Change the Server 2008 Product Key

Remove the Existing Product Key from Server

slmgr.vbs -ckms

Enter the New Product key in to Server 2008

slmgr.vbs -ipk xxxx-xxxx-xxxx-xxxx

Note: Replace the xxxx by given code

If the product code is correct this should return a dialog box indicating success, otherwise it fails. Once you have specified the correct product code it's time to register by issuing command:

slmgr.vbs -ato

A successful activation will return a success dialog box and a failure will indicate as such.

 

Logon User SID Details

Whoami / ? -> To get the Help

whoami /All > mydetails.txt -> It will get all the details of the user Eg: User SID and etc

Backup and Restore of Share & NTFS Permissions

This topic was originally posted to the AskDS blog and has been added to the wiki to allow for community editing.

From time to time we are asked how to backup and restore NTFS file system permissions as well as network share permissions. KB article 125996 talks about the network share piece of it, but it does not talk about NTFS permissions.

One thing that has made the NTFS permissions piece of this simpler is the Icacls tool. Icacls was developed for Windows Vista as a replacement for tools such as Cacls, Xcacls, and Xcacls.vbs. It was also included in Service Pack 2 for Windows Server 2003 and Windows Server 2008.

Backup and Restore of Share Permissions


To backup share permissions, export the Shares registry key.

Open Regedit to the following location:

HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares

Right-click the Shares registry key and select Export. Give it a file name such as shareperms.reg.
When you want to restore the permissions, double-click shareperms.reg to import it back into the registry.

Use the Reg tool to backup the registry key from the command line:

reg export HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares shareperms.reg

If you need to restore it at some point, just run:

reg import shareperms.reg

Backup and Restore of NTFS Permissions


Use this command to backup NTFS permissions:

icacls d:\data /save ntfsperms.txt /t /c

The /T switch allows it to get subfolder permissions too. The /C switch allows it to continue even if errors are encountered (although errors will still be displayed).

Use this command to restore them:

icacls d:\ /restore ntfsperms.txt

Note that in the command to save the permissions, I specified the target folder D:\Data, but when I restored them, I specified just D:\ as the target. Icacls is a little funky like that, and here’s why.

If you open the text file with the exported permissions (ntfsperms.txt in the above example), you’ll see that Icacls uses relative paths (in bold below). Underneath the relative paths are the permissions for the folders in Security Descriptor Definition Language (SDDL) format.

data
D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)
data\folder1
D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)
data\folder2
D:AI(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;OICIID;0x1200a9;;;BU)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)

Had I specified D:\Data in the command to restore the permissions, it would have failed looking for a D:\Data\Data folder:

D:\>icacls d:\data /restore perms.txt
d:\data\data: The system cannot find the file specified.
Successfully processed 0 files; Failed processing 1 files

You might think specifying D:\ as the target in the restore command may somehow mess up the permissions on other folders at that level, but as you can see from the ntfsperms.txt output file, it only has information about the Data folder and subfolders, so that is all it will change.

This artical Posted in Microsoft for my reference i am posting here
for more information on this : http://social.technet.microsoft.com/wiki/contents/articles/how-to-back-up-and-restore-ntfs-and-share-permissions.aspx

Exchange Bulk Mailbox Rights Export Script

on error resume next
ServerName="DomainControlarName"
Const ForReading = 1
Set oFSO = CreateObject("scripting.filesystemobject")
set oLogPermissions = oFSO.CreateTextFile("C:\Scripts\permissions.csv")
oLogPermissions.WriteLine "DN,Trustee,AccessMask,ACEType,ACEFlags,Flags,ObjectType,InheritedObjectType"
Set oTF = oFSO.OpenTextFile("C:\Scripts\mailbox.txt",ForReading,True)

Do While Not otf.AtEndOfStream
DN = otf.ReadLine
sUserADsPath = "LDAP://"& ServerName &"/" & DN
'msgbox sUserADsPath

Set myUser = GetObject(sUserADsPath)

myuser.GetInfoEx Array("msExchMailboxSecurityDescriptor"),0
Set oSecurityDescriptor = myuser.Get("msExchMailboxSecurityDescriptor")
Set dacl = oSecurityDescriptor.DiscretionaryAcl

For Each ace In dacl
oLogPermissions.WriteLine chr(34) & DN & chr(34) &"," & ace.Trustee &"," & decodeaccessmask(ace.AccessMask) &"," & ace.AceType &"," & decodeAceFlags(ace.AceFlags) &"," & ace.Flags &"," & ace.ObjectType &"," & ace.InheritedObjectType
Next
Loop

oLogPermissions.close
oTF.close

msgbox "All Permissions are written to file..."

