Strategy, Planning and Managing bulk updates to large fleet of Windows Servers 2003-2012

Similar Messages

• Automatic updates maxing out CPU on windows server 2003

  Since this last roll out of updates that have come through I have noticed on my 2003 servers that the automatic update service is maxing out the cpu.  The updates are simple downloading and are set for a deadline, so the updates have not officially
  installed yet. They are all virtual machines running in an VMware environment.  They are Server 2003 SP2 x86 machines. Any suggestions would be appreciated.  When I turn the automatic update service back on the cpu pegs.

  I read that IE and Automatic Updates are correlated and if there is a cumulative update waiting for IE then this can cause the CPU issue.  For me I had IE 6 still on my Windows 2003 servers and I installed this update that came out just recently:
  http://www.microsoft.com/en-us/download/confirmation.aspx?id=41033
  After you install this and reboot, then things settle down and you will see the rest of the updates you've approved in WSUS ready to install (if you have any).  
  I'm pretty sure this will fix it for you.
  Note - just for reference, the KB is KB2888505

• Vb scripts to remove the user from the member of perticular group (say from domain admin) from windows servers 2003 and 2008

  Hi,
  I need VB script which to checks the perticular user in AD and if it exists;that user needs to be removed from the member of perticular group
  Ex:- Lets say
  I have a user 783562 , I need to search this user in AD to verify user exists or not. If not then I no need to remove the mebership from perticular group
  Second scenario:-
  If user exists then I need to remove the user membership from the perticular group.I want to do it in automation
  Manual Path:-
  1.Type dsa.msc in run command of IT session(we using it to connect remote desktop).
  2. Select the domain & right click (EX:-corp.ds.xxyyzz.com) and select "Find" to find the user form the domain.
  3. Type the user name in the Name field and click on "Find Now" button user name will be displayed in search result.
  4. Double click on this user ID and select "Member Of" tab.
  5. Select any member of group from the Name section then click on "Remove" button.
  6. Finally click on "Apply" and "OK" button.
  Kindly help me out to do this by using vb script.
  Thanks
  Raja

  Usage: CScript NameOfVBS.vbs //NOLOGO /User:Jane.Doe /GroupDN:CN=Group1,DC=Contoso,DC=com
  Option Explicit
  On Error Resume Next
  Dim str_User
  Dim str_GroupDN
  Dim obj_Connection
  Dim obj_Command
  Dim obj_RootDSE
  Dim str_DNSDomain
  Dim str_Base
  Dim str_Filter
  Dim str_Attributes
  Dim str_Query
  Dim obj_RecordSet
  Dim obj_Group
  Dim str_ADsPath
  Dim obj_User
  str_User = WScript.Arguments.Named("User")
  str_GroupDN = WScript.Arguments.Named("GroupDN")
  If Len(Trim(str_User)) > 0 And Len(Trim(str_GroupDN)) > 0 Then
  Set obj_Connection = CreateObject("ADODB.Connection")
  Set obj_Command = CreateObject("ADODB.Command")
  obj_Connection.Provider = "ADsDSOOBject"
  obj_Connection.Open "Active Directory Provider"
  Set obj_Command.ActiveConnection = obj_Connection
  Set obj_RootDSE = GetObject("LDAP://RootDSE")
  str_DNSDomain = obj_RootDSE.Get("defaultNamingContext")
  str_Base = "<LDAP://" & str_DNSDomain & ">"
  str_Filter = "(&(objectCategory=person)(sAMAccountName=" & str_User & "))"
  str_Attributes = "cn,ADsPath"
  str_Query = str_Base & ";" & str_Filter & ";" & str_Attributes & ";subtree"
  obj_Command.CommandText = str_Query
  obj_Command.Properties("Page Size") = 1000
  obj_Command.Properties("Timeout") = 1
  obj_Command.Properties("Cache Results") = False
  Set obj_RecordSet = obj_Command.Execute
  obj_RecordSet.MoveFirst
  If obj_RecordSet.RecordCount = 0 Then
  WScript.Echo str_User & " was not found"
  Else
  Set obj_Group = GetObject("LDAP://" & str_GroupDN)
  str_ADsPath = obj_RecordSet.Fields("ADsPath")
  Set obj_User = GetObject(str_ADsPath)
  obj_Group.Remove(obj_User.AdsPath)
  If Err.Number = 0 Then
  WScript.Echo str_User & " was removed from group " & str_GroupDN
  ElseIf Err.Number = -2147016651 Then
  WScript.Echo str_User & " not a member of group " & str_GroupDN
  Else
  WScript.Echo str_User & " error removing from group " & str_GroupDN
  End If
  End If
  End If

