Tag: Microsoft

Error: Microsoft SharePoint is not supported with version 4.0.30319.42000 of the Microsoft .Net Runtime

by Samuel Mitchell, posted in Microsoft, windows, Windows server

My colleague was trying to run the PowerShell command Get-SPSite to get information about the SharePoint 2010 sites on the server.

He came across this error:

sharepointerror

It was discovered that the server Windows 2012 R2 has Microsoft .Net 4.0 installed on the box and as a result the SharePoint was not functioning with Powershell version 4.0.

To verify the version installed on the box:

$ver = $host | select version

$ver.Version

Solution

I had to run the opened PowerShell version 2 and then run the commands again.

To do this execute the following command from dos prompt:

powershell.exe -version 2

once the PowerShell opens run the commands again:

Add-PSSnapin Microsoft.SharePoint.PowerShell

Get-SPSite

Get-SPFarm

Get-SPWeb [SPSiteName]

Problem solved. I hope this was helpful.

Microsoft: SysInternals Suite PS Exec Command Usage

by Samuel Mitchell, posted in Microsoft, Uncategorized, windows, Windows server

I was given a task to install a agent on computers and servers using command line as during my research I discovered this tool calls PSExec from the SysInternals Suite tools.

You may ask what is PSExec? According to Microsoft, it launches interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems. In other words, PSExec tool allows the execution of commands on a system remotely as if it is on the direct system console.

There are a number of features that I love about the PSExec tool which are as follows:

  1. It can run the command as another user remotely on the local system using user interaction
  2. It allows the execution of the command on multiple computers from a list in a text file

I was given the task to install the SAP Single Sign On add-in and it was difficult because it required that it is run under a network user locally in an interactive mode.

The PSExec tool gave me the power to overcome this difficulty.

Here is the syntax of the command and the parameters I used:

psexec.exe @[file-name.txt] -u [domain\username] -p -i -h [\\server\path\batch-files.bat]

explaining each switch:

@   execute the command on each computer in the file. Each computer must be in a new line

-u   username

-p  prompt for password

-i  run command in interactive mode

-h run the command with account elevated privilege

This command will execute the script on each computer return the result as it is completed.

Please ensure it is executed on a computer that is running since it cannot be execute without the computer being on.

Group Policy Object Processing And Precedence

by Samuel Mitchell, posted in Microsoft, windows, Windows server

This article is about the order of processing and precedence of the Group Policy Object (GPO).

There is a acronym used to remember the order of processing:

LSDOU – Local, Site, Domain, OU.

Local GPO

Site linked GPO

Domain linked GPO

Organizational Unit linked GPO

The rule of thumb with precedence for the LSDOU order of processing is that the last GPO applied takes precedence which will be the OU linked GPO. There are additional rules to consider such as when multiple GPOs are applied to an object (e.g. Domain), the GPO are process according to order from top to bottom (1 to …) and the top GPO takes precedence.

Inheriting Parent GPO

In some case there make be nested OUs or Parent and Child domains in which GPOs are inherited from the Parent automatically. The inherited GPOs has the least precedence by default on the child node which can be changed by rearranging the link order.

Enforcing GPO

The precedence of the GPO can change by Enforcing it which will allow it to move to the top (become number 1).

 

Microsoft: Enabling Recycle Bin feature in Windows Server 2016 Active Directory Domain Services

by Samuel Mitchell, posted in Microsoft, windows, Windows server

There is a new feature available in Active Directory Administrative Center (ADAC) in the Windows Server 2016 that allows you restore deleted AD objects from the Recycle Bin (although it could be activated from Windows server 2008 R2 using Powershell). It allows you to enable it at the Domain or Forest level. The only caveat is once it is enabled, it cannot be disabled. The default lifetime for a deleted object to remain in the AD Recycle Bin is 180 days.

To enable the feature using Powershell:

Enable-ADOptionalFeatureIdentity ‘Recycle Bin Feature’Scope ForestOrConfigurationSetTarget ‘domain.com’Server DC1

To enable the feature in Active Directory Administrative Center:

Go to Server Manager –> Tools –> Active Directory Administrative Center

servermgr_Adac

Highlight the domain or forest on the left pane and then under the Task pane on the right under the domain, select Enable Recycle Bin.

