Bit

hi! i have following problem: if run windows server 2008 r2 datacenter oem system hyper-v host can use virtual key provided oem use unlimmeted amount of virtual machines windows server 2008 r2 datacenter on system. have downgrade rights use windows server 2008 r2 datencenter and windows server 2008 or windows server 2003 (r2)? still want use machines virtual key , server 2008 r2 additionally machines need to run server 2003 r2. does licence right change if add server cluster? i found link site ( http://www.microsoft.com/windowsserver2008/en/us/downgrade-rights.aspx ), redirects server 2012 page.  in addition read different unclear answers during research. people said possible , said not legal. know have downgrade right main key still want use server 2008 r2 hyper-v host. hendrik w. hi, thanks post. you need exercise downgrade rights, , can if have volume licensing agreement. information on oem, please consult license agreement or vendor more information. for

hi, last week deployed 2 servers 2012 r2. patches installed microsoft. day before yesterday .net3.5 installed on server not connected wsus. so when hit update got more 20 .net , servers' patches 200mb. the dates of patches 2014 2016. asked myself why not 1 roll quallity. clicked install. it took 2 hours of installation... after server freezing couple of times after restart , forced restart. i thought lost server. healed itself. today .net installed on second server patched microsoft last week. this server connected wsus. , brought me roll quality security .net of jan 2017. know february story. i thought it's fine if 1 cummulative installed. after hit update ms. and have 19 updates - .net dates 2014 2016. i decided ask forum before accepting this. sure, that i take snapshot of vm if decide go this. may next 1 cumulative .net cover found 2014? and why wsus upstream server doensn't see 2014 (may declined). the same server patches. @ least know roll

i need copy files folder $home\scripts (which in drive c:) usb drive, folder: f:\scripts. i want copy files extensions csv, ps1, psm1 , txt. f:\scripts contains many files, , don't want waste time copying files existing in folder. only either non existing or older files in f:\scripts should copied source ($home\scripts). right before being copied, files must processed private function called zipper (which compresses , encrypts file) , name '.bak' should added end of file fullname. for instance: source  ->  destination somename.ps1  ->  somename.ps1.bak somename.csv  ->  somename.csv.bak does has script this? i tried :         copy (*) -newornewer but did not work. any suggestion/idea? what asking best done robocopy.  account exisiting files , allow inclusion/exclusion extrension.  extremely fast. ¯\_(ツ)_/¯ Windows Server

hello all! i'm having strange issue when trying perform queries wbemtest in remote server 700.000 security events. when try query: select * win32_ntlogevent logfile = "security" it starts showing security events on remote server. when choose recent 1 (for example record number: 310137481) , try search record number: select * win32_ntlogevent logfile = "security" , recordnumber = 310137481 i don't have results. instead, if filter query attribute (like event type), throws events attribute. seems issue related recordnumber. just in case it's useful, server generating around 300.000 security events in 13 minutes (so takes 30 minutes event disappear event log). is there kind of limitation wmi doesn't allows find event in such big event log? hi, this english language forum. might want post query in technet spanish forum (este es un foro de idioma inglés. es posible que desee crear esta consulta en español haga clic aquí pa

i search on 10000 users aduc. i  pulled out users csvde. i check number of users aduc. so searched ldap query(objectclass=user) aduc when 10000 users, search stopped limitation. is there way can search on 10000 users aduc? registry editting ok ,too. also, if use (objectclass=user) query retrieve both user , computer objects. computer objects have class "user". should use filter: (&(objectcategory=person)(objectclass=user)) ----- you can count number of users in domain using following @ command prompt of domain controller: dsquery user -limit 0 | find /c "cn=" ----- the string "cn=" must upper case. richard mueller - mvp directory services Windows Server  >  Directory Services

hey! want prevent access local drives from "a:\" "m:\" ... know editing registry files (on local computer) ... need a gp configuration ....it possible modify gropu policy (we have a,b,c,d or drives ... in standard configurations ...)? it better if possible lock hdd partitions ... want all my users working server storage (via redirected folders). (in cases maybe, ... they need use removable storage ...) i'm using windows server 2008 r2 ... danny. hi, yes can achieve via gpo. using group policy objects hide specified drives support.microsoft.com/kb/231289 http://www.xenappblog.com/2010/using-group-policy-hide-map-specified-drives/ if found post helpful, please give "helpful" vote. if answered question, remember mark "answer". posting provided "as is" no warranties , confers no rights! test suggestion in test environment before implementing! Wi

