mail.
(not selected) Allow user to enter a "Reply To:" with every e-mail.
1 Chris Hall cdhall@vt.edu
2 Rachel rahall@vt.edu
3 Durner cdurner@vt.edu
4 Jon joncouch@vt.edu
==== nsl-multifunction ====
128.173.189.6 dhcp from pluto
mooney12!
==== printer on ganymede ====
To use a printer from a Linux machine that is shared from a Windows machine, first, install the Unix Print drivers on the Windows box. Then connect to the printer using LPD in a similar way to on Macs.
====== yp ======
Worked automatically to alexandria for the first time since February with the 2003R2 on Neptune. **The factors is that neptune is master and reload_yp was run with just neptune's server fir nis running.**
----
[[http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/]]
----
auto.master and auto.home
These files were not being propogated to alexandria. Fixed by removing from AD and re-migrating. (See note below)
On Alexandria save the files:
ypcat -k auto.home
misc -rw alexandria.aoe.vt.edu:/export/misc
grad -rw alexandria.aoe.vt.edu:/export/grad
softvault -rw athena.aoe.vt.edu:/export/softvault
design -rw alexandria.aoe.vt.edu:/export/design
lab7 -rw athena.aoe.vt.edu:/export/lab7
facultystaff -rw alexandria.aoe.vt.edu:/export/facultystaff
caplab -rw athena.aoe.vt.edu:/export/caplab
sysadmin -rw alexandria.aoe.vt.edu:/export/sysadmin
sssl -rw alexandria.aoe.vt.edu:/export/sssl
undergrad -rw alexandria.aoe.vt.edu:/export/undergrad
diskhogs -rw athena.aoe.vt.edu:/export/diskhogs
structures -rw alexandria.aoe.vt.edu:/export/structures
grad2 -rw alexandria.aoe.vt.edu:/export/grad2
ypcat -k auto.master
/home auto.home -nosuid,intr,tcp
Remove from
Adsi Edit
Domain [neptune.aoe.vt.edu]
DC=aoe,DC=vt,DC=edu
CN=defaultMigrationContainer30
CN=aoe
Delete--> CN=auto.home
Delete--> CN=auto.master
CN=System
CN=RpcServices
CN=ypServ30
Delete--> CN=auto.home
Delete--> CN=auto.master
These keys found by doing an Advanced custom search in Active Directory Users and Computers for
container nam starts with auto (turn on View, Advanced features)
Then, add them back by migrating the files from alexandria. Move the files from alexandria to neptune and put in C:\Temp
nismap create -i 1 -g " " -y auto.master (This creates the key in system/RpcServices/ypServ30)
nis2ad -y aoe -a aoe -d C:\Temp -s localhost -r no -m auto.master (This creates the key in defaultMigrationContainer30/aoe)
nismap create -i 1 -g " " -y auto.master
nis2ad -y aoe -a aoe -d C:\Temp -s localhost -r no -m auto.master
The files should show up in C:\WINDOWS\idmu\nis\MapCache\aoe
During an update to the table, I discovered that there are several keys that need to be modified to get the entry into the file in C:\WINDOWS\idmu\nis\MapCache\aoe when adding an entry.
From adsiedit, after New, Object, nisobject: Change (or verify the following keys)
cn caplabhomes
distinguishedName CN=caplabhomes,CN=auto.home,CN=aoe,CN=defaultMigrationContainer30,DC=aoe,DC=vt,DC=edu
msSFU30Name caplabhomes(This was missing after the new nisobject was added.)
msSFU30NisDomain aoe (This was missing after the new nisobject was added.)
name caplabhomes
nisMapEntry -rw athena.aoe.vt.edu:/export/caplabhomes
nisMapName auto.home
----
to add groups to the automounter:
nismap add -a aoe -e "newvolume -rw athena:/export/newvolume" auto.home
nisadmin syncall
====== Adding COE Tablet PC's to Domain ======
Refer to the DFS section for the client:
[[http://support.microsoft.com/kb/887303]]
(Dr Neu's loaner laptop issue.)