Enable_recycleBin_ADAC

You will get the warning that once it is enabled it cannot be disabled, select Ok.

rc_warn

Microsoft Powershell – Install and Configure AD Certificate Services (Windows Server 2016)

by Samuel Mitchell, posted in Microsoft, Security, windows, Windows server

This article will demonstrate how to install and configure the Active Directory Certificate Services (AD CS) and the Certification Authority (CA) using both the Server Manager and corresponding Powershell cmdlet.

Using Powershell method

Check if the Active Directory Certificate Service is installed

Get-WindowsFeature AD-Certificate

 

To install the Certification Authority features, run the following cmdlet:

Install-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools

 

Configuring the Active Directory Certificate Services with a Standalone Root CA on Host1.

Install-ADcsCertificationAuthority –Credential (Get-Credential) -CAType [StandaloneRootCA]CACommonName“domain-Host1-CA-1”CADistinguishedNameSuffix “DC=domain,DC=com” CryptoProviderName“RSA#Microsoft Software Key Storage Provider” -KeyLength 2048 HashAlgorithmName SHA1 ValidityPeriod Years ValidityPeriodUnits3DatabaseDirectory “C:\windows\system32\certLog”LogDirectory “c:\windows\system32\CertLog”Force

You can select the CA Type by setting the parameter for –CA Type to either StandaloneRootCA, StandaloneSubordinateCA, EnterpriseRootCA or EnterpriseSubordinateCA. For the CA options like the Cryptographic Provider, Hash Algorithm and Key length will have to be known so that it is selected correctly.

Example for the key length, the values can be 512, 1024, 2048, 4096 which has to be typed out.

For Hash Algorithm, the options are: SHA256, SHA384, SHA512, SHA1, MD5, MD4, MD2.

For the Cryptographic Provider, the parameter -CryptoProviderName can be:

  • RSA#Microsoft Software Key Storage Provider
  • ECDSA_P521#Microsoft Software Key Storage Provider
  • ECDSA_P256#Microsoft Software Key Storage Provider
  • ECDSA_P384#Microsoft Software Key Storage Provider
  • DSA#Microsoft Software Key Storage Provider

and any other…

 

Removing the AD CS and CA feature from the server.

Remove-WindowsFeature ADCS-Cert-Authority

 

Using the Server Manager

 

Go to Server Manager–> Manage –> Add Role and Features

servermgr

Select Role-based or feature-based installation

role-based

Select the Server to install it on

server

Tick the Active Directory Certificate Services

adcs_server_role

Tick the Certification Authority

CA_role

The feature will be installed and then you can select Configure Active Directory Certificate Services to setup the CA.

configure_ADCS_CA

Enter the Credential that have permission to configure the CA. Note the following:

For Standalone CA: you need local administrator rights

For Enterprise CA: you need Enterprise Admin rights

ca_credential

Select  role services: Certification Authority (CA)

configure_CA

select Standalone CA. Once you know how to configure Standalone CA then you can easily configure Enterprise CA.

select_StandaloneCA

Select Root CA (this is the first CA)

select_RootCA

Select Create a new private key.

create_key

Select your preferred cryptographic provider, key length and hash algorithm

crypto_options

The Common Name and distinguished name suffix will be generated but you can enter your own name.

CA_CommonName

Select the validity period for the Certificate generated.

CA_Period

You can change certificate database and log path or let it remain at the default path

CA_DB-log

Confirm configuration settings of CA.

CA_result_page

Once the CA installation is complete, you can go to Server Manager –> Tools –> Certification Authority to view CA server in the MMC.

 

 

 

Using Powershell to manipulate File Server Resource Manager

by Samuel Mitchell, posted in Microsoft, windows, Windows server

This article is to share information on how to use PowerShell to manipulate the File Server Resource Manager (FSRM) which is used to do quota management on a file server.