Function decodeAccessMask(m)
Dim s
'If m AND 1048576 Then s = s + "Synchronize;"
If m AND 524288 Then s = s + "Take Ownership;"
If m AND 262144 Then s = s + "Change Permissions;"
If m AND 131072 Then s = s + "Read Permissions;"
If m AND 65536 Then s = s + "Delete Permissions;"
If m AND 256 Then s = s + "Write Attr;"
'If m AND 128 Then s = s + "Read Attr;"
'If m AND 64 Then s = s + "Delete Dir;"
'If m AND 32 Then s = s + "Execute;"
'If m AND 16 Then s = s + "Write ExtAttr;"
'If m AND 8 Then s = s + "Read ExtAttr;"
If m AND 4 Then s = s + "Assocaited External Account;"
'If m AND 2 Then s = s + "Write;"
If m AND 1 Then s = s + "Full Mailbox Access;"
decodeAccessMask = s &"(" & m & ")"
End Function

Function decodeAceFlags(m)
Dim s
If m AND 16 Then s = s + "Has been inherited;"
If m AND 8 Then s = s + "Not effective will be inherited;"
If m AND 4 Then s = s + "Children will not pass on;"
If m AND 2 Then s = s + "Containers will inherit and pass on;"
If m AND 1 Then s = s + "Non-containers will inherit and pass on;"
decodeAceFlags = s &"(" & m & ")"
End Function

Run-As Script

set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.run "runas /user:Domain\Username %comspec%" 'Open command prompt

WScript.Sleep 1000

WshShell.SendKeys "password" 'send password

WshShell.SendKeys "{ENTER}"

WScript.Sleep 1000 'Open AD Users & Computers

WshShell.SendKeys Chr(34) + "C:\Program Files\Exchsrvr\bin\users and computers.msc" + Chr(34)

WshShell.SendKeys "{ENTER}"

WshShell.SendKeys "exit" 'Close command prompt

WshShell.SendKeys "{ENTER}"

WScript.Sleep 1000 set

wshshell = nothing

Search Valid Users in AD

Const ForReading = 1
Const ForAppending = 8

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile("NameList.txt", ForReading)

Do Until objTextFile.AtEndOfStream
strObjectName = objTextFile.Readline
strRootSearch = "DC=Contoso,DC=net"

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

objCommand.CommandText = _
";(&((objectCategory=user)(objectCategory=group))" &_
"(samAccountName=" & strObjectName & "));samAccountName,distinguishedName;subtree"

Set objRecordSet = objCommand.Execute
If objRecordset.RecordCount = 0 Then

intReturnValue=0

Set objFSO1 = CreateObject("Scripting.FileSystemObject")
Set objTextFile1 = objFSO1.OpenTextFile("Output.csv", ForAppending, True)
objTextFile1.WriteLine(strObjectName & vbTab & "Object does not exist")
objTextFile1.Close
Else
objRecordSet.MoveFirst
intReturnValue=1

Set objUser = GetObject ("LDAP://" & objRecordSet.Fields("distinguishedName").Value & "")
arrAttributes = Array("mail")
objUser.GetInfoEx arrAttributes, 0

On Error Resume Next
strDescription = objUser.Get("mail")
If Err.Number <> 0 Then
strDescription = "No Email Address"
Err.Clear
End If

Set objFSO1 = CreateObject("Scripting.FileSystemObject")
Set objTextFile1 = objFSO1.OpenTextFile("Output.csv", ForAppending, True)
objTextFile1.WriteLine(strObjectName & vbTab & "Object exists" & vbTab & strDescription
objTextFile1.Close
End If
objConnection.Close
Loop

Mutilple Computers Ping Script

NOTE: Do NOT name the script as 'ping.vbs' as it will use 'ping.vbs' to ping the hosts instead of 'ping' command.

