One for the notebook if you tend to use Managed Service Accounts extensively and eventually end up implementing them in a Windows Server 2012 environment.

For Windows Server 2012, the Windows PowerShell cmdlets default to managing the group Managed Service Accounts instead of the original standalone Managed Service Accounts.

A useful alteration but surely retaining the default use and extending the cmdlet would make it less prone to us admins using MSAs regularly to smashing up keyboards.

-Lewis

Windows Server 2008 R2 delivered a new feature called the Active Directory Recycle Bin which offers the ability to restore items deleted from the Active Directory database by restoring them from the Recycle Bin with the simplicity of….well, it’s not really that simple.

The premise is simple enough. You’ve deleted an item that you want to restore so instead of breaking out the backups, taking down a Domain Controller, booting in to DSRM and re-acquanting yourself with NTDSUTIL, you enable the Recycle Bin to save you all that hassle.

But wait a minute! Before enabling the Active Directory Recycle Bin (ADRB) there are a couple of caveats which you should be aware of. Now, Microsoft will tell you what you need to enable your use of ADRB such as:

• Forest Functional Level: Windows Server 2008 R2.
• All Domain Controllers running Windows Server 2008R2

…but the limits that enabling Active Directory Recycle Bin can have on restore operations is significant enough to ensure that your Backup Operators and Data Security personnel need to be consulted before you make a unilateral decision to enable it.

1. Enabling ADRB transitions all currently Tombstoned (deleted) objects to the new Recycled object state. This effectively means that current Tombstoned objects (objects deleted in the last 180 days) should never be restored, either through object reanimation or via an authoritative restore.
2. Similar to the above, once an object reaches the Recycled object state (after 180 days of being a Logically Deleted object) it cannot be restored or recovered from backup. Microsoft recommends that you do not use authoritative restores at all after enabling ADRB and that you only use ADRB to restore objects during their deleted object lifetime (DOL). This article: http://technet.microsoft.com/en-us/library/dd379542(WS.10).aspx details the recommendation which effectively means that restores must be done within the deleted object lifetime or you should consider the object completely unrecoverable. The deleted object lifetime can be adjusted at the expense of an increased AD database size and replication traffic but the default is 180 days.
3. ADRB cannot restore changed objects – this must be done using an authoritative restore while the object is still live. Hopefully the proper use of change processes in your organisation should  minimise the eventuality of this occurring and permit the ability to simply undo a change but we all know what happens in the real world.
4. Enabling ADRB results in the size of your Active Directory database increasing (and consequently the replication bandwidth requirements) to accommodate the new object states before objects deleted are completely removed from the database. The increase is dependent on the amount and type of objects created and deleted but since there is a new object state, the time the objects remain in the database is effectively doubled.

Once each of these discussion points has been thoroughly considered should you look at enabling the Active Directory Recycle Bin.

I know this subject is fairly old hat given that Windows Server 2012 is now available but I’m still astonished by the numbers of Active Directories that I come across that aren’t making use of the Active Directory Recycle Bin. Reading the pro-tip (can I call myself a pro?) enabling it in Windows Server 2012 is pretty much a no-brainer with the easy-peasy GUI on offer, just be mindful of the implications.

Pro tip: Although the procedure for using the Recycle Bin is currently based on PowerShell, Windows Server 2012 provides a Graphical User Interface to permit much simpler use of the Recycle Bin feature.

Admission: I actually wrote this article nearly 12 months ago but never finished it or published it – since then Windows Server 2012 has been released so I’ve made mention of that in the article.

I’m no longer looking for new challenges in 2013! I have one ready to go and it sounds fantastic. I’m looking forward to helping my next employer bring their network infrastructure and supporting services bang up to date so they can provide a cutting edge service to wow their existing customers, expand their client base in to new markets and grow their business the way they want it to grow.

If I don’t say so beforehand, I hope you all have a Happy Christmas 2012 and a prosperous New Year in 2013 and beyond. Here’s to new challenges in 2013!

-Lewis

I’m now on the lookout for new contract opportunities beginning in early 2013 and would welcome new contacts in the industry to get in touch if you’re looking for a highly skilled Windows Server Enterprise Administrator, Service Design Engineer or Project Technical Lead.

If you’re interested in making contact, please use my LinkedIn profile at: http://uk.linkedin.com/in/lewisroberts/

Thanks!
Lewis

I recently applied to join Orange as I was spending more than I needed to on my monthly bills with T-Mobile. I gave T-Mobile a chance to match the deal I could get with Orange but they could only give me it on a 12 month contract. I don’t do twelve month contracts any more, one month rolling is all I’m willing to sign up to since I buy my own mobiles unlocked and outright.

Since I’ve only lived at my new address for 18 months, Orange wanted proof of my address using some kind of utility bill so, being the environmentally friendly person I am using paperless billing and online accounts as much as possible, I downloaded my latest bill from my energy provider and emailed it to Orange’s referral team as requested…this is what I got back.

