Exchange 2003.Event ID 8026 MSExchangeAL LDAP Bind was unsuccessful on directory for distinguished name. Directory returned error: [0x51] Server Down.

You demote your domain controller and then your exchange starts logging the following event.

Source: MSExchangeAL
Category: LDAP Operations
Event ID: 8026
User: N/A
Computer: "name of your exchange server"
Description: LDAP Bind was unsuccessful on directory "name-of-demoted-domain-controller" for distinguised name. Directory returned error: [0x51] Server Down.

Cause:
Your recipient update service was set to work with the demoted domain controller. Since the domain controller has been demoted, the recipient update service will shout when it doesn't find what its looking for.
Recipient Update service plays a role in creating exchange specific attributes in active directory like automatic generation of SMTP addresses that has been defined for users. You can read more of this in http://support.microsoft.com/kb/319065.

Solution:

1. Open the exchange "System Manager".
2. Expand Recipients container and then click on "Recipient Update Services".
   
   
   
   3. On the right panel, double click each of the recipient update services and change the "Windows Domain Controller" to point to your new windows domain controller.
   
   

How to Delegate a user or a group to unlock a user account

To unlock a user account you will need to have Read/Write access to "Lockout time". The following will show you how to delegate a user/group to unlock an account.

1. Right click on the Organizational Unit where the user accounts are located.
2. Select "Delegate Control" from the menu.
3. Delegation of Control Wizard will pop up. Click Next.
4. In the "users or groups" dialog box, click "Add" to add a group or a user.
5. After successfully adding the user or group, click Next.
6. In "Tasks to Delegate" box, choose "Create a custom task to delegate" and click Next.
7. In the "Active Directory Object Type" choose "Only the following objects in the folder" and then from the available choices choose "User objects" and click Next.
8. In "Permissions" box, choose "Property-specific" checkbox. Then choose "Read lockout Time" and "Write Lockout Time" from the list of permissions.
9. Click Finish.
   

Backup Exec 0xe000846b Resource could not be backed up because error occurred while connecting to the Backup Exec for Windows Servers Remote Agent.

When you decommission a server, in your Backup Exec job status log you might see an error "Completed status: Failed Final error: 0xe000846b - The resource could not be backed up because an error occurred while connecting to the Backup Exec for Windows Servers Remote Agent. Make sure that the Remote Agent is installed on the target computer and is running.Final error category: Resource Errors"

You will need to remove the non existent server from the list of servers that the backup job includes in its job. However, you may not see the server in graphical list like you used to, that is, backup_job-->properties-->Source-->selection-->Remote selections (in middle pane)-->Microsoft Windows Network-->"your domain name"-->"your server name".

So you will need to switch to "text" from View format. This is located in the top of the right pane nearby "Advanced" button in "properties" of the job in context. Selecting that will list all the servers that job includes along with the decommissioned one. Click on every backup selections for that non existing server and use "Delete" button on the right to clear it out from the list.

Having done this, you backup should not shout anymore.

The link below contains the things said above in a more graphical manner.

http://seer.entsupport.symantec.com/docs/277355.htm

Event Viewer System Event Log: The Event Log File is Corrupt

How To Delete Corrupt Event Logs

Event logs can get corrupt. In my case it was the systems log. Here's how you rectify the issue.

1. Start the services console by going to Start--> Run--> type "services.msc" without quotes--> OK. Or, you can go to Control Panel-->Administrative Tools-->Services.
2. After services console come up on the right pane locate "Event Log" service. Double click the Event Log service and go to "general" tab.
3. On "startup type" you will see "automatic". From drop down menu, select "disabled" and click "OK".
4. Restart the server.
5. Go to %windir%\system32\config (%windir% refers to WINDOWS folder. Usually inside C: drive).
6. Locate the corrupt event log (mine was SysEvent.Evt). Move it to a different location (perhaps desktop).
7. Go to services console and located Event Log service. Double click it and change the "Startup Type:" to "Automatic". Click Ok.
8. Start the Event Log service by clicking on "start" link on top left corner of right pane of services console.

Restart if need be. In my case, I didn't have to. Once verified that the event log is working, you can delete the corrupt file that was moved. Some people recommend changing the NIC to "full duplex" if the above technique does not work.

Also, see http://support.microsoft.com/default.aspx?scid=kb;en-us;172156 for reference.

How to view or list group memberships for a user in Active Directory

There are two ways. One is to use a support tool called "ldp.exe" and the other is to script. Lets us talk about ldp.exe first.

