server 2003 domain to server 2016 domain migration

it can still be done

domain and forest level need be raised to 2003 first

got a problem sysvol / netlogon not showing up on the new DC

so, before migration, check dns is valid

that ghost problem bugged me again --- setup WID on a windows 2016 domain controller

when setup a PPTP server on a windows 2016 DC

I had that WID not starting issue again

the trick is to change WID to auto start rather than manual

I thought service set to manual start will start if needed

but in this case, not true, cause a problem and lots of frustration

就像《老人与海》里所说，一个人并不是生来就要被打败的。 只要坚持奔跑，最终赢的总是我们。 --- quote from the internet

就像《老人与海》里所说，一个人并不是生来就要被打败的。 只要坚持奔跑，最终赢的总是我们。 --- quote from the internet

KRACK Vulnerability --- please update your access point and devices -- the Ubiquiti case

KRACK Vulnerability --- please update your access point and devices -- the Ubiquiti case

https://help.ubnt.com/hc/en-us/articles/115013737328

a vulnerability was published about WPA2 encrypted networks, the currently known secure form of encryption available to protect WiFi devices.

 https://www.krackattacks.com/

During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.

https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4

I tried to update for my home ubiquiti AP last nite

and I found out my controller software does not show new firmware available

I have to update the controller software as well

I contacted ubiquiti support via chat ,

the process is backup config, uninstall old one without saving config, and install new one by importing config

D D.
Please find below the steps to upgrade the controller to the latest version:
- On the current controller, navigate to "Settings">>"Maintenance">>"Backup", Click "Download Backup" to save the .unf file
- Close controller
- Uninstall the current controller. Click "No" if and when the uninstaller asks about keeping configurations
- Install the latest controller: https://www.ubnt.com/download/unifi
- Controller starts. In the first browser page, restore the config from the previously saved .unf file
- After some time, all APs will be adopted by the newly upgrade controller and put into the "Connected (needs upgrade)" state
- To upgrade these APs manually click "Upgrade" button for an AP, check if it upgrades/works fine, then upgrade the other. Repeat this until all APs are upgraded. Do not do "Rolling Upgrade".


---------

to update AP firmware check this article

https://help.ubnt.com/hc/en-us/articles/204910064-UniFi-Changing-the-Firmware-of-a-UniFi-Device

New Journey started for me , Life goes on

New Journey started for me , Life goes on

Enable-ADAccount

https://technet.microsoft.com/en-us/library/hh852271(v=wps.630).aspx

Enable-ADAccount [-Identity]  [-AuthType  {Negotiate | Basic} ] [-Credential  ] [-Partition  ] [-PassThru] [-Server  ] [-Confirm] [-WhatIf] [ ]

windows 2016 VM runs on top of windows 2012 host

windows 2016 VM runs on top of windows 2012 host

its kind of works

when RDS enabled , had to force reboot once

then seemed ok

If you haven't updated your windows 2012 R2 , please do fsutil resource setlog maxextents 100 C:\ ;;; before you restart server 2012 R2

recently I restarted our windows 2012 R2 hyper-v host which not being restarted for a long time

it failed to start. I asked the data center guy to take a photo of the console, it crashed upon starting

the reason is being the server not be updated / restarted for a long time

luckily for me, the server crashed to recovery console for me, so I just do

Dism /image:C:\ /cleanup-image /revertpendingactions 

https://support.microsoft.com/en-us/help/3074603/error-c0190003-after-you-install-updates-in-windows-server-2012-r2


If you dont want this sort of shock , please do this on your windows server 2012 R2

fsutil resource setlog maxextents 100 C:\ 

Direct Access is not supported in windows Azure

Direct Access is not supported in windows Azure

active directory recycle bin --- it is a good feature , please enable it whenever possible

active directory recycle bin --- it is a good feature , please enable it whenever possible

I happen to have a chance to use that feature in a sort of an emergence

it is like a user Jane Doe got deleted last Friday, and something happened that a new user could not pick up what Jame Doe got ( this happened before I got involved)

so the client wanted Jane Doe's file and emails back

in the active directory admin center -- deleted objects --- I saw some recently deleted ids. but those ids not showing up as Jane Doe.... the original Jane Doe must be renamed before deletion

so I created a restore OU, and restored the user

the customer's AD is like server 2012 R2 AD + Exchange 2013 ...

