How to enable the Disk Cleanup tool on Windows Server 2008 R2

I recommend you use using option #2 below for two reasons:

• Installing the Desktop Experience feature will not only install Disk Cleanup, but a lot of other crap you don't need or want on your server.
• Installing the Desktop Experience feature will require a server reboot

Enabling Disk Cleanup Tool

1) Go to Programs & Features, and in the Features section, enable/install "Desktop Experience".   The downside to this is that you will need to reboot your server after installing this and it installs other components you do not need on a server.

2) [RECOMMENDED] -  All you really need to do is copy some files that are already located on your server into specific system folders, as described at http://technet.microsoft.com/en-us/library/ff630161(WS.10).aspx

The location of the files you need to copy depend on your version of Windows:

Operating System	Architecture	File Location
Windows Server 2008 R2	64-bit	C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe
Windows Server 2008 R2	64-bit	C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui
Windows Server 2008	64-bit	C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.0.6001.18000_en-us_b9f50b71510436f2\cleanmgr.exe.mui
Windows Server 2008	64-bit	C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6001.18000_none_c962d1e515e94269\cleanmgr.exe.mui
Windows Server 2008	32-bit	C:\Windows\winsxs\x86_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.0.6001.18000_en-us_5dd66fed98a6c5bc\cleanmgr.exe.mui
Windows Server 2008	32-bit	C:\Windows\winsxs\x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6001.18000_none_6d4436615d8bd133\cleanmgr.exe

Once you’ve located the files move them to the following locations:

1. Copy Cleanmgr.exe to %systemroot%\System32.
2. Copy Cleanmgr.exe.mui to %systemroot%\System32\en-US.

You can now launch the Disk cleanup tool by running Cleanmgr.exe from the command prompt.

By Joe Piggee

How to Remove a Domain Controller

 

By Joe Piggee Sr.

Removing a domain controller by using the Windows interface

You can use the Active Directory Domain Services Installation Wizard to remove a domain controller from an existing domain.

Administrative credentials

To perform this procedure, you must be a member of the Domain Admins group in the domain.

Click Start, click Run, type dcpromo, and then press ENTER.

1. On the Welcome to the Active Directory Domain Services Installation Wizard page, click Next.

2. If the domain controller is a global catalog server, a message appears to warn you about the effect of removing a global catalog server from the environment. Click OK to continue.

3. On the Delete the Domain page, make no selection, and then click Next.

4. If the domain controller has application directory partitions, on the Application Directory Partitions page, view the application directory partitions in the list, and then remove or retain application directory partitions, as follows:

   • If you do not want to retain any application directory partitions that are stored on the domain controller, click Next.
   • If you want to retain an application directory partition that an application has created on the domain controller, use the application that created the partition to remove it, and then click Refresh to update the list.

5. If the Confirm Deletion page appears, select the option to delete all application directory partitions on the domain controller, and then click Next.

6. On the Remove DNS Delegation page, verify that the Delete the DNS delegations pointing to this server check box is selected, and then click Next.

7. If necessary, enter administrative credentials for the server that hosts the DNS zones that contain the DNS delegation for this server, and then click OK.

8. On the Administrator Password page, type and confirm a secure password for the local Administrator account, and then click Next.

9. On the Summary page, to save the settings that you selected to an answer file that you can use to automate subsequent operations in Active Directory Domain Services (AD DS), click Export settings. Type a name for your answer file, and then click Save. Review your selections, and then click Next to remove AD DS.

10. On the Completing the Active Directory Domain Services Installation Wizard page, click Finish.

11. You can either select the Reboot on completion check box to have the server restart automatically or you can restart the server to complete the AD DS removal when you are prompted to do so.