====== Images ======
{{aoe:domain:ad-auto-home.bmp?200}}
{{aoe:domain:athenapurchase.jpg?200}}
{{aoe:domain:export-assignment.bmp?200}}
{{aoe:domain:services-for-unix.bmp?200}}
{{aoe:domain:gpo-computer-lab-software.png?200}}
{{aoe:domain:logon-script.png?200}}
====== 2008R2 migration Summer 2011 ======
http://technet.microsoft.com/en-us/library/dd379511%28WS.10%29.aspx
* Log on to the infrastructure master as a member of the Domain Admins group.
* Copy the contents of the \support\adprep folder (note the new location) from the installation DVD to the infrastructure master role holder.
* Open a Command Prompt window, navigate to the Adprep folder, and run adprep /domainprep /gpprep.
* Allow the operation to complete and the changes to replicate.
Installing IDMU: http://technet.microsoft.com/en-us/library/cc731178.aspx
Rename pluto
netdom computername CurrentComputerName /add:NewComputerName
netdom computername CurrentComputerName /makeprimary:NewComputerName
reboot
netdom computername NewComputerName /remove:OldComputerName
====== ipSec ======
Added 2001:468:c80:610c::/64 to most all of the ipSec rules
* 3268 GC LDAP
* 3269 GC LDAPssl
* 515 http ?
* 443 https
* 1027 IIS
* 88 Kerb
* 749 kerb-admin
* 389 ldap
* 636 ldapssl
* 445 Microsoft-ds
* 3372 msdtc
* 135 msrpc
* 539 msrpc High
* 138 netbios dgm
* 137 netbios-ns
* 139 netbios-ssn
* 136 profiler
These not modified
* 111 Sum RPC Bind
* 5000-5020 Individual Sun RPC
* 23 telnet
====== Enable more Firewall logging ======
http://technet.microsoft.com/en-us/library/cc754714%28WS.10%29.aspx#BKMK_Proc1
#
auditpol.exe /set /SubCategory:"MPSSVC rule-level Policy Change","Filtering Platform policy change","IPsec Main Mode","IPsec Quick Mode","IPsec Extended Mode","IPsec Driver","Other System Events","Filtering Platform Packet Drop","Filtering Platform Connection" /success:enable /failure:enable
#
Restart the Windows Firewall service by typing the following commands, ending each by pressing ENTER:
net stop MPSSVC
net start MPSSVC
When you are ready to disable event logging, run the same command as in step 3, but use /success:disable /failure:disable at the end of the command. Then restart the service by performing step 4 again.
====== NIS Servers in MIDMU ======
http://support.microsoft.com/kb/971900
Use ADSIedit to modify the GECOS attribute to have (or not have) "NIS Server" in the field.
What that means is to open ADSIEdit and find the entry for the computer. If it is a DC, the it will be in the "Domain Controllers" container. If it is a DC that has been removed as a domain controller, then it will likely be in the "Computers" container. Right click on the computer, for example CN=pluto-2k3 (which was retired as a DC) and scroll down to gecos and unset the entry. For the 2008 DC's, right click on CN=PLUTO, **not** CN=NTFRS Subscriptions. Then find gecos and change to "NIS Server"
====== Unix Tab missing ======
http://blogs.technet.com/b/sfu/archive/2010/01/30/i-cannot-see-unix-attribute-tab-even-after-installing-idmu.aspx
====== DHCP not showing address leases ======
Don't use the gui on 2003 to export (or backup) the database to move to 2008. Instead, use netsh dhcp ....
http://support.microsoft.com/kb/962355
====== firewall monitoring ======
http://technet.microsoft.com/en-us/library/cc754714%28WS.10%29.aspx#BKMK_Proc1
auditpol.exe /set /SubCategory:"MPSSVC rule-level Policy Change","Filtering Platform policy change","IPsec Main Mode","IPsec Quick Mode","IPsec Extended Mode","IPsec Driver","Other System Events","Filtering Platform Packet Drop","Filtering Platform Connection" /success:enable /failure:enable
====== migrate ad-cs (certificate services) ======
http://technet.microsoft.com/en-us/library/ee126140(WS.10).aspx
===== backup old source server =====
1 Backup Database and Private Key
certutil.exe -backupdb
certutil.exe -backupkey
2 Stop CA server
net stop certsvc
3 Backup CS Registry
reg export HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration