Tales of UNIX/Linux Admins managing Windows Servers

You know how strange to look at the other side of the world. I have encountered my remote site UNIX admin guys made some blunder mistakes on Windows Servers. It happens on other way around also. The following stories are not meant to blame the UNIX guys in anyway, but wondering how do they see Windows from their shoes.

1. Only IT Admin and being UNIX admin for a small branch office had to manage our Active Directory Domain controller. The AD Domain Controller is also a DNS/DHCP/WINS server for the Windows machines for the local office. Our "Average UNIX Joe" pointed DNS servers for the AD domain controller to his UNIX DNS server. But he would be real careful to point the DNS server to local on a UNIX DNS server.

That caused major issues and we were clueless. Who would have guessed, he changed the DNS entries for a Domain Controller.

2. On another site, another UNIX guy enabled Windows Firewall on a domain controller. We couldn’t connect to that server and local clients were authenticating to some remote domain controller. It took some time to realize what was happening. We, the Windows Admins, never put any firewall on a domain controller, instead we believe protect local servers using Firewall between Internet and Local network. 

3. Another day, an Remote site UNIX guy installed BlackBerry Enterprise Server on an Exchange Server itself. Boy, that was fun. BES admins knows BES uses client side (Outlook) DLLs to access the email on the Exchange server. We don’t want to mix Client side CDO.DLL with Server side CDO.DLL on a Exchange Server.

4. Other UNIX admin break the mirror in a RAID-1 array and retain a hard disk for backup purposes for an DOMAIN CONTROLLER. One fine day, that domain controller failed with hard disk issues. Our bright Administrator replaced the old hard disk from the broken mirror copy which is 6 months old. He only informed us that he restored from backup and domain controller was not syncing. Boy O! Boy, it took several days of troubleshooting and we were about to rebuild the server from scratch. Finally he broke the information about how he takes backup. We, Windows Administrators, never take broken mirror copies for backups. I came to know it’s common in UNIX world.

5. I have seen mailboxes for a fairly large site has multiple SMTP email addresses like userid@servername.company.com, userid@compay.com, userid@IPADDress, userid@their_local_DNS_Doamin.company.com. And the list is growing as years passed by. It’s crazy and I still don’t know what was he thinking.

I am sure by given chances, I could do wrong things on UNIX/Linux servers. But I will do some research and think twice before I do anything.


Outlook Contacts with Photos

I have added photos for my Outlook Contacts, which results the contact photo shows in email header in Outlook. Better yet, my Windows Mobile shows up the photos when someone calls from my contact list and mails show up with photo. I came across few users who amazed to see the photos in email header and in my Windows Mobile contacts.

It’s really simple to add a photo to the Outlook contact and you do it once. Outlook and Windows Mobile try to show the photo where ever the contact shows up.

I know you don’t have photo for everyone. Here are the ways to collect the photos for your contacts,

1. If you have digital camera photos, you can cut just the face of your friend or co-worker and save it as picture file.

2. Take a photo using your phone camera.

3. Find a good "avatar" picture from Internet (search for Avatar)

I have blogged this also at http://anandpv.blogspot.com/2007/10/outlook-contacts-with-photos.html

Outlook keep asking for username/password (Hint: user recently changed the password)

Is your Outlook keep poping up with authentication window? Is Outlook asks for username/password everytime it opens?
If you or the user changed the password (AD account) recently, Outlook authentication issue is bound to happen. I forgot where I read it (forums or MSKB), there is a simple solution. Changing your password while Outlook is running online mode resolves the issue on my experience.
1. Open the Outlook and type the username/password if asks.
2. Click Control-Alt-Delete key on your keyboard. Click on "Change Password"
3. Type your new password.
4. From next time Outlook will not challenge you for authentication.

Script Elevation PowerToys for Windows Vista

I was writing a script which runs a program on Vista machine. It required administrative privileges, so the UAC pop-ups came up whenever I runs the script. I knew Microsoft should have some kind of mechanism to run the script in elevation mode. It turns out to be June 2007 Technet magazine has "Utility Spotlight" article published with the Vista Script Elevation Powertoy. It’s works for me.  

Here the link to the article:

Script Elevation PowerToys for Windows Vista

Here the download for the Script Elevation Powertoy:


How to add Primary DNS Suffix, Connection specific DNS Suffix and DNS Search Suffix list to all computers using a Script?

While back, we migrated computer and user accounts to new Active Directory Domain. We wanted all the client computers set the correct Primary DNS suffix, Connection specific DNS suffix and DNS search suffix list. I decided to write a little VBScript that can be added to our current logon script, so whenever user logs in their computer gets the correct DNS suffix values.

I wrote the script to check the current DNS suffix values and change them if not correct. Note: You need to provide correct values for sDNSPrimarySuffix and SDNSSuffixSearchList variables.