depends how the user got deleted , you may or may not need re-attach user's mailbox

and I noticed it took a while to re-attach the user's mailbox

.......... phew .........
so active directory recycle bin is such a good thing

otherwise ... restore from backup .... how boring will that be

OpenVPN tunnel with a mobile site --- robustel R2000

OpenVPN tunnel with a mobile site --- robustel R2000

let me say I am impressed by this project

interestingly, one local mobile provider does not support PPTP, but openvpn works

udp 1194

got this working with two different mobile providers

the sim card may not be auto-detected, so APN accordingly

then I followed this Robustel document ( copyright is Robustel), I fully quote here

you use x.509 certificates

then upload certs to the R2000

in windows , If you need routing between subnets , you will need enable the openvpn windows server as a router, modify a reg key

migrate a SBS 2008 domain to a full windows 2016 domain

migrate a SBS 2008 domain to a full windows 2016 domain .........

its kinda the same like windows 2003 to windows 2012 R2 or windows 2016

join the new W2016 to domain, install ADDS , promote to DC , ALL in GUI server manager

it will do forestprep and domainprep, in my case , no need for cmd prep

and move all the FSMO roles over

then de-commission the old SBS 2008 server, use SBS 2008 server manager to remove all the roles from the SBS 2008 box, it took hours if not days, very slow, especially on a low end HP server ML110 G6 with 8GB RAM

there is a powershell cmd I like very much this time, it can move all the FSMO roles over in one command

no fiddling with fsmgmgt . dll

NOTE: in my personal view, move SBS to a full windows domain is much easier than migrating a SBS to a new version of SBS

uninstall exchange 2007 from SBS 2008 --- could not remove because of public folder replicas

https://www.msdigest.net/2011/09/cannot-remove-public-folder-database-from-exchange-2007-server/

Get-PublicFolderStatistics –Server SERVERNAME

Get-PublicFolderStatistics –Server SERVERNAME | Remove-PublicFolder

so
like

Get-PublicFolderStatistics –Server SSYOUNGAAAS | Remove-PublicFolder

get the removal underway

install windows server 2016 onto x3500 M5 with server guide --- no easy way with usb key drive --- but with double layer DVD+DL , it can be done

The update was:

CCI: IBM has cancelled your service request.


If you do not want to receive notifications saying your service request was updated, you can send e-mail to srhelp@us.ibm.com to inactivate this capability.

-------------

I tried to get some help from IBM /Lenovo regarding Windows 2016 installation using usb key ( server guide + windows media)

last year

and 

this year

they rekon I am after some info, and closed the cases

then I had to do it traditional way, burn serverguide dvd , burn DVD+DL for windows 2016

tried a couple of times. eventually installed windows 2016

but the current version uxspi not working inside windows 2016

BIG MISTAKE OF the week, converted a disk to dynamic disk, no easy way to convert back to basic

BIG MISTAKE OF the week, converted a disk to dynamic disk, no easy way to convert back to basic

there is no free tool to convert my W8.1 windows disk back to basic from dynamic

there is an old version of pw4.22 iso available on the internet, somehow saved a couple of days

hiren cd 15.2 could not do it, as the bundled version of PW is home edition

windows server 2012 R2 to windows server 2016 hyper-V replication in workgroup mode , to and from ; over the internet

windows server 2012 R2 to windows server 2016 hyper-V replication in workgroup mode , to and from ; over the internet

------

just done a project

the plan was to replicate over the vpn link, unfortunately , the vpn device ( home-made one) can only handle 3~4Mbps through-put

luckily both sites have fibre connection, so opened replication ports ( in this case 443), with the SSL as encryption

it is secure, in the future I will use a difference port as tcp 443 is too popular

 the main point in 2016 ~ 2012 R2 replication in work group mode is to use certificate to authenticate

windows 2012 R2 can use windows 7 sdk's make cert to make self-signed certificate

however that got deprecated in windows 2016

windows server 2016 uses powershell to generate self-signed certs

----------
kudos to

Vyacheslav Fedenko

for her excellent article

http://blog.fedenko.info/2016/06/hyper-v-replica-with-self-signed.html
----------------------

