EXPORTING AND IMPORTING GROUP POLICY OBJECTS – WINDOWS SERVER

EXPORTING AND IMPORTING GROUP POLICY OBJECTS – WINDOWS SERVER 2008

 

There may be times when it is useful to use an existing Group Policy Object (GPO) as a template for a GPO on another server, or perhaps you just need to perform a GPO backup and restore. Here is how to export and import GPOs from the command line.

Starting the Group Policy Cmdlet in Powershell

Firstly, from the command line start powershell and import the Group Policy Cmdlet:

powershell

import-module
grouppolicy

Exporting a GPO

Check that the backup directory you wish to use exists. If not, create it.

Powershell command:

Backup-GPO
-Name
<GPOName>
-Path
<BackupDirectoryPath>

Example: to backup a GPO called “Example GPO” to the directory “C:GPOBackup”

Backup-GPO
-Name
"Example GPO"
-Path
"C:GPOBackup"

Importing a GPO

Keeping the same GPO Name

Powershell command:

Import-GPO
-BackupGPOName
<GPOName>
-CreateIfNeeded
-Path
<BackupDirectoryPath>

Example: to import a GPO called “Example GPO” from the directory “C:GPOBackup”

Import-GPO
-BackupGPOName
"Example GPO"
-CreateIfNeeded
-Path
"C:GPOBackup"

Renaming the GPO

Powershell command:

Import-GPO
-BackupGPOName
<GPOName>
-TargetName
<NewGPOName>
-CreateIfNeeded
-Path
<BackupDirectoryPath>

Example: to import a GPO called “Example GPO”, renaming it to “New GPO”, from the directory “C:GPOBackup”

Import-GPO
-BackupGPOName
"Example GPO"
-TargetName
"New

Copy Immutable ID and Proxy Addresses from Azure to AD

Reuse DirSync in a new server after removing DirSync or in case DirSync server has crashed or no longer working.

In order to do so you will have to launch Azure powershell in admin mode and connect to MSOL service as in the following snapshot

$cred = get-credential
After connecting then type/copy the following
Get-MsolUser -ReturnDeletedUsers -All | Out-GridView

clip_image001[5]

Once you type enter a GUI will come up showing you all the deleted users list, you should delete any old non-usable account that has similar attributes to the ones that you’re about to Sync from the AD to O365.

clip_image002[4]

Once you’re sure about what do you want to delete you can go ahead with the following Command to delete the users

Note:
You must be sure that when you run this command, you will no longer be able to restore any deleted item or object later on.

Get-MsolUser -ReturnDeletedUsers -All | Remove-MsolUser -RemoveFromRecycleBin -Force –Verbose

clip_image003[4]

Now you should run the following Script on the same open powershell in order to start the copying process.

Import-Module Msonline
Import-Module ActiveDirectory
$cred = Get-Credential
Connect-MsolService -Credential $cred
$onlineusers = Get-MsolUser -All
$adusers = Get-ADUser -Filter *

Press enter and when you want you get prompted to select an option choose 1 and enter

clip_image004[4]
<<immutableİDmatch.ps1>>

After the copy is finished you can match for yourself the list of ImmutableID along with the GUID
Ldifde -f dump.txt

Dump.txt

clip_image005[4]

clip_image006[4]

Hope you find this useful coz I did Winking smile 

Step by Step Installating Exchange server 2013 from scratch (Part 1)

Step by Step Installing Exchange server 2013 from scratch (Part 1)

In this part, I will be demonstrate how to Install exchange 2013 and prepare new Databases along with preparing the servers for high availability (DAG).

 

Prerequisites:

– Two Microsoft Windows 2012 R2 servers with 16 GB ram and 200GB disk divided unto two partitions.

– Two NIC, one for MAPI and one for replication.

– Exchange 2013 CU8 setup to directly go to the latest available update.

 

Installing Prerequisites on all exchange servers

Launch Powershell as administrator and copy then paste the following.

 

Install-WindowsFeature RSAT-ADDS

From <http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx>

When finished continue with the following Cmdlet on each Exchange server.

 

  • Install only the Mailbox server role on a computer.
  • Install only the Client Access server role on a computer.
  • Install both the Mailbox and Client Access server roles on the same computer.
  •  

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

 

From <http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx>

 

First thing we extract the setup file and then from command line as administrator we run Setup as below

 

Setup /PrepareSchema /IAcceptExchangeServerLicenseTerms

clip_image001

setup /PrepareAd /IacceptExchangeServerLicenseTerms /OrganizationName: Organization Name

clip_image002

Setup /Preparedomain /IAcceptExchangeServerLicenseTerms

clip_image003

Setup /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

clip_image004

You should download and install the following software prerequisites as per Microsoft’s TechNet article regarding the installation. the software is available the link I posted earlier above or through this link Exchange_Prerequesties

 

clip_image005

clip_image006

After running all the prerequisites , we can start installation of Exchange 2013

clip_image007

clip_image008

clip_image009

clip_image010

clip_image011

clip_image012

clip_image013

clip_image014

Here I am going to change Exchange’s default installation path and place it on a different partition to avoid any data loss in case of Windows server crash or booting issues.

clip_image015

clip_image016

clip_image017

clip_image018

clip_image019

Now we install the second Exchange server, that will hold the same roles on it as the first one (Mailbox and CAS).