So the referrals department received my proof but weren’t able to accept it….

No explanation as to why or what the cause of their non-acceptance was they just didn’t accept something they asked for and were sent. So am I to guess what they want?!

Last chance Orange or I take my business to O2, again.

Fedora 16 to 17 Upgrade…nightmare.

I’m convinced that persons developing and using Linux on a daily basis insist that upgrading your Linux distro to the latest and greatest is supposed to be the easiest thing since wiping your own arse. In all frank and honesty, upgrading to Fedora 17 from 16 has been a royal pain in said arse.

I first attempted to perform the upgrade shortly after Fedora 17 went live. I received some random error message about gtk_init moaning about displays or some such bollocks and didn’t bother trying any further thinking they’d sort something out with F16 to help you through the upgrade. Well, they didn’t.

Running preupgrade on a runlevel 3 (non-GUI, you know, a server) will give you said error. What you’re supposed to do is execute preupgrade-cli. Why of course! I should have known! Did the dev forget to check the runlevel and offer a bit of advice instead of puking all over the screen? Guess not.

Then when you run preupgrade-cli, you do so by specifying the distro to upgrade to:

preupgrade-cli "Fedora 17 (Beefy Miracle)"

Then you’re moaned at for not having a large enough partition for some random file but told it will be all OK if you’re on a wired connection. Full speed ahead your system downloads all the packages and then, after saying its made a change to your grub config, you are safe to reboot. Now the system reboots…and promptly goes straight back in to F16. If your computer could look back at you in a nonplussed fashion, it would be doing.

So you have another go and spot the error that says sh grub file or folder not found. Eh? How is my PC even booting if grub isn’t there? It turns out that F16 apparently forced an upgrade to GRUB2 and it’s your GRUB2 config file that receives the updated “Upgrade to Beefy Miracle” boot entry. Useful! Except my computer was booting from GRUB. Don’t ask me why, I have no idea.

So I ensure GRUB2 is installed and on my boot partition:

grub2-install /dev/sda

I then decide it’s wise to ensure that my GRUB2 install has the latest info about my system (all the kernels I had in GRUB):

grub2-mkconfig -o /boot/grub2/grub.cfg

A reboot yields an actual option to perform the upgrade to Beefy Miracle so I select it and again my computer screen is puked on with various 404 errors. Yes, that’s right, the “second stage” URL that grubby spewed in to my grub.cfg at the end of preupgrade-cli was WRONG so I had to edit it and remove the /LiveOS\squashfs.img location MANUALLY by pressing “e” on the highlighted boot table entry when GRUB2 loaded.

Only after all this (which I admit involved a lot of reading/learning) did I manage to get to a point where it looked like Fedora 17 would install the packages it had spent an hour downloading. As I type this it’s still installing the F17 packages but I have no idea if it will actually work given how many upgrade cock-ups I’ve had to battle my way through so far. Someone at Fedora needs shooting.

- Lewis

I’d been religiously checking Expansys’ website for any indication of a release date for the Samsung Galaxy SIII in 32 or 64GB form and was surprised today to see that it is no longer listed on their website. For whatever reason, they’ve de-listed the handset and it doesn’t look to be making a return any time soon.

About two weeks ago I decided that because I’d been waiting so long for the 32GB Galaxy SIII to make an appearance and Google had just announced Android 4.1 Jelly Bean, I decided instead to go for the Galaxy Nexus which would be the first phone to receive the new OS. I got the phone a while back now and must say I’m not disappointed – Jelly Bean has improved the phone’d responsiveness massively over Ice Cream Sandwich. I am however very disappointed in Samsung. Had they released a 32GB version of the Galaxy Nexus 6 months ago (again, like we were expecting) I’d have had one much sooner.

I loved my HTC Desire but it was getting seriously long in the tooth and this latest vapourware announcement from Samsung is the second time they’ve done this for a newly announced superphone in the last 6 months. First the Galaxy Nexus and now the SIII. If Samsung really want to challenge Apple for the prize of best Smartphone, they need to book their ideas up! Don’t announce a phone with a specific memory size if it’s never going to make an appearance!

I have heard that Samsung will release the 32GB phone in the second half of this year but what’s the point releasing at that time? The buzz has died off and the number of punters waiting for the SIII with larger memory capacity (yes, I know you can put microSD cards in it!) will probably have gone elsewhere or be waiting for the iPhone 5′s inevitable 128GB size or the new Google Nexus Phone (possibly a Motorola handset).

I love my tech but I find it infuriating to be told that something is coming only to be let down.

-Lewis

If for any reason you need to change the IP address of the cluster (the management interface, not a resource!) then you’ll probably be asking yourself where the hell you do that. I was…

I finally found it buried under a collapsed section of the main cluster resource.

Don’t just do this without proper planning of course as the cluster resource must be taken offline to re-register the IP and perform DNS updates.

-Lewis