i stumped on this, have been working @ 3 days , not found solution. background: have large domain , updates working across pcs , servers. on past week added 6 new 2012 r2 servers network. each of servers able detect , install updates, , reboot. after rebooting each have failed receive more updates since then. initial update did on servers done wsus server. when attempt update microsoft directly, update client still fails detect missing patches.  here log entry of attempt update microsoft directly: 2016-12-29 09:04:08:686 764 1b24 idletmr incremented idle timer priority operation counter 1 2016-12-29 09:04:08:686 4264 79c misc ===========  logging initialized (build: 7.9.9600.16441, tz: -0500)  =========== 2016-12-29 09:04:08:686 4264 79c misc  = process: c:\windows\explorer.exe 2016-12-29 09:04:08:686 4264 79c misc  = module: c:\windows\system32\wucltux.dll 2016-12-29 09:04:08:686 4264 79c cltui fatal: cnetworkcostchangehandler::regi

i have 2008r2 forest uses custom attribute has reached limit of values.  whenever try add new value following error: administrative limit exceeded (11) administrative limit exceeded ldapexception: server message: 00002024: svcerr: dsid-0205053d, problem 5008 (admin_limit_exceeded), data -1026 google provides no insight and dsid-0205053d doesn't seem appear anywhere.  any appreciated. thanks marc i learned lot investigating this. turns out there limit. far have found no microsoft documentation, these links explain some: https://social.technet.microsoft.com/forums/en-us/fea67c92-8dab-4711-8579-baaee4bca3f7/the-administrative-limit-for-this-request-was-exceeded?forum=identitylifecyclemanager http://blogs.technet.com/b/ad/archive/2008/12/19/too-much-of-a-good-thing.aspx i believe limit applies multi-valued attributes not linked. purpose limit replication traffic. 1 workaround use linked attribute. think because such attributes use lvr (linked value replication),

hey ms guru's, have ms domain 2 dcs running in server 2003 native mode client machines running xp sp3. have 5 laptops have wireless aircards/modems in them leave office regularly. staff want able access shares/resources on server home , other locations. no 1 uses roaming profiles (and i'd prefer keep way if possible) , documents redirected shares on server using gpos. after doing research believe want setup ipsec/l2tp tunnel between them , (i think) rras/ias server can securely dial in , authenticated on our network. plan setup authentication first check pki key , authenticate user in ad. have been googling hours looking white papers on setting rras server , ias server coming little short. here questions.... have links white papers on setting rras server , ias server , integrating ad domain (aka user accounts needed in ad etc) , how rras , ias work complete dial in process , authentication? while rras , ias can run on same server smart keep them (security wise

dear all, i install windows 2003 server file server in windows 2008 r2 domain. i have windows 2012 r2 standard additional dc.  please advice me right steps implement file server in our network.  tony tonyprabu@hotmail.com tony this have nothing hyper-v.  and, trying create unsupported environment.  windows server 2003 no longer supported operating system.  see can do. but, if want run unsupported environment, join 2003 server domain , make file server.  nothing special.  make sure have latest version/sp 2003.  better solution make file server  2012 r2 server. . : | : . : | : . tim Windows Server  >  File Services and Storage

please advise if have submitted wrong forum (again!!).   i advise prior deploying sp2 windows 2003 server.  current servers: dc: windows 2003 r2 standard sp1 (all fsmo roles) dc: windows 2003 standard sp1 (all fsmo roles) dc: windows 2003 standard sp1 (all fsmo roles)   ms: windows 2003 standard sp1 ms: windows 2003 r2 standard sp1 (exchange)   hp storage works nas 1500s (*2) ms: windows 2003 standard   i reading installation , deployment guide , little confused regards release notes known issues.   active directory if running initial version of active directory application mode (adam) available download, not able directly update computer windows server 2003 service pack 2 (sp2). if so, adam instances may stop functioning.   how can verify current version of adam? can install service packs on hp storage nas 1500 devices? many assistance, phil. no, should not install sp2 on nas 1500. windows 2003 sp2 windows  server  2003 s