This kind of replication is usefully for a smallbiz with a few VMs ; ie without a big IT infrastructure


----------------

a couple of things noted in the process

New-SelfSignedCertificate -type "Custom"

by default, only valid for 1 year

so if you dont want to generate certs every year, you can do a root cert of 10 years

then other cert bit less than 10 years

------------
in the fail-over process from windows 2012 R2 to windows server 2016, it refused to do live fail-over, I had to shutdown VMs first, then fail-over

----------

VPN device VPN tunnel through-put , what a interesting topic
the inital replication over the vpn link broke after about 15 minutes, the replicate speed was at 6.5Mbps
this issue was attributed to some non-existent broadcast storm as eventually I concluded that device could not handle the high throughput of the fibre connection, the result is that the device reboots every 12~ 15 minutes

un-plug the IMM2+ cable and unplug Lan2~ Lan 3 cable from the IBM/Lenovo server do not help the situation
; luckily I get replication working over the internet without throttling the replication speed
it achieved about 50Mbps over the WAN

RH-01 error on MI MIX -- maybe this is my first Android problem

Gmail stopped working on family's MI- MIX

error RH-01

clear data on google play service --- this helped

https://www.quora.com/How-do-I-fix-Google-play-store-error-rh-01

https://productforums.google.com/forum/#!topic/play/mhjnC-G_Oww

------------

it happened again

I have to clear cache often

it is bizare , as I got Mi MIX 6GB+256GB ( with a broken screen); it has plenty of room

create a 3.2TB vhdx fixed disk takes 10 hours

create a 3.2TB  vhdx fixed disk takes 10 hours

what a wait

10 hours on a windows 2012 hyper-v

Hyper-V - shutdown VM - status shows "merge in Progress..."

Hyper-V - shutdown VM - status shows "merge in Progress..."

what the hell

i dont even recall i ever did a snapshot on this VM

its is a dynamic vhdx

it took about 1 hour to do this

server 2012 Hyper V

azure OZ upload speed sucks to dropbox

azure OZ upload speed sucks to dropbox

what a surprise

in Azure cloud -- OZ

I downloaded windows 2016 from VLSC at 50Mbps/s . that's ok

when I upload the ISO to dropbox via firefox web internface

dear the speed is 4Mbps

what a shocker

you may not mix RDS 2016 and RDS 2012 R2

you may not mix RDS 2016 and RDS 2012 R2
https://technet.microsoft.com/en-us/windows-server-docs/compute/remote-desktop-services/rds-in-azure

https://technet.microsoft.com/en-us/windows-server-docs/compute/remote-desktop-services/rds-supported-config

• Use Windows Server 2016 for your Remote Desktop infrastructure - the Web Access, Gateway, Connection Broker, and license server. Windows Server 2016 is backward compatible for these components - so a 2012 R2 RD Session Host can connect to a 2016 RD Connection Broker, but the reverse is not true.
• For RD Session Hosts - all Session Hosts in a collection need to be at the same level, but you can have multiple collections. You can have a collection with Windows Server 2012 R2 Session Hosts and one with Windows Server 2016 Session Hosts.
• If you upgrade your RD Session Host to Windows Server 2016, also upgrade the license server. Remember that a 2016 license server can process CALs from all previous versions of Windows Server, down to Windows Server 2003.

Use the Clear-MobileDevice cmdlet to delete all data from a mobile phone. This action is often called a remote device wipe.

 This cmdlet is available in on-premises Exchange Server 2016 and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.

Use the Clear-MobileDevice cmdlet to delete all data from a mobile phone. This action is often called a remote device wipe.

https://technet.microsoft.com/en-us/library/jj218658(v=exchg.160).aspx

Clear-MobileDevice -Identity WM_JeffHaymkass

RDP connections can be kicked out if not enough bandwidth

RDP connections can be kicked out if not enough bandwidth

if connected via a wan link

CIR = 1 Mbps not enough

ER = 30 Mbps does mean anything ?