12. Open Server Manager. Click Start, point to Administrative Tools, and then click Server Manager.

13. In Roles Summary, click Remove Roles.

14. If necessary, review the information on the Before You Begin page, and then click Next.

15. On the Remove Server Roles page, clear the Active Directory Domain Services check box, and then click Next.

16. On the Confirm Removal Selections page, click Remove.

17. On the Removal Results page, click Close, and then click Yes to restart the server.

*http://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx

Active Directory: Creating a Cross Forest Transitive Trust

Active Directory: Creating a Cross Forest Transitive Trust

To create a forest trust

1. Open Active Directory Domains and Trusts.
2. In the console tree, right-click the domain node for the forest root domain, and then click Properties.
3. On the Trust tab, click New Trust, and then click Next.
4. On the Trust Name page, type the DNS name (or NetBIOS name) of another forest, and then click Next.
5. On the Trust Type page, click Forest trust, and then click Next.
6. On the Direction of Trust page, do one of the following:
   • To create a two-way, forest trust, click Two-way.
     Users in this forest and users in the specified forest can access resources in either forest.
   • To create a one-way, incoming forest trust, click One-way:incoming.
     Users in the specified forest will not be able to access any resources in this forest.
   • To create a one-way, outgoing forest trust, click One-way:outgoing.
     Users in this forest will not be able to access any resources in the specified forest.
7. Continue to follow the wizard.

* Reference: http://technet.microsoft.com/en-us/library/cc780479(WS.10).aspx

Useful Troubleshooting Commands

When cross-forest trusts fail, the secure channel should be verified to determine that a foreign DC can be identified and contacted. This post provides information on troubleshooting techniques in this scenario, and is really only the first step in troubleshooting - establishing that there are no DC locator issues determining what should be a valid DC across the trust.
The following commands are useful for troubleshooting secure channel issues, specifically name resolution, DC locator and connectivity:

· nltest /domain_trusts /v

· nltest /sc_query:%trusted_domain%

· nltest /sc_reset:%trusted_domain%[\%DCname%]

· nslookup -debug -type=srv _ldap._tcp.dc._msdcs.%domainFQDN%

Rename Domain–Windows Server 2008 R2

By Joe Piggee Sr.

First, the major prerequisites for a domain rename in a simple single domain forest:

• Enterprise Administrator credentials are required.
• The domain should be well formed and healthy.
• The forest functional level must be Windows Server 2003 or 2008, and all DC's running at least Server 2003.
• A DNS zone for the new domain must be in place.
• The Rendom and Gpfixup tools must be copied to a domain member workstation to perform the rename operations. The operations should not be initiated from a domain controller.
• See the TechNet link below for details on requirements if you're using DFS redirection, roaming profiles, running a CA, or Exchange Server.

The domain rename is performed using the Rendom tool, which is installed with Active Directory when running dcpromo. Once this process is started, you must ensure that no changes are made to the forest configuration until complete. The steps are as follows.
1. Run "rendom /list" to generate a state file named Domainlist.xml. This file contains the current forest configuration.
2. Edit the state file, changing the <DNSname> and <NetBiosName> fields to the desired values for the new domain name.
3. Run "rendom /showforest" to show the potential changes; this step does not actually make any changes.
4. Run "rendom /upload" to upload the rename instructions to the configuration directory partition on the domain controller holding the domain naming operations master role. The instructions are then replicated to all other DC's in the forest. Once replicated to all DC's, the rename instructions are ready to be carried out. You can force replication by running the "repadmin /syncall" command.
5. Run "rendom /prepare" to verify the readiness of each domain controller in the forest to carry out the rename instructions. This should contact all DC's successfully and return no errors before proceeding.
6. Run "rendom /execute", this verifies readiness of all DC's, then preforms the rename action on each one. There will be a service interruption during this period. Upon completion domain controllers will be rebooted. If an error occurs on a DC during this phase, the entire transaction is rolled back. Any DC's that don't complete successfully after this phase must be demoted and removed from service.
7. Run "gpfixup" to refresh all intradomain references and links to group policy objects.
8. Reboot client computers and member servers twice to obtain new domain name. Because the GUID's of the domain remain the same during the rename process, domain membership is not affected. The DNS suffix of the client machines will also be updated assuming the default option of "Change primary DNS suffix when domain membership changes" is enabled.
9. Run "rendom /clean" to remove references of the old domain name from Active Directory.
10. Run "rendom /end" to unfreeze the forest configuration and allow further changes. This was frozen during the rendom /upload step.
Should you have any problems with clients recognizing the new domain name, you can remove them by running "netdom remove <machine-name> /Domain:<old-domain> /Force", rebooting, then rejoining the new domain. Once the rename is complete, there is one final change required on domain controllers. The DNS suffix of a DC is not changed as part of this process. This must be changed manually or the DC's will have a DNS suffix that differs from the AD domain name.