Const ForReading = 1

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("WScript.Shell")
If not objFSO.FileExists("servers.txt") THEN
wscript.echo "Please create a file named 'servers.txt' with one PC name to be pingedper line,"&_ vbcrlf&"with a hard return at the end of each line." wscript.quit end if tempobj="temp.txt"

Set objTextFile = objFSO.OpenTextFile("Server.txt", ForReading)
logfile="results.csv"
Set ofile=objFSO.CreateTextFile(logfile,True)
strText = objTextFile.ReadAll
objTextFile.Close
wscript.echo "Ping batch starting, please be patient. This could take some time to"&_ vbcrlf&"finish, depending on the number of hosts to check. You "_ &"will be "&vbcrlf&"notified upon the completion of this script."
ofile.WriteLine ","&"Ping Report -- Date: " & Now() & vbCrLf
arrComputers = Split(strText, vbCrLF)
for each item in arrcomputers
objShell.Run "cmd /c ping -n 1 -w 1000 " & item & " >temp.txt", 0, True
Set tempfile = objFSO.OpenTextFile(tempobj,ForReading)
Do Until tempfile.AtEndOfStream
temp=tempfile.readall
striploc = InStr(temp,"[")
If striploc=0 Then
strip=""
strip=Mid(temp,striploc,16)
strip=Replace(strip,"[",vbTab)
strip=Replace(strip,"]",vbTab)
strip=Replace(strip,"w",vbTab)
strip=Replace(strip," ",vbTab)
End If

If InStr(temp, "Reply from") Then
ofile.writeline item &strip& vbTab &"Online."
ElseIf InStr(temp, "Request timed out.") Then
ofile.writeline item &strip& vbTab &"No response (Offline)."
ELSEIf InStr(temp, "try again") Then
ofile.writeline item &strip& vbTab & "Unknown host (no DNS entry)."

End If
Loop
Next
tempfile.close objfso.deletefile(tempobj)
ofile.writeline ofile.writeline ","&"Ping batch complete "&now()
wscript.echo "Ping batch completed. The results will now be displayed."

More Info : http://www.msfn.org/board/topic/104877-vbscript-ping-multiple-ip-addresses-and-machine-names/

Logoff remote desktop sessions via CMD

To List the session in remote server we use quser.exe

Display information about users logged on to the system.

QUSER [username sessionname sessionid] [/SERVER:servername]

username Identifies the username.
sessionname Identifies the session named sessionname.
sessionid Identifies the session with ID sessionid.
/SERVER:servername The server to be queried (default is current).

Example:

C:>quser /server:CONCHNDATP001

USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
A-BalaK ica-tcp#966 10 Active 7 12/25/2010 3:04 PM
GBala ica-tcp#969 1 Active 9 12/25/2010 3:30 PM
Admin ica-tcp#984 5 Active 1:06 12/25/2010 4:33 PM
Finance ica-tcp#987 2 Active 4 12/25/2010 6:20 PM

Logoff the Remote Sessions

To Log off the terminal session of the remote server, Before you log off the remote session, you should know the "Session ID" which you get it from "QUSER" commands as above stated.

1. Logoff
Logoff command kicks off (logging off) the specified remote session. Log off help shows,

C:>logoff /?
Terminates a session.

LOGOFF [sessionname sessionid] [/SERVER:servername] [/V]

sessionname The name of the session.
sessionid The ID of the session.
/SERVER:servername Specifies the Terminal server containing the user
session to log off (default is current).
/V Displays information about the actions performed.


E.g.,

C:>logoff 2 /server:CONCHNDATP001 /v
Logging off session ID 2

Microsoft KB Search Scripts

Copy the Below Script and Paste it into Notepad save it as KB.VBS

-----------------------------------------------------------------------------
Option Explicit

Dim oShell, sKBArticle

Set oShell = CreateObject("WScript.Shell")
sKBArticle = InputBox("Enter a 6-digit Microsoft KnowledgeBase article number:")
If NOT Len(sKBArticle) = 6 Then
MsgBox "Invalid KB article number!", 16, "Error"
Set oShell = Nothing
WScript.Quit
Else
oShell.Run "http://support.microsoft.com/?kbid=" & sKBArticle
End If

Set oShell = Nothing
WScript.Quit
------------------------------------------------------------------------------

What’s new with Active Directory for Windows Server 2008 R2?