The steps are going to be exactly the same except that you won’t have to prepare the schema or AD since it’s already prepared.

Installation has finished for both servers

clip_image020

Creating DATABASES:

NOTE:

It’s better to mount the database upon creation and not restart the IS instantly after that.

Now it’s time to create new Databases and replace them with the default ones that come with the Installation

First we’ll have to start off by creating our targeted databases which we want to use them. Note that for the standard version of Exchange 2013 you can only create up to 5 databases per mailbox server.

In order to demonstrate all benefits of Exchange 2013 and its features including DAG. I will create 2 databases. One database on each server.

The first database will be called DB1SRV1

clip_image021

As soon as we have created the Database, we faced the following error with event ID 106

clip_image022

Then another warnıng from MSExchangeFastSearch wıth event id 1006

clip_image023

This indicates that a database should not be mounted upon creation, you should untick the mount DB option when you create one.

After waiting a bit the following logs should appear and show a healthy indexing start.

clip_image024

clip_image025

Once the DB has been created, Exchange AC will require that you restart the IS (Information store Service) in order for replication to happen without an issue.

clip_image026

Database is showing healthy and no issues so far.

clip_image027

Now we’ll create a new DB on the second server without ticking the mount DB option.

clip_image028

clip_image029

Microsoft Exchange Server Locator Service failed to find active server for database ‘de5f3051-c202-4976-b8e4-65bbbe0c2395’. Error: The database with ID de5f3051-c202-4976-b8e4-65bbbe0c2395 couldn’t be found.

clip_image030

The same exact errors came after creating the Database without mounting it.

clip_image031

Now let’s restart the IS service and mount our database then see what happens..

clip_image032

Upon restarting the service, we get the following error which is related to the MS Exchange replication service . It noticed that the database that we have created has never been mounted in order to start the indexing.

clip_image033

Let’s mount the database and see the changes

clip_image034

Mounting the database have got the AM to report successfully and after couple of seconds the MSExchangeFastSearch will check out if the database have any indexing files.

clip_image035

No indexing state have been found and so the FastSearch service will give you a 1013 warning report. This is a good warning because it reports that the service is working properly and that it will create the indexing folder after couple of minutes as we’ll see later.

It takes approximately 3-5 minutes for the database to start the indexing.

clip_image036

Now on the EAC, the DB should report healthy. Let’s see

clip_image037

Removing Default databases

First step before deleting the default databases is to move any system mailboxes or arbitrary mailboxes in them to the newly created databases…

Paul Cunningham wrote a great article on how to do this using Powershell … in the following link

Get-Mailbox -Database "Mailbox Database 2" | New-MoveRequest -TargetDatabase "Mailbox Database 1"

First we’ll have to copy the default databases’ names in notepad to run the command properly.

Get-Mailbox -Database "Mailbox Database 0043173996" | New-MoveRequest -TargetDatabase "DB1SRV1"

clip_image038

Time to remove arbitrary mailboxes from the default DB to the new DBs

The command is going to look like this

Get-Mailbox -Database "Mailbox Database 0043173996" -Arbitration | New-MoveRequest -TargetDatabase "DB1SRV1"

clip_image039

All mailboxes have already been moved to the new DB, now let’s check if there’s anything left in the Old DB.

clip_image040

To remove the DB, you will have to type the following command in EMC:

Remove-MailboxDatabase -Identity "Mailbox Database 0043173996"

clip_image041

The warning above is apparently due to Exchange permission on AD. It has been described in detail on how to solve this warning by  Nuno Mota in the following Link.

From <http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2013/ManagementAdministration/exchange-2013-error-deleting-database.html>

For the second server, You will have to repeat the same steps as on the first deleted MB Database.

clip_image042

 

Hope you like this, Stay tuned for the second part Winking smile 

 

 

The mailbox of user Migration that is located on a server that is running version 14 can’t be opened on a server that is running version 15.