• Upgrading from 2k3 to 2k12 planning and Testing

  Hello
  The company I work for planned to upgrade the whole server and client infrastructure to windows server 2k12R2
  And windows 8.1 enterprise in next four months
  The company contain two separate domains [AU and ST] in a single forest and two AD sites [SITE A and SITE P] connected by fiber link, domain AU is a root domain in the forest and currently all DC’s are running on Windows server 2003 X64
  Standard Edition
  SITE A contain the following servers and services:
  Four domain controllers [two from each domain]
  WDS
  WSUS
  RADIUS
  Certificate service
  SITE P contain the following servers and services:
  One Domain controller
  RADIUS server
  Each domain contain a file server witch is hosts about 1TB of data multiple levels of permission has been applied with nested groups
  A couple of years before the company used exchange server as there emailing system but now relay on cloud based emailing system.
  The problem is when previous administrator removed MS exchange they didn’t removed properly it was just like taking the servers offline without paying attention to other aspects .now I want to make sure to evaluate my options and do my
  homework before taking any steps .
  How should I start this process in general?
  Is there any steps to validate AD schema? Active directory replication? Or other checks to verify the integrity of current active directory?
  I planned to virtualize all servers and put them into an isolated network and do my homework on them but I tried this by backing up all servers using acronis and restore the backup on VM’s hosted on hyper-V but I faced a problem called
  USN rollback ! Which Cause all DC’s out of synch. I left this one and used Microsoft P2V to virtualize physical servers and use the .VHD file on VM’s on hyper-v again I faced new kind of problem …they can’t boot properly and it shows a black screen while booting
  Any help or idea ?
  Shad

  Hello,
  there are time differences listed on AUIS\DC-STAF and also on:
   Testing server: AUIS\DC-STUDENT
        Starting test: Connectivity
           * Active Directory LDAP Services Check
           Determining IP4 connectivity
           Failure Analysis: DC-STUDENT ... OK.
           * Active Directory RPC Services Check
           The clock difference between the home server ADC-STAF and target
           server DC-STUDENT is greater than one minute. This may cause Kerberos
           authentication failures. Please check that the time service is working
           properly. You may need to resynchonize the time between these servers.
           ......................... DC-STUDENT passed test Connectivity
  Assure that UDP port 123 is open between the DCs so they can sync with the PDCEmulator DC-Student.
  Also check within DNS according to:
  Starting test: SystemLog
           * The System Event log test
           A warning event occurred.  EventID: 0x00001695
              Time Generated: 09/06/2014   10:01:47
              Event String:
              Dynamic registration or deletion of one or more DNS records associated with DNS domain 'auis.local.' failed.  These records are used by other computers to locate this server as a domain
  controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition). 
              Possible causes of failure include: 
              - TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
              - Specified preferred and alternate DNS servers are not running
              - DNS server(s) primary for the records to be registered is not running
              - Preferred or alternate DNS servers are configured with wrong root hints
              - Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration 
              USER ACTION 
              Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller
  or by restarting Net Logon service on the domain controller.
  The DNS zones should use secure updates only on the zones.
  There are remarks shown about the used IP subnets that are not configured in AD sites and services, so assure all subnets are added and that also the sites contain the DCs for the correct subnet.
  Starting test: SystemLog
           * The System Event log test
           A warning event occurred.  EventID: 0x000016AF
              Time Generated: 09/06/2014   10:16:44
              Event String:
              During the past 4.25 hours there have been 8 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those
  clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above
  clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following
  log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information,
  please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize';
  the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.
  Recommendations for AD sites and services:
  http://technet.microsoft.com/en-us/library/cc755768.aspx
  http://technet.microsoft.com/en-us/library/cc730868.aspx
  http://blogs.technet.com/b/askds/archive/2011/04/29/sites-sites-everywhere.aspx------------------------
  Using FORWARDERS for external DNS servers as 8.8.8.8 is fine BUT remove the internal DNS servers on EACH DNS server.
   TEST: Forwarders/Root hints (Forw)
                    Recursion is enabled
                    Forwarders Information:
  172.30.0.11 (ADC-STAF) [Valid]
                       172.30.0.12 (DC-STUDENT) [Invalid]
                       8.8.8.8 (<name unavailable>) [Valid]
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• In trying to update itunes to version 10.7 I get messages that older versions of "Bonjour" and "Apple Software update" cannot be removed and so the update fails. Itunes works well on my old ipod nano but not on my new ipod touch? Any ideas