Server 2008: Backup Active Directory

By Joe Piggee

1. Open NTBACKUP by either going to Run, then NTBACKUP and pressing Enter or by going to  Start / Accessories / System Tools. Or my personal method, Click Start/ Run/ Type NTBACKUP.
2. If you are prompted by the Backup or Restore Wizard, I suggest you un-check the "Always Start in Wizard Mode" checkbox, and click on the Advanced Mode link.
3. Inside NTBACKUP's main window, click on the Backup tab.
4. Click to select the System State checkbox. Note you cannot manually select components of the System State backup. It's all or nothing.
5. Enter a backup path for the BKF file. If you're using a tape device, make sure NTBACKUP is aware and properly configured to use it.
6. Press Start Backup.
7. The Backup Job Information pops out, allowing you to configure a scheduled backup job and other settings. For the System State backup, do not change any of the other settings except the schedule, if so desired. When done, press Start Backup.
8. After a few moments of configuration tasks, NTBACKUP will begin the backup job.
9. When the backup is complete, review the output and close NTBACKUP.

Determine Domain Functional Level

 

By Joseph Piggee

Here are some simple steps to determine the Functional Level of your Windows Domain/Forest:

1. Open up the Active Directory Domains and Trusts MMC found in your Administrative Tools folder. (Also found in the Control Panel or in the Start Menu).
2. To check the domain functional level, right click on the current domain and select Properties, this will show you the current Domain and Forest Functional Level.

Disable IPv6

 

By Joseph Piggee Sr.

http://support.microsoft.com/kb/929852

IPv6 can be disabled either through the DisabledComponents registry value or through the check box for the Internet Protocol Version 6 (TCP/IPv6) component in the list of items on the Networking tab for the properties of connections in the Network Connections folder. The following figure shows an example.

The DisabledComponents registry key affects all interfaces on the host. However, the check box on the Networking tab affects only the specific interface. The DisabledComponents registry value does not affect the state of the check box. Therefore, even if the DisabledComponents registry key is set to disable IPv6, the check box in the Networking tab for each interface can still be checked. This is expected behavior.

Note Unchecking the checkbox on a network adapter will not disable IPv6 on the host. It will unbind IPv6 from this adapter. To disable IPv6 on the host, follow the steps below.

To use the DisabledComponents registry value to check whether IPv6 was disabled, run the following command at a Windows command prompt:
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents

You may receive the following error message:
ERROR: The system was unable to find the specified registry key or value.
If you receive this error message, the DisabledComponents registry value is not set. If the DisabledComponents value is set, it overrides the settings in the connection properties.

To enable or to disable IPv6 or to selectively enable or disable components of IPv6 automatically, click the Fix this problem link. Then, click Run in the File Download dialog box, and follow the steps in this wizard.

Windows Activation Error - 0x80072EE2 & 0x8007EFE

By Joe Piggee

Error x80072EE2 & 0x8007EFE

This error normally indicates a connection issue. Very vague, but true. To fix this try the following:

• Turn off the firewall, and retry activation
• Check Date & time settings. If you needed to change anything on the date or time, restart the server before retrying the activation
• Finally, make sure you aren't using a KMS key without a KMS server.
• And verify the key code is correct.