Setting the FSRM Quota for a shared path

Set-FsrmQuota -Path ‘U:\PathOFShare‘ -Description “Soft Limit set on to 10 GB” -Size 10GB [-SoftLimit] [-Threshold (New-FsrmQuotaThreshold -Percentage 85)] [-Disabled]

Set-FsrmQuota

View the File Server Resource Manager (FSRM) information for a shared path

Get-FsrmQuota -PathU:\UserPAthName

Creating a new FSRM Quota Template

new-FsrmQuotaTemplate -Name “Test” -Threshold (New-FsrmQuotaThreshold -Percentage 85) -Description “Test” -Size 10Gb

New-FsrmFileScreen -Path ”U:\PathToShare” [-Active] -Description “Screen Files for videos and music” -IncludeGroup “Audio and Video Files”

Performing an Offline Domain Join – AD DS

by Samuel Mitchell, posted in Microsoft, windows, Windows server

Provisioning a offline domain joined file for a computer:

  1. Logon to a writeable Domain Controller
  2. Open the command prompt (cmd)
  3. Use command:

Djoin /provision /domain <mydomain.com> /machine <computername> /savefile <filename.txt> /machineou <Computers> /dcname <DC1> /reuse

Joining a computer to the Domain offline:

Djoin /requestodj /loadfile <filename.txt> /windowspath <%windir%> /localos

The computer will restart and when it is up, the computer is on the domain.

Reference: https://technet.microsoft.com/en-us/library/offlinedomain-join-djoin-step-by-step(v=ws.10).aspx

Active Directory Domain Services Offline and Defragmentation

by Samuel Mitchell, posted in Microsoft, Windows server

There is a tradition method of taking the Microsoft Active Directory Domain Services (AD DS) offline to perform maintenance on the database is using the Directory Service Restore Mode (DSRM). The steps are listed below:

  1. Log into your Domain Controller (DC)
  2. Open the command prompt
  3. Run the command:

    bcdedit /set safeboot dsrepair

  4. Reboot the DC so the it can enter into safe mode

To exit the safe mode, run the command

bcdedit /deletevalue safeboot

and then reboot for the DC to return to normal mode.

Another method of taking the AD DS offline is by stopping the AD DS service using the services applet (services.msc).

Now to perform defragmentation on the AD DS database is to use the NTDS utility.

Execute the following command at the prompt:

ntdsutil

activate instance ntds

files

compact to c:\

integrity

quit

quit

copy c:\ntds.dit c:\windows\ntds\ntds.dit

del c:\windows\ntds\*.log

Restart the AD DS services.

Restart-Service NTDS

Please note that you don’t have to restart the server after the maintenance of the database.

 

 

Installing Windows Features using PowerShell

by Samuel Mitchell, posted in Microsoft, Windows server

I was on a drive to enable SNMP feature on all our Windows 2012 R2 servers in order to monitor the CPU, Memory and Disk utilization through WMI.

Trying to do this manually using the Windows Roles and Features for over 40 servers was not practical as it was time consuming. As a result, I venture out to seek a way to do this on a widescale in the shortest possible time.

Now here comes Powershell, it has save the day with it’s easy-to-use cmdlets and remote execution from any Windows machine.

I am now going take this opportunity to show what I have done to complete this task.

The following cmdlet is what you will use to install any windows features from the server roles:

This cmdlet is used to get the Windows features that are currently installed on the server:

Get-WindowsFeature [FeatureName] -computerName [NameOfComputer]

You can include the Features name in the command in order to get the status of the particular feature.

This cmdlet is used to install the windows features:

Install-WindowsFeature [FeatureName] -computerName [NameOfComputer]

Using the cmdlets above, the following commands were executed to install the SNMP-Service feature:

PS C:\> Get-WindowsFeature SNMP-Service -ComputerName TestWinServer

results:

SNMP-GetFeature

Installing Windows features SNMP-Service for the 2012 R2 server TestWinServer

PS C:\> Install-WindowsFeature SNMP-Service -ComputerName TestWinServer

Results:

SNMP-InstallFeature

After installing this feature, I was able to configure the SNMP services and set my monitoring tool to pull the information from WMI using snmp.

I hope this article was helpful.