  Any ideas as to how I can update an older version of iTunes to at least version 10.7 given the problems I'm having with "bonjour" and the "software update"?

  (1) Download the Windows Installer CleanUp utility installer file (msicuu2.exe) from the following Major Geeks page (use one of the links under the "DOWNLOAD LOCATIONS" thingy on the Major Geeks page):
  http://majorgeeks.com/download.php?det=4459
  (2) Doubleclick the msicuu2.exe file and follow the prompts to install the Windows Installer CleanUp utility. (If you're on a Windows Vista or Windows 7 system and you get aCode 800A0046 error message when doubleclicking the msicuu2.exe file, try instead right-clicking on the msicuu2.exe file and selecting "Run as administrator".)
  (3) In your Start menu click All Programs and then click Windows Install Clean Up. The Windows Installer CleanUp utility window appears, listing software that is currently installed on your computer.
  (4) In the list of programs that appears in CleanUp, select any Apple Software Updateentries and click "Remove", as per the following screenshot:
  Next, select any Bonjour entries and click "Remove", as per the following screenshot:
  (5) Quit out of CleanUp, restart the PC and try another iTunes install using an iTunesSetup.exe (or iTunes64Setup.exe) downloaded from the Apple Website:
  http://www.apple.com/itunes/download/
  Does it go through properly this time?

• I have Firefox 12 on my Windows XP Service Pack 3 system, but some websites, like Gmail, state that I'm using an old browswer and need to update. Help?

  Deleted Firefox 11, cleared cache, installed Firefox 12. When I go to the "About Firefox" tab, it says that I have FF 12 and that no updates are needed.
  Computer: Windows XP 2002 Professional, service pack 3
  Problem: Many websites, including this one, don't see FF 12. Somehow it thinks I'm running FF 3.0 and won't acknowledge the updates. It says I'm running an insecure version and the websites won't work (I'm typing now in IE because I can't submit this form in FF)

  see : [https://support.mozilla.org/en-US/kb/websites-incorrectly-report-firefox-outdated-or-in Websites incorrectly report that Firefox is outdated or incompatible]
  find and try : To reset your user agent (you can see analytical info) in "Other causes" in the above link.
  thank you
  Please mark "Solved" the answer that really solve the problem, to help others with a similar problem.

• BPM and SOA will Support Windows Server 2003 R2 x64

  Hello All -
  Can you please tell me, BPM and SOA Suite (10g and 11g) can support the following Server?
  Windows Server 2003 R2 Standard x64 Edition Service Pack2.
  Thanks in advance.

  Here's where you can find the compatibility matrix for Oracle BPM 10g with platforms, operating systems, JVMs and databases: http://www.oracle.com/technetwork/middleware/bpm/obpm-config-matrix-085247.html#bpms1032
  Getting the same compatibility information for Oracle BPM 11g proves a bit more difficult. The closest I've come to finding a similar list is when I went to http://download.oracle.com/docs/html/E18558_01/fusion_requirements.htm. Sure others will have fond an easier route to the information for 11g.
  Dan

• Adobe Flash Encoder on Windows Server 2003 and SDI inputs

  Has anyone out there successfully installed and run the Adobe
  Flash Encoder on a Windows Server 2003 system?
  Also, will the Flash Encoder accept audio and video sourced
  from an Osprey 2000 capture card using an SDI input?