In some scenarios when you have configured Exchange 2013 with Exchange 2010 or 2007, you may get this errors:

 

Error

The mailbox of user Migration.8f3e7716-2011-43e4-96b1-aba62d229136@kibtek.com that is located on a server that is running version 14 can’t be opened on a server that is running version 15.

clip_image001

Resolution:

On Exchange 2013 Server run the following cmdlet :

New-MoveRequest -Identity "Migration.8f3e7716-2011-43e4-96b1-aba62d229136@kibtek.com" -TargetDatabase "Mailbox Database 1414468119"

 

clip_image002

 

After the move of this particular mailbox completes then you will not see the error again

 

clip_image003

clip_image004

 

 

Adding second copy of a database on Exchange 2013 SP1 CU7 results in the Error Event ID 1010

Adding second copy of a database on Exchange 2013 SP1 CU7 results in the   Error Event ID 1010

After you create a DAG and add mailbox members to it, you try to add a copy of a certain database but you receive the following error:

Error:
Seeding of content index catalog for database DB2 failed. Please verify that the Microsoft Search (Exchange ) and the Host Controller service for Exchange services are running and try the operation again. Error :Could not connect to net.tcp://localhost3863/Management/Seedingagent-XXXXX/Single. The connection attempt lasted for a time span of xx:xx:xx. Tcp error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:3863

clip_image001
Update-mailboxdatabasecopy -identity EKMBX2Personel -sourceserver ekmbx1 -catalogonly
clip_image002
clip_image003

An operation attempted against a FAST endpoint exprienced an exception. This operation may be retried. Error details: Microsoft.Exchange.Search.Fast.PerformingFastOperationException: An Exception was received during a FAST operation. —> System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at net.tcp://localhost:3863/Management/SeedingAgent-19A34885-5F8D-4953-898C-D654FEE6EBA112/Single that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
Server stack trace:
at System.ServiceModel.Channels.ConnectionUpgradeHelper.DecodeFramingFault(ClientFramingDecoder decoder, IConnection connection, Uri via, String contentType, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.DuplexConnectionPoolHelper.AcceptPooledConnection(IConnection connection, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Ceres.SearchCore.Admin.ISeedingManagementAgent.GetSeedingEndPoint()
at Microsoft.Exchange.Search.Fast.FastManagementClient.PerformFastOperation[T](Func`1 function, String eventLogKey)
— End of inner exception stack trace —
Cause:
Node not listening on the required port.

Resolution:
Stop the following Services

– Microsoft Exchange Search
– Microsoft Exchange Search Host Controller

clip_image004

Navigate to the following path:

ExchangeFolderBinSerachCeresInstaller

and run the following script to reinstall the search foundation for Exchange

Command
.installconfig.ps1 -action u -dataFolder ‘ExchangePATHBinSearchCeresHostControllerData’

Example:
.installconfig.ps1 -action u -dataFolder ‘E:MicrosoftExchangeServer2013BinSearchCeresHostControllerData’

clip_image005

The first step will uninstall the services:

[PS] E:MicrosoftExchangeServer2013BinSearchCeresInstaller>.installconfig.ps1 -action u -dataFolder ‘E:MicrosoftExchangeServer2013BinSearchCeresHostControllerData’

Uninstalling configuration of Search Foundation for Exchange…
Uninstallation complete

The second step will be reinstalling the service foundation again. the only difference in the cmdlet is the parameter -i

.installconfig.ps1 -action i -dataFolder ‘E:MicrosoftExchangeServer2013BinSearchCeresHostControllerData’

Configuring Search Foundation for Exchange….
Successfully configured Search Foundation for Exchange

After doing this you should delete the copy database’s index folder, and then start the services again.

Note:
After restarting the services, it could take 10-15 minutes for the database indexing to start and for it to report healthy.

 clip_image004

Adding host on VMM causes warning Multipath I/O not enabled for known storage arrays on host x.x.x.x

Installing host agent and configure it on VMM error

 

When you try to add a new host to the VMM , you get the following warning:

Warning (26179)

Multipath I/O not enabled for known storage arrays on host x.x.x.x

 

image

 

 

Resolution:

In order to resolve this problem, you will have to install two features on the host machine.

 

To do so, run Windows Powershell as admin

Run the following Cmdlets then

Import-Module ServerManager
Add-WindowsFeature Multipath-IO

 

image

 

Once the command is finished it’s recommended to restart the server.

You receive an error 408 when you try to install VMMAgent on HyperV host machine that you would like to add to SCVMM 2012 for management.

You receive an error 408 when you try to install VMMAgent on HyperV host machine that you would like to add to SCVMM for management.

 

Error (408)

lynchyperv.lab.com has an unsupported version of the Virtual Machine Manager agent installed.

Recommended Action

Uninstall the Virtual Machine Manager agent using Add or Remove Programs on lynchyperv.lab.com, and then try the operation again.

clip_image001

 

Resolution:

First uninstall any agent on the HyperV host machine.

Then on the SCVMM Server, navigate to the following path

C:Program FilesMicrosoft System Center 2012 R2Virtual Machine Manageragentsamd64

clip_image002

Copy the folder 3.2.7895.0 to the Host machine that you want to add it to the VMM server and run to install the agent and try again to add the agent.

 

As in the below snapshot .. this will work for you

clip_image003

clip_image004

Done

clip_image005