hello friend , have built small script , working fine if see result in powershell window. if try send output in csv or txt via out-file cmdlet , not want. script $exch=get-exchangeserver out-file c:\exchtest\output.csv $file ="c:\exchtest\output.csv" foreach ($srv in $exch) {if ($srv.serverrole -match "edge") {write-host "cant go further"} else {write-host  "server name " $srv.name " , role :"  $srv.serverrole} get-wmiobject -computer $srv.name -class win32_volume -filter "drivetype=3" | select-object  name,label ,  @{name="capacity(gb)";expression={[math]::round($_.capacity/1gb,2)}}, @{name="free_space (gb)";expression={[math]::round($_.freespace/1gb,2)}},@{name="free_percentage";expression={[math]::round(([int64]$_.freespace/[int64]$_.capacity)*100,2)}} | ft | out-file $file -append} above syntax in bold want not coming in output file. if try ""

hello, i have existing 3 node windows server 2008 r2 failover cluster.  the node servers host numerous virtual servers (hyper-v) sql server 2008 r2 failover cluster. we host cluster in our own in-house "datacenter" have full class c address space.  our in-house "datacenter" has limited redundancy regards power, cooling , internet access so, going move our production cluster full service third party datacenter (colocation).  the third party datacenter providing new class c address space our domain necessitate changing of ip addresses associated our failover cluster.  i looking guidance on how best accomplish change.  i have been researching issue on own , have found following recommend steps: first, via failover cluster gui, take cluster resources offline (services , applications) , shut down virtual servers. next, stop cluster service on each of 3 node servers.  once done, physically shut down 3 node servers. next, move our production rac

hi all i don't know thing gmail have been hacked recently. what has been story ?  what name of ca server has been hacked ? where can read ( web link ) thanks during last year there has been 2 ca related hacks, first 1 comodo ca , second 1 diginotar ca in both cases fraudulent certificates many public site including googles gmail generated. http://technet.microsoft.com/en-us/security/advisory/2607712 http://technet.microsoft.com/en-us/security/advisory/2524375 /hasain Windows Server  >  Security

have bunch of w7 clients using ms iscsi target on w2008 r2 server backup purposes. there isns server running @ same machine. clients seem drop isns initiator registration randomly. found isnscli.exe registerdhcpoption thinking might serve isns server settings via dhcp. @ least says "configure isns dhcp option on available microsoft dhcp servers. command succeed, you must logged in dhcp server administrator." running isnscli registerdhcpoption seems produce broken entry on 2008 r2 dhcp server scope (cannot viewed/edited or anything) not seem have effect. so, considering that: - google found 0 references wrt functionality, except 2 pages documenting isnscli.exe options (verbatim copy of isnscli /?) - dhcp option not seem standardized my question - has ever worked, or experimental leftover or what? way distribute isns server settings client computers via gpo? cannot find in iscsi group policy template. noone? client or server issue? why initiators dropping

hi all,         hope fine.  wanted find out effect of root domains dcs unavailability child domains dcs.  if model such resources managed on child domain , root domain there keep schema safe , sound. thanks in advance. what trying accomplish?   you can't take root domain “offline” this.    your schem admin , enterprise admin in root domain.  if planning remove root domain, need perform migration.    since schema master , domain naming master , forest wide, following can happen if offline: schema master  – schema updates not available – these are generally planned changes, , first step when doing schema change "make sure environment healthy".  there isn't urgency if schema master fails, having offline largely irrelevant until want make schema change. domain naming master  – no new domains or application partitions can added – this sort of falls same "healthy environment" bucket schema master.  don't know of has randomly decided a

i managing 58 servers (windows 2003 server). during svt (stress volume test) require change times on servers , make sure synced particular time. during point sometime of servers not synced. there better idea resolve this. w32tm /resync /computer:masterserver w32tm /resync /computer:otherservers either using c# components or other commands. raghuram raichooti hello, assuming running domain, there clear time sync running shouldn't changed if not rellay reason exist. the dc having pdcemulator fsmo domain time soruce, none else. other dcs sync machine , domain member servers , clients sync 1 available dc. more details , how configure correc included in http://msmvps.com/blogs/mweber/archive/2010/06/27/time-configuration-in-a-windows-domain.aspx best regards meinolf weber mvp, mcp, mcts microsoft mvp - directory services my blog : http://msmvps.com/blogs/mweber/ disclaimer: posting provided no warranties or guarantees , confers no rights.

i have group of users who, if need occurs need restart services on 2008 dc. problem have if add them builtin server operators group seems stop delegate access., stopping them resetting passwords etc. way can allow them restart services on dc's without using built in security group ? thanks - joe. thanks - joe. can create gpo same in default domain controller policy go computer computer\windows settings\security settings\system services edit services want allow stop/start click edit security add user, or better group check "start, stop , pause service".then replicate between dc , issue gpupdate /force on dc after, user may stop/start service with: sc myserver stop xxx sc myserver start xxx (you may wrap in cmd files) hope helps best regards, sandesh dubey. mcse|mcsa:messaging|mcts|mcitp:enterprise adminitrator | blog disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights.