RDP users could be kicked out of session

笔记本充电器 (source pconline.com.cn)

按输出电压电流分(充电器背后的标签上，一般写在OUTPUT 后面，写的是多少V，多少A)，这其中有12V系列、15V系列、16V系列、18.5V系列、19V系列、19.5V系列、20V系列、24V系列等，这只是电压，相同系列的电流还很能不同哦~另外，即便是电压电流都相同，它们的接口大小相同的几率也很小，单从接口的形状来说，长的、扁的、方的、圆的，然而，就圆还分大圆和小圆

　　倘若你的电源接口恰好可以插到另外一台笔记本中，那么恭喜你就算电流不相同也能给这台笔记本充电（电流大充电时间短，电流小充电时间长），当然电流不匹配对笔记本内部的硬件是有损害的，所以万不得已千万别这么玩

Control access to your presence information in Skype for Business

"Presence” and "privacy relationships" have specific importance in Skype for Business. 

(source : docs - ms)

What exactly is presence information in Skype for Business?

Your presence information includes your availability status (such as Available or Away), a color-coded presence indicator (such as green, yellow, or red), your schedule, your location, and any personal status messages or out-of-office notes you added.

What are privacy relationships in Skype for Business?

In Skype for Business, privacy relationships control how much of your online presence information others see.

Each of your contacts has one of five privacy relationships with you, and each relationship gives access to a different amount of information. For example, Colleagues, which is the relationship new contacts are given by default when you add them, can learn more about where you are, when you’ll be available, and how to reach you than External Contacts but less than Workgroup. Friends and Family, as you might expect, can see more of this information than all the others.

The one exception here is that contacts you have a Workgroup relationship with may need to find you at your work site, so only these contacts can see your meeting locations and get your attention via Skype for Business even if you’ve set your status to Do Not Disturb.

This table shows who can see what:

Type of information:	Available to:
	External Contacts?	Colleagues?	Workgroup?	Friends & Family?
Presence Information	Yes	Yes	Yes	Yes
Presence Status	Yes	Yes	Yes	Yes
Display Name	Yes	Yes	Yes	Yes
Email Address	Yes	Yes	Yes	Yes
Title *	Yes	Yes	Yes	Yes
Work Phone *			Yes	Yes
Mobile Phone *				Yes
Home Phone *				Yes
Other Phone	Yes	Yes	Yes	Yes
Company *	Yes	Yes	Yes	Yes
Office *	Yes	Yes	Yes	Yes
SharePoint Site *			Yes
Meeting Location #			Yes
Meeting Subject #		Yes	Yes	Yes
Free Busy		Yes	Yes	Yes
Working Hours		Yes	Yes	Yes
Location #		Yes	Yes	Yes
Notes (Out-of-Office Note)		Yes	Yes	Yes
Notes (Personal)		Yes	Yes	Yes
Last Active		Yes	Yes	Yes
Personal Photo Web Address (if applicable)	Yes	Yes	Yes	Yes

Skype for Business Online Limits -- my study note -- tehehehe

https://technet.microsoft.com/en-us/library/skype-for-business-online-limits.aspx

Meeting limits across Office 365 options

---

 

Feature	Skype for Business Server 2015	Office 365 Business Essentials	Office 365 Business Premium	Office 365 Education	Office 365 Enterprise E1 Office 365 Government E1	Office 365 Enterprise E3 Office 365 Government E3	Office 365 Enterprise E4 Office 365 Government E4	Office 365 Enterprise K1 Office 365 Government K1
File upload limit	500 MB	500 MB	500 MB	500 MB	500 MB	500 MB	500 MB	Not applicable
Participants in a Skype for Business meeting	250	250	250	250	250	250	250	Not applicable
Presenters in a Skype for Business meeting	250	250	250	250	250	250	250	Not applicable
Skype for Business web app meeting participants	250	250	250	250	250	250	250	Not applicable
Skype for Business web app anonymous participants	250	250	250	250	250	250	250	Not applicable
Guests joining by phone	250	250	250	250	250	250	250	Not applicable
Individuals in a team-call group	25	25	25	25	25	25	25

Peer-to-peer limits across Office 365 options

---

 