LDP

This is a GUI tool that lets you view objects stored in active directory along with metadata. A very useful tool. The tool is included when you install windows server 2003 support tools from your install CD or http://www.microsoft.com/downloads/details.aspx?FamilyID=96a35011-fd83-419d-939b-9a772ea2df90&DisplayLang=en.

Assuming you have installed the support tools on your client computer, here is how we use it to view group memberships for a user.

1. Go to start --> Run and bring up the command prompt by typing "cmd".
2. Navigate to C:\Program Files\Support Tools and type ldp.exe. If you don't want to type in the path everytime you go to command prompt you can create a shortcut and have "C:\WINDOWS\system32\cmd.exe /K" as the Target and "C:\Program Files\Support Tools\" as the "Start in:" location. So whenever you hit that shortcut it will take you to "C:\Program Files\Support Tools\".
3. Upon execution of ldp.exe, you will get a GUI. Go to "Connection"-->Connect. A dialog box appears. On the "Server" field type in the name of your primary domain controller. Port is "389". You don't need to check the "connectionless" and "ssl" option. Click OK. LDP will then retrieve base DSA information. If it can't connect it will error out saying "Fail to connect" to "server".
4. After successful connection you will need to bind to the domain controller. Click on Connection-->Bind. Enter your domain username, password and domain name. Check the domain name checkbox. Click Ok. You should be able to bind if you are an authenticated user. Most domains allow Read permission to authenticated users by default.
5. Go to "View"-->Tree. A "Tree View" dialog box appears. To the right of BaseDN: is a drop down menu. Choose your domain Base DN from there eg. DC=Kathmandu,DC=local. Click OK.On the left pane you will see baseDN of your domain with a + sign on the left.
6. Expand the + to the left of baseDN.That will list all the available OUs in your active directory.
7. Expand the OU where the user belongs by double clicking it. This will list the users and objects in that OU. If the OU contains large number of users it may take sometime before everyone is listed.
8. Once expanded, double click the user in context. On the right pane you will see the user's attributes listed. The attribute of interest to us is "memberOf". This lists what group membership the user has. Every group membership is shown in distinguished name format eg if the user belongs to group "twain" in OU=fiction in domain "kathmandu.local" then " CN=twain,OU=fiction,DC=kathmandu,DC=local".
9. You may copy the whole of the text under "memberOf" and paste it to a notepad for further editing.
   

VBScript

We will need to know the user's distinguished name before we can retrieve the information. For more info on distinguished name go to http://msdn.microsoft.com/en-us/library/aa366101(VS.85).aspx. For now lets say, we have a user Huckleberry Finn (as is displayed in Active Directory listing) in Twain OU in Kathmandu.local domain. Then the DN for that user would be CN=Huckleberry Finn,OU=Twain,DC=Kathmandu,DC=local. Having said that, here's the script:

Set objSysInfo = CreateObject("ADSystemInfo")

strUserDN = "CN=Huckleberry Finn,OU=Twain,DC=Kathmandu,DC=local"

Set objUser = GetObject("LDAP://" &strUserDN)

On Error Resume Next

arrGroups = objUser.GetEx("memberOf")

If (Err.Number <> 0) Then

On Error GoTo 0

Wscript.Echo "Member of no groups"

Else

On Error GoTo 0

WScript.Echo "Member of Group: "

For Each strGroup In arrGroups

strFormatted = Split(strGroup,",")

strFinal = Split(strFormatted(0),"=")

Wscript.Echo " " &strFinal(1)

Next

End If

(This script is entirely not mine. Parts of the code was gotten from http://www.rlmueller.net/MemberOf.htm and slightly modified to generate desired output. )

Save the file to a folder in your computer. Lets say I saved it as groupmembership.vbs in C:\scripts. To run it go to the command prompt. Change the directory to C:\Scripts then use cscript to run the script. It would look something like

C:\Scripts\cscript //nologo groupmembership.vbs > C:\groupmembershipOutput.txt

This will generate a text file in C:\ with a name groupmembershipOutput.

If you don't specify the full path of the output location eg:

C:\Scripts\cscript //nologo groupmembership.vbs > groupmembershipOutput.txt

then the output file will be generated in the C:\Scripts folder itself.

The //nologo can be omitted. If you omit that, it will write a couple of lines about the script version and copyright info on your output file.

Last but not the least, changing the output type to .csv extension will generate a comma separated value output file which can be manipulated in excel.

Final note: don't reinvent the wheel but make sure you have a grasp of what you are doing.

How to increase the size of C drive in windows virtual machine in ESX 3.5

Let me first talk about extending the size for a non boot partition of a windows 2003 virtual machine in vmware esx 3.5.