  Does anyone have any alternate I/O solutions for inputting
  Composite, Component, SDI, XLR? I've beel looking for a rack
  mounted box (preferably) that inputs accepts analog and digital
  formats and outputs a firewire feed that can be input into my Flash
  Media Encoder box (I thought Motu's V4HD fit the bill, but after
  talking to them apparently it will not work...).

• SCCM 2012 Software Update Management for Windows Servers and how to automatic set SCOM maintenance mode?

  Hi,
  We planning to go one level higher to automat and have more dynamic Software Update Management for Windows Servers. We have SCCM 2012 R2, SCOM 2012 R2 and SCO 2012 R2.
  Our plan is to pur server in an AD-Group to get Update Schedule, from the servers will be importet to an Collection for Automatic Update and reboot. If I understand Everything right SCOM can't read AD-Group and put then in an Schedule maintenance mode. SCOM
  can read reg value as exempel.
  IS there any smar way to make the SCOM Maintenance Mode Schedule dynamic?
  I found this
  http://www.scom2k7.com/scom-2012-maintenance-mode-scheduler/?
  /SaiTech

  You could use Orchestrator to put the servers from a specific collection, or AD group, in maintenance mode in SCOM. For an example see:
  http://www.systemcentercentral.com/orchestrator-how-to-scom-maintenance-mode-for-windows-computers-in-an-sccm-collection/
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Problem with bulk update and inheritance

  Employee and Customer are subclasses of Person (strategy "SINGLE_TABLE"). Both are entities.
  I launch a bulk update to modify the salary of all the employees:
  em.getTransaction().begin();
  Query q = em.createQuery("update Employee e set e.salary = 2000");
  int n = q.executeUpdate();
  em.getTransaction().commit();
  In the table PERSON, the column "salary" of all the lines, even the lines of the customers !, is modified to 2000.
  Can you tell me whether it is a bug of TopLink or I have made an error?
  I have used glassfish-persistence-installer-v2-b23.jar to install toplink-essentials.

  I filed a new TopLink bug https://glassfish.dev.java.net/issues/show_bug.cgi?id=1448

• Adobe Reader and Acrobat Pro updates for 11.0.10 being pushed out through SolarWinds Patch Manager are not being recognized as applicable.

  I am trying to update our Adobe Reader and Acrobat Pro to 11.0.10 using the default MSP packages with SolarWinds Patch Manager.  All of the systems keep reporting as 'NOT APPLICABLE'.  All of the workstations have Reader11.0.09, with about 10% still on 11.0.08 (due to the fact that the reader 11.0.09 package only patched about 2/3 of the systems).  All systems that have Acrobat Pro are 11.0.09.
  In SolarWinds I am using the "Adobe Systems, Inc. Packages" node.
  Adobe Systems Acrobat 11 Catalog
  Adobe Systems Reader 11 Catalog
  and the SW Patch Manager downloads the msp's straight from Adobe.
  I have checked the msp's manually and they will update at least back to 11.0.07 in Reader, and 11.0.0 in Acrobat Pro. (I had an old stand alone system that still had Reader 11.0.07, and I did a new install of Pro and went straight to update 11.0.10)
  The SolarWinds Tech said, "Okay. That content is produced by Adobe. Any questions concerning applicability logic or diagnosing why a package reports as NotApplicable when that's not expected would need to be directed to Adobe, as they are solely responsible for that content and its behavior".
  I am new to SolarWinds Patch Manager, and any help or advice would be greatly appreciated.

  It sounds like you are attempting to use the SCUP catalogs outside of the MS solution.  I can almost guarantee you that Adobe didn't test it if it's not referenced in the ETK:  11   SCCM-SCUP — Enterprise Administration Guide
  That being said there "should" be logging available in any deployment solution.   Since I am not familiar with Solar-Winds particular solution I can't say if it logs errors and how verbose those logs might be.    If you have logs then post the output and the forum members "might" be able to assist you.

• How to prevent iTunes for Windows from "Updating iTunes Library"? (Library is on a NAS and managed by iTunes for Mac. Now getting update wars between Mac and Windows versions of the player.