i have windows server 2008 shuts down around specific time every day , when login computer has recovered unexpected shut down. i have run blue screen view points @ following cause 'ntkrnla.exe' has been doing last 4 days , am unsure of how fix the problem. in event viewer there error saaying has shut down unexpected. below full blue screen message page_fault_in_nonpaged_area 0x00000050 please help? david hi,   please understand troubleshoot blue screen issues, need perform debugging. however, in forum, not provide debugging support. if perform debugging, please contact microsoft customer support service (css).   to obtain phone numbers specific technology request, please refer website listed below: http://support.microsoft.com/default.aspx?scid=fh;en-us;phonenumbers   if outside us, please refer http://support.microsoft.com regional support phone numbers.   tim quan

for automatic approvals using admin account , password.  if need change can i?  not see option is. for automatic approvals using admin account , password.  if need change can i?  not see option is. user accounts have absolutely nothing automatic approvals. automatic approvals not use user accounts; there's nothing change. what seeing that's leading conclusion. lawrence garvin, m.s., mcitp:ea, mcdba, mcsa solarwinds head geek microsoft mvp - software packaging, deployment & servicing (2005-2013) mvp profile: http://mvp.support.microsoft.com/profile/lawrence.garvin http://www.solarwinds.com/gotmicrosoft the views expressed on post mine , not reflect views of solarwinds. Windows Server  >  WSUS

dear technet forum, have searched on web cannot find looking for. handful of correct variables use in list , handful of wrong ones. if of have answer this, please feel free comment on examples below. will these obsolete if instead use *. contoso.com 2 ? http://contoso.com  2 http://*. contoso.com 2 https:// contoso.com 2 https://*. contoso.com 2 file://contoso.com 2 file://*. contoso.com 2 rules when adding ip’s or hostnames list? best regards christer tysdal masterchrister hi, this should work. technet subscriber support if technet subscription user , have feedback on our support quality, please send feedback here . yan li technet community support Windows Server  >  Group Policy

hi, i having issue planned failover between 2 hyper-v hosts - hosta , hostb on same domain - dns fine both servers can ping each other using fqdn , hostname - using kerberos authentication between hosts i can go "other" host fine , manually start reverse replication fine, not automatically part of planned failover.the same thing happens regardless of way failing on hosta hostb or hostb hosta a screenshot explains best, notice second highlighted section missing .local i have found 1 other reference issue http://social.technet.microsoft.com/forums/windowsserver/en-us/af8704b3-6623-40ba-af78-567f69a9eca1/hyperv-2012-replication-planed-failover-failed-to-resolve-the-replica-server#c7a08d0e-479a-40d1-8b64-fac309741e21 andy andrew hi, the post found correct, additional, if have heartbeat ethernet connection please disable netbios on tcp/ip. more information: modify network settings failover cluster http://technet.microsoft.com/en-us/library/cc

is possible powershell identify failed drive in raid array? hi, you may find script & link helpful: $obj = get-wmiobject win32_diskdrive -computer $servername $obj.status reference link: http://msdn.microsoft.com/en-us/library/windows/desktop/aa394132(v=vs.85).aspx hope helps...!!! please click “mark answer” if post answers question , click "vote helpful" if post helps you. Windows Server  >  Windows PowerShell

hi all, just in case has same issue thought share findings on how fixed admt error "wrn1:7814 unique match not found." during user migration. today when doing user migrations ad forest in czech republic global ad forest in usa had problems 40 users out of 60. admt kept giving me error: 2017-01-16 16:02:23 wrn1:7814 unique match not found. source object 'cn=aleš popelka,ou=tiskárna - obchod,ou=ostrava praha,ou=ostrava,ou=metaframe,ou=uživatelé,dc=source,dc=local' matches following target objects 'cn=ales popelka,ou=ostrava,ou=users,ou=cz,dc=target,dc=local', 'cn=aleš popelka,ou=ostrava,ou=users,ou=cz,dc=target,dc=local'. i checked in target ad , there 1 account. pretty sure not duplicate account. checked sidhistory on target account , there nothing there either. playing around different merge settings during user migration proved unsuccessful started @ admt include file @ time was: sourcename,targetsam,targetupn i tried remove targetupn