As with every major OS release from Microsoft, there’s a lot of interest right now in Windows 2008 R2. I recently spoke with Justin Graham, senior product manager for Microsoft’s Windows Server team, about some of the key changes/enhancements made to Active Directory for the upcoming release. We’ll be doing an in-depth article on this very topic later in the year, but for now here is a rundown of some of the top new features.


Active Directory Recycling Bin

Graham told me that Microsoft expects this feature to have a major effect on disaster recovery planning for AD, the majority of which is focused around accidentally deleted objects. As many of you know, when an object is deleted in Active Directory, it becomes tombstoned so that most of its attributes (such as group memberships) are stripped away. Recovery of these objects has traditionally been very difficult, and while admins can use third-party tools to retrieve the lost attributes, it usually requires a certain amount of downtime and resources.

The AD Recycling Bin in R2, however, is designed to simplify this recovery process and hopefully solve a lot of those issues. It works pretty much like the old familiar desktop recycling bin, in that when an object is deleted in Active Directory, it doesn’t vanish — it’s just moved into the bin as a deleted object. The key here though is that unlike with tombstoned objects, the deleted object retains all the pertinent attributes it had in AD.

For example, say you had an organizational unit that contained a number of other OUs, each of which had say, five users. If you accidentally delete the top level OU, all of the info within goes with it. However, if you simply restore that top level from the Recycling Bin, all of its attributes come back as well.

Now keep in mind that R2 doesn’t do away with the tombstone lifetime altogether. The Recycling Bin is just the first level of protection. All deleted objects are placed in the Recycling Bin initially for 180 days by default, after which they are then placed into a tombstoned state for another 180 days before vanishing completely. Both these time periods can be adjusted as well, which could be of help to those in larger organizations.

Active Directory Administrative Center (ADAC)

Microsoft is basically on the road toward replacing AD Users and Computers with this new feature. It apparently comes in response to feedback from users regarding the three main AD tools – AD Users and Computers, AD Sites and Services and AD Domains and Trust – and how frustrating it can be at times to use each one along with a bunch of command line tools in order to perform more complex tasks.

Basically, the idea behind ADAC is to simplify things by pulling everything into one tool. ADAC is built on PowerShell 2.0 (the whole ‘PowerShell over GUI’ concept that we saw with Exchange 2007). This means that as you perform tasks in ADAC, the tool is actually performing PowerShell commands on the backend for you.

Incidentally, there have been a ton of new PowerShell cmdlets created around Active Directory for R2, geared toward a number of common AD tasks, such as migrating certain AD domains, dumping objects from the directory, etc. This is just the beginning too, as Graham said the company plans to leverage PowerShell even further with the next OS release following R2.

(Note: For those interested, this article by Christa Anderson offers a nice introduction to using PowerShell with Active Directory.)

Offline Domain Join

This one is pretty straightforward. Offline Domain Join was created for those who are responsible for deploying desktops, as it allows for offline desktop deployment while staying connected to AD. This is mainly geared toward large environments with several levels of protection, which can make desktop deployment difficult if those security measures result in a lack of connection to Active Directory.

The idea here is that you can pre-stage domain accounts in AD, then export those account properties and import them into your automated desktop deployment process (via Sysprep, for example). When desktops are deployed via these tools, they are then automatically joined to the domain using the offline AD credentials, so the next time they connect to the network, they then become a full member of Active Directory.

Managed Service Accounts

Managed Service Accounts is designed to protect applications from going down due to authentication failures. The main idea is to ensure that those Active Directory accounts that are solely used to authenticate services running on app servers or other member servers don’t accidentally become locked out, disabled, etc.

Basically, admins who feel that the normal built-in accounts that are used for service authentication on most servers don’t provide enough service isolation, this tool is designed for you.

The Managed Service Accounts feature is designed to give administrators the isolation and password management they need, so that they don’t have to worry about apps going down due to authentication failures. According to Graham, it does this by providing password management to those service accounts so that the passwords are changed automatically, with the hopes of not only reducing the amount of instances in which apps go down, but also the time it takes for admins to get them back up and running.

Those are most of the big changes in AD to be aware of with Windows Server 2008 R2. There have also been some changes made to AD Lightweight Directory Services (ADAM in Windows Server 2008), which I hope to post on later this week.