  How to prevent iTunes for Windows from "Updating iTunes Library"?
  My library is on a NAS and managed by iTunes on a Mac. I can connect from wife's Windows laptop using iTunes for Windows but every time I do, it Updates iTunes Library. Next time I log in from my Mac it Updates iTunes Library in return. It appears I'm experiencing "Update Wars" between the Mac and Windows versions of iTunes. I would like to allow my wife to stream iTunes songs to her new laptop but I don't want any updates from this source... prefer to manage the library from my Mac and not allow Windows to do any thing other than listen to existing playlists.
  Thanks for any help/suggestions.

  Connect the PC to the library on the NAS. Wait while "updated".
  Under Edit > Preferences > Advanced make sure the media folder is correctly pointed at the media folder on the NAS. If not correct, close iTunes, wait a few moments, then open iTunes again.
  Close iTunes on the PC. Do not open iTunes on the Mac.
  Copy the library files, iTunes Library.itl, iTunes Library Extras.itdb, iTunes Library Genius.itdb, sentinel and the folder Album Artwork into an empty iTunes folder on the PC, for example C:\iTunes.
  Click the icon to start iTunes and immediately press and hold down SHIFT. Keep holding until prompted to choose or create a library. Click choose and browse to the copied .itl file, e.g. C:\iTunes\iTunes Library.itl
  The library should now work properly on the PC, however check the setting for the media folder. If needs be correct, close iTunes and reopen.
  Open iTunes on the Mac. It will update again, but that should be last time.
  tt2

• Single and strategy plan( What does it means )?

  Hi all,
  Please explain me what does single cycle plan and strategy plan means.
  Following is my requirement.
  ( Since Swedish mills and other units use not only single cycle plans but also strategy plans , sometimes with multiple operations to each maint item,  there is a need for cycle and cycle unit (interval) and work center on operation level on the layout in the report  zpm_huvud.
  There is also a need for maint plan name, plant section and work center (on operation level) as search criteria in the variant. The reason for this is that we use plan name as grouping criteria for multiple objects in rounds. The criteria work center description text should be changed into main work center.
  We also need to be able to sort the answer in the layout in two ways : by functional location or by maintenance plan.
  The plans that have object lists and/or have no operation lists also need to be shown in the report. All text on maintenance plan should be shown in the report )
  Please explain me this with one example...
  Its urgent.
  Thanx in advance,
  Amruta.

  hi
  single cycle plan
  say for example you are planning to replace the bearing of a pump every 500 hrs of ruuning ,you use this plan to generated the maintenance order when the operating hours reaches 500 hrs.
  Stratergy
  In case of DG set there are lot of components to be maintained based on running hours for example for ever 100 hrs filters to be cleaned,every 500 hrs lub oil to be changed.In this case you can use strategy based maintenance plan .you can create 2 operation in the task list and assign to the respective package,so onec the 100 hrs has reached system will create maintenance call object as filters to be changed and in 500 hrs it will say lub oil replacement
  regards
  thyagarajan

• I just updated firefox TODAY 8/17/11 and after the update i can't open firefox unless i restart my computer or i delete going to windows task manager and process, also i can't open a new window, it won't allow it. please can you help me

  I just updated firefox TODAY 8/17/11 and after the update i can't open firefox unless i restart my computer or i delete firefox going to windows task manager and process, also, i can't open a new window, it won't allow it. please help me, everything works on IE, Google Chrome and Safari, everything went wrong after the update

  Hey Elaine07!
  I have an article here that can help you with that issue. This article will help you make sure you have uninstalled iTunes correctly and help you troubleshoot the launch issues you are seeing:
  iTunes for Windows Vista or Windows 7: Troubleshooting unexpected quits, freezes, or launch issues
  http://support.apple.com/kb/ts1717
  Take care, and thanks for visiting the Apple Support Communities.
  -Braden

• I just got a new computer and i still have to use old comp to update and manage apps. how do i switch over to my new comp?

  i got a new comp yet i still have to use my old one to update and manage apps on my iphone 4. how do i switch it over?

  What I do when I get a new computer is the first time I turn it on is use Setup Assistant. Once Setup Assistant has finished doing its thing, the new computer is just like my old one.
  Allan