Here is the script:

‘* This script will add primary DNS suffix and "Connection Specfic DNS suffix search list
‘* into local computer. Change the sDNSPrimarySuffix and sDNSSuffixSearchList strings
‘* to appropriate values
‘* Author: Anand Venkatachalapathy
‘* Written Date: October 4th 2007

Set WshShell = WScript.CreateObject("WScript.Shell")

‘Set Primary DNS Suffix and Search list for domain clients

sDNSPrimarySuffix = "company.com"
sDNSSuffixSearchList = "company.com,corp.company.com,marketing.company.com,europe.company.com"
sDomain = WshShell.RegRead ("HKLMSYSTEMCurrentControlSetServicesTcpipParametersDomain")

If StrComp(lcase(sDomain),lcase(sDNSPrimarySuffix)) <> 0 Then

    ‘Change the Primary DNS Suffix name
    WshShell.RegWrite "HKLMSYSTEMCurrentControlSetServicesTcpipParametersDomain", sDNSPrimarySuffix, "REG_SZ"
    WshShell.RegWrite "HKLMSYSTEMCurrentControlSetServicesTcpipParametersNV Domain", sDNSPrimarySuffix, "REG_SZ"
    WshShell.RegWrite "HKLMSYSTEMCurrentControlSetServicesTcpipParametersSyncDomainWithMembership", 1, "REG_DWORD"

    ‘Change the DNS Suffix Search List
    WSHShell.RegWrite "HKLMSystemCurrentControlSetServicesTCPIPParametersSearchList", sDNSSuffixSearchList, "REG_SZ"
    WScript.Echo "This computer is already set to current DNS Primary Suffix: "  & sDomain
End If

‘End of DNS Suffix Script


WMI Filters in Group Policy (especially for Vista machines)

I had to do a Group Policy modeling for new Wireless settings (uses Certificates and PEAP) for Windows XP and Vista based machines. Obviously Vista OS have to have  a different Wireless Group Policy. I decided to use WMI filters  to filter out Vista machines and started digging. The following are the links where I found some information:

HOWTO: Leverage Group Policies with WMI Filters

Applying WMI Filters

Filtering out Windows XP machines is easy. The following WMI query is a easy answer.

Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"

Well what about Windows Vista machines. Oh! Only Troubles!!! For Vista machines, the Caption is stored as "Microsoft Windows Vista® Business" for Business edition. Applying the same WMI query as above doesn’t work.

Select * from Win32_OperatingSystem where Caption = "Microsoft Windows Vista® Business"

I would do this. Apply Vista Group Policy to all NON-XP machines. Yeah! that might work. After little reading, that will not work. Because Windows 2000 machines are not checked with WMI filter. I certainly don’t want my Vista policy to be applied in Windows 2000 machine.

Then I decided to go with OS version number, it didn’t quite work out as I expected. OS version number changes if we apply  a new service pack. That’s not a good idea. But somehow I know I can tweak the query to check only the high version number (e.g, 6 for Vista, 6.0.5724 is the full version number)

Then I found this blog:

How to detect Vista and Longhorn with WMI Filters

So my WMI query for Vista machines are (as it is from the above link),

SELECT Version, ProductType FROM Win32_OperatingSystem WHERE Version >= ‘6’

Voila! It worked. So I created, tested and applied the Wireless GPO for Vista machines in production.

My ONLY fear is Microsoft doesn’t change things in next service pack that affects my current WMI query.

How to book recurring meetings with a resource and Huge group of people?

A user came to me for advice, asking "What’s the best way to book recurring meetings with high number of attendees?" Her problem is first make sure the conference room is available for all the occurrences and rest of the attendees on the same time. It’s really tough job.  Her major problem was some occurrence in a conference room was not available, so the whole meeting request was rejected by the "Auto Accept Agent" from our Exchange server.

Now I have to give her some advice and I did. Before I go on for the advice, I wish Microsoft provides the following feature in Outlook (may be in future). I will check Microsoft Office site to see I can ask for this feature.

From the Meeting Request Window in Outlook, There must be a option to check all the occurrences are  available or not for selected attendee or conference room.

Now the some advices on booking recurring meetings:

– Do NOT ever book "No End Date" meetings, See the referenced picture below


– Use Auto-Pick feature (in Scheduling tab). Many users don’t even try this. I would say give it a try.

– Open the conference room calendar in Outlook (File–>Open Other Users Calendar..). Change the view to "Monthly". Check your meeting occurrences manually.

– I saw an admin who books the conference room first. After she gets the confirmation from the conference room (Accepted by Auto Accept Agent in Exchange servers), she invites all other attendees.

– You may add two or three conference rooms into the same meeting request and check the availability at same time. Of course, you have to remove other conference rooms except the "One" from the meeting request later.