Feature	Skype for Business Server 2015	Office 365 Business Essentials	Office 365 Business Premium	Office 365 Education	Office 365 Enterprise E1 Office 365 Government E1	Office 365 Enterprise E3 Office 365 Government E3	Office 365 Enterprise E4 Office 365 Government E4	Office 365 Enterprise K1 Office 365 Government K1
File transfer limit	No limit	No limit	No limit	No limit	No limit	No limit	No lim

Enabling Office 365 Services - 70-347 -- do this and dig some gold

Enabling Office 365 Services - 70-347 -- do this and dig some gold

here are what's required

Skype  -- personal settings and Global settings

Configure Skype for Business Online end-user communication settings

• Turning off non-archived features for compliance, configure presence, configure available services, and configure per-user external communication using the web UI and Windows PowerShell
• Manage Skype for Business
• Enable external access; manage domains; manage Skype consumer connectivity; customize meeting invitations; disable push notification service using the web UI and Windows PowerShell; configure Cloud PBX, PSTN Conferencing, and Skype Meeting Broadcast

Clients and Devices

• Manage user-driven client deployments
  • Restrict self-provisioning of Office 365 ProPlus, Windows Store Apps and Mobile Apps, activation/revoke activation, and Office for Mac
• Manage IT deployments of Office 365 ProPlus
  • Manage deployment, manage streaming updates, manage deployments using the Office deployment tool, customize deployment
• Set up telemetry and reporting
  • Enable telemetry through Group Policy, set up telemetry service, interpret issues reported by telemetry dashboard, deploy telemetry agents to legacy Office clients
• Plan for Office clients
• Configure Outlook, Skype for Business client, Office Online, and click-to-run versus MSI; check configurations using the Microsoft Office Configuration Analyzer Tool (OffCAT); implement modern authentication for Office 365 clients

SharePoint

• Configure external user sharing
  • Enable external user sharing globally, enable per-site collection, share with external users, remove external user access using the web UI and Windows PowerShell
• Create SharePoint site collection
  • Set SharePoint Online site collection administrator, set resource quota and warning level, and automatic adjustment of site collection sizes; set storage quota for site collection, and configure name and URL of site collection using the web UI and Windows PowerShell
• Plan a collaboration solution
• Configure Yammer.com; coauthoring, Office 365 groups; access files across multiple client devices; migrate files to OneDrive for Business; implement enterprise eDiscovery using the web UI and Windows PowerShell; implement Office 365 video; use Delve for collaboration; configure Data Loss Prevention
• Exchange online
• Configure additional email addresses for users
  • Change default/reply to email address, bulk add/remove for new domain, manage secondary email aliases and SIP addresses using the web UI and Windows PowerShell
• Create and manage external contacts, resources, and groups
  • Create and manage resource mailboxes, create shared mailboxes, create external contacts, assign additional email address to contacts, create and manage distribution list and members, delegate permissions using the web UI and Windows PowerShell
• Configure personal archive policies
• Enable personal archive for mailboxes, create custom retention policy, create retention tags, apply retention policy to mailboxes, review and modify default retention policy using the web UI and Windows PowerShell
• Manage antimalware and anti-spam policies
  • Release quarantine, configure spam settings, configure lists, and configure notifications using the web UI and Windows PowerShell; implement Advance Threat Protection
• Recommend a mailbox migration strategy
  • Select the appropriate migration method from Remote move, Staged, Cutover, or IMAP using the web UI and Windows PowerShell; use the import service for data migration
• Plan for Exchange Online
  • Plan client requirements for archive, manage Office 365 Protection Center, enable Legal hold, configure OWA access, configure ActiveSync and Mobile Device Management using the web UI and Windows PowerShell, configure Data Loss Prevention

