I know there are varioud menthods for finding the hotfix installation status, but I felt this as very easy one.

To find the hotfix installation status on local machine:

wmic qfe where hotfixid=”KB958644″ list full

To find on a remote machine:

wmic /node: qfe where hotfixid=”KB958644″ list full

To find on list of machines:

o Place all machines into a text file(machine.txt)
o Run the below batch file

=== File name: get-hotfix-status.bat ===

echo off
for /f “tokens=* delims= ” %a in (test.txt) do wmic/Node:%a qfe where hotfixid=”KB958644″ list full

=== End of file ===

Please comment if you know any better way.

Happy Learning,
Sitaram Pamarthi,

Sometimes we end up clueless while troubleshooting AD related issues. Event log doesn’t say anything and there are no error/warning messages on DC or at client side. To troubleshoot this kind of problems, increasing the Active directory diagnostic logging levels is very helpful. There are 5 levels(0-none, 1-minimal, 2-basic, 3-extensive, 4-verbose, 5-internal) of logging for each of below category and they writes the detailed events to “Directory Services” log of event viewer.

1 Knowledge Consistency Checker (KCC)
2 Security Events
3 ExDS Interface Events
4 MAPI Interface Events
5 Replication Events
6 Garbage Collection
7 Internal Configuration
8 Directory Access
9 Internal Processing
10 Performance Counters
11 Initialization/Termination
12 Service Control
13 Name Resolution
14 Backup
15 Field Engineering
16 LDAP Interface Events
17 Setup
18 Global Catalog
19 Inter-site Messaging
New to Windows Server 2003:
20 Group Caching
21 Linked-Value Replication
22 DS RPC Client
23 DS RPC Server
24 DS Schema

You can refer to http://support.microsoft.com/kb/314980 for more details on how to enable this logging.

Happy Learning..
Sitaram Pamarthi

By default internet explorer allows only two download sessions in parallel which means that you can download only two files at a time and to initate the download of third file, one of your first downloads should be completed/terminated. If you want to have more than two download sessions in IE like firefox, check the below article.
http://support.microsoft.com/kb/282402

~Sitaram Pamarthi

I have come across a nice tool which I felt very useful for home users who wants to exchange their data with each other without the intervention of third party.

The general practices for sharing files with internet friends are sending through e-mail or sharing through some websites. All public sites are not as safe as we think. You can take rapid share site for example. Many search engines are available to search and report rapid share content. Though sharing through mail is very secure, size becomes the limitation here. I know, gmail support upto an attachment size of 25MB.

To make internet users happy, a new free aware called “Gbridge” was introduced by Gbridge LLC. The most impressing thing I found with this is, it’s integration with Gtalk for authentication service. Yes, you read it right. One need to use their gtalk ID for logging into this tool. After login this tool displays all your gtalk contacts and you can perform the following with your gtalk friends.

– Easy desktop Sharing using VNC and RDP(remember, this is not possible in normal scenario because all home internet connections will run under NAT service.)
– Easy file sharing (file transfer will happen from your computer to your friend computer and no other person can see this data in between)
– Chat with friends like you do with Gtalk
– Explore the tool for many more options

I personally felt that, this tool is very useful because of…

o It’s tight integration with Gtalk
o Easy sharing with without a third party intervention.
o Easy remote desktop sharing.

You can read FAQ’s for more clarity and download the tool from here.

Happy Learning…
Sitaram Pamarthi.

Microsoft has made the Exchange 2007 SP1 help file available for download at download center. It is a chm file of 20MB size which covers the following topics..
o Planning and Architecture (includes AD planning and E2K7 roles planning)
o Deployment (covers fresh installations and migrations)
o Operations(covers various administration tasks)
o Very useful troubleshooting tips
o Configuring security and protection in Exchange 2007
o Technical Reference for administrators like me who loves to read some internal stuff. 🙂
o PowerShell commands

I downloaded this and had glimpse at it. I felt that is useful for every one. Hence I wrote this post.
Happy Learning,
Sitaram Pamarthi

I faced few questions in past about the maximum numbers in Active Directory. I managed to findout below and happy to share with you all.

Q1 : Maximum number of objects that can be created in active directory?
A : A little bit less than 2.15 billion.

Q2 : Maximum number of {users & computers & Groups} active directory can have?
A : ~ 1 billion.

Q3 : A user/computer/group can be member of how many groups at a time?
A : ~1,015 groups at max.

Q4 : What is the maximum length for FQDN Active Directory?
A : Should not exceed 64 characters.

Q5 : How big my OU name can be?
A : 64 characters max.

Q6 : What is the maximum no. of GPOs that can be applied to a user or a computer?
A : 999. No surprise..!! This is in place for performance reasons. But don’t relate it with no. of GPOs a Active directory system can have.

Q7 : How many accounts a LDAP transaction can hold?
A : 5000. This you can see when writing scripts. A roll back can happen if this limit is exceeded. Don’t compare it with ADODB objects 1000 limit. Both are different.

Q8 : How many objects a group can hold?
A : M$ hasn’t defined any limit yet. But few production environments proved up to 4 million objects. For windows 2000 active directory the static limit is 5000.

Q9 : Any limits on no. of domains a forest can have?
A : Yes, of course. Recommended Maximum no. of domains in a windows 2003 forest is limited to 1,200 and windows 2000 forest is 800.

Q10: How many Domain Controllers a domain can have?
A : Recommended maximum no. of DCs in a domain is limited to 1,200.

I hope this is informative. Please feel free to make any corrections and new additions.

Reference : http://technet.microsoft.com/en-us/library/cc756101.aspx

You can reach me at sitaram.pamarthi@gmail.com

Happy Learning!!
Sitaram Pamarthi

SBelow code give the last logon time of all users in active directory. Please drop me a mail, if you want any further fine tuning to this script or incase of queries.

I am providing this script without any warranty. Use at your own choice. 🙂

Code:

############# Getlastlogon.vbs ################

on error resume next

Set objConnection = CreateObject(“ADODB.Connection”)
objConnection.Open “Provider=ADsDSOObject;”

Set objCommand = CreateObject(“ADODB.Command”)
objCommand.ActiveConnection = objConnection

objCommand.CommandText = _
“<LDAP://dc=mydomain,dc=com>;” & _
“(&(objectCategory=person)(objectClass=user));” & _
“ADsPath;subtree”

Set objRecordSet = objCommand.Execute

While Not objRecordset.EOF
strADsPath = objRecordset.Fields(“ADsPath”)
Set objUser = GetObject(strADsPath)
set objLogon = objUser.Get(“lastLogonTimestamp”)
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
WScript.Echo “Approx last logon timestamp for ” & strADsPath & intLogonTime + #1/1/1601#
objRecordset.MoveNext
Wend
objConnection.Close
##################################

Note: you can redirect the script output from command prompt to clipboard by using http://www.sitaram-pamarthi.com/2009/01/copy-command-output-to-clip-board.html

Syntax: cscript Getlastlogon.vbs clip

Happy Learning…
Sitaram Pamarthi

Microsoft has released revised version of Active directory domain services(a.k.a AD DS) operations guide for Windows 2008 operating system. This really has some interesting stuff for AD administrators.

Click here to download it.

Happy Learning…
Sitaram Pamarthi