To extend a non boot partition in windows 2003 virtual machine, you don't need to shut the system down. Lets say our virtual machine is Test1 with a D drive of 1 GB. To increase the D drive from 1 to 2 GB do this:

1. Go to "Test1" virtual machine properties by clicking on "Edit virtual machine settings" on VMWare Infrastructure Client.
2. Select the hard drive that you want to extend. Increase the disk size and click Ok. Wait for the process to complete.
3. Go to the virtual machine "Computer Manangement" console and click on "disk management". You will see the extra space that you added as a chunk of unallocated block right next to the existing disk. You will need to extend the current disk to the available extra space.
4. Go to the command prompt and type "diskpart". This will activate the diskpart utility. Then type "list volume" (looks like "DISKPART>list volume"). That will list the existing volumes.
5. Select the volume you need to extend the size of by "select volume x" where x is the volume number (eg. "DISKPART>select volume 1"). It will inform that "volume 1" is the selected volume.
6. Then extend the volume by "extend" ("DISKPART>extend"). You can notice in the disk managment console that the volume is extended. You can exit out of diskpart by entering"exit" from diskpart prompt.

Now HOW TO INCREASE THE SIZE OF C DRIVE IN WINDOWS 2003 VIRTUAL MACHINE!

As you realized it is easier to extend the size of a D or E (non boot drive) with diskpart utility. But remember that diskpart utility supports only the extension of data partitions. Systems or boot partitions maybe blocked from being extended. You may be able to extend the boot and system partitions into unallocated space but the file system may not be extended, so the computer might stop responding.

But there is a workaround. Lets say you need to extend the size of the C drive from 15 GB to 20 GB on Test1 server. Here is how you do it (after making sure you have a good backup of the entire system and that you have administrator privileges):

• Remove the disk from Test1
• Add the disk from Test1 to another server (lets call this Test2 server)
• Increase the size of the Test1 disk that was imported to Test2.
• Extend the size of the Test1 disk from Test2 disk management console.
• Remove the Test1 disk from Test2 virtual machine.
• Add the Test1 disk back to Test1.

Details of each process below.

Remove the disk from Test1

1. Shut down Test1.
2. Right click Test1 and select "Edit Settings"
3. Select the disk and click on "Remove". MAKE SURE YOU HAVE CHOSEN "Remove from virtual machine" from 'Removal Options'. DO NOT choose "Remove from virtual machine and delete files from disk"
4. Click OK. Remember in which datastore the disk is located because we will need to browse to it when attaching it to a different server.

Add the disk from Test1 to another server (lets call this Test2 server)

1. Right click the other server on which you wish to attach the disk from Test1 and click on "edit settings".
2. Click "Add" --> "hard disk" --> "Use an existing disk". Then browse to the datastore where the disk from Test1 is located. Select the disk from Test1.
3. Click OK. Wait for process to complete.
4. Go to disk management console of Test2 and make sure the disk from Test1 shows up.

Increase the size of the Test1 disk that was imported to Test2.

1. Right click on Test2 and go to "edit settings" console.
2. Select the hard disk from Test1 and increase the size (say to 20 GB from 15 GB).
3. click OK and wait for the process to complete.

Extend the size of the Test1 disk from Test2 disk management console.

1. Go to Test2 disk management console. You will see that the disk from Test1 has an unallocated block right next to it.
2. Open up a command prompt in Test2. ("cmd" from Run)
3. Type "Diskpart" without quotes (looks like --- C:\>Diskpart). This starts up the diskpart utility.
4. Type "list volume" (DISKPART>list volume)
5. Type "select volume x" where x is the number of the volume in concern (example, DISKPART>select volume 2). Make sure you have the correct volume selected by verifying the size of the disk.
6. Type "Extend" (Diskpart>extend). Diskpart will inform that the volume was successfully extended. Exit out of diskpart by typing "exit".
7. Verify that the disk was extended from disk management console of Test2. The disk from Test1 should show the increased size now.

Remove the Test1 disk from Test2 virtual machine

1. Shut down Test2.
2. Right click onf Test2 virtual machine and go to "edit settings" console.
3. Select the disk and click on "Remove". BEFORE YOU DO SO MAKE SURE On 'Removal Options' you have chosen "Remove from virtual machine". DO NOT choose "Remove from virtual machine and delete files from disk"
4. Click OK. Wait for the process to finish.

Add the Test1 disk back to Test1

1. Right click Test1 virtual machine --> Edit settings.
2. Click Add-->Hard Disk --> Use an existing disk
3. Browse to the datastore where the disk from Test1 is located and select the disk.
4. Click OK and wait for the process to complete.
5. Boot up! You now have a C drive with an increase space!!!