----------- updates ------------

Objective Domain
Exam 70-347: Enabling Office 365 Services
This document shows where changes to Exam 70-347 have been made to reflect the latest updates and features of Office 365. These changes are effective as of June 30, 2016.
Skills measured
1. Manage clients and end-user devices (20–25%)
1.1. Manage user-driven client deployments
Restrict self-provisioning of Office 365 ProPlus, Windows Store Apps and Mobile Apps, activation/revoke activation, and Office for Mac
1.2. Manage IT deployments of Office 365 ProPlus
Manage deployment; manage streaming updates; manage deployments using the Office deployment tool; customize deployment
1.3. Set up telemetry and reporting
Enable telemetry through Group Policy; set up telemetry service; report user issues; interpret issues reported by telemetry dashboard; deploy telemetry agents to legacy Office clients
1.4. Plan for Office clients
Configure Outlook, Skype for Business client, Office Online, and click-to-run vs. MSI; check configurations using the Microsoft Office Configuration Analyzer Tool (OffCAT); implement modern authentication for Office 365 clients
2. Provision SharePoint Online site collections (20–25%)
2.1. Configure external user sharing
Enable external user sharing globally; enable per site collection; share with external users; remove external user access using the web UI and Windows PowerShell
2.2. Create SharePoint site collection
Set SharePoint Online site collection administrator; set resource quota and warning level and automatic adjustment of site collection sizes; set storage quota for site collection and configure name and URL of site collection using the web UI and Windows PowerShell
2.3. Plan a collaboration solution
Use Configure Yammer.com versus newsfeeds; coauthoring, Office 365 groups; Project Online, access files across multiple client devices; migrate files to OneDrive for Business; Excel services, Visio services, App Store; implement enterprise
eDiscovery using the web UI and Windows PowerShell; implement Office 365 video; use Delve for collaboration; configure Data Loss Prevention
3. Configure Exchange Online and Skype for Business Online for end users (25–30%)
3.1. Configure additional email addresses for users
Change default/reply to email address; bulk add/remove for new domain; manage secondary email aliases and SIP addresses using the web UI and Windows PowerShell
3.2. Create and manage external contacts, resources, and groups
Create and manage resource mailboxes; create shared mailboxes; create external contacts; assign additional email address to contacts; create and manage distribution list and members; delegate permissions using the web UI and Windows PowerShell
3.3. Configure personal archive policies
Enable personal archive for mailboxes; create custom retention policy; create retention tags; apply retention policy to mailboxes; review and modify default retention policy using the web UI and Windows PowerShell
3.4. Configure Skype for Business Online end-user communication settings
Turn off non-archived features for compliance; configure presence; configure available services; configure per-user external communication using the web UI and Windows PowerShell
4. Plan for Exchange Online and Skype for Business Online (25–30%)
4.1 Manage antimalware and anti-spam policies
Release quarantine; configure SPAM confidence level spam settings; configure lists; configure notifications using the web UI and Windows PowerShell; implement Advance Threat Protection
4.2 Recommend a mailbox migration strategy
Select the appropriate migration method from Remote move, Staged, Cutover, or IMAP using the web UI and Windows PowerShell; use the import service for data migration
4.3 Plan for Exchange Online
Plan client requirements for archive; manage Office 365 Compliance Protection Center; enable Legal hold; configure OWA access; configure ActiveSync and Mobile Device Management using the web UI and Windows PowerShell; configure Data Loss Prevention
4.4 Manage Skype for Business global external communications settings

Enable external access; manage domains; manage Skype consumer connectivity; customize meeting invitations; disable push notification service using the web UI and Windows PowerShell; configure Cloud PBX, PSTN Conferencing, and Skype Meeting Broadcast

Set-CsMeetingConfiguration

Get-CsMeetingConfiguration | Where-Object {$_.AdmitAnonymousUsersByDefault -eq $False} | Set-CsMeetingConfiguration -PstnCallersBypassLobby $True

(source 

https://technet.microsoft.com/en-us/library/gg398648.aspx

Example 3, all the meeting configuration settings that do not allow the default admission of anonymous users are modified. To perform this task, the command first calls the Get-CsMeetingConfiguration cmdlet to return a collection of all the meeting configuration settings currently in use. This collection is then piped to the Where-Object cmdlet, which picks out only those settings where the AdmitAnonymousUsersByDefault property is equal to False. In turn, this filtered collection is piped to the Set-CsMeetingConfiguration cmdlet, which takes each item in the collection and sets the PstnCallersBypassLobby property to True.

Set-CsMeetingConfiguration enables you to modify the meeting configuration settings currently in use in your organization. Meeting configuration settings help dictate the type of meetings (also called conferences) that users can create, and also control how (or even if) anonymous users and dial-in conferencing users can join these meetings